Show spanning-tree bpdu-protection Displays a summary listing of ports with BPDU protection enabled. To display detailed per-port status information, enter the specific port number (s). BPDU protected ports are displayed as separate entries of the spanning tree. PVST is per-vlan-spanning tree variant. Within MST orPVST you may configure standard (STP)or rapid (RSTP) spanning-tree. With MST multiple instances are started to determine a STP topology, each for a number of vlan's. But there is a maximum number of instances, this wil not be one instance for each vlan! The HP Procurve managed 24-port switch has 10/100BASE-TX autosensing per port and 2 open transceiver slots for media flexibility. The HP Procurve switch 2524 is ideal for low-cost, managed 10/100 connectivity with uplinks. High performance switch design with non-blocking architecture features 9.6 Gbps switch fabric integrated on-chip.
BPDU protection is a security feature designed to protect the active STP topology by preventing spoofed BPDU packets from entering the STP domain. In a typical implementation, BPDU protection would be applied to edge ports connected to end user devices that do not run STP. If STP BPDU packets are received on a protected port, the feature will disable that port and alert the network manager via an SNMP trap as shown in BPDU protection enabled at the network edge.
BPDU protection enabled at the network edge
The following commands allow you to configure BPDU protection on VLANs for which the port is a member.
Syntax:
[no] spanning-tree <port-list> bpdu-protection
Enables/disables the BPDU protection feature on a port.
Default: Disabled.
Syntax:
[no] spanning-tree <port-list> bpdu-protection-timeout <timeout>
Hp Procurve Spanning Tree
Configures the duration of time when protected ports receiving unauthorized BPDUs will remain disabled. The default value of 0 (zero) sets an infinite timeout (that is, ports that are disabled by bpdu-protection are not, by default, re-enabled automatically).
Default: 0
Range: 0 - 65535 seconds
For an example of using this command, see Re-enabling a port blocked by BPDU protection.
Syntax:
Enables/disables the sending of errant BPDU traps.
CAUTION: This command should only be used to guard edge ports that are not expected to participate in STP operations. Once BPDU protection is enabled, it will disable the port as soon as any BPDU packet is received on that interface. |
Syntax:
Hp Procurve Spanning Tree Troubleshooting
show spanning-tree bpdu-protection <port-list>
Hp Procurve Spanning-tree Admin-edge-port
Displays a summary listing of ports with BPDU protection enabled. To display detailed per-port status information, enter the specific port number(s). BPDU protected ports are displayed as separate entries of the spanning tree category within the configuration file.
Displaying BPDU protection status for specific ports
Hp Procurve Spanning Tree Config
Ports disabled by BPDU Protection remain disabled unless BPDU Protection is removed from the switch or by configuring a nonzero BPDU protection timeout. For example, if you want to re-enable protected ports 60 seconds after receiving a BPDU, you would use this command: