202 CHAPTER 8: STP OPERATION
configure a port not physically connected with the point-to-point link, rather,
connected to such a link by force.
By default, the parameter is configured as auto.
Configuring the mCheck
Variable of a Port
The port of an MSTP switch operates in either STP-compatible or MSTP mode.
If a port of an MSTP switch on a switching network is connected to an STP switch,
the port will automatically transition to operate in STP-compatible mode. The port
stays in STP-compatible mode and cannot automatically transition back to MSTP
mode when the STP switch is removed. In this case, you can perform an mCheck
operation to transit the port to MSTP mode by force.
You can use the following measures to perform mCheck operation on a port.
Configuring in system view
Perform the following configuration in system view.
Configuring in Ethernet port view
Perform the following configuration in Ethernet port view.
For more about the commands, see the Switch 7750 Command Reference Guide.
The command can be used only if the switch runs MSTP. The command does not
make any sense when the switch runs in STP-compatible mode.
Configuring the Switch
Security Function
An MSTP switch provides BPDU protection, Root protection, and loop-protection
functions.
For an access device, the access port is, mainly, directly connected to the user
terminal or a file server, and the access port is set to edge port to implement fast
transition. When such a port receives a BPDU packet, the system will automatically
set it as a non-edge port and recalculate the spanning tree, which causes the
network topology flapping. Normally, these ports will not receive STP BPDU. If
someone forges BPDU to attack the switch, the network will flap. BPDU protection
function is used against such network attacks.
The primary and secondary root switches of the spanning tree, especially those of
ICST, must be located in the same region. This is because the primary and
secondary roots of CIST are generally placed in the core region with a high
bandwidth in network design. In case of configuration error or malicious attack,
the legal primary root may receive the BPDU with a higher priority and then lose its
place, which causes network topology change errors. Due to the illegal change,
the traffic that is supposed to travel over the high-speed link may be pulled to the
Table 210 Configure the mCheck Variable of a Port
Operation Command
Perform mCheck operation on a port. stp interface interface-list
mcheck
Table 211 Configure the mCheck Variable of a Port
Operation Command
Perform mCheck operation on a port. stp mcheck