Hello Fadi
Thanks a lot
1 Like
Hello Laz
Thanks a lot
1 Like
Does anyone have a use case for BPDUfilter? I have come up empty handed 
I have seen a topology connecting a provider network L2 topology to a customer network L2 topology, however, I miss the explanation on when that would ever happen
Hello Orla
Take a look at this NetworkLessons note on the BPDU filter feature for more info.
One possible use case is when you have a multi-tenant situation, where a building owner provides network facilities to tenants. You donât want the tenants to participate in the STP of the network infrastructure, you can use BPDU filter to essentially ignore all BPDUs that arrive on such a port. That way, the port wonât go down, but will not be affected by any STP attempts, whether malicious or not. You can have a similar situation with a provider L2 network as well, the idea and logic are the same.
I hope this has been helpful!
Laz
Thanks, Laz -
That actually makes sense 
/ Orla
1 Like
Hi Rene,
Do you know what exactly happens when BPDU filter is enabled on trunk port between switches? It is recommended to do that? For example my scenario is with a Core Cisco switch and a Core Ruckus both working with 802.1w (rstp), where the Cisco Core is the root of all the vlans, but not all are consumed on the Ruckus Core side, only some vlans cross over the trunk link between them. I cannot find a clear answer on that anywhere. Core Cisco switch stp priority 0 and Core Ruckus switch stp priority 4096.
Does anyone know something about this topic or scenario?
Thanks
Hello Miguel
BPDU Filter should not be used on interfaces that connect to other switches, including both trunks and access ports. By doing so, you are essentially disabling STP on that port, so the connected switch will not be able to participate in STP. If you do employ such a configuration, it should be done with great caution, as it can cause a Layer 2 loop.
For more info, take a look at this NetworkLessons note on STP BPDU Filter.
In your particular case, you have some VLANs on the Cisco switch that are not included on the trunk to the Ruckus switch, correct? If the Cisco core switch is root for all VLANs, you should be OK. What is it that you want to achieve? Let us know a little bit more so that we can help you further.
I hope this has been helpful!
Laz
Hello team,
What i tried, unable to find similar global command on Cisco IOSvL2 related to BPDU filter and guard, instead i found attached one, please let me know the difference, which one should i pick (edge, network or normal).
attachment,
Hello Nahro
The difference you see here in commands has to do with the version of STP that is running. Rapid STP uses the edgeport keyword. What STP version is active will depend upon the platform and IOS being used, and the default STP version being used on that particular platform/IOS version.
Here is the command reference for the spanning-tree portfast edge bpdufilter default command:
And here is the command reference for the spanning-tree portfast bpdufilter default command:
Take a look at this thread for some more info on these commands that you see in your output:
I hope this has been helpful!
Laz
1 Like
Thanks so much Sir Laz,
1 Like
iâve noticed that bpduguard and bpdufilter can be configured without spanning-tree portfast. My question is if whether bdpuguard or bpdufilter is enabled per interface or globally takes effect or not when spanning-tree portfast is not activaded (whether per interface or globally)
Hello Juan
Thatâs an interesting question. Indeed, the behavior of both BPDUFilter and BPDUGuard change somewhat when applied to ports with or without PortFast, and also when applied globally or on a per-interface basis. I created a NetworkLessons note on the topic to respond to your question.
If you have any further questions, let us know!
I hope this has been helpful!
Laz
1 Like