Enabling and configuring PVST+ on an interface

Follow these steps to enable and configure PVST+ on an interface.

The ports and parameters can be configured individually on a system by:

Entering the commands in steps 1, and 2
Running the relevant addition steps and parameter commands
Verifying the result
Saving the configuration

For detailed descriptions of the parameters and features, see the sections STP parameters and STP features.

Enter global configuration mode.
```
device# configure terminal
```

Enable PVST+.

device(config)# protocol spanning-tree pvst

Enter interface configuration mode.

device(config-pvst)# interface ethernet 0/3

Enable spanning tree on the interface.

device(conf-if-eth-0/3)# no spanning-tree shutdown

Configure the interface link type.

device(conf-if-eth-0/3)# spanning-tree link-type point-to-point

Specify the port priority to influence the selection of root or designated ports.
```
device(conf-if-eth-0/3)# spanning-tree priority 64
```
The range is from 0 through 240 in increments of 16. The default value is 128.
Configure the path cost for spanning tree calculations on the interface.
```
device(conf-if-eth-0/3)# spanning-tree cost 10000
```
The lower the path cost means a greater chance that the interface becomes the root port. The range is 1 through 200000000. The default path cost is assigned as per the port speed.
Configure the path cost for spanning tree calculations a specific VLAN.
```
device(conf-if-eth-0/3)# spanning-tree vlan 10 cost 10000 
```
The lower the path cost means a greater chance that the interface becomes the root port. The range is 1 through 200000000. The default path cost is assigned as per the port speed.
Enable root guard on the interface.
```
device(conf-if-eth-0/3)# spanning-tree guard root
```
Root guard protects the root bridge from malicious attacks and unintentional misconfigurations where a bridge device that is not intended to be the root bridge becomes the root bridge.
Enable BPDU guard on the interface.
```
device(conf-if-eth-0/3)# spanning-tree port-fast bpdu-guard
```
BPDU guard removes a node that reflects BPDUs back in the network. It enforces the STP domain borders and keeps the active topology predictable by not allowing any network devices behind a BPDU guard-enabled port to participate in STP.
Enable BPDU filtering on the interface.
```
device(conf-if-eth-0/3)# spanning-tree port-fast bpdu-filter
```
BPDU filtering allows you to avoid transmitting BPDUs on ports that are connected to an end system.
Return to privileged EXEC mode.
```
device(conf-if-eth-0/3)# exit
```

Verify the configuration.

device# show spanning-tree brief

 Spanning-tree Mode: PVST Protocol

      Root ID      Priority 4096
                   Address 768e.f805.5800
                   Hello Time 8, Max Age 25, Forward Delay 20

      Bridge ID    Priority 4096
                   Address 768e.f805.5800
                   Hello Time 8, Max Age 25, Forward Delay 20

 Interface    Role  Sts  Cost       Prio  Link-type     Edge
 ------------------------------------------------------------
 Eth 0/3      DES   FWD  200000     64    P2P            No

Observe that the settings comply with the formula set out in the STP parameters section, as:

(2 × (forward delay - 1)) ≥ maximum age ≥ (2 × (hello time + 1))

or in this case :38 ≥ 25 ≥ 18.

Save the configuration.

device# copy running-config startup-config

PVST+ on an interface configuration example

device# configure terminal
device(config)# protocol spanning-tree pvst
device(conf-pvst)# interface ethernet 0/3
device(conf-if-eth-0/3)# no spanning-tree shutdown
device(conf-if-eth-0/3)# spanning-tree link-type point-to-point
device(conf-if-eth-0/3)# spanning-tree priority 64
device(conf-if-eth-0/3)# spanning-tree cost 10000
device(conf-if-eth-0/3)# spanning-tree vlan 10 cost 10000 
device(conf-if-eth-0/3)# spanning-tree guard root
device(conf-if-eth-0/3)# spanning-tree port-fast bpdu-guard
device(conf-if-eth-0/3)# exit
device# show spanning-tree 
device# copy running-config startup-config