Filter would drop the bpdu frames, guard is where you do not want any bpdu's i.e rogue switch and enforcement of your root bridge.
I would think having both on, then it would go into inconsistent state, but I'm not near a switch what happened when you tried?
-- BR Tony Sent from my iPhone on 3 On 3 Dec 2012, at 15:34, Tauseef Khan <tasneemjan_at_googlemail.com> wrote: > I know Anthony Sequeira has expalined it beautifully on the blog but > appreciate if someone could clarify. > If I have spanntree portfast bpdugurad enabled globally which in-effect > will apply to all access ports and will err-disable any accessports if it > sees an ingress BPDU. Now I enable "spanntree bpdufilter enable" interface > config commands on one of the access port interfaces with "spanning-tree > portfast default" globally configured, which action will take precedence. > ie port will be err-disable or will lose its host status on receipt of > BPDUs. Also what is the best practice in this scenario. disbale the > bpdugurad (spanningtree bpduguard disable) on the interface level before > enabling bpdufilter (spanntree bpdufilter enable) or both actions can > coexist..... > Thanks in advance > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Mon Dec 03 2012 - 15:56:22 ART
This archive was generated by hypermail 2.2.0 : Tue Jan 01 2013 - 09:36:53 ART