The old stp only has a root bridge and no backup bridge
Five interface states of the old STP:
disable interface down and not open STP
blocking blocking
listening sending bpdu, comparing the advantages and disadvantages of bpdu
leraning starting to learn the mac address table
forwarding forwarding
old STP direct topology change for 30 seconds, indirect topology change for 50 seconds
RSTP has only 3 port states:
Discarding (discarding)
Leaning (learning)
Forwarding (forwarding)
It replaces Blocking (blocking) Listening (listening) Disabled (disabled) in STP with one state – Discarding (discarded).
Root port protection means:
lsw1-3 has completed the establishment of the stp topology, and lsw1 has become the root bridge. In order not to make the subsequent switch become the root bridge, it is necessary to protect the root port on the interface of the new switch that may be connected externally. For example, some topology lsw4 is the new one In addition, the root bridge protection command must be marked on the g0/0/4 interface of lsw3: stp root-protection
so that no matter how lsw4 is set, it cannot become the root bridge.
The bpdu protection function can prevent single port self-loop and bpdu attack:
1. Globally enable bpdu protection: stp bpdu-protection
2. Then enable edge ports on each computer interface so that it is useful stp edged-port enable
3. If bpdu and self-loop are received, the port will be automatically closed. If the interface is automatically Recovery:
error-down auto-recovery cause bpdu-protection interval 9
tc bpdu protection, preventing a large number of tc bpdu flood attacks
Globally: stp tc-protection interval 2 and
stp tc-protection threshold 3
Configure Root Bridge and Backup Root Bridge
stp root primary
stp root secondary