17.2.2 Understanding BPDU Guard
The BPDU guard may be global enabled or execute enabled for single interface. There are
some slightly difference between these two ways.
You can use the spanning-tree portfast bpduguard default command to enable the global
BPDU guard enabled status in the privileged mode. In this status, if some interface opens
the Port Fast and receives the BPDU, this port will enter the Error-disabled status to indicate
the configuration error. At the same time, the whole port will be closed to show that some
illegal users may add network devices in the network, which change the network topology.
You can also use the spanning-tree bpduguard enable command to open the BPDU guard
of single interface in the interface configuration mode (it is not related to whether this port
opens the Port Fast). Under this situation, it will enter the error-disabled status if this
interface receives the BPDU.
17.2.3 Understanding BPDU Filter
The BPDU filter may be global enabled or enabled for single interface. There are some
slightly difference between these two ways.
You can use the spanning-tree portfast bpdufilter default command to open the global
BPDU filter enabled status in the privileged mode. In this status, the interface of the Port
Fast enabled will not receive or transmit the BPDU, so the host that is connected with the
Port Fast enabled ports directly will not receive the BPDU. If the interface of the Port Fast
enabled makes the Port Fast operational status be disabled for it receives the BPDU, the
BPDU filter will be failed automatically.
You can also use the spanning-tree bpdufilter enable command to set the BPDU filter
enable of single interface in the interface configuration mode (it is not related to whether this
port opens the Port Fast). Under this situation, this interface will not receive or transmit the
BPDU, but execute the forwarding directly.
17.2.4 Understanding Tc-protection
Tc-protection can only be enabled or disabled globally. It is enabled by default.
When the corresponding function is enabled, only one delete operation is performed within a
certain period of time (usually 4 seconds) following reception of TC-BPDU packet. At the
same time, whether the TC-BPDU packets is received during this period of time is monitored.
If TC-BPDU packets are received within this period of time, the device will perform one
delete operation again when this period of time expires. This eliminates the need of
frequently deleting MAC address entries and ARP entries.
To Next Page
Loading...
Need help?
General