RE: bpduguard & bpdufilter from andrew on 2009-06-06 (Ccielab archives 06/2009)

From: andrew <andrew.coates_at_internode.on.net>
Date: Sun, 7 Jun 2009 11:27:23 +1000

Seems good

Only one that doesn't quite seem to match cisco documentation:

Spanning-tree portfast bpdufilter default (global level)

Be careful when enabling BPDU filtering. Functionality is different when
enabling on a per-port basis or globally. When enabled globally, BPDU
filtering is applied only on ports that are in an operational PortFast
state. Ports still send a few BPDUs at linkup before they effectively filter
outbound BPDUs. If a BPDU is received on an edge port, it immediately loses
its operational PortFast status and BPDU filtering is disabled.

When enabled locally on a port, BPDU filtering prevents the Catalyst 6500
series switch from receiving or sending BPDUs on this port.
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-rip.html#wp
1027188

cheers

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Santiago Enciso
Sent: Sunday, June 07, 2009 11:19 AM
To: 'Cisco certification'
Subject: bpduguard & bpdufilter

Spanning-tree portfast (interface level)
Moves the port directly to forwarding state, skipping listening and
learning

Spanning-tree portfast default (global level)
moves all non-trunk (access) ports to forwarding state

Spanning-tree portfast bpduguard default (global level)
Enables bpduguard on all portfast enabled ports, if a bpdu is
received the port is moved to err-disable state

Spanning-tree portfast bpdufilter default (global level)
Enables bpdufiltering on all portfast enable ports, the port doesn't
send bpdus and if one is received it behaves like there is no bpdufilter
configuration and starts sending bpdus.

Spanning-tree bpdufilter enable (interface level)
This interface level command prevents the port from sending bpdus
and if one is received it ignores it.

Spanning-tree bpduguard enable (interface level)
The port sends bpdus and if one is received it is put in err-disable
state. This command doesn't requiere port-fast to be enabled.

In bpdufilter I understand the difference between global and interface level
But bpduguard difference between global and interface level is the interface
level doesn't depends on portfast.

Please someboy to check this

Thanks

Santiago E

Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 07 2009 - 11:27:23 ART

This archive was generated by hypermail 2.2.0 : Wed Jul 01 2009 - 20:02:36 ART