Jan 27, 2010

BPDU Guard vs BPDU Filter

When you configure PortFast on an access or trunk port, you assure that switch it should not expect a switch on this path. With this assurance, the switch can pass right through forward delay and go directly to forwarding when it gains link.

By default, PortFast does not disable STP on the port, but by skipping the listening and learning stats you do increase the probability of creating a loop if a switchin connected. To protect against this situation, you can enable BPDU guard or BPDU filter globally for PortFast port.

BPDU guard will error-disable the port if a BPDU is recevied.

Switch(config)# spanning-tree portfast bpduguard

When the BPDU filter is enabled globally, it causes PortFast ports to stop sending BPDUs. If a BPDU is recevied, the PortFast feature is disabled for that port and normal STP operation resumes.

Switch(config)# spanning-tree portfast bpdufilter
