Specifications
Spanning Tree Configuration Command Set
Reviewing and Setting Spanning Tree Bridge Parameters
5-44 SecureStack A2 Configuration Guide
5.2.1.37 set spantree spanguard
Use this command to enable or disable the Spanning Tree span guard function. Span guard is
designed to disable, or lock out an "edge" port when an unexpected BPDU is received. The port
can be configured to be re-enabled after a set time period, or only after manual intervention.
A port can be defined as an edge (user) port using the set spantree adminedge command, described
in Section 5.2.2.11. A port designated as an edge port is expected to be connected to a workstation
or other end-user type of device, and not to another switch in the network. When Spanguard is
enabled, if a non-loopback BPDU is received on an edge port, the Spanning Tree state of that port
will be changed to "blocking" and will no longer forward traffic. The port will remain disabled until
the amount of time defined by set spantree spanguardtimeout (Section 5.2.1.40) has passed since
the last seen BPDU, the port is manually unlocked (set or clear spantree spanguardlock,
Section 5.2.1.43), the configuration of the port is changed so it is not longer an edge port, or the
span guard function is disabled.
Span guard is enabled and disabled only on a global basis across the stack. By default, span guard
is disabled and span guard traps are enabled.
set spantree spanguard {enable | disable}
Syntax Description
Command Defaults
None.
Command Mode
Read-Write.
Example
This example shows how to enable the span guard function:
enable | disable Enables or disables the span guard function.
A2(rw)->set spantree spanguard enable