BPDUGuard/Filter

Sy KosysSy Kosys Posts: 105Member ■■□□□□□□□□
This topic/subject is the bane of my existence, and just to add more crap to the sh*t-sandwich have some RootGuard with LoopGuard on top with a side of IP Source Guard.

Head. Gonna. Explode.

Most everything else (studying/labbing for Switch, btw) has really clicked. I am a bit surprised how quickly the FHRP concepts and configurations (9and core knowledge) has taken root upstairs. Private VLANs and SPAN/RSPAN weren't too bad either, but that GD mf'ing BPDUx is gonna bring disco back, I swear.

ARRRRGHHHHH

/rant

Now, back to the books
"The size of your dreams must always exceed your current capacity to achieve them. If your dreams do not scare you, they are not big enough.”
― Ellen Johnson Sirleaf

Comments

  • shortstop20shortstop20 Posts: 161Member ■■■□□□□□□□
    Try some videos like Live Lessons, CBT Nuggets or INE. Maybe you just need it explained in a way different than the book does it.

    I would consider BPDUGuard/Filter two of the easier subjects in the Switch book.
    CCNA Security - 6/11/2018
    CCNP TShoot - 3/7/2018
    CCNP Route - 1/31/2018
    CCNP Switch - 12/10/2015
    CCNA R/S - 1/14/2015
  • hurricane1091hurricane1091 Posts: 918Member ■■■■□□□□□□
    We use bpdu guard on access ports. If you enable it globally though, it only affects port fast enabled ports. BPDUs are sent out but if one is received, the port goes err disabled.

    BPDU filter enabled globally only affects port fast enabled ports. I think BPDUs are only sent out initially, then not at all. If a bpdu is received, the port loses portfast status but is enabled and goes thru STP process.
  • Sy KosysSy Kosys Posts: 105Member ■■□□□□□□□□
    thanks for the support guys (or gals, lets be real here)

    I've got the OCG for the new exam, plus the FLG for the old one, and the CBT videos....ALL of it is helpful and informative, I'm just struggling with retention and application and impact etc...

    Anyways...exam is coming up in a couple very short weeks, hopefully will have this nailed by then and NOT having forgotten the rest of the L2 stuff lol.

    Thanks!
    "The size of your dreams must always exceed your current capacity to achieve them. If your dreams do not scare you, they are not big enough.”
    ― Ellen Johnson Sirleaf
  • joetestjoetest Posts: 99Member ■■□□□□□□□□
    heheh.. if this is your only problem.. you're pretty much set! icon_wink.gif

    It's quite simple actually:
    Bpduguard enabled on a port/globally: I will block this port if I receive any BPDUs!
    Bpdufilter enabled globally: Disable spanning tree on all portfast(aka edge port) ports and remove the filter if I receive a BPDU(enable STP process).
    Bpdufilter enabled per interface: Disable spanning tree and ignore incoming BPDUs! (Dangerous!!)

    root guard: If I receive a BPDU with better priority than the current STP Root I'll block the port until it stops! (root-insistent)
    loop guard: If a non-designated(altn, root) port stops receiving BPDUs as it should I will block it until it starts receiving proper BPDUs again! (loop-inconsistent).

    You have safaribooks? Go watch a few videos like the one from Kevin Wallace(Lesson 3.13: Features that Increase STP Stability (15:01 mins))
  • Danielh22185Danielh22185 Posts: 1,195Member
    I know your pain! These are definitely odd ones to nail down as the globally enabled options behave differently than the port-enabled options. I would also suggest watching some video content too. Chris Bryant does a very great job of explaining as well. His stuff is super cheap on Udemy. https://www.udemy.com/ccnpallinone/
    Currently Studying: IE Stuff...kinda...for now...
    My ultimate career goal: To climb to the top of the computer network industry food chain.
    "Winning means you're willing to go longer, work harder, and give more than anyone else." - Vince Lombardi
  • Sy KosysSy Kosys Posts: 105Member ■■□□□□□□□□
    I found this graphical representation on the interwebz which, in addition to the earlier posts in this thread, does help pound the point home:



    Meanwhile the port security, aaa, and remaining L2 stuff is being retained. I'm trying not to kill too many brain cells before exam day lol, which BTW i've decided to accelerate to next Tuesday. So Im focused now on the BPDUx reading and video materials, and practice testing the others to keep it fresh.

    Thanks to you all for chiming in and helping a frustrated soul through this :)
    "The size of your dreams must always exceed your current capacity to achieve them. If your dreams do not scare you, they are not big enough.”
    ― Ellen Johnson Sirleaf
Sign In or Register to comment.