Skip to main content

11 Messages

 • 

222 Points

Mon, Jul 20, 2020 2:13 PM

bpdu-guard vs stp-protect ruckus switch

Can anyone explain what is the difference between stp-protect and bpdu-guard?
as far as I know stp-protect can be enabled on the end station port to prevent port from initiate or participate on STP topology, also bpdu-guard can be configured on the end station port to disable the port if a BPDU is received on that port. So I don't see the difference between two of them.
Thank you

Responses

12 Messages

 • 

290 Points

4 months ago

The BPDU guard, an enhancement to STP, removes a node that reflects BPDUs back in the network. It enforces the STP domain borders and keeps the active topology predictable by not allowing any network devices behind a BPDU guard-enabled port to participate in STP.

You can enable STP Protection on a per-port basis.

To prevent an end station from initiating or participating in STP topology changes, enter the following command at the Interface level of the CLI.

device#(config) interface ethernet 2
device#(config-if-e1000-2)#stp-protect

This command causes the port to drop STP BPDUs sent from the device on the other end of the link.

Enter the no form of the command to disable STP protection on the port.


So STP Protect drops BPDUs coming in and err-disables the port.
BPDU guard Will err-disable ports where BPDUs are reflected back into the switch.....meaning there is a loop and it will open up the loop.

Employee

 • 

129 Messages

 • 

46 Points

4 months ago

STP-protect causes the port to drop STP BPDUs. In reality, we ignore those packets which may or may not be the sign of a problem (Ex. employee plugged in stp-enabled switch). With BPDU guard, we can take action and shut that port down. The general recommendation on access ports is BPDU guard as they should not be receiving STP BPDUs. STP-protect should really be more of a corner case where you specifically want to drop/ignore STP BPDUs (which should be rare). 

Support - 1-855-782-5871
https://support.ruckuswireless.com/contact-us

11 Messages

 • 

222 Points

4 months ago

thank you for your answers.
So in case of access switch , by enabling BPDU guard on end ports , it's automatically enable port fast on the port , or still need to enable fast port too with BPDU guard?

Employee

 • 

16 Messages

 • 

474 Points

Hi Mohamed - In 802.1w (RSTP), admin-edge-port is similar to Portfast. Port enabled with admin-edge-port will not participate in STP topology changes. Although 802.1w can auto-detect edge port,  it is recommended to to configure edge port manually. BPDU-guard or root-protect also recommended for edge port to protect the network. Please see configuration guide here:

https://docs.arris.com/bundle/fastiron-08090-l2guide/page/GUID-27AA7467-42F3-4D32-81EB-975051BA3562....

Configuration:
Per-vlan rapid-STP (802.1w):
(config-vlan-40)#spanning-tree 802-1w ethernet 1/1/9 admin-edge-port

MSTP:
device(config)# mstp admin-edge-port ethernet 3/1/1

12 Messages

 • 

290 Points

4 months ago

Port Fast is a vendors proprietary method of putting a port into forwarding mode immediately without going through listening\learning\blocking\forwarding.....when a switch is in 802.1d mode. 802.1w introduced that feature with the standard. Regardless.....when the port receives BPDU's it will go through all of the steps. Therefore the port is receptive to bridge learning....... counter to BPDU guard.