Spanning-Tree BPDUFilter

The spanning-tree BPDUfilter works similar to BPDUGuard as it allows you to block malicious BPDUs. The difference is that BPDUguard will put the interface that it receives the BPDU on in err-disable mode while BPDUfilter just “filters” it. In this lesson we’ll take a good look at how BPDUfilter works.

Continue reading

Spanning-Tree RootGuard

RootGuard will make sure you don’t accept a certain switch as a root bridge. BPDUs are sent and processed normally but if a switch suddenly sends a BPDU with a superior bridge ID you won’t accept it as the root bridge. Normally SW2 would become the root bridge because it has the best bridge ID, fortunately we have RootGuard on SW3 so it’s not going to happen!

Continue reading

FlexLinks

When you have a redundant switched topology, spanning-tree will block some of the interfaces to create a loop-free topology. Another method to deal with redundant topologies is by using flexlinks. When you configure FlexLinks you’ll have an active and standby interface. Here’s an example:

Continue reading