RE: Difference between bpduguard & bpdufilter

From: Henk de Tombe (henk.de.tombe@qi.nl)
Date: Fri Oct 14 2005 - 09:12:44 GMT-3

• Next message: Lee Donald: "RE: Route Tagging"
• Previous message: The Great Ryan: "Re: Broadcast Queue & Normal Interface Queue in Serial"
• Maybe in reply to: Matthew Seppeler: "Difference between bpduguard & bpdufilter"
• Next in thread: Gustavo Novais: "RE: Difference between bpduguard & bpdufilter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Watch the "Cautions" in the following link:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/3550scg/s
wstpopt.htm#wp1033638

Regards,
Henk

-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens Gustavo
Novais
Verzonden: vrijdag 14 oktober 2005 11:40
Aan: Bob Sinclair; Matthew Seppeler; ccielab@groupstudy.com
Onderwerp: RE: Difference between bpduguard & bpdufilter

Hi

I didn't understand why you say that spanning-tree bpdufilter is dangerous
on the interface level, because it disables STP on the port, but globally it
is safe? I thought it would be as dangerous enabling it at global level
(disable STP on ALL portfast ports) as it would be interface level (if not
more!).

At least the DocCD does not state anything that one command is safe and the
other is not.

Could you elaborate on that?

Thanks

Gustavo

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Bob
Sinclair
Sent: sexta-feira, 14 de Outubro de 2005 3:10
To: Matthew Seppeler; ccielab@groupstudy.com
Subject: Re: Difference between bpduguard & bpdufilter

Matthew,

Here are some of my notes:

BPDU Guard:

error-disables port if a portfast port receives a bpdu

enable on all portfast ports: spanning-tree portfast bpduguard default

enable per port: spanning-tree bpduguard [enable disable]

BPDU Filtering:

When enabled globally prevents portfast ports from sending bpdus. If bpdu is
received, port becomes non-portfast and filtering is disabled

spanning-tree portfast bpdufilter default

On interface: DISABLES STP on the port: very dangerous!

spanning-tree bpdufilter enable

Global is recommended, per interface is dangerous.

HTH,

Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net

  ----- Original Message -----
  From: Matthew Seppeler
  To: ccielab@groupstudy.com
  Sent: Thursday, October 13, 2005 8:09 PM
  Subject: Difference between bpduguard & bpdufilter

  Can someone explain the differences between bpduguard & bpdufilter and
  under which circumstances they would it best be used. The Doc CD does
  not make a clear distinction between the two.

  Matt Seppeler

• Next message: Lee Donald: "RE: Route Tagging"
• Previous message: The Great Ryan: "Re: Broadcast Queue & Normal Interface Queue in Serial"
• Maybe in reply to: Matthew Seppeler: "Difference between bpduguard & bpdufilter"
• Next in thread: Gustavo Novais: "RE: Difference between bpduguard & bpdufilter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3