13-15
Catalyst 2950 Desktop Switch Software Configuration Guide
78-14982-01
Chapter 13 Configuring Optional Spanning-Tree Features
Configuring Optional Spanning-Tree Features
Note You can use the spanning-tree portfast default global configuration command to globally enable the
Port Fast feature on all nontrunking ports.
To disable the Port Fast feature, use the spanning-tree portfast disable interface configuration
command.
Enabling BPDU Guard
When you globally enable BPDU guard on ports that are Port Fast-enabled (the ports are in a Port
Fast-operational state), spanning tree shuts down Port Fast-enabled ports that receive BPDUs.
In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port
Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and
the BPDU guard feature puts the port in the error-disabled state. The BPDU guard feature provides a
secure response to invalid configurations because you must manually put the port back in service. Use
the BPDU guard feature in a service-provider network to prevent an access port from participating in the
spanning tree.
Caution Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop
could cause a data packet loop and disrupt switch and network operation.
You can also use the spanning-tree bpduguard enable interface configuration command to enable
BPDU guard on any port without also enabling the Port Fast feature. When the port receives a BPDU, it
is put in the error-disabled state.
You can enable the BPDU guard feature if your switch is running PVST or MSTP. The MSTP is available
only if you have the EI installed on your switch.
Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature:
Step 4
end Return to privileged EXEC mode.
Step 5
show spanning-tree interface interface-id
portfast
Verify your entries.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
spanning-tree portfast bpduguard default Globally enable BPDU guard.
By default, BPDU guard is disabled.
Step 3
interface interface-id Enter interface configuration mode, and specify the interface
connected to an end station.
Step 4
spanning-tree portfast Enable the Port Fast feature.
Step 5
end Return to privileged EXEC mode.
To Next Page
Loading...
