Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Implication of removing portfast,bpduguard from production switch

Hi,

Folks, I have a number of switches and ports configured as shown below. Request is that I should remove such portfast and stp bpduguard and bpdufilter configurations from production switches.

Question:

My concern is that such switches are live, critical and I have a bunch of live hosts connected to it.

Do you see any potential issue that could be triggered when removing configuration below? I just want to confirm.

!

interface FastEthernet0/1

switchport mode access

no keepalive

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

!

2 ACCEPTED SOLUTIONS

Accepted Solutions
Purple

Re: Implication of removing portfast,bpduguard from production s

If any of these ports are user devices I don't think you want to turn off portfast. This can cause dhcp issues or any device that has to boot off of something on the network.What did they give as the reason to turn them off . Normally you do not want to run bpdufilter and bpduguard at the same time so maybe thats the issue .

Bronze

Re: Implication of removing portfast,bpduguard from production s

If your network is connected to an ethernet based ISP network you would not want your Spanning Tree to be influenced by the ISP Spaning Tree and vice versa. In that case both you and the ISP will put bpdufilter on the interface that interconnects you.

HTH

5 REPLIES
Purple

Re: Implication of removing portfast,bpduguard from production s

If any of these ports are user devices I don't think you want to turn off portfast. This can cause dhcp issues or any device that has to boot off of something on the network.What did they give as the reason to turn them off . Normally you do not want to run bpdufilter and bpduguard at the same time so maybe thats the issue .

Hall of Fame Super Blue

Re: Implication of removing portfast,bpduguard from production s

Marlon

I think Glen is spot on with this. Turning off portfast can create problems with devices that need "immediate" network connectivity. In addition BPDUGuard is also a very useful feature to enable on a port where you do not expect to see any BPDUs.

Is there any reason you need to remove these ?

Jon

Hall of Fame Super Silver

Re: Implication of removing portfast,bpduguard from production s

Hello Marlon,

I agree with Glen and Jon.

I would remove only

spanning-tree bpdufilter enable

as explained in other thread of yours it is not the right tool for this kind of ports.

I think that removing STP portfast making a port a normal port can trigger a Topology change notification that causes STP recalculation.

to do this on multiple ports triggers a series of STP recalculations.

It is probably better to discuss again about the objectives of this action.

Hope to help

Giuseppe

New Member

Re: Implication of removing portfast,bpduguard from production s

I totally agree. I asked folks around it sounds like that was just a misperception about problems.

Curiosity:

Can someone clarify in which specific scenario 'bpdufilter' would be used?

I read the documentation and I understand the effect of bpdufilter, but to this point I have not seen an example on where I could use it.

Bronze

Re: Implication of removing portfast,bpduguard from production s

If your network is connected to an ethernet based ISP network you would not want your Spanning Tree to be influenced by the ISP Spaning Tree and vice versa. In that case both you and the ISP will put bpdufilter on the interface that interconnects you.

HTH

397
Views
0
Helpful
5
Replies