No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Abnormal Packet Filtering

Configuring Abnormal Packet Filtering

You can configure the router to process or discard specified packets in order to filter unexpected packets.

Context

On a network running STP, RSTP, or MSTP, a device may receive unexpected STP, RSTP, or MSTP packets due to incorrect configurations or malicious network attacks. If these unexpected packets are transparently transmitted on the network, spanning tree calculation may be affected, causing network flapping. To address this problem, enable the function to filter abnormal packets.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Perform either of the following operations:

    • To enter the view of the interface participating in spanning tree calculation, run the interface interface-type interface-number command.
    • To enter the VSI-LDP-PW view, run the pw pw-name command.

    NOTE:
    The following configuration can be configured both on a Layer 2 interface and a Layer 3 interface.

  3. Run either or both of the following commands to configure abnormal packet filtering:

    • Run the stp permit packet source-mac source-mac source-mac-mask command to enable the interface to process STP, RSTP, and MSTP packets carrying a specified source MAC address.
    • Run the stp deny packet { vlan vlan-id1 [ to vlan-id2 ] } &<1-10> command to enable the interface to discard STP, RSTP, and MSTP packets carrying a specified VLAN ID.
    NOTE:
    • If this operation is incorrectly performed, a broadcast storm may occur.
    • If both of the preceding commands are configured in the same interface view or VSI-LDP-PW view, the device preferentially executes the stp deny packet { vlan vlan-id1 [ to vlan-id2 ] } &<1-10> command.
    • A maximum of 16 source MAC addresses or VLAN IDs can be configured in the same interface view or VSI-LDP-PW view.

  4. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055378

Views: 16775

Downloads: 35

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next