- configure the topology as per the diagram
- configure portfast default
- configure BPDU Guard
- make sure switch 3 gig 1/0/3 does not become root in our network.
Switch#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0003.E47B.8B03
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0003.E47B.8B03
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 4 128.1 P2p
Gi1/0/2 Desg FWD 4 128.2 P2p
Switch(config)#spanning-tree portfast default
Switch(config)#spanning-tree portfast bpduguard default
- configure the topology as per the diagram.
- configure the link between the switches.
- configure switch 2 fa 0/1 as L3 port in order to test STP BPDU guard.
- configure BPDU guard and Portfast on switch 1.
SW-2(config)#interface fastEthernet 0/1
SW-2(config-if)#no switchport
SW-2(config-if)#ip address 192.168.1.1 255.255.255.0
SW-2(config-if)#exit
SW-1(config)#vlan 10
SW-1(config-vlan)#name sales
SW-1(config-vlan)#exit
SW-1(config)#interface fastEthernet 0/1
SW-1(config-if)#switchport mode access
SW-1(config-if)#switchport access vlan 10
SW-1(config-if)#spanning-tree portfast
SW-1(config-if)#spanning-tree bpduguard enable
SW-1(config-if)#exit
(we are going to change the SW-1 fa0/1 interface L2 to verify BPDU guard)
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/1 with BPDU Guard enabled. Disabling port.