BPDU Filtering, BPDU Guard, and Root Guard are STP security mechanisms. In this post I will only describe BPDU Filtering and BPDU Guard.
These 2 features provide protection against spanning-tree loops being created on ports where PortFast has been enabled. A device attached to a PortFast interface is not supposed to send BPDUs but should this happen BPDU Filtering and BPDU Guard provide protection.
BPDU Guard and BPDU Filtering can be configured in 2 different ways, from global configuration mode or in interface configuration mode. In global configuration mode the feature (either BPDU guard or BPDU Filtering) will have effect on PortFast enabled port only. In interface configuration mode it will only affect a specified port.