interface (BPDU Blocking)
Syntax
interface (all | [interface-name]);
Hierarchy Level
[edit protocols layer2-control bpdu-block]
[edit ethernet-switching-options bpdu-block]
Description
Applies Bridge Protocol Data Unit (BPDU) protection on all interfaces or on one or more specified interfaces.
Spanning Tree Protocol (STP), Rapid Spanning Tree protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP) provide Layer 2 loop prevention for EX Series switches. The spanning-tree protocols use BPDU frames to communicate. Through their exchange, spanning-tree topologies determine which interfaces block traffic and which interfaces become root ports and forward traffic. User bridge applications running on a PC can also generate BPDUs. If these BPDUs are picked up by STP applications running on the switch, they can trigger STP miscalculations that can lead to network outages.
To block outside BPDUs from reaching a switch interface connected to devices that are not part of a spanning-tree topology, configure BPDU protection on interfaces in the topology.
When configuring BPDU protection on an interface without spanning trees connected to a switch with spanning trees, be careful that you do not configure BPDU protection on all interfaces. Doing so could prevent BPDUs being received on switch interfaces (such as a trunk interface) that you intended to have receive BPDUs from a switch with spanning trees.
Interfaces that are configured as edge interfaces can transition to a forwarding state immediately because they cannot create network loops. As edge ports are connected to end devices, it is imperative that you configure BPDU protection on edge ports to protect the switch from outside BPDUs. When BPDU protection is enabled on an edge interface, the interface shuts down on encountering an outside BPDU thereby preventing any traffic from passing through the interface.
Options
all—All interfaces.
[interface-name]—One or more Ethernet interface names.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
system—To view this statement in the configuration.system-control—To add this statement to the configuration.
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.1.