The set protocols spanning-tree mstp interface bpdu-guard command configures a physical port or a LAG port as a BPDU-guard port for MSTP mode.


Command Syntax

set protocols spanning-tree mstp interface <interface-name> bpdu-guard <true | false>

Parameter

Parameter

Description

interface <interface-name>

Specifies a port name. The value is a string that can be set to a physical port name or a LAG port.

bpdu-guard <true | false>

Enables or disables BPDU-guard on a port. The value could be true or false.

  •   true: enables BPDU-guard.
  •   false: disables BPDU-guard.

By default, BPDU-guard is disabled.


Usage Guidelines

An edge port will lose edge port attributes after receiving BPDUs. To prevent attackers from forging BPDUs to change edge ports to non-edge ports, you can run the set protocols spanning-tree mstp interface <interface-name> bpdu-guard true command to configure BPDU guard on a switching device.

After BPDU guard is enabled on a switching device, the switching device shuts down the edge port if the edge port receives a BPDU. To restore the interface, run the set interface gigabit-ethernet <interface-name> disable false command manually.


Example

admin@Xorplus# set protocols spanning-tree mstp interface ge-1/1/1 bpdu-guard true
admin@Xorplus# commit