BPDU Filtering
BPDU filtering is another way of preventing loops in the network. It also can
be enabled either globally or at the interface, and functions differently at
each. In global config, if a Portfast interface receives any BPDUs, it is taken
out of Portfast status. At interface config mode, it prevents the port from
sending or receiving BPDUs. The commands are:
■ (config)# spanning-tree portfast bpdufilter default
■ (config-if)# spanning-tree bpdufilter enable
Root Guard
Root Guard is meant to prevent the wrong switch from becoming the
Spanning Tree root. It is enabled on ports other than the root port and on
switches other than the root. If a Root Guard port receives a BPDU that
might cause it to become a root port, then the port is put into “root-inconsistent”
state and does not pass traffic through it. If the port stops receiving
these BPDUs, it automatically re-enables itself.
(config-if)# spanning-tree guard root