Mr. Lammle,

On page 523 you state:

1. "...turning on BPDUGuard is a really good idea. If a switch port that has PortFast enabled receives a BPDU on that port, it will place the port into the error disabled state."

2. "BPDUFilter filtering will immediately take a port out of PortFast if it receives a BPDU by default, and force the port to be part of the STP topology again. Unlike BPDUGuard, which places the port into error disabled state, the BPDUFilter will keep a port up, but without PortFast running."

You then proceed to enable both BPDUFilter and BPDUGuard on the same interface.

My question: what happens when a BPDU is received if you enable both BPDUFilter and BPDUGuard on the same interface. Is the port placed into the error disabled state or is the port kept up and integrated into the STP topology. It would seem that these two are mutually exclusive.

Thanks!

dear bdestefanis,
The answer to your question is at page 524 just after the commands. Todd wrote-
..you typically would use one command or the other....
He used both of two commands just to show the usage of them.

The question was "what happens when a BPDU is received if you enable both BPDUFilter and BPDUGuard on the same interface." You may have missed it, as I forgot to punctuate it with a question mark.

-b

bdstefanis

Bpduguard seems to be having precedence over bpdufileter when configured together. But the standard practice is you configure either one and not both.

My book was just showing an example of how to configure both.
If you use portfast, you should enable bpduguard, period.
You want a portfast port to go into err-disabled mode if it receives a BPDU.

Thanks Todd.
I should have indicated that the best practice is to go with bpduguard.

BPDUfilter effectively turns off spanning tree for that port, so you should never use it unless you know for certain that nothing connected to it can form a loop.