09-14-2010 03:38 AM - edited 03-06-2019 12:57 PM
Hi
I dont know if this is the correct forum to discuss and appologize if mistakenly posted.
In a ciscopress switching book "BPDU Filtering" section it stated:
" BPDUs are sent on all switch ports—even ports where PortFast has been enabled."
Few lines below its says:
"Switch(config)# spanning-tree portfast bpdufilter default"
"All ports that have PortFast enabled also have BPDU filtering automatically enabled."
Its really confusing if BPDU Filtering is automatically enabled on ports that has PortFast enabled than how come BPDU's are sent on Ports with PortFast enabled.
I would appreciate anyone can explain the difference.
Best Regards.
SALI
09-14-2010 03:47 AM
Hi Syed,
Portfast ports do not have bpdufilter enabled by default,
you need to put global command ...
(config)# spanning-tree portfast bpdufilter default
to make bpdufilter happen by default on a portfast port.
If you have a specific interface and enable portfast eg...
int gi x/x
spanning-tree portfast
bpdufilter will not be enabled on it , (if you dont have the previous Global command mentional above set up)
note you can have globally portfast set up without bpdufilter using..
(config)# spanning-tree portfast default
hope that helps.
09-14-2010 03:54 AM
Hello Sali,
You are in the correct forum and you are welcome.
You have to differentiate very well between PortFast and BPDU Filtering. They are in their essence two independent things. The PortFast makes your port an edge port - it is allowed to rapidly transition to the Forwarding state. However, a PortFast port still sends and receives BPDU, and should another switch be mistakenly connected to a PortFast-enabled port, the port will lose its PortFast status until disconnected and will behave like any other internal switched port governed by STP.
The BPDU Filter prevents BPDUs from being received and sent through a switchport. Its behavior, however, depends on how it is configured.
It is slightly confusing, I admit.
Best regards,
Peter
09-14-2010 06:17 AM
Syed,
Just to add something to the two great answers. BPDU filtering essentially disables Spanning-tree on the ports it is configured on so if someone does connect a switch to a port and causes a loop it may not pick that up and would cause issues. If you enable that you must make certain that a device that could cause a loop is not added. A better alternative would be to enable BPDU Guard as that would shut down a port that someone connected a switch that should not be there and would prevent loops.
Mike
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: