Re: Bpdufilter and Portfast Misconceptions

From: lalit gupta (lalit.tech@gmail.com)
Date: Sun Apr 15 2007 - 17:11:48 ART

• Next message: lalit gupta: "lalit gupta wants to chat"
• Previous message: Gregory Gombas: "Bpdufilter and Portfast Misconceptions"
• Maybe in reply to: Gregory Gombas: "Bpdufilter and Portfast Misconceptions"
• Next in thread: Bob Sinclair: "Re: Bpdufilter and Portfast Misconceptions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

HI,

There are few things about the BPDUs

1, when the port fast is configured on interface and BPDUfilter is applied
on configuration mode,
  In that case if bpdu are received on interface, it will loose the port
fast status and become normal port.

2, when the port fast is configured on interface and bpdufilter is also
applied on interface level, it will neither forward the bpdu nor receive the
bpdu.

3, when the port fast is configured on interface and bpdu guard is applied
and if bpdus are received , then this port will go in to the error disable
state.

Hope this will help

Rgrds
Lalit

On 4/16/07, Gregory Gombas <ggombas@gmail.com> wrote:
>
> Thanks for the clarification Bob.
>
> Yes I was able to observe the differences between global bpdufilter
> and interface level bpdufilter and it works as you described.
>
> As far as differences between 3550 and 3560 with regards to portfast,
> I was not able to replicate your scenario:
>
> Here is a 3550 with portfast enabled but no BPDU filtering globally or
> on the interface. Its neighbor currently has spanning tree disabled:
>
> SW3#show spanning-tree int fa0/19 det
> Port 19 (FastEthernet0/19) of VLAN0001 is forwarding
> Port path cost 19, Port priority 128, Port Identifier 128.19.
> Designated root has priority 32769, address 000a.b80a.df00
> Designated bridge has priority 32769, address 000b.46e2.c100
> Designated port id is 128.19, designated path cost 38
> Timers: message age 0, forward delay 0, hold 0
> Number of transitions to forwarding state: 1
> The port is in the portfast mode
> Link type is point-to-point by default
> BPDU: sent 14, received 0
> SW3#
> SW3#show spanning-tree int fa0/19 portfast
> VLAN0001 enabled
>
> After spanning tree was enabled on neighboring switch:
>
> SW3#
> 05:54:18: STP: VLAN0001 new root port Fa0/19, cost 38
> 05:54:18: STP: VLAN0001 sent Topology Change Notice on Fa0/19
> 05:54:18: STP: VLAN0001 Fa0/21 -> blocking
> SW3#
> SW3#show spanning-tree int fa0/19 det
> Port 19 (FastEthernet0/19) of VLAN0001 is forwarding
> Port path cost 19, Port priority 128, Port Identifier 128.19.
> Designated root has priority 32769, address 000a.b80a.df00
> Designated bridge has priority 32769, address 000b.4635.8780
> Designated port id is 128.19, designated path cost 19
> Timers: message age 2, forward delay 0, hold 0
> Number of transitions to forwarding state: 1
> Link type is point-to-point by default
> BPDU: sent 17, received 8
> SW3#
> SW3#show spanning-tree int fa0/19 portfast
> VLAN0001 disabled
>
> Notice portfast was disabled by the reception of a bpdu regardless of
> whether bpdufilter was enabled at all. Maybe that behavior is code
> specific...here is my code level:
> SW3#show ver
> Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version
> 12.2(25)SEE2, RELEASE SOFTWARE (fc1)
>
> Regards,
> Greg
>
>
> On 4/15/07, Bob Sinclair <bob@bobsinclair.net> wrote:
> > Greg,
> >
> > Interesting observations. Some of what you observe is due to
> > differences between the 3560 and the 3550. See comments inline.
> >
> > ggombas@gmail.com wrote:
> > > Hello groupstudy,
> > >
> > > I was hoping to clear up some misconceptions regarding the spanning
> tree portfast and bpdufilter feature on Cisco switches.
> > >
> > > In some Cisco texts and even on this group I have read that a port
> configured with portfast and bpdufilter "loses its Port Fast-operational
> status, and BPDU filtering is disabled" when it hears a BPDU.
> > >
> > > In reality I have seen the opposite. In the example below I configured
> a Cat 3560 swithport with portfast and bpdufilter and connected it to
> another switch configured as the root.
> > >
> > >
> > cut
> > > By the way - the default behavior of a switch is to remove a port from
> portfast mode when it hears a BPDU on that port (whether bpdufilter is
> configured or not).
> > >
> > CAT4 is a 3560 and port f0/13 an access port and an STP designated
> > port. By default, the reception of a bpdu appears to disable portfast:
> >
> > CAT4(config-if)#span portfast
> > %Warning: portfast should only be enabled on ports connected to a single
> > host. Connecting hubs, concentrators, switches, bridges, etc... to this
> > interface when portfast is enabled, can cause temporary bridging
> loops.
> > Use with CAUTION
> >
> > %Portfast has been configured on FastEthernet0/13 but will only
> > have effect when the interface is in a non-trunking mode.
> > CAT4(config-if)#end
> > CAT4#sh span int f0/13 portfast
> > VLAN0001 disabled <<<<<<<<<<<<<<<<<<<<<<<
> >
> > CAT1 is a 3550. Same configs do not disable portfast:
> >
> >
> > CAT1(config)#int f0/13
> > CAT1(config-if)#span portfast
> > %Warning: portfast should only be enabled on ports connected to a single
> > host. Connecting hubs, concentrators, switches, bridges, etc... to this
> > interface when portfast is enabled, can cause temporary bridging
> loops.
> > Use with CAUTION
> >
> > %Portfast has been configured on FastEthernet0/13 but will only
> > have effect when the interface is in a non-trunking mode.
> > CAT1(config-if)#end
> > CAT1#sh span int f0/13 portfast
> > VLAN0001 enabled <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> >
> > On the 3550, the GLOBAL command below will cause portfast ports that
> > receive bpdus to disable portfast. When you use the global command, and
> > a portfast port receives a bpdu, portfast is disabled, and the port
> > does not filter bpdus.
> >
> > CAT1(config)#span portfast bpdufilter default
> > CAT1(config)#end
> > CAT1#sh span int f0/13 portfast
> > VLAN0001 enabled
> > CAT1#sh span int f0/13 portfast
> > VLAN0001 enabled
> > CAT1#sh span int f0/13 portfast
> > VLAN0001 enabled
> > CAT1#sh span int f0/13 portfast
> > VLAN0001 enabled
> > CAT1#sh span int f0/13 portfast
> > VLAN0001 disabled <<<<<<<<<<<<<<<<<<<<<<<<<
> > CAT1#
> >
> >
> > Important to distinguish between the global portfast bpdufilter default
> > command and the interface level command. The global command keeps
> > portfast ports from sending bpdus as long as portfast is enabled. But
> > if a bpdu is received, then portfast is disabled and there is no bpdu
> > filtering.
> >
> > The interface command keeps the port from sending or receiving bpdus no
> > matter the portfast status.
> >
> > Also important to note the difference between the 3550 and 3560. As
> > you say, the 3560 does disable portfast automatically, by default, when
> > a bpdu is received. The 3550 does not; it requires the global portfast
> > bpdufilter default command.
> >
> >
> > At least, this is what I am seeing :-)
> > --
> > Hth,
> >
> > Bob Sinclair CCIE 10427 CCSI 30427
> > www.netmasterclass.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: lalit gupta: "lalit gupta wants to chat"
• Previous message: Gregory Gombas: "Bpdufilter and Portfast Misconceptions"
• Maybe in reply to: Gregory Gombas: "Bpdufilter and Portfast Misconceptions"
• Next in thread: Bob Sinclair: "Re: Bpdufilter and Portfast Misconceptions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART