RSTP Configuration 555
causes the network topology to reconfigure and may cause links to switch state. In
normal cases, these ports will not receive STP BPDU. If someone forges a BPDU to
attack the Switch, the network topology to reconfigure. BPDU protection function is
used against such network attack.
In case of configuration error or malicious attack, the primary root may receive the
BPDU with a higher priority and then lose its place, which causes network topology
change errors. Due to the erroneous change, the traffic supposed to travel over the
high-speed link may be pulled to the low-speed link and congestion will occur on the
network. Root protection function is used against such problem.
The root port and other blocked ports maintain their state according to the BPDUs
sent by the uplink Switch. Once the link is blocked or encountering a faulty condition,
the ports cannot receive BPDUs and the Switch will select the root port again. In this
case, the former root port will turn into a BPDU specified port and the former blocked
ports will enter into a forwarding state, as a result, a link loop will be generated.
The security functions can control the generation of loops. After it is enabled, the root
port cannot be changed, the blocked port will remain in “Discarding” state and will
not forward packets, thus avoiding link loops.
You can use the following command to configure the security functions of the
Switch.
Perform the following configuration in corresponding views.
Table613 Configure the Switch Security Function
After being configured with BPDU protection, the Switch will disable the edge port
through RSTP, which receives a BPDU, and notify the network manager at the same
time. Only the network manager can resume these ports.
The port configured with Root protection only plays a role of a designated port.
Whenever such a port receives a higher-priority BPDU when it is about to turn into a
non-designated port, it will be set to a listening state and not forward packets any
more (as if the link to the port is disconnected). If the port has not received any
higher-priority BPDU for a certain period of time thereafter, it will resume to the
normal state.
When you configure a port, only one configuration at a time can be effective among
loop protection, root protection, and edge port configuration.
By default, the Switch does not enable loop protection, BPDU protection or Root
protection.
Operation Command
Configure Switch BPDU protection (from System View) stp bpdu-protection
Restore the disabled BPDU protection state, as defaulted,
(from System View).
undo stp bpdu-protection
Configure Switch Root protection (from Ethernet Port View) stp root-protection
Restore the disabled Root protection state, as defaulted,
(from Ethernet Port View)
undo stp root-protection
Configure Switch loop protection function (from Ethernet
Port View)
stp loop-protection
Restore the disabled loop protection state, as defaulted
(from Ethernet Port View)
undo stp loop-protection