CCNA 2.7.b: BPDU Guard


BPDUGuard protects against loops that STP can't protect against when PortFast is enabled


Study Notes:

  • BPDU Guard complements the functionality of PortFast
  • On PortFast-enabled ports, BPDU Guard provides the protection against Layer 2 loops that STP cannot provide when STP PortFast is enabled
  • In a valid configuration, PortFast Layer 2 LAN interfaces (edge ports) do not receive BPDUs
  • When enabled on a port, BPDU Guard shuts down a port that receives a BPDU
  • When configured globally, BPDU Guard is only effective on ports in the operational PortFast (edge) state
  • Reception of a BPDU by a PortFast Layer 2 LAN interface signals an invalid configuration, such as connection of an unauthorized device
  • BPDU Guard provides a secure response to invalid configurations, because the administrator must manually put the Layer 2 LAN interface back in service
  • BPDU Guard can be configured at the interface level
  • When configured at the interface level, BPDU Guard shuts the port down as soon as the port receives a BPDU, regardless of the PortFast configuration
  • When enabled globally, BPDU Guard applies to all interfaces that are in an operational PortFast (edge) state.


PacketTracer Lab: CCNA-2.7.b-How-to-configure-BPDU-Guard.pkt

Subscribe Now for access to the labs!


Leave a Reply
Built by TrailSix