Be careful when using this command. Enabling BPDU filtering on an interface is the same as disabling
spanning tree on it and can result in spanning-tree loops.
Caution
Use the spanning-tree portfast bpduguard default global configuration command to globally enable BPDU
guard on interfaces that are in a PortFast-operational state. In a valid configuration, PortFast-enabled interfaces
do not receive BPDUs. Receiving a BPDU on a PortFast-enabled interface signals an invalid configuration,
such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the
error-disabled state. The BPDU guard feature provides a secure response to invalid configurations because
you must manually put the interface back in service. Use the BPDU guard feature in a service-provider network
to prevent an access port from participating in the spanning tree.
You can override the spanning-tree portfast bpduguard default command by using the spanning-tree
portfast bpduguard interface command.
Use the spanning-tree portfast default command to globally enable the PortFast feature on all nontrunking
interfaces. Configure PortFast only on interfaces that connect to end stations; otherwise, an accidental topology
loop could cause a data packet loop and disrupt switch and network operation. A PortFast-enabled interface
moves directly to the spanning-tree forwarding state when linkup occurs; it does not wait for the standard
forward-delay time.
You can override the spanning-tree portfast default global configuration command by using the spanning-tree
portfast interface configuration command. You can use the no spanning-tree portfast default global
configuration command to disable PortFast on all interfaces unless they are individually configured with the
spanning-tree portfast interface configuration command.
Examples
This example shows how to globally enable BPDU filtering by default:
Switch(config)# spanning-tree portfast bpdufilter default
This example shows how to globally enable the BDPU guard feature by default:
Switch(config)# spanning-tree portfast bpduguard default
This example shows how to globally enable the PortFast feature on all nontrunking interfaces:
Switch(config)# spanning-tree portfast default
Catalyst 2960-X Switch Layer 2 Command Reference, Cisco IOS Release 15.0(2)EX
OL-29043 -01 107
Layer 2 Commands
spanning-tree portfast (global configuration)
To Next Page
Loading...
Need help?
General