From: Jason Madsen (madsen.jason@gmail.com)
Date: Mon May 05 2008 - 12:54:36 ART
Todd made some great points, however, I think that bdufilter simply filters
out bpdus from being transmitted or received on an interface without
disabling the interface...bpduguard, however, does disable (err disable) an
interface that receives / passes bpdus.
One main difference I see between bpdufilter at the interface level versus
bpdufilter globally is that when used globally (*spanning-tree portfast
bpdufilter default) *it is only applied to interfaces that have spanning
tree portfast enabled and if bpdus are detected on that interface the ONLY
action is that the interface loses it's portfast condition (portfast becomes
disabled) and then bpdu filtering is stopped. Whereas, when using
bpdufiltering at the interface level it doesn't matter if that interface has
portfast enabled and it will continue to filter bpdus regardless if portfast
is set on that interface or not.
If your requirements are to utilize bpdufilter on an interface that doesn't
have portfast enabled, you'd have to either apply the filter at the
interface level (*spanning-tree bpdufilter enable*) or else enable portfast
on the interface and then apply the bpdufilter globally and MOST
IMPORTANTLY, if you want BPDUs to be filtered on an interface and not just
for portfast to be removed from an interface, you must use bpdufiltering at
the interface level.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/command/reference/cli3.html#wp1945458
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swstpopt.html#wp1046220
Please let me know if anyone has experienced anything different or if
there's any Cisco documentation that states otherwise.
Thanks,
Jason
On Mon, May 5, 2008 at 8:58 AM, Todd, Douglas M. <DTODD@partners.org> wrote:
> Well - global bpdufilter enables the feature for every interface. (the
> affect
> on trunks is null)
> Under the interface is just for that interface and does not affect any
> other
> interfaces.
>
> You can also enable it globally, and disable it per interface.
> OR
> Disable it globally and enable it per interface.
>
> Just keep in mind that if you enable it globally and you have a bridge
> device,
> you will disable the port. BPDUs will be seen on the interface. This can
> cause
> you some pain.
>
> Portfast does not have an affect on the bpdufilter, just reduces the
> spanning-tree states and make the port go to forwarding faster and no tcn.
> Thus
> the dhcp client will not have issues because of the port in a non
> forwarding
> state while the client is doing the dhcp discover/request.
>
>
>
> ________________________________
>
> From: nobody@groupstudy.com on behalf of John
> Sent: Mon 5/5/2008 10:56 AM
> To: ccielab@groupstudy.com
> Subject: bpdufilter
>
>
>
> Is there any difference between enabling bpdufilter on the interface and
> enabling it for the whole switch? I ask because I have a solution that
> has
> the whole switch having bpdufilter enabled. although I was tasked with
> enabling it for one interface. This is in conjuction with portfast on
> that
> interface if that makes a difference.
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
> The information transmitted in this electronic communication is intended
> only
> for the person or entity to whom it is addressed and may contain
> confidential
> and/or privileged material. Any review, retransmission, dissemination or
> other
> use of or taking of any action in reliance upon this information by
> persons or
> entities other than the intended recipient is prohibited. If you received
> this
> information in error, please contact the Compliance HelpLine at
> 800-856-1983 and
> properly dispose of this information.
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:15 ART