EasyManua.ls Logo

Cisco ME 3400 - Enabling BPDU Guard

Cisco ME 3400
1138 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
16-7
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-07
Chapter 16 Configuring Optional Spanning-Tree Features
Configuring Optional Spanning-Tree Features
Note You can use the spanning-tree portfast default global configuration command to globally enable the
Port Fast feature on all nontrunking STP ports.
To disable the Port Fast feature, use the spanning-tree portfast disable interface configuration
command.
Enabling BPDU Guard
When you globally enable BPDU guard on ports that are Port Fast-enabled (the ports are in a Port
Fast-operational state), spanning tree continues to run on the ports. They remain up unless they receive
a BPDU.
In a valid configuration, Port Fast-enabled interfaces do not receive BPDUs. Receiving a BPDU on a
Port Fast-enabled interface signals an invalid configuration, such as the connection of an unauthorized
device, and the BPDU guard feature puts the interface in the error-disabled state. The BPDU guard
feature provides a secure response to invalid configurations because you must manually put the interface
back in service. Use the BPDU guard feature in a service-provider network to prevent an access port
from participating in the spanning tree.
Caution Configure Port Fast only on STP ports that connect to end stations; otherwise, an accidental topology
loop could cause a data packet loop and disrupt switch and network operation.
You also can use the spanning-tree bpduguard enable interface configuration command to enable
BPDU guard on any STP port without also enabling the Port Fast feature. When the interface receives a
BPDU, it is put in the error-disabled state.
You can enable the BPDU guard feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature. This
procedure is optional.
Step 5
show spanning-tree interface
interface-id portfast
Verify your entries.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
spanning-tree portfast bpduguard default Globally enable BPDU guard. (By default, BPDU guard is
disabled.)
Note Globally enabling BPDU guard enables it only on STP
ports; the command has no effect on ports that are not
running STP.

Table of Contents

Other manuals for Cisco ME 3400

Preview: Command Reference Guide
Command Reference Guide872 pages
Preview: Command Reference
Command Reference950 pages
Preview: Getting Started Guide
Getting Started Guide32 pages
Preview: Hardware Installation Guide
Hardware Installation Guide88 pages

Related product manuals