RE: STP portfast: bpduguard vs bpdufilter

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri May 14 2004 - 17:38:31 GMT-3

• Next message: Ahmed Mustafa: "SNMP"
• Previous message: Howard C. Berkowitz: "Re: Dampening - Internal Networks from iBGP"
• Maybe in reply to: ccie2be: "STP portfast: bpduguard vs bpdufilter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

        It means that it will run as a normal port with STP enabled.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705

> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Friday, May 14, 2004 3:05 PM
> To: Brian McGahan
> Subject: Re: STP portfast: bpduguard vs bpdufilter
>
> Thanks, Brian. But, one more question.
>
> When a port (with portfast and bdpufilter configured on it) hears a
bpdu
> and
> reverts to a non-portfast state, does that mean that STP is disabled
on
> that port after hearing a bpdu or will STP run on that port like
normal
> and
> put the port into blocking state when it hears a bdpu?
>
> Thanks
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: "ccie2be" <ccie2be@nyc.rr.com>; <ccielab@groupstudy.com>
> Sent: Friday, May 14, 2004 2:34 PM
> Subject: RE: STP portfast: bpduguard vs bpdufilter
>
>
> Bpdufilter is typically used in conjunction with portfast. When
> bpdufilter is enabled you do not send any bpdus out the interface. If
> you hear a bpdu you take the port out of portfast state. With
bpduguard
> if you hear a bpdu you put the interface in err-disabled state.
>
> The bpdufilter feature is available so you can say spanning-tree
> portfast default (I think that's the syntax) to make every port a
> portfast port. Ports that receive bpdus will be non-portfast.
> Bpduguard should be used on ports that you know should never be
> connected to devices running spanning-tree on the other end of the
link.
>
> The difference between the two is the action. Bpdufilter is to
> revert to non-portfast state, while bpduguard is to revert to
> err-disabled state.
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
>
>
> > -----Original Message-----
> > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > Sent: Friday, May 14, 2004 12:22 PM
> > To: Brian McGahan
> > Subject: Fw: STP portfast: bpduguard vs bpdufilter
> >
> > HI Brian,
> >
> > Is this guy correct about he's saying re: bpdufilter?
> >
> > The 3550 documentation is a bit confusing on this. On the one hand,
it
> > says
> > (I'm paraphrasing), if a bdpu is recieved on an interface with
> bdpufilter
> > configured, it will disable bdpu filtering. But, it also says using
> this
> > is
> > like disabling STP on that interface. Can you straighten this out
for
> me?
> >
> > TIA,
> > ----- Original Message -----
> > From: "MMoniz" <ccie2002@tampabay.rr.com>
> > To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
> <ccielab@groupstudy.com>
> > Sent: Friday, May 14, 2004 12:56 PM
> > Subject: RE: STP portfast: bpduguard vs bpdufilter
> >
> >
> > > Well not exactly. If you do bpduguard it will put the port in
> errdisable
> > > state and shut it down. if bpdu's
> > > are received. You will then either have to manually re-enable the
> port
> > or
> > > configure error recovery. But it
> > > will just shut it down again if bpdu's are received.
> > >
> > > If you do bpdufilter at the interface level, you will effectively
> turn
> > off
> > > spanning tree, so no bpdu's are sent or
> > > received, and loops can occur.
> > >
> > > So for your question I think the appropriate configuration would
be
> to
> > > enable global spanning-tree bpdufilter
> > > and enabling spanning-tree portfast on the interfaces. In this
case
> if
> > > bpdu's are recievd it will disable the portfast
> > > and bpdu filtering on the port, thereby preventing loops.
> > >
> > > At least this is my understanding on how these work.
> > >
> > >
> > > mike
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
Behalf
> Of
> > > ccie2be
> > > Sent: Friday, May 14, 2004 11:16 AM
> > > To: Group Study
> > > Subject: STP portfast: bpduguard vs bpdufilter
> > >
> > >
> > > Hi guys,
> > >
> > > I'm trying to understand when I should use bpduguard versus
> bdpufilter.
> > > From
> > > the documentation, it seems that if there's a misconfiguration,
> guard
> > will
> > > shut down the port while filter will return the port to it's
default
> STP
> > > configuration status by disabling portfast and resuming the
> listening
> > for
> > > bdpu's which in turn will allow STP to put the port in "Blocking"
> state.
> > Is
> > > that correct?
> > >
> > > If that's true, then in the lab, does it matter which I use if I'm
> told
> > to
> > > configure a port such that if a device other than an end-station
is
> > attched
> > > to
> > > it, loops are prevented? Both will work, right?
> > >
> > > TIA, Tim
> > >
> > >
>

• Next message: Ahmed Mustafa: "SNMP"
• Previous message: Howard C. Berkowitz: "Re: Dampening - Internal Networks from iBGP"
• Maybe in reply to: ccie2be: "STP portfast: bpduguard vs bpdufilter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jun 02 2004 - 11:12:12 GMT-3