BPDU and portfast

When the BPDU guard feature is enabled, the port enters the err-Disable state when receiving the BPDU, thus avoiding bridging loops.
Generally, BPDU guard is used in combination with portfast. After portfast is enabled on the port, if the BPDU guard is not enabled, STP will bring the port into the blocking state when the port receives the BPDU, after BPDU guard is configured, the port enters err-Disable when it receives the BPDU. Configure BPDU
Port-Based Configuration:
Switch (config-If) # spanning-tree bpduguard enable
Switch (config-If) # spanning-tree bpduguard disable
Global Configuration:
Switch (config) # spanning-tree portfast bpduguard
The global configuration is used with portfast. When portfast is enabled on the port, BPDU guard is enabled for this port. If portfast is not enabled for this port, this command will not enable BPDU guard for this port.
Conclusion: After BPDU guard is configured, only the BPDU are sent and not received. when received, the port enters the err-Disable state.

Difference between BPDU guard and BPDU filter:

BPDU guard and BPDU filter can be enabled in global mode or on the port. Of course, different activation methods have different effects. BPDU guard is enabled globally and takes effect only for the portfast port. When the BPDU is received, the interface is transitioned to the err-Disable state. If Port portfast is enabled under the interface, the interface is switched to the err-Disable state once the port receives the BPDU. If the BPDU filter is enabled globally, it only takes effect for the portfast port and can only filter out the sent BPDU and cannot filter out the received BPDU. If it is enabled under the interface. Whether or not the portfast port is enabled. In addition, all sent or received messages will be filtered out, which is equivalent to a dangerous action when STPS is disabled on this interface. It is not recommended to enable STPS on this interface.

BPDU and portfast