RE: bpduguard & bpdufilter

Just to follow up on this.....

As I understand it, the difference with enabling bpdufilter globally vs.
at the interface level, is that at the interface level, portfast does
not have to be configured in order to enable this feature. At the global
level, this is applied to the portfast enabled interfaces, so portfast
has to be configured on the interfaces also.

The same appears to be true with bpduguard at the global and interface
levels. I just labbed it up, and when I configure both of these features
at the interface level, portfast is not configured/enabled on the
interface:

Cat-1#show run int f0/1
Building configuration...

Current configuration : 125 bytes
!
interface FastEthernet0/1
 switchport access vlan 12
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
end

Cat-1#show spanning-tree int f0/1 portfast
VLAN0012 disabled
Cat-1#

Thanks,

Chuck

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Santiago Enciso
Sent: Saturday, June 06, 2009 8:19 PM
To: 'Cisco certification'
Subject: bpduguard & bpdufilter

Spanning-tree portfast (interface level)
        Moves the port directly to forwarding state, skipping listening
and
learning

Spanning-tree portfast default (global level)
        moves all non-trunk (access) ports to forwarding state

Spanning-tree portfast bpduguard default (global level)
        Enables bpduguard on all portfast enabled ports, if a bpdu is
received the port is moved to err-disable state

Spanning-tree portfast bpdufilter default (global level)
        Enables bpdufiltering on all portfast enable ports, the port
doesn't
send bpdus and if one is received it behaves like there is no bpdufilter
configuration and starts sending bpdus.

Spanning-tree bpdufilter enable (interface level)
        This interface level command prevents the port from sending
bpdus
and if one is received it ignores it.

Spanning-tree bpduguard enable (interface level)
        The port sends bpdus and if one is received it is put in
err-disable
state. This command doesn't requiere port-fast to be enabled.

In bpdufilter I understand the difference between global and interface
level
But bpduguard difference between global and interface level is the
interface
level doesn't depends on portfast.

Please someboy to check this

Thanks

Santiago E

Blogs and organic groups at http://www.ccie.net
Received on Tue Jun 09 2009 - 12:29:51 ART