dls1(config)#spann portfast bpduguard default
dls1(config)#
dls1(config)#
if a bpdu is received on the port (a portfast port should not be receiving bpdu's, ie. it shouldn't be connected to a switch) the port is placed in errdisable
at the interface, simply:
dls1(config-if)#spann bpduguard enable
dls1(config-if)#
here too when the port receives a bpdu it goes into errdisable...
it is the difference in the words... guard not filter, guard not filter.. the guard shuts the port down, the filter drops the offenders, however...
dls1(config)#spann portfast bpdufilter default
dls1(config)#
prevents portfast enabled ports from sending or receiving bpdu's... if it receives a bpdu, it loses it's portfast ability and bpdu filtering is disabled...
enabling bpdu filtering is the same as disabling stp on the port, which could make it susceptible to loops... why you would ever want to allow a portfast port to be enabled automatically if it receives a bpdu is beyond me... i have read some half-hearted explanations to use this between isp's and their separate spanning trees, etc...
here is a video that might explain it better... guard seems like a good choice for most networks; use filter at your own risk...
http://www.youtube.com/watch?v=wvF0NFIHAEs
No comments:
Post a Comment