Prevent Network Disruptions With Bpdu Guard - Dell S3048-ON Configuration Manual

• Enable PortFast on an interface.
INTERFACE mode
spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]]
Example of Verifying PortFast is Enabled on an Interface
To verify that PortFast is enabled on a port, use the show spanning-tree command from EXEC Privilege mode or the show config
command from INTERFACE mode. Dell Networking recommends using the show config command.
Dell#(conf-if-gi-1/1)#show conf
!
interface GigabitEthernet 1/1
no ip address
switchport
spanning-tree 0 portfast
no shutdown
Dell#(conf-if-gi-1/1)#

Prevent Network Disruptions with BPDU Guard

Configure the Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature on ports that connect to end stations. End stations
do not generate BPDUs, so ports configured with Portfast/ Edgport (edgeports) do not expect to receive BDPUs.
If an edgeport does receive a BPDU, it likely means that it is connected to another part of the network, which can negatively affect the
STP topology. The BPDU Guard feature blocks an edgeport after receiving a BPDU to prevent network disruptions, and Dell Networking
OS displays the following message.
3w3d0h: %RPM0-P:RP2 %SPANMGR-5-BPDU_GUARD_RX_ERROR: Received Spanning Tree BPDU on
BPDU guard port. Disable GigabitEthernet 3/4.
Enable BPDU Guard using the bpduguard option when enabling PortFast or EdgePort. The bpduguard shutdown-on-violation
option causes the interface hardware to be shut down when it receives a BPDU. Otherwise, although the interface is placed in an Error
Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree will only drop packets after a BPDU violation.
The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking
system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an
undesirable topology change. If you enable BPDU Guard, when the edge port receives the BPDU, the BPDU is dropped, the port is blocked,
and a console message is generated.
NOTE: Unless you enable the shutdown-on-violation option, spanning-tree only drops packets after a BPDU violation; the
physical interface remains up.
Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior:
• If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
• When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware.
• When you remove a physical port from a port channel in the Error Disable state, the Error Disabled state is cleared on this physical port
(the physical port is enabled in the hardware).
• You can clear the Error Disabled state with any of the following methods:
• Perform a shutdown command on the interface.
• Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast
[bpduguard | [shutdown-on-violation]] command).
• Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode).
• Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode).
Spanning Tree Protocol (STP) 831