Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
A bridge protocol data unit (BPDU) is a data message transmitted across a local area network to detect loops in network topologies. ABPDU contains information regarding ports, switches, port priority and addresses. BPDUs contain the information necessary to configure and maintain spanning tree topology.
BPDU Guard feature is used to protect the Layer 2 Spanning Tree Protocol (STP) Topology from BPDU related attacks. BPDU Guard feature must be enabled on a port that should never receive a BPDU from its connected device. If a switch port which is configured with Spanning Tree Protocol (STP) PortFast feature, it must be connected to an end device (For exampe: workstation, server, printer etc). The PortFast is enabled only on access ports to speed the transition of access port to STP forwarding state. End devices are not supposed to generate BPDUs, because in a normal network environment, BPDU messages are exchanged by network switches.
BPDU Guard feature can be enabled globally at Global configuration mode or per interface at Interface configuration mode. When a BPDU Guard enabled port receive BPDU from the connected device, BPDU Guard disables the port and the port state is changed to Errdisable state.
BPDU stands for Bridge Protocol Data Unit, which is a packet of data, sent out on local area networks or LANs, that works to detect loops in a network. Loops can cause duplicate data packets to be sent out, which can take up bandwidth on a network. BPDU guard protects computers from receiving unauthorized data packets that may contain computer viruses.