Configuring MSTP 203
low-speed link and congestion will occur on the network. The root protection
function is used against such problem.
The root port and other blocked ports maintain their state according to the BPDUs
sent by an uplink switch. Once the link is blocked or has trouble, the ports cannot
receive BPDUs and the switch will select a root port again. In this case, the former
root port will turn into a specified port and the former blocked ports will enter the
forwarding state and a link loop will be created.
The security functions can control the generation of loop. After it is enabled, the
root port cannot be changed, the blocked port will remain in the discarding state
and will not forward packets.
You can use the following command to configure the security functions of the
switch.
Perform the following configuration in corresponding configuration modes.
After configured with BPDU protection, the switch will disable the edge port
through MSTP, which receives a BPDU, and notifies the network manager at the
same time. These ports can be resumed by the network manager only.
The port configured with root protection only plays the role of designated port on
every instance. Whenever such a port receives a higher-priority BPDU, that is, it is
about to turn into non-designated port, it will be set to listening state and will not
forward packets any more (as if the link to the port is disconnected). If the port has
not received any higher-priority BPDU for a certain period of time thereafter, it will
resume the normal state.
When you configure a port, only one configuration at a time can be effective
among loop protection, root protection, and edge port configuration.
By default, the switch does not enable BPDU protection, root protection, or edge
port protection.
Table 212 Configure the Switch Security Function
Operation Command
Configure switch BPDU protection (from
system view)
stp bpdu-protection
Restore the disabled BPDU protection state as
defaulted (from system view)
undo stp bpdu-protection
Configure switch Root protection (from
system view)
stp interface interface-list
root-protection
Restore the disabled Root protection state as
defaulted (from system view)
undo stp interface interface-list
root-protection
Configure switch Root protection (from
Ethernet port view)
stp root-protection
Restore the disabled Root protection state as
defaulted (from Ethernet port view)
undo stp root-protection
Configure switch loop protection function
(from Ethernet port view)
stp loop-protection
Restore the disabled loop protection state, as
defaulted (from Ethernet port view)
stp loop-protection