搜索
最小化园区网的服务丢失和数据窃听描述生成树安全机制保护生成树运行在PortFast端口上加上保护措施•BPDUguard关闭端口•BPDUfilter定义收到BPDUs时采取的动作启用和验证BPDUGuardSwitch#showspanning-treesummarytotalsRootbridgefor:none.PortFastBPDUGuardisenabledEtherchannelmisconfigurationguardisenabledUplinkFastisdisabledBackboneFastisdisabledDefaultpathcostmethodusedisshortNameBlockingListeningLearningForwardingSTPActive-----------------------------------------------------------------34VLANs0003636Switch(config)#spanning-treeportfastbpduguard•启用BPDUguardSwitch#showspanning-treesummarytotals•显示BPDUguard配置信息描述根桥保护命令Switch(config-if)#spanning-treeguardroot•ConfiguresrootguardSwitch#showrunning-configinterfacefa0/1Switch#showspanning-treeinconsistentports•Verifiesrootguard验证根桥保护Switch#showrunning-configinterfacefastethernet5/8Buildingconfiguration...Currentconfiguration:67bytes!interfaceFastEthernet5/8switchportmodeaccessspanning-treeguardrootSwitch#showspanning-treeinconsistentportsNameInterfaceInconsistency------------------------------------------------------------VLAN0001FastEthernet3/1PortTypeInconsistentVLAN0001FastEthernet3/2PortTypeInconsistentVLAN1002FastEthernet3/1PortTypeInconsistentNumberofinconsistentports(segments)inthesystem:3Switch#showrunning-configinterfaceinterfacemod/port•DisplaysinterfaceconfigurationinformationSwitch#showspanning-treeinconsistentports•Displaysinformationaboutportsininconsistentstates总结•BPDUguard及BPDUfiltering在PortFast端口上配置保护生成树操作•全局配置下的BPDUguard会在所有PortFast端口下启用•BPDUguard可以基于每端口启用,甚至这些端口没有启用PortFast•BPDUfilering可以在全局下或者端口下配置•在根桥保护端口,不能被选举出根桥•根保护可以使用不同命令验证