Version 8.2.1.0
Version 7.6.1.0
Version 7.5.1.0
Version 7.4.1.0
Version 6.2.1.1
Usage
The BPDU guard option prevents the port from participating in an active STP
Information
topology in case a BPDU appears on a port unintentionally, or is misconfigured, or
is subject to a DOS attack. This option places the port into the Error Disable state if
a BPDU appears, and a message is logged so that the administrator can take
corrective action.
If you do not enable shutdown-on-violation, BPDUs are still sent to the route
process module (RPM) CPU.
You cannot enable root guard and loop guard at the same time on a port. For
example, if you configure loop guard on a port on which root guard is already
configured, the following error message is displayed: % Error: RootGuard is
configured. Cannot configure LoopGuard.
When used in a PVST+ network, loop guard is performed per-port or per-port
channel at a VLAN level. If no BPDUs are received on a VLAN interface, the port or
port-channel transitions to a Loop-Inconsistent (blocking) state only for this VLAN.
Enabling Portfast BPDU guard and loop guard at the same time on a port results in
a port that remains in a Blocking state and prevents traffic from flowing through it.
For example, when Portfast BPDU guard and loop guard are both configured:
•
•
Example
Dell(conf-if-gi-1/1)#spanning-tree pvst vlan 3 cost 18000
Dell(conf-if-gi-1/1)#end
Dell(conf-if-gi-1/1)#show config
!
interface GigabitEthernet 1/1
Dell(conf-if-gi-1/1)#end
Dell#
Per-VLAN Spanning Tree Plus (PVST+)
Introduced the hardware shutdown-on-violation option.
Introduced on the S-Series.
Introduced on the C-Series.
Added the optional Bridge Port Data Unit (BPDU) guard.
Introduced.
NOTE: A port configured as an edge port, on a PVST switch, immediately
transitions to the forwarding state. Only ports connected to end-hosts should
be configured as an edge port. Consider an edge port similar to a port with a
spanning-tree portfast enabled.
If a BPDU is received from a remote device, BPDU guard places the port in an
Err-Disabled Blocking state and no traffic is forwarded on the port.
If no BPDU is received from a remote device, loop guard places the port in a
Loop-Inconsistent Blocking state and no traffic is forwarded on the port.
no ip address
switchport
spanning-tree pvst vlan 3 cost 18000
no shutdown
1099