What is the effect of configuring the following command on a switch?
Switch(config) # spanning-tree portfast bpdufilter default
A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for PortFast, the port transitions to the forwarding state.
D. The command enables BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.
B is the correct answer
This is from the Book Offcial Cert Guide
You can use BPDU filtering to effectively disable STP on port fast enable ports, if you disable port fast, bpdu filtering will be disabled too. With BPDU filtering enable no BPDU are send or processed
The correct answer is A
I will explaing quoting from the CISCO website
“you can enable BPDU filtering on Port Fast-enabled interfaces by using the spanning-tree portfast bpdufilter default global configuration command….
If a BPDU is received on a Port Fast-enabled interface, the interface loses its Port Fast-operational status, and BPDU filtering is disabled.”
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html#35828
This confused me at first too, but A is correct. BPDUfilter behaves differently when enabled globally or at the interface level. You’ll notice the command in the question is issued from global configuration mode, also, the interface mode configuration command is “spanning-tree bpdufilter enable” not “spanning-tree portfast bpdufilter default” as shown here. When enabled globally, all ports configured with portfast will lose their portfast status when a BPDU is received and begin to participate in STP normally.
Hi undercoveralien,
I don’t follow, so what is the point configuring portfast and bpdufilter on an interface if as soon as a BDPU arrives the portfast and bpdu are deactivated ?
I also agree.
B is the correct answer.
How does answer A have anything to do with BPDU filter?
B would be true if it was about BPDU filter, not PortFast.
D might be the best answer…
B
it enables BPDUfilter, on all ports that are, portaccess enabled.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html
Yes, I agree with you.
Letter B is correct.
BPDU Filter prevents specified ports from sending or receiving BPDUs. Again, there are two methods to configure this feature: globally (spanning-tree portfast bpdufilter default) and per interface (spanning-tree bpdufilter enable). The interface configuration filters both incoming and outgoing BPDUs unconditionally – independent of the operational PortFast state or access/trunk mode. This is effectively the equivalent of turning off STP. This can be very dangerous because a permanent loop can easily be created. Interestingly enough, IOS does not display a warning message when this command is applied. Enabling PortFast on the wrong interface is not nearly as risky as BDPU Filter yet oddly IOS considers that significant enough to inform the administrator.
https://learningnetwork.cisco.com/blogs/vip-perspectives/2016/03/10/advanced-stp-features-portfast-bpdu-guard-and-bpdu-filter