Enabling Bpdu Guard - Cisco Catalyst 3550 series Software Configuration Manual

Chapter 18 Configuring Optional Spanning-Tree Features
Use Port Fast only when connecting a single end station to an access or trunk port. Enabling this feature
Caution
on a port connected to a switch or hub could prevent spanning tree from detecting and disabling loops
in your network, which could cause broadcast storms and address-learning problems.
If you enable the voice VLAN feature, the Port Fast feature is automatically enabled. When you disable
voice VLAN, the Port Fast feature is not automatically disabled. For more information, see
"Configuring Voice VLAN."
You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to enable Port Fast. This procedure is optional.
Command
Step 1
configure terminal
Step 2 interface interface-id
Step 3 spanning-tree portfast [trunk]
Step 4
end
Step 5 show spanning-tree interface interface-id
portfast
Step 6 copy running-config startup-config
Note You can use the spanning-tree portfast default global configuration command to globally enable the
Port Fast feature on all nontrunking ports.
To disable the Port Fast feature, use the spanning-tree portfast disable interface configuration
command.

Enabling BPDU Guard

When you globally enable BPDU guard on ports that are Port Fast-enabled (the ports are in a Port
Fast-operational state), spanning tree shuts down Port Fast-enabled ports that receive BPDUs.
In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port
Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and
the BPDU guard feature puts the port in the error-disabled state. The BPDU guard feature provides a
78-11194-09
Purpose
Enter global configuration mode.
Enter interface configuration mode, and specify an interface to
configure.
Enable Port Fast on an access port connected to a single
workstation or server. By specifying the trunk keyword, you can
enable Port Fast on a trunk port.
Make sure that there are no loops in the network
Caution
between the trunk port and the workstation or server
before you enable Port Fast on a trunk port.
By default, Port Fast is disabled on all ports.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring Optional Spanning-Tree Features
Chapter 14,
18-15