Overview Of Bpdu Guard; Overview Of Portfast Bpdu Filtering - Cisco 4500M Software Manual
Software guide
Hide thumbs
Also See for 4500M:
- Command reference manual (578 pages) ,
- Hardware installation and maintenance manual (143 pages) ,
- Upgrade manual (24 pages)
Table of Contents
Advertisement
Overview of BPDU Guard
Because the purpose of PortFast is to minimize the time that access ports must wait for spanning tree to
Note
converge, it is most effective when used on access ports. If you enable PortFast on a port connecting to
another switch, you risk creating a spanning tree loop.
Overview of BPDU Guard
Spanning Tree BPDU guard shuts down PortFast-configured interfaces that receive BPDUs, rather than
putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured
interfaces do not receive BPDUs. Reception of a BPDU by a PortFast-configured interface signals an
invalid configuration, such as connection of an unauthorized device. BPDU guard provides a secure
response to invalid configurations, because the administrator must manually put the interface back in
service.
When the BPDU guard feature is enabled, spanning tree applies the BPDU guard feature to all
Note
PortFast-configured interfaces.
Overview of PortFast BPDU Filtering
Cisco IOS Release 12.2(25)EW and later support PortFast BPDU filtering, which allows the
administrator to prevent the system from sending or even receiving BPDUs on specified ports.
When configured globally, PortFast BPDU filtering applies to all operational PortFast ports. Ports in an
operational PortFast state are supposed to be connected to hosts that typically drop BPDUs. If an
operational PortFast port receives a BPDU, it immediately loses its operational PortFast status. In that
case, PortFast BPDU filtering is disabled on this port and STP resumes sending BPDUs on this port.
PortFast BPDU filtering can also be configured on a per-port basis. When PortFast BPDU filtering is
explicitly configured on a port, it does not send any BPDUs and drops all BPDUs it receives.
Explicitly configuring PortFast BPDU filtering on a port that is not connected to a host can result in
Caution
bridging loops, because the port will ignore any BPDU it receives and go to the forwarding state.
When you enable PortFast BPDU filtering globally and set the port configuration as the default for
PortFast BPDU filtering (see the
enables or disables PortFast BPDU filtering.
If the port configuration is not set to default, then the PortFast configuration will not affect PortFast
BPDU filtering.
filtering allows access ports to move directly to the forwarding state as soon as the end hosts are
connected.
Software Configuration Guide—Release 12.2(25)EW
15-4
"Enabling PortFast BPDU Filtering" section on page
Table 15-1
lists all the possible PortFast BPDU filtering combinations. PortFast BPDU
Chapter 15
Configuring STP Features
15-12), PortFast
OL-6696-01
Advertisement
Table of Contents
