That is true. Having spanning tree portfast enabled puts the port directly in the forwarding state. Having the port configured with portfast prevents the switch from participating in spanning tree which could prevent a layer two loop if enabled. BPDU guard is designed to shut a port down if a BPDU is received on the port. Portfast is designed to have an end user such as a PC, IP phone...etc not a network device. Bpduguard will put the port immediately into errdisable when it receives a BPDU.
BPDU guard is not on by default on a portfast port, unless bpduguard has been enabled globally on the switch.
These are two ways to enable BPDU guard:
1. Globally for all portfast enabled ports switch(config)#spanning-tree portfast bpduguard default
2. On the individual ports
switch(config-if)#spanning-tree bpduguard enable
So if you have it turned on globally, all ports that are portfast will have bpduguard aswell. You can use the interface configuration command to override the global setting if you wish to disable bpduguard on individual portfast switchports.
"By default, BPDU guard is disabled on all switch ports. You can configure BPDU guard as a global default. affecting all switch ports with a single command. All ports that have PortFast enabled also have BPDU guard automatically enabled."
I am not disputing that is not on by default.
Even if I do not have bpdu guard enabled globally, this last statement tells me that when i issue the portfast command, bpdu guard is automatically enabled on that specific port.
My two sources do not align, so I am trying to figure out which one is correct. My understanding is that I can have bpdu guard on a port without putting portfast on, but I can't have portfast on a port without bpdu guard, if it is automatically enabled on the port by issuing the portfast command.
I think what you are seeing is mediocre technical writing. I'm almost certain the last sentence should have read "Once global BPDU guard is enabled, then all ports that have PortFast enabled also have BPDU guard automatically enabled".
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...