Should I enable BPDU guard when connection to host machine?

Userlevel 1

I am using vlan-aware mode which will going to connect host at port swp1. Since it will no need to exchange spanning tree and avoid mistake when connecting another switch into this port.

So I would like to enable BPDU guard.

1. Does following config is correct?

auto bridge
iface bridge
alias bridge01
bridge-ports swp1
bridge-vids 10 20 30 40 50 100-200
bridge-vlan-aware yes
mstpctl-treeprio 32768

auto swp1
iface swp1
mstpctl-portadminedge yes
mstpctl-bpduguard yes

2. With example from manual

which it including enable "mstpctl-portadminedge yes". As I understand it is similar to portfast setup. Why it will including it for safe learning time of spanning tree?


1 reply

Userlevel 3
1) Yes, the config looks fine for the bridge.
2) The reason it is safe to run a host connection as an edge port is most hosts don't run spanning tree, and do not route or bridge packets. Therefore edge ports move into forwarding faster in terms of STP. The bpdu guard is configured to prevent a situation where a host is accidentally configured with a bridge. The switch port is set DOWN upon reception of a BPDU, to prevent a spanning tree loop.