DES-1228/ME Metro Ethernet Managed Switch CLI Reference Guide
368
config bpdu_protection ports
Purpose
Used to configure the BPDU Attack Protection state and mode of a port.
Syntax
config bpdu_protection ports[<portlist> | all ] {state [enable | disable] | mode [ drop | block |
shutdown } (1)
Description
This command is used to setup the BPDU Attack Protection function for the ports on the switch.
The config bpdu_protection ports command is used to configure the BPDU protection function for
ports on the Switch. There are two states of BPDU attack protection function; the normal state and
the under attack state. The under attack state has three modes: drop, block, and shutdown
modes. A BPDU attack protection enabled port will enter under attack state when it receives an
STP BPDU frame, then take action based on the configuration mode. BPDU attack protection can
ONLY be used for ports that do not have STP enabled.
STP for ports and BPDU attack protection on ports are not compatible. Furthermore BPDU attack
protection enabled on a port effectively disables all STP function on the port. Keep in mind the
following points regarding this:
BPDU attack protection has a higher priority than STP BPDU forwarding (i.e. the fbpdu setting of
the config stp command is enabled) when determining how to handle BPDU. That is, when fbpbu
is enabled to forward STP BPDU frames AND the BPDU attack protection function is enabled, the
port will not forward STP BPDU frames.
BPDU attack protection has a higher priority than BPDU tunnel port setting (i.e. config
bpdu_tunnel ports command) when determining how to handle BPDU. That is, when BPDU
tunneling is enabled on a port AND the BPDU attack protection function is enabled, then BPDU
tunneling is effectively disabled on the port.
Parameters
portlist – Specifies a range of ports to be configured.
all – In order to set all ports in the system, you may use the “all” parameter.
state – Specifies the state of BPDU Attack Protection. The default state is disable.
enable – Enables the port or ports for BPDU Attack Protection.
disable – Disables the port or ports for BPDU Attack Protection.
mode – Specifies the BPDU Attack Protection mode.
drop – Will drop all RX BPDU packets when the port enters under attack state.
block – Will drop all RX packets (include BPDU and normal packets) when the port enters under
attack state.
shutdown – Will shut down the port when the port enters the under attack state.
Note: The RX BPDU Attack Protection takes effect only when the port enters under
attack state while in drop and block mode.
Restrictions
Only Administrator level, Operator level or Power User level users can issue this command.