No Agreement Check Configuration Example; Configuring Protection Functions; Enabling Bpdu Guard - HP FlexFabric 12900 Series Configuration Manual

No Agreement Check configuration example

Network requirements
As shown in
implementation. Both devices are in the same region.
The third-party device (Device B) is the regional root bridge, and Device A is the downstream device.
Figure 26 Network diagram
Configuration procedure
# Enable No Agreement Check on Ten-GigabitEthernet 1/0/1 of Device A.
<DeviceA> system-view
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] stp no-agreement-check

Configuring protection functions

A spanning tree device supports the following protection functions:
BPDU guard
•
Root guard
•
Loop guard
•
• Port role restriction
TC-BPDU transmission restriction
•
TC-BPDU guard
•

Enabling BPDU guard

For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file
servers. The access ports are configured as edge ports to allow rapid transition. When these ports
receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new
spanning tree calculation process. This causes a change of network topology. Under normal conditions,
these ports should not receive configuration BPDUs. However, if someone uses configuration BPDUs
maliciously to attack the devices, the network will become unstable.
The spanning tree protocol provides the BPDU guard function to protect the system against such attacks.
When edge ports receive configuration BPDUs on a device with BPDU guard enabled, the device
performs the following tasks:
Shuts down these ports.
•
Figure 26, Device A connects to a third-party device that has a different spanning tree
104