Chapter 2 Catalyst 2960 Switch Cisco IOS Commands
spanning-tree bpduguard
Use the spanning-tree bpduguard interface configuration command to put an interface in the
error-disabled state when it receives a bridge protocol data unit (BPDU). Use the no form of this
command to return to the default setting.
Syntax Description
disable
enable
Defaults
BPDU guard is disabled.
Command Modes
Interface configuration
Command History
Release
12.2(25)FX
Usage Guidelines
The BPDU guard feature provides a secure response to invalid configurations because you must
manually put the interface back in service. Use the BPDU guard feature in a service-provider network
to prevent an interface from being included in the spanning-tree topology.
You can enable the BPDU guard feature when the switch is operating in the per-VLAN spanning-tree
plus (PVST+), rapid-PVST+, or the multiple spanning-tree (MST) mode.
You can globally enable BPDU guard on all Port Fast-enabled interfaces by using the spanning-tree
portfast bpduguard default global configuration command.
You can use the spanning-tree bpduguard interface configuration command to override the setting of
the spanning-tree portfast bpduguard default global configuration command.
Examples
This example shows how to enable the BPDU guard feature on a port:
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# spanning-tree bpduguard enable
You can verify your setting by entering the show running-config privileged EXEC command.
78-16882-01
spanning-tree bpduguard {disable | enable}
no spanning-tree bpduguard
Disable BPDU guard on the specified interface.
Enable BPDU guard on the specified interface.
Modification
This command was introduced.
spanning-tree bpduguard
Catalyst 2960 Switch Command Reference
2-421