Spanning-Tree Bpdu-Protection - Dell Networking 2024 Reference Manual

Hide thumbs Also See for Networking 2024:

Table of Contents

console#spanning-tree bpdu flooding

spanning-tree bpdu-protection

Use the spanning-tree bpdu-protection command in Global Configuration

mode to enable BPDU protection on a switch. Use the no form of this

command to resume the default status of BPDU protection function.

For an access layer device, the access port is generally connected to the user

terminal (such as a desktop computer) or file server directly and configured as

an edge port to implement the fast transition. When the port receives a

BPDU packet, the system sets it to non-edge port and recalculates the

spanning tree, which causes network topology flapping. In normal cases, these

ports do not receive any BPDU packets. However, someone may forge BPDU

to maliciously attack the switch and cause network flapping.

RSTP provides BPDU protection function against such attack. After BPDU

protection function is enabled on a switch, the system disables an edge port

that has received BPDU and notifies the network manager about it. The

disabled port can only be enabled by the no version of the command.

spanning-tree bpdu-protection

no spanning-tree bpdu-protection

Default Configuration

BPDU protection is not enabled.

Command Mode

Global Configuration mode

User Guidelines

This command has no user guidelines.

The following example enables BPDU protection.

console(config)#spanning-tree bpdu-protection

Spanning Tree Commands

Table of Contents