05-12-2012 02:56 AM - edited 03-07-2019 06:39 AM
What might be a real scenario bpdufilter may be configured.
I have seen may notes saying configuring it will cause spanning tree loop? how will that be created?
another note, considering the topology sw1 ---- sw2 , having a single connect in between, will disabling spanning tree here, cause any loops?
tks
05-12-2012 03:57 AM
Of course using BPDUfilter does not lead to STP loop immediately in any topology. In fact you have a risk only when you have redundant links and STP is used to ensure loop-free topology. Here BPDUfilter influences STP behavior and you may get a loop.
Real scenario for BPDUfilter might be in a situation when you are connecting you network to ISP (or any other network) with a switchport. There may be many reasons to do that. Here you need to be sure that your ISP's STP topology (if any exists) does not interfere with yours.
05-12-2012 02:19 PM
Thanks for that. I was looking for an SP scenario too...so in such a scenario where you have a customer switch directly connecting with say the provider LAN Switch with DUAL UPLINKS, as an extension of a COLO service...
i dont think this is a choice for bpdu filter.. my objective is to prevent the customer switch being part of service provider
Spanning tree calculation or influence the SP SPT in any way...
if we cannot use bpdufilter in such a case, then wat would be a recommened choice..
Thanks
05-12-2012 03:02 PM
Hello Ven,
Would perhaps the Flex Link functionality be the answer here? Flex Links are essentially pairs of active/backup links with no STP running on them. If the active link fails, the backup link immediately replaces it.
Read more about the functionality here:
If this feature is not what you are looking for then the only other protection mechanism coming to my mind is the BPDU Root Guard filter. It won't prevent the customer's switch to be totally cut off the SP's STP - it will still participate in the STP - but it will not be allowed to become the root switch for any VLAN. With judicious bridge priority settings in the SP network, no STP recalculations in the customer's network will influence the SP network, and if the customer changes its bridge priorities so that they beat even the SP's root bridge prirority, the Root Guard will prevent the customer from actually becoming the root bridge.
Best regards,
Peter
05-16-2012 04:21 AM
Thanks Sergey, Peter,
Is there a documentation you can point me to...which explain about cause of loop when disabling bpdu filter?
Thanks
05-16-2012 05:00 AM
I'm sure you can find it in any Cisco switching guide (see http://www.informit.com/library/library.aspx?b=CCNP_Studies_Switching book for example).
It is very very simple in it's basis. If you have some (three for example) switches in a ring-fashion topology, STP will detect a loop and bring ONE of ports on ONE of switches to BLOCKED state. This is due to this switch hears ROOT BPDUs on different ports simultaneously. Let's not discuss which switch and which port it would be and how to calculate costs/priorities etc.
But if you enable BPDU filter ANYWHERE inside the ring, every switch will see ROOT BPDUs only from one direction. And will not block any port. STP will not see loop, but loop will be here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide