No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TC Protection on a Switching Device

Configuring TC Protection on a Switching Device

Context

If an attacker sends a large number of malicious TC BPDUs to a switching device within a short period, the device will constantly delete MAC address entries and ARP entries. This wastes resources on the device and threatens network stability.

To suppress TC BPDUs, enable TC protection on a switching device and set the maximum number of TC BPDUs that the device can process within a given time period. If the number of TC BPDUs that the switching device receives within a given time period exceeds the specified threshold, the switching device processes only the specified number of TC BPDUs. After the specified time period expires, the switching devices process all the excess TC BPDUs together. This function prevents the switching device from frequently deleting MAC entries and ARP entries.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    stp tc-protection interval interval-value

    The time period during which the device processes the maximum number of TC BPDUs is set.

    By default, the time period is the same as the Hello timer interval.

  3. Run:

    stp tc-protection threshold threshold

    The maximum number of TC BPDUs the switching device can process within a specified time period is set.

    By default, the device processes only one TC BPDU within a specified time period.

    The switch only processes TC BPDUs up to the maximum specified by the stp tc-protection threshold command within the time period specified by the stp tc-protection interval command. Other packets are processed after a delay, so spanning tree convergence speed is slower. For example, if the time period is set to 10 seconds and the maximum of TC BPDUs is set to 5, the switch processes only the first five TC BPDUs within 10 seconds. Subsequent TC BPDUs are processed together after a 10 second delay.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142081

Views: 273491

Downloads: 420

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next