4-32
Multiple Instance Spanning-Tree Operation
Configuring MSTP
Figure 4-7. Example of BPDU Protection Enabled at the Network Edge
The following commands allow you to configure BPDU protection.
Caution This command should only be used to guard edge ports that are not expected
to participate in STP operations. Once BPDU protection is enabled, it will
disable the port as soon as any BPDU packet is received on that interface.
Management
Station
Event Log: port X is disable by STP
Fake STP BPDU
End User
SNMP Trap
SNMP Trap
SNMP Trap
BPDU protection
Switch
STP Domain
Syntax: [no] spanning-tree <port-list> bpdu-protection
Enables/disables the BPDU protection feature on a port
Syntax: [no] spanning-tree <port-list> bpdu-protection-timeout <timeout>
Configures the duration of time when protected ports receiving
unauthorized BPDUs will remain disabled. The default value of
0 (zero) sets an infinite timeout (that is, ports that are disabled
by bpdu-protection are not, by default, re-enabled automatically).
(Range: 0-65535 seconds; Default: 0)
Syntax: [no] spanning-tree trap errant-bpdu
Enables/disables the sending of errant BPDU traps.