No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudEngine 12800 and 12800E V200R019C10 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, M-LAG, VLAN, QinQ, VLAN mapping, GVRP, STP/RSTP, MSTP, VBST, ERPS (G.8032), LBDT, and Layer 2 protocol transparent transmission.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring TC Protection on a Device

Configuring TC Protection on a Device

Context

A switch deletes its MAC address entries and ARP entries after receiving TC BPDUs. An attacker can use this to their advantage by sending a large number of bogus TC BPDUs to the switch in a short time, causing the device to frequently delete MAC address entries and ARP entries. This increases the load on the switch and threatens network stability.

After enabling TC BPDU protection on a switch, you can set a limit for the number of times the device processes TC BPDUs within a given time. If this number is exceeded, the switch processes only the specified number of TC BPDUs. Any excess TC BPDUs are processed in one go by the switch after the specified period expires. This function prevents the switch from frequently deleting its MAC address entries and ARP entries, reducing the load on the switch and guaranteeing network stability.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run stp tc-protection

    TC protection is enabled for the device.

    By default, TC protection is disabled on a device.

  3. Run either or both of the following commands to configure TC protection parameters.

    • To set the time period during which the device processes the maximum number of TC BPDUs, run stp tc-protection interval interval-value.

      By default, the time period is the Hello Time.

    • To set the maximum number of TC BPDUs that the device processes within a specified period, run stp tc-protection threshold threshold.

      By default, a device processes one TC BPDU within a specified period.

    • There are two TC protection parameters: time period during which the device processes the maximum number of TC BPDUs and the maximum number of TC BPDUs processed within the time period. For example, if the time period is set to 10 seconds and the maximum number of TC BPDUs is set to 5, the device processes only the first five TC BPDUs within 10 seconds and processes the other TC BPDUs together 10 seconds later.

    • The device processes only the maximum number of TC BPDUs configured by the stp tc-protection threshold command within the time period configured by the stp tc-protection interval command. Other packets are processed after a delay, so spanning tree convergence speed may slow down.

  4. Run commit

    The configuration is committed.

Translation
简体中文
Download
Updated: 2021-04-01

Document ID: EDOC1100138135

Views: 238151

Downloads: 159

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :