Friday 10 February 2017

STP-BPDU GAURD AND BPDU FLITER

BPDU Guard:
Recall STP PortFast feature ,which allows a switch port to bypass the usual progression of STP states. However, PortFast does not disable STP on a port - it merely accelerates STP convergence. However, a PortFast-enabled port will still accept BPDUs.

PortFast should only be enabled on ports connected to a host[Access Ports]. If enabled on a port connecting to a switch, any loop may result in a broadcast storm.

To prevent such a scenario, BPDU Guard can be used in conjunction with PortFast. Under normal circumstances, a port with PortFast enabled should never receive a BPDU, as it is intended only for hosts.

BPDU Guard will place a port in an errdisable state if a BPDU is received, regardless if the BPDU is superior or inferior. The STP topology will not be impacted by another switch that is inadvertently connected to that port.

BPDU Guard is used in conjunction with PortFast which when enabled puts the portfast enabled port into "Error DisableD" state on receipt of BPDU

BPDU Guard Configuration
  • To enable BPDU guard globally, use the command:
               spanning-tree portfast bpduguard default
  • To enable BPDU guard on a port, use the command:

               spanning-tree bpduguard enable


BPDU FILTER:
BPDU Filter prevents BPDUs from being sent out a port, and must be enabled in conjunction with PortFast.

If a BPDU is received on a port, BPDU Filtering will react one of two ways, depending on how it was configured.
        If filtering is enabled globally, a received BPDU will disable PortFast on the port. The port will then transition normally through the STP process.
        If filtering is enabled on a per-interface basis, a received BPDU is ignored.

Great care must be taken when manually enabling BPDU Filtering on a port. Because the port will ignore a received BPDU, STP is essentially disabled.

The port will neither be err-disabled nor progress through the STP process, and thus the port is susceptible to loops.

NOTE: If BPDU Filtering is enabled globally, it will only apply to PortFast ports:

Switch(config)# spanning-tree portfast bpdufilter default
To enable BPDU Filtering on a per-interface basis:
Switch(config)# interface gi1/15
Switch(config-if)# spanning-tree bpdufilter enable

For more detailed reference refer to the below links and below vedios help in quick understanding of both BPDU GAURD AND BPDU FILTER.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html

http://swavijay.blogspot.in/2012/06/bpdu-guard-walk-through.html







Posted by at
Labels:

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)