Configuring BPDU Protection on Individual Interfaces
On MX Series routers, you can configure BPDU protection to ignore BPDU received on interfaces where none should be expected. If a BPDU is received on a blocked interface, the interface is disabled and stops forwarding frames. By default, all BPDUs are accepted and processed on all interfaces.
To configure BPDU protection for individual spanning-tree instance interfaces:
- Enable BPDU protection on a specific spanning-tree instance
interface:
[edit]
user@host# edit protocols layer2-control bpdu-block
user@host# set interface interface (aex | (ge-fpc/pic/port | xe-fpc/pic/port)If a BPDU is received on the interface, the system will disable the interface and stop forwarding frames out the interface until the bridging process is restarted.
- (Optional) Configure the amount of time the system waits
before automatically unblocking this interface
after it has received a BPDU.
[edit protocols layer2-contorl bpdu-block interface interface-name]
user@host# set disable-timeout secondsThe range of the seconds option value is from 10 through 3600 seconds (one hour). A seconds option value of 0 is allowed, but this results in the default behavior (the interface is blocked until the interface is cleared).
Verify the configuration of BPDU blocking for individual interfaces:
[edit]interfaces {ge-fpc/pic/port { # VLAN encapsulation on Gigabit Ethernet.encapsulation (ethernet-bridge | extended-vlan-bridge | extended-vlan-vpls | vlan-vpls);}xe-fpc/pic/port { # VLAN encapsulation on 10-Gigabit Ethernet.encapsulation (ethernet-bridge | extended-vlan-bridge | extended-vlan-vpls | vlan-vpls);}ae-X { # VLAN encapsulation encapsulation (ethernet-vpls vlan-vpls); # on Aggregated Ethernet....}ae-X { # Extended VLAN encapsulationvlan-tagging; # on Aggregated Ethernet.encapsulation extended-vlan-vpls;unit logical-unit-number {vlan-id number;......}......}}protocols layer2-control {bpdu-block interface interface-name;disable-timeout seconds;}}
