Supported Platforms
Related Documentation
- QFabric System, QFX Series standalone switches
- Example: Configuring Faster Convergence and Improving Network Stability with RSTP
- Example: Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree
- Example: Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees
- Understanding BPDU Protection for STP, RSTP, and MSTP
Example: Configuring BPDU Protection on STP Interfaces to Prevent STP Miscalculations
The QFX Series products provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). Configure BPDU protection on interfaces to prevent them from receiving BPDUs that could result in STP misconfigurations, which could lead to network outages.
This example describes how to configure BPDU protection on access interfaces in QFX Series products in an RSTP topology:
Requirements
This example uses the following hardware and software components:
- Junos OS Release 11.1 or later for the QFX Series
- Two edged-linked switches in an RSTP topology
 | Note: By default, RSTP is enabled on the QFX Series. |
Overview and Topology
A loop-free network is supported through the exchange of a special type of frame called a bridge protocol data unit (BPDU). However, receipt of BPDUs on certain interfaces in an STP, RSTP, or MSTP topology. It can lead to network outages by triggering an STP misconfiguration. To prevent such outages, enable BPDU protection on those interfaces that should not receive BPDUs.
Enable BPDU protection on switch interfaces connected to user devices or on interfaces on which no BPDUs are expected, such as edge ports. If a BPDU is received on a BPDU-protected interface, the interface is disabled and stops forwarding frames.
Two switches are displayed in Figure 1. In this example, Switch 1 and Switch 2 are configured for RSTP and create a loop-free topology. The interfaces on Switch 2 are access ports.
This example shows you how to configure interface xe-0/0/5 and interface xe-0/0/6 as edge ports and how to configure BPDU protection. When BPDU protection is enabled, the interfaces transition to a blocking state when they receive BPDUs.
Figure 1: BPDU Protection Topology
Table 1 shows the components that will be configured for BPDU protection.
Table 1: Components of the Topology for Configuring BPDU Protection on the QFX Series
Component | Settings |
|---|---|
Switch 1 (Distribution Layer) | Switch 1 is connected to Switch 2 on a trunk interface. |
Switch 2 (Access Layer) | Switch 2 has these access ports that require BPDU protection:
|
This configuration example uses an RSTP topology. You also can configure BPDU protection for STP or MSTP topologies at the [edit protocols (mstp | stp)] hierarchy level.
Configuration
CLI Quick Configuration
To quickly configure BPDU protection on Switch 2, copy the following commands and paste them into the switch terminal window:
[edit] set protocols rstp
interface xe-0/0/5 edge
set protocols rstp interface xe-0/0/6 edge
set protocols
rstp bpdu-block-on-edge Step-by-Step Procedure
To configure BPDU protection:
- Configure interface xe-0/0/5 and interface xe-0/0/6 on Switch 2 as edge ports:
[edit protocols rstp]
user@switch# set interface xe-0/0/5 edge
user@switch#set interface xe-0/0/6 edge - Configure BPDU protection on all edge ports:
[edit protocols rstp]
user@switch# setbpdu-block-on-edge
Results
Check the results of the configuration:
Verification
To confirm that the configuration is working properly, perform these tasks:
- Displaying the Interface State Before BPDU Protection Is Triggered
- Verifying That BPDU Protection Is Working Correctly
Displaying the Interface State Before BPDU Protection Is Triggered
Purpose
Before BPDUs are being received from the devices connected to interface xe-0/0/5 and interface xe-0/0/6, confirm the interface state.
Action
You can verify the interface state using the show spanning-tree interface command:
user@switch> show spanning-tree interface
Spanning tree interface parameters for instance 0
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
xe-0/0/0.0 128:513 128:513 32768.0019e2503f00 20000 BLK DIS
xe-0/0/1.0 128:514 128:514 32768.0019e2503f00 20000 BLK DIS
xe-0/0/2.0 128:515 128:515 32768.0019e2503f00 20000 BLK DIS
xe-0/0/3.0 128:516 128:516 32768.0019e2503f00 20000 FWD DESG
xe-0/0/4.0 128:517 128:517 32768.0019e2503f00 20000 FWD DESG
xe-0/0/5.0 128:518 128:518 32768.0019e2503f00 20000 FWD DESG
xe-0/0/6.0 128:519 128:519 32768.0019e2503f00 20000 FWD DESG
[output truncated]
Meaning
The output shows that interface xe-0/0/5.0 and interface xe-0/0/6.0 are designated ports in a forwarding state.
Verifying That BPDU Protection Is Working Correctly
Purpose
In this example, the devices connected to Switch 2 start sending BPDUs to interface xe-0/0/5.0 and interface xe-0/0/6.0 . Verify that BPDU protection is configured on the interfaces.
Action
You can verify that BPDU protection is configured on the interfaces by using the show spanning-tree interface command:
user@switch> show spanning-tree interface
Spanning tree interface parameters for instance 0
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
xe-0/0/0.0 128:513 128:513 32768.0019e2503f00 20000 BLK DIS
xe-0/0/1.0 128:514 128:514 32768.0019e2503f00 20000 BLK DIS
xe-0/0/2.0 128:515 128:515 32768.0019e2503f00 20000 BLK DIS
xe-0/0/3.0 128:516 128:516 32768.0019e2503f00 20000 FWD DESG
xe-0/0/4.0 128:517 128:517 32768.0019e2503f00 20000 FWD DESG
xe-0/0/5.0 128:518 128:518 32768.0019e2503f00 20000 BLK DIS (Bpdu—Incon)
xe-0/0/6.0 128:519 128:519 32768.0019e2503f00 20000 BLK DIS (Bpdu—Incon)
xe-0/0/7.0 128:520 128:1 16384.00aabbcc0348 20000 FWD ROOT
xe-0/0/8.0 128:521 128:521 32768.0019e2503f00 20000 FWD DESG
[output truncated]
Meaning
When BPDUs are sent from the devices to interface xe-0/0/5.0 and interface xe-0/0/6.0 on Switch 2, the output from the operational mode command show spanning-tree interface shows that the interfaces have transitioned to a BPDU inconsistent state. The BPDU inconsistent state blocks the interfaces and prevents them from forwarding traffic.
Disabling the BPDU protection configuration on an interface does not unblock the interface. If the disable-timeout statement has been included in the BPDU configuration, the interface automatically returns to service after the timer expires. Otherwise, use the operational mode command clear ethernet-switching bpdu-error to unblock the interface.
If the devices connected to Switch 2 send BPDUs to the interfaces again, BPDU protection is triggered once more and the interfaces transition back to the BPDU inconsistent state. In such cases, you need to find and repair the misconfiguration on the devices that is triggering the sending of BPDUs to Switch 2.
Related Documentation
- QFabric System, QFX Series standalone switches
- Example: Configuring Faster Convergence and Improving Network Stability with RSTP
- Example: Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree
- Example: Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees
- Understanding BPDU Protection for STP, RSTP, and MSTP
Published: 2014-07-23
Supported Platforms
Related Documentation
- QFabric System, QFX Series standalone switches
- Example: Configuring Faster Convergence and Improving Network Stability with RSTP
- Example: Configuring Loop Protection to Prevent Interfaces from Transitioning from Blocking to Forwarding in a Spanning Tree
- Example: Configuring Root Protection to Enforce Root Bridge Placement in Spanning Trees
- Understanding BPDU Protection for STP, RSTP, and MSTP
