No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is ME60 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TC Protection on a Switching Device

Configuring TC Protection on a Switching Device

After Topology Change (TC) protection is enabled, you can set the number of times for a Multiple Spanning Tree Protocol (MSTP) process to process TC-BPDUs within a specified time. TC protection avoids frequent deletion of MAC address entries and ARP entries, thereby protecting switching devices.

Context

An attacker may send pseudo TC-BPDUs to attack switching devices. Switching devices receive a large number of TC BPDUs in a short time and delete entries frequently, which burdens system processing and degrades network stability.

TC protection is used to suppress TC-BPDUs. The number of times that TC-BPDUs are processed by a switching device within a specified time is configurable. If the number of TC-BPDUs that the switching device receives within a specified time exceeds the specified threshold, the switching device handles TC-BPDUs only for the specified number of times. Excessive TC-BPDUs are processed by the switching device as a whole for once after the timer (that is, the specified time period) expires. This protects the switching device from frequently deleting MAC entries and ARP entries, thus avoiding over-burdened.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run stp process process-id

    The MSTP process view is displayed.

    NOTE:

    This step is needed only when you perform configurations in an MSTP process with a non-zero ID. If you perform configurations in the MSTP process 0, skip is step.

  3. Run stp tc-protection

    TC protection is enabled for the MSTP process.

  4. Run either or both of the following commands to configure TC protection parameters.

    • To set the time for a device to process the maximum number of TC BPDUs, run the stp tc-protection interval interval-value command.
    • To set the maximum number of TC BPDUs that a device processes within a specified period, run the stp tc-protection threshold threshold command.
    NOTE:
    • There are two TC protection parameters: time needed to process the maximum number of TC BPDUs and the maximum number of TC BPDUs processed within a specified period. For example, if the time is set to 10 seconds and the maximum number is set to 5, when a device receives TC BPDUs, the device processes only the first 5 TC BPDUs within 10 seconds and processes the other TC BPDUs after the time expires.

    • The device processes only the maximum number of TC BPDUs specified in the stp tc-protection threshold command within the time specified in the stp tc-protection interval command. The processing of other TC BPDUs is delayed, which may slow down spanning tree convergence.

  5. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059440

Views: 29665

Downloads: 21

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next