Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BPDU Guard

I understand what BPDU accomplishes but I have a question about its initial configuration.  If BPDU is configured on all switchports how does that affect your initial configuration and rollout?  In other words, if you set up a new network and connect a downstream switch to a port on another switch what prevents that switch from shutting the port down due to the BPDUs received?  Is there a specific command required on the Trunk Link or should it NOT be configured on Trunk Links?

Thanks,

~cb

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: BPDU Guard

Hi,

I dont recommend setting it on a trunk link. This is a security feature prevents the Switch from recieving BPDU on a port by putting the port into errdisable state.

you should set it on edge ports where hosts are connected.


Sample config:

interface x/y

spanning-tree portfast

spanning-tree bpduguard enable

HTH

Mohamed

Re: BPDU Guard

Yes, BPDUS sent from all switches , however disabling spanning tree for a particular vlan would disable a BPDU to be sent for that VLAN.

HTH

Mohamed

4 REPLIES

Re: BPDU Guard

Hi,

I dont recommend setting it on a trunk link. This is a security feature prevents the Switch from recieving BPDU on a port by putting the port into errdisable state.

you should set it on edge ports where hosts are connected.


Sample config:

interface x/y

spanning-tree portfast

spanning-tree bpduguard enable

HTH

Mohamed

New Member

Re: BPDU Guard

So is BPDU data sent from switches that have it disabled?  Is it sent from all switches?

Thanks,

~cb

Re: BPDU Guard

Yes, BPDUS sent from all switches , however disabling spanning tree for a particular vlan would disable a BPDU to be sent for that VLAN.

HTH

Mohamed

New Member

Re: BPDU Guard

Hi Gdwingnuts,

Basically we use this feature for the security concern, so as to protect against any undesired switch to come in to action in our Network. so we only configure our all edge port with this BPDU gaurd feature as suggested by Sobir. Since Host doesn't sent BPDU's on regular interval as sent by all switches, it is not goint to disable or affect in any sense to our network. So it is a good practise to configure all our Host pointed port i.e. edge port with BPDU guard.

Though you should never configure your trunk link with this feature, as on receiving a BPDU for opposite end switch, it will automatically disable port which is configured in Trunk mode, preventing your trunk link to work as normal.

Regards,

Hardik

626
Views
0
Helpful
4
Replies