Chapter 18
| Spanning Tree Commands
– 443 –
spanning-tree
bpdu-guard
This command shuts down an edge port (i.e., an interface set for fast forwarding) if
it receives a BPDU. Use the
no
form without any keywords to disable this feature, or
with a keyword to restore the default settings.
Syntax
spanning-tree
bpdu-guard
[
auto-recovery
[
interval
interval]]
no spanning-tree
bpdu-guard
[
auto-recovery
[
interval
]]
auto-recovery
- Automatically re-enables an interface after the specified
interval.
interval - The time to wait before re-enabling an interface. (Range: 30-86400
seconds)
Default Setting
BPDU Guard: Disabled
Auto-Recovery: Disabled
Auto-Recovery Interval: 300 seconds
Command Mode
Interface Configuration (Ethernet, Port Channel)
Command Usage
◆
An edge port should only be connected to end nodes which do not generate
BPDUs. If a BPDU is received on an edge port, this indicates an invalid network
configuration, or that the switch may be under attack by a hacker. If an
interface is shut down by BPDU Guard, it must be manually re-enabled using
the no
spanning-tree spanning-disabled command if the auto-recovery
interval is not specified.
◆
BPDU guard can only be configured on an interface if the edge port attribute is
not disabled (that is, if edge port is set to enabled or auto with the spanning-
tree edge-port command).
Example
Console(config)#interface ethernet 1/5
Console(config-if)#spanning-tree edge-port
Console(config-if)#spanning-tree bpdu-guard
Console(config-if)#
Related Commands
spanning-tree edge-port (445)
spanning-tree spanning-disabled (453)
To Next Page
Loading...
Need help?
General
