6 configuring tc-bpdu attack prevention, I. configuration procedure, Ii. configuration example – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – MSTP
H3C S3100-52P Ethernet Switch

Chapter 1 MSTP Configuration

1-38

1.5.6 Configuring TC-BPDU Attack Prevention

I. Configuration procedure

Table 1-34

Configure the TC-BPDU attack prevention function

Operation

Command

Description

Enter system view

system-view

—

Enable the TC-BPDU
attack prevention function

stp tc-protection enable

Required
The TC-BPDU attack
prevention function is
disabled by default.

II. Configuration example

# Enable the TC-BPDU attack prevention function

system-view

[H3C] stp tc-protection enable

1.5.7 Configuring the Function of Dropping BPDU Packets

Table 1-35

Configure the function of dropping BPDU Packets

Operation

Command

Description

Enter system view

system-view

—

Enter Ethernet port view

interface

interface-name —

Enable the function of dropping
BPDU packets in Ethernet port view

bpdu-drop any

Required

# Enable the function of dropping BPDU packets on Ethernet1/0/1.

system-view

[H3C] interface Ethernet 1/0/1

[H3C-Ethernet1/0/1] bpdu-drop any

1.6 Configuring Digest Snooping

1.6.1 Introduction

According to IEEE 802.1s, two interconnected switches can interwork with each other
through MSTIs in an MST region only when the two switches have the same MST
region-related configuration. Interconnected MSTP-enabled switches determine
whether or not they are in the same MST region by checking the configuration IDs of