Spanning Tree protection
BPDU Guard
- Prevent loops if another switch is attached to Portfast port
- When enabled on interface port goes in error-disabled state if BPDU is received
- Can be enabled on global configuration mode
BPDU Filter:
· If enabled on interface mode it prevents the port from sending or receiving BPDU Switch(cofig-if)#spanning-tree bpdufilter enable
· If enabled globally if portfast interface receive the BPDU it take out portfast status Switch(config)#spanning-treee portfast bpdufilter default
Root Guard
- Prevent other switch becoming root bridge
- Enabled on ports other than the root port and on the switches other than root switch
- Root guard port receives a BPDU that might cause it to become a root port, then the port is put into “root inconsistent” state and does not pass traffic through it.
- But if port stops receiving these BPDU, it automatically re-enables itself Switch(config)#spanning-tree guard root.