Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1205
Views
5
Helpful
2
Replies

Questions About Spanning Tree Security

douglasrafaribeiro07738
Level 1
Level 1

‎09-21-2020 09:31 AM

Hello guys, I'm doing some studies on Loop Guard, BPDU Guard, BPDU Filter and Root Guard. I want to confirm with you if I understood all the functions correctly, below an explanation of each one:

 

Loop Guard: active on root ports and in a block state, does this prevent that in case of software failure of any switch the port in the block state changes to pass traffic, causing the network to loop? I say in case of any switch in software failure do not send more bpdu.

 

Root Guard:Active on the switch that is the root bridge to protect him from not receiving bpdu with lower priorities than his and thus losing the right to Root Bridge. Active in all its doors. It can be active on a backup switch, except on the port that interconnects with Root Bridge.

 

BPDU Guard:Active on ports where end devices are connected, that is, this port must not send BPDU, if sending BPDU Guard it will turn off the port. Great case so you don't have a bpdu attack or someone connect another switch to "edge" or "fastport" ports.

 

BPDU Filter: What I'm having more difficulty with, I believe that its general use would be to say interconnect two buildings, and let the Spanning trees of each building work separately, that is, a root bridge in each building, and the door that connects them, activate the BPDU Filter so that you just drop the BPDUs and don't turn off the door. I can't imagine another scenario for him.

 

So, here is what I understood, I would really like your help, if everything is right, just confirm, but if not, please correct me, and if you have other scenarios better to apply, please let me know . Thank you very much.

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎09-21-2020 09:42 AM

your understand and learning path is good to know all.  here is the most terms addressed already :

 

https://community.cisco.com/t5/switching/spanning-tree-terminology-question-s/m-p/1632206

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Seb Rupik
VIP Alumni
VIP Alumni

‎09-22-2020 12:46 AM

Hi there,

A good use case for bpdu filter is when you have two distinct network topologies connected via a layer 2 link. By applying the filter on the link it allows you two construct two separate STP domains with unique root bridges. This would allow you to place the root  bridges in the core of the networks and not have tree converge around the layer 2 link potential creating a inefficient topology.

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card