beautypg.com

Enabling tc-bpdu guard, Displaying and maintaining mstp – H3C Technologies H3C S5120 Series Switches User Manual

Page 203

background image

1-38

z

Do not enable loop guard on a port connecting user terminals. Otherwise, the port will stay in the
discarding state in all MSTIs because it cannot receive BPDUs.

z

Among loop guard, root guard and edge port settings, only one function (whichever is configured
the earliest) can take effect on a port at the same time.

Enabling TC-BPDU guard

When receiving topology change (TC) BPDUs (the BPDUs used to notify topology changes), a switch
flushes its forwarding address entries. If someone forges TC-BPDUs to attack the switch, the switch will
receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry
flushing. This affects network stability.

With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address
entry flushes that the switch can perform within a certain period of time after receiving the first TC-BPDU.
For TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush only
when the time period expires. This prevents frequent flushing of forwarding address entries.

Follow these steps to enable TC-BPDU guard:

To do...

Use the command...

Remarks

Enter system view

system-view

Enable the TC-BPDU guard function

stp tc-protection enable

Optional
Enabled by default

Configure the maximum number of
forwarding address entry flushes that the
device can perform within a specific time
period after it receives the first TC-BPDU

stp tc-protection
threshold number

Optional
6 by default

It is not recommended to disable this feature.

Displaying and Maintaining MSTP

To do...

Use the command...

Remarks

View information about
abnormally blocked ports

display stp abnormal-port

Available in any view

View information about ports
blocked by STP protection
functions

display stp down-port

Available in any view

View the historical information of
port role calculation for the
specified MSTI or all MSTIs

display stp

[ instance instance-id ]

history

Available in any view

See also other documents in the category H3C Technologies Routers: