Configuring STP (NSM Procedure)

Devices such as EX Series switches provide Layer 2 loop prevention through Spanning Tree Protocol (STP), Rapid Spanning Tree protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). Configure BPDU protection on interfaces to prevent them from receiving BPDUs that could result in STP misconfigurations, which could lead to network outages.

To configure STP:

  1. In the navigation tree, select Device Manager > Devices. In Device Manager, select the device for which you want to configure a port mirror analyzer.
  2. In the configuration tree, expand Protocols > STP.
  3. Add/modify STP settings as specified in Table 67.

Note: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See Updating Devices for more information.

Table 67: STP Configuration Fields



Your Action


Specifies whether RSTP must be disabled on the port.

Click to select the option.

Bridge Priority

Specifies the bridge priority.

Enter a value.

Max Age

Specifies the maximum-aging time for all MST instances. The maximum aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration.

Select a value.

Hello time

Specifies the hello time for all MST instances.

Select a value.

Forward Delay

Specifies the number of seconds a port waits before changing from its spanning-tree learning and listening states to the forwarding state.

Select a value.

Bpdu Block on Edge

Specifies whether Bpdu blocks must be processed.

Select to enable the feature.


Specifies MSTP settings for the interface and Bpdu timeout action.

  1. Click the expand icon.
  2. Specify the interface name.
  3. Specify the port priority.
  4. Specify the path cost. MSTP uses the path cost when selecting an interface to place into the forwarding state. A lower path cost represents higher-speed transmission.
  5. Specify the mode. The link type can be shared or point-to-point.
  6. Select Edge to enable the feature.
  7. Select No root port if it is not specified.
  8. Click OK.
  9. Specify the Bpdu timeout action:
    • Block
    • Alarm