12.BPDU Attack Protection Commands
BPDU (Bridge Protocol Data Unit) is a spanning tree protocol and a
packet to detect loops. In general, it is not received by any other than
specific ports. If BPDU packets were received by an unexpected port, a
loop failure may have occurred or an unauthorized Switching Hub may
have been added, resulting in the path change.
BPDU Attack Protection is a function to protect network by setting
actions, such as discarding packets or shutting down ports, when
receiving unexpected BPDU packets.
The commands are used to configure the Switching Hub to send SNMP trap
notification or log when packets are discarded or ports are shut down because of the
protection function. You can also configure to recover the state automatically after a
specified time or manually by a network administrator.
config bpdu_protection ports [<portlist> | all] {state [enable | disable] | mode [drop | block |
shutdown]}(1)
config bpdu_protection recovery_timer [<sec 60-1000000> | infinite]
config bpdu_protection [trap | log] [none | attack_detected | attack_cleared | both]
enable bpdu_protection
disable bpdu_protection
show bpdu_protection {ports {<portlist>}}
Figure 12-1 BPDU Attack Protection overview
12. BPDU Attack Protection Commands
107