Spanning-tree BPDU Guard is one of the features that help
you protect your spanning-tree topology
BPDU Guard prevents loops if another switch is attached to a
Portfast port. When BPDU Guard is enable on an interface, it is put into an
error-disable state basically shutdown, if a BPDU is received on the interface.
It can be enabled at either global configuration mode or at interface mode.
If any BDU is received on a port where BPDU Guard is enable,
that port immediately is put into the err-disable state and it must be either
manually reenable or automatically recover through the error disable timeout
function.
By default, BPDU Guard is disabled on all switch port. You must
use BPDU Guard on all switch ports where spanning tree Portfast is enable.
let see the configuration:-
Toology:
Goal:
- configure the topology as per the diagram.
- configure the link between the switches.
- configure switch 2 fa 0/1 as L3 port in order to test STP BPDU guard.
- configure BPDU guard and Portfast on switch 1.
SW-2(config)#interface fastEthernet 0/1
SW-2(config-if)#no switchport
SW-2(config-if)#ip address 192.168.1.1 255.255.255.0
SW-2(config-if)#exit
SW-1(config)#vlan 10
SW-1(config-vlan)#name sales
SW-1(config-vlan)#exit
SW-1(config)#interface fastEthernet 0/1
SW-1(config-if)#switchport mode access
SW-1(config-if)#switchport access vlan 10
SW-1(config-if)#spanning-tree portfast
SW-1(config-if)#spanning-tree bpduguard enable
SW-1(config-if)#exit
(we are going change the sw-1 fa0/1 interface L2 to verify BPDU guard)
SW-2(config)#int fastEthernet 0/1
SW-2(config-if)#switchport
SW-1#
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/1 with BPDU Guard enabled. Disabling port.
1 comment:
Look like some images aren't loading :(
Nevertheless, the guide is great
Post a comment