Configuring Bpdu Guard - H3C S12500X-AF Series Configuration Manual

Layer 2-lan switching

Hide thumbs Also See for S12500X-AF Series:

Installation manual (136 pages)

Hardware reference manual (65 pages)

Quick start manual (42 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

page of 224

/ 224
Contents
Table of Contents
Bookmarks

Table of Contents

•

TC-BPDU transmission restriction

•

TC-BPDU guard

•

BPDU drop

•

PVST BPDU guard

Configuring BPDU guard

For access layer devices, the access ports can directly connect to the user terminals (such as PCs)

or file servers. The access ports are configured as edge ports to allow rapid transition. When these

ports receive configuration BPDUs, the system automatically sets the ports as non-edge ports and

starts a new spanning tree calculation process. This causes a change of network topology. Under

normal conditions, these ports should not receive configuration BPDUs. However, if someone uses

configuration BPDUs maliciously to attack the devices, the network will become unstable.

The spanning tree protocol provides the BPDU guard feature to protect the system against such

attacks. When edge ports receive configuration BPDUs on a device with BPDU guard enabled, the

device performs the following operations:

•

Shuts down these ports.

•

Notifies the NMS that these ports have been shut down by the spanning tree protocol.

The device reactivates the shutdown ports after a detection interval. For more information about this

detection interval, see Fundamentals Configuration Guide.

You can configure the BPDU guard feature globally or on a per-edge port basis.

BPDU guard does not take effect on loopback-testing-enabled ports. For more information about

loopback testing, see Interface Configuration Guide.

Enabling BPDU guard globally

The global BPDU guard setting takes effect on all edge ports that are not configured by using the stp

port bpdu-protection command.

To enable BPDU guard globally:

Step

Enter system view.

Enable BPDU guard globally.

Configuring BPDU guard on an interface

An edge port preferentially uses the port-specific BPDU guard setting. If the port-specific BPDU

guard setting is not available, the edge port uses the global BPDU guard setting.

To configure BPDU guard on an interface:

Step

Enter system view.

Enter

interface

aggregate interface view.

Configure BPDU guard.

Command

system-view

stp bpdu-protection

Command

system-view

Layer

Ethernet

interface

Layer

interface-number

stp

{ enable | disable }

interface-type

port

bpdu-protection

119

Remarks

N/A

By default, BPDU guard is globally

disabled.

Remarks

N/A

The

specified

interface

connect to a user terminal rather

than other device or shared LAN

segment.

By default, BPDU guard is not

configured on a per-edge port

basis. The status of BPDU guard on

an interface is the same as the

must

Table of Contents

Show Quick Links

Quick Links:
Splitting a 40-Ge Interface and Combining...

Hide quick links:

Table of Contents

This manual is also suitable for:

Lsxm1cgq6qghb1 Lsxm1cgq18qghb1 Lsxm1cgq18qghf1 Lsxm1cgq36hb1 Lsxm1tgs48c2hb1 Lsxm1qgs36hb1 ... Show all

Configuring Bpdu Guard - H3C S12500X-AF Series Configuration Manual

Configuring BPDU guard

Hide quick links:

Related Manuals for H3C S12500X-AF Series

Related Content for H3C S12500X-AF Series

This manual is also suitable for:

Table of Contents