No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring BPDU Protection on a Switching Device

Configuring BPDU Protection on a Switching Device

After Bridge Protocol Data Unit (BPDU) protection is enabled on a switching device, the switching device shuts down an edge port if the edge port receives a BPDU, and notifies the NMS of the shutdown event.

Context

Edge ports are directly connected to user terminals and normally, the edge ports will not receive Bridge Protocol Data Units (BPDUs). Some attackers may send pseudo BPDUs to attach the switching device. If the edge ports receive the BPDUs, the switching device automatically sets the edge ports as non-edge ports and triggers new spanning tree calculation. Network flapping then occurs. BPDU protection can be used to protect switching devices against network attacks.

NOTE:

Do as follows on a switching device having an edge port:

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run stp process process-id

    The MSTP process view is displayed.

    NOTE:

    This step is needed only when you perform configurations in an MSTP process with a non-zero ID. If you perform configurations in the MSTP process 0, skip is step.

  3. Run stp bpdu-protection

    BPDU protection is enabled on the switching device.

  4. Run commit

    The configuration is committed.

Follow-up Procedure

To allow an edge port to automatically start after being shut down, you can run the error-down auto-recovery cause cause-item interval interval-value command to configure the auto recovery function and set the delay on the port. After the delay expires, the port automatically goes Up. interval interval-value ranges from 30 to 86400, in seconds. Note the following when setting this parameter:
  • There is no default value for the recovery time. Therefore, you must specify a delay when configuring this command.
  • The smaller the interval-value is, the shorter it takes for the edge port to go Up, and the more frequently the edge port alternates between Up and Down.
  • The larger the interval-value is, the longer it takes for the edge port to go Up, and the longer the service interruption lasts.
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055378

Views: 18885

Downloads: 35

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next