How to filter unwanted BPDU messages from customer equipment which is connected to Cisco switch port working in trunk or dot1q tunnel mode.
Lot of Cisco manuals write only about using BPDUFilter feature on access node, but no information if it possible to use BPDU Filter on ports working in trunk or dot1Q tunnel mode.
Example customer switch connected to network switch trunk port. Default Native Vlan 1 and e.g 3 normal VLAN 100,101,102. I would like port to be blocked if it receive BPDU on native VLAN, or on some normal VLAN (100,101,102). The same question related to situation, when network switch port working in dot1q mode.
If it possible to implement BPDU filtering in this siuation.
Switch Cisco3560, SW 12.2(25) SEE3
from the config guide for your switch and release
When a port is configured as an IEEE 802.1Q tunnel port, spanning-tree bridge protocol data unit (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) is automatically disabled on the interface.
This is correct because the objective of 802.1 Q in Q is a L2 transport service without interaction with the customer network.
I understand your concerns but in the case of 802.1Q tunnel ports you get the BPDU filtering automatically.
When the port is a trunk port I would consider the usage of root guard: bpdu filtering can be dangerous in a redundant topology.
Hope to help