[c-nsp] spanning-tree bpduguard vs. bpdufilter

Steven Fischer sfischer1967 at gmail.com
Thu Mar 26 16:06:17 EDT 2009


When deploying our new network a few months ago, we set up Cisco Works to
manage it.  Cisco Works detected and flagged the lack of the following
commands as configuration errors:

spanning-tree bpduguard enable
spanning-tree bpdufilter enable

Thinking this recommendation came from Cisco Works, it follows that this
would make sense to do, right?  As some more information on the effect of
these commands has come to light, this is really not a good idea.  The
commands almost seem to serve opposite purposes - one shuts the port down if
a bpdu is detected, the other obstensibly ignores bpdus.  Which one of these
commands takes precendence?

>From what I understand, spanning-tree portfast will in effect serve the same
purpose as spanning-tree bpdufilter enable IF the port is an active access
port...is that correct?

Thanks

Steve

-- 
To him who is able to keep you from falling and to present you before his
glorious presence without fault and with great joy


More information about the cisco-nsp mailing list