Hello,

the BPDU guard operation       disables the port that has PortFast configured

This is not entirely precise. BPDUGuard can be activated in two distinct ways: either on all PortFast-enabled ports globally using the spanning-tree portfast bpduguard default command, or on a per-port basis using spanning-tree bpduguard enable command.

To the original poster:

From 5 different sources I have read that to enable bpduguard all I need to do is go to the interface and enter the command:
spanning-tree bpduguard enable

This is correct.

Basically I am trying to get BPDUGuard working so that if I plug it into a switch port the port is disabled.

If you want to test this you have to make sure that the BPDUGuard-protected port actually receives a BPDU. That means that the BPDUGuard-protected port must either be chosen as a root port by normal STP rules, or it must be an alternate port. If the port ends up as a designated port, then it is not going to receive BPDUs from the other switch and the BPDUGuard will not be triggered.

best regards,

Peter

Thanks usasugcis

I have found that the problem is mainly due to me trying to plug another cisco switch into the cisco switch with BPDUGuard enabled. If I use a newgear switch the port is disabled consistently but the Cisco switch clearly has some mechanism to bypass it so the port is not disabled.

thanks Peter,

Glad I have the right command.

As per above, I have found that if I plug in another cisco switch I have it doesn't seem to affect the BPDUGuard but a netgear I have works every time. I checked the spanning tree stat and it was designated so that does confirm what you said above.

Then only thing that I seem to now be confused by and I hope it is ok to ask here in this post although drifiting slightly away from topic is.....

Spanning tree - I understand that it prevent loops but is it not still used when you just have two switches plugged together with 1 cable?

Is there still not a root port etc?