Dell POWEREDGE M1000E User Manual

Configuring the Spanning Tree Protocol

641

BPDU Protection

When the switch is used as an access layer device, most ports function as edge

ports that connect to a device such as a desktop computer or file server. The

port has a single, direct connection and is configured as an edge port to

implement the fast transition to a forwarding state. When the port receives a

BPDU packet, the system sets it to non-edge port and recalculates the

spanning tree, which causes network topology flapping. In normal cases, these

ports do not receive any BPDU packets. However, someone may forge BPDU

to maliciously attack the switch and cause network flapping.
BPDU protection can be enabled in RSTP to prevent such attacks. When

BPDU protection is enabled, the switch disables an edge port that has

received BPDU and notifies the network manager about it.