Reference Guide
Congure EdgePort
OS10(conf-if-eth1/1/4)# spanning-tree port type edge
View interface status
OS10# show spanning-tree interface ethernet 1/1/4
ethernet1/1/4 of MSTI 0 is designated Forwarding
Edge port:yes port guard :none (default)
Link type is point-to-point (auto)
Boundary: YES bpdu filter :disable bpdu guard :disable bpduguard shutdown-on-
violation :disable RootGuard: disable LoopGuard disable
Bpdus (MRecords) sent 610, received 5
Interface Designated
Name PortID Prio Cost Sts Cost Bridge ID PortID
--------------------------------------------------------------------------
ethernet1/1/4 128.272 128 500 FWD 0 32768 90b1.1cf4.a911 128.272
==========================================================================
Spanning-tree extensions
STP extensions provide a means to ensure ecient network convergence by securely enforcing the active network topology. OS10
supports BPDU ltering, BPDU guard, root guard, and loop guard STP extensions.
BPDU ltering Protects the network from unexpected ooding of BPDUs from an erroneous device. Enabling BPDU Filtering
instructs the hardware to drop BPDUs and prevents ooding from reaching the CPU. BPDU ltering is enabled by
default on Edge ports. All BPDUs received on the Edge port are dropped. If you explicitly congure BPDU ltering
on a port, that port drops all BPDUs that it receives.
BPDU guard Blocks the L2 bridged ports and LAG ports connected to end hosts and servers from receiving any BPDUs. When
you enable BPDU guard, it places a port (bridge or LAG) in the Error_Disable or Blocking state if the port receives
any BPDU frames. In a LAG, all member ports (including new members) are placed in the Blocking state. The
network trac drops but the port continues to forward BPDUs to the CPU that are later dropped. To prevent
further reception of BPDUs, congure a port to shut down using the
shutdown command. The port can only
resume operation from Shutdown state after manual intervention.
Root guard Avoids bridging loops and preserves the root bridge position during network transitions. STP selects the root bridge
with the lowest priority value. During network transitions, another bridge with a lower priority may attempt to
become the root bridge and cause unpredictable network behavior. Congure the spanning-tree guard
root command to avoid such an attempt and preserve the position of the root bridge. Root guard is enabled on
ports that are designated ports. The root guard conguration applies to all VLANs congured on the port.
Loop guard Prevents L2 forwarding loops caused by a hardware failure (cable failure or an interface fault). When a hardware
failure occurs, a participating spanning tree link becomes unidirectional and a port stops receiving BPDUs. When a
blocked port stops receiving BPDUs, it transitions to a Forwarding state causing spanning tree loops in the
network. Enable loop guard on a port that transitions to the Loop-Inconsistent state until it receives BPDUs using
the
spanning-tree guard loop command. After BPDUs are received, the port moves out of the Loop-
Inconsistent (or blocking) state and transitions to an appropriate state determined by STP. Enabling loop guard on a
per-port basis enables it on all VLANs congured on the port. If you disable loop guard on a port, it moves to the
Listening state.
If you enable BPDU Filter and BPDU Guard on the same port, the BPDU Filter conguration takes precedence. Root Guard and Loop Guard
are mutually exclusive. Conguring one overwrites the other from the active conguration.
1 Enable spanning-tree BPDU lter in INTERFACE mode.
spanning-tree bpdufilter enable
• To shut down the port channel interface, all member ports are disabled in the hardware.
• To add a physical port to a port-channel already in the Error Disable state, the new member port is also disabled in the hardware.
• To remove a physical port from a port-channel in Error Disable state, the Error Disabled state clears on this physical port (the
physical port is enabled in the hardware).
Layer 2
213