# BPDU Guard

BPDU Guard, will block a port as soon as it detects Spanning Tree packets (BPDU).\
This means in practice, when a managed switch with Spanning-Tree protocol is connected, and it's not a FortiSwitch, it will shutdown the port.\
Clients should not send spanning-tree packets.

It's a per port setting and can be enabled in the GUI:

In the CLI it's possible to change the bpdu-guard timeout from the default 5min value to another:

```
config switch-controller managed-switch
    edit <switch-id>
        config ports
            edit <port>
                set stp-bpdu-guard enabled
                set stp-bpdu-guard-timeout <mins>
            next
        end
    next
end 
```

Display BPDU Guard status for each switch

```
FG60E # diagnose switch-controller switch-info bpdu-guard-status  S448EFTF23007146
Vdom: root
Managed Switch : S448EFTF23001234 0


  Portname             State      Status       Timeout(m)    Count    Last-Event
  _________________   _______    _________    ___________    _____   __________________

  port2              disabled       -              -             -            -
  port3              disabled       -              -             -            -
  port4              disabled       -              -             -            -
  port5              disabled       -              -             -            -
  port6              disabled       -              -             -            -
  port7              disabled       -              -             -            -
  port8              disabled       -              -             -            -
  port9              disabled       -              -             -            -
  port10             disabled       -              -             -            -
  port11             disabled       -              -             -            -
  port12             disabled       -              -             -            -
  port13             enabled      Triggered        5             2     2023-10-15 14:41:04
  port14             enabled        -              5             0            -
  port15             enabled        -              5             0            -
```

Reset BPDU Guard:&#x20;

```
FG60E # execute switch-controller switch-action bpdu-guard reset <switch-id> <port>
```

Log Entries:

<figure><img src="/files/o0ugBJWD3HOdPpSul2Mc" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sanderzegers.gitbook.io/fortiswitch/spanning-tree/bpdu-guard.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.