Search

What is BPDU Filter and how to configure BPDU Filter in Cisco Switches

BPDU Filter feature also can be enabled on an access port that should never receive a BPDU (Example: an end device like a workstation or a server). If a switch port which is configured with Spanning Tree Protocol (STP) PortFast feature, it must be connected to an end device. The Spanning Tree Protocol (STP) PortFast is enabled only on access ports to speed up the transition of access port to STP forwarding state. End devices are not supposed to generate BPDUs, because in a normal network environment, BPDU messages are exchanged by network switches.

BPDU Filter feature can be enabled globally at Global configuration mode or per interface at Interface configuration mode.

BPDU Filter feature act in two different ways when it is configured on Global level or Interface level. If BPDU Filter feature is enabled on a Global level, BPDU Filter is applied to all Spanning Tree Protocol (STP) PortFast enabled ports. If any BPDUs are received on that port, the PortFast feature is disabled and the port will become a normal STP port.

When BPDU Filter is enabled on Interface level, BPDU Filter will not send out BPDUs and avoid the processing of received BPDUs. This behaviour can completely disable Spanning Tree Protocol (STP) on that interface. Beware... This can potentially create damage to the network by forming a layer 2 switching loop, if switches are connected to BPDU Filter enabled port (at interface level) accidently.

 

How to configure BPDU Filter Globally at Global Configuration Mode

Below configuration commands enable BPDU Filter by default on all PortFast edge ports.

OmniSecuSW1#configure terminal
OmniSecuSW1(config)#spanning-tree portfast edge bpdufilter default
OmniSecuSW1(config)#exit
OmniSecuSW1#

Below configuration commands disable BPDU Filter on all PortFast edge ports.

OmniSecuSW1#configure terminal
OmniSecuSW1(config)#no spanning-tree portfast edge bpdufilter default
OmniSecuSW1(config)#exit
OmniSecuSW1#

 

How to configure BPDU Filter per interface at Interface Configuration Mode

Below configuration commands enable BPDU Filter for an interface.

OmniSecuSW1#configure terminal
OmniSecuSW1(config)#interface giga 0/0
OmniSecuSW1(config-if)#spanning-tree bpdufilter enable
OmniSecuSW1(config-if)#exit
OmniSecuSW1(config)#exit
OmniSecuSW1#

 

Below configuration commands disable BPDU Filter for an interface.

OmniSecuSW1#configure terminal
OmniSecuSW1(config)#interface giga 0/0
OmniSecuSW1(config-if)#spanning-tree bpdufilter disable 
OmniSecuSW1(config-if)#exit
OmniSecuSW1(config)#exit
OmniSecuSW1#
Related Tutorials