Switch 7700 Command reference Guide, v2.0
Table Of Contents
- About This Software Version
- Organization of the Manual
- Intended Readership
- Conventions
- Related Manuals
- Logging in Commands
- authentication-mode
- auto-execute command
- command-privilege level
- databits
- display history-command
- display user-interface
- display users
- flow-control
- free user-interface
- header
- history-command max-size
- idle-timeout
- lock
- modem
- modem auto-answer
- modem timer answer
- parity
- quit
- return
- screen-length
- send
- service-type telnet level
- set authentication password
- shell
- speed
- stopbits
- super
- super password
- sysname
- system-view
- telnet
- user-interface
- user privilege level
- Ethernet Port Configuration Commands
- Ethernet Port Link Aggregation Commands
- VLAN Configuration Commands
- GARP Configuration Commands
- GVRP Configuration Commands
- IP Address Configuration Commands
- ARP Configuration Commands
- DHCP Relay Configuration Commands
- IP Performance Configuration Commands
- Routing Table Display Commands
- Static Route Configuration Command
- RIP Configuration Commands
- OSPF Configuration Commands
- abr-summary
- area
- asbr-summary
- authentication-mode
- default cost
- default interval
- default limit
- default tag
- default type
- default-cost
- default-route-advertise
- display ospf abr-asbr
- display ospf asbr-summary
- display ospf brief
- display ospf cumulative
- display ospf error
- display ospf interface
- display ospf lsdb
- display ospf nexthop
- display ospf peer
- display ospf request-queue
- display ospf retrans-queue
- display ospf routing
- display ospf vlink
- filter-policy export
- filter-policy import
- import-route
- network
- nssa
- ospf
- ospf authentication-mode
- ospf cost
- ospf dr-priority
- ospf mtu-enable
- ospf network-type
- ospf timer dead
- ospf timer hello
- ospf timer poll
- ospf timer retransmit
- ospf trans-delay
- peer
- preference
- reset ospf all
- router id
- silent-interface
- spf-schedule-interval
- stub
- vlink-peer
- Integrated IS-IS Configuration Commands
- area-authentication- mode
- default-route-advertise
- display isis interface
- display isis lsdb
- display isis mesh-group
- display isis peer
- display isis route
- display isis spf-log
- domain-authentication- mode
- filter-policy export
- filter-policy import
- ignore-lsp-checksum- error
- import-route
- isis
- isis authentication-mode
- isis circuit-level
- isis cost
- isis dis-priority
- isis enable
- isis mesh-group
- isis timer csnp
- isis timer dead
- isis timer hello
- isis timer lsp
- isis timer retransmit
- is-level
- log-peer-change
- network-entity
- preference
- reset isis all
- reset isis peer
- set-overload
- silent-interface
- spf-delay-interval
- spf-slice-size
- summary
- timer lsp-max-age
- timer lsp-refresh
- timer spf
- BGP Configuration Commands
- aggregate
- bgp
- compare-different-as- med
- confederation id
- confederation nonstandard
- confederation peer-as
- dampening
- debugging bgp
- default local-preference
- default med
- display bgp group
- display bgp network
- display bgp paths
- display bgp peer
- display bgp routing-table
- display bgp routing-table as-path-acl
- display bgp routing-table cidr
- display bgp routing-table community
- display bgp routing-table community-list
- display bgp routing-table dampening
- display bgp routing-table different-origin-as
- display bgp routing-table flap-info
- display bgp routing-table peer
- display bgp routing-table regular-expression
- filter-policy export
- filter-policy import
- group
- import-route
- ip as-path acl
- ip community-list
- network
- peer advertise-community
- peer allow-as-loop
- peer as-number
- peer as-path-acl
- peer connect-interface
- peer default-route-advertise
- peer description
- peer ebgp-max-hop
- peer enable
- peer filter-policy
- peer group
- peer ip-prefix
- peer next-hop-local
- peer public-as-only
- peer reflect-client
- peer route-policy
- peer route-update-interval
- peer timer
- reflect between-clients
- reflect cluster-id
- reset bgp
- reset bgp flap-info
- reset bgp group
- reset dampening
- summary automatic
- timer
- IP Routing Policy Configuration Commands
- apply as-path
- apply community
- apply cost
- apply cost-type
- apply ip next-hop
- apply isis
- apply local-preference
- apply origin
- apply tag
- display ip ip-prefix
- display route-policy
- filter-policy export
- filter-policy import
- if-match { acl | ip-prefix }
- if-match as-path
- if-match community
- if-match cost
- if-match interface
- if-match ip next-hop
- if-match tag
- ip ip-prefix
- route-policy
- Route Capacity Configuration Commands
- GMRP Configuration Commands
- IGMP Snooping Configuration Commands
- Multicast Common Configuration Commands
- PIM Configuration Commands
- ACL Configuration Command List
- QoS Configuration Commands List
- display mirroring-group
- display priority-trust
- display qos cos-local-precedence- map
- display qos-interface queue-scheduler
- display qos-interface all
- display qos-interface traffic-bandwidth
- display qos-interface traffic-limit
- display qos-interface traffic-priority
- display qos-interface traffic-red
- display qos-interface traffic-statistic
- mirroring-group
- priority
- priority trust
- priority-trust
- qos cos-local-precedence- map
- queue-scheduler
- reset traffic-statistic
- traffic-bandwidth
- traffic-limit
- traffic-priority
- traffic-red
- traffic-statistic
- Logon user’s ACL Control Command
- RSTP Configuration Commands
- MSTP Configuration Commands
- active region-configuration
- check region-configuration
- display stp
- display stp region-configuration
- instance
- region-name
- reset stp
- revision-level
- stp
- stp bpdu-protection
- stp bridge-diameter
- stp bridge-priority
- stp edged-port
- stp instance cost
- stp instance port priority
- stp instance root primary
- stp instance root secondary
- stp interface
- stp interface edged-port
- stp interface instance cost
- stp interface instance port priority
- stp interface loop-protection
- stp interface mcheck
- stp interface point-to-point
- stp interface root-protection
- stp interface transit-limit
- stp loop-protection
- stp max-hops
- stp mcheck
- stp mode
- stp point-to-point
- stp region-configuration
- stp root-protection
- stp timer forward-delay
- stp timer hello
- stp timer max-age
- stp transit-limit
- vlan-mapping modulo
- 802.1x Configuration Commands
- AAA Configuration Commands
- RADIUS Protocol Configuration Commands
- data-flow-format
- display local-server statistics
- display radius
- display radius statistics
- display stop-accounting-buffer
- key
- local-server
- primary accounting
- primary authentication
- radius scheme
- reset stop-accounting-buffer
- retry
- retry realtime-accounting
- retry stop-accounting
- secondary accounting
- secondary authentication
- server-type
- state
- stop-accounting-buffer enable
- timer
- timer realtime-accounting
- user-name-format
- VRRP Configuration Commands
- HA Configuration Commands
- File System Management Commands
- Configuration File Management Commands
- FTP Server Configuration Commands
- FTP Client Commands
- TFTP Configuration Commands
- MAC Address Table Management Commands
- Device Management Commands
- Basic System Configuration and Management Commands
- System Status and System Information Display Commands
- System Debug Commands
- Network Connection Test Commands
- Log Commands
- display channel
- display info-center
- info-center console channel
- info-center enable
- info-center logbuffer
- info-center loghost
- info-center monitor channel
- info-center snmp channel
- info-center source
- info-center timestamp
- info-center trapbuffer
- rename channel
- reset logbuffer
- reset trapbuffer
- terminal debugging
- terminal logging
- terminal monitor
- terminal trapping
- SNMP Configuration Commands
- display snmp-agent community
- display snmp-agent
- display snmp-agent group
- display snmp-agent mib-view
- display snmp-agent statistics
- display snmp-agent sys-info contact
- display snmp-agent sys-info location
- display snmp-agent sys-info version
- display snmp-agent usm-user
- snmp-agent local-engineid
- snmp-agent community
- snmp-agent group
- snmp-agent mib-view
- snmp-agent packet max-size
- snmp-agent sys-info
- snmp-agent target-host
- snmp-agent trap enable
- snmp-agent trap life
- snmp-agent trap queue-size
- snmp-agent trap source
- snmp-agent usm-user
- undo snmp-agent
- RMON Configuration Commands
- NTP Configuration Commands
- debugging ntp-service
- display ntp-service sessions
- display ntp-service status
- display ntp-service trace
- ntp-service access
- ntp-service authentication enable
- ntp-service authentication-keyid
- ntp-service broadcast-client
- ntp-service broadcast-server
- ntp-service max-dynamic sessions
- ntp-service multicast-client
- ntp-service multicast-server
- ntp-service refclock-master
- ntp-service reliable authentication-keyid
- ntp-service source-interface
- ntp-service in-interface disable
- ntp-service unicast-peer
- ntp-service unicast-server
MSTP Configuration Commands 323
Parameter
None
Description
■ Use the stp bpdu-protection command to enable the BPDU protection on
the switch.
■ Use the undo stp bpdu-protection command to restore the default state of
BPDU protection.
By default, BPDU protection is disabled.
Generally, the access ports of the access layer devices are directly connected to
user terminals (such as PC) or file servers. In this case, the access ports are set to
edge ports to implement fast state transition. However, when such access ports
receive configuration BPDU, the system will automatically set them to non-edge
ports and recalculate the spanning tree, which makes the network topology flap.
These ports will not receive any STP configuration BPDU in normal cases. Anyway,
if someone maliciously attacks the switch with fake configuration BPDU, the
network will flap.
MSTP provides BPDU protection function to avoid such attack: After configured
with BPDU protection, the switch will disable the edge port through MSTP, which
receives a BPDU, and notify the network manager at same time. These ports can
be resumed by the network manager only.
Example
Enable BPDU protection on the switch.
[SW7700]stp bpdu-protection
stp bridge-diameter Syntax
stp bridge-diameter bridgenum
undo stp bridge-diameter
View
System view
Parameter
bridgenum: Ranges from 2 to 7 and defaults to 7.
Description
■ Use the stp bridge-diameter command to configure the switching network
diameter.
■ Use the undo stp bridge-diameter command to restore the default network
diameter.
The network diameter refers to the maximum count of switches on the path
between any two terminal devices. The definition of network diameter is the
maximum count of switches between the farthest communication ends.