Following are the modes in which we can configure BPDU Gaurd in switches
spanning-tree bpduguard enable (Puts port in errdisable upon receiving any bpdu).
spanning-tree portfast bpduguard default (It enables bpduguard on ports that have port-fast configuration, puts port in errdisable upon receiving a bpdu).
Once BPDU Guard is enabled it will keep an eye open for any BPDU's entering the access ports. The only devices which can reliably create and transmit BPDU's are switches.Our main aim to have a predictable topology and not allow other switches outside our control onto our network. If a rogue switch is introduced into our topology it will in most cases transmit a BPDU, if the rogue switch has "better" values than the existing Root Bridge it will cause a topology change in the switched network. Any topology change is bad news for the users.
You are most welcome.
This again is a very good option,however if ur switch port is connected to a hub supporting more than 1 user than in that case u would not be able to use this command as it would allow only one mac-address through it thus preventing other eligible data from legal hosts.But if u have only one host connected to that port then i would recommend it otherwise in a full fledged network the "spanning-tree bpduguard enable "is a good option.
Brill. So I have got the below from that command. Is this setup correctly to only allow 1 MAC address on that port?
Port Security : Enabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Your later note, about using switch-port security, is probably your best option (because unmanaged switches and hubs aren't really visible - also unmanaged switches won't generate BPDUs).