Scenario:
For this lab you need REAL hardware. You can’t use switches in GNS3!
You need at least Catalyst 2950 switches for this lab.
You are working as the network engineer at a school located in Germany. The network has been having issues last month after students took a CCNA class. You want to make sure the access layer of the network is more secure. When students try to mess with spanning-tree it should block the interface they are connected to.
Goal:
- Configure SW1 so it does not send any BPDUs towards router Neo. Any BPDU that you receive from router Neo should be ignored.
It took me 1000s of hours reading books and doing labs, making mistakes over and over again until I mastered all the switch protocols for CCNP.
Would you like to be a master of switching too? In a short time without having to read 900 page books or google the answers to your questions and browsing through forums?
I collected all my knowledge and created a single ebook for you that has everything you need to know to become a master of switching.
You will learn all the secrets about spanning-tree, BPDUs, filtering and more.
Does this sound interesting to you? Take a look here and let me show you how to Master CCNP SWITCH
IOS:
Basic IOS for the switches should be sufficient. No special features needed.
Topology:
Video Solution:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
Hello Rene,
Thanks for video.
I have confusion regarding the global config command
[b]spanning-tree portfast bpdufilter default .[/b]
would you please say the difference between above command and spanning-tree bpdufilter enable at interface level command?
what happened when bpdufilter enable port receives bpdu?
Thanks.
Thanks and good question!
If you enable BPDU filter on the interface then it will not send or receive any BPDUs. Basically you are [b]disabling spanning-tree on the interface[/b] so it’s a dangerous command.
If you enable BPDU filter globally you will enable BPDU filter on all interfaces that have portfast configured on them. It will prevent these interfaces from sending or receiving BPDUs. However…if you receive a BPDU on this interface it will [b]disable BPDU filter[/b].
My confusion is clear now.
I really love to watch video solution. It helps me a lot to prepare and passed my CCNP Switch exam.
Thanks Rene.
I’m glad you like them 🙂
Hi Rene,
Do you have any labs that shows portfast is disabled & BPDUs are processed when spanning-tree portfast bpdufilter default is configured globally?
Thanks in advanced.