Spanning Tree Commands 469
Example
console#spanning-tree bpdu flooding
spanning-tree bpdu-protection
Use the spanning-tree bpdu-protection command in Global Configuration mode to enable
BPDU protection on a switch. Use the no form of this command to resume the default status of
BPDU protection function.
For an access layer device, the access port is generally connected to the user terminal (such as a
desktop computer) or file server directly and configured as an edge port to implement the fast
transition. When the port receives a BPDU packet, the system sets it to non-edge port and
recalculates the spanning tree, which causes network topology flapping. In normal cases, these
ports do not receive any BPDU packets. However, someone may forge BPDU to maliciously
attack the switch and cause network flapping.
RSTP provides BPDU protection function against such attack. After BPDU protection function
is enabled on a switch, the system disables an edge port that has received BPDU and notifies the
network manager about it. The disabled port can only be enabled by the no version of the
command.
Syntax
spanning-tree bpdu-protection
no spanning-tree bpdu-protection
Default Configuration
BPDU protection is not enabled.
Command Mode
Global Configuration mode
User Guidelines
This command has no user guidelines.
Example
The following example enables BPDU protection.
console(config)#spanning-tree bpdu-protection
To Next Page
Loading...
