Configuring BPDU Guard
Configure BPDU Guard to block the root selection process or to prevent BPDU flooding from unknown devices.
Procedure
Example
Enable BPDU Guard on port 1/8, and specify a timer value of 200 seconds. Verify the configuration.
Switch:1>enable Switch:1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch:1(config)#interface gigabitEthernet 1/8 Switch:1(config-if)#spanning-tree bpduguard enable Switch:1(config-if)#spanning-tree bpduguard timeout 200 Switch:1(config-if)#show spanning-tree bpduguard 1/8 ============================================================ Bpdu Guard ============================================================ Port PORT PORT TIMER BPDUGUARD NUM MLTID ADMIN_STATE OPER_STATE TIMEOUT COUNT ADMIN_STATE ---------------------------------------------------------------- 1/8 Up Up 200 0 Enabled
Variable definitions
Use the data in the following table to use the spanning-tree bpduguard commands.
Variable |
Value |
---|---|
enable |
Enables BPDU Guard on the port. The default is disabled. |
port {slot/port[/sub-port][-slot/port[/sub-port]][,...]} |
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port. |
timeout <0, 10-65535> |
Specifies the value to use for port-state recovery. After a BPDU guard disables a port, the port remains in the disabled state until this timer expires. You can configure a value from 10 to 65535. The default is 120 seconds. If you configure the value to 0, the expiry is infinity. |
Use the data in the following table to use the show spanning-tree bpduguard command.
Variable |
Value |
---|---|
{slot/port[/sub-port][-slot/port[/sub-port]][,...]} |
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port. |