DGS-3000 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide
134
Chapter 11
BPDU Attack Protection
Command List
config bpdu_protection ports
[<portlist> | all ] {state [enable | disable] | mode [ drop | block |
shutdown} (1)
config bpdu_protection recovery_timer
[<sec 60-1000000> | infinite]
config bpdu_protection
[trap | log] [none | attack_detected | attack_cleared | both]
enable bpdu_protection
disable bpdu_protection
show bpdu_protection
{ports {<portlist>}}
config bpdu_protection ports
11-1
Description
This command is used to configure the BPDP protection function for the ports on the Switch. In
generally, there are two states in BPDU protection function. One is normal state, and another is
under attack state. The under attack state have three modes: drop, block, and shutdown. A BPDU
protection enabled port will enter under attack state when it receives one STP BPDU packet. And it
will take action based on the configuration. Thus, BPDU protection can only be enabled on STP-
disabled port.
BPDU protection has high priority than fbpdu setting configured by configure STP command in
determination of BPDU handling. That is, when fbpbu is configured to forward STP BPDU but
BPDU protection is enabled, then the port will not forward STP BPDU.
Format
config bpdu_protection ports [<portlist> | all ] {state [enable | disable] | mode [ drop | block |
shutdown]}(1)
Parameters
<portlist>
- Enter a range of ports to be configured (port number).
all
- Specify that all the port will be configured.
state
- Specify the BPDU protection state. The default state is disable.
enable
- Specify to enable BPDU protection.
disable
- Specify to disable BPDU protection.
mode
- Specify the BPDU protection mode. The default mode is shutdown.
drop
- Drops all received BPDU packets when the port enters under_attack state.
block
- Drops all packets including BPDU and normal packets when the port enters
under_attack state.
shutdown
- Shuts down the port when the port enters under_attack state.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To set the port state enable and drop mode:
Содержание DGS-3000 series
Страница 1: ......