set protocols spanning-tree pvst interface bpdu-guard


The set protocols spanning-tree pvst interface bpdu-guard command configures BPDU-guard on a physical port or a LAG port for Rapid-PVST+ mode.


Command Syntax

set protocols spanning-tree pvst interface <interface-name> bpdu-guard <true | false>


Parameter

Parameter

Description

interface <interface-name>

Specifies a port name. The value is a string that can be set to a physical port name or a LAG port.

bpdu-guard <true | false>

Enables or disables BPDU-guard on a port. The value could be true or false.

  •   true: enables BPDU-guard.
  •   false: disables BPDU-guard.

By default, BPDU-guard is disabled.


Usage Guidelines

An edge port will lose edge port attributes after receiving BPDUs. To prevent attackers from forging BPDUs to change edge ports to non-edge ports, you can run the set protocols spanning-tree pvst interface <interface-name> bpdu-guard true command to configure BPDU guard on a switching device.

After BPDU guard is enabled on a switching device, the switching device shuts down the edge port if the edge port receives a BPDU. To restore the interface, run the set interface gigabit-ethernet <interface-name> disable false commands manually.


Example

  • Enable BPDU-guard on port ge-1/1/1.
admin@Xorplus# set protocols spanning-tree pvst interface ge-1/1/1 bpdu-guard true
admin@Xorplus# commit

Copyright © 2024 Pica8 Inc. All Rights Reserved.