Feature |
Product |
Release introduced |
---|---|---|
Bridge Protocol Data Unit (BPDU) Guard |
5320 Series |
Fabric Engine 8.6 |
5420 Series |
VOSS 8.4 |
|
5520 Series |
VOSS 8.2.5 |
|
5720 Series |
Fabric Engine 8.7 |
The switch supports Bridge Protocol Data Unit (BPDU) Guard for STGs, RSTP, and MSTP.
Spanning Tree eliminates loops in a network. A bridge that participates in spanning tree uses BPDUs to exchange information with other bridges. The bridges select a single bridge as the root bridge based on the BPDU information exchange. The bridge with the lowest priority becomes the root bridge. If all bridges share the same priority, the bridge with the lowest bridge ID becomes the root bridge. This process is the root selection process.
After you add a new bridge to the network, or remove an existing bridge, the bridges repeat the root selection process, and then select a new root bridge.
To ensure the correct operation of Spanning Tree in the network, BPDU Guard protects the stability of the Root Bridge by dropping stray, unexpected, or unwanted BPDU packets entering a port, and immediately shutting down those ports for a specified time period. BPDU Guard is normally enabled on access ports connecting to end user devices such as servers that are not expected to operate Spanning Tree.
Use BPDU Guard to achieve the following results:
Block the root selection process after an edge device, such as a laptop that uses Linux with STP enabled, is added to the network. Blocking the root selection process prevents unknown devices from influencing the spanning tree topology.
Block BPDU flooding of the switch from an unknown device.
You can enable or disable BPDU Guard on an individual port basis, regardless of the spanning tree state. Each port uses a timer to determine port-state recovery.
After you enable BPDU Guard on a port and the port receives a BPDU, the following actions occur:
The guard disables the port.
The switch generates an SNMP trap and alarm, and the following log message:
BPDU Guard - Port <slot/port> is being shutdown by BPDU Guard, timeout <time_seconds>
The port timer begins.
The port remains in the disabled state until the timer expires.
If you disable BPDU Guard before the timer expires, the timer stops and the port remains in the disabled state. You must manually enable the port.
BPDU Guard is enabled at the interface level. You can configure the BPDU Guard timer for each port, for 10 to 65535 seconds. If you set the port timer to zero, it will not expire.