Hello, BPDUFilter will *never* disable port. It will either block BPDUs or not block BPDUs. That's the only thing it does. BPDUGuard is the one that disables ports.
Now, there is a difference between behavior when configured on port and globally. When you configure BPDUFilter on the port, it's unconditional. BPDUs are filtered and that's it. If you want BPDUs, disable BPDUFilter. When you configure it globally, firts of all it applies only on interfaces that are portfast. So, if interface is portfast, no BPDUs are sent. If however that interface receives BPDU, switch will immediately start sending BPDUs in response *and* port will lose its portfast status. -- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 R&S Video on Demand Demo: http://bit.ly/aFyrU4 On Thu, Mar 11, 2010 at 07:34, Michael Lipsey <[email protected]> wrote: > So, I’m comparing the differences to BPDUGuard and BPDUFilter. > > > > Guard’s fairly easy – if you hear a BPDU you go into err-disable. > > > > Filter however I’m seeing a discrepancy between operation and documentation. > If you check out the link here: > > > > http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/swstpopt.html#wp1032048 > > > > This text on BPDUFilter: > > > > Enabling BPDU Filtering > > When you globally enable BPDU filtering on Port Fast-enabled interfaces, it > prevents interfaces that are in a Port Fast-operational state from sending > or receiving BPDUs. The interfaces still send a few BPDUs at link-up before > the switch begins to filter outbound BPDUs. You should globally enable BPDU > filtering on a switch so that hosts connected to these interfaces do not > receive BPDUs. If a BPDU is received on a Port Fast-enabled interface, the > interface loses its Port Fast-operational status, and BPDU filtering is > disabled. > > It says that if a bpdu is heard on a filter configured ported – it will lose > its port fast enabled status and filtering will be disabled. I took a trunk > port that was in blocking on one of my switches and configured it as a > portfast port with filtering enabled so of course it received BPDUs from the > switch on the other side but what the text said would happen did not and of > course the port did not go into err-disable: > > > > SW2(config-if)#do sho spannin int f0/19 det > > Port 16 (FastEthernet0/19) of VLAN0001 is designated forwarding > > Port path cost 3019, Port priority 128, Port Identifier 128.16. > > Designated root has priority 32769, address 001b.d490.7980 > > Designated bridge has priority 49153, address 001a.a256.7780 > > Designated port id is 128.16, designated path cost 3019 > > Timers: message age 0, forward delay 0, hold 0 > > Number of transitions to forwarding state: 1 > > Link type is point-to-point by default > > Bpdu filter is enabled > > BPDU: sent 1, received 153 > > > > What’s the deal here? > > > > Thanks guys! > > > > > > -Mike > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
