Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

26-15

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 26 Configuring Optional STP Features

About BPDU Guard

Spanning Tree BPDU guard shuts down PortFast edge-configured interfaces that receive BPDUs, rather

than putting them into the spanning tree blocking state.

When configured globally, BPDU Guard is only effective on ports in the operational PortFast edge state.

In a valid configuration, PortFast edge-configured interfaces do not receive BPDUs. Reception of a

BPDU by a PortFast edge-configured interface signals an invalid configuration, such as connection of

an unauthorized device.

BPDU guard provides a secure response to invalid configurations, because the administrator must

manually put the interface back in service.

Note When the BPDU guard feature is enabled, spanning tree applies the BPDU guard feature to all

PortFast-configured interfaces. BPDU Guard shuts down that interface if a BPDU is received, regardless

of the PortFast port type configuration.

Note To prevent the port from shutting down, use the errdisable detect cause bpduguard shutdown vlan

global configuration command to shut down only the offending VLAN on the port where the violation

occurred.

Enabling BPDU Guard

Enabling BPDU Guard Globally

To globally enable BPDU guard on edge ports that receive BPDUs, perform this task:

This example shows how to enable BPDU guard:

Switch(config)# spanning-tree portfast edge bpduguard default

Switch(config)# end

Switch#

This example shows how to verify the configuration:

Switch# show spanning-tree summary

Root bridge for: Bridge VLAN0025

EtherChannel misconfiguration guard is enabled

Command Purpose

Step 1

Switch# configure terminal

Step 2

Switch(config)# spanning-tree portfast edge

bpduguard default

Enables BPDU Guard globally by default on all edge

ports of the switch.

Use the no version of the command to disable BPDU

guard.

Step 3

Switch(config)# end

Exits configuration mode.

Step 4

Switch# show spanning-tree summary

Verifies the BPDU configuration.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E