Configuring Root Protection on an Interface
Context
If a root bridge receives BPDUs with a higher priority than its own due to incorrect configurations or malicious attacks on the network, the legitimate root bridge will no longer be able to serve as the root bridge and the network topology will be changed, triggering spanning tree recalculation. This may also result in traffic that should be transmitted over high-speed links being transmitted over low-speed links, leading to congestion on the network. The root protection function on a switch prevents this from happening by preserving the role of the designated port in order to protect the root bridge.
Root protection takes effect only on designated ports.
Perform the following steps on the root bridge in an MST region.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The view of the Ethernet interface that participates in spanning tree calculation is displayed.
- (Optional) Run stp binding process process-id
The port is bound to an MSTP process.
Skip this step if the interface belongs to process 0.
- Run stp root-protection
Root protection is configured on the switching device.
By default, root protection is disabled.
- Run commit
The configuration is committed.