Better documentation of BDPU guard

Document that guard disable the port and how to reenable it Signed-off-by: Bastien Roucariès <rouca@debian.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
author: Bastien Roucariès <rouca@debian.org> 2020-04-13 01:50:36 +0200
committer: Stephen Hemminger <stephen@networkplumber.org> 2020-04-20 09:45:37 -0700
commit: 19bbebc4590ef0322b8358d63957b32faa9345d8 (patch)
tree: 6377f9fd9aa4fab3aa0d8af30dae0c8fe3790fce
parent: 420febf9611d5cb4061055913041be00859210da (diff)
download: iproute2-19bbebc4590ef0322b8358d63957b32faa9345d8.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index bd33635ad..9bfd942f0 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -340,7 +340,18 @@ STP BPDUs.
 .BR "guard on " or " guard off "
 Controls whether STP BPDUs will be processed by the bridge port. By default,
 the flag is turned off allowed BPDU processing. Turning this flag on will
-cause the port to stop processing STP BPDUs.
+disables
+the bridge port if a STP BPDU packet is received.
+
+If running Spanning Tree on bridge, hostile devices on the network
+may send BPDU on a port and cause network failure. Setting
+.B guard on
+will detect and stop this by disabling the port.
+The port will be restarted if link is brought down, or
+removed and reattached.  For example if guard is enable on
+eth0:
+
+.B ip link set dev eth0 down; ip link set dev eth0 up
 
 .TP
 .BR "hairpin on " or " hairpin off "
author	Bastien Roucariès <rouca@debian.org>	2020-04-13 01:50:36 +0200
committer	Stephen Hemminger <stephen@networkplumber.org>	2020-04-20 09:45:37 -0700
commit	19bbebc4590ef0322b8358d63957b32faa9345d8 (patch)
tree	6377f9fd9aa4fab3aa0d8af30dae0c8fe3790fce
parent	420febf9611d5cb4061055913041be00859210da (diff)
download	iproute2-19bbebc4590ef0322b8358d63957b32faa9345d8.tar.gz