Multiple Instance Spanning-Tree Operation
802.1s Multiple Spanning Tree Protocol (MSTP)
Figure 5-7. Example of BPDU Protection Enabled at the Network Edge
C a u t i o n
The following commands allow you to configure BPDU protection.
Syntax: [no] spanning-tree <port-list> bpdu-protection
Enables/disables the BPDU protection feature on a port
Syntax: [no] spanning-tree <port-list> bpdu-protection-timeout <timeout>
Configures the duration of time when protected ports receiving
unauthorized BPDUs will remain disabled. The default value of
zero sets an infinite timeout (that is, ports that are disabled by
bpdu-protection are not, by default, re-enabled automatically).
(Range: 0-65535 seconds; Default: 0)
Syntax: [no] spanning-tree trap errant-bpdu
Enables/disables the sending of errant BPDU traps.
This command should only be used to guard edge ports that are not expected
to participate in STP operations. Once BPDU protection is enabled, it will
disable the port as soon as any BPDU packet is received on that interface.
Example. To configure BPDU protection on ports 1 to 10 with SNMP traps
ProCurve(config)# spanning-tree 1-10 bpdu protection
ProCurve(config)# spanning-tree trap errant-bpdu
Event Log: port X is disable by STP
Fake STP BPDU