From: Gregory Gombas (ggombas@gmail.com)
Date: Sun Apr 15 2007 - 16:56:29 ART
Thanks for the clarification Bob.
Yes I was able to observe the differences between global bpdufilter
and interface level bpdufilter and it works as you described.
As far as differences between 3550 and 3560 with regards to portfast,
I was not able to replicate your scenario:
Here is a 3550 with portfast enabled but no BPDU filtering globally or
on the interface. Its neighbor currently has spanning tree disabled:
SW3#show spanning-tree int fa0/19 det
Port 19 (FastEthernet0/19) of VLAN0001 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.19.
Designated root has priority 32769, address 000a.b80a.df00
Designated bridge has priority 32769, address 000b.46e2.c100
Designated port id is 128.19, designated path cost 38
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast mode
Link type is point-to-point by default
BPDU: sent 14, received 0
SW3#
SW3#show spanning-tree int fa0/19 portfast
VLAN0001 enabled
After spanning tree was enabled on neighboring switch:
SW3#
05:54:18: STP: VLAN0001 new root port Fa0/19, cost 38
05:54:18: STP: VLAN0001 sent Topology Change Notice on Fa0/19
05:54:18: STP: VLAN0001 Fa0/21 -> blocking
SW3#
SW3#show spanning-tree int fa0/19 det
Port 19 (FastEthernet0/19) of VLAN0001 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.19.
Designated root has priority 32769, address 000a.b80a.df00
Designated bridge has priority 32769, address 000b.4635.8780
Designated port id is 128.19, designated path cost 19
Timers: message age 2, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 17, received 8
SW3#
SW3#show spanning-tree int fa0/19 portfast
VLAN0001 disabled
Notice portfast was disabled by the reception of a bpdu regardless of
whether bpdufilter was enabled at all. Maybe that behavior is code
specific...here is my code level:
SW3#show ver
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version
12.2(25)SEE2, RELEASE SOFTWARE (fc1)
Regards,
Greg
On 4/15/07, Bob Sinclair <bob@bobsinclair.net> wrote:
> Greg,
>
> Interesting observations. Some of what you observe is due to
> differences between the 3560 and the 3550. See comments inline.
>
> ggombas@gmail.com wrote:
> > Hello groupstudy,
> >
> > I was hoping to clear up some misconceptions regarding the spanning tree portfast and bpdufilter feature on Cisco switches.
> >
> > In some Cisco texts and even on this group I have read that a port configured with portfast and bpdufilter "loses its Port Fast-operational status, and BPDU filtering is disabled" when it hears a BPDU.
> >
> > In reality I have seen the opposite. In the example below I configured a Cat 3560 swithport with portfast and bpdufilter and connected it to another switch configured as the root.
> >
> >
> cut
> > By the way - the default behavior of a switch is to remove a port from portfast mode when it hears a BPDU on that port (whether bpdufilter is configured or not).
> >
> CAT4 is a 3560 and port f0/13 an access port and an STP designated
> port. By default, the reception of a bpdu appears to disable portfast:
>
> CAT4(config-if)#span portfast
> %Warning: portfast should only be enabled on ports connected to a single
> host. Connecting hubs, concentrators, switches, bridges, etc... to this
> interface when portfast is enabled, can cause temporary bridging loops.
> Use with CAUTION
>
> %Portfast has been configured on FastEthernet0/13 but will only
> have effect when the interface is in a non-trunking mode.
> CAT4(config-if)#end
> CAT4#sh span int f0/13 portfast
> VLAN0001 disabled <<<<<<<<<<<<<<<<<<<<<<<
>
> CAT1 is a 3550. Same configs do not disable portfast:
>
>
> CAT1(config)#int f0/13
> CAT1(config-if)#span portfast
> %Warning: portfast should only be enabled on ports connected to a single
> host. Connecting hubs, concentrators, switches, bridges, etc... to this
> interface when portfast is enabled, can cause temporary bridging loops.
> Use with CAUTION
>
> %Portfast has been configured on FastEthernet0/13 but will only
> have effect when the interface is in a non-trunking mode.
> CAT1(config-if)#end
> CAT1#sh span int f0/13 portfast
> VLAN0001 enabled <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>
> On the 3550, the GLOBAL command below will cause portfast ports that
> receive bpdus to disable portfast. When you use the global command, and
> a portfast port receives a bpdu, portfast is disabled, and the port
> does not filter bpdus.
>
> CAT1(config)#span portfast bpdufilter default
> CAT1(config)#end
> CAT1#sh span int f0/13 portfast
> VLAN0001 enabled
> CAT1#sh span int f0/13 portfast
> VLAN0001 enabled
> CAT1#sh span int f0/13 portfast
> VLAN0001 enabled
> CAT1#sh span int f0/13 portfast
> VLAN0001 enabled
> CAT1#sh span int f0/13 portfast
> VLAN0001 disabled <<<<<<<<<<<<<<<<<<<<<<<<<
> CAT1#
>
>
> Important to distinguish between the global portfast bpdufilter default
> command and the interface level command. The global command keeps
> portfast ports from sending bpdus as long as portfast is enabled. But
> if a bpdu is received, then portfast is disabled and there is no bpdu
> filtering.
>
> The interface command keeps the port from sending or receiving bpdus no
> matter the portfast status.
>
> Also important to note the difference between the 3550 and 3560. As
> you say, the 3560 does disable portfast automatically, by default, when
> a bpdu is received. The 3550 does not; it requires the global portfast
> bpdufilter default command.
>
>
> At least, this is what I am seeing :-)
> --
> Hth,
>
> Bob Sinclair CCIE 10427 CCSI 30427
> www.netmasterclass.net
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART