BDPU guard vs filter

Posted on 2009-02-18
Last Modified: 2013-12-24

Assuming that a particular distribution switch is supppliying individual access ports to customers, what would be the general opinion regarding the use of BPDU guard vs BPDU filter. Virtually all connections to customer equipment will be single ports only, however, the occasional customer will have two ports (supplied via different distribution switches for resiliance). Ideally, we  do not want any BPDUs from customers equipment reaching the core network which BPDU filter achieves. I'm also aware, however, that the use of BPDU filter when a customer has two seperate ports that are connected to the same switch or similar can cause severe loop problems.
Any suggestions as to the best combination/use of filter or guard would be appreciated.

Question by:PhilMacavity
    LVL 4

    Expert Comment

    BPDU filter will not allow BPDUS in but keep the port operational.  BPDU guard will shut down the port if it receives a BPDU.  You more than likely don't want to shut the port down if it is customer facing.  Use BPDU filter.
    LVL 1

    Accepted Solution

    Hi Klinko2k,

    You are correct in your comment regarding not wanting to shutdown a  port if it is customer facing, however, we would rather this happen than a loop occur which could affect a significant amount of customers. A loop would only normally occur if a two or more ports connecting to the same customer infrastructure had BPDU filter enabled and this should not happen assuming that the correct installation/configuration process has been followed (disable BPDU filter for customers with more than one port). What we are loooking for is some mechanism, if one exists, to protect against this sort of issue which would invariably be caused by human error.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    Title # Comments Views Activity
    Network type not correct. 8 48
    Cisco Route Tagging Problem 12 29
    Sonicwall Scheduling 4 16
    pfSense IP Helper 4 27
    Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now