Enabling Bpdu Filtering - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Configuring Optional Spanning-Tree Features
secure response to invalid configurations because you must manually put the port back in service. Use
the BPDU guard feature in a service-provider network to prevent an access port from participating in the
spanning tree.
Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop
Caution
could cause a data packet loop and disrupt switch and network operation.
You can also use the spanning-tree bpduguard enable interface configuration command to enable
BPDU guard on any port without also enabling the Port Fast feature. When the port receives a BPDU, it
is put in the error-disabled state.
You can enable the BPDU guard feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature. This
procedure is optional.
Command
Step 1
configure terminal
Step 2
spanning-tree portfast bpduguard default
Step 3
interface interface-id
Step 4
spanning-tree portfast
Step 5
end
Step 6
show running-config
Step 7
copy running-config startup-config
To disable BPDU guard, use the no spanning-tree portfast bpduguard default global configuration
command.
You can override the setting of the no spanning-tree portfast bpduguard default global configuration
command by using the spanning-tree bpduguard enable interface configuration command.
Enabling BPDU Filtering
When you globally enable BPDU filtering on Port Fast-enabled ports, it prevents ports that are in a Port
Fast-operational state from sending or receiving BPDUs. The ports still send a few BPDUs at link-up
before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering on a
switch so that hosts connected to these ports do not receive BPDUs. If a BPDU is received on a Port
Fast-enabled port, the port loses its Port Fast-operational status, and BPDU filtering is disabled.
Caution
Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop
could cause a data packet loop and disrupt switch and network operation.
You can also use the spanning-tree bpdufilter enable interface configuration command to enable
BPDU filtering on any port without also enabling the Port Fast feature. This command prevents the port
from sending or receiving BPDUs.
Catalyst 3550 Multilayer Switch Software Configuration Guide
18-16
Chapter 18
Purpose
Enter global configuration mode.
Globally enable BPDU guard.
By default, BPDU guard is disabled.
Enter interface configuration mode, and specify the interface
connected to an end station.
Enable the Port Fast feature.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring Optional Spanning-Tree Features
78-11194-09
Advertisement
Table of Contents
Troubleshooting
