Switching Techniques : BPDU Filter and Guide

Well today we will discuss on the traditional switching topic. This is one of the most important topic as well and generally asked by the interviewers as well. Although there are other topics related to BPDU filter and BPDU guide like root guard. we will discuss the root guard as well in another article. Some of them are also called these features BPDU guide, BPDU filtering and Root Guard as security mechanism in STP ( Spanning Tree Protocol )

BPDU Guard :
Before you have to understand the concept of BPDU guard you may know the concept of enabling the port fast at the access layer switches port. PortFast provides fast network access by coming directly in standard pressure forwarding state (bypassing listening and learning state). 

BPDU guard is used to denied the BPDUs on the access ports where port fast is enabled so that the port will not be going into the err disabled state.

Fig 1.1- Enabling BPDU Guard
BPDU guard will be configured in two ways. If you configured the BPDU guard in the global mode then it will be enabled on all the access ports in the switch. secondly you can configured the BPDU Guard on the specific port as well.

Fig 1.2- Diagram showing the BPDU guard from Attacker

BPDU guard should be configured on all switchs ports where STP PortFast is enabled. This prevents any possibility that a switch will be added to the port  either intentionally or by mistake.

BPDU Filtering : 
Staring with the concept of the BPDU Filtering, It allows to stop sending/receiving BPDUs on a port depending you configured your access ports in the switched network.

Fig 1.3- BPDU Filter

BPDU filtering is enabled in the global mode of the switch and enabled on the ports where port-fast is enabled. When can Access port received BPDU the port will lose PortFast status and  BPDU Filtering will be disabled. The port is then taking back to normal STP operation and sends/receives BPDUs

Fig 1.4 - BPDU Filter spanning tree 

Note: if you enable BPDU Guard on the same interface as BPDU Filtering, BPDU Guard has no effect because BPDU Filtering takes precedence over BPDU Guard. configuration of BPDU Filtering is not a recommended configuration.

Popular Posts

Powered by Blogger.