04-27-2007 01:28 AM - edited 03-05-2019 03:43 PM
Hi,
If want to set, at configuration global level, BPDU Guard AND BPDU filter enable for stp portfast. Is it a good idea ?
BPDU guard will shutdwon port if BPDU frame is received and with BPDU filter, a swict ports cannot send BPDU frame.
Si, if I do a loop with two ports where BPDU guard and filter enable, I will have a network outage ?
Is it true or not ?
Regards
04-27-2007 04:48 AM
I'm not sure I completely understand your question, but BPDU guard and BPDU Filter can be configured globally or on an individual port, and applies to all non-trunking interfaces where Portfast has been enabled.
So if you're connecting two switches together both with BPDU Guard/Filter enabled and the ports connecting the switches are not configured to be a trunk then neither switch will send or acknowledge BPDU's on the connected ports unless portfast is disabled or BPDU Guard/Filter is turned off on the indiviual ports (I believe thats possible with BPDU Guard/Filter enabled globally.)
Check out this page for a litte more information on BPDU services the commands listed are for the CAT ios though.
HtH
04-27-2007 05:01 AM
In fact, I put these 2 commands globally on 2950. A user takes another switch (Netgear) and connect it twice on the network on portfast ports . So he did a loop and i saw big issue in the lan.
I don't know exactly why ? I tkink that BPDUfilter blocks all bpdu annoucement so BPSDUGard don't shutdown the port ! Is it true ?
Obacati21
04-27-2007 07:25 AM
Does the Netgear switch send / forward BPDU's?
BPDU guard puts a port into errrdisable if it receives a BPDU.
BPDU filter sort of disables STP by not sending or proccessing BPDS's. So if a BPDU is received on a BPDU filter port it will not process it.
Narayan
04-27-2007 08:55 AM
There is really no good reason to use bpdu filter and this will generally create loop issues if you don't know what you are doing. I would recommend using portfast bpdu-guard which would have prevented your loop issue since the Cisco switch would have seen its own BPDU through the netgear (or whatever) hub or switch and err-disabled one or both of the cross-connected ports.
I always recommend the following global commands on an edge switch:
'spanning-tree portfast default'
'spanning-tree portfast bpduguard default'
Please ensure that you have disabled both portfast AND bpduguard on all uplink ports before you enable this globally because unlike what was intimated in an earlier post, portfast and/or bpduguard can trigger on a trunk port before the dot1q trunk actually forms and this could err-disable your uplink port!
In summary, do the following:
conf t
! uplink ports
int range gi0/1-2
spanning-tree portfast disable
spanning-tree bpduguard disable
exit
! global commands
spanning-tree extend system-id
spanning-tree portfast default
spanning-tree portfast bpduguard default
! edge ports
int range fa0/1-48
switchport mode access
default spanning-tree portfast
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide