BPDU restrict causes a port on which this feature is configured to be disabled as soon as an STP BPDU is received on that port, thus allowing you to enforce the STP domain borders and keep the active topology predictable.
BPDU Restrict shows a BPDU restrict example.
In this figure, loops on the LAN access switches are not prevented since the ports towards the distribution switches are not running STP but Software Redundant Ports (SRP). Currently, ExtremeXOS software cannot run STP on ports that are configured for SRP. STP on the access switch is unaware of the alternate path and therefore cannot prevent the loop that exists across the switches. Configuring a port as an edge mode port alone cannot prevent the loop between the switches because edge ports never send BPDUs. The edge safeguard feature is not able to prevent the loops because STP does not have the information about the alternate path.
To prevent the loops across the switches, the edge safeguard feature can be configured with the BPDU restrict function. When running in BPDU restrict mode, edge safeguard ports send STP BPDUs at a rate of one every two seconds. The port is disabled as soon as an STP BPDU is received on the BPDU restrict port, thereby preventing the loop. Flexibility is provided with an option to re-enable the port after a user specified time period. If a user enables a port while STP has disabled it, the port is operationally enabled; STP is notified and then stops any recovery timeout that has started.
When an STPD is disabled for a BPDU restrict configured port, an STP port in 802.1D operation mode begins forwarding immediately, but in the RSTP or MSTP operation modes, the port remains in the disabled state.
BPDU restrict is available on all of the three operational modes of STP: 802.1D, RSTP, and MSTP.
Although edge safeguard is not available in 802.1D operation mode, when you configure BPDU restrict you do so in a similar way, that is, as an extension of edge safeguard; then only BPDU restrict is available on the port and not edge safeguard.
To configure BPDU restrict, use the command:
To include BPDU restrict functionality when configuring link types or edge safeguard, see Configuring Link Types and Configuring Edge Safeguard.
The example below shows a BPDU restrict configuration:
configure s1 ports edge-safeguard enable 9 bpdu-restrict recovery-timeout 400.
The following is sample output from the show s1 ports command resulting from the configuration:
switch # show s1 ports Port Mode State Cost Flags Priority Port ID Designated Bridge 9 EMISTP FORWARDING 20000 eDee-w-G-- 128 8009 80:00:00:04:96:26:5f:4e Total Ports: 1 ------------------------- Flags: ---------------------------- 1: e=Enable, d=Disable 2: (Port role) R=Root, D=Designated, A=Alternate, B=Backup, M=Master 3: (Config type) b=broadcast, p=point-to-point, e=edge, a=auto 4: (Oper. type) b=broadcast, p=point-to-point, e=edge 5: p=proposing, a=agree 6: (partner mode) d = 802.1d, w = 802.1w, m = mstp 7: i = edgeport inconsistency 8: S = edgeport safe guard active s = edgeport safe guard configured but inactive 8: G = edgeport safe guard bpdu restrict active in 802.1w and mstp g = edgeport safe guard bpdu restrict active in 802.1d 9: B = Boundary, I = Internal 10: r = Restricted Role switch # show configuration stp # # Module stp configuration. # configure mstp region 000496265f4e configure stpd s0 delete vlan default ports all disable stpd s0 auto-bind vlan default create stpd s1 configure stpd s1 mode dot1w enable stpd s0 auto-bind vlan Default configure stpd s1 add vlan v1 ports 9 emistp configure stpd s1 ports mode emistp 9 configure stpd s1 ports cost auto 9 configure stpd s1 ports port-priority 128 9 configure stpd s1 ports link-type edge 9 configure stpd s1 ports edge-safeguard enable 9 recovery-timeout 400 configure stpd s1 ports bpdu-restrict enable 9 recovery-timeout 400 enable stpd s1 ports 9 configure stpd s1 tag 10 enable stpd s1
The following is sample output for STP operation mode dot1d from the show configuration stp command:
switch # show configuration stp # # Module stp configuration. # configure mstp region region2 configure stpd s0 delete vlan default ports all disable stpd s0 auto-bind vlan default create stpd s1 enable stpd s0 auto-bind vlan Default configure stpd s1 add vlan v1 ports 9 emistp configure stpd s1 ports mode emistp 9 configure stpd s1 ports cost auto 9 configure stpd s1 ports priority 16 9 configure stpd s1 ports link-type edge 9 configure stpd s1 ports edge-safeguard enable 9 recovery-timeout 400 configure stpd s1 ports bpdu-restrict enable 9 recovery-timeout 400 enable stpd s1 ports 9 configure stpd s1 tag 10 enable stpd s1