Table of Contents
Advertisement
254
C
10: RSTP C
HAPTER
Configure the Switch
Security Function
ONFIGURATION
Switch running RSTP is still working in STP-compatible mode. You can use the
following command to manually configure the port to work in RSTP mode. This
command can only be issued if the bridge runs RSTP in RSTP mode and has no
effect in the STP-compatible mode.
You can use the following command to configure mCheck of a specified port.
Perform the following configuration in Ethernet Port View or System View.
Table 281 Set mCheck of the Specified Port
Operation
Set mCheck of the specified port
This command can be used when the bridge runs RSTP in RSTP mode, but it
cannot be used when the bridge runs RSTP in STP-compatible mode.
An RSTP Switch provides BPDU protection and root protection functions.
It looks like 'flapping' refers to Spanning Tree reconfiguring it's topology, which
may cause links to switch state.
For an access device, the access port is generally directly connected to the user
terminal, for example, a PC or a file server, and the access port is set to edgeport
to implement fast transition. When such a port receives a BPDU packet, the system
will automatically set it as a non-edge port and recalculate the spanning tree,
which causes the network topology to reconfigure and may cause links to switch
state. In normal cases, these ports will not receive STP BPDU. If someone forges a
BPDU to attack the Switch, the network topology to reconfigure. BPDU protection
function is used against such network attack.
In case of configuration error or malicious attack, the primary root may receive the
BPDU with a higher priority and then lose its place, which causes network
topology change errors. Due to the erroneous change, the traffic supposed to
travel over the high-speed link may be pulled to the low-speed link and congestion
will occur on the network. Root protection function is used against such problem.
The root port and other blocked ports maintain their state according to the BPDUs
sent by the uplink Switch. Once the link is blocked or encountering a faulty
condition, the ports cannot receive BPDUs and the Switch will select the root port
again. In this case, the former root port will turn into a BPDU specified port and
the former blocked ports will enter into a forwarding state, as a result, a link loop
will be generated.
The security functions can control the generation of loops. After it is enabled, the
root port cannot be changed, the blocked port will remain in "Discarding" state
and will not forward packets, thus avoiding link loops.
You can use the following command to configure the security functions of the
Switch.
Perform the following configuration in corresponding views.
Command
stp mcheck
- Quick Links:
- Configuration Guide
Hide quick links:
Advertisement
Table of Contents
