RSTP Configuration 555causes the network topology to reconfigure and may cause links to switch state. Innormal cases, these ports will not receive STP BPDU. If someone forges a BPDU toattack the Switch, the network topology to reconfigure. BPDU protection function isused against such network attack.In case of configuration error or malicious attack, the primary root may receive theBPDU with a higher priority and then lose its place, which causes network topologychange errors. Due to the erroneous change, the traffic supposed to travel over thehigh-speed link may be pulled to the low-speed link and congestion will occur on thenetwork. Root protection function is used against such problem.The root port and other blocked ports maintain their state according to the BPDUssent by the uplink Switch. Once the link is blocked or encountering a faulty condition,the ports cannot receive BPDUs and the Switch will select the root port again. In thiscase, the former root port will turn into a BPDU specified port and the former blockedports will enter into a forwarding state, as a result, a link loop will be generated.The security functions can control the generation of loops. After it is enabled, the rootport cannot be changed, the blocked port will remain in “Discarding” state and willnot forward packets, thus avoiding link loops.You can use the following command to configure the security functions of theSwitch.Perform the following configuration in corresponding views.Table 613 Configure the Switch Security FunctionAfter being configured with BPDU protection, the Switch will disable the edge portthrough RSTP, which receives a BPDU, and notify the network manager at the sametime. Only the network manager can resume these ports.The port configured with Root protection only plays a role of a designated port.Whenever such a port receives a higher-priority BPDU when it is about to turn into anon-designated port, it will be set to a listening state and not forward packets anymore (as if the link to the port is disconnected). If the port has not received anyhigher-priority BPDU for a certain period of time thereafter, it will resume to thenormal state.When you configure a port, only one configuration at a time can be effective amongloop protection, root protection, and edge port configuration.By default, the Switch does not enable loop protection, BPDU protection or Rootprotection.Operation CommandConfigure Switch BPDU protection (from System View) stp bpdu-protectionRestore the disabled BPDU protection state, as defaulted,(from System View).undo stp bpdu-protectionConfigure Switch Root protection (from Ethernet Port View) stp root-protectionRestore the disabled Root protection state, as defaulted,(from Ethernet Port View)undo stp root-protectionConfigure Switch loop protection function (from EthernetPort View)stp loop-protectionRestore the disabled loop protection state, as defaulted(from Ethernet Port View)undo stp loop-protection
