Stp Security; Port Protect - TP-Link TL-SG2452 User Manual

48-port gigabit smart switch with 4 sfp slots

Hide thumbs Also See for TL-SG2452:

User manual (183 pages)

Reference manual (182 pages)

Configuration manual (771 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

page of 131

/ 131
Contents
Table of Contents
Bookmarks

Table of Contents

Global configuration Procedure for Spanning Tree function:

Step Operation

Make clear roles the switches

play

spanning

instances:

root

designated bridge

Globally

configure

parameters

Configure MSTP parameters

for ports

Configure the MST region

Configure MSTP parameters

for instance ports

7.4 STP Security

Configuring protection function for devices can prevent devices from any malicious attack against

STP features. The STP Security function can be implemented on Port Protect and TC Protect

pages.

Port Protect function is to prevent the devices from any malicious attack against STP features.

7.4.1 Port Protect

On this page you can configure loop protect feature, root protect feature, TC protect feature,

BPDU protect feature and BPDU filter feature for ports. You are suggested to enable

corresponding protection feature for the qualified ports.

Loop Protect



In a stable network, a switch maintains the states of ports by receiving and processing BPDU

packets from the upstream switch. However, when link congestions or link failures occurred to the

network, a down stream switch does not receive BPDU packets for certain period, which results in

spanning trees being regenerated and roles of ports being reselected, and causes the blocked

ports to transit to forwarding state. Therefore, loops may be incurred in the network.

The loop protect function can suppresses loops. With this function enabled, a port, regardless of

the role it plays in instances, is always set to blocking state, when the port does not receive BPDU

packets from the upstream switch and spanning trees are regenerated, and thereby loops can be

prevented.

Root Protect



A CIST and its secondary root bridges are usually located in the high-bandwidth core region.

Wrong configuration or malicious attacks may result in configuration BPDU packets with higher

priorities being received by the legal root bridge, which causes the current legal root bridge to lose

its position and network topology jitter to occur. In this case, flows that should travel along

Description

Preparation.

tree

bridge

MSTP

Required. Enable Spanning Tree function on the switch

and

configure

Tree→STP Config→STP Config page.

Required. Configure MSTP parameters for ports on

Spanning Tree→Port Config→Port Config page.

Required. Create MST region and configure the role the

switch plays in the MST region on Spanning

Tree→MSTP Instance→Region Config and Instance

Config page.

Optional. Configure different instances in the MST region

and configure MSTP parameters for instance ports on

Spanning

Config page.

MSTP

parameters

Tree→MSTP

Instance→Instance

Spanning

Port

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Stp Security; Port Protect - TP-Link TL-SG2452 User Manual

7.4 STP Security

7.4.1 Port Protect

Hide quick links:

Related Manuals for TP-Link TL-SG2452

Related Content for TP-Link TL-SG2452

Table of Contents