RE: bpdufilter and bpduguard

Are you suggesting

!
 spanning-tree portfast bpduguard default <--
 !
 interface GigabitEthernet1/0/38
  switchport access vlan 10
  switchport mode access
  spanning-tree portfast
  spanning-tree bpdufilter enable <--
 !

instead of

!
 spanning-tree portfast bpdufilter default <--
 !
 interface GigabitEthernet1/0/38
  switchport access vlan 10
  switchport mode access
  spanning-tree portfast
  spanning-tree bpduguard enable <--
 !

> From: chris_at_cwproctor.net
> Subject: RE: bpdufilter and bpduguard
> Date: Tue, 1 Mar 2011 14:23:27 -0500
> To: ebay_products_at_hotmail.com; patrick.laidlaw_at_wwt.com;
ccielab_at_groupstudy.com
>
> Be careful. My little study group tested this and in all cases we tried
bpdufilter trumped guard. This terminated the spanning tree domain (or split
it) and permitted the formation of undetected loops.
>
>
>
> -----Original Message-----
> From: Cisco Fanatic <ebay_products_at_hotmail.com>
> Sent: March 01, 2011 2:15 PM
> To: patrick.laidlaw_at_wwt.com; ccielab_at_groupstudy.com
> Subject: RE: bpdufilter and bpduguard
>
> We have 2 stack able switches connected to a hosting service provider.
> Someone tried to connect to one of the switches and we are trying to put
> some best practice in place to avoid this.
>
> > From: Patrick.Laidlaw_at_wwt.com
> > To: ebay_products_at_hotmail.com; ccielab_at_groupstudy.com
> > Date: Tue, 1 Mar 2011 12:57:59 -0600
> > Subject: RE: bpdufilter and bpduguard
> >
> > Yuri,
> >
> > What is your goal in using these configurations? Answer us that before
we
> give you recommendations. What is the scenario that dictates the need for
> these features.
> >
> > IE bpdufilter I would use if connecting to a service provider.
> > IE bpduguard I would use out to end user workstations that I want to
ensure
> there not placing a hub or switch or to protect from the infamous user
> plugging both ports of an ipphone into the wall jacks.
> >
> > Patrick
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Cisco Fanatic
> > Sent: Tuesday, March 01, 2011 10:46 AM
> > To: ccielab_at_groupstudy.com
> > Subject: bpdufilter and bpduguard
> >
> > This might have been asked multiple times. I understand the differences,
> but
> > could not really convenience myself is what recommendation should I
follow
> >
> > !
> > interface GigabitEthernet1/0/38
> > switchport access vlan 10
> > switchport mode access
> > spanning-tree portfast
> > spanning-tree bpdufilter enable
> > spanning-tree bpduguard enable
> > !
> >
> > Or,
> > !
> > spanning-tree portfast bpdufilter default
> > !
> > interface GigabitEthernet1/0/38
> > switchport access vlan 10
> > switchport mode access
> > spanning-tree portfast
> > spanning-tree bpduguard enable
> > !
> >
> > The second option looks promising to me as bpduguard will take precedence
> and
> > will put the port in err-disable state before BPDUFilter can transition
the
> > port back to normal.
> >
> > -Yuri
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http
>
> [The entire original message is not included]
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Mar 01 2011 - 11:43:47 ART