beautypg.com

Enabling tc-bpdu attack guard, Displaying and maintaining mstp – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 198

background image

20-40

Enabling TC-BPDU Attack Guard

When receiving a TC-BPDU (a PDU used as notification of topology change), the device will delete the
corresponding forwarding address entry. If someone forges TC-BPDUs to attack the device, the device
will receive a larger number of TC-BPDUs within a short time, and frequent deletion operations bring a
big burden to the device and hazard network stability.

With the TC-BPDU guard function enabled, the device limits the maximum number of times of
immediately deleting forwarding address entries within 10 seconds after it receives TC-BPDUs to the
value set with the stp tc-protection threshold command (assume the value is X). At the same time,
the system monitors whether the number of TC-BPDUs received within that period of time is larger than
X. If so, the device will perform another deletion operation after that period of time elapses. This
prevents frequent deletion of forwarding address entries.

Follow these steps to enable TC-BPDU attack guard:

To do...

Use the command...

Remarks

Enter system view

system-view

Enable the TC-BPDU attack guard
function

stp tc-protection enable

Optional
Enabled by default

Configure the maximum number of
times the device deletes forwarding
address entries within a certain period
of time immediately after it receives
TC-BPDUs

stp tc-protection threshold number

Optional
6 by default

We recommend that you keep this feature enabled.

Displaying and Maintaining MSTP

To do...

Use the command...

Remarks

View the information about abnormally
blocked ports

display stp abnormal-port

Available in any view

View the information about ports
blocked by STP protection actions

display stp down-port

Available in any view

View the information of port role
calculation history for the specified
MSTP instance or all MSTP instances

display stp

[ instance instance-id ]

history

Available in any view

View the statistics of TC/TCN BPDUs
sent and received by all ports in the
specified MSTP instance or all MSTP
instances

display stp

[ instance instance-id ] tc

Available in any view

View the status information and
statistics information of MSTP

display stp

[ instance instance-id ]

[ interface interface-list ] [ brief ]

Available in any view

View the information about MST region
configuration in effect

display stp region-configuration

Available in any view

See also other documents in the category H3C Technologies Routers: