3-28
Multiple Instance Spanning-Tree Operation
Configuring MSTP
Configuring BPDU Filtering
The STP BPDU filter feature allows control of spanning-tree participation on
a per-port basis. It can be used to exclude specific ports from becoming part
of spanning tree operations. A port with the BPDU filter enabled will ignore
incoming BPDU packets and stay locked in the spanning-tree forwarding
state. All other ports will maintain their role.
Here are some sample scenarios in which this feature may be used:
■ To have STP operations running on selected ports of the switch rather
than every port of the switch at a time.
■ To prevent the spread of errant BPDU frames.
■ To eliminate the need for a topology change when a port's link status
changes. For example, ports that connect to servers and workstations
can be configured to remain outside of spanning-tree operations.
■ To protect the network from denial of service attacks that use
spoofing BPDUs by dropping incoming BPDU frames. For this
scenario, BPDU protection offers a more secure alternative, imple-
menting port shut down and a detection alert when errant BPDU
frames are received (see page 3-30 for details).
Caution Ports configured with the BPDU filter mode remain active (learning and
forward frames); however, spanning-tree cannot receive or transmit BPDUs
on the port. The port remains in a forwarding state, permitting all broadcast
traffic. This can create a network storm if there are any loops (that is, trunks
or redundant links) using these ports. If you suddenly have a high load,
disconnect the link and disable the bpdu-filter (using the no command).
Command Syntax and Example. The following command is used to
configure BPDU filters.
Syntax: spanning-tree < port-list > tcn-guard
When tcn-guard is enabled for a port, it causes the port to
stop propagating received topology change notifications
and topology changes to other ports.
(Default: No - disabled)
Syntax: [no] spanning-tree <port-list | all> bpdu-filter
Enables/disables the BPDU filter feature on the specified port(s).
The bpdu-filter option forces a port to always stay in the
forwarding state and be excluded from standard STP operation.
To Next Page
Loading...
