Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
2
Helpful
9
Replies

BPDU Guard + BPDU Filter = no chance for loop detection?

a1111
Level 1
Level 1

‎02-16-2025 06:55 AM

Hello,

If you enable BPDU Guard and BPDU Filter on an interface, then how does your switch detect an unmanaged switch?

Because if only BPDU Guard is enabled, and the unmanaged switch has two of its interfaces connected, then your switch's BPDUs circle back to itself. That's because your switch sends out BPDUs towards the unmanaged switch, and the unmanaged switch sends those BPDUs out all of its other ports, which then send it back via the port that's connected to your switch.

But with BPDU Filter, your managed switch doesn't send any BPDUs, which means there's no chance that they can circle back to your managed switch. Which means it can't detect the loop.

Thanks!

Labels:
0 Helpful
9 Replies 9

MHM Cisco World
VIP
VIP

‎02-16-2025 07:02 AM

That why you must never never use bpdu filter when connect two SW via two link' 

Control plane can not detect loop because of bpdu filter and ypur network will be crash due to l2 storm.

Only one case we use bpdu filter between two SW when there is only one link.

MHM

a1111
Level 1
Level 1
In response to MHM Cisco World

‎02-16-2025 07:13 AM

Thank you for the quick response!

I wonder what you think about this use case for BPDU Filter:

Two switches from two different companies are connected directly. Both companies want to have their separate STP topologies. Normally, that's not possible, because the switches will keep sending BPDUs to each other.

So, if you enable BPDU Filter, none of the two switches send any BPDUs to the other switch. Which means their STP topologies will remain unchanged.

What do you think? I recall reading about this somewhere, but I haven't saved the source unfortunately.

0 Helpful

MHM Cisco World
VIP
VIP
In response to a1111

‎02-16-2025 07:17 AM

You can use bpdu filter in case 

There is one link.

Why? With one link there is no l2 loop' 

When one SW receive broadcast it never re-send again via same interface it receive from' this make ypu safety apply bpdu filter abd isolate stp domain in both groups.

MHM

paul driver
VIP
VIP
In response to MHM Cisco World

‎02-16-2025 07:55 AM

Hello @MHM Cisco World 
Bpdu-filter CAN be used in a switch with multiple links to another switch

globally it works with portfast interfaces and you would not have PF on trunks interconnections towards other switchs 
At an interface level is works independently without PF as such it can be decremental on trunks towards other switches as it WILL filter stp and possibly cause loops


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP
In response to paul driver

‎02-16-2025 08:02 AM

Loop from where ?

Loop need two link between two SW' I clearly mention one link.

Please read my comment' this last time I reply to you.

MHM

0 Helpful

paul driver
VIP
VIP
In response to MHM Cisco World

‎02-16-2025 08:10 AM

Hello
@MHM Cisco World  wrote:
That why you must never never use bpdu filter when connect two SW via two link' 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP
In response to paul driver

‎02-16-2025 08:13 AM

That why you must never never use bpdu filter when connect two SW via two link'  <<- you not see this words ??

I have little time and you waste it.

Dont mention me anymore' reply to OP directly.

MHM

0 Helpful

paul driver
VIP
VIP

‎02-16-2025 07:36 AM

Hello
bpdu-filter works well with guard at a global level -however  when applied at an interface level it will take precedence over guard as such guard isn’t even used which would result in the filtering of bpdus which could potentially cause loops in your network 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Joshqun Ismayilov
Level 1
Level 1

‎02-16-2025 08:50 AM

Hello,

First of all, you need to manage your network, / 
If you do not want to face any issues on your network / you need to disable DTP and shut all unused ports / if the port is an access port you can enable port-sec (max 2 or 3 MAC addresses allowed). 
If you want to learn how it will work at STP /, you can also use Port Guard (or UDLD ).

Thanks!


0 Helpful
Customers Also Viewed These Support Documents