Solved: Implication of removing portfast,bpduguard from production switch

news2010a · ‎06-10-2009

Hi,

Folks, I have a number of switches and ports configured as shown below. Request is that I should remove such portfast and stp bpduguard and bpdufilter configurations from production switches.

Question:

My concern is that such switches are live, critical and I have a bunch of live hosts connected to it.

Do you see any potential issue that could be triggered when removing configuration below? I just want to confirm.

!

interface FastEthernet0/1

switchport mode access

no keepalive

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

!

glen.grant · ‎06-10-2009

If any of these ports are user devices I don't think you want to turn off portfast. This can cause dhcp issues or any device that has to boot off of something on the network.What did they give as the reason to turn them off . Normally you do not want to run bpdufilter and bpduguard at the same time so maybe thats the issue .

View solution in original post

iyde · ‎06-12-2009

If your network is connected to an ethernet based ISP network you would not want your Spanning Tree to be influenced by the ISP Spaning Tree and vice versa. In that case both you and the ISP will put bpdufilter on the interface that interconnects you.

HTH

View solution in original post

glen.grant · ‎06-10-2009

If any of these ports are user devices I don't think you want to turn off portfast. This can cause dhcp issues or any device that has to boot off of something on the network.What did they give as the reason to turn them off . Normally you do not want to run bpdufilter and bpduguard at the same time so maybe thats the issue .

Jon Marshall · ‎06-10-2009

Marlon

I think Glen is spot on with this. Turning off portfast can create problems with devices that need "immediate" network connectivity. In addition BPDUGuard is also a very useful feature to enable on a port where you do not expect to see any BPDUs.

Is there any reason you need to remove these ?

Jon

Giuseppe Larosa · ‎06-10-2009

Hello Marlon,

I agree with Glen and Jon.

I would remove only

spanning-tree bpdufilter enable

as explained in other thread of yours it is not the right tool for this kind of ports.

I think that removing STP portfast making a port a normal port can trigger a Topology change notification that causes STP recalculation.

to do this on multiple ports triggers a series of STP recalculations.

It is probably better to discuss again about the objectives of this action.

Hope to help

Giuseppe

news2010a · ‎06-12-2009

I totally agree. I asked folks around it sounds like that was just a misperception about problems.

Curiosity:

Can someone clarify in which specific scenario 'bpdufilter' would be used?

I read the documentation and I understand the effect of bpdufilter, but to this point I have not seen an example on where I could use it.

iyde · ‎06-12-2009

If your network is connected to an ethernet based ISP network you would not want your Spanning Tree to be influenced by the ISP Spaning Tree and vice versa. In that case both you and the ISP will put bpdufilter on the interface that interconnects you.

HTH