07-16-2008 12:36 PM - edited 03-06-2019 12:14 AM
hi everybody!
I have a question about bddu filter feature.
According to cisco press book ccnp bcmsn by David hucaby,stp still runs on portfast-enabled port.All portfast-enabled ports have bpdu filter feature automatcically configured.
Then in the very same book i find"
Bpdu is used to disable stp on port basis"
My point is portfast-enabled ports have stp running and bpdu filter option automatically on .Bpdu filter is used to disabled stp on port basis. So it could be deduced from the above "stp is not running on portfast-enabled port because of bpdu filter feature".Am i correct?
thanks alot!
Solved! Go to Solution.
07-16-2008 12:58 PM
This is what you find in the cisco doc
Understanding How PortFast BPDU Filtering Works
BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.
By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.
..............
This goes with what I thought was the default but there has been so much change with spanning tree now that cisco does RST. I wouldn't be surprised if it works different on different models of switches but I have not seen a cisco document that says BPDU filter is on by default.
07-16-2008 03:03 PM
This is not correct. You can enable portfast without bpduguard.
Bpduguard can be configured in two different way:
- globally, in config mode. It then applies to all portfast ports (with operational state "on" as I mentioned earlier).
- at the interface level. In that case, it is entirely independent from portfast.
Regards,
Francois
07-16-2008 12:58 PM
This is what you find in the cisco doc
Understanding How PortFast BPDU Filtering Works
BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.
By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.
..............
This goes with what I thought was the default but there has been so much change with spanning tree now that cisco does RST. I wouldn't be surprised if it works different on different models of switches but I have not seen a cisco document that says BPDU filter is on by default.
07-16-2008 02:00 PM
thanks alot for your reply!
I want to quote from the book ,
ccnp bcmsn official exam certification guide
fourth edition
David Hucaby, ccie no 4594
isbn#1-58720-171-2
chapter# 10 " protecting the spanning tree protocol"
pg# 254
" All ports that have portdast enabled also have bpdu filtering automatically enabled"
my question is if above statement is correct or not.
From your reply, i get the impression bpdu filter can only be enabed on portfast ports.
Am i correct?
thanks alot!
07-16-2008 01:12 PM
STP is still running on portfast enabled ports.
There is an operational state for portfast. This state is "on" when a port configured for portfast is coming up. Now, if a BPDU is received on this port, the operational state goes back to "off". It's as good as if portfast was then disabled on the port.
In any case, STP is running normally on the port. The only differences are that:
- port with portfast enabled go directly to forwarding when coming up.
- port with portfast enabled don't generate topology changes, don't sync and don't flush their cam entries during topology changes.
There is a feature called "bpduguard" that can be enabled globally and that then applies to all the port that have portfast state "on". When a port is configured for bpdu guard, it is err-disabled should it receive a BPDU. That's probably what the book is referring to. This feature is not enabled by default.
Regards,
Francois
07-16-2008 02:34 PM
thanks a alot for your reply Francois.
According to cisco press book ccnp bcmsn guide
" all ports that have portfast enabled also have bpdu guard automatically enabled"
Is it correct or wrong?
Can bpdu guard only be configured for portfast-enabled ports only ?
thanks a alot and have a nice day!
07-16-2008 03:03 PM
This is not correct. You can enable portfast without bpduguard.
Bpduguard can be configured in two different way:
- globally, in config mode. It then applies to all portfast ports (with operational state "on" as I mentioned earlier).
- at the interface level. In that case, it is entirely independent from portfast.
Regards,
Francois
10-05-2008 07:09 PM
hi francois,
you mentioned that once a portfast port receives a BPDU it will disable the portfast,does it mean the port will NOT go
directly to forwarding? but when i do a lab, i found it still go directly to forwarding, even through "show span inter portfast" tells me the portfast is disabled.
Thks
joe
10-05-2008 07:22 PM
Hi Joe,
With portfast, the port goes forwarding before it has a chance to receive a BPDU. However, BPDUs are exchanged as soon as the link goes up, so I would not be surprised if you performed your show command after a BPDU had already been received. If you have a chance to test this again in your lab, use the "detail" option of the show spanning-tree command to see if a BPDU has indeed been received by the port.
If the port is configured for portfast, does not receive BPDUs and is not "operationally" portfast, then there is a problem.
Regards,
Francois
10-06-2008 06:25 PM
thanks Francois,
i got it.
anyway, any ccie-level switching book to recommend? Kennedy's book is obsolete, do you have passion to write one yourself?
Thks
joe
10-07-2008 10:34 AM
Thanks Joe,
Kennedy's book is the last one I read on the subject, it does not mean that there has been nothing good though, I've not really be checking. I have the passion but not the time (or strength) to write a book. Plus, I doubt an STP book would be a best seller;-)
Regards,
Francois
10-07-2008 11:20 AM
"Plus, I doubt an STP book would be a best seller;-)"
Not sure about that Francois, you might be surprised :-).
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: