Friday, December 24, 2010

spanning-tree portfast bpdufilter default

Problem - configure connections to not pass BPDUs without disabling STP on the port.

There is a good conversation on how to reduce the STP CPU utilization due to a high number of VLANs configured on a given switch on Cisco's NetPro forum.  The following links are referenced in the post (including those links here just for good measure).

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/stp_enha.html#wp1042489
 "STP PortFast causes a Layer 2 LAN interface configured as an access port to enter the forwarding state immediately, bypassing the listening and learning states"
 "When configured for PortFast, a port is still running the spanning tree protocol."
 http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/stp_enha.html#wp1033403
 "PortFast BPDU filtering can also be configured on a per-port basis. When PortFast BPDU filtering is explicitly configured on a port, it does not send any BPDUs and drops all BPDUs it receives."

The Catalyst 6500 configuration guide lists the following information about the command spanning-tree portfast bpdufilter default:
Be careful when enabling BPDU filtering. Functionality is different when enabling on a per-port basis or globally. When enabled globally, BPDU filtering is applied only on ports that are in an operational PortFast state. Ports still send a few BPDUs at linkup before they effectively filter outbound BPDUs. If a BPDU is received on an edge port, it immediately loses its operational PortFast status and BPDU filtering is disabled. 
When enabled locally on a port, BPDU filtering prevents the Catalyst 6500 series switch from receiving or sending BPDUs on this port.
Caution: Be careful when using this command. This command can cause bridging loops if not correctly used.



No comments:

Post a Comment