Configuration example, Configuring tc-bpdu attack guard, Configuration prerequisites – H3C Technologies H3C WX3000 Series Unified Switches User Manual

22-37

To do…

Use the command…

Remarks

Enter Ethernet port view

interface

interface-type

interface-number

—

Enable the loop guard function on
the current port

stp loop-protection

Required
The loop guard function is disabled
by default.

Configuration example

# Enable the loop guard function on GigabitEthernet 1/0/1.

<device> system-view

[device] interface GigabitEthernet1/0/1

[device-GigabitEthernet1/0/1] stp loop-protection

Configuring TC-BPDU Attack Guard

Configuration prerequisites

MSTP runs normally on the device.

Configuration procedure

Follow these steps to configure the TC-BPDU attack guard function:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable the TC-BPDU attack guard
function

stp tc-protection enable

Required
The TC-BPDU attack guard
function is disabled by default.

Set the maximum times that a
device can remove the MAC
address table within each 10
seconds

stp tc-protection threshold
number

Optional

Configuration example

# Enable the TC-BPDU attack guard function

<device> system-view

[device] stp tc-protection enable

# Set the maximum times for the device to remove the MAC address table within 10 seconds to 5.

<device> system-view

[device] stp tc-protection threshold 5

Configuring BPDU Dropping

Follow these steps to configure BPDU dropping:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface

interface-name

—