Pages

network cisco ccna gns3 certification arteq

network cisco ccna gns3 certification arteq
a network runs through it

Search insearchofthecert

Sunday, February 5, 2012

forum question i answered with examples...


Is it true that BPDU's are still sent out access ports ?
and if so can we prevent BPDU's being sent using BPDU filter ? also
if we what would happen if a switch was accidently attached to an access  port with BPDU filter enabled .
one more thing , is it best practice to enable BPDU filter or BPDU guard on all access ports ?


part 1)

yes... see debug output for fa0/17... xmit bpdu...

sw2950_02#sh run int fa0/17
Building configuration...


Current configuration : 85 bytes
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
end

sw2950_02#debug spann bpdu trans
Spanning Tree BPDU Transmitted debugging is on
sw2950_02#
1d01h: STP: VLAN0010 Fa0/17 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 600A0009B752D780 00000013 800A0009B73FCE80 8011 0100 14
00 0200 0F00

part 2) 

bpdufilter turns bpdu xmit off for the interface... see below, fa0/17 is conspicuously missing...

sw2950_02(config-if)#spann bpdufilter enable
sw2950_02(config-if)#int fa0/17
sw2950_02(config-if)#spann bpdufilter enable
sw2950_02(config-if)#do sh run int fa0/17
Building configuration...


Current configuration : 118 bytes
!
interface FastEthernet0/17
switchport access vlan 10
switchport mode access
spanning-tree bpdufilter enable
end

sw2950_02#debug spann bpdu trans
Spanning Tree BPDU Transmitted debugging is on
sw2950_02#

1d01h: STP: VLAN0001 Fa0/2 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 80010009B73FCE80 00000000 80010009B73FCE80 8002 0000 14
00 0200 0F00
1d01h: STP: VLAN0020 Fa0/1 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 80140009B73FCE80 00000000 80140009B73FCE80 8001 0000 14
00 0200 0F00
1d01h: STP: VLAN0020 Fa0/2 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 80140009B73FCE80 00000000 80140009B73FCE80 8002 0000 14
00 0200 0F00
1d01h: STP: VLAN0050 Fa0/1 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 80320009B73FCE80 00000000 80320009B73FCE80 8001 0000 14
00 0200 0F00
1d01h: STP: VLAN0050 Fa0/2 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 80320009B73FCE80 00000000 80320009B73FCE80 8002 0000 14
00 0200 0F00
1d01h: STP: VLAN0050 Fa0/15 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 80320009B73FCE80 00000000 80320009B73FCE80 800F 0000 14
00 0200 0F00
1d01h: STP: VLAN0050 Fa0/16 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 80320009B73FCE80 00000000 80320009B73FCE80 8010 0000 14
00 0200 0F00
1d01h: STP: VLAN0010 Fa0/18 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 600A0009B752D780 00000013 800A0009B73FCE80 8012 0100 14
00 0200 0F00
sw2950_02#
1d01h: STP: VLAN0010 Fa0/19 tx BPDU: config protocol=ieee
    Data : 0000 00 00 00 600A0009B752D780 00000013 800A0009B73FCE80 8013 0100 14
00 0200 0F00

part 3)

when i attached a switch to the bpdufilter enabled port, the port blinked amber/green, and basically the switch stopped functioning correctly... in fact the entire switch freaked out... doesn't seem like a good idea...

part 4)

bpduguard and portfast are considered best practice for access ports...

my switched network for the good of all mankind...




Posted by arteq at Sunday, February 05, 2012
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)