Only on nontrunking access ports.
Enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state enter a err-disable state
The BPDU Guard Default feature works in conjunction with Portfast to automatically enable BPDU Guard on any interfaces in the Portfast state. Portfast can be enable at the global level, or interface level
SW2(config)#int eth 3/0
SW2(config-if)#spanning-tree bpduguard enable
SW2(config)#spanning-tree portfast bpduguard default
SW2(config)#
interface Ethernet3/0
switchport mode access
duplex auto
spanning-tree portfast
end
STP BPDU Filter
Global and on port basis
Port Basis filter incoming and outgoing BPDU
Global filter Outgoing BPDU
SW1(config-if)#do show run int eth3/0
!
interface Ethernet3/0
duplex auto
spanning-tree bpdufilter enable
end
port will be not sending or transmitting any BPDUs and going to be rejecting any incoming BPDU that it receives.
Configured globally BPDU filter does not filter any incoming BPDUs and will filter all outgoing BPDUs, only 11 BPDUs will be sent initially after that its starts filtering.
SW1(config-if)#do show run | i portfast|bpdu
spanning-tree portfast edge default
spanning-tree portfast edge bpdufilter default
!
int eth3/0
spanning-tree portfast
It enables bpdufiltering on ports that have port-fast configuration, so it sends a few bpdu while enabling port then it filters bdpu unless receives a bpdu, after that it changes from port-fast mode and disables filtering for port to operate like a normal port because it has received bpdu.
Once BPDU received on the port it will operate as normal port, the Port shall go into (Blocking , listening , learning and then Forwarding state)
Enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state enter a err-disable state
The BPDU Guard Default feature works in conjunction with Portfast to automatically enable BPDU Guard on any interfaces in the Portfast state. Portfast can be enable at the global level, or interface level
SW2(config)#int eth 3/0
SW2(config-if)#spanning-tree bpduguard enable
SW2(config)#spanning-tree portfast bpduguard default
SW2(config)#
interface Ethernet3/0
switchport mode access
duplex auto
spanning-tree portfast
end
STP BPDU Filter
Global and on port basis
Port Basis filter incoming and outgoing BPDU
Global filter Outgoing BPDU
SW1(config-if)#do show run int eth3/0
!
interface Ethernet3/0
duplex auto
spanning-tree bpdufilter enable
end
port will be not sending or transmitting any BPDUs and going to be rejecting any incoming BPDU that it receives.
Configured globally BPDU filter does not filter any incoming BPDUs and will filter all outgoing BPDUs, only 11 BPDUs will be sent initially after that its starts filtering.
SW1(config-if)#do show run | i portfast|bpdu
spanning-tree portfast edge default
spanning-tree portfast edge bpdufilter default
!
int eth3/0
spanning-tree portfast
It enables bpdufiltering on ports that have port-fast configuration, so it sends a few bpdu while enabling port then it filters bdpu unless receives a bpdu, after that it changes from port-fast mode and disables filtering for port to operate like a normal port because it has received bpdu.
Once BPDU received on the port it will operate as normal port, the Port shall go into (Blocking , listening , learning and then Forwarding state)
