No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, MUX VLAN, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TC Protection on a Switching Device

Configuring TC Protection on a Switching Device

Context

If attackers forge TC BPDUs to attack a switching device, the switching device receives a large number of TC BPDUs within a short period. If MAC address entries and ARP entries are deleted frequently, the switching device is heavily burdened, causing potential risks to the network.

TC protection is used to suppress TC BPDUs. The number of TC BPDUs processed by a switching device within a given period is configurable. If the number of TC BPDUs received by a switching device exceeds the specified threshold within a given period, the switching device handles only the specified number of TC BPDUs. The processing of excess TC BPDUs is delayed until after the specified period expires. This protects the switching device from becoming overburdened with frequently deleting MAC entries and ARP entries.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run stp process process-id

    The MSTP process view is displayed.

    NOTE:

    Skip this step if you perform configurations in the MSTP process 0.

  3. Run stp tc-protection

    TC protection is enabled in the MSTP process.

    By default, TC protection is disabled on a switching device.

  4. Run either or both of the following commands to configure TC protection parameters.

    • To set the time period during which the device processes the maximum number of TC BPDUs, run stp tc-protection interval interval-value.

      By default, the time period is the Hello Time.

    • To set the maximum number of TC BPDUs that the device processes within a specified period, run stp tc-protection threshold threshold.

      By default, a device processes one TC BPDU within a specified period.

    NOTE:
    • There are two TC protection parameters: time period during which the device processes the maximum number of TC BPDUs and the maximum number of TC BPDUs processed within the time period. For example, if the time period is set to 10 seconds and the maximum number of TC BPDUs is set to 5, the device processes only the first five TC BPDUs within 10 seconds and processes the other TC BPDUs together 10 seconds later.

    • The device processes only the maximum number of TC BPDUs configured by the stp tc-protection threshold command within the time period configured by the stp tc-protection interval command. Other packets are processed after a delay, so spanning tree convergence speed may slow down.

  5. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004351

Views: 129136

Downloads: 297

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next