beautypg.com

Enabling tc-bpdu guard – H3C Technologies H3C S10500 Series Switches User Manual

Page 108

background image

97

Configure loop guard on the root port and alternate ports of a device.
Follow these steps to enable loop guard:

To do...

Use the command...

Remarks

Enter system view

system-view

Enter Layer 2 Ethernet
interface view or Layer 2

aggregate interface view

interface interface-type
interface-number

Enter interface
view or port

group view

Enter port group view

port-group manual
port-group-name

Required
Use either command.

Enable the loop guard function for the ports

stp loop-protection

Required
Disabled by default.

NOTE:

Do not enable loop guard on a port that connects user terminals. Otherwise, the port will stay in the
discarding state in all MSTIs because it cannot receive BPDUs.

You cannot configure edge port settings and loop guard, or configure root guard and loop guard on a
port at the same time.

Enabling TC-BPDU guard

When a switch receives topology change (TC) BPDUs (the BPDUs that notify devices of topology

changes), the switch flushes its forwarding address entries. If someone forges TC-BPDUs to attack the
switch, the switch will receive a large number of TC-BPDUs within a short time and be busy with

forwarding address entry flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address

entry flushes that the device can perform every a specified period of time (10 seconds). For TC-BPDUs

received in excess of the limit, the device performs a forwarding address entry flush when the time period

expires. This prevents frequent flushing of forwarding address entries.
Follow these steps to enable TC-BPDU guard:

To do...

Use the command...

Remarks

Enter system view

system-view

Enable the TC-BPDU guard function

stp tc-protection enable

Optional
Enabled by default.

Configure the maximum number of
forwarding address entry flushes that the

device can perform every 10 seconds

stp tc-protection threshold
number

Optional
6 by default.

NOTE:

H3C does not recommend you disable this feature.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: