From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Mon May 05 2008 - 15:06:52 ART
Opps, thanks my bad.. :)
DMT
_____
From: Jason Madsen [mailto:madsen.jason@gmail.com]
Sent: Monday, May 05, 2008 11:55 AM
To: Todd, Douglas M.
Cc: John; ccielab@groupstudy.com
Subject: Re: bpdufilter
Todd made some great points, however, I think that bdufilter simply filters out
bpdus from being transmitted or received on an interface without disabling the
interface...bpduguard, however, does disable (err disable) an interface that
receives / passes bpdus.
One main difference I see between bpdufilter at the interface level versus
bpdufilter globally is that when used globally (spanning-tree portfast
bpdufilter default) it is only applied to interfaces that have spanning tree
portfast enabled and if bpdus are detected on that interface the ONLY action is
that the interface loses it's portfast condition (portfast becomes disabled) and
then bpdu filtering is stopped. Whereas, when using bpdufiltering at the
interface level it doesn't matter if that interface has portfast enabled and it
will continue to filter bpdus regardless if portfast is set on that interface or
not.
If your requirements are to utilize bpdufilter on an interface that doesn't have
portfast enabled, you'd have to either apply the filter at the interface level
(spanning-tree bpdufilter enable) or else enable portfast on the interface and
then apply the bpdufilter globally and MOST IMPORTANTLY, if you want BPDUs to be
filtered on an interface and not just for portfast to be removed from an
interface, you must use bpdufiltering at the interface level.
HYPERLINK
"http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2
_44_se/command/reference/cli3.html#wp1945458"http://www.cisco.com/en/US/docs/swi
tches/lan/catalyst3560/software/release/12.2_44_se/command/reference/cli3.html#w
p1945458
HYPERLINK
"http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2
_44_se/configuration/guide/swstpopt.html#wp1046220"http://www.cisco.com/en/US/do
cs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/sws
tpopt.html#wp1046220
Please let me know if anyone has experienced anything different or if there's
any Cisco documentation that states otherwise.
Thanks,
Jason
On Mon, May 5, 2008 at 8:58 AM, Todd, Douglas M. <HYPERLINK
"mailto:DTODD@partners.org"DTODD@partners.org> wrote:
Well - global bpdufilter enables the feature for every interface. (the affect
on trunks is null)
Under the interface is just for that interface and does not affect any other
interfaces.
You can also enable it globally, and disable it per interface.
OR
Disable it globally and enable it per interface.
Just keep in mind that if you enable it globally and you have a bridge device,
you will disable the port. BPDUs will be seen on the interface. This can cause
you some pain.
Portfast does not have an affect on the bpdufilter, just reduces the
spanning-tree states and make the port go to forwarding faster and no tcn. Thus
the dhcp client will not have issues because of the port in a non forwarding
state while the client is doing the dhcp discover/request.
________________________________
From: HYPERLINK "mailto:nobody@groupstudy.com"nobody@groupstudy.com on behalf of
John
Sent: Mon 5/5/2008 10:56 AM
To: HYPERLINK "mailto:ccielab@groupstudy.com"ccielab@groupstudy.com
Subject: bpdufilter
Is there any difference between enabling bpdufilter on the interface and
enabling it for the whole switch? I ask because I have a solution that has
the whole switch having bpdufilter enabled. although I was tasked with
enabling it for one interface. This is in conjuction with portfast on that
interface if that makes a difference.
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:16 ART