No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S1720, S2700, S5700, and S6720 V200R012(C00 and C20)

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TC Protection on a Device

Configuring TC Protection on a Device

Context

A switch deletes its MAC address entries and ARP entries after receiving TC BPDUs. An attacker can use this to their advantages by sending a large number of bogus TC BPDUs to the switch in a short time, causing the device to frequently delete MAC address entries and ARP entries. This increases the load on the switch and threatens network stability.

After enabling TC BPDU attack defense on a switch, you can set the number of times the device processes TC BPDUs within a given time. If this number is exceeded, the switch processes only the specified number of TC BPDUs. Excess TC BPDUs are processed in one go by the switch after the specified period expires. This function prevents the switch from frequently deleting its MAC address entries and ARP entries, reducing the load on the switch and guaranteeing network stability.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run stp tc-protection interval interval-value

    The time period during which the device processes the maximum number of TC BPDUs is set.

    By default, the time period is the Hello time.

  3. Run stp tc-protection threshold threshold

    The maximum number of times the device processes TC BPDUs and updates forwarding entries within the specified time period is set.

    By default, the device processes only one TC BPDU within a specified time period.

    The switch processes only TC BPDUs of a number configured by stp tc-protection threshold within the time period configured by the stp tc-protection interval command. Other packets are processed after a delay, so spanning tree convergence speed may slow down. For example, if the time period is set to 10 seconds and the maximum of TC BPDUs is set to 5, the switch processes only the first five TC BPDUs within 10 seconds. Subsequent TC BPDUs are processed together 10 seconds later.

Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038339

Views: 158201

Downloads: 685

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next