Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BPDU-STP Discrpancy - Help Please - spanning-tree portfast bpduguard

Hi,

I get this discrepancy report by the CicoWorks saying that BPDU-STP is disabled on ports (all te ports on my switch). I have seen a document on this and how to enable this Spanning Tree feature but I am not really sure if I need to do this or not? what is the benefit in having or not having this feature enabled? if enabled, then, wont I get into the port disabling and traffic disrruption business? understanding that there is a time out feature available as well.

Thx,

Masood

1 ACCEPTED SOLUTION

Accepted Solutions

Re: BPDU-STP Discrpancy - Help Please - spanning-tree portfast b

Hi Masood,

**** so in general, would it be a good idea/practice to have it enabled on all of my switches across my network? or specific justification is needed for enabling? ****

Yes, In geneeral it would be a good idea to have it enabled on your switches if you have portfast configured on the switchports. Remember, it is only designed for ports with STP portsfast enabled.

As such you dont require any specific justification for enabling it.

HTH, Please rate if it does.

Regards,

-amit singh

3 REPLIES

Re: BPDU-STP Discrpancy - Help Please - spanning-tree portfast b

Hi Masood.

STP BPDUGuard is used only on the ports which are set to STP portfast. As when the portfast is enabled on the switch it trnasitions from blocking --> forwarding as soon as you connect any device on it. If you connect a switch or a bridge, this can cause a STP loop in your network which can bring your entire N/W to halt/down.

STP BPDUguard is specially designed for the edgeports. So as far as you have a centralized control on your network device and no one can connect any device without proper approval (your) ,you can have it disable. But if you understand the potential impact of connecting a switch or a bridge by anyone without proper authority then you might want it enable it on your switch.

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

HTH, Please rate if it does.

regards,

-amit singh

New Member

Re: BPDU-STP Discrpancy - Help Please - spanning-tree portfast b

Hi Amit,

I am usually the one who add switches to our network but other connet/plug/unplug workstations and servers to these swithes. The two particular switches that I am talking about are at the edge of network, connecting to my border routers at one end and to my PIX firewall at the inside end. basically, all the servers with Public IP address are connected to these two switches and all other servers and wrokstations with private IPs are connected to other switches behind the firewall.

I get this discrepancy message on my other swotches too, i.e. those swotches behind the PIX firewall.

so in general, would it be a good idea/practice to have it enabled on all of my switches across my network? or specific justification is needed for enabling? please advise,

Thx,

Masood

Re: BPDU-STP Discrpancy - Help Please - spanning-tree portfast b

Hi Masood,

**** so in general, would it be a good idea/practice to have it enabled on all of my switches across my network? or specific justification is needed for enabling? ****

Yes, In geneeral it would be a good idea to have it enabled on your switches if you have portfast configured on the switchports. Remember, it is only designed for ports with STP portsfast enabled.

As such you dont require any specific justification for enabling it.

HTH, Please rate if it does.

Regards,

-amit singh

128
Views
0
Helpful
3
Replies
CreatePlease login to create content