Filter
Top Products
Chapter 40: STP, RSTP and MSTP Protocols
572
RSTP and MSTP BPDU Guard
This feature monitors the RSTP or MSTP edge ports on the switch for
BPDU packets. Edge ports that receive BPDU packets are disabled by the
switch. The benefit of this feature is that it prevents the use of edge ports
by RSTP or MSTP devices. This reduces the possibility of unwanted
changes to a network topology.
Note
This section applies only to RSTP and MSTP.
When RSTP or MSTP detects a loop in a network topology, it performs a
process called convergence in which the spanning tree devices identify
the ports to be blocked to prevent the loop. The length of time the process
requires depends on a number of factors, including the number of devices
and ports in the domain. Long convergence processes can affect network
performance because areas of a network may be isolated while the
devices check for loops and enable or disable ports.
You can decrease the amount of time of the convergence process by
designating edge ports on the switches. These ports are connected to
devices that are at the edge of a network, such as workstations and
printers. The advantages of edge ports are that they typically do not
participate in the convergence process and that they immediately
transition to the forwarding state, skipping the intermediate listening and
learning states.
Edge ports, however, can leave a spanning tree domain vulnerable to
unwanted topology changes. This can happen if someone connects an
RSTP or MSTP device to an edge port, causing the other devices in the
domain to perform the convergence process to integrate the new device
into the spanning tree domain. If the new device assumes the role of root
bridge, the new topology might be undesirable. In the worst case scenario,
someone could use an edge port to introduce false BPDUs into a network
to deliberately initiate a change.
The BPDU guard feature lets you protect your network from unnecessary
convergences by preventing the use of edge ports by RSTP or MSTP
devices. When this feature is active on the switch, any edge port that
receives BPDU packets is automatically disabled, preventing the initiation
of the convergence process. You are notified of the event with an SNMP
trap. An edge port remains disabled until you enable it again with the
management software, such as with the ENABLE SWITCH PORT
command in the command line.