• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1185
  • Last Modified:

BDPU guard vs filter

Hi,

Assuming that a particular distribution switch is supppliying individual access ports to customers, what would be the general opinion regarding the use of BPDU guard vs BPDU filter. Virtually all connections to customer equipment will be single ports only, however, the occasional customer will have two ports (supplied via different distribution switches for resiliance). Ideally, we  do not want any BPDUs from customers equipment reaching the core network which BPDU filter achieves. I'm also aware, however, that the use of BPDU filter when a customer has two seperate ports that are connected to the same switch or similar can cause severe loop problems.
Any suggestions as to the best combination/use of filter or guard would be appreciated.

Thanks...
0
PhilMacavity
Asked:
PhilMacavity
1 Solution
 
klinko2kCommented:
BPDU filter will not allow BPDUS in but keep the port operational.  BPDU guard will shut down the port if it receives a BPDU.  You more than likely don't want to shut the port down if it is customer facing.  Use BPDU filter.
0
 
PhilMacavityAuthor Commented:
Hi Klinko2k,

You are correct in your comment regarding not wanting to shutdown a  port if it is customer facing, however, we would rather this happen than a loop occur which could affect a significant amount of customers. A loop would only normally occur if a two or more ports connecting to the same customer infrastructure had BPDU filter enabled and this should not happen assuming that the correct installation/configuration process has been followed (disable BPDU filter for customers with more than one port). What we are loooking for is some mechanism, if one exists, to protect against this sort of issue which would invariably be caused by human error.

Thanks.....
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now