We have an Exadata X2 system we are supporting at a managed hosted Datacenter facility. One fine day in the datacenter the Juniper switch which allows the Exadata system to communicate to the outside world stopped working. Eventually we found out the hosting facility enabled the bpdufilter on the Juniper switch and in turn we needed to do the same setup on out Cisco switch.

Below is a diagram of the highlevel layout of our setup in our datacenter.

  • The Exadata X2 Database Machine connects first to the Cisco 4948 Switch.
  • The Cisco switch connects to the Juniper Switch provided by the hosting facility.
  • Juniper Switch is the gateway to outside internet traffic.

Diagram of highlevel layout of our setup in our datacenter

A BPDU filter what is that?

Bridge Protocol Data Unit’s known also as BPDU’s play a fundamental part in a spanning-tree topology.

The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.

BPDU’s are sent out by a switch to exchange information about bridge ID’s and costs of the root path. Exchanged at a frequency of every 2 seconds by default, BPDU’s allow switches to keep a track of network changes and when to block or forward ports to ensure a loop free topology. A BPDU filter disables spanning-tree on a port period. It does this by restricting sending and receiving BPDU’s.

Commands to enable bpdu filter.

  • Telnet to cisco switch
    $ telnet IPADDRESS
  • Enable commandline for switch
    telnet> enable
  • Prepare to configure switch.
    ciscoswitch-ip# configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    ciscoswitch-ip(config)#interface GigabitEthernet1/48
    ciscoswitch-ip(config-if)#
  • Enable BPDU filter
    ciscoswitch-ip(config-if)# spanning-tree bpdufilter enable
    ciscoswitch-ip(config-if)# end
  • Save the configuration to the startup configuration.
    ciscoswitch-ip# copy running-config startup-config
    Destination filename [startup-config]?
    Building configuration…
    Compressed configuration from 3889 bytes to 1546 bytes[OK]
    ciscoswitch-ip#reload
    Proceed with reload? [confirm]
    Connection closed by foreign host
  • Verify the configuration and BPDU filter is enabled.
    ciscoswitch-ip# show running-config
    ciscoswitch-ip# show interfaces status
    ciscoswitch-ip# show spanning-tree interface GigabitEthernet1/48 portfast
    interface GigabitEthernet1/48
    media-type rj45
    spanning-tree bpdufilter enable