In your CCNA studies, you learned about PortFast and the trouble it can cause if configured on the wrong port! Suitable only for switch ports connected directly to a single host, PortFast allows a port running STP to go directly from blocking to forwarding mode.

A Cisco router will give you a warning when you configure PortFast:

SW1(config)#int fast 0/5

SW1(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION

%Portfast has been configured on FastEthernet0/5 but will only

have effect when the interface is in a non-trunking mode.

SW1(config-if)#

Not only will the switch warn you about the proper usage of PortFast, but you must put the port into access mode before PortFast will take effect.

Now, you'd think that would be enough of a warning, right? But there is a chance - just a chance - that someone is going to manage to connect a switch to a port running Portfast. That could lead to two major problems, the first being the formation of a switching loop. Remember, the reason we have listening and learning modes is to help prevent switching loops. The next problem is that there could be a new root bridge elected - and it could be a switch that isn't even in your network!

BPDU Guard protects against this disastrous possibility. If any BPDU comes in on a port that's running BPDU Guard, the port will be shut down and placed into error disabled state, shown on the switch as err-disabled. A port placed in err-disabled state must be reopened manually.

BPDU Guard is off on all ports by default, and is enabled as shown here:

SW1(config)#int fast 0/5

SW1(config-if)#spanning-tree bpduguard enable

It's a good idea to enable BPDU Guard on any port you're running PortFast on. There's no cost in overhead, and it does prevent the possibility of a switch sending BPDUs into a port configured with PortFast - not to mention the possibility of a switch not under your control becoming a root switch to your network!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNP and CCNA tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

You can also join his RSS feed and visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website.

For a FREE copy of his latest e-books, “How To Pass The CCNA� and “How To Pass The CCNP�, just visit the website! You can also get FREE CCNA and CCNP exam questions every day! Pass the CCNP exam with The Bryant Advantage!

Article Source: http://EzineArticles.com/?expert=Chris_Bryant