From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri May 14 2004 - 15:34:46 GMT-3
Bpdufilter is typically used in conjunction with portfast. When
bpdufilter is enabled you do not send any bpdus out the interface. If
you hear a bpdu you take the port out of portfast state. With bpduguard
if you hear a bpdu you put the interface in err-disabled state.
The bpdufilter feature is available so you can say spanning-tree
portfast default (I think that's the syntax) to make every port a
portfast port. Ports that receive bpdus will be non-portfast.
Bpduguard should be used on ports that you know should never be
connected to devices running spanning-tree on the other end of the link.
The difference between the two is the action. Bpdufilter is to
revert to non-portfast state, while bpduguard is to revert to
err-disabled state.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Friday, May 14, 2004 12:22 PM
> To: Brian McGahan
> Subject: Fw: STP portfast: bpduguard vs bpdufilter
>
> HI Brian,
>
> Is this guy correct about he's saying re: bpdufilter?
>
> The 3550 documentation is a bit confusing on this. On the one hand, it
> says
> (I'm paraphrasing), if a bdpu is recieved on an interface with
bdpufilter
> configured, it will disable bdpu filtering. But, it also says using
this
> is
> like disabling STP on that interface. Can you straighten this out for
me?
>
> TIA,
> ----- Original Message -----
> From: "MMoniz" <ccie2002@tampabay.rr.com>
> To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
<ccielab@groupstudy.com>
> Sent: Friday, May 14, 2004 12:56 PM
> Subject: RE: STP portfast: bpduguard vs bpdufilter
>
>
> > Well not exactly. If you do bpduguard it will put the port in
errdisable
> > state and shut it down. if bpdu's
> > are received. You will then either have to manually re-enable the
port
> or
> > configure error recovery. But it
> > will just shut it down again if bpdu's are received.
> >
> > If you do bpdufilter at the interface level, you will effectively
turn
> off
> > spanning tree, so no bpdu's are sent or
> > received, and loops can occur.
> >
> > So for your question I think the appropriate configuration would be
to
> > enable global spanning-tree bpdufilter
> > and enabling spanning-tree portfast on the interfaces. In this case
if
> > bpdu's are recievd it will disable the portfast
> > and bpdu filtering on the port, thereby preventing loops.
> >
> > At least this is my understanding on how these work.
> >
> >
> > mike
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf
Of
> > ccie2be
> > Sent: Friday, May 14, 2004 11:16 AM
> > To: Group Study
> > Subject: STP portfast: bpduguard vs bpdufilter
> >
> >
> > Hi guys,
> >
> > I'm trying to understand when I should use bpduguard versus
bdpufilter.
> > From
> > the documentation, it seems that if there's a misconfiguration,
guard
> will
> > shut down the port while filter will return the port to it's default
STP
> > configuration status by disabling portfast and resuming the
listening
> for
> > bdpu's which in turn will allow STP to put the port in "Blocking"
state.
> Is
> > that correct?
> >
> > If that's true, then in the lab, does it matter which I use if I'm
told
> to
> > configure a port such that if a device other than an end-station is
> attched
> > to
> > it, loops are prevented? Both will work, right?
> >
> > TIA, Tim
> >
> >
This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:12 GMT-3