Configuring bpdu protection, Configuring bpdu protection -31 – HP 5400ZL User Manual

Multiple Instance Spanning-Tree Operation

Configuring MSTP

For example, to configure BPDU filtering on port a9, enter:

ProCurve(config)# spanning-tree a9 bpdu-filter

Viewing BPDU Filtering.

The

spanning-tree show < port> configuration

command displays the BPDU’s filter state.

ProCurve(config)# show spanning-tree a9 config

...

| Path

Prio Admin Auto

Port Type | Cost

rity Edge Edge PtP

Time

Guard Guard Flt

----- --------- + --------- ----- ----- ----- ----- ------ ------ ------ ----

A9

100/1000T | Auto

128

No

Yes

True Global No No

Yes

Admin Hello Root

TCN

BPDU

Column showing BPDU filter status

Figure 4-5. Example of BPDU Filter in Show Spanning Tree Configuration Command

BPDU filters per port are displayed as separate entries of the spanning tree
category within the configuration file.

ProCurve(config)# show configuration

. . .

spanning-tree

spanning-tree A9 bpdu-filter

spanning-tree C7 bpdu-filter

spanning-tree Trk2 priority 4

Rows showing ports with BPDU filters enabled

. . .

Figure 4-6. Example of BPDU Filters in the Show Configuration Command

Configuring BPDU Protection

BPDU protection is a security feature designed to protect the active STP
topology by preventing spoofed BPDU packets from entering the STP domain.
In a typical implementation, BPDU protection would be applied to edge ports
connected to end user devices that do not run STP. If STP BPDU packets are
received on a protected port, the feature will disable that port and alert the
network manager via an SNMP trap as shown in Figure 4-7.

4-31