Notifies the NMS that these ports have been shut down by the spanning tree protocol.
•
The device reactivates the shutdown ports after a detection interval. For more information about this
detection interval, see Fundamentals Configuration Guide.
BPDU guard does not take effect on loopback-testing-enabled ports. For more information about
loopback testing, see
Configure BPDU guard on a device with edge ports configured.
To enable BPDU guard:
Step
Enter system view.
1.
2.
Enable the BPDU guard
function for the device.
Enabling root guard
The root bridge and secondary root bridge of a spanning tree should be located in the same MST region.
Especially for the CIST, the root bridge and secondary root bridge are put in a high-bandwidth core
region during network design. However, due to possible configuration errors or malicious attacks in the
network, the legal root bridge might receive a configuration BPDU with a higher priority. Another device
supersedes the current legal root bridge, causing an undesired change of the network topology. The
traffic that should go over high-speed links is switched to low-speed links, resulting in network
congestion.
To prevent this situation, MSTP provides the root guard function. If root guard is enabled on a port of a
root bridge, this port plays the role of designated port on all MSTIs. After this port receives a
configuration BPDU with a higher priority from an MSTI, it performs the following tasks:
Immediately sets that port to the listening state in the MSTI.
•
Does not forward the received configuration BPDU.
•
This is equivalent to disconnecting the link connected with this port in the MSTI. If the port receives no
BPDUs with a higher priority within twice the forwarding delay, it reverts to its original state.
On a port, the loop guard function and the root guard function are mutually exclusive.
Configure root guard on a designated port.
To enable root guard:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet or
aggregate interface view.
3.
Enable the root guard
function.
"Configuring Ethernet
Command
system-view
stp bpdu-protection
Command
system-view
interface interface-type interface-number
stp root-protection
interfaces."
105
Remarks
N/A
By default, BPDU guard is
disabled.
Remarks
N/A
N/A
By default, root guard is
disabled.