HP 6120XG HP ProCurve Series 6120 Blade Switches Advanced Traffic Management G - Page 138
Configuring BPDU Filtering, Caution
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 138 highlights
Multiple Instance Spanning-Tree Operation Configuring MSTP Syntax: spanning-tree < port-list > tcn-guard When tcn-guard is enabled for a port, it causes the port to stop propagating received topology change notifications and topology changes to other ports. (Default: No - disabled) Configuring BPDU Filtering The STP BPDU filter feature allows control of spanning-tree participation on a per-port basis. It can be used to exclude specific ports from becoming part of spanning tree operations. A port with the BPDU filter enabled will ignore incoming BPDU packets and stay locked in the spanning-tree forwarding state. All other ports will maintain their role. Here are some sample scenarios in which this feature may be used: ■ To have STP operations running on selected ports of the switch rather than every port of the switch at a time. ■ To prevent the spread of errant BPDU frames. ■ To eliminate the need for a topology change when a port's link status changes. For example, ports that connect to servers and workstations can be configured to remain outside of spanning-tree operations. ■ To protect the network from denial of service attacks that use spoofing BPDUs by dropping incoming BPDU frames. For this scenario, BPDU protection offers a more secure alternative, implementing port shut down and a detection alert when errant BPDU frames are received (see page 4-32 for details). Caution Ports configured with the BPDU filter mode remain active (learning and forward frames); however, spanning-tree cannot receive or transmit BPDUs on the port. The port remains in a forwarding state, permitting all broadcast traffic. This can create a network storm if there are any loops (that is, trunks or redundant links) using these ports. If you suddenly have a high load, disconnect the link and disable the bpdu-filter (using the no command). Command Syntax and Example. The following command is used to configure BPDU filters. Syntax: [no] spanning-tree bpdu-filter Enables/disables the BPDU filter feature on the specified port(s). The bpdu-filter option forces a port to always stay in the forwarding state and be excluded from standard STP operation. 4-30