From: Bastien Roucariès Date: Sun, 12 Apr 2020 23:50:36 +0000 (+0200) Subject: Better documentation of BDPU guard X-Git-Tag: v5.7.0~27 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19bbebc4590ef0322b8358d63957b32faa9345d8;p=thirdparty%2Fiproute2.git Better documentation of BDPU guard Document that guard disable the port and how to reenable it Signed-off-by: Bastien Roucariès Signed-off-by: Stephen Hemminger --- diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index bd33635ad..9bfd942f0 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -340,7 +340,18 @@ STP BPDUs. .BR "guard on " or " guard off " Controls whether STP BPDUs will be processed by the bridge port. By default, the flag is turned off allowed BPDU processing. Turning this flag on will -cause the port to stop processing STP BPDUs. +disables +the bridge port if a STP BPDU packet is received. + +If running Spanning Tree on bridge, hostile devices on the network +may send BPDU on a port and cause network failure. Setting +.B guard on +will detect and stop this by disabling the port. +The port will be restarted if link is brought down, or +removed and reattached. For example if guard is enable on +eth0: + +.B ip link set dev eth0 down; ip link set dev eth0 up .TP .BR "hairpin on " or " hairpin off "