Enabling tc-bpdu guard, Displaying and maintaining the spanning tree – H3C Technologies H3C SecPath F1000-E User Manual
Page 128
103
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Ethernet interface view or Layer 2
aggregate interface view.
interface interface-type
interface-number
N/A
3.
Enable the loop guard function for the ports. stp loop-protection
Disabled by default.
NOTE:
•
Do not enable loop guard on a port connecting user terminals. Otherwise, the port will stay in the
discarding state in all MSTIs because it cannot receive BPDUs.
•
Among loop guard, root guard and edge port settings, only one function (whichever is configured the
earliest) can take effect on a port at the same time.
Enabling TC-BPDU guard
When a device receives topology change (TC) BPDUs (the BPDUs that notify devices of topology
changes), it flushes the forwarding address entries. If someone forges TC-BPDUs to attack the device, the
device will receive a large number of TC-BPDUs within a short time and be busy with forwarding address
entry flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address
entry flushes that the device can perform every a certain period of time (10 seconds). For TC-BPDUs
received in excess of the limit, the device performs a forwarding address entry flush when the time period
expires. This prevents frequent flushing of forwarding address entries.
To enable TC-BPDU guard:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable the TC-BPDU guard function.
stp tc-protection enable
Optional.
Enabled by default.
3.
Configure the maximum number of
forwarding address entry flushes that the
device can perform every 10 seconds.
stp tc-protection threshold
number
Optional.
6 by default.
NOTE:
H3C does not recommend you disable this feature.
Displaying and maintaining the spanning tree
Task Command
Remarks
Display information about ports blocked
by spanning tree protection functions.
display stp abnormal-port [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display BPDU statistics on ports.
display stp bpdu-statistics [ interface
interface-type interface-number [ instance
instance-id ] ] [ | { begin | exclude |
include } regular-expression ]
Available in any view
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer