
[BPDUGuard](/stp-bpdu-guard) and [BPDUFilter](/stp-bpdu-filter) are two features of [Spanning Tree Protocol (STP)](/spanning-tree-protocol-stp) that are used to change the way a switchport deals with [BPDUs](/stp-bpdu-types).  The behavior of each changes slightly based on whether or not the [PortFast](/stp-portfast) feature is enabled.  The following list describes the behavior in each case:

BPDUFilter:

- When enabled globally, PortFast interfaces will not send or receive any BPDUs. If a BPDU is received on an interface configured with PortFast, it loses its PortFast status, disables BPDU filtering and acts as a normal interface.  Note that it will only take effect on interfaces configured with PortFast.  All other interfaces will remain unaffected.
- When enabled on an interface, the port will simply ignore incoming BPDUs and will not send any BPDUs. If PortFast is enabled on such a port, it is simply ignored.  Such a configuration is equivalent of disabling spanning-tree.

BPDUGuard:

* When enabled globally using the `spanning-tree portfast bpduguard default` command in global configuration mode, it enables BPDUGuard on all interfaces configured with PortFast.  All other interfaces remain unchanged.
* When enabled on a per-interface basis, such interfaces will not send out any BPDUs.  If they receive a BPDU, they will go into an err-disabled state.  This configuration can be applied to ports whether they are configured with PortFast or not.

Links:

https://networklessons.com/spanning-tree/spanning-tree-bpduguard

https://networklessons.com/spanning-tree/spanning-tree-bpdufilter

https://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/trash/swstpopt.html#wp1095752

https://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/trash/swstpopt.html#wp1046220

STP - BPDUGuard, BPDUFilter, and Portfast

Routing - default gateway

Routing - default routing using DHCP

Routing - directed broadcast

Routing - fully specified route

Routing - ip default-network command

Routing - l2transport

Routing - link-local IPv6 next hop address needs exit interface

Routing - network vs redistribute connected commands

Routing - redistribute command

Routing - redistribution and the routing table

Routing - route tagging

Routing - seed metrics

Routing - what is a WAN port

Routing - what is recursive routing

Routing NX-OS passive-interface default

Routing Table

Routing in both directions

Routing what if the administrative distance is the same

Routing

SD-WAN - EVE-NG connection options

SD-WAN - cEdge

SD-WAN - vAnalytics

SD-WAN - vBond

SD-WAN - vEdge full mesh

SD-WAN - vEdge vs cEdge

SD-WAN - vEdge

SD-WAN - vManage

SD-WAN - vSmart

SD-WAN set TLOC color

SD-WAN

SDN - what is orchestration

SG300-10 - InterVLAN routing defaults

SNMP - Engine ID

SNMP - Index shuffling

SNMP - Simple Network Management Protocol

SNMP - Version 3 security levels

SNMP - snmp-server community and host commands

SNMP monitoring routing on a Nexus device

SNMP trap vs inform

SNMP walk

SPAN capturing control packets

SPAN multiple destination ports on Cisco IOS device

SPAN using VLANs as a source on a Nexus device

SPAN

SSH - domain-name prerequisite

SSH connectivity - troubleshooting

STP - Aging time reduction with a TCN

STP - BPDU generation and port roles

STP - BPDUs on a switch where STP is disabled

STP - Disabling spanning-tree

STP - Dispute

STP - Learning State

STP - MST and PVST+ selecting root port

STP - MST maps groups of VLANs

STP - MST region attributes

STP - MST viewed as a single switch by PVST+

STP - Multiple Spanning Tree (MST)

STP - PVST+ and Rapid PVST+ interaction

STP - Per VLAN Spanning Tree plus (PVST+)

STP - RSTP EdgePort

STP - RSTP convergence process

STP - RSTP port roles

STP - RSTP proposal-agreement process

STP - RSTP while timer

STP - Shortest Path Bridging (SPB)

STP - Topology Change Acknowledgement (TCA)

STP - bridge priority

STP - determining the blocked port using port ID

STP - port identification

STP - port roles

STP - port states

STP - what bridge ID does the MST region use

STP - what is a topology change

STP BPDU Filter

STP BPDU Guard

STP BPDU Types

STP BPDU destination MAC address

STP Cost Calculation Methods

STP Loop Guard

STP Max Age

STP Message Age

STP PortFast

STP Portfast Options

STP Root Bridge selection

STP Root Guard

STP Topology Change (TC) flag

STP Topology Change Timer

STP UDLD and Autonegotiation

STP UDLD

STP bridge priority values

STP changing link cost

STP configuring on EtherChannel

STP configuring portfast

STP contents of a BPDU

STP cost long mode

STP cost short mode

STP determining blocked port using cost

STP direct vs indirect link failure