Re: Bpdu issues (BPDU FILTER WINS under the interface)!

Dear Mustafa,

I was interested to test it and below are the results. My conclusion is that
when both are enabled under the interface bpdu filter wins and no bpdus are
sent/received as the spanning-tree output shows. However when turning bpdu
filter off bpdu guard takes over and the interface goes into err-disabled
state.

Check it out:

interface FastEthernet0/6
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
end

FastEthernet0/6 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 001b.2b7e.9388 (bia 001b.2b7e.9388)
  MTU 1504 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:06, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 3000 bits/sec, 3 packets/sec
     179 packets input, 14868 bytes, 0 no buffer
     Received 152 broadcasts (151 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 151 multicast, 0 pause input
     0 input packets with dribble condition detected
     1110 packets output, 167980 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

MB-KSA-CORE#show spanning-tree interface fastEthernet 0/6 detail
 Port 8 (FastEthernet0/6) of VLAN0001 is designated forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.8.
   Designated root has priority 24577, address 001b.2b7e.9380
   Designated bridge has priority 24577, address 001b.2b7e.9380
   Designated port id is 128.8, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   Bpdu guard is enabled
   Bpdu filter is enabled
   BPDU: sent 0, received 0

interface FastEthernet0/6
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
end

XXX#conf t
Enter configuration commands, one per line. End with CNTL/Z.
XXX(config)#int fa0/6
XXX(config-if)#no spann
XXX(config-if)#no spanning-tree bpdu
XXX(config-if)#no spanning-tree bpdufi
XXX(config-if)#no spanning-tree bpdufilter en
XXX(config-if)#no spanning-tree bpdufilter en
XXX(config-if)#
XXX(config-if)#
XXX(config-if)#
XXX(config-if)#^Z
XXX#show run int fa0/6
Building configuration...

Current configuration : 65 bytes
!
interface FastEthernet0/6
 spanning-tree bpduguard enable
end

XXX#show int fa0/6
FastEthernet0/6 is down, line protocol is down (err-disabled)
  Hardware is Fast Ethernet, address is 001b.2b7e.9388 (bia 001b.2b7e.9388)
  MTU 1504 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:06, output 00:00:08, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 3000 bits/sec, 2 packets/sec
     293 packets input, 22951 bytes, 0 no buffer
     Received 259 broadcasts (257 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 257 multicast, 0 pause input
     0 input packets with dribble condition detected
     1439 packets output, 225974 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

HTH,

Best Regards,

On Mon, Sep 20, 2010 at 5:38 PM, karim jamali <karim.jamali_at_gmail.com>wrote:

> Hi Mustafa,
>
> I am not sure who will "win" but logically I can't seem to find any reason
> to do so unless a crazy CCIE task is trying to go that way. Note that
> bpdufilter acts both ways and it stops sending/receiving of BPDUs. BPDU
> guard as per my knowledge only acts in one direction and the action it takes
> is put a port in err-disabled state if it receives a BPDU.
>
> Best Regards,
>
> 2010/9/20 Mustafa Yadav <mustafa.yadav_at_gmail.com>
>
> Hi
>> Can we enable bpdu filter default and bpduguard at the same time in
>> global.
>> What will be the effect of this.any bpdy transmit or in the case of
>> bpdu receieved what happens
>>
>> --
>> Mobil cihaz}mdan gvnderildi
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> KJ
>

-- 
KJ
Blogs and organic groups at http://www.ccie.net