Better documentation of BDPU guard

Document that guard disable the port and how to reenable it Signed-off-by: Bastien Roucariès <rouca@debian.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2020-04-13 01:50:36 +02:00 · 2020-04-13 01:50:36 +02:00 · 19bbebc459
parent 420febf961
commit 19bbebc459
1 changed files with 12 additions and 1 deletions
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@ -340,7 +340,18 @@ STP BPDUs.
 .BR "guard on " or " guard off "
 Controls whether STP BPDUs will be processed by the bridge port. By default,
 the flag is turned off allowed BPDU processing. Turning this flag on will
-cause the port to stop processing STP BPDUs.
+disables
+the bridge port if a STP BPDU packet is received.
+
+If running Spanning Tree on bridge, hostile devices on the network
+may send BPDU on a port and cause network failure. Setting
+.B guard on
+will detect and stop this by disabling the port.
+The port will be restarted if link is brought down, or
+removed and reattached.  For example if guard is enable on
+eth0:
+
+.B ip link set dev eth0 down; ip link set dev eth0 up

 .TP
 .BR "hairpin on " or " hairpin off "