From: Bob Nelson (nelsnjr@cox.net)
Date: Tue Sep 20 2005 - 02:56:56 GMT-3
Guys:
It would appear you may have multiple options. Correct me however if my
understanding is inaccurate.
1. First you can disable spanning-tree on the VLAN using the no
spanning-tree vlan vlan-id global config command
2. At the interface level, you can enable BPDU guard on any port by using
the spanning-tree bpduguard enable interface
configuration command without also enabling the Port Fast feature.
When the port receives a BPDU, it is put in the error-disabled state
3. At the interface level, you can enable BPDU filtering on any port
without also enabling the Port Fast feature by
using the spanning-tree bpdufilter enable interface configuration
command. This command prevents the port from sending or receiving BPDUs.
This command has the same effect of turning off STP and can cause
loops.
Regards,
Bob
----- Original Message -----
From: "Arun Arumuganainar" <aarumuga@hotmail.com>
To: "Dennis J. Hartmann" <dennisjhartmann@hotmail.com>;
<ccielab@groupstudy.com>
Sent: Monday, September 19, 2005 8:52 PM
Subject: Re: Catalyst Specialties Question Interpretation
> While answering a question . There could be a implicit answers and Explicit
> answers .
>
> Explicit Answer : Enable BPDU Filiter !!!!
> Implicit Answer : Enable Portfast ( you can not enable bpdu guard feature )
>
> I too do not agree with disabling STP as a solution to this problem . Port
> fast with BPDU Guard looks much cleaner solution .
>
> Thanks and Regards
> Arun
>
>
> ----- Original Message -----
> From: "Dennis J. Hartmann" <dennisjhartmann@hotmail.com>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, September 20, 2005 6:23 AM
> Subject: Catalyst Specialties Question Interpretation
>
>
> > I'm wondering how everyone would interpret the following question:
> >
> > Create VLAN 200 and assign port fast 0/20 to it on CAT2. Do not allow
> BPDU
> > traffic on this VLAN.
> >
> > The answer says to turn off STP on VLAN 200, but I disagree with this
> > solution. Would turning off STP on a VLAN disallow STP traffic? I would
> > think that STP could still propagate the switch, but it will not be
> > interpretted by the switch because there will not be a static
> > mac-address-table entry pointed to the CPU for this particular VLAN.
> >
> > I believe the solution is to enable one of the follwing commands
> >
> > (config-if)# spanning-tree portfast bpdufilter enable (the scenario did
> not
> > call for portfast though)
> > (config-if)# spanning-tree bpdufilter enable (the scenario asked to not
> > allow bpdu traffic on this VLAN. Since there's no global command that
can
> > not simultaneously filter the traffic from only VLAN 200, I think this is
> > the correct answer). If there's any other ports in vlan 200, they must
> have
> > the same command applied to them.
> > spanning-tree bpdufilter enable
> >
> >
> > Comments?
> >
> > Sincerely,
> >
> > Dennis J. Hartmann
> >
> > White Pine Communications
> >
> > dh8@pobox.com
> >
> > CCSI#23402 / CCVP / CCIP / CCNP
> >
> > Cisco Optical, VPN & IDS Specialist
> >
> > MCSE
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3