Configuring STP Extensions

Information About STP Extensions

interface signals an invalid configuration, such as the connection of an unauthorized host or switch. BPDU Guard, when enabled globally, shuts down all spanning tree edge ports when they receive a BPDU.

BPDU Guard provides a secure response to invalid configurations, because you must manually put the LAN interface back in service after an invalid configuration.

Note When enabled globally, BPDU Guard applies to all operational spanning tree edge interfaces.

Understanding BPDU Filtering

You can use BPDU Filtering to prevent the switch from sending or even receiving BPDUs on specified ports.

When configured globally, BPDU Filtering applies to all operational spanning tree edge ports. You should connect edge ports only to hosts, which typically drop BPDUs. If an operational spanning tree edge port receives a BPDU, it immediately returns to a normal spanning tree port type and moves through the regular transitions. In that case, BPDU Filtering is disabled on this port, and spanning tree resumes sending BPDUs on this port.

In addition, you can configure BPDU Filtering by the individual interface. When you explicitly configure BPDU Filtering on a port, that port does not send any BPDUs and drops all BPDUs that it receives. You can effectively override the global BPDU Filtering setting on individual ports by configuring the specific interface. This BPDU Filtering command on the interface applies to the entire interface, whether the interface is trunking or not.

Caution Use care when configuring BPDU Filtering per interface. If you explicitly configuring BPDU Filtering on a port that is not connected to a host, it can result in bridging loops because the port will ignore any BPDU that it receives and go to forwarding.

If the port configuration is not set to default BPDU Filtering, then the edge configuration will not affect BPDU Filtering. The following table lists all the BPDU Filtering combinations.

Table 10: BPDU Filtering Configurations

BPDU Filtering Per Port

BPDU Filtering Global

STP Edge Port

BPDU Filtering State

Configuration

Configuration

Configuration

 

Default

Enable

Enable

EnableThe port transmits

 

 

 

at least 10 BPDUs. If this

 

 

 

port receives any BPDUs,

 

 

 

the port returns to the

 

 

 

spanning tree normal port

 

 

 

state and BPDU Filtering

 

 

 

is disabled.

Default

Enable

Disable

Disable

Default

Disable

Enabled/Disabled

Disable

Disable

Enabled/Disabled

Enabled/Disabled

Disable

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)

OL-26590-01

115

Page 129
Image 129
Cisco Systems N3KC3064TFAL3 manual Understanding Bpdu Filtering, Port returns to, State and Bpdu Filtering, Is disabled