From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Fri Oct 14 2005 - 06:39:35 GMT-3
Hi
I didn't understand why you say that spanning-tree bpdufilter is
dangerous on the interface level, because it disables STP on the port,
but globally it is safe? I thought it would be as dangerous enabling it
at global level (disable STP on ALL portfast ports) as it would be
interface level (if not more!).
At least the DocCD does not state anything that one command is safe and
the other is not.
Could you elaborate on that?
Thanks
Gustavo
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bob Sinclair
Sent: sexta-feira, 14 de Outubro de 2005 3:10
To: Matthew Seppeler; ccielab@groupstudy.com
Subject: Re: Difference between bpduguard & bpdufilter
Matthew,
Here are some of my notes:
BPDU Guard:
error-disables port if a portfast port receives a bpdu
enable on all portfast ports: spanning-tree portfast bpduguard default
enable per port: spanning-tree bpduguard [enable disable]
BPDU Filtering:
When enabled globally prevents portfast ports from sending bpdus. If
bpdu is received, port becomes non-portfast and filtering is disabled
spanning-tree portfast bpdufilter default
On interface: DISABLES STP on the port: very dangerous!
spanning-tree bpdufilter enable
Global is recommended, per interface is dangerous.
HTH,
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net
----- Original Message -----
From: Matthew Seppeler
To: ccielab@groupstudy.com
Sent: Thursday, October 13, 2005 8:09 PM
Subject: Difference between bpduguard & bpdufilter
Can someone explain the differences between bpduguard & bpdufilter and
under which circumstances they would it best be used. The Doc CD does
not make a clear distinction between the two.
Matt Seppeler
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3