When you enable BPDU guard at the interface level on any port without also enabling the PortFast feature,
and the port receives a BPDU, it is put in the error-disabled state.
The BPDU guard feature provides a secure response to invalid configurations because you must manually
put the interface back in service. Use the BPDU guard feature in a service-provider network to prevent an
access port from participating in the spanning tree.
Related Topics
Enabling BPDU Guard, on page 92
BPDU Filtering
The BPDU filtering feature can be globally enabled on the switch or can be enabled per interface, but the
feature operates with some differences.
Enabling BPDU filtering on PortFast-enabled interfaces at the global level keeps those interfaces that are in
a PortFast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs at
link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering on a
switch so that hosts connected to these interfaces do not receive BPDUs. If a BPDU is received on a
PortFast-enabled interface, the interface loses its PortFast-operational status, and BPDU filtering is disabled.
Enabling BPDU filtering on an interface without also enabling the PortFast feature keeps the interface from
sending or receiving BPDUs.
Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in
spanning-tree loops.
Caution
You can enable the BPDU filtering feature for the entire switch or for an interface.
Related Topics
Enabling BPDU Filtering, on page 93
Catalyst 2960-XR Switch Layer 2 Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29424-01 81
Configuring Optional Spanning-Tree Features
BPDU Filtering
To Next Page
Loading...
Need help?
General
