Adding An S9300 To A Specified Mst Region - Huawei Quidway S9300 Configuration Manual

8 MSTP Configuration
BPDU Protection
On a switch, the port that is directly connected to the user terminal such as a PC or a file server
is configured as an edge port to ensure fast switch of the port status.
Generally, edge ports do not receive any BPDU. If an edge port receives forged BPDUs sent by
an attacker, the switch sets the edge port to a non-edge port and recalculates the spanning tree.
Thus, network flapping occurs.
MSTP provides BPDU protection to prevent such attacks. After the BPDU protection is enabled,
the switch disables the edge port and informs the network management system if the port receives
BPDUs. The edge port can only be manually resumed by the network administrator.
Root Protection
If the root switch on a network is incorrectly configured or attacked, it may receive a BPDU
with a higher priority. Thus, the root switch becomes a non-root switch, which causes changes
of the network topology. In this case, the traffic transmitted on a high-speed link is switched to
a low-speed link, which causes network congestion.
To prevent the preceding problem, the S9300 provides root protection. Through root protection,
the S9300 can retain the designated port to protect its position as the root switch. After root
protection is enabled on a port, the port retains the role of the designated port in all instances.
When the port receives a BPDU with a higher priority, the port stops forwarding packets and
turns to the listening state, but does not change into a non-root port. If the port does not receive
any BPDUs with higher priorities within a certain period, it is restored.
Loop Protection
A switch determines the root port and blocked ports according to the BPDUs received from the
upstream switch. If these ports cannot receive any BPDU from the upstream switch because of
link congestion or link failure, the switch selects a new root port. Then the previous root port
becomes a designated port and the blocked ports turn to the forwarding state. This may cause
network loops.
The S9300 provides loop protection to prevent network loops. After loop protection is enabled,
the root port is blocked if it does not receive any BPDU from the upstream switch. The blocked
ports are still blocked and cannot forward packets. Thus, network loops will not be generated.

8.3 Adding an S9300 to a Specified MST Region

This section describes how to add an S9300 to an MST region and configure the MST region.
8.3.1 Establishing the Configuration Task
8.3.2 Setting the Operation Mode of the S9300
8.3.3 Configuring the MST Region
8.3.4 Activating the Configuration of an MST Region
8.3.5 (Optional) Configuring an S9300 as a Root Switch or Secondary Root Switch
8.3.6 (Optional) Setting the Priority of an S9300 in a Specified MSTI
8.3.7 Enabling MSTP
8-8 Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Ethernet
Issue 03 (2009-08-20)