[f-nsp] STP BPDU filtering
Robert Hass
robhass at gmail.com
Tue Dec 17 16:29:42 EST 2013
If you have enabled spanning-tree for VLAN then "no spanning-tree" on the
port works like BPDU-Filter.
BPDUs are ingress filtered and not sent on this particular port.
Rob
On Mon, Dec 16, 2013 at 10:19 AM, Alexander Shikoff
<minotaur at crete.org.ua>wrote:
> On Sat, Dec 14, 2013 at 11:21:28PM +0100, Robert Hass wrote:
> > int ethe 12/8
> > no spanning-tree
> It is set by default on MLXe.
> And it does not protect from BPDUs receiving and forwarding.
>
> > On Sat, Dec 14, 2013 at 2:12 PM, Alexander Shikoff <[1]
> minotaur at crete.org.ua> wrote:
> >
> > Hi,
> > Recently I noticed that my Brocade MLXe-16 does not drop STP BPDU
> packets
> > even if 'spanning-tree protect' is configured in port-configuration:
> > [2]telnet at lsr1-gdr.ki#show int eth 12/8
> > 10GigabitEthernet12/8 is up, line protocol is up
> > STP Root Guard is disabled, STP BPDU Guard is enabled
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > But there are a lot STP BPDUs coming in that port, and moreover they
> > are forwarded to all other ports within one VLAN.
> > Generally, I need just to drop all incoming STP BPDUs on all ports,
> > and nothing else. Any hints? Thanks in advance!
> > --
> > MINO-RIPE
> > _______________________________________________
> > foundry-nsp mailing list
> > [3]foundry-nsp at puck.nether.net
> > [4]http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> > Ссылки
> >
> > 1. mailto:minotaur at crete.org.ua
> > 2. http://telnet@lsr1-gdr.ki/#show
> > 3. mailto:foundry-nsp at puck.nether.net
> > 4. http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> --
> MINO-RIPE
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20131217/5467148d/attachment.html>
More information about the foundry-nsp
mailing list