spanning-tree bpdu-guard
Syntax
spanning-tree bpdu-guard
no spanning-tree bpdu-guard
Description
Enables the BPDU guard on the switch interface. When BPDU guard is enabled, interfaces receiving MSTP BPDUs remain disabled.
BPDU protection is a security feature designed to protect the active MSTP topology by preventing spoofed BPDU packets from entering the MSTP domain. In a typical implementation, BPDU protection would be applied to edge ports connected to end user devices that do not run MSTP. If MSTP BPDU packets are received on a protected port, this feature disables that port and alerts the network manager via an SNMP trap.
Occasionally a hardware or software failure can cause MSTP to fail, creating forwarding loops that can cause network failures where unidirectional links are used. The non-designated port transitions in a faulty manner because the port is no longer receiving MSTP BPDUs.
The
no
form of the command sets the BPDU guard status to the default of disabled on the interface.
Command context
config-if
Authority
Administrators
Examples
Enabling the BPDU guard on interface 1/1/1:
switch(config)# interface 1/1/1 switch(config-if)# spanning-tree bpdu-guard
Disabling BPDU guard on interface 1/1/1:
switch(config)# interface 1/1/1 switch(config-if)# no spanning-tree bpdu-guard