Reference Guide
BPDUs using the spanning-tree guard loop command. After BPDUs are received, the port moves out of
the Loop-Inconsistent (or blocking) state and transitions to an appropriate state determined by STP. Enabling loop
guard on a per port basis enables it on all VLANs congured on the port. If you disable loop guard on a port, it is
moved to the Listening state.
If you enable BPDU lter and BPDU guard on the same port, the BPDU lter conguration takes precedence. Root guard and loop guard
are mutually exclusive. Conguring one overwrites the other from the active conguration.
• Enable spanning-tree BPDU lter in INTERFACE mode. Use the spanning-tree bpdufilter disable command to disable the
BPDU lter on the interface.
spanning-tree bpdufilter enable
• Enable spanning-tree BPDU guard in INTERFACE mode.
spanning-tree bpduguard enable
– Use the shutdown command to shut down the port channel interface, all member ports that are disabled in the hardware.
– Use the spanning-tree bpduguard disable command to add a physical port to a port-channel already in the Error Disable
state, the new member port is also disabled in the hardware.
• Set the guard types to avoid loops in INTERFACE mode.
spanning-tree guard {loop | root | none}
– loop — Set the guard type to loop.
– none — Set the guard type to none.
–
root — Set the guard type to root.
BPDU lter
OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable
OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4
ethernet1/1/4 of vlan1 is designated Blocking
Edge port:no (default) port guard :none (default)
Link type is point-to-point (auto)
Boundary: NO bpdu filter : Enable bpdu guard : bpduguard shutdown-on-
violation :disable RootGuard: enable LoopGuard disable
Bpdus (MRecords) sent 134, received 138
Interface Designated
Name PortID Prio Cost Sts Cost Bridge ID PortID
--------------------------------------------------------------------------
ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.272
BPDU guard
OS10(config)# interface ethernet 1/1/4
OS10(conf-if-eth1/1/4)# spanning-tree bpduguard enable
OS10(conf-if-eth1/1/4)# exit
OS10(config)# interface ethernet 1/1/4
OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4
ethernet1/1/4 of vlan1 is designated Blocking
Edge port:no (default) port guard :none (default)
Link type is point-to-point (auto)
Boundary: NO bpdu filter : Enable bpdu guard : bpduguard shutdown-on-
violation :enable RootGuard: enable LoopGuard disable
Bpdus (MRecords) sent 134, received 138
Interface Designated
Name PortID Prio Cost Sts Cost Bridge ID PortID
------------------------------------------------------------------
ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.272
Loop guard
OS10(config)# interface ethernet 1/1/4
OS10(conf-if-eth1/1/4)# spanning-tree guard loop
OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4
ethernet1/1/4 of vlan1 is root Forwarding
Edge port:no (default) port guard :none (default)
Link type is point-to-point (auto)
Layer 2
231