Concepts
If a specified port of a CE switch directly connects to a server but not another switch, you can configure the port as an edge port. Then the port does not participate in spanning tree calculation, which shortens the network topology convergence time and improves network stability.
Normally, an edge port will not receive BPDUs. If a switch is attacked by forged BPDUs, the edge port will receive the BPDUs. The switch then sets the edge port as a non-edge port and recalculates the spanning tree, resulting in network flapping. You can enable BPDU protection to prevent the attacks.
Configuration
When a CE switch connects to a server, configure the port directly connects to the server as an edge port and configure BPDU protection simultaneously. The RSTP mode is used as the example:
<HUAWEI> system-view [~HUAWEI] stp mode rstp //Configure the device to work in RSTP mode. [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] stp edged-port enable //Configure the port as the edge port. [*HUAWEI-10GE1/0/1] quit [*HUAWEI] stp bpdu-protection //Enable BPDU protection. [*HUAWEI] commit
