Enabling tc-bpdu guard, Displaying and maintaining the spanning tree – H3C Technologies H3C S12500 Series Switches User Manual

Page 109

Advertising
background image

96

Step Command Remarks

2.

Enter interface view or port

group view.

Enter Ethernet interface view or Layer

2 aggregate interface view:

interface interface-type
interface-number

Enter port group view:

port-group manual port-group-name

Use either command.

3.

Enable the loop guard
function for the ports.

stp loop-protection

By default, loop guard is
disabled.

Enabling TC-BPDU guard

When a switch receives topology change (TC) BPDUs, it flushes the forwarding address entries. If

someone forges TC-BPDUs to attack the switch, the switch will receive a large number of TC-BPDUs within
a short time and be busy with forwarding address entry flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address

entry flushes that the switch can perform every a certain period of time (10 seconds). For TC-BPDUs

received in excess of the limit, the switch performs a forwarding address entry flush when the time period
expires. This prevents frequent flushing of forwarding address entries.
To enable TC-BPDU guard:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the TC-BPDU guard function.

stp tc-protection enable

Optional.
By default, TC-BPDU guard is

enabled.

3.

Configure the maximum number of
forwarding address entry flushes that the

switch can perform every 10 seconds.

stp tc-protection threshold
number

Optional.
The default setting is 6.

NOTE:

H3C recommends not disabling this feature.

Displaying and maintaining the spanning tree

Task Command

Remarks

Display information about ports blocked
by spanning tree protection functions.

display stp abnormal-port [ | { begin |
exclude | include } regular-expression ]

Available in any
view.

Display BPDU statistics on ports.

display stp bpdu-statistics [ interface
interface-type interface-number [ instance

instance-id ] ] [ | { begin | exclude |

include } regular-expression ]

Available in any
view.

Advertising
This manual is related to the following products:

H3C S9500E Series Switches, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals