Specifications

ManualsBrandsCisco ManualsComputer equipment2970 - Catalyst Switch

341

342

343

344

345

346

347

348

349

350

16-11

Catalyst 2970 Switch Software Configuration Guide

78-15462-03

Chapter 16 Configuring Optional Spanning-Tree Features

Configuring Optional Spanning-Tree Features

Enabling BPDU Guard

When you globally enable BPDU guard on ports that are Port Fast-enabled (the ports are in a Port

Fast-operational state), spanning tree shuts down Port Fast-enabled ports that receive BPDUs.

In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port

Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and

the BPDU guard feature puts the port in the error-disabled state. The BPDU guard feature provides a

secure response to invalid configurations because you must manually put the port back in service. Use

the BPDU guard feature in a service-provider network to prevent an access port from participating in the

spanning tree.

Caution Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop

could cause a data packet loop and disrupt switch and network operation.

You also can use the spanning-tree bpduguard enable interface configuration command to enable

BPDU guard on any port without also enabling the Port Fast feature. When the port receives a BPDU, it

is put in the error-disabled state.

You can enable the BPDU guard feature if your switch is running PVST+, rapid PVST+, or MSTP.

Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature. This

procedure is optional.

To disable BPDU guard, use the no spanning-tree portfast bpduguard default global configuration

command.

You can override the setting of the no spanning-tree portfast bpduguard default global configuration

command by using the spanning-tree bpduguard enable interface configuration command.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

spanning-tree portfast bpduguard default Globally enable BPDU guard.

By default, BPDU guard is disabled.

Step 3

interface interface-id Enter interface configuration mode, and specify the interface

connected to an end station.

Step 4

spanning-tree portfast Enable the Port Fast feature.

Step 5

end Return to privileged EXEC mode.

Step 6

show running-config Verify your entries.

Step 7

copy running-config startup-config (Optional) Save your entries in the configuration file.