实验原理:
BPDU Guard 主要是和portfast 特性配合使用,portfast 使得接口一有计算机接入就立即进入转发状态,然而万一这个接口接入的是交换机很可能造成环路。BPDU Guard可以使得portfast 接口一旦接收到BPDU,就关闭该接口
第一步:把sw1和sw2之间的链路配置成trunk
sw1(config)#int f0/13
sw1(config-if)#switchport mode trunk
sw2(config-if-range)#int f0/13
sw2(config-if)#sw mo trunk
第二步:配置sw1为根桥
sw1(config)#spanning-tree vlan 1 priority 8192
//配置sw1为根桥,则sw2上f0/13接口为根端口,
sw2# sh spa
Interface Role Sts Cost Prio.Nbr Type
Fa0/13 Root FWD 19 128.13 P2p
Fa0/15 Desg FWD 19 128.15 P2p
第三步:在sw2的f0/15上配置根防护
sw2(config-if)#spanning-tree guard root
//防止连接到f0/15成为根
第四步:配置sw3的桥ID,更高的优先级
sw3(config)#spanning-tree vlan 1 priority 4096
//配置了上面这个,f0/15就有可能成为根端口,但是我们在f0/15开启了根防护,那么f0/15则会怎么样?看看下面
sw2#%SPANTREE-2-ROOTGUARDBLOCK: Port 0/15 tried to become non-designated in VLAN 1.
Moved to root-inconsistent state
//S2 将从f0/15 收到S3 发送的更优的BPDU,然而由于该接口上配置Root guard,S2 的接
口进入阻断状态。
则f0/13原为根端口
sw2#sh spanning-tree
VLAN0001
Fa0/13 Root FWD 19 128.13 P2p
Fa0/15 Desg LSN 19 128.15 P2p
第五步:配置BPDU guard
sw2(config)#spanning-tree portfast
sw2(config)#spanning-tree bpduguard enable
sw2(config)#int f0/15
sw2(config-if)#no sh
//开启f0/15端口
%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to up
sw2(config-if)#%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/15 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on 0/15, putting 0/15 in err-disable state
//BPDUguard使f0/15处于err-disable状态
%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to down