Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring BPDU Protection on the Switch
Context
Edge ports are directly connected to user terminals and will not receive BPDUs. If a switch is attacked by bogus BPDUs, edge ports will receive these BPDUs. The switch then sets the edge ports as non-edge ports and recalculates the spanning tree, resulting in network flapping.
BPDU protection can be used to protect the switch against malicious attacks. After BPDU protection is enabled on the switch, the switch shuts down an edge port if the edge port receives a BPDU.
Perform the following operations on the switch configured with an edge port.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
stp bpdu-protectionBPDU protection is enabled on the switch.
By default, BPDU protection is disabled on the switch.
Follow-up Procedure
To configure a shutdown edge port to go Up
automatically, run the error-down auto-recovery cause bpdu-protection interval interval-value command in the system view to configure the automatic recovery function
and set the recovery delay. After the delay expires, the port automatically
goes Up. Note the following when setting interval interval-value:
- A smaller value indicates a shorter delay for the port to go Up automatically and a higher frequency at which the port alternates between Up and Down states.
- A larger value indicates a longer delay for the port to go Up automatically and longer traffic interruption.