I expect your help in understanding the logic behind BPDU FILTER. I understood that BPDU FILTER configured port will not send or receive BPDUs. If any BPDU packet is received on the BPDU FILTER configured port, the port will leave the PORT FAST state and start processing the STP and BPDU FILTER will be disabled (Send & Receive BPDUs) at that moment
1. Shall I assume that BPDU FILTER is useful only for scenarios where BPDU should not be sent out of the PORTFAST enabled ports. Any way it is going to lose its state upon receiving the BPDUs, we donot have control on receiving BPDUs.
2. Having been said that, BPDU FILTER configured ports will not receive BPDUs, I observered that when BPDU Packets are received on the port, the port start processing BPDU and becomes Normal Port leaving the PORT-FAST state
I hope the explanation is clear for your understanding. Thanks in advance
Thanks for your sharing the concepts with me.
Shall I understand in this way:
BPDU FILTER will behave differently when it is applied along with PORT FAST (Global Configuration) and when it is applied as separate command (Interface command).
When applied with PORTFAST, it will not create problem upon receiving BPDU as it is going to remove the PORTFAST capability of the port and STP Process will start and thus STP will take care of the Loop prevention mechanism
When applied as individual command inside an Interface, It neither send nor receive BPDUs and thus chances for loop is ample.
Please let me know your views if any
Yes you are understanding is right for global enable and when enabled at interface level.
BPDU filter can be configured globally or under the interface level. When configured globally all portfast enabled ports stop sending and receiving BPDUs, but if a BPDU is received on the port it gets out of the portfast state and normally participate in the spanning tree calculations.
Enabling BPDU filtering in the interface level stops sending or receiving BPDU on this interface; this is the same as disabling spanning tree on the interface. This is a risky choice unless you are sure that no switch can ever be connected to this port.
Hope to help