cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
914
Views
9
Helpful
10
Replies

bpdu filter

sarahr202
Level 5
Level 5

hi everybody!

I have a question about bddu filter feature.

According to cisco press book ccnp bcmsn by David hucaby,stp still runs on portfast-enabled port.All portfast-enabled ports have bpdu filter feature automatcically configured.

Then in the very same book i find"

Bpdu is used to disable stp on port basis"

My point is portfast-enabled ports have stp running and bpdu filter option automatically on .Bpdu filter is used to disabled stp on port basis. So it could be deduced from the above "stp is not running on portfast-enabled port because of bpdu filter feature".Am i correct?

thanks alot!

2 Accepted Solutions

Accepted Solutions

tdrais
Level 7
Level 7

This is what you find in the cisco doc

Understanding How PortFast BPDU Filtering Works

BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.

By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.

..............

This goes with what I thought was the default but there has been so much change with spanning tree now that cisco does RST. I wouldn't be surprised if it works different on different models of switches but I have not seen a cisco document that says BPDU filter is on by default.

View solution in original post

This is not correct. You can enable portfast without bpduguard.

Bpduguard can be configured in two different way:

- globally, in config mode. It then applies to all portfast ports (with operational state "on" as I mentioned earlier).

- at the interface level. In that case, it is entirely independent from portfast.

Regards,

Francois

View solution in original post

10 Replies 10

tdrais
Level 7
Level 7

This is what you find in the cisco doc

Understanding How PortFast BPDU Filtering Works

BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.

By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.

..............

This goes with what I thought was the default but there has been so much change with spanning tree now that cisco does RST. I wouldn't be surprised if it works different on different models of switches but I have not seen a cisco document that says BPDU filter is on by default.

thanks alot for your reply!

I want to quote from the book ,

ccnp bcmsn official exam certification guide

fourth edition

David Hucaby, ccie no 4594

isbn#1-58720-171-2

chapter# 10 " protecting the spanning tree protocol"

pg# 254

" All ports that have portdast enabled also have bpdu filtering automatically enabled"

my question is if above statement is correct or not.

From your reply, i get the impression bpdu filter can only be enabed on portfast ports.

Am i correct?

thanks alot!

Francois Tallet
Level 7
Level 7

STP is still running on portfast enabled ports.

There is an operational state for portfast. This state is "on" when a port configured for portfast is coming up. Now, if a BPDU is received on this port, the operational state goes back to "off". It's as good as if portfast was then disabled on the port.

In any case, STP is running normally on the port. The only differences are that:

- port with portfast enabled go directly to forwarding when coming up.

- port with portfast enabled don't generate topology changes, don't sync and don't flush their cam entries during topology changes.

There is a feature called "bpduguard" that can be enabled globally and that then applies to all the port that have portfast state "on". When a port is configured for bpdu guard, it is err-disabled should it receive a BPDU. That's probably what the book is referring to. This feature is not enabled by default.

Regards,

Francois

thanks a alot for your reply Francois.

According to cisco press book ccnp bcmsn guide

" all ports that have portfast enabled also have bpdu guard automatically enabled"

Is it correct or wrong?

Can bpdu guard only be configured for portfast-enabled ports only ?

thanks a alot and have a nice day!

This is not correct. You can enable portfast without bpduguard.

Bpduguard can be configured in two different way:

- globally, in config mode. It then applies to all portfast ports (with operational state "on" as I mentioned earlier).

- at the interface level. In that case, it is entirely independent from portfast.

Regards,

Francois

hi francois,

you mentioned that once a portfast port receives a BPDU it will disable the portfast,does it mean the port will NOT go

directly to forwarding? but when i do a lab, i found it still go directly to forwarding, even through "show span inter portfast" tells me the portfast is disabled.

Thks

joe

Hi Joe,

With portfast, the port goes forwarding before it has a chance to receive a BPDU. However, BPDUs are exchanged as soon as the link goes up, so I would not be surprised if you performed your show command after a BPDU had already been received. If you have a chance to test this again in your lab, use the "detail" option of the show spanning-tree command to see if a BPDU has indeed been received by the port.

If the port is configured for portfast, does not receive BPDUs and is not "operationally" portfast, then there is a problem.

Regards,

Francois

thanks Francois,

i got it.

anyway, any ccie-level switching book to recommend? Kennedy's book is obsolete, do you have passion to write one yourself?

Thks

joe

Thanks Joe,

Kennedy's book is the last one I read on the subject, it does not mean that there has been nothing good though, I've not really be checking. I have the passion but not the time (or strength) to write a book. Plus, I doubt an STP book would be a best seller;-)

Regards,

Francois

"Plus, I doubt an STP book would be a best seller;-)"

Not sure about that Francois, you might be surprised :-).

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: