Table of Contents
Advertisement
Chapter 16
Configuring Optional Spanning-Tree Features
The BPDU guard feature provides a secure response to invalid configurations because you must
manually put the interface back in service. Use the BPDU guard feature in a service-provider network
to prevent an access port from participating in the spanning tree.
You can enable the BPDU guard feature for the entire switch or for an interface.
Understanding BPDU Filtering
The BPDU filtering feature can be globally enabled on the switch or can be enabled per interface, but
the feature operates with some differences.
At the global level, you can enable BPDU filtering on Port Fast-enabled NNIs by using the
spanning-tree portfast bpdufilter default global configuration command. This command prevents
interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still
send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. You should globally
enable BPDU filtering on a switch so that hosts connected to these NNIs do not receive BPDUs. If a
BPDU is received on a Port Fast-enabled NNI, the interface loses its Port Fast-operational status, and
BPDU filtering is disabled.
At the interface level, you can enable BPDU filtering on any NNI by using the spanning-tree bpdufilter
enable interface configuration command without also enabling the Port Fast feature. This command
prevents the interface from sending or receiving BPDUs.
Enabling BPDU filtering on an NNI is the same as disabling spanning tree on it and can result in
Caution
spanning-tree loops.
You can enable the BPDU filtering feature for the entire switch or for an NNI.
Understanding EtherChannel Guard
You can use EtherChannel guard to detect an EtherChannel misconfiguration between the switch and a
connected device. A misconfiguration can occur if the switch NNIs are configured in an EtherChannel,
but the interfaces on the other device are not. A misconfiguration can also occur if the channel
parameters are not the same at both ends of the EtherChannel. For EtherChannel configuration
guidelines, see the
If the switch detects a misconfiguration on the other device, EtherChannel guard places the switch NNIs
in the error-disabled state, and displays an error message.
You can enable this feature by using the spanning-tree etherchannel guard misconfig global
configuration command.
Understanding Root Guard
The Layer 2 network of a service provider (SP) can include many connections to switches that are not
owned by the SP. In such a topology, the spanning tree can reconfigure itself and select a customer switch
as the root switch, as shown in
switch interfaces that connect to switches in your customer's network. If spanning-tree calculations
cause an interface in the customer network to be selected as the root port, root guard then places the
interface in the root-inconsistent (blocked) state to prevent the customer's switch from becoming the root
switch or being in the path to the root.
78-17058-01
"EtherChannel Configuration Guidelines" section on page
Figure
16-2. You can avoid this situation by enabling root guard on SP
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Understanding Optional Spanning-Tree Features
31-10.
16-3
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
