User's Manual
Table Of Contents
- Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)
- Contents
- Preface
- New and Changed Information for this Release
- Overview
- Configuring Ethernet Interfaces
- Information About Ethernet Interfaces
- Configuring Ethernet Interfaces
- Configuring the UDLD Mode
- Changing an Interface Port Mode
- Configuring Interface Speed
- Disabling Link Negotiation
- Configuring the CDP Characteristics
- Enabling or Disabling CDP
- Enabling the Error-Disabled Detection
- Enabling the Error-Disabled Recovery
- Configuring the Error-Disabled Recovery Interval
- Configuring the Debounce Timer
- Configuring the Description Parameter
- Disabling and Restarting Ethernet Interfaces
- Displaying Interface Information
- Displaying Input Packet Discard Information
- Default Physical Ethernet Settings
- Configuring VLANs
- Configuring Private VLANs
- Information About Private VLANs
- Guidelines and Limitations for Private VLANs
- Configuring a Private VLAN
- Enabling Private VLANs
- Configuring a VLAN as a Private VLAN
- Associating Secondary VLANs with a Primary Private VLAN
- Configuring an Interface as a Private VLAN Host Port
- Configuring an Interface as a Private VLAN Promiscuous Port
- Configuring a Promiscuous Trunk Port
- Configuring an Isolated Trunk Port
- Configuring the Allowed VLANs for PVLAN Trunking Ports
- Configuring Native 802.1Q VLANs on Private VLANs
- Verifying the Private VLAN Configuration
- Configuring Access and Trunk Interfaces
- Configuring Switching Modes
- Configuring Rapid PVST+
- Information About Rapid PVST+
- Understanding STP
- Understanding Rapid PVST+
- Rapid PVST+ and IEEE 802.1Q Trunks
- Rapid PVST+ Interoperation with Legacy 802.1D STP
- Rapid PVST+ Interoperation with 802.1s MST
- Configuring Rapid PVST+
- Enabling Rapid PVST+
- Enabling Rapid PVST+ per VLAN
- Configuring the Root Bridge ID
- Configuring a Secondary Root Bridge
- Configuring the Rapid PVST+ Port Priority
- Configuring the Rapid PVST+ Pathcost Method and Port Cost
- Configuring the Rapid PVST+ Bridge Priority of a VLAN
- Configuring the Rapid PVST+ Hello Time for a VLAN
- Configuring the Rapid PVST+ Forward Delay Time for a VLAN
- Configuring the Rapid PVST+ Maximum Age Time for a VLAN
- Specifying the Link Type
- Restarting the Protocol
- Verifying Rapid PVST+ Configurations
- Information About Rapid PVST+
- Configuring Multiple Spanning Tree
- Information About MST
- Configuring MST
- MST Configuration Guidelines
- Enabling MST
- Entering MST Configuration Mode
- Specifying the MST Name
- Specifying the MST Configuration Revision Number
- Specifying the Configuration on an MST Region
- Mapping and Unmapping VLANs to MST Instances
- Mapping Secondary VLANs to Same MSTI as Primary VLANs for Private VLANs
- Configuring the Root Bridge
- Configuring a Secondary Root Bridge
- Configuring the Port Priority
- Configuring the Port Cost
- Configuring the Switch Priority
- Configuring the Hello Time
- Configuring the Forwarding-Delay Time
- Configuring the Maximum-Aging Time
- Configuring the Maximum-Hop Count
- Configuring PVST Simulation Globally
- Configuring PVST Simulation Per Port
- Specifying the Link Type
- Restarting the Protocol
- Verifying MST Configurations
- Configuring STP Extensions
- About STP Extensions
- Information About STP Extensions
- Configuring STP Extensions
- STP Extensions Configuration Guidelines
- Configuring Spanning Tree Port Types Globally
- Configuring Spanning Tree Edge Ports on Specified Interfaces
- Configuring Spanning Tree Network Ports on Specified Interfaces
- Enabling BPDU Guard Globally
- Enabling BPDU Guard on Specified Interfaces
- Enabling BPDU Filtering Globally
- Enabling BPDU Filtering on Specified Interfaces
- Enabling Loop Guard Globally
- Enabling Loop Guard or Root Guard on Specified Interfaces
- Verifying STP Extension Configuration
- About STP Extensions
- Configuring LLDP
- Configuring the MAC Address Table
- Configuring IGMP Snooping
- Configuring Traffic Storm Control
- INDEX
interface signals an invalid configuration, such as the connection of an unauthorized host or switch. BPDU
Guard, when enabled globally, shuts down all spanning tree edge ports when they receive a BPDU.
BPDU Guard provides a secure response to invalid configurations, because you must manually put the LAN
interface back in service after an invalid configuration.
When enabled globally, BPDU Guard applies to all operational spanning tree edge interfaces.Note
Understanding BPDU Filtering
You can use BPDU Filtering to prevent the switch from sending or even receiving BPDUs on specified ports.
When configured globally, BPDU Filtering applies to all operational spanning tree edge ports. You should
connect edge ports only to hosts, which typically drop BPDUs. If an operational spanning tree edge port
receives a BPDU, it immediately returns to a normal spanning tree port type and moves through the regular
transitions. In that case, BPDU Filtering is disabled on this port, and spanning tree resumes sending BPDUs
on this port.
In addition, you can configure BPDU Filtering by the individual interface. When you explicitly configure
BPDU Filtering on a port, that port does not send any BPDUs and drops all BPDUs that it receives. You can
effectively override the global BPDU Filtering setting on individual ports by configuring the specific interface.
This BPDU Filtering command on the interface applies to the entire interface, whether the interface is trunking
or not.
Use care when configuring BPDU Filtering per interface. If you explicitly configuring BPDU Filtering
on a port that is not connected to a host, it can result in bridging loops because the port will ignore any
BPDU that it receives and go to forwarding.
Caution
If the port configuration is not set to default BPDU Filtering, then the edge configuration will not affect BPDU
Filtering. The following table lists all the BPDU Filtering combinations.
Table 10: BPDU Filtering Configurations
BPDU Filtering StateSTP Edge Port
Configuration
BPDU Filtering Global
Configuration
BPDU Filtering Per Port
Configuration
EnableThe port transmits
at least 10 BPDUs. If this
port receives any BPDUs,
the port returns to the
spanning tree normal port
state and BPDU Filtering
is disabled.
EnableEnableDefault
DisableDisableEnableDefault
DisableEnabled/DisabledDisableDefault
DisableEnabled/DisabledEnabled/DisabledDisable
Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)
OL-26590-01 115
Configuring STP Extensions
Information About STP Extensions