spanning-tree bpduguard
spanning-tree bpduguard
To put an interface in the error-disabled state when it receives a bridge protocol data unit (BPDU), use
the spanning-tree bpduguard command in interface configuration mode. To return to the default
setting, use the no form of this command.
Syntax Description
disable
enable
Defaults
BPDU guard is disabled.
Command Modes
Interface configuration
Command History
Release
12.2(52)EY
Usage Guidelines
The BPDU guard feature provides a secure response to invalid configurations because you must
manually put the STP port back in service. Use the BPDU guard feature in a service-provider network
to prevent an interface from being included in the spanning-tree topology.
You can enable the BPDU guard feature when the switch is operating in the per-VLAN spanning-tree
plus (PVST+), the rapid-PVST+, or the multiple spanning-tree (MST) mode.
You can globally enable BPDU guard on all Port Fast-enabled STP ports by using the spanning-tree
portfast bpduguard default global configuration command.
You can use the spanning-tree bpduguard interface configuration command on an STP port to override
the setting of the spanning-tree portfast bpduguard default global configuration command.
You can verify your setting by entering the show running-config privileged EXEC command.
Examples
This example shows how to enable the BPDU guard feature on a port:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# spanning-tree bpduguard enable
Cisco ME 3800X and ME 3600X Switch Command Reference
-16
spanning-tree bpduguard {disable | enable}
no spanning-tree bpduguard
Disables BPDU guard on the specified STP port.
Enables BPDU guard on the specified STP port.
Modification
This command was introduced.
Chapter
OL-28238-01