20-14
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-12247-04
Chapter 20 Configuring Optional Spanning-Tree Features
Configuring Optional Spanning-Tree Features
The BPDU guard feature provides a secure response to invalid configurations because you must
manually put the port back in service. Use the BPDU guard feature in a service-provider network to
prevent an access port from participating in the spanning tree.
Caution
Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop
could cause a data packet loop and disrupt switch and network operation.
You also can use the
spanning-tree bpduguard enable
interface configuration command to enable
BPDU guard on any port without also enabling the Port Fast feature. When the port receives a BPDU, it
is put it in the error-disabled state.
You can enable the BPDU guard feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature. This
procedure is optional.
To disable BPDU guard, use the
no spanning-tree portfast bpduguard default
global configuration
command.
You can override the setting of the
no spanning-tree portfast bpduguard default
global configuration
command by using the
spanning-tree bpduguard enable
interface configuration command.
Enabling BPDU Filtering
When you globally enable BPDU filtering on Port Fast-enabled interfaces, it prevents interfaces that are
in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs
at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU
filtering on a switch so that hosts connected to these interfaces do not receive BPDUs. If a BPDU is
received on a Port Fast-enabled interface, the interface loses its Port Fast-operational status, and BPDU
filtering is disabled.
Caution
Configure Port Fast only on interfaces that connect to end stations; otherwise, an accidental topology
loop could cause a data packet loop and disrupt switch and network operation.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
spanning-tree portfast bpduguard default
Globally enable BPDU guard.
By default, BPDU guard is disabled.
Step 3
interface
interface-id
Specify the interface connected to an end station, and enter
interface configuration mode.
Step 4
spanning-tree portfast
Enable the Port Fast feature.
Step 5
end
Return to privileged EXEC mode.
Step 6
show running-config
Verify your entries.
Step 7
copy running-config startup-config
(Optional) Save your entries in the configuration file.