This is going to be final part of the Advanced STP Features video series. This video will focus on BPDU Filter. I have already covered PortFast and BPDU Guard in previous posts.
BPDU Filter prevents specified ports from sending or receiving BPDUs. That is the gist of it but the feature operates differently depending on how it is configured.
There are two methods to configure this feature: globally (spanning-tree portfast bpdufilter default) and per interface (spanning-tree bpdufilter enable).
The interface configuration filters both incoming and outgoing BPDUs unconditionally – independent of the operational PortFast state or access/trunk mode. This is effectively the equivalent of turning off STP.
NOTE: The key word to stress here is *effectively* but not actually. Spanning Tree is still running on the interface and if you would disable and then re-enable the port, it would go through the Spanning Tree states.
This can be very dangerous because a permanent loop can easily be created. Interestingly enough, IOS does not display a warning message when this command is applied. Comparing this to PortFast, enabling PortFast on the wrong interface, which can also cause a temporary loop, is not nearly as risky as BDPU Filter yet oddly IOS considers that significant enough to inform the administrator. In other words, you get a warning for enabling PortFast but no warning for enabling BPDU Filter, which is much more dangerous.
The global BPDU Filter configuration is more intricate. Similar to the BPDU Guard feature, the global BPDU Filter is enabled on interfaces in operational PortFast state. In global mode, the switch does not filter incoming BPDUs, but most (though not all) outgoing BPDUs are filtered. When a port comes up, 11 BPDUs are sent out. If BPDUs are received, the PortFast and BPDU Filter features are disabled.
As a summary, here are the most important take-aways from this video:
- BPDU Filter prevents specified ports from sending or receiving BPDUs.
- BPDU Filter (interface configuration) effectively, but not actually, turns off Spanning Tree.
- BPDU Filter operates differently depending on how it is configured.
- There are two ways to configure BPDU Guard: globally or per interface.
- BPDU Filter interface mode is independent and unconditional. All incoming and outgoing BPDUs are filtered.
- BPDU Filter global mode is dependent on operational PortFast state. Most but not all outgoing BPDUs are filtered.
- In BPDU Filter global mode, if incoming BPDUs are received, the port reverts back to normal Spanning Tree operation.
Comments
Post a Comment