So, I'm comparing the differences to BPDUGuard and BPDUFilter.
Guard's fairly easy - if you hear a BPDU you go into err-disable. Filter however I'm seeing a discrepancy between operation and documentation. If you check out the link here: http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/r elease/12.2_46_se/configuration/guide/swstpopt.html#wp1032048 This text on BPDUFilter: Enabling BPDU Filtering When you globally enable BPDU filtering on Port Fast-enabled interfaces, it prevents interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering on a switch so that hosts connected to these interfaces do not receive BPDUs. If a BPDU is received on a Port Fast-enabled interface, the interface loses its Port Fast-operational status, and BPDU filtering is disabled. It says that if a bpdu is heard on a filter configured ported - it will lose its port fast enabled status and filtering will be disabled. I took a trunk port that was in blocking on one of my switches and configured it as a portfast port with filtering enabled so of course it received BPDUs from the switch on the other side but what the text said would happen did not and of course the port did not go into err-disable: SW2(config-if)#do sho spannin int f0/19 det Port 16 (FastEthernet0/19) of VLAN0001 is designated forwarding Port path cost 3019, Port priority 128, Port Identifier 128.16. Designated root has priority 32769, address 001b.d490.7980 Designated bridge has priority 49153, address 001a.a256.7780 Designated port id is 128.16, designated path cost 3019 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default Bpdu filter is enabled BPDU: sent 1, received 153 What's the deal here? Thanks guys! -Mike
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
