Enabling bpdu filtering – Dell POWEREDGE M1000E User Manual

20-14

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 20 Configuring Optional Spanning-Tree Features

Configuring Optional Spanning-Tree Features

The BPDU guard feature provides a secure response to invalid configurations because you must
manually put the port back in service. Use the BPDU guard feature in a service-provider network to
prevent an access port from participating in the spanning tree.

Caution

Configure Port Fast only on ports that connect to end stations; otherwise, an accidental topology loop
could cause a data packet loop and disrupt switch and network operation.

You also can use the spanning-tree bpduguard enable interface configuration command to enable
BPDU guard on any port without also enabling the Port Fast feature. When the port receives a BPDU, it
is put it in the error-disabled state.

You can enable the BPDU guard feature if your switch is running PVST+, rapid PVST+, or MSTP.

Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature. This
procedure is optional.

To disable BPDU guard, use the no spanning-tree portfast bpduguard default global configuration
command.

You can override the setting of the no spanning-tree portfast bpduguard default global configuration
command by using the spanning-tree bpduguard enable interface configuration command.

Enabling BPDU Filtering

When you globally enable BPDU filtering on Port Fast-enabled interfaces, it prevents interfaces that are
in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs
at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU
filtering on a switch so that hosts connected to these interfaces do not receive BPDUs. If a BPDU is
received on a Port Fast-enabled interface, the interface loses its Port Fast-operational status, and BPDU
filtering is disabled.

Caution

Configure Port Fast only on interfaces that connect to end stations; otherwise, an accidental topology
loop could cause a data packet loop and disrupt switch and network operation.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

spanning-tree portfast bpduguard default

Globally enable BPDU guard.

By default, BPDU guard is disabled.

Step 3

interface interface-id

Specify the interface connected to an end station, and enter
interface configuration mode.

Step 4

spanning-tree portfast

Enable the Port Fast feature.

Step 5

end

Return to privileged EXEC mode.

Step 6

show running-config

Verify your entries.

Step 7

copy running-config startup-config

(Optional) Save your entries in the configuration file.