C
HAPTER
34
| Spanning Tree Commands
– 1078 –
EXAMPLE
Console(config)#interface ethernet 1/5
Console(config-if)#spanning-tree edge-port
Console(config-if)#spanning-tree bpdu-filter
Console(config-if)#
RELATED COMMANDS
spanning-tree edge-port (1080)
spanning-tree
bpdu-guard
This command shuts down an edge port (i.e., an interface set for fast
forwarding) if it receives a BPDU. Use the no form without any keywords to
disable this feature, or with a keyword to restore the default settings.
SYNTAX
spanning-tree bpdu-guard [auto-recovery [interval interval]]
no spanning-tree bpdu-guard [auto-recovery [interval]]
auto-recovery - Automatically re-enables an interface after the
specified interval.
interval - The time to wait before re-enabling an interface.
(Range: 30-86400 seconds)
DEFAULT SETTING
BPDU Guard: Disabled
Auto-Recovery: Disabled
Auto-Recovery Interval: 300 seconds
COMMAND MODE
Interface Configuration (Ethernet, Port Channel)
COMMAND USAGE
◆ An edge port should only be connected to end nodes which do not
generate BPDUs. If a BPDU is received on an edge port, this indicates
an invalid network configuration, or that the switch may be under
attack by a hacker. If an interface is shut down by BPDU Guard, it must
be manually re-enabled using the no spanning-tree spanning-disabled
command if the auto-recovery interval is not specified.
◆ Before enabling BPDU Guard, the interface must be configured as an
edge port with the spanning-tree edge-port command. Also note that if
the edge port attribute is disabled on an interface, BPDU Guard will also
be disabled on that interface.
EXAMPLE
Console(config)#interface ethernet 1/5
Console(config-if)#spanning-tree edge-port
Console(config-if)#spanning-tree bpdu-guard
Console(config-if)#
To Next Page
Loading...
