cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1121
Views
0
Helpful
5
Replies

BPDUFilter on a port and STP machine state

Marcin Kurek
Level 1
Level 1

Hi guys,

When configuring BPDUFilter on a port we are effectively  disabling spanning tree because BPDU frames are not being sent and  received.

However, such port is still participating in STP state  machine, sitting 15 sec in Listening and another 15 sec in Learning  state by default.

Is there any specific reason behind this? Why just not enable portfast automatically?

1 Accepted Solution

Accepted Solutions

Peter Paluch
Cisco Employee
Cisco Employee

Marcin,

My personal take on this is to simply not search for too much logic behind this behavior. The BPDUFilter is about stopping sending BPDUs if no BPDUs are received in a certain time and resume sending them if the are received at any time (if configured on a global level) or about stopping sending/receiving BPDUs unconditionally (if configured on an interface level). The PortFast simply declares the port to be an edge port. These two features are independent and should be configurable independently. Even though it may not make much sense for the BPDUFilter to be run without PortFast, it is nonetheless an independent mechanism and Cisco obviously decided to keep it uncoupled from the PortFast feature.

Best regards,

Peter

View solution in original post

5 Replies 5

dominic.caron
Level 5
Level 5

The port configured with bpdufilter will send a few bpdu at link up.  Like you said, this is a dangerous configuration because you are disabling spanning tree. Bpdufilter is usualy used with portfast using the "spanning-tree portfast bpdufilter default" command. If the port receive a bpdu, it revert to a standard STP port and filtering is disable.

Hi Dominic,

Thank you for answering, I do agree with you, however my question still isn't answered - I would like to know why they did it this particular way. Why there isn't any simple macro to type a single command instead of two? Why even bother with configuring portfast if spanning tree is disabled?

You don’t really need two command on every port. The ‘spanning-tree portfast bpdufilter default’ is applied once. After that, if you configure portfast on a port, bpdufilter is also activated. Bpdufilter filter outgoing bpdu, spanning tree is still active. If the port receive a incoming BPDU when in portfast mode, il will disable bpdufilter.

Sometime, you might want to receive BPDU on a portfast port, this is why you can be enable it globally with portfast or on a port to port basis(with or without portfast). I really don’t know why anyone would enable bpdufilter and not portfast.

Peter Paluch
Cisco Employee
Cisco Employee

Marcin,

My personal take on this is to simply not search for too much logic behind this behavior. The BPDUFilter is about stopping sending BPDUs if no BPDUs are received in a certain time and resume sending them if the are received at any time (if configured on a global level) or about stopping sending/receiving BPDUs unconditionally (if configured on an interface level). The PortFast simply declares the port to be an edge port. These two features are independent and should be configurable independently. Even though it may not make much sense for the BPDUFilter to be run without PortFast, it is nonetheless an independent mechanism and Cisco obviously decided to keep it uncoupled from the PortFast feature.

Best regards,

Peter

Hi Peter,

This make sense to me, thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: