Understanding BPDU Protection for STP, RSTP, and MSTP on EX Series Switches
Juniper Networks EX Series Ethernet Switches provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), VLAN Spanning Tree Protocol (VSTP), and Multiple Spanning Tree Protocol (MSTP). BPDU protection can help prevent STP misconfigurations that can lead to network outages.
A loop-free network is supported through the exchange of a special type of frame called bridge protocol data unit (BPDU). Receipt of BPDUs on certain interfaces in an STP, RSTP, VSTP, or MSTP topology, however, can lead to network outages. Enable BPDU protection on those interfaces to prevent these outages.
Peer STP applications running on the switch interfaces use BPDUs to communicate. Ultimately, the exchange of BPDUs determines which interfaces block traffic and which interfaces become root ports and forward traffic.
However, a user bridge application running on a PC can also generate BPDUs. If these BPDUs are picked up by STP applications running on the switch, they can trigger STP miscalculations, and those miscalculations can lead to network outages.
Enable BPDU protection on switch interfaces connected to user devices or on interfaces on which no BPDUs are expected, such as edge ports. If BPDUs are received on a protected interface, the interface is disabled and stops forwarding frames.
Not only can you configure BPDU protection on a switch with a spanning tree, but also on a switch without a spanning tree. This type of topology typically consists of a non-STP switch connected to an STP switch through a trunk interface.
To configure BPDU protection on a switch with a spanning tree, include the bpdu-block-on-edge statement at the [edit protocols (stp | mstp | rstp )] hierarchy level. To configure BPDU protection on a switch without a spanning tree, include the bpdu-block statement at the [edit ethernet-switching-options interface interface-name] hierarchy level.
After the misconfiguration that triggered the BPDUs being sent to an interface is fixed in the topology, the interface can be unblocked in one of two ways:
- If the disable-timeout statement has been included in the BPDU configuration, the interface automatically returns to service after the timer expires.
- Use the operational mode command clear ethernet-switching bpdu-error.
Disabling the BPDU protection configuration does not unblock the interface.