When the switch is used as an access layer device, most ports function as edge
ports that connect to a device such as a desktop computer or file server. The
port has a single, direct connection and is configured as an edge port to
implement the fast transition to a forwarding state. When the port receives a
BPDU packet, the system sets it to non-edge port and recalculates the
spanning tree, which causes network topology flapping. In normal cases, these
ports do not receive any BPDU packets. However, someone may forge BPDU
to maliciously attack the switch and cause network flapping.
BPDU protection can be enabled in RSTP to prevent such attacks. When
BPDU protection is enabled, the switch disables an edge port that has
received BPDU and notifies the network manager about it.
Configuring the Spanning Tree Protocol