Function Description
If the port of an access device is connected directly to the user terminal, such as a PC, or it is connected to the file server, the port is usually set as an edge port to implement rapid state transition. When the port receives the BPDU packets, the system sets the port as a non-edge port and recalculates the spanning tree. This results in an unstable network topology. Multiple Spanning Tree Protocol (MSTP) provides the BPDU protection function that prevents users from forging BPDU packets to attack the device maliciously.Function
The bpdu tunnel command is used to enable or disable the
transparent transmission of bridge protocol data units (BPDUs). After the
function is enabled, the protocol data of the private network can be transmitted
transparently in the public network. This function is mainly used in the QinQ
service to provide a transparent and secure data channel between two places in
an enterprise private network.
The undo bpdu tunnel command is used to clear the VLAN transparent transmission setting of L2 BPDU packets in a VLAN service profile.
The undo bpdu tunnel command is used to clear the VLAN transparent transmission setting of L2 BPDU packets in a VLAN service profile.
Format
In the Global config mode:
bpdu tunnel vlan vlanid [ to end-vlanid ] enable
bpdu tunnel vlan vlanid [ to end-vlanid ] disable
In the VLAN service profile mode:
bpdu tunnel { enable | disable }
undo bpdu tunnel
bpdu tunnel vlan vlanid [ to end-vlanid ] enable
bpdu tunnel vlan vlanid [ to end-vlanid ] disable
In the VLAN service profile mode:
bpdu tunnel { enable | disable }
undo bpdu tunnel
Parameters
| Parameter | Description | Value |
|---|---|---|
| vlan vlanid | Indicates the VLAN ID. It identifies a VLAN uniquely. | Numeral type. Range: 1-4093. |
| to end-vlanid | This parameter is used with vlanid to specify the VLAN range. This parameter is used with vlanid to specify the VLAN range. To perform operations for continuous VLANs in batches, use this parameter. |
Numeral type. Range: 1-4093. end-vlanid must be larger than or equal to vlanid. |
| enable | Enables the transparent transmission of BPDUs. | - |
| disable | Disables the transparent transmission of BPDUs. After the function is disabled, the layer 2 protocol packet of the private network cannot be transparently transmitted in the public network. | - |
Usage Guidelines
- In the global config mode, run the vlan service-profile command to enter the VLAN service profile mode.
- In the global config mode, by default, the transparent transmission for the Layer 2 BPDUs is disabled. In the VLAN profile mode, the system default value is NotConfig, that is, the configuration parameter takes effect in the global config mode.
- The native VLAN does not support the transparent transmission for the BPDUs.
- VLANs for a cable bundle do not support the transparent transmission for the BPDUs. Run the display cable bundle reserved vlan command to display reserved VLANs for a cable bundle.
- The status of the transparent transmission for bridge protocol data unit
(BPDU) packets configured by running the bpdu tunnel command
determines the destination MAC address of MSTP packets.
- If the transparent transmission of BPDU packets is disabled in all VLANs, the destination MAC address of MSTP packet is 01:80:C2:00:00:00.
- If the transparent transmission of BPDU packets is enabled in any VLAN, the destination MAC address of MSTP packet is 01:80:C2:00:00:08.
Example
To enable the transparent transmission of BPDUs in QinQ VLAN 10 to QinQ VLAN
14 in the global config mode, do as follows:
huawei(config)#bpdu tunnel
{ vlan<K> }:vlan
{ vlanid<U><1,4093> }:10
{ disable<K>|enable<K>|to<K> }:to
{ vlanid<U><1,4093> }:14
{ disable<K>|enable<K> }:enable
Command:
bpdu tunnel vlan 10 to 14 enable
It will take several minutes to set BPDU tunnel, please wait...
The total of enable BPDU tunnel succeed VLAN: 5
The total of enable BPDU tunnel failed VLAN: 0
To disable the transparent transmission of BPDUs in QinQ VLAN 10 to QinQ VLAN
14 in the global config mode, do as follows:huawei(config)#bpdu tunnel
{ vlan<K> }:vlan
{ vlanid<U><1,4093> }:10
{ disable<K>|enable<K>|to<K> }:to
{ vlanid<U><1,4093> }:14
{ disable<K>|enable<K> }:disable
Command:
bpdu tunnel vlan 10 to 14 disable
It will take several minutes to set BPDU tunnel, please wait...
The total of disable BPDU tunnel succeed VLAN: 5
The total of disable BPDU tunnel failed VLAN: 0
To enable the transparent transmission of BPDUs in QinQ VLAN 10 to QinQ VLAN
14 in the VLAN service profile mode, do as follows:huawei(config-vlan-srvprof-10)#bpdu tunnel
{ disable<K>|enable<K> }:enable
Command:
bpdu tunnel enable
Info: Please use the commit command to make modifications take effect
huawei(config-vlan-srvprof-10)#commit
huawei(config)#vlan bind service-profile 10 profile-id 10
To clear the VLAN transparent transmission setting of L2 BPDU packets in a
VLAN service profile, do as follows:huawei(config-vlan-srvprof-10)#undo bpdu tunnel Info: Please use the commit command to make modifications take effect huawei(config-vlan-srvprof-10)#commit
System Response
- The system displays the message "The total of enable BPDU tunnel succeed VLAN: x The total of enable BPDU tunnel failed VLAN: y" after the transparent transmission of BPDUs is enabled successfully. The x is the number of the VLANs in which the transparent transmission of BPDUs is enabled and the y is the number of the VLANs in which the transparent transmission of BPDUs is not enabled successfully.
- The system displays the message "The total of disable BPDU tunnel succeed VLAN: x The total of disable BPDU tunnel failed VLAN: y " after the transparent transmission of BPDUs is disabled successfully. The x is the number of the VLANs in which the transparent transmission of BPDUs is disabled and the y is the number of the VLANs in which the transparent transmission of BPDUs is not disabled successfully.
- The system does not display any message after the command is executed successfully. after the transparent transmission of BPDUs is enabled successfully.
More blog:
No comments:
Post a Comment