Supported Platforms
Understanding BPDU Protection for STP, RSTP, and MSTP
 | Note: You can disable BPDU protection on interfaces by issuing the set ethernet-switching-options bpdu-block interface-name disable command. |
A Juniper Networks QFX Series product provides Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), VLAN Spanning Tree Protocol (VSTP), and Multiple Spanning Tree Protocol (MSTP). Bridge protocol data unit (BPDU) protection can help prevent STP misconfigurations that can lead to network outages.
A loop-free network is supported through the exchange of a special type of frame called a BPDU. Receipt of BPDUs on certain interfaces in an STP, RSTP, VSTP, or MSTP topology, however, can lead to network outages. Enable BPDU protection on those interfaces to prevent these outages.
Peer STP applications running on the switch interfaces use BPDUs to communicate. Ultimately, the exchange of BPDUs determines which interfaces block traffic and which interfaces become root ports and forward traffic.
However, a user bridge application running on a device connected to the switch can also generate BPDUs. If these BPDUs are picked up by STP applications running on the switch, they can trigger STP miscalculations, and those miscalculations can lead to network outages.
Enable BPDU protection on switch interfaces connected to user devices or on interfaces on which no BPDUs are expected, such as edge ports. If BPDUs are received on a protected interface, the interface is disabled and stops forwarding frames.
Not only can you configure BPDU protection on a switch with a spanning tree, but also on a switch without a spanning tree. This type of topology typically consists of a non-STP switch connected to an STP switch through a trunk interface.
To configure BPDU protection on a switch with a spanning tree, include the bpdu-block-on-edge statement at the [edit protocols (stp | mstp | rstp )] hierarchy level. To configure BPDU protection on a switch without a spanning tree, include the bpdu-block statement at the [edit ethernet-switching-options interface interface-name] hierarchy level.
If BPDUs are sent to an interface (indicating that the misconfiguration has been corrected), the interface can be unblocked in one of two ways:
- If the disable-timeout statement has been included in the BPDU configuration, the interface automatically returns to service after the timer expires.
- Use the operational mode command clear ethernet-switching bpdu-error.
Disabling the BPDU protection configuration does not unblock the interface.
