as far as I know stp-protect can be enabled on the end station port to prevent port from initiate or participate on STP topology, also bpdu-guard can be configured on the end station port to disable the port if a BPDU is received on that port. So I don't see the difference between two of them.
You can enable STP Protection on a per-port basis.
To prevent an end station from initiating or participating in STP topology changes, enter the following command at the Interface level of the CLI.
device#(config) interface ethernet 2 device#(config-if-e1000-2)#stp-protect
This command causes the port to drop STP BPDUs sent from the device on the other end of the link.
Enter the no form of the command to disable STP protection on the port.
So STP Protect drops BPDUs coming in and err-disables the port.
BPDU guard Will err-disable ports where BPDUs are reflected back into the switch.....meaning there is a loop and it will open up the loop.
- 412 Conversations
- 186 Followers