The Extreme Networks SpanGuard feature helps protect your network from two situations that can cause a Denial of Service (DoS) condition: repeated topology change notifications and an unwanted bridge being inserted into and forcing traffic through the topology. SpanGuard increases security and reliability by preventing Spanning Tree respans that can occur when BPDUs are received on user ports and notifies network management that they were attempted.
If a SpanGuard enabled port receives a BPDU, it becomes locked and transitions to the blocking state. It only transitions out of the blocking state after a globally specified time or when it is manually unlocked. By default, SpanGuard is globally disabled on the S- K- and 7100-Series devices and must be globally enabled to operate on all user ports. For more information, see Understanding How Spanning Tree Operates.
Span Guard Autounlock sets the automatic unlocking of spanguard-locked ports when operstatus is not up (for example, link loss). When the value is enable the port become unlocked. When the value is disable the port remains locked until manually unlocked using the set spantree spanguard-autounlock or clear spantree spanguard-autounlock commands.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB