Spanning-tree bpdu-protection – Dell POWEREDGE M905 User Manual
Page 472

464
Spanning Tree Commands
www
.dell.com | support.dell.com
Syntax
spanning-tree bpdu {filtering | flooding}
no spanning-tree bpdu
•
filtering—Filter BPDU packets when spanning-tree is disabled on an interface.
•
flooding—Flood BPDU packets when spanning-tree is disabled on an interface.
Default Configuration
The default parameter value is flooding.
Command Mode
Global Configuration mode
User Guidelines
This command is relevant when spanning-tree is disabled globally or on a single interface.
Example
The following example defines BPDU packet flooding when spanning-tree is disabled on an 
interface
.
console(config)#spanning-tree bpdu flooding
spanning-tree bpdu-protection
Use the spanning-tree bpdu-protection command in Global Configuration mode to enable BPDU 
protection on a switch. Use the no form of this command to resume the default status of BPDU 
protection function.
For an access layer device, the access port is generally connected to the user terminal (such as a PC) 
or file server directly and configured as an edge port to implement the fast transition. When the 
port receives a BPDU packet, the system sets it to non-edge port and recalculates the spanning tree, 
which causes network topology flapping. In normal cases, these ports do not receive any BPDU 
packets. However, someone may forge BPDU to maliciously attack the switch and cause network 
flapping.
RSTP provides BPDU protection function against such attack. After BPDU protection function is 
enabled on a switch, the system disables an edge port that has received BPDU and notifies the 
network manager about it. The disabled port can only be enabled by the no version of the 
command.
Syntax
spanning-tree bpdu-protection
no spanning-tree bpdu-protection
