3Com 10014298 manual Configure the Switch Security Function

Configuring MSTP 203

low-speed link and congestion will occur on the network. The root protection function is used against such problem.

The root port and other blocked ports maintain their state according to the BPDUs sent by an uplink switch. Once the link is blocked or has trouble, the ports cannot receive BPDUs and the switch will select a root port again. In this case, the former root port will turn into a specified port and the former blocked ports will enter the forwarding state and a link loop will be created.

The security functions can control the generation of loop. After it is enabled, the root port cannot be changed, the blocked port will remain in the discarding state and will not forward packets.

You can use the following command to configure the security functions of the switch.

Perform the following configuration in corresponding configuration modes.

Table 212 Configure the Switch Security Function

After configured with BPDU protection, the switch will disable the edge port through MSTP, which receives a BPDU, and notifies the network manager at the same time. These ports can be resumed by the network manager only.

The port configured with root protection only plays the role of designated port on every instance. Whenever such a port receives a higher-priority BPDU, that is, it is about to turn into non-designated port, it will be set to listening state and will not forward packets any more (as if the link to the port is disconnected). If the port has not received any higher-priority BPDU for a certain period of time thereafter, it will resume the normal state.

When you configure a port, only one configuration at a time can be effective among loop protection, root protection, and edge port configuration.

By default, the switch does not enable BPDU protection, root protection, or edge port protection.