Hello From experience, I can tell you that the bpdufilter command will override the bpduguard command. Bpdufilter effectively turns off spanning tree on a port, but portfast keeps spanning tree enabled on a port, With bpdufilter enabled there is nothing to protect you from a loop.
Thank You Daniel Bielawa Network Engineer Liberty University Information Services -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steven Fischer Sent: Thursday, March 26, 2009 4:06 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] spanning-tree bpduguard vs. bpdufilter When deploying our new network a few months ago, we set up Cisco Works to manage it. Cisco Works detected and flagged the lack of the following commands as configuration errors: spanning-tree bpduguard enable spanning-tree bpdufilter enable Thinking this recommendation came from Cisco Works, it follows that this would make sense to do, right? As some more information on the effect of these commands has come to light, this is really not a good idea. The commands almost seem to serve opposite purposes - one shuts the port down if a bpdu is detected, the other obstensibly ignores bpdus. Which one of these commands takes precendence? >From what I understand, spanning-tree portfast will in effect serve the same purpose as spanning-tree bpdufilter enable IF the port is an active access port...is that correct? Thanks Steve -- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/