With a review of the switching technologies and how they operate now in mind, let’s take a specific look at implementing security features on our switches.
When you enable BPDU Guard, a switch port that was forwarding stops and disables the port if a BPDU is seen inbound on the port. A user should never be generating legitimate BPDUs. This configuration, applied to ports that should only be access ports to end stations, helps to prevent another switch (that is sending BPDUs) from being connected to the network. This could prevent manipulation of your current STP topology. Example 9-7