Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
884
Views
0
Helpful
1
Replies

Port Fast and BPDU Filtering

sourabh1000_2
Level 1
Level 1

‎12-05-2009 10:11 PM - edited ‎03-04-2019 06:53 AM

Dear All,

1) Port Fast Feature:

i read about port fast, it says that enable STP port fast on access port where PCs or servers are connected causes forwarding state immediately bypassing listening and learning state, but confusion is that how that port will become in forwarding state whereas PC is connected..

please clarify me ASAP..

2) BPDU Filtering Feature:

when i read about this feature in BCMSN book, it says that in first para that it prevents switches from sending BPDUs on portfast enabled interfaces, portfast enabled interfaces connected to PCs hence dont participate in STP and drops the reced BPDUs

and next immediate para says that if globally enabled, switch changes the interface back to normal STP operation if the port receves BPDU on the respective interface. if portfast enabled interface receives a BPDU, it immediately loses its portfast status with BPDU filtering enabled.

also its says : CAUTION::: config of BPDU filtering on a port connected to another switch may results in a bridging loop, use caution when deploying  BPDU filtering. BPDU filtering is not a recommended config

what all does this means all about?

please help me!

Thanks and Regards,

sourabh

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-05-2009 11:48 PM

Hello Sourabth,

the question of STP portfast and BPDU filtering has been discussed many times in the forums.

I and others think that BPDU guard is the right tool to be used on access layer switches on an enterprise network.

Sending STP BDPUs out an access port is not a problem: they are discarded by PC NICs or router interfaces with no problems.

It is a problem to have switch ports that doesn't send out BPDUs because if by an accident two ports are connected with a cable, even in the same switch, there is no way for the involved devices to detect this and a bridging loop forms.

BPDU guard behaves in the opposite way: it allows BPDUs to be sent out the port but if any BPDU is received the port is placed in error disabled state.

This makes BPDU guard the right tool for access ports and to detect user inserted unmanaged switches: end users always try to add lan ports on their own instead of asking for more ports from ICT people.

There are also many threads of colleagues that had troubles with BDPU filtering used on access layer devices that caused (un)expected bridging loops.

I think that BDPU filtering has been introduced first and it has been listed as a security feature. I have some older IOS based switches that support BPDU filter and don't support BPDU guard.

However, we haven't enabled STP bpdu filter on any port and we use bpdu guard + storm control 1% on all devices that support these features.

I think BPDU filter can be useful for a L2 service provider that doesn't want to join its spanning-tree domain with that of its customers.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card