Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
800
Views
0
Helpful
4
Replies

Spanning-Tree BPDUFilter

mironduplessis
Level 1
Level 1

‎01-16-2007 09:37 AM - edited ‎03-05-2019 01:48 PM

Hi,

Is it recommended to use the Spanning-tree BPDUFilter command on an access port interface or not.

Regards

Miron

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎01-16-2007 10:18 AM

Hi Miron

If you are enabling portfast on your access ports then yes it is recommened that you should enable BPDUFilter as well as BPDUGuard.

HTH

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to Jon Marshall

‎01-16-2007 11:00 AM

Miron,

I assume you mean bpduguard. There's a difference between bpduguard and bpdufilter. When bpduguard is enabled on a port the switch will put the port in err-disable state if it receives a bpdu on the port. Whereas, bpdufilter will stop the port from sending/receiving bpdu and that's like disabling STP on the port. Typically, bpduguard is recommended for access ports.

HTH

Sundar

0 Helpful

mironduplessis
Level 1
Level 1
In response to Jon Marshall

‎01-16-2007 01:34 PM

Hi,

I understand the advantages behind using the filter command but in the event that a device is added to the port like a hub which has the capability of introducing a loop into the network, the addition of the filter command would cause more problems than it solves?

Miron

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to mironduplessis

‎01-16-2007 01:47 PM

Hi Miron

Yes, you have to be careful. Excerpt from cisco doc:-

==========================================

Enabling BPDU Filtering

When you globally enable BPDU filtering on Port Fast-enabled interfaces, it prevents interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering on a switch so that hosts connected to these interfaces do not receive BPDUs. If a BPDU is received on a Port Fast-enabled interface, the interface loses its Port Fast-operational status, and BPDU filtering is disabled.

You can also use the spanning-tree bpdufilter enable interface configuration command to enable BPDU filtering on any interface without also enabling the Port Fast feature. This command prevents the interface from sending or receiving BPDUs.

--------------------------------------------------------------------------------

Caution Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops.

You can enable the BPDU filtering feature if your switch is running PVST+, rapid PVST+, or MSTP.

============================================

So if you have portfast turned on and the switchport receives a BPDU the port disables portfast and bpdu filtering. if it disables portfast then it will now have to go through the spanning tree calculation as far as i understand it.

Where it can be dangerous is if you enable it on a port not running port fast. This in effect turns off spanning tree on that port.

So i would only use it on port fast enabled ports.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card