Yuri,
What is your goal in using these configurations? Answer us that before we give you recommendations. What is the scenario that dictates the need for these features.
IE bpdufilter I would use if connecting to a service provider.
IE bpduguard I would use out to end user workstations that I want to ensure there not placing a hub or switch or to protect from the infamous user plugging both ports of an ipphone into the wall jacks.
Patrick
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Cisco Fanatic
Sent: Tuesday, March 01, 2011 10:46 AM
To: ccielab_at_groupstudy.com
Subject: bpdufilter and bpduguard
This might have been asked multiple times. I understand the differences, but
could not really convenience myself is what recommendation should I follow
!
interface GigabitEthernet1/0/38
switchport access vlan 10
switchport mode access
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
Or,
!
spanning-tree portfast bpdufilter default
!
interface GigabitEthernet1/0/38
switchport access vlan 10
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
The second option looks promising to me as bpduguard will take precedence and
will put the port in err-disable state before BPDUFilter can transition the
port back to normal.
-Yuri
Blogs and organic groups at http://www.ccie.net
Received on Tue Mar 01 2011 - 12:57:59 ART
This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART