Scribd Logo
Upload

Welcome to Scribd!

  • BPDU Guard

    Uploaded by

    Bijay Lama
    27 views2 pages
    BPDU guard is a security mechanism in Spanning Tree Protocol that disables a port if it receives any BPDU packets. This prevents issues like loops from occurring if an unauthorized switch is connected to the network. BPDU guard can be configured either on individual ports or globally on the switch. When enabled globally, it protects all ports configured as PortFast ports, which should only connect to end devices and not other switches. If a PortFast port receives a BPDU, it will be error disabled for protection.

    Original Description:

    Original Title

    6. BPDU Guard

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    BPDU guard is a security mechanism in Spanning Tree Protocol that disables a port if it receives any BPDU packets. This prevents issues like loops from occurring if an unauthorized switch is connected to the network. BPDU guard can be configured either on individual ports or globally on the switch. When enabled globally, it protects all ports configured as PortFast ports, which should only connect to end devices and not other switches. If a PortFast port receives a BPDU, it will be error disabled for protection.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views2 pages

    BPDU Guard

    Uploaded by

    Bijay Lama
    BPDU guard is a security mechanism in Spanning Tree Protocol that disables a port if it receives any BPDU packets. This prevents issues like loops from occurring if an unauthorized switch is connected to the network. BPDU guard can be configured either on individual ports or globally on the switch. When enabled globally, it protects all ports configured as PortFast ports, which should only connect to end devices and not other switches. If a PortFast port receives a BPDU, it will be error disabled for protection.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

     BPDU guard is one of multiple security mechanisms available in Spanning Tree to

    protect your Spanning Tree network.


     This could be something as simply, as a user connecting a chip, consume a switch
    to your network that doesn’t supports Spanning Tree and hence causing the loop
    or something malicious, such as an attacker plugging in a switch
     and making that switch the root of the Spanning Tree, so that the attacker can
    analyze your network traffic, that traverses that switch
     or it could be an attacker simply connecting a switch to your topology, lowering
    the priority and degrading the performance of your network considerably, by
    forcing the network traffic to go through a low-performance switch.
     So, one of the options you have to stop this is BPDU guard,
     which will disable a port if any BPDUs are received on that port.
     This is useful on ports that are going to be used as access ports and that should
    never be connected to another switch.
     In other words, ports that are gonna be configured as PortFast ports.

     There are 2 ways to configure BPDU guard


     you can either do it on a per-interface basis
     or configure it globally on the switch.
     on a per port basis you would type
     spanning-tree PortFast
     and then spanning-tree BPDU guard enable
     or globally on the switch, you can use the command spanning-tree PortFast default
    #left some GNS3 lab config #

    When BPDU guard is enabled globally on the switch


     it affects all ports that are configured as PortFast ports
     by default, BPDU guard is disabled.
     When you configure BPDU guard on the interface
     that port doesn’t have to be configured as a PortFast port
     if a BPDU is received on that port it would be error-disabled.
     So BPDU guard disables a support if any BPDUs are received on the port if you
    configure BPDU guard on the port.
     This is very useful, once again where port should have PCs connected to them
    and not end of the switch.
     When enabled globally on a switch, BPDU guard prevents problems with PortFast
    ports.
     PortFast should only be enabled on access ports connected to user devices and
    not to switches.
     When BPDU guard is enabled globally and a port is then configured as a PortFast port
    and it receives a BPDU, the port is error disabled.

    You might also like