Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7423
Views
27
Helpful
9
Replies

BPDU filter

Go to solution
chinpohpang851
Level 1
Level 1

‎02-14-2019 11:54 PM - edited ‎03-08-2019 05:21 PM

After some study, I understand that BPDU filter global command will enable BPDU filter on PortFast enabled ports and stop those ports from send/receive BPDUs. According to Cisco article, if those ports received BPDUs, PortFast will lose it state and go back normal STP transition and BPDU filtering also disabled. So, my question is how does a port receive BPDU when filtering is ON? Isn't it should filtering out all BPDUs and those portfast ports shall remain its state?

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to chinpohpang851

‎02-20-2019 12:45 AM

https://learningnetwork.cisco.com/blogs/vip-perspectives/2016/03/10/advanced-stp-features-portfast-bpdu-guard-and-bpdu-filter

The global configuration is more intricate. Similar to the BPDU Guard feature, the global BPDU Filter is enabled on interfaces in operational PortFast state. In global mode, the switch does not filter incoming BPDUs, but most (though not all) outgoing BPDUs are filtered. When a port comes up, 11 BPDUs are sent out. If BPDUs are received, the PortFast and BPDU Filter features are disabled.

View solution in original post

9 Replies 9

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎02-15-2019 12:59 AM

Hi
In global mode, the switch does not filter incoming BPDU
0 Helpful

Go to solution
chinpohpang851
Level 1
Level 1
In response to Mark Malone

‎02-19-2019 07:56 PM

Then what's the purpose for BPDU filter in global mode?

Go to solution
MUHAMMAD TAYYAB MUNIR
Level 1
Level 1
In response to chinpohpang851

‎02-19-2019 11:38 PM

Hi @chinpohpang851

 

If i designed the network i would not assume, i would know/find out if it is a host or a switch connected, i would not take a gamble. To that end, i still don't see the use of BPDU on a global level.

 

Your answers

You would use it in a switching environment where you want

  • portfast to be enabled to save precious time of hosts coming up

John: Portfast yes and BPDU filter on an interface level yes but not BPDU on a global level.

 

  • no BPDU Guard enabled because you don't want ports to be shutdown.

John: I agree.

 

  • to protect from switching loops that there is always a chance of (for this reason you don't want to use BPDU filter on the interface level)

John: I would have thought it was the reverse of what you say. If i use BPDU on an interface level there is now way i can cause a loop because Portfast is i will not receive or send BPDU's.

 

 

https://learningnetwork.cisco.com/thread/43896

BR

Tayyab

*** Please rate all helpful responses and mark solutions***

Go to solution
MUHAMMAD TAYYAB MUNIR
Level 1
Level 1
In response to chinpohpang851

‎02-19-2019 11:41 PM - edited ‎02-19-2019 11:42 PM

Adding +++

 

Interface mode

spanning-tree bpduguard enable (Puts port in errdisable upon receiving any bpdu).

Global mode

spanning-tree portfast bpduguard default (It enables bpduguard on ports that have port-fast configuration, puts port in errdisable upon receiving a bpdu). 

*** Please rate all helpful responses and mark solutions***

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to chinpohpang851

‎02-20-2019 12:45 AM

https://learningnetwork.cisco.com/blogs/vip-perspectives/2016/03/10/advanced-stp-features-portfast-bpdu-guard-and-bpdu-filter

The global configuration is more intricate. Similar to the BPDU Guard feature, the global BPDU Filter is enabled on interfaces in operational PortFast state. In global mode, the switch does not filter incoming BPDUs, but most (though not all) outgoing BPDUs are filtered. When a port comes up, 11 BPDUs are sent out. If BPDUs are received, the PortFast and BPDU Filter features are disabled.

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to chinpohpang851

‎02-20-2019 04:50 AM

Hi,

BPDU filter disables spanning-tree on a port period. It does this by restricting sending and receiving BPDU’s. Simple enough. When enabled on a global level, BPDU filter will apply to all portfast ports. When a port links up it will transmit some BPDU’s out before the port starts to filter BPDUs.

Remember that if a BPDU is received on a portfast interface, the interface will lose portfast status and because BPDU filtering relies on this it will become disabled.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
Laith9Sky
Level 1
Level 1
In response to chinpohpang851

‎12-12-2021 02:03 AM - edited ‎12-12-2021 02:05 AM

BPDUfilter just filters BPDUs in both directions, which effectively disables STP on the port. Bpdu filter will prevent inbound and outbound bpdu but will remove portfast state on a port if a bpdu is received. Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in spanning-tree loops. So it's basically just to let you know that this access port is connected to a switch and it's not an end user.

 

 

*** Please rate all helpful responses and mark solutions***

0 Helpful

Go to solution
paul driver
VIP
VIP

‎02-20-2019 02:46 AM - edited ‎02-20-2019 02:57 AM

Hello

 

Tested in 802.1d stp:
spanning-tree portfast bpdufilter default (Global - no stp postfast) -listening/learning/forwarding (rouge switch becomes root no filtering occurs)

spanning-tree bpdufilter enable (interface mode - no stp postfast)) -listening/learning/forwarding (rouge switch becomes root no filtering occurs)

 

(global command)
spanning-tree portfast default
spanning-tree portfast bpdufilter default- jumps to forwarding from blocking (rouge switch becomes root no filtering occurs)

spanning-tree portfast bpdufilter default
spanning-tree portfast(interface mode) -jumps to forwarding from blocking (rouge switch becomes root no filtering occurs)

 

spanning-tree portfast default
spanning-tree bpdufilter enable (interface mode) jumps to forwarding from blocking ( keeps root status – bpdu’s are filtered)


spanning-tree portfast – (interface mode)
spanning-tree bpdufilter enable– (interface mode) jumps to forwarding from blocking ( keeps root status –  bpdu’s are filtered)

 

Tested in 802.1w stp:

Portfast - (global)
spanning-tree portfast bpdufilter default (Global) transmits 2x proposals goes into Fwd state - no blocking (rouge switch becomes root no filtering occurs)


Portfast - (global)
spanning-tree bpdufilter enable (interface mode) -initializes port goes straight to fwd state (so looks like bpdu’s are filtered)


spanning-tree portfast (interface)
spanning-tree portfast bpdufilter enable- initializes port goes straight to fwd state (so looks like bpdu’s are filtered)

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
igdston.cisco
Level 1
Level 1
In response to paul driver

‎11-02-2022 07:09 PM - edited ‎11-02-2022 07:39 PM

Hi Paul,

Do you have a insight or result for the following configuration and what the outcome of the logic is?

spanning-tree portfast default [global command]

spanning-tree portfast bpduguard default [global command]

spanning-tree portfast bpdufilter [interface command]

spanning-tree portfast disabled [interface command]

 

Thanks in advance!

- Gladston

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card