Re: bpdufilter vs bpduguard

From: Mihai Petcu (mpetcu2004@yahoo.com)
Date: Sat Mar 26 2005 - 06:01:01 GMT-3

• Next message: Hotmail: "Re: bpdufilter vs bpduguard"
• Previous message: simon hart: "RE: Mcast configuration sequence - Best Practices"
• Maybe in reply to: Dillon Yang: "bpdufilter vs bpduguard"
• Next in thread: Hotmail: "Re: bpdufilter vs bpduguard"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Dillon,

          I think the answer to your problem is
spanning-tree portfast together with spanning-tree
bpdufilter enable and the reason is :

         spanning-tree portfast - solves the part of
your question that says "go to forwarding fastly".

         spanning-tree bpdufilter enable - solves the
part of your question that says "change its state to
block" because if that port receives a BPDU it loses
its "portfast" status and reverts back to a "normal
STP port" that goes all the way up from STP "blocking"
state to STP "forwarding" state in order to forward
traffic.

       What do you think ?

HTH,

Mihai

--- Dillon Yang <gzdillon@hotmail.com> wrote:
> Hi, Balaji:
>
> It sounds right. But if I am asked for a task that
> a port need to go to forwarding fastly and should
> change its state to block when it receive bpdu
> packets, what can I do?
> bpduguard is not the answer for the port goes to
> err-disable, bpdufilter is not too, for the port
> lose its portfast attribute to normal STP process.
>
>
> TIA
> dillon
>
> ----- Original Message -----
> From: "Balaji Siva" <bsivasub@gmail.com>
> To: "Dillon Yang" <gzdillon@hotmail.com>
> Cc: "Group Study" <ccielab@groupstudy.com>
> Sent: Saturday, March 26, 2005 2:34 PM
> Subject: Re: bpdufilter vs bpduguard
>
>
> > BPDU filter = stops "sending" bpdu on the
> port-fast enabled port
> > BPDU guard = err-disable if the switch
> "receives" a bpdu on a
> > port-fast enabled port
> >
> > BPDU filter enabled port does not send BPDU.. STP
> disabled port does
> > not send BPDU. Since Portfast is also enabled,
> the port goes directly
> > to forwarding so basically the port acts as if STP
> is disabled on the
> > port (but in fact it is running and it would save
> you from shooting
> > yourself in the foot if you had actually disabled
> STP completedly on
> > that port)
> >
> > HTH
> > Balaji
> >
> >
> > On Sat, 26 Mar 2005 09:54:01 +0800, Dillon Yang
> <gzdillon@hotmail.com> wrote:
> > > Hi, group:
> > >
> > > I'm confused by the two command "spanning-tree
> bpdufilter " and "spanning-tree bpduguard enable ".
> > > <quote> If a BPDU is received on a
> PortFast-enabled port, the port loses its
> PortFast-operational status, and BPDU filtering is
> disabled. </quote>
> > >
> > > So I think the former do nothing with filtering
> and the latter truly filter the BPDU by making the
> port "error-disable".
> > >
> > > <quote> Caution Enabling BPDU filtering on an
> interface is the same as disabling spanning tree on
> it and can result in spanning-tree loops. </quote>
> > >
> > > I can not understand how "BPDU filtering " is
> the same as "disabling spanning tree "?
> > >
> > > TIA
> > > dillon
> > >
> > >
>

• Next message: Hotmail: "Re: bpdufilter vs bpduguard"
• Previous message: simon hart: "RE: Mcast configuration sequence - Best Practices"
• Maybe in reply to: Dillon Yang: "bpdufilter vs bpduguard"
• Next in thread: Hotmail: "Re: bpdufilter vs bpduguard"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:52 GMT-3