STP - BPDU Filter Use Cases
The BPDU Filter feature of Spanning Tree Protocol (STP) is used in enterprise networks to enhance network stability and security by managing the transmission and reception of BPDUs on specific ports. In a typical enterprise network with numerous access switches connecting end-user devices (e.g., computers, IP phones, printers), these access ports are not meant to participate in STP since end-user devices do not need to send or receive BPDUs.
If an end-user connects a rogue switch to one of these access ports, it can start sending BPDUs, potentially disrupting the STP topology and causing network instability, Layer 2 loops, and outages. Enabling BPDU Filter on all user-facing access ports ensures that only legitimate network devices (such as core and distribution switches) participate in STP. This setup helps maintain a stable and secure network environment, even if users inadvertently or maliciously connect unauthorized networking devices.
Links:
https://forum.networklessons.com/t/spanning-tree-bpdufilter/1143/36?u=lagapidis
https://networklessons.com/spanning-tree/spanning-tree-bpdufilter/