Networking, Security & Cloud Knowledge

Friday, November 27, 2009

003 - STP GUARD & FILTER

-->
Spanning Tree protection
BPDU Guard
  • Prevent loops if another switch is attached to Portfast port
  • When enabled on interface port goes in error-disabled state if BPDU is received
Switch (config-if)#spanning-tree bpduguard enable (note portfast may not be configured)

  • Can be enabled on global configuration mode
Switch(config)#spanning-tree portfast bpduguard default



BPDU Filter:
· If enabled on interface mode it prevents the port from sending or receiving BPDU Switch(cofig-if)#spanning-tree bpdufilter enable
· If enabled globally if portfast interface receive the BPDU it take out portfast status Switch(config)#spanning-treee portfast bpdufilter default
Root Guard
  • Prevent other switch becoming root bridge
  • Enabled on ports other than the root port and on the switches other than root switch
  • Root guard port receives a BPDU that might cause it to become a root port, then the port is put into “root inconsistent” state and does not pass traffic through it.
  • But if port stops receiving these BPDU, it automatically re-enables itself Switch(config)#spanning-tree guard root.