Hammer, You don't have to enable BPDUGuard globally if a given interface is already configured with " spanning-tree bpduguard enable". I ran a quick test, displayed below to demonstrate this.
The global option enables BPDUGuard for all portfast ports. However, for the global option to work, the portfast enabled ports have to be in access mode, I ran another test for the global option and the port didn't go in to err-disable state until the port was set to access mode. Hope this helps. interface FastEthernet0/19 switchport mode dynamic desirable spanning-tree portfast spanning-tree bpduguard enable Switch(config-if)#no shut 01:13:52: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/19 with BPDU Guard enabled. Disabling port. 01:13:52: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/19, putting Fa0/19 in err-disable state 01:13:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to down 01:13:54: %LINK-3-UPDOWN: Interface FastEthernet0/19, changed state to down Switch(config-if)#do sh run int | inc bpduguard default Switch(config)#do sh int status err Port Name Status Reason Fa0/19 err-disabled bpduguard I would appreciate any feedback from the veterans if my comments are not correct. Thank you, Mesikoo -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Hammer Sent: Thursday, February 10, 2011 11:01 AM To: [email protected] Subject: [OSL | CCIE_RS] VOL1 LAB2 2.22 DSG --- BPDUGuard global vs. local The DSG for implementing BPDUGuard says "Even though we've enable portfast on these ports, BPDUGuard is not enable by default unless you have entered a global command (spanning-tree portfast bpduguard default)" I'm confused by this. Is it saying that even though I've configured BPDUGuard on the port I still need to enable it globally? That's not what I'm seeing on CCO. Can someone clarify? Or am I just misinterpreting it? --Hammer-- _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
