Register now or log in to join your professional community.
BPDU Guard: Prevents accidental connection of switching devices to PortFast-enabled ports. Connecting switches to PortFast-enabled ports can cause Layer 2 loops or topology changes.
BPDU filtering: Restricts the switch from sending unnecessary BPDUs out access ports.
BPDU Guard
BPDU Guard is designed to protect your switching network. Remember that a Port-fast port is designed to be connected to a device where BPDU’s aren’t expected. This could be a end user device, server or access-point. When an unexpected BPDU is detected (an end-user wants to plug in a switch in his cubicle) the port will shutdown and enter a err-disable state.
When enabled globally this is a fantastic solution to protecting port-fast ports on access switches where you don’t expect a switch to be plugged in. BPDU guard when enabled on a per port interface, is conditional. It requires the port to be port fast enabled. If you require BPDU guard to be enabled unconditionally then you must do that on the port itself.
BPDU Filter
BPDU filter is a feature used to filter sending or receiving BPDUs on a switchport. It is extremely useful on those ports which are configured as portfast ports as there is no need to send or receive any BPDU messages on of these ports. BPDU filter can be configured globally or under the interface level.
With BPDU Filter, it will ignore in/out BPDUs. So you COULD end up with a loop in your network. Way not cool.
BPDU Guard on the other hand will alert you to that mistake/mayhem and will shut down the port instead of letting the loop shut down your network!
BPDU Guard
BPDU Guard puts an interface configured for STP PortFast into the err-disable state upon receipt of a BPDU. The BPDU Guard disables interfaces as a preventive step to avoid a potential bridging loop. The BPDU Guard feature is used to protect the Spanning Tree domain from external influence. BPDU Guard is disabled by default but is recommended for all ports on which the Port Fast feature has been enabled. This prevents false information from being injected into the Spanning Tree domain on ports that have Spanning Tree disabled.
BPDU Filter
When PortFast is enabled on a port, the port will send out BPDUs and will accept and process received BPDUs. The BPDU Guard feature prevents the port from receiving any BPDUs but does not prevent it from sending them. If any BPDUs are received, the port will be errdisabled. The BPDU Filter feature effectively disables STP on the selected ports by preventing them from sending or receiving any BPDUs.
BPDU filtering supports the ability to prevent switches from sending BPDUs on PortFast-enabled interfaces. Ports configured for the PortFast feature typically connect to host devices. Hosts do not participate in STP and hence drop the received BPDUs. As a result, BPDU filtering prevents unnecessary BPDUs from being transmitted to host devices.
BPDU Guard is designed to protect your switching network. Remember that a Port-fast port is designed to be connected to a device where BPDU’s aren’t expected. This could be a end user device, server or access-point. When an unexpected BPDU is detected (an end-user wants to plug in a switch in his cubicle) the port will shutdown and enter a err-disable state
BPDU Filter The point of demarcation is a fantastic place to use BPDU filter. When an ISP hands off a tail in the DC from their switch infrastructure, neither party want’s anything to do with the others STP topology. This one of the uses of this feature. Probably the best one I have found.
BPDUGuard
If a switch is plugged into a switchport configured as Portfast, it could change the STP topology without the administrator knowing and could even bring down the network. To prevent this, BPDUGuard can be configured on the switchport. With this configured, if a BPDU is received on a switchport, it will be put into an error disabled mode and an administrator will have to bring the port up. This can be configured on the port using the “spanning-tree bpduguard enable” command.
BPDUFilter
When BPDUFilter is configured on a switchport which has been configured as Portfast, it will cause the port to lose the Portfast status if a BPDU is received on it. This will force the port to participate in STP convergence. This is unlike the behavior seen with BPDUGuard where the port is put into an error disabled mode. BPDUFilter can be enabled on the switchport using the “spanning-tree bpdufilter enable” command.
BPDU Guard
PortFast should be configured on port where bridging loops are not expected to form (which means that no BPDUs should be receive on these ports), such as on end-devices port like a single workstation or server.
BPDU Filtering
BPDU Filtering allows to stop sending/receiving BPDUs on a port depending on how is configured.
BPDUs are the messages exchanged between switches to calculate the spanning tree topology. BPDU filter is a feature used to filter sending or receiving BPDUs on a switchport.
It is extremely useful on those ports which are configured as portfast ports as there is no need to send or receive any BPDU messages on of these ports.
BPDU filter can be configured globally or under the interface level. When configured globally all portfast enabled ports stop sending and receiving BPDUs, but if a BPDU is received on the port it gets out of the portfast state and normally participate in the spanning tree calculations.
BPDU Guard disables interfaces as a preventive step to avoid a potential bridging loop.
BPDU Guard: avoid a potential bridging loop
BPDU Filtering: stop receiving BPDU
