Solved: BPDU filters

TheVMinator · ‎02-22-2016

Is it possible to implement BPDU filtering in ESXi? Can I do it on a standard switch or do I need a distributed switch? Can I do it on an NSX distributed switch?

Thanks

MKguy · ‎03-01-2016

BDPU filtering is a host-wide and not a vSwitch setting. As such it works with both, standard and distributed vSwitches. There is no special license or add-on like NSX required, to enable it, you just have to set the host parameter Net.BlockGuestBPDU to 1. This will block all BDPU frames sent from any guest on any vSwitch on the host.

See these articles for more details:

VMware KB: Understanding the BPDU Filter feature in vSphere 5.1

vSphere 5.1 - VDS New Features - BPDU Filter - VMware vSphere Blog - VMware Blogs

-- http://alpacapowered.wordpress.com

View solution in original post

HawkieMan · ‎02-29-2016

BPDU filtering is basically a STP functionality. Since the dvswitch doesnt loop it should not be nescessary to use BPDU guard.

TheVMinator · ‎02-29-2016

Yes, but if the physical switch is configured incorrectly, it is possible for BPDU's to be sent to the ESXi host - so my question is, how to filter them if that should happen, and on which types of vswitches (standard switch, distributed switch, nsx distributed switch) is it possible to filter them.

MKguy · ‎03-01-2016

BDPU filtering is a host-wide and not a vSwitch setting. As such it works with both, standard and distributed vSwitches. There is no special license or add-on like NSX required, to enable it, you just have to set the host parameter Net.BlockGuestBPDU to 1. This will block all BDPU frames sent from any guest on any vSwitch on the host.

See these articles for more details:

VMware KB: Understanding the BPDU Filter feature in vSphere 5.1

vSphere 5.1 - VDS New Features - BPDU Filter - VMware vSphere Blog - VMware Blogs

-- http://alpacapowered.wordpress.com

TheVMinator · ‎03-01-2016

ok great - thanks!

All

BPDU filters