This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.
CCIE #29033
This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.
You can also follow me on twitter @FE80CC1E
What command can be used to ensure that BPDU's are not transmitted or received on a port?
What is the risk of using this command?
2 comments:
'spanning-tree bpdufilter enable'
per port or global for portfast ports
risk is you do not have bpdu's anymore and that is how spanning tree does its thing, stopping loops
00:03:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
00:03:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up
you can see bpdu going pretty regular:
Switch#sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 48, received 0
Switch#sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 49, received 0
Switch#sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 50, received 0
Switch(config-if)#spanning-tree bpdufilter enable
NOW STOSwitch(config-if)#spanning-tree bpdufilter enable
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 72, received 0
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 72, received 0
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 72, received 0
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 72, received 0
PPED:
***NOTE***
This can be done globally as well but works a little different as it will still send 11 bpdus before it stops sending:
first clear the counters by taking down the interface
00:07:45: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to down
then bring it back up and check the bpdus are they being sent?
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 0, received 0
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 0, received 0
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 0, received 0
turn bpdufilter back on:
Switch(config-if)#spanning-tree bpdufilter disable
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 1, received 0
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 2, received 0
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 2, received 0
Switch(config-if)#do sh spanning-tree interface f0/7 detail | i BPDU
BPDU: sent 3, received 0
now try that with the global command:
spanning-tree portfast bpdufilter default
Switch(config-if)#do sh run int f0/7
interface FastEthernet0/7
spanning-tree portfast
Switch#sh clo
*00:14:40.334 UTC Mon Mar 1 1993
Switch#sh spanning-tree int f0/7 de | i BPDU
BPDU: sent 6, received 0
Switch#sh clo
*00:14:49.611 UTC Mon Mar 1 1993
Switch#sh spanning-tree int f0/7 de | i BPDU
BPDU: sent 8, received 0
Switch#sh clo
*00:14:56.884 UTC Mon Mar 1 1993
Switch#sh spanning-tree int f0/7 de | i BPDU
BPDU: sent 11, received 0
Switch#sh clo
*00:15:18.753 UTC Mon Mar 1 1993
Switch#sh spanning-tree int f0/7 de | i BPDU
BPDU: sent 11, received 0
Great example.
Cisco recommends to take care when using spanning-tree bpdufilter enable command. When enabled it is essentially the same thing as disabling spanning tree for an interface. Bridging loops can occur.
Post a Comment