stp bpdu-protection

Usage Scenario

On a Layer 2 network running a spanning tree protocol, a port connected to terminals does not need to participate in spanning tree calculation. If the port participates in spanning tree calculation, the network convergence speed will be affected. In addition, status changes of the port may cause network flapping, interrupting user traffic. To address this problem, you can run the stp edged-port enable command to configure the port as an edge port. Then, the port will not participate in the spanning tree calculation. This speeds up network convergence and improves network stability.

An edge port will lose edge port attributes after receiving BPDUs. To prevent attackers from forging BPDUs to change edge ports to non-edge ports, you can run the stp bpdu-protection command to configure BPDU protection on a switching device.

Configuration Impact

After BPDU protection is enabled on a switching device, the switching device shuts down the edge port if the edge port receives a BPDU. The attributes of the edge port are not changed.

Precautions

After BPDU protection is enabled, a switching device sets an edge port to error down state if the edge port receives a BPDU and retains the port as an edge port. To configure the edge port in error-down state to automatically restore to the Up state, run the error-down auto-recovery cause bpdu-protection interval interval-value command in the system view.

By default, an interface cannot automatically restore to Up state after it is shut down. To restore the interface, run the shutdown and undo shutdown commands on the interface in sequence. Alternatively, run the restart command on the interface to restart the interface.

To configure the interface to go Up automatically, run the error-down auto-recovery cause bpdu-protection interval interval-value command in the system view to set a recovery delay. After the delay, the interface goes Up automatically.