As described previously in the overview of SpanGuard and Autounlock, this feature enables Extreme Networks switching devices to detect unauthorized bridges in your network, resolving the threat of repeated topology change notifications or new root bridge announcements causing a Denial of Service (DoS) condition. It prevents Spanning Tree respans that can occur when BPDUs are received on user ports and notifies you (network management) they were attempted.
If a SpanGuard enabled port receives a BPDU, it becomes locked and transitions to the blocking state. It will only transition out of the blocking state after a globally specified time or when it is manually unlocked.
By default, SpanGuard is globally disabled and must be globally enabled to operate on all user ports. For configuration information, refer to Configuring SpanGuard.