Understanding Bpdu Guard; Understanding Bpdu Filtering - Cisco Nexus 3000 Series Configuration Manual

Nx-os layer 2 switching configuration guide, release 6.x

Hide thumbs Also See for Nexus 3000 Series:

Command reference manual (356 pages)

Configuration manual (338 pages)

Installation manual (112 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

Configuring STP Extensions

Understanding BPDU Guard

Enabling BPDU Guard shuts down that interface if a BPDU is received.

You can configure BPDU Guard at the interface level. When configured at the interface level, BPDU Guard

shuts the port down as soon as the port receives a BPDU, regardless of the port type configuration.

When you configure BPDU Guard globally, it is effective only on operational spanning tree edge ports. In a

valid configuration, LAN edge interfaces do not receive BPDUs. A BPDU that is received by an edge LAN

interface signals an invalid configuration, such as the connection of an unauthorized host or switch. BPDU

Guard, when enabled globally, shuts down all spanning tree edge ports when they receive a BPDU.

Note

On the edge trunk interface level, if the remote side of the disabled VLAN is configured as an access port

then the BPDUs will be ignored.

BPDU Guard provides a secure response to invalid configurations, because you must manually put the LAN

interface back in service after an invalid configuration.

When enabled globally, BPDU Guard applies to all operational spanning tree edge interfaces.

Note

Understanding BPDU Filtering

You can use BPDU Filtering to prevent the switch from sending or even receiving BPDUs on specified ports.

When configured globally, BPDU Filtering applies to all operational spanning tree edge ports. You should

connect edge ports only to hosts, which typically drop BPDUs. If an operational spanning tree edge port

receives a BPDU, it immediately returns to a normal spanning tree port type and moves through the regular

transitions. In that case, BPDU Filtering is disabled on this port, and spanning tree resumes sending BPDUs

on this port.

In addition, you can configure BPDU Filtering by the individual interface. When you explicitly configure

BPDU Filtering on a port, that port does not send any BPDUs and drops all BPDUs that it receives. You can

effectively override the global BPDU Filtering setting on individual ports by configuring the specific interface.

This BPDU Filtering command on the interface applies to the entire interface, whether the interface is trunking

or not.

Caution

Use care when configuring BPDU Filtering per interface. If you explicitly configuring BPDU Filtering

on a port that is not connected to a host, it can result in bridging loops because the port ignores any BPDU

that it receives and goes to forwarding.

If the port configuration is not set to default BPDU Filtering, the edge configuration does not affect BPDU

Filtering. The following table lists all the BPDU Filtering combinations.

OL-29545-03

Cisco Nexus 3000 Series NX-OS Layer 2 Switching Configuration Guide, Release 6.x

Understanding BPDU Guard

105

Table of Contents

Show Quick Links

Quick Links:
Vlans
Configuring Vlan Mapping for Selective Q-In-Q...

Hide quick links:

Table of Contents

Understanding Bpdu Guard; Understanding Bpdu Filtering - Cisco Nexus 3000 Series Configuration Manual

Understanding BPDU Guard

Understanding BPDU Filtering

Hide quick links:

Related Manuals for Cisco Nexus 3000 Series

Related Content for Cisco Nexus 3000 Series

Table of Contents