beautypg.com

No agreement check configuration example, Configuring protection functions, Configuration prerequisites – H3C Technologies H3C S7500E Series Switches User Manual

Page 190: Enabling bpdu guard

background image

13-38

No Agreement Check configuration example

1) Network

requirements

As shown in

Figure 13-9

,

Device A connects to Device B, a third-party device that has different MSTP implementation. Both
devices are in the same region.

Device B is the regional root bridge, and Device A is the downstream device.

Figure 13-9

No Agreement Check configuration

2) Configuration

procedure

# Enable No Agreement Check on GigabitEthernet 2/0/1 of Device A.

system-view

[DeviceA] interface gigabitethernet 2/0/1

[DeviceA-GigabitEthernet2/0/1] stp no-agreement-check

Configuring Protection Functions

An MSTP-enabled device supports the following protection functions:

BPDU guard

Root guard

Loop guard

TC-BPDU guard

Configuration prerequisites

MSTP has been correctly configured on the device.

Enabling BPDU guard

For access layer devices, the access ports generally connect directly with user terminals (such as PCs)
or file servers. In this case, the access ports are configured as edge ports to allow rapid transition.
When these ports receive configuration BPDUs, the system will automatically set these ports as
non-edge ports and start a new spanning tree calculation process. This will cause a change of network
topology. Under normal conditions, these ports should not receive configuration BPDUs. However, if
someone forges configuration BPDUs maliciously to attack the devices, network instability will occur.

MSTP provides the BPDU guard function to protect the system against such attacks. With the BPDU
guard function enabled on the devices, when edge ports receive configuration BPDUs, MSTP will
close these ports and notify the NMS that these ports have been closed by MSTP. Those ports closed
thereby can be restored only by the network administers.

Make this configuration on a device with edge ports configured.

Follow these steps to enable BPDU guard:

To do...

Use the command...

Remarks

Enter system view

system-view

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: