BPDU guard is a portfast feature that protects your spanning tree on edge ports (Access ports). It (in layman's terms) monitors your port for BPDUs. If it see's one (presumably from an unauthorized switch, hub or host), it shuts the port down (err-disabled). This feature is configured in network locations in which you do not want to see a device attempting to participate in spanning tree and potentially forcing the network into a constant state of reconvergence (by flooding the network with Topology Change Notifications or TCNs) or becoming root bridge, which can have some very serious implications in a switched environment.
Please rate if helpful.
Message was edited by: Antonio Knox