[c-nsp] BPDU Filtering
Saku Ytti
saku+cisco-nsp at ytti.fi
Fri Jul 7 07:16:34 EDT 2006
On (2006-07-07 12:27 +0600), Sergey Velikanov [Intelsoft] wrote:
> 1) Port Fast Enabled, BPDU filtering Enabled:
>
> Port do not send BPDU, but what happen if it receive BPDU?
> according to docs, catalyst disable BPDU filter also port lost PortFast status, so port participate in STP election process. Am I right?
>
>
> 2) Port Fast Disable, BPDU filtering Enabled:
> Port do not send BPDU,if port receive BPDU it silent drop this packet,isn't it?
You can not have BPDUFiltering without PortFast (Edge). What Cisco tries to
tell is that if you enable this globally you stop sending BPDU's but if you
receive BPDU you're removed from port-fast and you start to act as 'normal'
STP port. As opposed to when configured in interface, you always drop
even incoming BPDU's, and do not drop out of PorFast.
My personal recommendation is to have globally portfast on and bpduguard
globally on, not to have bpdufilter on. That is, you keep sending
BPDU to customer, but if you receive BPDU, even your own, you'll
go to erddisable (and contact customer about the issue).
Also always complement these with at least broadcast stormcontrol.
One place where BPDUFilter makes sense is between PE and Switch, since
due to RFC4448 and alike you can break your network in very creative
way by connecting both MSTP and PVST domains over complex RFC4448 mesh,
BPDFilter will protect form this bit.
--
++ytti
More information about the cisco-nsp
mailing list