3Com 10014298 - page 202

202 CHAPTER 8: STP OPERATION

configure a port not physically connected with the point-to-point link, rather,

connected to such a link by force.

By default, the parameter is configured as auto.

Configuring the mCheck

Variable of a Port The port of an MSTP switch operates in either STP-compatible or MSTP mode.

If a port of an MSTP switch on a switching network is connected to an STP switch,

the port will automatically transition to operate in STP-compatible mode. The port

stays in STP-compatible mode and cannot automatically transition back to MSTP

mode when the STP switch is removed. In this case, you can perform an mCheck

operation to transit the port to MSTP mode by force.

You can use the following measures to perform mCheck operation on a port.

Configuring in system view

Perform the following configuration in system view.

Configuring in Ethernet port view

Perform the following configuration in Ethernet port view.

For more about the commands, see the Switch 7750 Command Reference Guide.

The command can be used only if the switch runs MSTP. The command does not

make any sense when the switch runs in STP-compatible mode.

Configuring the Switch

Security Function An MSTP switch provides BPDU protection, Root protection, and loop-protection

functions.

For an access device, the access port is, mainly, directly connected to the user

terminal or a file server, and the access port is set to edge port to implement fast

transition. When such a port receives a BPDU packet, the system will automatically

set it as a non-edge port and recalculate the spanning tree, which causes the

network topology flapping. Normally, these ports will not receive STP BPDU. If

someone forges BPDU to attack the switch, the network will flap. BPDU protection

function is used against such network attacks.

The primary and secondary root switches of the spanning tree, especially those of

ICST, must be located in the same region. This is because the primary and

secondary roots of CIST are generally placed in the core region with a high

bandwidth in network design. In case of configuration error or malicious attack,

the legal primary root may receive the BPDU with a higher priority and then lose its

place, which causes network topology change errors. Due to the illegal change,

the traffic that is supposed to travel over the high-speed link may be pulled to the

Tabl e 210 Configure the mCheck Variable of a Port

Operation Command

Perform mCheck operation on a port. stp interface interface-list

mcheck

Tabl e 211 Configure the mCheck Variable of a Port

Operation Command

Perform mCheck operation on a port. stp mcheck