No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudEngine 12800 and 12800E V200R019C10 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, M-LAG, VLAN, QinQ, VLAN mapping, GVRP, STP/RSTP, MSTP, VBST, ERPS (G.8032), LBDT, and Layer 2 protocol transparent transmission.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TC Protection on a Switching Device

Configuring TC Protection on a Switching Device

Context

If attackers send pseudo TC BPDUs to attack a switching device, the device receives a large number of TC BPDUs within a short time and frequently deletes MAC address entries and ARP entries. This wastes resources on the switching device and threatens network stability.

To suppress TC BPDUs, enable TC protection on a switching device and set the maximum number of TC BPDUs that the device can process within a given time period. If the number of TC BPDUs that the switching device receives within a given time period exceeds the specified threshold, the switching device processes only the specified number of TC BPDUs. After the specified time period expires, the switching devices process all the excess TC BPDUs together. This function prevents the switching device from frequently deleting MAC entries and ARP entries, protecting the switching device from being overburdened.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run stp tc-protection

    TC protection is enabled for the switching device.

    By default, TC protection is disabled on the switching device.

  3. Run either or both of the following commands to configure TC protection parameters.

    • To set the time period during which the device processes the maximum number of TC BPDUs, run stp tc-protection interval interval-value command.

      By default, the time period is the Hello Time.

    • To set the maximum number of TC BPDUs that the device processes within a specified period, run stp tc-protection threshold threshold.

      By default, a device processes one TC BPDU within a specified period.

    • There are two TC protection parameters: time period during which the device processes the maximum number of TC BPDUs and the maximum number of TC BPDUs processed within the time period. For example, if the time period is set to 10 seconds and the maximum number of TC BPDUs is set to 5, the device processes only the first five TC BPDUs within 10 seconds and processes the other TC BPDUs together 10 seconds later.

    • The device processes only the maximum number of TC BPDUs configured by the stp tc-protection threshold command within the time period configured by the stp tc-protection interval command. Other packets are processed after a delay, so spanning tree convergence speed may slow down.

  4. Run commit

    The configuration is committed.

Translation
简体中文
Download
Updated: 2021-04-01

Document ID: EDOC1100138135

Views: 244598

Downloads: 159

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :