Yes but I want to enable specifically on some ports but not on some. My problem is the port is suppose to go err-disabled once it receives BPDUs on the port. But for some reason the port goes forwarding. even when BPDUs appear on the port. Could be a bug but I just want to make sure that I am not missing anything.
You can enable bpduguard individually on a port with the command 'spanning-tree bpduguard enable' under the interface. If the port receives any BPDU then it would put the port in err-disabled state. The admin has to shut and no shut to reenable the port.
The output below is from a 3550 switch.
SW1-3550#show int f0/11 status
Port Name Status Vlan Duplex Speed Type
Fa0/11 connected 1 a-full a-100 10/100BaseTX
SW1-3550#show run int f0/11
Current configuration : 69 bytes
switchport mode dynamic desirable
Enter configuration commands, one per line. End with CNTL/Z.
bpdufilter Don't send or receive BPDUs on this interface
bpduguard Don't accept BPDUs on this interface
cost Change an interface's spanning tree port path cost
guard Change an interface's spanning tree guard mode
link-type Specify a link type for spanning tree protocol use
mst Multiple spanning tree
port-priority Change an interface's spanning tree port priority
portfast Enable an interface to move directly to forwarding on link up
From what I can see your config looks correct. The output from show spanning-tree shows that the port has not received any BPDU packets. Remember BPDU guard takes the port into an err-disable mode if it receives BPDU packets, it does not prevent BPDU packets from being transmitted.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...