Options
Question About BPDU Guard
Garo
Member Posts: 20 ■□□□□□□□□□
in CCNA & CCENT
Hi, I'm studying for the ICND2 exam with Odom Wendell's book, and I've just read something that I wasn't able understand..
In the book says that the command BPDU guard enable should be used whenever the Portfast feature is enabled, because it discards the STP messages. OK understand that part... but then it says that it can avoid this exposure:
"Users could innocently harm the LAN when they buy and connect an inexpensive consumer LAN switch (one that does not use STP). Such a switch, without any STP function, would not choose to block any ports and would likely cause a loop. "
So my question is, in this case How BPDU guard is supposed to prevent a loop? I mean isn't it just supposed to discard the BPDU messages? Would a simple switch forward the STP messages of other switches?
thank you
In the book says that the command BPDU guard enable should be used whenever the Portfast feature is enabled, because it discards the STP messages. OK understand that part... but then it says that it can avoid this exposure:
"Users could innocently harm the LAN when they buy and connect an inexpensive consumer LAN switch (one that does not use STP). Such a switch, without any STP function, would not choose to block any ports and would likely cause a loop. "
So my question is, in this case How BPDU guard is supposed to prevent a loop? I mean isn't it just supposed to discard the BPDU messages? Would a simple switch forward the STP messages of other switches?
thank you
Comments
-
OptionsRynoR
Member Posts: 23 ■□□□□□□□□□
The way i understand it is once a bpdu is detected the port will go into error disable.
-
OptionsGaro
Member Posts: 20 ■□□□□□□□□□
Thank you very much for your answer RynoR,
But how is it supposed to receive a bpdu message from a switch that doesnt support STP? -
Options
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
If the attached switch didn't support stp, and a loop was created, the cisco switch with portfast enabled would be sending out bpdu's , these would get looped back to the originating cisco port. Since bpdu guard is enabled, the port would get disabled hence breaking the loop.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
OptionsGaro
Member Posts: 20 ■□□□□□□□□□
Thank you very much EdTheLad for your answer,
You mean that the switch that doesnt support STP would forward back the STP messages received from the other switch that supports STP?
If I'm getting it right then can you please explain me: A port that has got the BPDU Guard enable is supposed to send BPDU messages besides discarding the received ones? If not then how would the 2nd switch forward STP messages?
Thanks in advance! -
OptionsEdTheLad
Member Posts: 2,111 ■■■■□□□□□□
Yes, when you enable portfast, bpdu's are still sent. When you enable bpdu guard, the port is sending bpdu's and monitoring the line for received bpdu's. If a bpdu is received the port is disabled. If you want to stop sending bpdu's on an interface, use bpdu-filter, don't use guard and filter together
. Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
