202CHAPTER 8: STP OPERATION

configure a port not physically connected with the point-to-point link, rather, connected to such a link by force.

By default, the parameter is configured as auto.

Configuring the mCheck The port of an MSTP switch operates in either STP-compatible or MSTP mode.

Variable of a Port

If a port of an MSTP switch on a switching network is connected to an STP switch, the port will automatically transition to operate in STP-compatible mode. The port stays in STP-compatible mode and cannot automatically transition back to MSTP mode when the STP switch is removed. In this case, you can perform an mCheck operation to transit the port to MSTP mode by force.

You can use the following measures to perform mCheck operation on a port.

Configuring in system view

Perform the following configuration in system view.

Table 210 Configure the mCheck Variable of a Port

Operation

Command

 

 

Perform mCheck operation on a port.

stp interface interface-list

 

mcheck

 

 

Configuring in Ethernet port view

Perform the following configuration in Ethernet port view.

Table 211 Configure the mCheck Variable of a Port

 

Operation

Command

 

 

 

 

Perform mCheck operation on a port.

stp mcheck

 

 

 

For more about the commands, see the Switch 7750 Command Reference Guide.

 

The command can be used only if the switch runs MSTP. The command does not

 

make any sense when the switch runs in STP-compatible mode.

Configuring the Switch

An MSTP switch provides BPDU protection, Root protection, and loop-protection

Security Function

functions.

 

For an access device, the access port is, mainly, directly connected to the user terminal or a file server, and the access port is set to edge port to implement fast transition. When such a port receives a BPDU packet, the system will automatically set it as a non-edge port and recalculate the spanning tree, which causes the network topology flapping. Normally, these ports will not receive STP BPDU. If someone forges BPDU to attack the switch, the network will flap. BPDU protection function is used against such network attacks.

The primary and secondary root switches of the spanning tree, especially those of ICST, must be located in the same region. This is because the primary and secondary roots of CIST are generally placed in the core region with a high bandwidth in network design. In case of configuration error or malicious attack, the legal primary root may receive the BPDU with a higher priority and then lose its place, which causes network topology change errors. Due to the illegal change, the traffic that is supposed to travel over the high-speed link may be pulled to the

Page 202
Image 202
3Com 10014298 manual Security Function, Configure the mCheck Variable of a Port, Mcheck, Stp mcheck