Читать книгу CCNP Enterprise Certification Study Guide: Implementing and Operating Cisco Enterprise Network Core Technologies - Ben Piper, David Higby Clinton - Страница 81

Although BPDU Guard and BPDU Filter have confusingly similar names, they have opposite effects. BPDU Guard error-disables a port if it receives a BPDU. This is useful if someone accidentally connects a cheap workgroup switch to a port that's meant for an end user. The interface command to enable it is spanning-tree bpduguard enable.

Rather than issuing this command on every interface, you can issue the global command spanning-tree portfast edge bpduguard default. This will automatically enable BPDU Guard for any interface that has PortFast enabled.

When an interface is error-disabled, you must reenable it manually by shutting and unshutting the port. Alternatively, you can have IOS automatically reenable the port after a period of time using the following global configuration commands:

errdisable recovery cause bpduguard errdisable recovery interval 30

BPDU Filter prevents a switch from sending or processing received BPDUs. This effectively ensures that the port is always in a forwarding state, even if it creates a loop. The interface command to unconditionally enable BPDU Filter is spanning-tree bpdufilter enable.

If you want to enable BPDU Filter only on access ports in PortFast mode, you can instead use the global configuration command spanning-tree portfast edge bpdufilter default. This will not enable BPDU Filter if the port is trunked, even if it's in PortFast trunk mode.