01-03-2012 11:51 AM - edited 03-07-2019 04:09 AM
Hi guys,
When configuring BPDUFilter on a port we are effectively disabling spanning tree because BPDU frames are not being sent and received.
However, such port is still participating in STP state machine, sitting 15 sec in Listening and another 15 sec in Learning state by default.
Is there any specific reason behind this? Why just not enable portfast automatically?
Solved! Go to Solution.
01-03-2012 01:46 PM
Marcin,
My personal take on this is to simply not search for too much logic behind this behavior. The BPDUFilter is about stopping sending BPDUs if no BPDUs are received in a certain time and resume sending them if the are received at any time (if configured on a global level) or about stopping sending/receiving BPDUs unconditionally (if configured on an interface level). The PortFast simply declares the port to be an edge port. These two features are independent and should be configurable independently. Even though it may not make much sense for the BPDUFilter to be run without PortFast, it is nonetheless an independent mechanism and Cisco obviously decided to keep it uncoupled from the PortFast feature.
Best regards,
Peter
01-03-2012 12:44 PM
The port configured with bpdufilter will send a few bpdu at link up. Like you said, this is a dangerous configuration because you are disabling spanning tree. Bpdufilter is usualy used with portfast using the "spanning-tree portfast bpdufilter default" command. If the port receive a bpdu, it revert to a standard STP port and filtering is disable.
01-03-2012 12:52 PM
Hi Dominic,
Thank you for answering, I do agree with you, however my question still isn't answered - I would like to know why they did it this particular way. Why there isn't any simple macro to type a single command instead of two? Why even bother with configuring portfast if spanning tree is disabled?
01-03-2012 01:05 PM
You don’t really need two command on every port. The ‘spanning-tree portfast bpdufilter default’ is applied once. After that, if you configure portfast on a port, bpdufilter is also activated. Bpdufilter filter outgoing bpdu, spanning tree is still active. If the port receive a incoming BPDU when in portfast mode, il will disable bpdufilter.
Sometime, you might want to receive BPDU on a portfast port, this is why you can be enable it globally with portfast or on a port to port basis(with or without portfast). I really don’t know why anyone would enable bpdufilter and not portfast.
01-03-2012 01:46 PM
Marcin,
My personal take on this is to simply not search for too much logic behind this behavior. The BPDUFilter is about stopping sending BPDUs if no BPDUs are received in a certain time and resume sending them if the are received at any time (if configured on a global level) or about stopping sending/receiving BPDUs unconditionally (if configured on an interface level). The PortFast simply declares the port to be an edge port. These two features are independent and should be configurable independently. Even though it may not make much sense for the BPDUFilter to be run without PortFast, it is nonetheless an independent mechanism and Cisco obviously decided to keep it uncoupled from the PortFast feature.
Best regards,
Peter
01-05-2012 11:31 PM
Hi Peter,
This make sense to me, thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide