Enabling tc-bpdu guard, Displaying and maintaining the spanning tree – H3C Technologies H3C SecPath F1000-E User Manual

Page 128

Advertising
background image

103

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Ethernet interface view or Layer 2

aggregate interface view.

interface interface-type
interface-number

N/A

3.

Enable the loop guard function for the ports. stp loop-protection

Disabled by default.

NOTE:

Do not enable loop guard on a port connecting user terminals. Otherwise, the port will stay in the
discarding state in all MSTIs because it cannot receive BPDUs.

Among loop guard, root guard and edge port settings, only one function (whichever is configured the
earliest) can take effect on a port at the same time.

Enabling TC-BPDU guard

When a device receives topology change (TC) BPDUs (the BPDUs that notify devices of topology

changes), it flushes the forwarding address entries. If someone forges TC-BPDUs to attack the device, the
device will receive a large number of TC-BPDUs within a short time and be busy with forwarding address

entry flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address

entry flushes that the device can perform every a certain period of time (10 seconds). For TC-BPDUs
received in excess of the limit, the device performs a forwarding address entry flush when the time period

expires. This prevents frequent flushing of forwarding address entries.
To enable TC-BPDU guard:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the TC-BPDU guard function.

stp tc-protection enable

Optional.
Enabled by default.

3.

Configure the maximum number of

forwarding address entry flushes that the
device can perform every 10 seconds.

stp tc-protection threshold
number

Optional.
6 by default.

NOTE:

H3C does not recommend you disable this feature.

Displaying and maintaining the spanning tree

Task Command

Remarks

Display information about ports blocked
by spanning tree protection functions.

display stp abnormal-port [ | { begin |
exclude | include } regular-expression ]

Available in any view

Display BPDU statistics on ports.

display stp bpdu-statistics [ interface
interface-type interface-number [ instance

instance-id ] ] [ | { begin | exclude |
include } regular-expression ]

Available in any view

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS, H3C SecBlade LB Cards, H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals