beautypg.com

Xms-1024p – Luxul XMS-1024P User Manual

Page 108

background image

108

XMS-1024P

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XMS-1024P Vers: 081314

Root Protect

A CIST and its Secondary Root Bridges should be located in the High-Bandwidth core
Region. Poor configuration or malicious attacks may result in configuration BPDU
packets with higher Priorities being received by the Root Bridge, which can cause the
current Root Bridge to lose its position and Network topology inconsistencies to occur.
In this case traffic that should travel along high-speed links will be forced to low-speed
links and Network congestion will occur.

To avoid this, MSTP provides the Root Protect function. Ports with this function enabled
can only be set as Designated Ports in any Spanning Tree Instances. When a Port of this
type receives BDPU packets with higher priority, it changes its state to Blocking state
and stops forwarding packets (as if it is disconnected from the link). The Port resumes a
normal state if it does not receive any configuration BPDU packets with higher priorities
for a period of 2 x the Forward Delay.

TC Protect

The Switch will remove MAC Address entries upon receipt of TC-BPDU packets. If a
device or user maliciously sends a large number of TC-BPDU packets, the Switch will
be kept busy removing MAC Address entries, which will reduce the performance and
stability of the Network.

To prevent the Switch from removing MAC Address entries, you can enable the TC
Protect function. With the TC Protect function enabled, if the number of the received
TC-BPDUs exceeds the maximum number set, the Switch will not perform the removal
operation during the TC protect cycle. This prevents the Switch from frequently
removing MAC Address entries.

BPDU Protect

Ports of the Switch directly connected to PCs or Servers are configured as edge Ports
to allow rapid changes to their states. When these Ports receive BPDUs, the system
automatically configures these Ports as non-edge Ports and regenerates Spanning Tree,
this can cause Network topology jitter. Normally these Ports do not receive BPDUs, but
if a device or user maliciously attacks the Switch by sending BPDUs, Network topology
jitter occurs.

To prevent this type of attack, MSTP provides the BPDU Protect function. With this
function enabled, the Switch shuts down the edge Ports that receive BPDUs and reports
the issue to the Network Administrator. If a Port is shut down in this method, only an
Administrator can restore it.