07-04-2022 10:20 PM
Hi, I am new to networking. Can someone help me with these queries? Thank you in advance.
What are the cons of BPDU protection?
What are the reasons when BPDU changes a port to a shutdown state?
And lastly, If BPDU changes a port to a shutdown state, will the switch get that port's MAC?
07-04-2022 10:36 PM
check below
basic and configurations - https://www.omnisecu.com/ccna-security/what-is-bpdu-guard-and-how-to-configure-bpdu-guard-in-cisco-switches.php
explanations - https://community.cisco.com/t5/switching/advantage-disadvantages-of-bpdu-guard-with-portfast-enabled/td-p/960113
07-04-2022 11:28 PM
@Kasun Bandara wrote:check below
basic and configurations - https://www.omnisecu.com/ccna-security/what-is-bpdu-guard-and-how-to-configure-bpdu-guard-in-cisco-switches.php
explanations - https://community.cisco.com/t5/switching/advantage-disadvantages-of-bpdu-guard-with-portfast-enabled/td-p/960113
I have read this blog. But i want to know more about cons of BPDU. Can you provide some?
07-05-2022 03:59 PM
the Cisco SW have control plane and Data Plane
now before the Data Plane enter in L2 Loop the control must detect it and if there is L2 LOOP then the port Shut Down before the SW learn mack and Data Plane forward traffic and form L2 LOOP.
now for control plane detect L2 LOOP we need some message and this message is BPDU,
BPDU guard detect if port which is not suppose to receive BPDU receive any BPDU then this port will go to err-disable and this protect the data plane form L2 LOOP.
07-04-2022 10:58 PM
@milandangol57 wrote:
What are the cons of BPDU protection?
When there are many ports disabled due to BPDU Guard.
@milandangol57 wrote:
What are the reasons when BPDU changes a port to a shutdown state?
BPDU Guard is enabled.
@milandangol57 wrote:
If BPDU changes a port to a shutdown state, will the switch get that port's MAC?
No, because the port is in error-disable.
07-04-2022 11:26 PM
@Leo Laohoo wrote:
@milandangol57 wrote:What are the cons of BPDU protection?
When there are many ports disabled due to BPDU Guard.
Can you please elaborate on this part?
07-05-2022 08:46 AM
What are the cons of BPDU protection?
It's more benefits than cons, i.e. having BPDU Guard enabled will help to avoid layer 2 loops by preventing 2 ports of a Switch from being looped when connecting a cable between them (if it happens that both ports have portfast configured). It will also help prevent if somebody tries to connect a Switch to a port in which you expect to have only end devices connected (PC, Phone+PC).
I guess it is more like, the con is not to have BPDU Guard enabled, because if you don't have it then you open the port for potential issues that can extend beyond the port (i.e. a layer 2 loop can happen between 2 ports with portfast and your Switch/network goes down, or for example, a rogue Switch is connected to your Switch and then that rogue Switch can participate in STP and force itself to be the STP root which then opens another can of worms for network instability and potential attacks to your infrastructure).
A typical usage of BPDU Guard is on your access mode ports to which you will connect end devices and the port has STP portfast enabled, like this:
! interface gigabitEthernet 1/0/1 description PHONE-AND-PC switchport access vlan 10 switchport mode access switchport voice vlan 20 load-interval 30 spanning-tree portfast spanning-tree bpduguard enable !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide