Scribd
Upload
142 views2 pages

BPDU Guard

BPDU guard is a security mechanism in Spanning Tree Protocol that disables a port if it receives any BPDU packets. This prevents issues like loops from occurring if an unauthorized switch is connected to the network. BPDU guard can be configured either on individual ports or globally on the switch. When enabled globally, it protects all ports configured as PortFast ports, which should only connect to end devices and not other switches. If a PortFast port receives a BPDU, it will be error disabled for protection.

Uploaded by

Bijay Lama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
142 views2 pages

BPDU Guard

BPDU guard is a security mechanism in Spanning Tree Protocol that disables a port if it receives any BPDU packets. This prevents issues like loops from occurring if an unauthorized switch is connected to the network. BPDU guard can be configured either on individual ports or globally on the switch. When enabled globally, it protects all ports configured as PortFast ports, which should only connect to end devices and not other switches. If a PortFast port receives a BPDU, it will be error disabled for protection.

Uploaded by

Bijay Lama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

 BPDU guard is one of multiple security mechanisms available in Spanning Tree to

protect your Spanning Tree network.


 This could be something as simply, as a user connecting a chip, consume a switch
to your network that doesn’t supports Spanning Tree and hence causing the loop
or something malicious, such as an attacker plugging in a switch
 and making that switch the root of the Spanning Tree, so that the attacker can
analyze your network traffic, that traverses that switch
 or it could be an attacker simply connecting a switch to your topology, lowering
the priority and degrading the performance of your network considerably, by
forcing the network traffic to go through a low-performance switch.
 So, one of the options you have to stop this is BPDU guard,
 which will disable a port if any BPDUs are received on that port.
 This is useful on ports that are going to be used as access ports and that should
never be connected to another switch.
 In other words, ports that are gonna be configured as PortFast ports.

 There are 2 ways to configure BPDU guard


 you can either do it on a per-interface basis
 or configure it globally on the switch.
 on a per port basis you would type
 spanning-tree PortFast
 and then spanning-tree BPDU guard enable
 or globally on the switch, you can use the command spanning-tree PortFast default
#left some GNS3 lab config #

When BPDU guard is enabled globally on the switch


 it affects all ports that are configured as PortFast ports
 by default, BPDU guard is disabled.
 When you configure BPDU guard on the interface
 that port doesn’t have to be configured as a PortFast port
 if a BPDU is received on that port it would be error-disabled.
 So BPDU guard disables a support if any BPDUs are received on the port if you
configure BPDU guard on the port.
 This is very useful, once again where port should have PCs connected to them
and not end of the switch.
 When enabled globally on a switch, BPDU guard prevents problems with PortFast
ports.
 PortFast should only be enabled on access ports connected to user devices and
not to switches.
 When BPDU guard is enabled globally and a port is then configured as a PortFast port
and it receives a BPDU, the port is error disabled.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy