set protocols spanning-tree pvst interface bpdu-guard
- Tracy Yang
The set protocols spanning-tree pvst interface bpdu-guard command configures BPDU-guard on a physical port or a LAG port for Rapid-PVST+ mode.
Command Syntax
set protocols spanning-tree pvst interface <interface-name> bpdu-guard <true | false>
Parameter
Parameter | Description |
interface <interface-name> | Specifies a port name. The value is a string that can be set to a physical port name or a LAG port. |
bpdu-guard <true | false> | Enables or disables BPDU-guard on a port. The value could be true or false.
By default, BPDU-guard is disabled. |
Usage Guidelines
An edge port will lose edge port attributes after receiving BPDUs. To prevent attackers from forging BPDUs to change edge ports to non-edge ports, you can run the set protocols spanning-tree pvst interface <interface-name> bpdu-guard true command to configure BPDU guard on a switching device.
After BPDU guard is enabled on a switching device, the switching device shuts down the edge port if the edge port receives a BPDU. To restore the interface, run the set interface gigabit-ethernet <interface-name> disable false commands manually.
Example
- Enable BPDU-guard on port ge-1/1/1.
admin@Xorplus# set protocols spanning-tree pvst interface ge-1/1/1 bpdu-guard true admin@Xorplus# commit
Copyright © 2024 Pica8 Inc. All Rights Reserved.