Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring BPDU Protection on a Switch
Context
Edge ports are directly connected to user terminal and will not receive BPDUs. Attackers may send pseudo BPDUs to attack the switch. If the edge ports receive the BPDUs, the switch configures the edge ports as non-edge ports and triggers a new spanning tree calculation. Network flapping then occurs. BPDU protection can be used to protect switches against malicious attacks.
Perform the following procedure on all switches that have edge ports.
Procedure
- Run:
system-viewThe system view is displayed.
- (Optional) Run:
stp process process-id
The MSTP process view is displayed.
Skip this step if you perform configurations in the MSTP process 0.
- Run:
stp bpdu-protectionBPDU protection is enabled on the switch.
By default, BPDU protection is not enabled on the switch.
Follow-up Procedure
If you want an edge port to
automatically recover from the error-down state, run the error-down
auto-recovery cause bpdu-protection interval interval-value command in the system view to configure the auto recovery function
and set a recovery delay on the port. Then a port in error-down state
can automatically go Up after the recovery delay. Note the following
when setting the recovery delay:
- The auto recovery function is disabled by default and does not have a default value for the recovery delay. When you enable the auto recovery function, you must set a recovery delay.
- A smaller interval-value indicates a shorter time before an edge port goes Up, and a higher frequency of Up/Down state transitions on the port.
- A larger interval-value indicates a longer time before an edge port goes Up, and a longer service interruption time.
- The auto recovery function takes effect only for the interfaces that transition to the error-down state after the error-down auto-recovery command is executed.