Configuring bpdu protection, Configuring bpdu protection -31 – HP 5400ZL User Manual
Page 153
Multiple Instance Spanning-Tree Operation
Configuring MSTP
For example, to configure BPDU filtering on port a9, enter:
ProCurve(config)# spanning-tree a9 bpdu-filter
Viewing BPDU Filtering.
The
spanning-tree show < port> configuration
command displays the BPDU’s filter state.
ProCurve(config)# show spanning-tree a9 config
...
| Path
Prio Admin Auto
Port Type | Cost
rity Edge Edge PtP
Time
Guard Guard Flt
----- --------- + --------- ----- ----- ----- ----- ------ ------ ------ ----
A9
100/1000T | Auto
128
No
Yes
True Global No No
Yes
Admin Hello Root
TCN
BPDU
Column showing BPDU filter status
Figure 4-5. Example of BPDU Filter in Show Spanning Tree Configuration Command
BPDU filters per port are displayed as separate entries of the spanning tree
category within the configuration file.
ProCurve(config)# show configuration
. . .
spanning-tree
spanning-tree A9 bpdu-filter
spanning-tree C7 bpdu-filter
spanning-tree Trk2 priority 4
Rows showing ports with BPDU filters enabled
. . .
Figure 4-6. Example of BPDU Filters in the Show Configuration Command
Configuring BPDU Protection
BPDU protection is a security feature designed to protect the active STP
topology by preventing spoofed BPDU packets from entering the STP domain.
In a typical implementation, BPDU protection would be applied to edge ports
connected to end user devices that do not run STP. If STP BPDU packets are
received on a protected port, the feature will disable that port and alert the
network manager via an SNMP trap as shown in Figure 4-7.
4-31