Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
9
Helpful
9
Replies

BPDU Filter question for BCMSN studies

Go to solution
keeleym
Level 5
Level 5

‎04-09-2008 06:00 AM - edited ‎03-05-2019 10:17 PM

Hi All

Could someone please put me straight about BPDU filtering please?

My study material states the BPDU filtering like BPDU guard should only be configured on ports configured for Portfast. It appears that BPDU filtering and BPDU guard perform much the same function, though when BPDU filtering is configured on a port, that port does not get put into "err-disabled" state when a BPDU is received.

My study material goes on to explain about the different behaviour between BPDU filtering when configured globally and configured on an interface, which I understand.

My study material states that when configured on an interface, BPDU's received on that interface will be quietly ignored (dropped) and no BPDU's will be sent in return. BPDU filtering is presented as a "good" feature which can help prevent a switch becoming the root bridge if it was mischievously or erroneously connected to a interface configured with Port fast & BPDU filtering.

I have also referenced this Cisco document (http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swstpopt.html#wp1046220)

and under the section titled "Understanding BPDU Filtering" it states that "enabling BPDU filtering on an interface is the same as disabling STP on it and it can cause Spanning Tree loops".

This sounds like a warning, however if BPDU filtering is only meant to be used by ports configured with Portfast and ports configured with Portfast are only supposed to link to hosts (Portfast is not supposed to be configured on Trunk links), then where does the possibility of spanning tree loops arise?

And if a switch is mischievously or erroneously connected to a port on my network configured with Portfast and BPDU filtering, then surely it is a good thing that this switch is prevented from becoming the root bridge by design/accident, as my STP topology is protected and remains stable?

Best Regards & TIA,

Michael

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Istvan_Rabai
Level 7
Level 7

‎04-09-2008 06:41 AM

Hi Michael,

Bpdufiltering just disables sending and receiving bpdus on those ports, so the spanning-tree algorithm will not be able to determine if there is a loop in the network.

Those ports will work like there is no stp algorithm at all.

This is why you should enable bpdufiltering only in case if the device connected to the port cannot stand bpdus and you're absolutely sure there is no possibility for loops to form.

Does this answer your question?

Cheers:

Istvan

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Jason Fraioli
Level 3
Level 3

‎04-09-2008 06:35 AM

Michael,

That is the way I understand it to work as well. With bpdufilter enabled, even if a switch was connected to a portfast port, the interface will drop bpdu's.

Go to solution
keeleym
Level 5
Level 5
In response to Jason Fraioli

‎04-09-2008 06:53 AM

Hi Jason

Cheers, thanks for the confirmation.

Best Regards,

Michael.

0 Helpful

Go to solution
Istvan_Rabai
Level 7
Level 7

‎04-09-2008 06:41 AM

Hi Michael,

Bpdufiltering just disables sending and receiving bpdus on those ports, so the spanning-tree algorithm will not be able to determine if there is a loop in the network.

Those ports will work like there is no stp algorithm at all.

This is why you should enable bpdufiltering only in case if the device connected to the port cannot stand bpdus and you're absolutely sure there is no possibility for loops to form.

Does this answer your question?

Cheers:

Istvan

0 Helpful

Go to solution
keeleym
Level 5
Level 5
In response to mohammedmahmoud

‎04-09-2008 06:57 AM

Hi Mohammed

Thank you for your input and the link, which was really helpful.

Best Regards,

Michael

0 Helpful

Go to solution
mohammedmahmoud
Level 11
Level 11
In response to keeleym

‎04-09-2008 07:03 AM

Hi Michael,

Thank you and you are very welcomed.

BR,

Mohammed Mahmoud.

0 Helpful

Go to solution
keeleym
Level 5
Level 5
In response to Istvan_Rabai

‎04-09-2008 06:52 AM

Hi Istvan

Yet again thank you for your swift response. Yes that pretty much answers my question.

Best Regards,

Michael

0 Helpful

Go to solution
Istvan_Rabai
Level 7
Level 7
In response to keeleym

‎04-09-2008 07:30 AM

Hi Michael,

I'm glad I was helpful for you.

Cheers:

Istvan

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10

‎04-09-2008 06:51 AM

Michael,

This is how I understand it:-

BPDU Guard = if a port recevies a BPDU from another switch device or you have created a loop then the switch will close the port in a "err-disabled" state on a portfast enabled port.

BPDU Filter = ignores/does not send any BPDU's on any portfast enabled port.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card