CCNP(BCMSN)实验：配置PortFast BPDU Guard和Root Guard

实验原理：
BPDU Guard 主要是和portfast 特性配合使用，portfast 使得接口一有计算机接入就立即进入转发状态，然而万一这个接口接入的是交换机很可能造成环路。BPDU Guard可以使得portfast 接口一旦接收到BPDU，就关闭该接口

第一步：把sw1和sw2之间的链路配置成trunk

sw1(config)#int f0/13
sw1(config-if)#switchport mode trunk

sw2(config-if-range)#int f0/13
sw2(config-if)#sw mo trunk

第二步：配置sw1为根桥

sw1(config)#spanning-tree vlan 1 priority 8192
//配置sw1为根桥，则sw2上f0/13接口为根端口，

sw2# sh spa
Interface Role Sts Cost Prio.Nbr Type

Fa0/13 Root FWD 19 128.13 P2p
Fa0/15 Desg FWD 19 128.15 P2p

第三步：在sw2的f0/15上配置根防护

sw2(config-if)#spanning-tree guard root
//防止连接到f0/15成为根

第四步：配置sw3的桥ID，更高的优先级

sw3(config)#spanning-tree vlan 1 priority 4096
//配置了上面这个，f0/15就有可能成为根端口，但是我们在f0/15开启了根防护，那么f0/15则会怎么样？看看下面

sw2#%SPANTREE-2-ROOTGUARDBLOCK: Port 0/15 tried to become non-designated in VLAN 1.
Moved to root-inconsistent state
//S2 将从f0/15 收到S3 发送的更优的BPDU，然而由于该接口上配置Root guard，S2 的接
口进入阻断状态。

则f0/13原为根端口
sw2#sh spanning-tree
VLAN0001

Fa0/13 Root FWD 19 128.13 P2p
Fa0/15 Desg LSN 19 128.15 P2p

第五步：配置BPDU guard

sw2(config)#spanning-tree portfast
sw2(config)#spanning-tree bpduguard enable

sw2(config)#int f0/15
sw2(config-if)#no sh
//开启f0/15端口

%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to up

sw2(config-if)#%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/15 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on 0/15, putting 0/15 in err-disable state
//BPDUguard使f0/15处于err-disable状态
%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/15, changed state to down

标签：f0,BPDU,15,state,Guard,CCNP,sw2,config
来源： https://blog.51cto.com/starshomes/2541297