No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R012C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, HVRP, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TC Protection on a Switch

Configuring TC Protection on a Switch

Context

If attackers forge TC-BPDUs to attack the switch, the switch receives a large number of TC BPDUs within a short period. If MAC address entries and ARP entries are deleted frequently, the switch is heavily burdened, causing potential risks to the network.

TC protection is used to suppress TC BPDUs. The number of TC BPDUs processed by a switch within a given period is configurable. If the number of TC BPDUs received by a switch exceeds the specified threshold within a given period, the switch handles only the specified number of TC BPDUs. The processing of excess TC BPDUs is delayed until after the specified period expires. This protects the switch from becoming overburdened with frequently deleting MAC entries and ARP entries.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run stp process process-id

    The MSTP process view is displayed.

    NOTE:

    Skip this step if you perform configurations in the MSTP process 0.

  3. Run stp tc-protection interval interval-value

    The time taken by the device to process the maximum number of TC BPDUs is set.

    By default, the device processes the maximum number of TC BPDUs at an interval of the Hello time.

  4. Run stp tc-protection threshold threshold

    The number of times the MSTP process handles the received TC BPDUs and updates forwarding entries within a given time is set.

    NOTE:

    Within the time specified by stp tc-protection interval, the switch processes the number of TC BPDUs specified by stp tc-protection threshold. Packets that exceed this threshold are delayed, so spanning tree convergence may be affected. For example, if the period is set to 10s and the threshold is set to 5, the device processes five TC BPDUs within 10s. After 10s, the device processes subsequent TC BPDUs.

Translation
Download
Updated: 2019-01-18

Document ID: EDOC1100038843

Views: 108700

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next