KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5412R zl2 Switch

131

132

133

134

135

136

137

138

139

140

a more secure alternative, implementing port shut down and a detection alert

when errant BPDU frames are received.

CAUTION: Ports configured with the BPDU filter mode remain active (learning

and forward frames). However, spanning tree cannot receive or transmit BPDUs on

the port. The port remains in a forwarding state, permitting all broadcast traffic.

This can create a network storm if there are any loops (that is, redundant links)

using these ports. If you suddenly have a high load, disconnect the link and disable

the BPDU filter (using the no command.)

Example 97 Configure BPDU filtering

To configure BPDU filtering on ports 23 and 24, enter:

HP Switch(config)#: spanning-tree 23,24 bpdu-filter

Viewing BPDU filtering

Syntax:

show spanning-tree[ethernet] port-list configuration

Displays the BPDU's filter state.

Example 98 Viewing BPDU filtering for specific ports within the config file

BPDU filter state is displayed for ports 23 and 24 within the configuration file.

HP Switch#: show spanning-tree 23,24 config

Spanning Tree Information

STP Enabled [No] : Yes

Mode : RPVST

Switch MAC Address : 0024a8-d60b80

RPVST Enabled VLANs : 10,20

Admin Auto Admin Root Loop TCN BPDU BPDU

Port Edge Edge PtP Grd Grd Grd Flt Guard

----- ----- ---- ----- ---- ---- --- ---- -----

23 No Yes True No No No Yes No

24 No Yes True No No No Yes No

Example 99 Viewing BPDU filtering as separate entries of the spanning tree category within the

running config file

BPDU filters per port are displayed as separate entries of the spanning tree category within the

configuration file.

HP Switch(config)#: show running-config

Running configuration:

spanning-tree

spanning-tree 23 bpdu-filter

spanning-tree 24 bpdu-filter

spanning-tree mode rapid-pvst

Configuring and managing BPDU protection

BPDU protection is a security feature designed to protect the active STP topology by preventing

spoofed BPDU packets from entering the STP domain. In a typical implementation, BPDU protection

would be applied to edge ports connected to end user devices that do not run STP. If STP BPDU

Viewing BPDU filtering 137