Configuration Guide 206
Configuring Spanning Tree Spanning Tree
If the switch cannot receive BPDUs because of link congestions or link failures, the root
port will become a designated port and the alternate port will transit to forwarding status,
so loops will occur.
With Loop Protect function enabled, the port will temporarily transit to blocking state when
the port does not receive BPDUs. After the link restores to normal, the port will transit to its
normal state, so loops can be prevented.
»
Root Protect
Root Protect function is used to ensure that the desired root bridge will not lose its
position. It is recommended to enable this function on the designated ports of the root
bridge.
Generally, the root bridge will lose its position once receiving higher-priority BPDUs
caused by wrong configurations or malicious attacks. In this case, the spanning tree will
be regenerated, and traffic needed to be forwarded along high-speed links may be lead to
low-speed links.
With root protect function enabled, when the port receives higher-priority BDPUs, it will
temporarily transit to blocking state. After two times of forward delay, if the port does not
receive any higher-priority BDPUs, it will transit to its normal state.
»
BPDU Protect
BPDU Protect function is used to prevent the port from receiving BPUDs. It is
recommended to enable this function on edge ports.
Normally edge ports do not receive BPDUs, but if a user maliciously attacks the switch by
sending BPDUs, the system automatically configures these ports as non-edge ports and
regenerates the spanning tree.
With BPDU protect function enabled, the edge port will be shutdown when it receives
BPDUs, and reports these cases to the administrator. Only the administrator can restore it.
»
BPDU Filter
BPDU filter function is to prevent BPDU flooding in the network. It is recommended to
enable this function on edge ports.
If a switch receives malicious BPDUs, it forwards these BPDUs to the other switches in the
network, and the spanning tree will be continuously regenerated. In this case, the switch
occupies too much CPU or the protocol status of BPDUs is wrong.
With BPDU filter function enabled, the port does not receive or forward BPDUs, but it sends
out its own BPDUs, preventing the switch from being attacked by BPDUs.
»
TC Protect
TC Protect function is used to prevent the switch from frequently removing MAC address
entries. It is recommended to enable this function on the ports of non-root switches.
To Next Page
Loading...
