Alright, I went through basically the same steps tonight with BPDUFilter enabled globally instead of configured on the interface and this is what happens...
spanning-tree portfast bpdufilter default interface FastEthernet0/1 spanning-tree portfast end SW1#sho spanin SW1#sho spannnin SW1#sho spannin SW1#sho spanning-tree int f0/1 det Port 3 (FastEthernet0/1) of VLAN0001 is designated forwarding Port path cost 19, Port priority 128, Port Identifier 128.3. Designated root has priority 32769, address 001b.d490.7980 Designated bridge has priority 32769, address 001b.d490.7980 Designated port id is 128.3, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast mode Link type is point-to-point by default Bpdu filter is enabled by default BPDU: sent 11, received 0 SW1# This is what it looks like before I enable bridging on the interface of the router connected to R1. I also turned on debugging for spanning-tree bpdus (and this port was the only one enabled on the switch) The first BPDUs are registered in the debugs... *Mar 1 00:40:24.819: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:24.819: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:24.819: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:24.819: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:24.819: STP(1) port Fa0/1 supersedes -1 SW1# *Mar 1 00:40:26.815: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:26.815: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:26.815: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:26.824: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:26.824: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:28.820: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:28.820: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:28.820: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:28.820: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:28.829: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:30.825: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:30.825: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:30.825: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:30.825: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:30.825: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:32.830: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:32.830: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:32.830: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:32.830: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:32.830: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:34.826: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:34.826: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:34.826: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:34.835: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:34.835: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:36.831: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:36.831: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:36.831: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:36.831: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:36.831: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:38.836: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:38.836: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:38.836: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:38.836: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:38.836: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:40.833: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:40.833: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:40.833: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:40.833: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:40.841: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:42.838: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:42.838: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:42.838: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:42.838: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:42.838: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:44.842: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:44.842: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:44.842: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:44.842: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:44.842: STP(1) port Fa0/1 supersedes 0 SW1# *Mar 1 00:40:46.839: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from FastEthernet0/1 , linktype IEEE_SPANNING , enctype 2, encsize 17 *Mar 1 00:40:46.847: STP: enc 01 80 C2 00 00 00 00 0D ED C8 4F 60 00 26 42 42 03 *Mar 1 00:40:46.847: STP: Data 00000000008000000DEDC84F60000000008000000DEDC84F6080040000140002000F00 *Mar 1 00:40:46.847: STP: VLAN0001 Fa0/1:0000 00 00 00 8000000DEDC84F60 00000000 8000000DEDC84F60 8004 0000 1400 0200 0F00 *Mar 1 00:40:46.847: STP(1) port Fa0/1 supersedes 0 SW1# SW1# Okay, so we have debugs showing bpdus on the interface so now what does it look like in the spanning-tree detail of the interface: SW1#sho spanning-tree int f0/1 det Port 3 (FastEthernet0/1) of VLAN0001 is root forwarding Port path cost 19, Port priority 128, Port Identifier 128.3. Designated root has priority 32768, address 000d.edc8.4f60 Designated bridge has priority 32768, address 000d.edc8.4f60 Designated port id is 128.4, designated path cost 0 Timers: message age 6, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 11, received 12 Notice that portfast and bpdufilter are no longer enabled on the interface. So it is as mark described but I did not see it described that way in the doc I posted, maybe I need to look again. -Mike -----Original Message----- From: Marko Milivojevic [mailto:[email protected]] Sent: Thursday, March 11, 2010 4:17 AM To: Michael Lipsey Cc: [email protected] Subject: Re: [OSL | CCIE_RS] BPDUfilter Hello, BPDUFilter will *never* disable port. It will either block BPDUs or not block BPDUs. That's the only thing it does. BPDUGuard is the one that disables ports. Now, there is a difference between behavior when configured on port and globally. When you configure BPDUFilter on the port, it's unconditional. BPDUs are filtered and that's it. If you want BPDUs, disable BPDUFilter. When you configure it globally, firts of all it applies only on interfaces that are portfast. So, if interface is portfast, no BPDUs are sent. If however that interface receives BPDU, switch will immediately start sending BPDUs in response *and* port will lose its portfast status. -- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 R&S Video on Demand Demo: http://bit.ly/aFyrU4 On Thu, Mar 11, 2010 at 07:34, Michael Lipsey <[email protected]> wrote: > So, I’m comparing the differences to BPDUGuard and BPDUFilter. > > > > Guard’s fairly easy – if you hear a BPDU you go into err-disable. > > > > Filter however I’m seeing a discrepancy between operation and documentation. > If you check out the link here: > > > > http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_46_se/configuration/guide/swstpopt.html#wp1032048 > > > > This text on BPDUFilter: > > > > Enabling BPDU Filtering > > When you globally enable BPDU filtering on Port Fast-enabled interfaces, it > prevents interfaces that are in a Port Fast-operational state from sending > or receiving BPDUs. The interfaces still send a few BPDUs at link-up before > the switch begins to filter outbound BPDUs. You should globally enable BPDU > filtering on a switch so that hosts connected to these interfaces do not > receive BPDUs. If a BPDU is received on a Port Fast-enabled interface, the > interface loses its Port Fast-operational status, and BPDU filtering is > disabled. > > It says that if a bpdu is heard on a filter configured ported – it will lose > its port fast enabled status and filtering will be disabled. I took a trunk > port that was in blocking on one of my switches and configured it as a > portfast port with filtering enabled so of course it received BPDUs from the > switch on the other side but what the text said would happen did not and of > course the port did not go into err-disable: > > > > SW2(config-if)#do sho spannin int f0/19 det > > Port 16 (FastEthernet0/19) of VLAN0001 is designated forwarding > > Port path cost 3019, Port priority 128, Port Identifier 128.16. > > Designated root has priority 32769, address 001b.d490.7980 > > Designated bridge has priority 49153, address 001a.a256.7780 > > Designated port id is 128.16, designated path cost 3019 > > Timers: message age 0, forward delay 0, hold 0 > > Number of transitions to forwarding state: 1 > > Link type is point-to-point by default > > Bpdu filter is enabled > > BPDU: sent 1, received 153 > > > > What’s the deal here? > > > > Thanks guys! > > > > > > -Mike > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
