Filter
Top Products
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
156
15
BPDU ATTACK PROTECTION COMMANDS
In a network, customers do not want all the ports of the device to receive STP packets, because some ports that receive
STP BPDU packets will waste system resources.
If the ports are not expected to receive BPDU packets, BPDU attack protection will prevent some ports from receiving
them. The port where BPDU attack protection function is enabled will enter protection state (drop/block/disable) when it
receives a STP BPDU packet.
The BPDU Attack Protection commands in the Command Line Interface (CLI) are listed (along with the appropriate
parameters) in the following table.
Command Parameters
config bpdu_protection ports [<portlist> | all ] {state [enable | disable] | mode [ drop | block | shutdown} (1)
config bpdu_protection recovery_timer [<sec 60-1000000> | infinite]
config bpdu_protection [trap | log ] [ none | attack_detected | attack_cleared | both ]
enable bpdu_protection
disable bpdu_protection
show bpdu_protection {ports {<portlist>}}
Each command is listed, in detail, in the following sections.
config bpdu_protection ports
Purpose Used to configure bpdu_protection state and mode.
Syntax
config bpdu_protection ports [<portlist> | all ] {state [enable | disable] | mode [ drop |
block | shutdown} (1)
Description The config bpdu_protection ports command is used to configure the BPDP protection
function for the ports on the switch. In generally, there are two states in BPDU protection
function. One is normal state, and another is under attack state. The under attack state have
three modes: drop, block, and shutdown. A BPDU protection enabled port will enter under
attack state when it receives one STP BPDU packet. And it will take action based on the
configuration. Thus, BPDU protection can only be enabled on STP-disabled port.
BPDU protection has high priority than fbpdu setting configured by configure STP command
in determination of BPDU handling. That is, when fbpbu is configured to forward STP BPDU
but BPDU protection is enabled, then the port will not forward STP BPDU.
BPDU protection also has high priority than BPDU tunnel port setting in determination of
BPDU handling.
That is, when a port is configured as BPDU tunnel port for STP, it will forward STP BPDU.
But if the port is BPDU protection enabled. Then the port will not forward STP BPDU
Parameters
portlist - Specified a range of ports to be configured (port number).
all - For set all ports in the system, you may use “all” parameter.
state - Specified the bpdu_protection state. The default state is disable
enable - Enable bpdu_protection
disable - Disable bpdu_protection
mode - Specified the bpdu_protection mode. The default mode is shutdown
drop - Drop all received BPDU packets when the port enters under_attack state.
block - Drop all packets (include BPDU and normal packets) when the port enters
under_attack state.