Filter
Top Products
21-9
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 21 Configuring Optional STP Features
Enabling BPDU Guard
Enabling BPDU Guard
To enable BPDU guard to shut down PortFast-configured interfaces that receive BPDUs, perform this
task:
This example shows how to enable BPDU guard:
Switch(config)# spanning-tree portfast bpduguard
Switch(config)# end
Switch#
This example shows how to verify the BPDU configuration:
Switch# show spanning-tree summary totals
Root bridge for: none.
PortFast BPDU Guard is enabled
Etherchannel misconfiguration guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Default pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
-------------------- -------- --------- -------- ---------- ----------
34 VLANs 0 0 0 36 36
Switch#
About PortFast BPDU Filtering
Cisco IOS Release 12.2(25)EW and later support PortFast BPDU filtering, which allows the
administrator to prevent the system from sending or even receiving BPDUs on specified ports.
When configured globally, PortFast BPDU filtering applies to all operational PortFast ports. Ports in an
operational PortFast state are supposed to be connected to hosts that typically drop BPDUs. If an
operational PortFast port receives a BPDU, it immediately loses its operational PortFast status. In that
case, PortFast BPDU filtering is disabled on this port and STP resumes sending BPDUs on this port.
PortFast BPDU filtering can also be configured on a per-port basis. When PortFast BPDU filtering is
explicitly configured on a port, it does not send any BPDUs and drops all BPDUs it receives.
Caution Explicitly configuring PortFast BPDU filtering on a port that is not connected to a host can result in
bridging loops, because the port ignores any BPDU it receives and goes to the forwarding state.
Command Purpose
Step 1
Switch(config)# [no] spanning-tree portfast
bpduguard
Enables BPDU guard on all the switch’s
PortFast-configured interfaces.
Use the no keyword to disable BPDU guard.
Step 2
Switch(config)# end
Exits configuration mode.
Step 3
Switch# show spanning-tree summary totals
Verifies the BPDU configuration.