set protocols spanning-tree stp interface bpdu-guard
- Tracy Yang
The set protocols spanning-tree stp interface bpdu-guard command configures a physical port or a LAG port as a BPDU-guard port for STP mode.
Command Syntax
set protocols spanning-tree stp interface <interface-name> bpdu-guard <true | false>
Parameter
Parameter | Description |
interface <interface-name> | Specifies a port name. The value is a string that can be set to a physical port name or a LAG port. |
bpdu-guard <true | false> | Enables or disables BPDU-guard on a port. The value could be true or false.
By default, BPDU-guard is disabled. |
Usage Guidelines
An edge port will lose edge port attributes after receiving BPDUs. To prevent attackers from forging BPDUs to change edge ports to non-edge ports, you can run the set protocols spanning-tree pvst interface <interface-name> bpdu-guard true command to configure BPDU guard on a switching device.
After BPDU guard is enabled on a switching device, the switching device shuts down the edge port if the edge port receives a BPDU. To restore the interface, run the set interface gigabit-ethernet <interface-name> disable false commands manually.
Example
- Configure the port ge-1/1/1 as a BPDU-guard port.
admin@Xorplus# set protocols spanning-tree stp interface ge-1/1/1 bpdu-guard true admin@Xorplus# commit
Copyright © 2024 Pica8 Inc. All Rights Reserved.