BPDU & Root Guard

A switch utilizes a cache of MAC addresses linked to each port to efficiently forward traffic. Still, when this cache is updated (like during topology changes in STP), it may need to "flood" unicast frames to all ports if it doesn't know the correct destination port, potentially impacting network performance; to mitigate this, configure access ports (connecting directly to host devices) with features like "PortFast" on Cisco switches to exclude them from topology change notifications, minimizing unnecessary flooding of unicast traffic.

 Key points:

 MAC address cache:

A switch stores MAC addresses associated with each port to quickly direct traffic.

 Flooding:

When a switch doesn't know the correct port for a destination MAC address, it sends the frame to all ports, even a unicast frame.

STP and topology changes:

Frequent changes in network topology, especially with Rapid Spanning Tree Protocol (RSTP), can cause the switch to update its MAC address cache frequently, leading to more flooding.

How to minimize flooding on access ports:

PortFast:

Configure "PortFast" on access ports on Cisco switches to prevent them from participating in topology change notifications, reducing unnecessary flooding.

 Edgeport (other vendors):

Similar functionality on non-Cisco switches is often referred to as "edgeport."

 STP commands to further control flooding:

 BPDU Guard:

If a port configured with PortFast receives a Bridge Protocol Data Unit (BPDU), which is expected on switch-to-switch links, it disables the port to prevent misconfiguration.

 BPDU Filter:

It drops all BPDUs on a port and is valid for links between separate switching domains.

Root Guard:

Prevents a switch connected to a specific port from becoming the root bridge in the Spanning Tree network, ensuring that only designated "core" switches can be the root.