BPDU Guard vs BPDU Filter

When you configure PortFast on an access or trunk port, you assure that switch it should not expect a switch on this path. With this assurance, the switch can pass right through forward delay and go directly to forwarding when it gains link.

By default, PortFast does not disable STP on the port, but by skipping the listening and learning stats you do increase the probability of creating a loop if a switchin connected. To protect against this situation, you can enable BPDU guard or BPDU filter globally for PortFast port.

BPDU guard will error-disable the port if a BPDU is recevied.

Switch(config)# spanning-tree portfast bpduguard

When the BPDU filter is enabled globally, it causes PortFast ports to stop sending BPDUs. If a BPDU is recevied, the PortFast feature is disabled for that port and normal STP operation resumes.

Switch(config)# spanning-tree portfast bpdufilter
Post a Comment

Popular posts from this blog

Pairwise Master Key (PMK) vs Parewise Transient Key(PTK) vs PseudoRandom Function(PRF) vs GTK (Groupwise Transient Key)

DSSS(直接序列展頻技術) vs OFDM(正交頻率多重分割)