Filter
Top Products
1-34
To do... Use the command... Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Perform the mCheck operation
stp mcheck
Required
Configuration Example
# Perform the mCheck operation on Ethernet 1/0/1.
1) Perform this configuration in system view
<Sysname> system-view
[Sysname] stp interface Ethernet 1/0/1 mcheck
2) Perform this configuration in Ethernet port view
<Sysname> system-view
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] stp mcheck
Configuring Guard Functions
The following guard functions are available on an MSTP-enabled switch: BPDU guard, root guard, loop
guard, and TC-BPDU attack guard.
Configuring BPDU Guard
Normally, the access ports of the devices operating on the access layer are directly connected to
terminals (such as PCs) or file servers. These ports are usually configured as edge ports to achieve
rapid transition. But they resume non-edge ports automatically upon receiving configuration BPDUs,
which causes spanning tree recalculation and network topology jitter.
Normally, no configuration BPDU will reach edge ports. But malicious users can attack a network by
sending configuration BPDUs deliberately to edge ports to cause network jitter. You can prevent this
type of attacks by utilizing the BPDU guard function. With this function enabled on a switch, the switch
shuts down the edge ports that receive configuration BPDUs and then reports these cases to the
administrator. Ports shut down in this way can only be restored by the administrator.
You are recommended to enable BPDU guard for devices with edge ports configured.
Configuration Prerequisites
MSTP runs normally on the switch.
Configuration procedure
Follow these steps to configure BPDU guard: