cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1005
Views
0
Helpful
4
Replies

BPDU Guard

gdwingnuts
Level 1
Level 1

I understand what BPDU accomplishes but I have a question about its initial configuration.  If BPDU is configured on all switchports how does that affect your initial configuration and rollout?  In other words, if you set up a new network and connect a downstream switch to a port on another switch what prevents that switch from shutting the port down due to the BPDUs received?  Is there a specific command required on the Trunk Link or should it NOT be configured on Trunk Links?

Thanks,

~cb

2 Accepted Solutions

Accepted Solutions

Mohamed Sobair
Level 7
Level 7

Hi,

I dont recommend setting it on a trunk link. This is a security feature prevents the Switch from recieving BPDU on a port by putting the port into errdisable state.

you should set it on edge ports where hosts are connected.


Sample config:

interface x/y

spanning-tree portfast

spanning-tree bpduguard enable

HTH

Mohamed

View solution in original post

Mohamed Sobair
Level 7
Level 7

Yes, BPDUS sent from all switches , however disabling spanning tree for a particular vlan would disable a BPDU to be sent for that VLAN.

HTH

Mohamed

View solution in original post

4 Replies 4

Mohamed Sobair
Level 7
Level 7

Hi,

I dont recommend setting it on a trunk link. This is a security feature prevents the Switch from recieving BPDU on a port by putting the port into errdisable state.

you should set it on edge ports where hosts are connected.


Sample config:

interface x/y

spanning-tree portfast

spanning-tree bpduguard enable

HTH

Mohamed

So is BPDU data sent from switches that have it disabled?  Is it sent from all switches?

Thanks,

~cb

Mohamed Sobair
Level 7
Level 7

Yes, BPDUS sent from all switches , however disabling spanning tree for a particular vlan would disable a BPDU to be sent for that VLAN.

HTH

Mohamed

Hi Gdwingnuts,

Basically we use this feature for the security concern, so as to protect against any undesired switch to come in to action in our Network. so we only configure our all edge port with this BPDU gaurd feature as suggested by Sobir. Since Host doesn't sent BPDU's on regular interval as sent by all switches, it is not goint to disable or affect in any sense to our network. So it is a good practise to configure all our Host pointed port i.e. edge port with BPDU guard.

Though you should never configure your trunk link with this feature, as on receiving a BPDU for opposite end switch, it will automatically disable port which is configured in Trunk mode, preventing your trunk link to work as normal.

Regards,

Hardik

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: