Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

The set protocols spanning-tree stp interface bpdu-guard command configures a physical port or a LAG port as a BPDU-guard port for STP mode.

Command Syntax

set protocols spanning-tree stp interface <interface-name> bpdu-guard <true | false>




interface <interface-name>

Specifies a port name. The value is a string that can be set to a physical port name or a LAG port.

bpdu-guard <true | false>

Enables or disables BPDU-guard on a port. The value could be true or false.

  •   true: enables BPDU-guard.
  •   false: disables BPDU-guard.

By default, BPDU-guard is disabled.

Usage Guidelines

An edge port will lose edge port attributes after receiving BPDUs. To prevent attackers from forging BPDUs to change edge ports to non-edge ports, you can run the set protocols spanning-tree pvst interface <interface-name> bpdu-guard true command to configure BPDU guard on a switching device.

After BPDU guard is enabled on a switching device, the switching device shuts down the edge port if the edge port receives a BPDU. To restore the interface, run the set interface gigabit-ethernet <interface-name> disable false commands manually.


  • Configure the port ge-1/1/1 as a BPDU-guard port.
admin@Xorplus# set protocols spanning-tree stp interface ge-1/1/1 bpdu-guard true
admin@Xorplus# commit
  • No labels