Hello
From experience, I can tell you that the bpdufilter command will
override the bpduguard command. Bpdufilter effectively turns off spanning tree
on a port, but portfast keeps spanning tree enabled on a port, With bpdufilter
enabled there is nothing to protect you from a loop.
Thank You
Daniel Bielawa
Network Engineer
Liberty University Information Services
-----Original Message-----
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steven Fischer
Sent: Thursday, March 26, 2009 4:06 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] spanning-tree bpduguard vs. bpdufilter
When deploying our new network a few months ago, we set up Cisco Works to
manage it. Cisco Works detected and flagged the lack of the following
commands as configuration errors:
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
Thinking this recommendation came from Cisco Works, it follows that this
would make sense to do, right? As some more information on the effect of
these commands has come to light, this is really not a good idea. The
commands almost seem to serve opposite purposes - one shuts the port down if
a bpdu is detected, the other obstensibly ignores bpdus. Which one of these
commands takes precendence?
>From what I understand, spanning-tree portfast will in effect serve the same
purpose as spanning-tree bpdufilter enable IF the port is an active access
port...is that correct?
Thanks
Steve
--
To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
