Configuring Protection Functions; Configuration Prerequisites; Enabling Bpdu Guard; Enabling Root Guard - 3Com MSR 50 Series Configuration Manual

3com msr 30-16: software guide

Hide thumbs Also See for MSR 50 Series:

Safety information manual (12 pages)

Table of Contents

Protection Functions

Configuration

prerequisites

Configuration procedure

# Enable No Agreement Check on Ethernet 1/0 of Device A.

<DeviceA > system-view

[DeviceA] interface ethernet 1/0

[DeviceA-Ethernet1/0] stp no-agreement-check

An MSTP-compliant device supports the following protection functions:

TC-BPDU attack guard

Among loop guard, root guard and edge port setting, only one function can take

effect on the same port at the same time.

MSTP has been correctly configured on the device.

We recommend that you enable BPDU guard on your device.

For access layer devices, the access ports generally connect directly with user

terminals (such as PCs) or file servers. In this case, the access ports are configured

as edge ports to allow rapid transition of these ports. When these ports receive

configuration BPDUs, the system will automatically set these ports as non-edge

ports and starts a new spanning tree computing process. This will cause network

topology instability. Under normal conditions, these ports should not receive

configuration BPDUs. However, if someone forges configuration BPDUs

maliciously to attack the devices, network instability will occur.

MSTP provides the BPDU guard function to protect the system against such

attacks. With the BPDU guard function enabled on the devices, when edge ports

receive configuration BPDUs, MSTP will close these ports and notify the NMS that

these ports have been closed by MSTP. Those ports closed thereby can be restored

only by the network administers.

Following these steps to enable BPDU guard:

Enter system view

Enable the BPDU guard

function for the device

We recommend that you enable root guard on your device.