Timers: You actually don't need to set timers on all switches in your LAN environment you need to have it set only on the root switch and the rest of switches will inherit those parameters ;)
Configuring router to send BPDU to switch so you can test BPDU guard and BPDU filter.
(conf-t)
bridge 1 protocol iee
int fa0/1
bridge-group 1
Now for the router to start sending BPDU's remember you need to shut/unshut interface
Rack1R4-basicIP#show span 1
Bridge group 1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 001c.587d.c001
Configured hello time 2, max age 20, forward delay 15
Current root has priority 24577, address 001b.2aa7.8200
Root port is 5 (FastEthernet0/1), cost of root path is 38
Topology change flag not set, detected flag not set
Number of topology changes 3 last change occurred 00:02:21 ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 5 (FastEthernet0/1) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.5.
Designated root has priority 24577, address 001b.2aa7.8200
Designated bridge has priority 28673, address 0026.51e6.9780
Designated port id is 128.6, designated path cost 19
Timers: message age 7, forward delay 0, hold 0
Number of transitions to forwarding state: 2
BPDU: sent 1, received 140 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 1 BPDU sent
BPDU Filter and BPDU guard
BPDU guard simply shuts the port and put it in err-disable mode once a bpdu is received note that both modes need portfast as well to be enabled on interface
BPDU Filter : when recieve BPDU on a portfast enabled interface (i call it stupidity) it disables port fast !
Rack1SW4-basicIP(config)#spanning-tree portfast bpdufilter default
Rack1SW4-basicIP#show spanning-tree interface FastEthernet0/4 portfast
VLAN0001 disabled <<<<<<<<<<<<<<<<<<< After sending BPDU from adjacent router
ERR-Disable recovery
If you don't want the hassle of shutting and unshut ports when they go into err-disable there's this sweet err-disable recovery command
Rack1SW4-basicIP(config)#errdisable recovery cause bpduguard
Rack1SW4-basicIP(config)#errdisable recovery interval 120 <<<<<<<<<<< 120 seconds to recover
Configuring router to send BPDU to switch so you can test BPDU guard and BPDU filter.
(conf-t)
bridge 1 protocol iee
int fa0/1
bridge-group 1
Now for the router to start sending BPDU's remember you need to shut/unshut interface
Rack1R4-basicIP#show span 1
Bridge group 1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 001c.587d.c001
Configured hello time 2, max age 20, forward delay 15
Current root has priority 24577, address 001b.2aa7.8200
Root port is 5 (FastEthernet0/1), cost of root path is 38
Topology change flag not set, detected flag not set
Number of topology changes 3 last change occurred 00:02:21 ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 5 (FastEthernet0/1) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.5.
Designated root has priority 24577, address 001b.2aa7.8200
Designated bridge has priority 28673, address 0026.51e6.9780
Designated port id is 128.6, designated path cost 19
Timers: message age 7, forward delay 0, hold 0
Number of transitions to forwarding state: 2
BPDU: sent 1, received 140 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 1 BPDU sent
BPDU Filter and BPDU guard
BPDU guard simply shuts the port and put it in err-disable mode once a bpdu is received note that both modes need portfast as well to be enabled on interface
BPDU Filter : when recieve BPDU on a portfast enabled interface (i call it stupidity) it disables port fast !
Rack1SW4-basicIP(config)#spanning-tree portfast bpdufilter default
Rack1SW4-basicIP#show spanning-tree interface FastEthernet0/4 portfast
VLAN0001 disabled <<<<<<<<<<<<<<<<<<< After sending BPDU from adjacent router
ERR-Disable recovery
If you don't want the hassle of shutting and unshut ports when they go into err-disable there's this sweet err-disable recovery command
Rack1SW4-basicIP(config)#errdisable recovery cause bpduguard
Rack1SW4-basicIP(config)#errdisable recovery interval 120 <<<<<<<<<<< 120 seconds to recover
RSS Feed