Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is bpdu filter enable best practice for access ports with portfast

Hi,

Could someone please confirm if applying bpdu filter enable on access ports with portfast enabled is best practice?

Thanks

Darren

3 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Is bpdu filter enable best practice for access ports with po

BPDU guard will error disable the port if it detect BPDU (another switch).

BPDU filter will turn off portfast if it detect BPDU.

If a BPDU is received on a Port Fast-enabled  interface, the interface loses its Port Fast-operational status, and  BPDU filtering is disabled.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swstpopt.html#wp1095752

HTH,

jerry

Hall of Fame Super Gold

Re: Is bpdu filter enable best practice for access ports with po

Personally, for an access port, I'd go for STP portfast and BPDU Guard enabled.  For trunk ports I have both disabled.

Hall of Fame Super Silver

Re: Is bpdu filter enable best practice for access ports with po

Hello Darren,

>> Could someone please confirm if applying bpdu filter enable on access ports with portfast enabled is best practice?

No it isn't, use bpdu guard + portfast it is more safe.

if you make a search in the forums you will find several issues caused by bpdu filter (possible bridging loops)

Hope to help

Giuseppe

6 REPLIES
Cisco Employee

Re: Is bpdu filter enable best practice for access ports with po

Depend on your company's policy. If you want the port to be hard down when someone plug a switch into a portfast enabled port, then you should use bpdu guard. If your policy is to allow switch into portfast enabled port, then bpdu filter is a better approach.

HTH,

jerry

New Member

Re: Is bpdu filter enable best practice for access ports with po

I thought you could use both. BPDU guard to protect a port if it receives a BPDU so error disables the port.

Then BPDU filter simply to stop sending BPDU's from the port.

Cisco Employee

Re: Is bpdu filter enable best practice for access ports with po

BPDU guard will error disable the port if it detect BPDU (another switch).

BPDU filter will turn off portfast if it detect BPDU.

If a BPDU is received on a Port Fast-enabled  interface, the interface loses its Port Fast-operational status, and  BPDU filtering is disabled.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swstpopt.html#wp1095752

HTH,

jerry

Hall of Fame Super Gold

Re: Is bpdu filter enable best practice for access ports with po

Personally, for an access port, I'd go for STP portfast and BPDU Guard enabled.  For trunk ports I have both disabled.

Hall of Fame Super Silver

Re: Is bpdu filter enable best practice for access ports with po

Hello Darren,

>> Could someone please confirm if applying bpdu filter enable on access ports with portfast enabled is best practice?

No it isn't, use bpdu guard + portfast it is more safe.

if you make a search in the forums you will find several issues caused by bpdu filter (possible bridging loops)

Hope to help

Giuseppe

New Member

Re: Is bpdu filter enable best practice for access ports with po

Many thanks for everyone's replies. A CCIE engineer recently came and configured two Nexus 7000 switches for us and applied the spanning-tree bpduguard enable and spanning-tree bpdufilter enable on every access port which I found strange. Now I have confirmation I will remove the spanning-tree bpdufilter command from the access ports.

3426
Views
10
Helpful
6
Replies
CreatePlease to create content