CCNA 2.7.b: BPDU Guard
BPDUGuard protects against loops that STP can't protect against when PortFast is enabled
- BPDU Guard complements the functionality of PortFast
- On PortFast-enabled ports, BPDU Guard provides the protection against Layer 2 loops that STP cannot provide when STP PortFast is enabled
- In a valid configuration, PortFast Layer 2 LAN interfaces (edge ports) do not receive BPDUs
- When enabled on a port, BPDU Guard shuts down a port that receives a BPDU
- When configured globally, BPDU Guard is only effective on ports in the operational PortFast (edge) state
- Reception of a BPDU by a PortFast Layer 2 LAN interface signals an invalid configuration, such as connection of an unauthorized device
- BPDU Guard provides a secure response to invalid configurations, because the administrator must manually put the Layer 2 LAN interface back in service
- BPDU Guard can be configured at the interface level
- When configured at the interface level, BPDU Guard shuts the port down as soon as the port receives a BPDU, regardless of the PortFast configuration
- When enabled globally, BPDU Guard applies to all interfaces that are in an operational PortFast (edge) state.
PacketTracer Lab: CCNA-2.7.b-How-to-configure-BPDU-Guard.pkt
Subscribe Now for access to the labs!