High Secure Mode; Spanning Tree Bpdu Filtering - Avaya 8800 Planning And Engineering, Network Design
Ethernet routing switch
Hide thumbs
Also See for 8800:
- Troubleshooting manual (484 pages) ,
- Planning and engineering (306 pages) ,
- Configuration manual (226 pages)
Table of Contents
Advertisement
You can also use the predefined Access Control Template (ACT) for ARP spoof detection. For more
information about this ACT, see Avaya Ethernet Routing Switch 8800/8600 Configuration — QoS
and IP Filtering for R and RS Modules, NN46205-507.
High Secure mode
To ensure that the Avaya Ethernet Routing Switch 8800/8600 does not route packets with an illegal
source address of 255.255.255.255 (in accordance with RFC 1812 Section 4.2.2.11 and RFC 971
Section 3.2), you can enable High Secure mode.
By default, this feature is disabled. When you enable this flag, the feature is applied to all ports
belonging to the same OctaPid (group of 8 10/100 Mbit/s ports [8648 modules].
For more information about hsecure, see Avaya Ethernet Routing Switch 8800/8600 Security,
NN46205-601.
Spanning Tree BPDU filtering
To prevent unknown devices from influencing the Spanning Tree topology, the Avaya Ethernet
Routing Switch 8800/8600 supports Bridge Protocol Data Unit (BPDU) Filtering for Avaya Spanning
Tree Groups (STPG), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol
(MSTP).
With BPDU Filtering, the network administrator can achieve the following:
• Block an unwanted root selection process when an edge device (for example, a laptop running
Linux and enabled with STP) is added to the network. This prevents unknown devices from
influencing an existing spanning tree topology.
• Block the flooding of BPDUs from an unknown device.
When a port has BPDU Filtering enabled and the port receives an STP BPDU, the following actions
take place:
• The port is immediately put in the operational disabled state.
• A trap is generated and the following log message is written to the log: Ethernet <x> is
shut down by BPDU Filter
• The port timer starts.
• The port stays in the operational disabled state until the port timer expires.
If you disable the timer or reset the switch before the timer expires, the port remains in the disabled
state. If you disable BPDU Filtering while the timer is running, the timer stops and the port remains
in the disabled state. You must then manually enable the port to return it to the normal mode.
The STP BPDU Filtering feature is not supported on MLT/IST/SMLT/RSMLT ports.
For more information about BPDU Filtering, Avaya Ethernet Routing Switch 8800/8600
Configuration — VLANs and Spanning Tree (NN46205-517).
June 2016
Planning and Engineering — Network Design
Comments on this document? infodev@avaya.com
Damage prevention
271
Advertisement
Table of Contents
