Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1543
Views
13
Helpful
5
Replies

bpdufilter just between two switches with loop free single link in between

venccie777
Level 1
Level 1

‎05-12-2012 02:56 AM - edited ‎03-07-2019 06:39 AM

What might be a real scenario  bpdufilter may be configured.

I have seen may notes saying configuring it will cause spanning tree loop? how will that be created?

another note, considering  the topology sw1 ---- sw2 , having a single connect in between, will disabling spanning tree here, cause any loops?

tks

Labels:
0 Helpful
5 Replies 5

Sergey Fer
Level 1
Level 1

‎05-12-2012 03:57 AM

Of course using BPDUfilter does not lead to STP loop immediately in any topology. In fact you have a risk only when you have redundant links and STP is used to ensure loop-free topology. Here BPDUfilter influences STP behavior and you may get a loop.

Real scenario for BPDUfilter might be in a situation when you are connecting you network to ISP (or any other network) with a switchport. There may be many reasons to do that. Here you need to be sure that your ISP's STP topology (if any exists) does not interfere with yours.

venccie777
Level 1
Level 1
In response to Sergey Fer

‎05-12-2012 02:19 PM

Thanks for that. I was looking for an SP scenario too...so in such a scenario where you have  a customer switch directly connecting with say the provider LAN Switch  with DUAL UPLINKS, as an extension of a COLO service...

i dont think this is a choice for bpdu filter.. my objective is to prevent the customer switch being part of service provider

Spanning tree calculation or influence the SP  SPT in any way...

if we cannot use bpdufilter in such a case, then wat would be a recommened choice..

Thanks

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to venccie777

‎05-12-2012 03:02 PM

Hello Ven,

Would perhaps the Flex Link functionality be the answer here? Flex Links are essentially pairs of active/backup links with no STP running on them. If the active link fails, the backup link immediately replaces it.

Read more about the functionality here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_58_se/configuration/guide/swflink.html

If this feature is not what you are looking for then the only other protection mechanism coming to my mind is the BPDU Root Guard filter. It won't prevent the customer's switch to be totally cut off the SP's STP - it will still participate in the STP - but it will not be allowed to become the root switch for any VLAN. With judicious bridge priority settings in the SP network, no STP recalculations in the customer's network will influence the SP network, and if the customer changes its bridge priorities so that they beat even the SP's root bridge prirority, the Root Guard will prevent the customer from actually becoming the root bridge.

Best regards,

Peter

venccie777
Level 1
Level 1
In response to Peter Paluch

‎05-16-2012 04:21 AM

Thanks Sergey, Peter,

Is there a documentation you can point me to...which explain about cause of loop when disabling bpdu filter?

Thanks

0 Helpful

Sergey Fer
Level 1
Level 1
In response to venccie777

‎05-16-2012 05:00 AM

I'm sure you can find it in any Cisco switching guide (see http://www.informit.com/library/library.aspx?b=CCNP_Studies_Switching book for example).

It is very very simple in it's basis. If you have some (three for example) switches in a ring-fashion topology, STP will detect a loop and bring ONE of ports on ONE of switches to BLOCKED state. This is due to this switch hears ROOT BPDUs on different ports simultaneously. Let's not discuss which switch and which port it would be and how to calculate costs/priorities etc.

But if you enable BPDU filter ANYWHERE inside the ring, every switch will see ROOT BPDUs only from one direction. And will not block any port. STP will not see loop, but loop will be here.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card