spanning-tree bpdufilter enable
The spanning-tree bpdufilter enable command disables BPDU transmission and reception on a specific interface, effectively preventing the interface from participating in STP, and is used to secure edge ports or reduce unnecessary BPDU traffic.
spanning-tree bpdufilter enableWhen to Use This Command
- On an access port connected to a host that should never receive BPDUs, to prevent accidental STP topology changes.
- On a port connected to a device that does not support STP, to avoid BPDU processing and potential loops.
- On a port where BPDU guard is not sufficient and you want to completely disable STP participation.
- In a lab environment to isolate a switch from the STP domain for testing purposes.
Command Examples
Enabling BPDU Filter on an Access Port
interface GigabitEthernet0/1
spanning-tree bpdufilter enableSwitch(config-if)# spanning-tree bpdufilter enable Switch(config-if)# end Switch# show spanning-tree interface GigabitEthernet0/1 detail Port 1 (GigabitEthernet0/1) of VLAN0001 is designated forwarding Port path cost 4, Port priority 128, Port identifier 128.1. Designated root has priority 32768, address aaaa.bbbb.cccc Designated bridge has priority 32768, address aaaa.bbbb.cccc Designated port id is 128.1, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 0, received 0 Bpdufilter is enabled
The command enables BPDU filter on the interface. The output shows that BPDU filter is enabled (Bpdufilter is enabled). The BPDU counters show sent 0, received 0, indicating no BPDUs are being processed. The port remains in designated forwarding state but does not participate in STP BPDU exchange.
Verifying BPDU Filter Status on Multiple Ports
show spanning-tree interface GigabitEthernet0/1 detail | include BpdufilterBpdufilter is enabled
This command filters the output to show only the BPDU filter status line. It confirms that BPDU filter is enabled on the specified interface.
Understanding the Output
The 'show spanning-tree interface <interface> detail' command displays detailed STP information for a specific interface. Key fields include: 'Bpdufilter is enabled' indicates the filter is active. 'BPDU: sent X, received Y' shows the count of BPDUs sent and received; with filter enabled, these should be 0. The port state (e.g., 'designated forwarding') shows the STP state, but with BPDU filter, the port does not exchange BPDUs, so it may remain forwarding even if loops exist. Good values: BPDU counters at 0 and Bpdufilter enabled. Bad values: non-zero BPDU counters indicate filter not working. Watch for: ports that should be edge ports but are sending/receiving BPDUs, which could cause STP issues.
CCNA Exam Tips
CCNA exam tip: BPDU filter is configured per interface and disables both sending and receiving BPDUs; it is different from BPDU guard which only shuts down the port upon receiving a BPDU.
CCNA exam tip: BPDU filter should only be used on access ports connected to end devices; using it on trunk ports can cause loops.
CCNA exam tip: The exam may test the difference between BPDU filter, BPDU guard, and root guard; know that BPDU filter completely stops STP participation.
CCNA exam tip: Remember that BPDU filter can be enabled globally with 'spanning-tree portfast bpdufilter default' but per-interface configuration overrides global.
Common Mistakes
Mistake 1: Enabling BPDU filter on trunk ports, which can cause loops because the port will not send or receive BPDUs to detect loops.
Mistake 2: Confusing BPDU filter with BPDU guard; BPDU guard errdisables the port upon receiving a BPDU, while BPDU filter silently discards BPDUs.
Mistake 3: Forgetting that BPDU filter also prevents the port from sending BPDUs, which may prevent the switch from participating in STP and cause bridging loops.
Related Commands
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions