16-7
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 16 Configuring Optional Spanning-Tree Features Configuring Optional Spanning-Tree Features
Note You can use the spanning-tree portfast default global configuration command to globally enable the
Port Fast feature on all nontrunking STP ports.
To disable the Port Fast feature, use the spanning-tree portfast disable interface configuration
command.
Enabling BPDU Guard
When you globally enable BPDU guard on ports that are Port Fast-enabled (the ports are in a Port
Fast-operational state), spanning tree continues to run on the ports. They remain up unless they receive
a BPDU.
In a valid configuration, Port Fast-enabled interfaces do not receive BPDUs. Receiving a BPDU on a
Port Fast-enabled interface signals an invalid configuration, such as the connection of an unauthorized
device, and the BPDU guard feature puts the interface in the error-disabled state. The BPDU guard
feature provides a secure response to invalid configurations because you must manually put the interface
back in service. Use the BPDU guard feature in a service-provider network to prevent an access port
from participating in the spanning tree.
Caution Configure Port Fast only on STP ports that connect to end stations; otherwise, an accidental topology
loop could cause a data packet loop and disrupt switch and network operation.
You also can use the spanning-tree bpduguard enable interface configuration command to enable
BPDU guard on any STP port without also enabling the Port Fast feature. When the interface receives a
BPDU, it is put in the error-disabled state.
You can enable the BPDU guard feature if your switch is running PVST+, rapid PVST+, or MSTP.
Beginning in privileged EXEC mode, follow these steps to globally enable the BPDU guard feature. This
procedure is optional.
Step 5 show spanning-tree interface
interface-id portfast Verify your entries.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 spanning-tree portfast bpduguard default Globally enable BPDU guard. (By default, BPDU guard is
disabled.)
Note Globally enabling BPDU guard enables it only on STP
ports; the command has no effect on ports that are not
running STP.