1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 3100 Series
  6. Configuration manual

Configuration Prerequisites; Enabling Bpdu Guard - HP 3100 Series Configuration Manual

Hide thumbs
Table of Contents

Advertisement

BPDU guard
Root guard
Loop guard
TC-BPDU guard
BPDU drop

Configuration prerequisites

The spanning tree feature has been correctly configured on the device.

Enabling BPDU guard

For access layer devices, the access ports can directly connect to the user terminals (such as PCs)
or file servers. The access ports are configured as edge ports to allow rapid transition. When these
ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and
starts a new spanning tree calculation process. This causes a change of network topology. Under
normal conditions, these ports should not receive configuration BPDUs. However, if someone forges
configuration BPDUs maliciously to attack the devices, the network will become unstable.
The spanning tree protocol provides the BPDU guard function to protect the system against such
attacks. With the BPDU guard function enabled on the devices, when edge ports receive
configuration BPDUs, the system closes these ports and notifies the NMS that these ports have
been closed by the spanning tree protocol. The device will reactivate the closed ports after a
detection interval. For more information about this detection interval, see Fundamentals
Configuration Guide.
Configuration restrictions and guidelines
Configure BPDU guard on a device with edge ports configured.
You must enable BPDU guard on a port that directly connects to a user terminal rather than
another device or shared LAN segment.
BPDU guard does not take effect on loopback-testing-enabled ports. For more information
about loopback testing, see "Configuring Ethernet interfaces."
Enabling BPDU guard globally
BPDU guard is enabled on all edge ports if it is globally enabled. You can disable BPDU guard on
specific interfaces.
To enable BPDU guard globally:
Step
Enter system view.
1.
Enable BPDU guard
2.
globally.
Enter interface view or port
3.
group view.
(Optional.) Disable BPDU
4.
guard.
Command
system-view
stp bpdu-protection
Enter Layer 2 Ethernet
interface view or Layer 2
aggregate interface view:
interface interface-type
interface-number
Enter port group view:
port-group manual
port-group-name
stp port bpdu-protection disable
85
Remarks
N/A
By default, BPDU guard is
globally disabled.
N/A
By default, BPDU guard is
enabled on all edge ports if it is
globally enabled.

Advertisement

Table of Contents
loading

Related Manuals for HP 3100 Series

Related Content for HP 3100 Series

Table of Contents