bpdu filter

Answered Question
Jul 16th, 2008
User Badges:
  • Bronze, 100 points or more

hi everybody!

I have a question about bddu filter feature.

According to cisco press book ccnp bcmsn by David hucaby,stp still runs on portfast-enabled port.All portfast-enabled ports have bpdu filter feature automatcically configured.

Then in the very same book i find"

Bpdu is used to disable stp on port basis"

My point is portfast-enabled ports have stp running and bpdu filter option automatically on .Bpdu filter is used to disabled stp on port basis. So it could be deduced from the above "stp is not running on portfast-enabled port because of bpdu filter feature".Am i correct?

thanks alot!

Correct Answer by Francois Tallet about 8 years 9 months ago

This is not correct. You can enable portfast without bpduguard.

Bpduguard can be configured in two different way:

- globally, in config mode. It then applies to all portfast ports (with operational state "on" as I mentioned earlier).

- at the interface level. In that case, it is entirely independent from portfast.

Regards,

Francois

Correct Answer by tdrais about 8 years 9 months ago

This is what you find in the cisco doc


Understanding How PortFast BPDU Filtering Works


BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.


By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.


..............


This goes with what I thought was the default but there has been so much change with spanning tree now that cisco does RST. I wouldn't be surprised if it works different on different models of switches but I have not seen a cisco document that says BPDU filter is on by default.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (4 ratings)
Loading.
Correct Answer
tdrais Wed, 07/16/2008 - 12:58
User Badges:
  • Blue, 1500 points or more

This is what you find in the cisco doc


Understanding How PortFast BPDU Filtering Works


BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.


By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.


..............


This goes with what I thought was the default but there has been so much change with spanning tree now that cisco does RST. I wouldn't be surprised if it works different on different models of switches but I have not seen a cisco document that says BPDU filter is on by default.

sarahr202 Wed, 07/16/2008 - 14:00
User Badges:
  • Bronze, 100 points or more

thanks alot for your reply!

I want to quote from the book ,

ccnp bcmsn official exam certification guide

fourth edition

David Hucaby, ccie no 4594

isbn#1-58720-171-2


chapter# 10 " protecting the spanning tree protocol"

pg# 254


" All ports that have portdast enabled also have bpdu filtering automatically enabled"



my question is if above statement is correct or not.

From your reply, i get the impression bpdu filter can only be enabed on portfast ports.

Am i correct?

thanks alot!

Francois Tallet Wed, 07/16/2008 - 13:12
User Badges:
  • Gold, 750 points or more

STP is still running on portfast enabled ports.

There is an operational state for portfast. This state is "on" when a port configured for portfast is coming up. Now, if a BPDU is received on this port, the operational state goes back to "off". It's as good as if portfast was then disabled on the port.

In any case, STP is running normally on the port. The only differences are that:

- port with portfast enabled go directly to forwarding when coming up.

- port with portfast enabled don't generate topology changes, don't sync and don't flush their cam entries during topology changes.


There is a feature called "bpduguard" that can be enabled globally and that then applies to all the port that have portfast state "on". When a port is configured for bpdu guard, it is err-disabled should it receive a BPDU. That's probably what the book is referring to. This feature is not enabled by default.

Regards,

Francois

sarahr202 Wed, 07/16/2008 - 14:34
User Badges:
  • Bronze, 100 points or more

thanks a alot for your reply Francois.

According to cisco press book ccnp bcmsn guide

" all ports that have portfast enabled also have bpdu guard automatically enabled"

Is it correct or wrong?

Can bpdu guard only be configured for portfast-enabled ports only ?

thanks a alot and have a nice day!

Correct Answer
Francois Tallet Wed, 07/16/2008 - 15:03
User Badges:
  • Gold, 750 points or more

This is not correct. You can enable portfast without bpduguard.

Bpduguard can be configured in two different way:

- globally, in config mode. It then applies to all portfast ports (with operational state "on" as I mentioned earlier).

- at the interface level. In that case, it is entirely independent from portfast.

Regards,

Francois

joecb_sg497 Sun, 10/05/2008 - 19:09
User Badges:

hi francois,


you mentioned that once a portfast port receives a BPDU it will disable the portfast,does it mean the port will NOT go

directly to forwarding? but when i do a lab, i found it still go directly to forwarding, even through "show span inter portfast" tells me the portfast is disabled.



Thks

joe

Francois Tallet Sun, 10/05/2008 - 19:22
User Badges:
  • Gold, 750 points or more

Hi Joe,

With portfast, the port goes forwarding before it has a chance to receive a BPDU. However, BPDUs are exchanged as soon as the link goes up, so I would not be surprised if you performed your show command after a BPDU had already been received. If you have a chance to test this again in your lab, use the "detail" option of the show spanning-tree command to see if a BPDU has indeed been received by the port.

If the port is configured for portfast, does not receive BPDUs and is not "operationally" portfast, then there is a problem.

Regards,

Francois

joecb_sg497 Mon, 10/06/2008 - 18:25
User Badges:

thanks Francois,

i got it.

anyway, any ccie-level switching book to recommend? Kennedy's book is obsolete, do you have passion to write one yourself?


Thks

joe

Francois Tallet Tue, 10/07/2008 - 10:34
User Badges:
  • Gold, 750 points or more

Thanks Joe,

Kennedy's book is the last one I read on the subject, it does not mean that there has been nothing good though, I've not really be checking. I have the passion but not the time (or strength) to write a book. Plus, I doubt an STP book would be a best seller;-)

Regards,

Francois

Jon Marshall Tue, 10/07/2008 - 11:20
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"Plus, I doubt an STP book would be a best seller;-)"


Not sure about that Francois, you might be surprised :-).


Jon

Actions

This Discussion