1
00:00:00,900 --> 00:00:02,500
Notice in this example once again

2
00:00:05,210 --> 00:00:15,970
that BPDU Guard is enabled globally for Portfast ports on the switch, we type the command spanning tree,

3
00:00:15,970 --> 00:00:19,320
portfast, edge, BPDU Gaurd default.

4
00:00:19,330 --> 00:00:23,440
So if a portfast port receives a BPDU it will be shut down.

5
00:00:23,440 --> 00:00:31,850
So as an example show interface gigabit 01, this port is currently up.

6
00:00:31,930 --> 00:00:35,840
It is not configured as a portfast port.

7
00:00:36,250 --> 00:00:39,310
If that port was configured as a portfast port

8
00:00:42,160 --> 00:00:46,580
and we receive a BPDU on that port the port is shut down.

9
00:00:46,780 --> 00:00:54,520
So as soon as we typed the command and a BPDU was received the port was disabled, get rid of spanning tree

10
00:00:54,600 --> 00:01:04,879
portfast, shut the port down, no shut the port, the port will come up again show spanning tree.

11
00:01:05,050 --> 00:01:09,300
The port is up but it's in the blocking state.

12
00:01:09,310 --> 00:01:21,620
So it's been blocked by spanning tree but the port is up up. On switch 2 however, we configured BPDU guard

13
00:01:21,740 --> 00:01:31,950
directly on the port, the port is error disabled even though Portfast wasn't configured so soon as

14
00:01:31,950 --> 00:01:39,680
spanning tree, BPDU Guard is enabled on the port, the port goes error disabled when a BPDU is received. I'll remove

15
00:01:39,680 --> 00:01:46,820
that command from the port, shut it down and no shut it port comes up.

16
00:01:48,100 --> 00:01:51,890
So do show interface gigabit 02,

17
00:01:52,540 --> 00:01:59,960
currently the port is up up as soon as I enable BPDU Guard.

18
00:02:00,910 --> 00:02:05,630
We should see that the port goes error disable and there you go.

19
00:02:05,970 --> 00:02:10,930
Port is error disabled because the BPDU was received on the switch.

20
00:02:10,930 --> 00:02:17,460
So it's quite clear through the output to see that the port was shut down because of BPDU Guard.

21
00:02:17,890 --> 00:02:23,330
Once again if I remove that the port doesn't come up again.

22
00:02:23,530 --> 00:02:33,560
You have to shut the port down and then no shut it to re-enable the port so show interface gigabit 02

23
00:02:33,600 --> 00:02:45,720
port is currently up up, show spanning tree port is in the blocking state because it's a backup port

24
00:02:46,080 --> 00:02:47,730
in this network.

25
00:02:47,730 --> 00:02:54,930
So once again if you enable portfast on your switches ensure that you enable BPDU guard as an extra

26
00:02:54,930 --> 00:02:56,190
protection mechanism.