Question: How to enable BPDU guard function on MAS ?
- BPDU guard function is to prevent receiving (and processing) of BPDUs that may cause instability to spanning tree by triggering unnecessary spanning tree (STP) calculation.
- Interface(s) with BPDU guard configured will be shut down when a BPDU is received
BPDU guard can be configured using spanning tree profile (mstp or pvst) similar to other spanning tree related features such as root guard, loop guard, then applied to the interface(s). Find below.
(Aruba3500) (config) #interface-profile mstp-profile <name>
(Aruba3500) (Interface MSTP "name") # bpduguard
(Aruba3500) (config) #interface gigabitethernet x/x/x
(Aruba3500) (gigabitethernet “x/x/x”) #mstp-profile <name>
If the interface(s) had been shut down due to DPBU guard, it can be automatically recovered through auto-recovery-time option. In addition, manual recovery is also possible by using clear port error-recovery command
(ArubaS3500) # clear port error-recovery
Layer-2 Interface Error Information
Interface Error Error seen time Recovery time
--------- ----- --------------- -------------
GE1/0/47 Shutdown (BPDU received) 2012-12-11 11:09:07 (PST) No Auto Recovery
show log security 10
Dec 11 11:09:07 :128008: <ERRS> |l2m| BPDU received on gigabitethernet1/0/47, shutting down the interface
show interface gigabitethernet 1/0/47.
GE1/0/47 is administratively Up, Link is Down, Line protocol is Down
MTU 1514 bytes
Link flaps: 1
Flags: Trunk, Trusted
Port shutdown reason : BPDU received
Link status last changed: 0d 00:00:00 ago
Last update of counters: 0d 00:00:00 ago
Note: BPDU guard ideally should be enabled on the edge ports to prevent STP attack from an user