R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Item Descri

tion

BPDU Guard

Whether to enable BPDU guard globally:

• Enable—Globally enable BPDU guard.

• Disable—Globally disable BPDU guard.

BPDU guard can protect the firewall from malicious BPDU attacks, thus making

the network topology stable.

Mode

STP can operate in the following mode:

• STP—All ports of the firewall send out STP BPDUs.

• RSTP—All ports of the firewall send out RSTP BPDUs. If the firewall detects that

it is connected with a legacy STP device, the port connecting with the legacy

STP device will automatically migrate to STP-compatible mode.

• MSTP—All ports of the firewall send out MSTP BPDUs. If the firewall detects

that it is connected with a legacy STP device, the port connecting with the

legacy STP device will automatically migrate to STP-compatible mode.

Max Hops

Set the maximum number of hops in an MST region to restrict the region size.

The setting can take effect only when it is configured on the regional root bridge.

Path Cost Standard

Specify the standard for path cost calculation. It can be Legacy, IEEE

802.1D-1998, or IEEE 802.1T.

Bridge Diameter (also

called network diameter,

which cannot be

configured together with

the timers)

Any two stations in a switched network are interconnected through a specific

path composed of a series of devices. The bridge diameter (or the network

diameter) is the number of devices on the path composed of the most devices.

After you set the network diameter, you cannot set the timers. Instead, the firewall

calculates the forward delay, hello time, and max age automatically.

The configured network diameter is effective for CIST only, and not for MSTIs.

Timers (The network

diameter and the timers

cannot be configured at

the same time)

• Forward Delay

Set the delay for the root and designated ports to transit to the forwarding state.

• Hello Time

Hello time is the interval at which the firewall sends hello packets to the

neighboring devices to ensure that the paths are fault-free.

• Max Age

Max age determines how long a configuration BPDU can be held by the firewall.

IMPORTANT:

The settings of hello time, forward delay and max age must meet a certain formula.

Otherwise, the network topology will not be stable. HP recommends you to set the

network diameter and then have the firewall calculate the forward delay, hello time,

and max age automatically.