Filter
Top Products
12-11
Catalyst 2940 Switch Software Configuration Guide
78-15507-02
Chapter 12 Configuring Optional Spanning-Tree Features
Configuring Optional Spanning-Tree Features
Enabling BPDU Guard (Optional)
When you globally enable BPDU guard on ports that are Port Fast-enabled (the ports are in a Port
Fast-operational state), spanning tree shuts down Port Fast-enabled ports that receive BPDUs.
In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port
Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and
the BPDU guard feature puts the port in the error-disabled state. The BPDU guard feature provides a
secure response to invalid configurations because you must manually put the port back in service. Use
the BPDU guard feature in a service-provider network to prevent an access port from participating in the
spanning tree.
Caution Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop
could cause a data packet loop and disrupt switch and network operation.
You can also use the spanning-tree bpduguard enable interface configuration command to enable
BPDU guard on any port without also enabling the Port Fast feature. When the port receives a BPDU, it
is put in the error-disabled state.
Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature. This
procedure is optional:
To disable BPDU guard, use the no spanning-tree portfast bpduguard default global configuration
command.
You can override the setting of the no spanning-tree portfast bpduguard default global configuration
command by using the spanning-tree bpduguard enable interface configuration command.
Enabling BPDU Filtering (Optional)
When you globally enable BPDU filtering on Port Fast-enabled ports, it prevents ports that are in a Port
Fast-operational state from sending or receiving BPDUs. The ports still send a few BPDUs at link-up
before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering on a
switch so that hosts connected to these ports do not receive BPDUs. If a BPDU is received on a Port
Fast-enabled port, the port loses its Port Fast-operational status, and BPDU filtering is disabled.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
spanning-tree portfast bpduguard default Globally enable BPDU guard.
By default, BPDU guard is disabled.
Step 3
interface interface-id Enter interface configuration mode, and specify the interface
connected to an end station.
Step 4
spanning-tree portfast Enable the Port Fast feature.
Step 5
end Return to privileged EXEC mode.
Step 6
show running-config Verify your entries.
Step 7
copy running-config startup-config (Optional) Save your entries in the configuration file.