cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
230
Views
15
Helpful
6
Replies

BPDU PROTECTION

milandangol57
Beginner
Beginner

Hi, I am new to networking. Can someone help me with these queries? Thank you in advance.

What are the cons of BPDU protection?

What are the reasons when BPDU changes a port to a shutdown state?

And lastly, If BPDU changes a port to a shutdown state, will the switch get that port's MAC?

6 Replies 6

Kasun Bandara
VIP Advocate VIP Advocate
VIP Advocate

the Cisco SW have control plane and Data Plane
now before the Data Plane enter in L2 Loop the control must detect it and if there is L2 LOOP then the port Shut Down before the SW learn mack and Data Plane forward traffic and form L2 LOOP.

now for control plane detect L2 LOOP we need some message and this message is BPDU, 

BPDU guard detect if port which is not suppose to receive BPDU receive any BPDU then this port will go to err-disable and this protect the data plane form L2 LOOP.

Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend

@milandangol57 wrote:

What are the cons of BPDU protection?


When there are many ports disabled due to BPDU Guard. 


@milandangol57 wrote:

What are the reasons when BPDU changes a port to a shutdown state?


BPDU Guard is enabled. 


@milandangol57 wrote:

If BPDU changes a port to a shutdown state, will the switch get that port's MAC?


No, because the port is in error-disable.  


@Leo Laohoo wrote:

@milandangol57 wrote:

What are the cons of BPDU protection?


When there are many ports disabled due to BPDU Guard. 

Can you please elaborate on this part?

lagerplane
Beginner
Beginner

What are the cons of BPDU protection?

It's more benefits than cons, i.e. having BPDU Guard enabled will help to avoid layer 2 loops by preventing 2 ports of a Switch from being looped when connecting a cable between them (if it happens that both ports have portfast configured). It will also help prevent if somebody tries to connect a Switch to a port in which you expect to have only end devices connected (PC, Phone+PC).

I guess it is more like, the con is not to have BPDU Guard enabled, because if you don't have it then you open the port for potential issues that can extend beyond the port (i.e. a layer 2 loop can happen between 2 ports with portfast and your Switch/network goes down, or for example, a rogue Switch is connected to your Switch and then that rogue Switch can participate in STP and force itself to be the STP root which then opens another can of worms for network instability and potential attacks to your infrastructure).

A typical usage of BPDU Guard is on your access mode ports to which you will connect end devices and the port has STP portfast enabled, like this:

!
interface gigabitEthernet 1/0/1
 description PHONE-AND-PC
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 load-interval 30
 spanning-tree portfast
 spanning-tree bpduguard enable
!

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers