Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Understanding BPDU Protection for STP, RSTP, and MSTP on EX Series Switches

Different Kinds of BPDUs

Spanning-tree protocols such as Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), VLAN Spanning Tree Protocol (VSTP), and Multiple Spanning Tree Protocol (MSTP) generate their own BPDUs. These peer STP applications use their BPDUs to communicate, and ultimately, the exchange of BPDUs determines which interfaces block traffic and which interfaces become root ports and forward traffic.

User bridge applications running on a PC can also generate BPDUs. If these BPDUs are picked up by STP applications running on the switch, they can trigger STP miscalculations, and those miscalculations can lead to network outages. Similarly, BPDUs generated by STP protocols can cause problems if they are picked up by devices like PCs that are not using STP. Some mechanism for BPDU protection must be implemented in these cases.

Protecting Switches From Incompatible BPDUs

To protect the state of spanning-tree protocols on switches from outside BPDUs, enable BPDU protection on the interfaces of a switch on which spanning-tree protocols are configured and are connected to user devices (such as PCs)—for example, on edge ports connected to PCs. Use the same strategy when a device on which STP is not configured is connected to a switch through a trunk interface that forwards BPDUs generated by spanning-tree protocols. In this case, you protect the device from BPDUs generated by the STP on the switch.

To prevent a switch from forwarding BPDUs generated by spanning-tree protocols to a device, you can enable bpdu-block on an interface.

• On Juniper Networks EX Series Ethernet Switches that run Juniper Networks Junos operating system (Junos OS) that supports the Enhanced Layer 2 Software (ELS) configuration style, enable bpdu-block at the [edit protocols layer2-control ] hierarchy level. To clear the BPDU error, use clear error bpdu interface.
• On EX Series switches that run Junos OS that does not support the ELS configuration style, enable bpdu-block at the [edit ethernet-switching-options] hierarchy level. To clear the BPDU error, use clear ethernet-switching bpdu-error

When an interface configured with BPDU protection encounters an incompatible BPDU, it drops that BPDU and then, either shuts down or continues to receive packets other than spanning-tree protocol BPDUs depending on the configuration defined in the bpdu-block statement. If the interface continues to be open after dropping all incompatible BPDUs, all packets except incompatible BPDUs continue to ingress and egress through the interface.

If the interface shuts down after dropping all BPDUs, you can re-enable the interface as follows:

• On Juniper Networks EX Series switches runningJuniper Networks Junos operating system (Junos OS) that supports the Enhanced Layer 2 Software (ELS) configuration style:
  • Include the disable-timeout statement at the [edit protocols layer2-control bpdu-block] hierarchy level to enable the interfaces to automatically return to service when the specified timer expires.
  • Issue the operational mode command clear error bpdu interface on the switch.
• On EX Series switches running Junos OS that does not support the ELS configuration style:
  • Include the disable-timeout statement at the [edit ethernet-switching-options bpdu-block] hierarchy level to enable the interfaces to automatically return to service when the specified timer expires.
  • Issue the operational mode command clear ethernet-switching bpdu-error on the switch.