spanning-tree portfast bpdufilter default

Hey guys!

This morning I took a look into the Adv.Tech. topic "bpdufilter" and Brian demonstrated the "spanning-tree portfast bpdufilter default" command.

So far so good...the effect of that command is if I understood it correctly that the switchport does not send BPDUs (bpdufilter), but when it receives BPDUs it kicks out the "edge" status of the port  and the port is acting as a usual spanning-tree port (right?).

As long as there is no BPDU received, the port actually will not also send any of them.

What happens when I connect a unmanged L2-switch without STP capability and plug a loop on that switch. Is the VLAN on my catalyst switchport going to get problems of flooding?

Thanks in advance!

 

-m-

«1

Comments

  • Hi

    My first question is how these two switches(STP and non STP capability switches) will get connected?. They have to form a trunk before anything else. If they do not form trunk there is no point of looping. Additionally loops occurs only when there is a redundant path exit between these switches.

     

    Regards

     

     

  • They get connected because people do silly things. You don't always control all the physical ports at the wall, and people will plug random stuff in.

    Plus trunking doesn't have much to do with loops - you can form a nice little loop with pure access ports.

  • Hi zool85,

    I believe the answer is yes. The traffic originated by end host that's connected to downstream non-STP switch will be duplicated over and over by the switch and forwarded to the upstream STP switch. The inter-switch link will be flooded with this traffic storm from downstream switch.

    In this case, you may want to enable storm control on the upstream Cisco switch.
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swtrafc.html#wp1085954

    Regards,
    Alex

  • Hi zool,

         I understand you make a physical loop to the downstream switch which does not run STP, right(so you have the Cisco switch connected to th other switch on two ports)? What will happen is the following:
    If your Cisco port has BPDUfilter enabled by default (in global config mode), when the port goes up, the Cisco switch still sends out exactly 11 BPDUs. Based on the physical loop it will receive back its own BPDUs and put the port into backup mode.
    If your Cisco port does not have BPDUfilter enabled by default, the Cisco switch still start sending BPDUs. Based on the physical loop it will receive back its own BPDUs and put the port into backup mode.
    So in both cases, only one Cisco port will be in STP FW mode.

    Good luck with your studies!

  • Hi Christian,

    I think he didn't mention using two ports for inter-switch link. So, should we assume it is only inter-switch link? Hehehe...

  • Hey!

    Alright if the Switch sends 11BDPUs then it makes sense that the port goes into error/backup state (loop detected).

    But why does it send the BPDUs? When I configure the bpdufilter option, doest that say that I do not send any BPDUs but when I get some, then I will pop out the "edge" state which was forced by the "portfast" feature and turn the switch into a normal spanning-tree port.

    Thanks for your patience and your time!

     

    Best regards!

     

    -m-

  • It sends 11 BPDUs in order to avoind any temporary loops, 11 BPDUs is more than default STP age timer which is 20 seconds. Check my last post on this thread:

    http://ieoc.com/forums/t/16447.aspx?PageIndex=2

    Good luck with your studies!

  • Bpdufilter only ignores bpdu received on a port and doesn't send any. When you globally enable bpdufilter and an access port receives a bpdu, only then will transition from an edge port.

    zool85 wrote:
  • Edge port is determined by presence of portfast, so correct is will get out of portfast enabled state and negotiate its STP port state.

    Good luck with your studies!

  • How about following scenario

    Cisco Switch
        P24
         |
         |
         |
        P24
    Unmanaged Switch (doesn't support STP)
     P1      P2
     |         |
     |         |
     |_____|

    The loop is directly connected to downstream switch that doesn't support STP.

    Cheers [B]

     

  • Yes thats exactly the scenario i meant with my question.

    I wanted to say something to the 11 BPDUs that are sent at the beginning when the port comes up.

    Loop on the layer 2 unmanaged switch is active, switch is connected to P24 of the catalyst. BPDUs are reflected and the switch blocks the port.

    So far so good.

    But when I connect the switch to the cisco...then wait about 1minute...and then plug a loop. Then I should propably have broadcast storms in the participating vlan.

    Am I right?

     

    Thanks for the patience!

    KR

     

    -m-

  • Hi zool85,

    See my response to this in my first post in this thread. The downstream will experience a traffic storm which will affect its uplink towards the upstream Cisco switch. I think the only way that we can prevent this on Cisco switch is to use "storm control" feature.
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swtrafc.html#wp1085954

  • this topic keeps showing up every 4 or so months on here....sooo i'm going to post this GREAT article

     

    http://tinyurl.com/3quzwxq

     

    i've changed the url cause its from an ine competitor...however it answers many of the questions asked here and is my go to atricle for this particular topic...i make it a point to read it once every few month. I hope brian and the other ine folks wont mind too much because as a teaching tool...this article is great!

  • Hi Toxic,

       In following topic http://ieoc.com/forums/t/16447.aspx?PageIndex=2 i explained the same but without examples (without knowing of the above URL), and i also explained why the switch still sends out exactly 11 BPDUs, which on the competitor is not specified :)

    Good luck with your studies!

  • Guys,

    How about the topology that I mentioned above, which is the original question from zool85?
    Any comment?

  • Hi all,

       Well  i cannot test, cannot find such a dummy switch, BUT should happen the following: as the unmanaged switch does not support STP it will forward STP frames as regular frames. With the physical loop on the unmanaged switch, it means again that the Cisco switch will recevive back its own BPDUs and put the port into backup mode, blocking state. I'm 101% sure of it. :)

    Good luck with your studies!

  • Hi Christian,

    You are right. I forgot about the initial 11 BPDUs when thinking over the case.

    Awesome man!!!

  • o cool....i'll make sure i read it tonight.....a different prespective as in the same information presented in different words is always helpful in solidifying a technology in ones brain :-)

  • Hi Toxic,

       In following topic http://ieoc.com/forums/t/16447.aspx?PageIndex=2 i explained the same but without examples (without knowing of the above URL), and i also explained why the switch still sends out exactly 11 BPDUs, which on the competitor is not specified :)

    Good luck with your studies!

     

     

    o and btw..i can make an educated guess on why 11 bpdus...i have not read this thread except for your responce to me and my posting of previous article...which i posted after reading the heading for the thread...

    i'm guessing since max age is 20 , 10 bpdus can be sent in 20 seconds with the default hello interval of 2. So you want anything connected to the other end when the switch is first powered up (cause thatss when max age usuallymatters ...other than in indirect link failures...) to registed at least 1 bpdu..hense 11 bpdus or 22 seconds which is > max age.

     

    right?

  • Your guess is correct even though this not documented anywhere.
    Look at this thread as mentioned by Christian in earlier post in this thread.
    http://ieoc.com/forums/t/16447.aspx?PageIndex=2

  • Your guess is correct even though this not documented anywhere.
    Look at this thread as mentioned by Christian in earlier post in this thread.
    http://ieoc.com/forums/t/16447.aspx?PageIndex=2

    i saw it...in all honesty...that particular issue...its not all that hard to guess...so i'm not going to give myself too much credit....if you know STP...this should be fairly obvious

  • Hi Toxic,

       Max age is NON relevant when switch powers up, only on indirect failure in STP (not RSTP/MSTP), cause when the port/switch is up, it starts sending BPDUs anyways. There is mainly only one case when you need to make sure you send BPDUs (with BPDU filtering enabled) for more than the max age :) Which is the case?

    Good luck with your studies!

  • Hi Christian,

    Another Quiz huh?
    I think to make sure the downstream switch which has lost its connection to the old superior root expires its stale root BPDU, which will take 20s (max age). And then accept the BPDU sent out by upstream switch that is enabled with BPDU Filter.

    CMIIW.
    Thanks

  • i had read someplace (might have been kennedy clark) that max age is relevant when a switch powers up...anyhow...however thinking about it coherently that statement does not make sense ...(root bridge election does not wait 20 seconds now does it)...so my bad there...

     

    so your questions is > there is 1 case where i need to make sure i send BPDUs...even with BPDU filtering enabled?

    answer>>>well i would have to say thats when 1 switch is connected to another switch using an access link. Even with BPDU filtering enabled you need to make sure that the far end is not a switch, hense you send a few BPDUs. However credit goes to Marko who wrote the article i posted. My answer is straight from that article!

     

    hope its right :-)

  • Hi Alexander,

       Yes, this is the case, when you have on the other side of the BPDUFilter port a switch running plain old STP which ignores for 20 seconds your BPDUs, if it lost its root bridge.

    Good luck with your studies!

  • Thank you Christian for the quiz. It made me thinking hard and had refreshed my brain cells.

  • Hi Guys,

    This is an interesting discussing.

    In my case I am confused a bit, I can't see the diference between "spanning-tree portfast default" and "spanning-tree portfast bpdufilter default".

    Please clarify for me.

     

    KR,

     

    Aliou

  • In my case I am confused a bit, I can't see the diference between "spanning-tree portfast default" and "spanning-tree portfast bpdufilter default".

    spanning-tree portfast default -> enable portfast on non-trunk ports (global config)

    spanning-tree portfast bpdufilter default -> enable bpdufilter on portfast enabled ports (global config)

    HTH

  • Thanks Alexander.

    I know what the command do. Actually my concern is about the end result of applying those commands in term of sending and reception of BPDUs.

    KR,

     

    Aliou

  • I know what the command do. Actually my concern is about the end result of applying those commands in term of sending and reception of BPDUs.

    Hi dialta,

    Do you mean "spanning-tree portfast bpdufilter default" command? This will stop the switch sending BPDU out of the port that enabled with portfast. And when it receives incoming BPDU, the port will immediately lose its portfast status, which means the bpdufilter will be disabled as well. But remember, the switch will still send out a few BPDUs the port when it comes up. Check out the command reference below, it tells you all that you need to know about this command:
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/command/reference/cli3.html#wp1946892

    HTH

Sign In or Register to comment.