Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3386
Views
5
Helpful
11
Replies

BPDU Filter v/s BPDU Guard

Harmeet Singh
Level 1
Level 1

‎02-08-2012 06:21 AM - edited ‎03-07-2019 04:48 AM

I know all the configuration difference between BPDU Filter and BPDU Guard.I also know about their functions of both. I read every where that whan we enable Filter on a PORT, it stop send and receive BPDU. In that case if a end device user attach a switch at that port, a loop can occur because STP is disable on that port (BPDU does not exchange). When we enable it on Global mode it impliment only on port fast ports. When a end user attach a switch on that port BPDU will come on that port and port fast will disable and Filter will disable. Now switch can enter in STP and can change The STP. If it is harmfull for network then why we use it on end device user port. I want to know that where should we use BPDU Filter and where BPDU guared in live project for better result. Please explain with example

Thanx

Labels:
0 Helpful
11 Replies 11

JohnTylerPearce
Level 7
Level 7

‎02-08-2012 06:46 AM

Well, I have all my access ports configured with BPDU Guard, so in case someone sets up a switch, or some sort of software switch, the port will detect the BPDUs and kill them. I've always thought of bpdu filter as killing spanning tree on the specific port. In other words, it prevents BPDUs from being sent.

It also tells the port not to listen to received bpdus as well.

0 Helpful

Harmeet Singh
Level 1
Level 1
In response to JohnTylerPearce

‎02-08-2012 07:06 AM

I am also clear with BPDU Guard. But confused for Filter because it is harmfull for network in both case as i discussed above. (Port configuration and global configuration). Where should we use filter for network benifit?

0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to Harmeet Singh

‎02-08-2012 07:12 AM

BPDU Filtering at the global level will work with Portfast interfaces, and simply kick them out of portfast if a BPDU is received.

BPDU Filtering configured on the interface level will COMPLETELY stop send/receive BPDU, and if you plug in two switches then you may have a loop because they don't 'see' each other as a problem.

0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to JohnTylerPearce

‎02-08-2012 07:13 AM

IMO, just stick for bpduguard on access port interfaces. Also, don't worry about using an errdisable for those as well, it kind of defeats the purpose.

0 Helpful

jimmysands73_2
Level 5
Level 5
In response to JohnTylerPearce

‎02-08-2012 07:18 AM

Can anyone describe a practical application (real world)  where we would want to use bpdufilter (globally and on a per port basis)?    Reading over text I can only see potential loops when using filtering vs guard....but maybe my glasses are dirty lol.

Thanks

0 Helpful

rsimoni
Cisco Employee
Cisco Employee
In response to jimmysands73_2

‎02-08-2012 07:39 AM

BPDU filter is useful on SP implementations when you deal with different STP domains.

Or with DCi you might want to filter BPDUs going from one site to the other.

What we all agree upon is that on 'standard' switched networks there is little use of bpdu filtering. As a matter of fact it can cause more issues than other since it just potentially 'hides' switches.

Riccardo

Harmeet Singh
Level 1
Level 1
In response to rsimoni

‎02-08-2012 08:01 AM

I read in CCNP Official Certification Guide that, ''You always should allow STP to run on a switch to prevent loops. However, in special cases when you need to prevent BPDUs from being sent or processed on one or more switch ports, you can use BPDU filtering to effectively disable STP on those ports.'' What are the special cases here.

Please explain these special cases with real world example.

0 Helpful

JohnTylerPearce
Level 7
Level 7
In response to Harmeet Singh

‎02-08-2012 08:25 AM

What Riccardo said is a real world example. If you are a Service Provider, and you deal with different customer STP domains, you generally do not want that port to send or accept BPDUs. If it did, Customer A could had a better BPDU than the root switch within the SP and, the SP would then have to change its spanning tree topology, to accept the fact that the root switch on Customer A is the root switch for the Service Provider STP domain.

0 Helpful

jimmysands73_2
Level 5
Level 5
In response to JohnTylerPearce

‎02-08-2012 08:31 AM

Wouldnt root guard cover that scenario?

0 Helpful

Harmeet Singh
Level 1
Level 1
In response to JohnTylerPearce

‎02-08-2012 09:14 AM

Hey Johan,

If SP configure Filter on global mode then it will be disable as a bpdu will receive on that port and change SP's STP. And if on interface mode then STP will be dissabled and custemer switch enter in SP network and can generate loops. Then what is the use of Filter?

0 Helpful

jimmysands73_2
Level 5
Level 5
In response to Harmeet Singh

‎02-08-2012 10:26 PM

This is a good article I found on subject and example while browsing on CLN:

http://ieoc.com/forums/p/15048/129826.aspx

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card