Bpdu filter on 800 series

Unanswered Question
Feb 2nd, 2009


I'm actually looking for an answer from a cisco moderator or tech :

is there any reason why

spann-tee portfast bpdu-filter is not supported on 800 Series (specially 877/878),even with advipserv IOS 12.4(22T)

Is there any physical hardware limitation or just software?

Our provider shuts down the port with the first bpdu it receives on eth services, although we have lots of 878s, we can't use them.

That'd be great if someone from cisco answers.


I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Yudong Wu Tue, 02/03/2009 - 13:04

Did you configure the physical interface which is connected to your provider as layer 3 interface? I don't think a pure layer 3 interface should send a BPDU. Don't use the port on 4-port switch for the connection to your provider.

ssg14 Tue, 02/03/2009 - 22:30


The main point is it doesn't let you to convert any of those 4-port to a Pure L3 port. (there is no other eth port rather than 4-port switch).

if you have an ethernet connection , you can only put into a vlan and create a vlan int which doesn't solve your problem hence you port is still layer 2 and sends bpdus out.

Please advise.


Yudong Wu Wed, 02/04/2009 - 08:47

Sorry, did not notice you are using 877/878. Only 871 has fastethernet as WAN interface and you can configure it as layer 3.

I checked the feature set of IOS for 870 router and did not find a workaround which can let you block BPDU.

Can you try to disable SPT on that vlan?

ssg14 Wed, 02/04/2009 - 15:58


Thanks for your response,

One Solution is as you said turning of the spanning tree , but the problem is I've turn of spanning tree for what ever VLAN on the device (that may bring other problems)

Anyway thank you , we may probably start using 1800 serise to face that specific carrier.


Yudong Wu Wed, 02/04/2009 - 21:07

Hi Samir, If you create a vlan just for the connection to the provider, it won't hurt anything for you to turn off spanning tree in this vlan since there is only one port in it.


This Discussion