- Filter incoming and outgoing BPDU
- Configure on interface and globally
- disable stp by dropping bpdu packets
- applied at access layer
- to block stp information reaching the end hosts for security pupose
- sh spannig-tree counters
- disadvantage:
- some times end host sends BPDU(run stp) at that time we can't get that bpdus due to bpdu filter
- If config with portfast on global mode, bpdu filter enable on each port fast containing port.
- and also allow the incoming bpdus, as-usually block the outgoing bpdus