
[BPDUGuard](/stp-bpdu-guard) and [BPDUFilter](/stp-bpdu-filter) are two features of [Spanning Tree Protocol (STP)](/spanning-tree-protocol-stp) that are used to change the way a switchport deals with [BPDUs](/stp-bpdu-types).  The behavior of each changes slightly based on whether or not the [PortFast](/stp-portfast) feature is enabled.  The following list describes the behavior in each case:

BPDUFilter:

- When enabled globally, PortFast interfaces will not send or receive any BPDUs. If a BPDU is received on an interface configured with PortFast, it loses its PortFast status, disables BPDU filtering and acts as a normal interface.  Note that it will only take effect on interfaces configured with PortFast.  All other interfaces will remain unaffected.
- When enabled on an interface, the port will simply ignore incoming BPDUs and will not send any BPDUs. If PortFast is enabled on such a port, it is simply ignored.  Such a configuration is equivalent of disabling spanning-tree.

BPDUGuard:

* When enabled globally using the `spanning-tree portfast bpduguard default` command in global configuration mode, it enables BPDUGuard on all interfaces configured with PortFast.  All other interfaces remain unchanged.
* When enabled on a per-interface basis, such interfaces will not send out any BPDUs.  If they receive a BPDU, they will go into an err-disabled state.  This configuration can be applied to ports whether they are configured with PortFast or not.

## Links

https://networklessons.com/spanning-tree/spanning-tree-bpduguard

https://networklessons.com/spanning-tree/spanning-tree-bpdufilter

https://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/trash/swstpopt.html#wp1095752

https://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/trash/swstpopt.html#wp1046220

STP - BPDUGuard, BPDUFilter, and Portfast

Routing - ip default-network command

Routing - l2transport

Routing - link-local IPv6 next hop address needs exit interface

Routing - network vs redistribute connected commands

Routing - redistribute command

Routing - redistribution and the routing table

Routing - route tagging

Routing - seed metrics

Routing - what is a WAN port

Routing - what is recursive routing

Routing - what is redistribution

Routing NX-OS passive-interface default

Routing Table

Routing in both directions

Routing what if the administrative distance is the same

Routing

SD-WAN - EVE-NG connection options

SD-WAN - Unique Site IDs for vEdges

SD-WAN - cEdge

SD-WAN - vAnalytics

SD-WAN - vBond

SD-WAN - vEdge full mesh

SD-WAN - vEdge vs cEdge

SD-WAN - vEdge

SD-WAN - vManage

SD-WAN - vSmart

SD-WAN set TLOC color

SD-WAN

SDN - what is orchestration

SG300-10 - InterVLAN routing defaults

SNMP - Engine ID

SNMP - Index shuffling

SNMP - Simple Network Management Protocol

SNMP - Version 3 security levels

SNMP - snmp-server community and host commands

SNMP monitoring routing on a Nexus device

SNMP trap vs inform

SNMP walk

SPAN capturing control packets

SPAN multiple destination ports on Cisco IOS device

SPAN using VLANs as a source on a Nexus device

SPAN

SSH - domain-name prerequisite

SSH connectivity - troubleshooting

STP - Aging time reduction with a TCN

STP - Aging time return to default

STP - BPDU Filter Use Cases

STP - BPDU generation and port roles

STP - BPDUs on a switch where STP is disabled

STP - BPDUs, VLAN IDs, and PVST+

STP - Cost of last link added by receiving switch

STP - Disabling spanning-tree

STP - Dispute

STP - Factors to Consider When Choosing a Root Bridge

STP - Learning State

STP - MST CIST Root

STP - MST CST and CIST

STP - MST Virtual Bridge and its role in interfacing with other STP topologies

STP - MST and PVST+ selecting root port

STP - MST maps groups of VLANs

STP - MST region attributes

STP - MST viewed as a single switch by PVST+

STP - Max Age vs Message Age

STP - Multiple Spanning Tree (MST)

STP - Multiple types of STP on the same switch

STP - PVST+ and Rapid PVST+ interaction

STP - Per VLAN Spanning Tree plus (PVST+)

STP - RSTP BPDU Flags and their usage

STP - RSTP EdgePort

STP - RSTP Proposal Timer Operation

STP - RSTP convergence process

STP - RSTP port roles

STP - RSTP prerequisites for immediate move to forward state

STP - RSTP proposal-agreement process

STP - RSTP while timer cannot be observed

STP - RSTP while timer

STP - Root Inconsistency State

STP - Root Link Query (RLQ) BPDU

STP - Shortest Path Bridging (SPB)

STP - Time to select root bridge

STP - Topology Change Acknowledgement (TCA)

STP - UDLD and Fiber Links

STP - Understanding MST regional root identifier and proposal-agreement process

STP - UplinkFast and reconvergence

STP - UplinkFast and root port delay timer

STP - UplinkFast

STP - bridge priority

STP - connecting one port to another port on the same switch

STP - determining the blocked port using port ID

STP - port identification

STP - port roles

STP - port states

STP - spanning-tree root primary command

STP - what bridge ID does the MST region use

STP - what is a topology change

STP BPDU Filter

STP BPDU Guard

STP BPDU Types