Configuring Bpdu Guard - Cisco WS-C3550-12G Software Configuration Manual

Chapter 10 Configuring STP

Configuring BPDU Guard

When the BPDU guard feature is enabled on the switch, STP shuts down Port Fast-enabled interfaces
that receive BPDUs rather than putting them into the blocking state.
The BPDU guard feature works on Port Fast-enable interfaces. Configure Port Fast only on interfaces
Caution
that connect to end stations; otherwise, an accidental topology loop could cause a data packet loop
and disrupt switch and network operation.
Beginning in privileged EXEC mode, follow these steps to enable the BPDU guard feature on the switch:
Command
Step 1
configure terminal
Step 2 spanning-tree portfast bpduguard
Step 3
end
Step 4
show spanning-tree summary total
Step 5 copy running-config startup-config
In a valid configuration, Port Fast-enabled interfaces do not receive BPDUs. Receiving a BPDU on a
Port Fast-enabled interface means an invalid configuration, such as the connection of an unauthorized
device. If a BPDU is received on Port Fast-enabled interface, the BPDU guard feature places the
interface into the ErrDisable state. The BPDU guard feature provides a secure response to invalid
configurations because you must manually put the interface back in service.
To disable BPDU guard, use the no spanning-tree portfast bpduguard global configuration command.
78-11194-03
Purpose
Enter global configuration mode.
Enable BPDU guard on the switch.
By default, BPDU guard is disabled on the switch.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring Advanced STP Features
10-33