4 bpdu hop, 5 bpdu filter, 6 bpdu guard – Siemens S223 User Manual
Page 222: 4 bpdu hop 8.3.9.5 bpdu filter 8.3.9.6 bpdu guard
UMN:CLI User Manual
SURPASS hiD 6615 S223/S323 R1.5
222 A50010-Y3-C150-2-7619
To delete a configured max age, use the following command.
Command Mode
Description
no stp mst max-age
Returns to the default max-age value of STP, RSTP
and MSTP.
no stp pvst max-age VLAN-
RANGE
Bridge
Returns to the default max-age value of PVSTP and
PVRSTP.
8.3.9.4 BPDU
Hop
In MSTP, it is possible to configure the number of hop in order to prevent BPDU from
wandering. BPDU passes the switches as the number of hop by this function.
To configure the number of hop of BPDU in MSTP, use the following command.
Command Mode
Description
stp mst max-hops
<1-40>
Configures the number of hop for BPDU, set the num-
ber of possible hops in the region.
no stp mst max-hops
Bridge
Deletes the number of hop for BPDU in MSTP.
8.3.9.5 BPDU
Filter
BPDU filtering allows you to avoid transmitting on the ports that are connected to an end
system. If the BPDU Filter feature is enabled on the port, then incoming BPDUs will be fil-
tered and BPDUs will not be sent out of the port. To set the BPDU filter on the port, use
the following command.
Command Mode
Description
stp bpdu-filter
{enable | disable}
PORTS
Bridge
Forbids all STP BPDUs to go out the specific port and
not to recognize incoming STP BPDUs the specific
port.
By default, it is disabled. The BPDU filter-enabled port acts as if STP is disabled on the
port. This feature can be used for the ports that are usually connected to an end system
or the port that you don’t want to receive and send unwanted BPDU packets. Be cautious
about using this feature on STP enabled uplink or trunk port. If the port is removed from
VLAN membership, correspond BPDU filter will be automatically deleted.
8.3.9.6 BPDU
Guard
BPDU guard has been designed to allow network designers to enforce the STP domain
borders and keep the active topology predictable. The devices behind the ports with STP
enabled are not allowed to influence the STP topology. This is achieved by disabling the
port upon receipt of BPDU. This feature prevents Denial of Service (DoS) attack on the
network by permanent STP recalculation. That is caused by the temporary introduction
and subsequent removal of STP devices with low (zero) bridge priority.