Supported Platforms
Related Documentation
- EX Series
- Configuring BPDU Protection on an Interface (CLI Procedure)
- Example: Configuring BPDU Protection on Edge Interfaces to Prevent STP Miscalculations on EX Series Switches
- Example: Configuring BPDU Protection on Interfaces to Prevent STP Miscalculations on EX Series Switches
- Understanding Loop Protection for STP, RSTP, VSTP, and MSTP on EX Series Switches
- Understanding Root Protection for STP, RSTP, VSTP, and MSTP on EX Series Switches
- Understanding STP for EX Series Switches
Understanding BPDU Protection for STP, RSTP, and MSTP on EX Series Switches
Networks frequently use multiple protocols simultaneously to achieve different goals and in some cases those protocols might conflict with each other. One such case is when spanning-tree protocols are active on the network, where a special type of switching frame called a bridge protocol data unit (BPDU) can conflict with BPDUs generated on other devices such as PCs. The different kinds of BPDUs are not compatible but they can still be recognized by other devices that use BPDUs and cause network outages. You need to protect any device that recognizes BPDUs from picking up incompatible BPDUs.
Different Kinds of BPDUs
Spanning-tree protocols such as Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), VLAN Spanning Tree Protocol (VSTP), and Multiple Spanning Tree Protocol (MSTP) generate their own BPDUs. These peer STP applications use their BPDUs to communicate, and ultimately, the exchange of BPDUs determines which interfaces block traffic and which interfaces become root ports and forward traffic.
User bridge applications running on a PC can also generate BPDUs. If these BPDUs are picked up by STP applications running on the switch, they can trigger STP miscalculations, and those miscalculations can lead to network outages. Similarly, BPDUs generated by STP protocols can cause problems if they are picked up by devices like PCs that are not using STP. Some mechanism for BPDU protection must be implemented in these cases.
Protecting Switches From Incompatible BPDUs
To protect the state of spanning-tree protocols on switches from outside BPDUs, enable BPDU protection on the interfaces of a switch on which spanning-tree protocols are configured and are connected to user devices (such as PCs)—for example, on edge ports connected to PCs. Use the same strategy when a device on which STP is not configured is connected to a switch through a trunk interface that could be forwarding BPDUs generated by spanning-tree protocols. In this case, you would protect the device from BPDUs generated by the STP on the switch.
To configure BPDU protection on a switch on which spanning-tree protocols are configured, include the bpdu-block-on-edge statement at the [edit protocols (stp| mstp|rstp) ] hierarchy level. To prevent such a switch from forwarding BPDUs generated by spanning-tree protocols to devices, include the bpdu-block statement at the [edit ethernet-switching-options] hierarchy level.
 | Note: You can configure the drop statement under the bpdu-block statement only on interfaces on which no spanning-tree protocol is configured. |
When an interface configured with BPDU protection encounters an incompatible BPDU, it drops that BPDU and then, either shuts down or continues to receive packets other than spanning-tree protocol BPDUs depending on the configuration defined in the bpdu-block statement. If the interface continues to be open after dropping all incompatible BPDUs, all packets except incompatible BPDUs continue to ingress and egress through the interface.
If the interface shuts down after dropping all BPDUs, there are two ways to re-enable the interface:
- Include the disable-timeout (Spanning Trees) statement in the BPDU configuration to enable the interface(s) to automatically return to service when the specified timer expires.
- Issue the operational mode command clear ethernet-switching bpdu-error on the switch.
| Note: You can also configure BPDU drop protection on a specified interface or any interface of an access switch if the interfaces or interfaces do not have a spanning tree protocol configured. See drop for additional information about that option. |
Related Documentation
- EX Series
- Configuring BPDU Protection on an Interface (CLI Procedure)
- Example: Configuring BPDU Protection on Edge Interfaces to Prevent STP Miscalculations on EX Series Switches
- Example: Configuring BPDU Protection on Interfaces to Prevent STP Miscalculations on EX Series Switches
- Understanding Loop Protection for STP, RSTP, VSTP, and MSTP on EX Series Switches
- Understanding Root Protection for STP, RSTP, VSTP, and MSTP on EX Series Switches
- Understanding STP for EX Series Switches
Published: 2014-01-28
Supported Platforms
Related Documentation
- EX Series
- Configuring BPDU Protection on an Interface (CLI Procedure)
- Example: Configuring BPDU Protection on Edge Interfaces to Prevent STP Miscalculations on EX Series Switches
- Example: Configuring BPDU Protection on Interfaces to Prevent STP Miscalculations on EX Series Switches
- Understanding Loop Protection for STP, RSTP, VSTP, and MSTP on EX Series Switches
- Understanding Root Protection for STP, RSTP, VSTP, and MSTP on EX Series Switches
- Understanding STP for EX Series Switches
