cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
318
Views
10
Helpful
7
Replies
Beginner

BPDU filter

After some study, I understand that BPDU filter global command will enable BPDU filter on PortFast enabled ports and stop those ports from send/receive BPDUs. According to Cisco article, if those ports received BPDUs, PortFast will lose it state and go back normal STP transition and BPDU filtering also disabled. So, my question is how does a port receive BPDU when filtering is ON? Isn't it should filtering out all BPDUs and those portfast ports shall remain its state?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Re: BPDU filter

https://learningnetwork.cisco.com/blogs/vip-perspectives/2016/03/10/advanced-stp-features-portfast-bpdu-guard-and-bpdu-filter

The global configuration is more intricate. Similar to the BPDU Guard feature, the global BPDU Filter is enabled on interfaces in operational PortFast state. In global mode, the switch does not filter incoming BPDUs, but most (though not all) outgoing BPDUs are filtered. When a port comes up, 11 BPDUs are sent out. If BPDUs are received, the PortFast and BPDU Filter features are disabled.
7 REPLIES 7
VIP Mentor

Re: BPDU filter

Hi
In global mode, the switch does not filter incoming BPDU
Beginner

Re: BPDU filter

Then what's the purpose for BPDU filter in global mode?
Beginner

Re: BPDU filter

Hi @chinpohpang851

 

If i designed the network i would not assume, i would know/find out if it is a host or a switch connected, i would not take a gamble. To that end, i still don't see the use of BPDU on a global level.

 

Your answers

You would use it in a switching environment where you want

  • portfast to be enabled to save precious time of hosts coming up

John: Portfast yes and BPDU filter on an interface level yes but not BPDU on a global level.

 

  • no BPDU Guard enabled because you don't want ports to be shutdown.

John: I agree.

 

  • to protect from switching loops that there is always a chance of (for this reason you don't want to use BPDU filter on the interface level)

John: I would have thought it was the reverse of what you say. If i use BPDU on an interface level there is now way i can cause a loop because Portfast is i will not receive or send BPDU's.

 

 

https://learningnetwork.cisco.com/thread/43896

BR

Tayyab

*** Please rate all helpful responses and mark solutions***
Highlighted
Beginner

Re: BPDU filter

Adding +++

 

Interface mode

spanning-tree bpduguard enable (Puts port in errdisable upon receiving any bpdu).

Global mode

spanning-tree portfast bpduguard default (It enables bpduguard on ports that have port-fast configuration, puts port in errdisable upon receiving a bpdu). 

*** Please rate all helpful responses and mark solutions***
VIP Mentor

Re: BPDU filter

https://learningnetwork.cisco.com/blogs/vip-perspectives/2016/03/10/advanced-stp-features-portfast-bpdu-guard-and-bpdu-filter

The global configuration is more intricate. Similar to the BPDU Guard feature, the global BPDU Filter is enabled on interfaces in operational PortFast state. In global mode, the switch does not filter incoming BPDUs, but most (though not all) outgoing BPDUs are filtered. When a port comes up, 11 BPDUs are sent out. If BPDUs are received, the PortFast and BPDU Filter features are disabled.
VIP Engager

Re: BPDU filter

Hi,

BPDU filter disables spanning-tree on a port period. It does this by restricting sending and receiving BPDU’s. Simple enough. When enabled on a global level, BPDU filter will apply to all portfast ports. When a port links up it will transmit some BPDU’s out before the port starts to filter BPDUs.

Remember that if a BPDU is received on a portfast interface, the interface will lose portfast status and because BPDU filtering relies on this it will become disabled.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Resume duty after a long holiday
VIP Advisor

Re: BPDU filter

Hello

 

Tested in 802.1d stp:
spanning-tree portfast bpdufilter default (Global - no stp postfast) -listening/learning/forwarding (rouge switch becomes root no filtering occurs)

spanning-tree bpdufilter enable (interface mode - no stp postfast)) -listening/learning/forwarding (rouge switch becomes root no filtering occurs)

 

(global command)
spanning-tree portfast default
spanning-tree portfast bpdufilter default- jumps to forwarding from blocking (rouge switch becomes root no filtering occurs)

spanning-tree portfast bpdufilter default
spanning-tree portfast(interface mode) -jumps to forwarding from blocking (rouge switch becomes root no filtering occurs)

 

spanning-tree portfast default
spanning-tree bpdufilter enable (interface mode) jumps to forwarding from blocking ( keeps root status – bpdu’s are filtered)


spanning-tree portfast – (interface mode)
spanning-tree bpdufilter enable– (interface mode) jumps to forwarding from blocking ( keeps root status –  bpdu’s are filtered)

 

Tested in 802.1w stp:

Portfast - (global)
spanning-tree portfast bpdufilter default (Global) transmits 2x proposals goes into Fwd state - no blocking (rouge switch becomes root no filtering occurs)


Portfast - (global)
spanning-tree bpdufilter enable (interface mode) -initializes port goes straight to fwd state (so looks like bpdu’s are filtered)


spanning-tree portfast (interface)
spanning-tree portfast bpdufilter enable- initializes port goes straight to fwd state (so looks like bpdu’s are filtered)

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards