Solved: Re: STP - Page 2

Mlex1 · ‎12-02-2024

Hello, i want to understand How i use this stp commands for me the two options clear.

1. option

spanning-tree portfast edge default

spanning-tree portfast edge bpduguard default

spanning-tree portfast edge bpdufilter default

and i tested bpduguard/bpdufilter on eve-ng active both command globally i didn't see any result, when i connect hacker switch, Hacker SW became root,

priority on hacker sw 0 it's just for test.

here i have some confuse about bpdufilter, how i understand bpdufilter it filter bpdu's?

2. option

Activate both command on interface GigabitEthernet0/2 sw3

interface GigabitEthernet0/2

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

in this case SW1 and HAcker both became root.

SW1#show span

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 32769

Address 500c.0001.0000

This bridge is the root

Atacker(config-if)#do show span

VLAN0001

Spanning tree enabled protocol ieee

Root ID Priority 1

Address 500c.0004.0000

This bridge is the root

3. option

on interface in sw3 gi0/2 configured bpdufilter and guard root

in this case also SW1 and HAcker's sw both became root.

How i choose correct stp configuration for network?

topology

Wish all the best

paul driver · ‎12-05-2024

Hello @MHM Cisco World
When both BPDU-Filter/Guard are are applied to the same interface at interface level, then Filter taking preference IS correct, More so the interface will then NOT process received BPDUs as such bgpu-guard should not shutdown the interface.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎12-05-2024

Not correct' filter prevent interface send bpdu

It dont drop bpdu incoming to interface.

Can I know where you read this ?

MHM

paul driver · ‎12-05-2024

Hello @MHM Cisco World
bpdufilter is negating bpduguard from filtering as it take preference so guard cannot do what it supposed to do.

I am sure if you google it you will find what your looking for, of even lab it up

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Mlex1 · ‎12-03-2024

Interface bpduguard/filter - Filter will ALWAYS take precedence over guard so if bpdus are received then the filtering will occur and no blocking with happen

here i'm agree with MHM bpdufilter will Stops a port from seding BPDUs or processing received BPDUs.

Wish all the best

MHM Cisco World · ‎12-09-2024

Since Mr. @Mlex1 is studying and to provide correct optimal answers' I always re-check and do deep dive for anything I read/write.

@paul driver is correct for this point.

I always check bpdufilter by connect two SW and in both SW config bpdufilter.

But after this post I run different lab using one SW bpdufilter and other normal STP. The result was suprises me.

Detail of lab I will send to @Mlex1 as PM

Thanks to @paul driver for correct me.

MHM

Mlex1 · ‎12-09-2024

ok i'm waiting for detail @MHM Cisco World

Wish all the best