BPDUGuard/Filter

Sy Kosys

This topic/subject is the bane of my existence, and just to add more crap to the sh*t-sandwich have some RootGuard with LoopGuard on top with a side of IP Source Guard.

Head. Gonna. Explode.

Most everything else (studying/labbing for Switch, btw) has really clicked. I am a bit surprised how quickly the FHRP concepts and configurations (9and core knowledge) has taken root upstairs. Private VLANs and SPAN/RSPAN weren't too bad either, but that GD mf'ing BPDUx is gonna bring disco back, I swear.

ARRRRGHHHHH

/rant

Now, back to the books

shortstop20

Try some videos like Live Lessons, CBT Nuggets or INE. Maybe you just need it explained in a way different than the book does it.

I would consider BPDUGuard/Filter two of the easier subjects in the Switch book.

hurricane1091

We use bpdu guard on access ports. If you enable it globally though, it only affects port fast enabled ports. BPDUs are sent out but if one is received, the port goes err disabled.

BPDU filter enabled globally only affects port fast enabled ports. I think BPDUs are only sent out initially, then not at all. If a bpdu is received, the port loses portfast status but is enabled and goes thru STP process.

Sy Kosys

thanks for the support guys (or gals, lets be real here)

I've got the OCG for the new exam, plus the FLG for the old one, and the CBT videos....ALL of it is helpful and informative, I'm just struggling with retention and application and impact etc...

Anyways...exam is coming up in a couple very short weeks, hopefully will have this nailed by then and NOT having forgotten the rest of the L2 stuff lol.

Thanks!

joetest

heheh.. if this is your only problem.. you're pretty much set!

It's quite simple actually:
Bpduguard enabled on a port/globally: I will block this port if I receive any BPDUs!
Bpdufilter enabled globally: Disable spanning tree on all portfast(aka edge port) ports and remove the filter if I receive a BPDU(enable STP process).
Bpdufilter enabled per interface: Disable spanning tree and ignore incoming BPDUs! (Dangerous!!)

root guard: If I receive a BPDU with better priority than the current STP Root I'll block the port until it stops! (root-insistent)
loop guard: If a non-designated(altn, root) port stops receiving BPDUs as it should I will block it until it starts receiving proper BPDUs again! (loop-inconsistent).

You have safaribooks? Go watch a few videos like the one from Kevin Wallace(Lesson 3.13: Features that Increase STP Stability (15:01 mins))

Danielh22185

I know your pain! These are definitely odd ones to nail down as the globally enabled options behave differently than the port-enabled options. I would also suggest watching some video content too. Chris Bryant does a very great job of explaining as well. His stuff is super cheap on Udemy. https://www.udemy.com/ccnpallinone/

Sy Kosys

I found this graphical representation on the interwebz which, in addition to the earlier posts in this thread, does help pound the point home:



Meanwhile the port security, aaa, and remaining L2 stuff is being retained. I'm trying not to kill too many brain cells before exam day lol, which BTW i've decided to accelerate to next Tuesday. So Im focused now on the BPDUx reading and video materials, and practice testing the others to keep it fresh.

Thanks to you all for chiming in and helping a frustrated soul through this