Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring BPDU Protection on Spanning Tree Interfaces

    Note: This topic applies to Junos OS for SRX Series devices with support for the Enhanced Layer 2 Software (ELS) configuration style. For ELS details, see Getting Started with Enhanced Layer 2 Software.

    You can configure BPDU protection to ignore BPDU received on interfaces where none is expected. If a BPDU is received on a blocked interface, the interface is disabled and stops forwarding frames. By default, all BPDUs are accepted and processed on all interfaces.

    To configure BPDU protection for spanning-tree instance interfaces:

    • On a specific spanning-tree interface:

      1. To enable BPDU protection on a specified spanning-tree interface:
        [edit protocols layer2-control bpdu-block ]
        user@hostt# set interface interface-name

        If a BPDU is received on the interface, the system will disable the interface and stop forwarding frames out the interface until the bridging process is restarted.

      2. (Optional) Configure the amount of time the system waits before automatically unblocking this interface after it has received a BPDU.
        [edit protocols layer2-contorl bpdu-block interface interface-name]
        user@host# set disable-timeout seconds

        The range of the seconds option value is from 10 through 3600 seconds (one hour). A seconds option value of 0 is allowed, but this results in the default behavior (the interface is blocked until the interface is cleared).

    • To disable BPDU protection for a specific spanning-tree interface
      [edit protocols layer2-contorl bpdu-block interface interface-name]
      user@host# set disable-timeout seconds

    Modified: 2017-03-02