BPDU – Bridge Protocol Data Unit
BPDU frames are frames generated by the Spanning-Tree protocol.
– Announce yourself to other Switches
– Receive Spanning-Tree information from neighbors.
In the previous article, we saw the usefulness of PortFast.
The BPDUGuard allows you to ignore all BPDU frames received on a port using the PortFast
Why activate the BPDU Guard
Let's take this architecture as an example:
– PVST is enabled by default
– All of our equipment has Bridge-ID value by default.
– The Switch B at the lowest MAC address, so it becomes the ROOT-BRIDGE.
PVST concludes the following topology:
In the shoes of a Pirate
I have a computer with two network cards.
I connect to the Switch B and C.
I generate BPDU frames on my two interfaces with a Bridge ID lower than the current root-bridge.
I become the Root Bridge of Spanning Tree topology!!
The topology is recalculated by PVST:
Our topology to change,
All streams pass through the "Pirate"!
He has two options:
– Behaving like a Switch (to retrieve information)
– Denial of service.
If the BPDUGuard is activated on an interface and it receives a BPDU frame, the port will go into ERR-DISABLE.
This allows the network administrator to deal with the source of the problem while keeping the spanning-tree topology operational.
We have a Switch 24 ports Fast Ethernet – 2 Ports GigaBitEthernet:
Fast Ethernet ports will serve as our customer access port
GigaBitEthenet ports are going to be our Trunk ports.
We want to activate portfast at all our customer access ports.
To do this, two solutions:
Activate BPDUGuard port by port
Switch (config) - range interface Fa 0/1 - 24 Switch (config-if) spanning-tree bpduguard enable
Activate the BPDUGuard for all Switch ports
Switch (config) spanning-tree portfast default Switch (config) spanning-tree portfast bpduguard default Switch (config) - range interface Gi 1/1 - 2 Switch (config-if) - spanning-tree portfast disable
The spanning-tree portfast default allows the PortFast to be activated on all ports of the switch.
The spanning-tree portfast bpduguard default allows bpDUGuard to be activated at all ports using the PortFast.
The disable portfast spanning-tree control disables the previously activated PortFast. As a result, the BPDUGuard will also be disabled.
If you activate the Portfast, also activate the BPDU Guard!
Hoping this article has been helpful to you! Don't hesitate to let me know!!
This site has other network items, take the opportunity to browse the menu bar!