3com 8807 Reference Guide

C

HAPTER

 13: MSTP C

ONFIGURATION

 C

OMMANDS

System view

None

Use the stp bpdu-protection command to enable the BPDU protection on the 
switch. Use the undo stp bpdu-protection command to restore the default state 
of BPDU protection.

By default, BPDU protection is disabled.

Generally, the access ports of the access layer devices are directly connected to 
user terminals (such as PC) or file servers. In this case, the access ports are set to 
edge ports to implement fast state transition. However, when such access ports 
receive configuration BPDU, the system will automatically set them to non-edge 
ports and recalculate the spanning tree, which makes the network topology flap. 
These ports will not receive any STP configuration BPDU in normal cases. Anyway, 
if someone maliciously attacks the switch with fake configuration BPDU, the 
network will flap.

MSTP provides BPDU protection function to avoid such attack: After configured 
with BPDU protection, the switch will disable the edge port through MSTP, which 
receives a BPDU, and notify the network manager at same time. These ports can 
be resumed by the network manager only.

# Enable BPDU protection on the switch.

<SW8800>system-view

 

System View: return to User View with Ctrl+Z

 

[SW8800] stp bpdu-protection 

stp bridge-diameter bridgenum

System view

bridgenum: Ranges from 2 to 7 and defaults to 7.