R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101

Protection t

e Descri

tion

Root Protection

Enable the root guard function.

Configuration errors or attacks may result in configuration BPDUs with their

priorities higher than that of a root bridge, which causes a new root bridge to be

elected and network topology change to occur. The root guard function is used to

address such a problem.

Loop Protection

Enable the loop guard function.

By keeping receiving BPDUs from the upstream device, the firewall can maintain the

state of the root port and other blocked ports. These BPDUs may get lost because of

network congestion or unidirectional link failures. In this case, the firewall will

re-elect a root port, and blocked ports may transit to the forwarding state, causing

loops in the network. The loop guard function is used to address such a problem.

Return to MSTP configuration task list.

MSTP configuration example

Network requirements

Configure MSTP in the network shown in Figure 34 to enable packets of different VLANs to be forwarded

along different MSTIs. The detailed configurations are as follows:

• All devices on the network are in the same MST region.

• Packets of VLAN 10, VLAN 30, VLAN 40, and VLAN 20 are forwarded along MSTI 1, MSTI 3,

MSTI 4, and MSTI 0 respectively.

• Device A and Device B operate at the distribution layer; Device C and Device D operate at the

access layer. VLAN 10 and VLAN 30 are terminated on the distribution layer devices, and VLAN

40 is terminated on the access layer devices, so the root bridges of MSTI 1 and MSTI 3 are Device

A and Device B respectively, while the root bridge of MSTI 4 is Device C.

Figure 34 Network diagram for MSTP configuration

NOTE:

The string “Permit” next to a link in the fi

ure is followed by the VLANs the packets of which are permitted

to pass this link.