Can anyone tell me if the virtual switch in VMware generates BPDUs towards its external (real) ports? I don't think it can do, but I would like some confirmation.
I am trying to decide whether to enable bpduguard on switchports that connect to a VMware host. The links are dot1q trunks; the VMware virtual switch adds the 802.1Q tag according to the virtual machine it is hosting.
If the virtual switch does not generate BPDUs towards the external ports, then I am inclined to enable bpduguard, just to protect against any cabling accidents.
Spanning Tree Protocol Not Needed
VMware Infrastructure enforces a single-tier networking topology. In other words, there is no way to interconnect multiple virtual switches, thus the network cannot be configured
to introduce loops. As a result, Spanning Tree Protocol (STP) is not needed and is not present.