Enabling tc-bpdu guard, Remotely configuring mstp for an onu – H3C Technologies H3C S7500E Series Switches User Manual

13-41

Among loop guard, root guard and edge port settings, only one function (whichever is configured the
earliest) can take effect on a port at the same time.

Enabling TC-BPDU guard

When receiving topology change (TC) BPDUs (the BPDUs used to notify topology changes), a switch
flushes its forwarding address entries. If someone forges TC-BPDUs to attack the switch, the switch
will receive a large number of TC-BPDUs within a short time and be busy with forwarding address
entry flushing. This affects network stability.

With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address
entry flushes that the switch can perform within a certain period of time after receiving the first
TC-BPDU. For TC-BPDUs received in excess of the limit, the switch performs forwarding address
entry flush only when the time period expires. This prevents frequent flushing of forwarding address
entries.

Follow these steps to enable TC-BPDU guard:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enable the TC-BPDU guard

function

stp tc-protection enable

Optional

Enabled by default

Configure the maximum number of

forwarding address entry flushes

that the device can perform within

a specific time period after it

receives the first TC-BPDU

stp tc-protection threshold

number

Optional

6 by default

It is not recommended to disable this feature.

Remotely Configuring MSTP for an ONU

An S7500E switch installed with an OLT card can work as an EPON OLT. In this case, you can
remotely configure MSTP for an ONU attached to the OLT in ONU port view, as shown in the table
below.

Note that:

An ONU port supports STP/RSTP/MSTP. However, an ONU port supports only MSTI 0 among all
MSTIs.