How to distinguish BPDU filter and BPDU protection?

Created: Apr 23, 2019 19:20:49Latest reply: Apr 24, 2019 08:51:08 163 3 0 0
  Rewarded Hi-coins: 0 (problem resolved)

How to distinguish BPDU filter and BPDU protection


  • x
  • convention:

Featured Answers
Moderator Created Apr 23, 2019 19:39:16 Helpful(0) Helpful(0)

Hi there!

On a network running a Spanning Tree Protocol, if a port connected to terminals is configured as an edged-port, the portwill not participate in the Spanning Tree calculation. This speeds up the network convergence and improves network stability. 

However, this port will still send BPDUs. And it will lose its edge port attributes after receiving BPDUs. The BPDUfilter and BPDU protection are used to address this two problems, respectively.

Here is a simple comparison:
                                         
  
 
  
  BPDU  filter

  
  BPDU protection

  
  command

  
  system  or interface view:

  stp  bpdu-filter enable

  
  system  view:

  stp  bpdu-protection

  
  function

  
  edge port  that receives BPDUs will enter the Error-Down

  
  edge port  will Not send BPDUs

  

  • x
  • convention:

All Answers
Popeye_Wang Moderator Created Apr 23, 2019 19:39:16 Helpful(0) Helpful(0)

Hi there!

On a network running a Spanning Tree Protocol, if a port connected to terminals is configured as an edged-port, the portwill not participate in the Spanning Tree calculation. This speeds up the network convergence and improves network stability. 

However, this port will still send BPDUs. And it will lose its edge port attributes after receiving BPDUs. The BPDUfilter and BPDU protection are used to address this two problems, respectively.

Here is a simple comparison:
                                         
  
 
  
  BPDU  filter

  
  BPDU protection

  
  command

  
  system  or interface view:

  stp  bpdu-filter enable

  
  system  view:

  stp  bpdu-protection

  
  function

  
  edge port  that receives BPDUs will enter the Error-Down

  
  edge port  will Not send BPDUs

  

  • x
  • convention:

Hamid_84102332 Created Apr 23, 2019 19:39:23 Helpful(0) Helpful(0)

BPDU FILTER
============
As defined in RSTP, a port that is located at the edge of a network and directly connected to a terminal device is an edge port.

Edge ports can still send BPDUs. If the BPDUs are sent to another network, this network may encounter network flapping. To prevent this problem, configure the BPDU filter function on edge ports so that the edge ports do not process or send BPDUs.
check below link
https://support.huawei.com/hedex/pages/EDOC1100037168AEI0129V/07/EDOC1100037168AEI0129V/07/resources/dc/dc_cfg_stp_0023.html?ft=0&fe=10&hib=10.3.4.14.9.8&id=dc_cfg_stp_0023&text=Configuring%20Edge%20Ports%20and%20BPDU%20Filter%20Ports&docid=EDOC1100037168

BPDU protection
=========
Edge ports are directly connected to user terminals and, in most cases, will not receive BPDUs. However, attackers may send pseudo BPDUs to attack the switch with edge ports. In this case, if the edge ports receive the BPDUs, they are then configured as non-edge ports and spanning tree recalculation is triggered. Network flapping then occurs. Such attacks can be mitigated using BPDU protection on switches with edge ports. After BPDU protection is enabled on the switch, the switch shuts down an edge port if the edge port receives a BPDU.

check below link
https://support.huawei.com/hedex/pages/EDOC1100037168AEI0129V/07/EDOC1100037168AEI0129V/07/resources/dc/dc_cfg_vbst_0029.html?ft=0&fe=10&hib=10.3.4.16.9.1&id=dc_cfg_vbst_0029&text=Configuring%20BPDU%20Protection%20on%20the%20Switch&docid=EDOC1100037168
  • x
  • convention:

Sprout Created Apr 24, 2019 08:51:08 Helpful(0) Helpful(0)

Thank you very much @all
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top