hit counter script

Enabling Bpdu Filtering - Cisco Catalyst 2960 Software Configuration Manual

Hide thumbs Also See for Catalyst 2960:
Table of Contents

Advertisement

Configuring Optional Spanning-Tree Features
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown
vlan global configuration command to shut down just the offending VLAN on the port where the
violation occurred.
The BPDU guard feature provides a secure response to invalid configurations because you must
manually put the port back in service. Use the BPDU guard feature in a service-provider network to
prevent an access port from participating in the spanning tree.
Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop
Caution
could cause a data packet loop and disrupt switch and network operation.
You also can use the spanning-tree bpduguard enable interface configuration command to enable
BPDU guard on any port without also enabling the Port Fast feature. When the port receives a BPDU, it
is put it in the error-disabled state.
You can enable the BPDU guard feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature. This
procedure is optional.
Command
Step 1
configure terminal
Step 2
spanning-tree portfast bpduguard default
Step 3
interface interface-id
Step 4
spanning-tree portfast
Step 5
end
Step 6
show running-config
Step 7
copy running-config startup-config
To disable BPDU guard, use the no spanning-tree portfast bpduguard default global configuration
command.
You can override the setting of the no spanning-tree portfast bpduguard default global configuration
command by using the spanning-tree bpduguard enable interface configuration command.

Enabling BPDU Filtering

When you globally enable BPDU filtering on Port Fast-enabled interfaces, it prevents interfaces that are
in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs
at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering
on a switch so that hosts connected to these interfaces do not receive BPDUs. If a BPDU is received on
a Port Fast-enabled interface, the interface loses its Port Fast-operational status, and BPDU filtering is
disabled.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
18-14
Chapter 18
Purpose
Enter global configuration mode.
Globally enable BPDU guard.
By default, BPDU guard is disabled.
Specify the interface connected to an end station, and enter
interface configuration mode.
Enable the Port Fast feature.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring Optional Spanning-Tree Features
OL-26520-01

Advertisement

Table of Contents
loading

This manual is also suitable for:

Catalyst 2960-s

Table of Contents