No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R012C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, HVRP, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TC Protection on the Switch

Configuring TC Protection on the Switch

Context

When malicious attackers send bogus TC BPDUs to attack the switch, the switch receives a large number of TC BPDUs within a short time. If MAC address entries and ARP entries are deleted frequently, the switch is heavily burdened, causing potential risks to the network.

TC protection is used to suppress TC BPDUs. You can set the number of times the switch processes TC BPDUs within a given time period. If the number of TC BPDUs that the switch receives within a given time exceeds the specified threshold, the switch processes TC BPDUs only for the specified number of times. After the specified number of times is reached, the switch processes excess TC BPDUs at one time only. For example, the period is set to 10s and the threshold is set to 5. After the switch receives TC BPDUs, the switch processes the first five TC BPDUs within 10s. After 10s, the switch processes subsequent TC BPDUs. In this way, the switch does not need to frequently delete MAC entries and ARP entries.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure either of or both of the parameters.

    • Run stp tc-protection interval interval-value

      The time taken by the switch to process the maximum of TC BPDUs is 10s.

      By default, the time is the Hello timer length.

    • Run stp tc-protection threshold threshold

      10102

      The maximum number of TC BPDUs processed by the switch in a given time is set.

      By default, the default number of times that the switch handles the TC BPDUs and updates forwarding entries is 1 within a unit time.

    NOTE:

    Within the time specified by stp tc-protection interval, the switch processes TC BPDUs of a number specified by stp tc-protection threshold. Other packets are delayed, so convergence may be affected.

Translation
Download
Updated: 2019-01-18

Document ID: EDOC1100038843

Views: 95812

Downloads: 67

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next