EasyManua.ls Logo

Cisco Catalyst 4500 Series - About BPDU Guard

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
26-15
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 26 Configuring Optional STP Features
About BPDU Guard
About BPDU Guard
Spanning Tree BPDU guard shuts down PortFast edge-configured interfaces that receive BPDUs, rather
than putting them into the spanning tree blocking state.
When configured globally, BPDU Guard is only effective on ports in the operational PortFast edge state.
In a valid configuration, PortFast edge-configured interfaces do not receive BPDUs. Reception of a
BPDU by a PortFast edge-configured interface signals an invalid configuration, such as connection of
an unauthorized device.
BPDU guard provides a secure response to invalid configurations, because the administrator must
manually put the interface back in service.
Note When the BPDU guard feature is enabled, spanning tree applies the BPDU guard feature to all
PortFast-configured interfaces. BPDU Guard shuts down that interface if a BPDU is received, regardless
of the PortFast port type configuration.
Note To prevent the port from shutting down, use the errdisable detect cause bpduguard shutdown vlan
global configuration command to shut down only the offending VLAN on the port where the violation
occurred.
Enabling BPDU Guard
Enabling BPDU Guard Globally
To globally enable BPDU guard on edge ports that receive BPDUs, perform this task:
This example shows how to enable BPDU guard:
Switch(config)# spanning-tree portfast edge bpduguard default
Switch(config)# end
Switch#
This example shows how to verify the configuration:
Switch# show spanning-tree summary
Root bridge for: Bridge VLAN0025
EtherChannel misconfiguration guard is enabled
Command Purpose
Step 1
Switch# configure terminal
Step 2
Switch(config)# spanning-tree portfast edge
bpduguard default
Enables BPDU Guard globally by default on all edge
ports of the switch.
Use the no version of the command to disable BPDU
guard.
Step 3
Switch(config)# end
Exits configuration mode.
Step 4
Switch# show spanning-tree summary
Verifies the BPDU configuration.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Administration Guide
Administration Guide1814 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Message Guide
Message Guide146 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages
Preview: Datasheet
Datasheet11 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Overview
Overview46 pages

Related product manuals