
The [BPDU Filter feature](/stp-bpdu-filter) of [Spanning Tree Protocol (STP)](/spanning-tree-protocol-stp) is used in enterprise networks to enhance network stability and security by managing the transmission and reception of [BPDUs](/stp-bpdu-types) on specific ports. In a typical enterprise network with numerous access switches connecting end-user devices (e.g., computers, IP phones, printers), these [access ports](/switchport-access) are not meant to participate in STP since end-user devices do not need to send or receive BPDUs.

If an end-user connects a rogue switch to one of these access ports, it can start sending BPDUs, potentially disrupting the STP topology and causing network instability, [Layer 2 loops](/loops-in-layers-2-and-3), and outages. Enabling BPDU Filter on all user-facing access ports ensures that only legitimate network devices (such as core and distribution switches) participate in STP. This setup helps maintain a stable and secure network environment, even if users inadvertently or maliciously connect unauthorized networking devices.

Links:

https://forum.networklessons.com/t/spanning-tree-bpdufilter/1143/36?u=lagapidis

https://networklessons.com/spanning-tree/spanning-tree-bpdufilter/

STP - BPDU Filter Use Cases

Routing - directed broadcast

Routing - fully specified route

Routing - ip default-network command

Routing - l2transport

Routing - link-local IPv6 next hop address needs exit interface

Routing - network vs redistribute connected commands

Routing - redistribute command

Routing - redistribution and the routing table

Routing - route tagging

Routing - seed metrics

Routing - what is a WAN port

Routing - what is recursive routing

Routing - what is redistribution

Routing NX-OS passive-interface default

Routing Table

Routing in both directions

Routing what if the administrative distance is the same

Routing

SD-WAN - EVE-NG connection options

SD-WAN - Unique Site IDs for vEdges

SD-WAN - cEdge

SD-WAN - vAnalytics

SD-WAN - vBond

SD-WAN - vEdge full mesh

SD-WAN - vEdge vs cEdge

SD-WAN - vEdge

SD-WAN - vManage

SD-WAN - vSmart

SD-WAN set TLOC color

SD-WAN

SDN - what is orchestration

SG300-10 - InterVLAN routing defaults

SNMP - Engine ID

SNMP - Index shuffling

SNMP - Simple Network Management Protocol

SNMP - Version 3 security levels

SNMP - snmp-server community and host commands

SNMP monitoring routing on a Nexus device

SNMP trap vs inform

SNMP walk

SPAN capturing control packets

SPAN multiple destination ports on Cisco IOS device

SPAN using VLANs as a source on a Nexus device

SPAN

SSH - domain-name prerequisite

SSH connectivity - troubleshooting

STP - Aging time reduction with a TCN

STP - Aging time return to default

STP - BPDU generation and port roles

STP - BPDUGuard, BPDUFilter, and Portfast

STP - BPDUs on a switch where STP is disabled

STP - BPDUs, VLAN IDs, and PVST+

STP - Cost of last link added by receiving switch

STP - Disabling spanning-tree

STP - Dispute

STP - Factors to Consider When Choosing a Root Bridge

STP - Learning State

STP - MST CIST Root

STP - MST CST and CIST

STP - MST Virtual Bridge and its role in interfacing with other STP topologies

STP - MST and PVST+ selecting root port

STP - MST maps groups of VLANs

STP - MST region attributes

STP - MST viewed as a single switch by PVST+

STP - Max Age vs Message Age

STP - Multiple Spanning Tree (MST)

STP - Multiple types of STP on the same switch

STP - PVST+ and Rapid PVST+ interaction

STP - Per VLAN Spanning Tree plus (PVST+)

STP - RSTP BPDU Flags and their usage

STP - RSTP EdgePort

STP - RSTP Proposal Timer Operation

STP - RSTP convergence process

STP - RSTP port roles

STP - RSTP prerequisites for immediate move to forward state

STP - RSTP proposal-agreement process

STP - RSTP while timer cannot be observed

STP - RSTP while timer

STP - Root Inconsistency State

STP - Root Link Query (RLQ) BPDU

STP - Shortest Path Bridging (SPB)

STP - Time to select root bridge

STP - Topology Change Acknowledgement (TCA)

STP - UDLD and Fiber Links

STP - Understanding MST regional root identifier and proposal-agreement process

STP - UplinkFast and reconvergence

STP - UplinkFast and root port delay timer

STP - UplinkFast

STP - bridge priority

STP - connecting one port to another port on the same switch

STP - determining the blocked port using port ID

STP - port identification

STP - port roles

STP - port states

STP - spanning-tree root primary command

STP - what bridge ID does the MST region use

STP - what is a topology change

STP BPDU Filter