Table of Contents
Advertisement
Step
Enter system view.
1.
Enable the TC-BPDU guard function.
2.
Configure the maximum number of
3.
forwarding address entry flushes that
the device can perform every 10
seconds.
NOTE:
Hewlett Packard Enterprise does not recommend you disable this feature.
Enabling BPDU drop
In a spanning tree network, after receiving BPDUs, the device performs STP calculation according to
the received BPDUs and forwards received BPDUs to other devices in the network. This allows
malicious attackers to attack the network by forging BPDUs. By continuously sending forged BPDUs,
they can make all the devices in the network perform STP calculations all the time. As a result,
problems such as CPU overload and BPDU protocol status errors occur.
To avoid this problem, you can enable BPDU drop on ports. A BPDU drop-enabled port does not
receive any BPDUs and is invulnerable to forged BPDU attacks.
To enable BPDU drop on an Ethernet interface:
Step
Enter system view.
1.
Enter Layer 2 Ethernet
2.
interface view.
Enable BPDU drop on the
3.
current interface.
NOTE:
Because a port with BPDU drop enabled also drops the received 802.1X packets, do not enable
BPDU drop and 802.1X on a port at the same time. For more information about 802.1X, see
Security Configuration Guide.
Disabling the device to reactivate edge ports shut
down by BPDU guard
A device enabled with BPDU guard shuts down edge ports that have received configuration BPDUs
and notifies the NMS of the shutdown event. After a port status detection interval, the device
reactivates the shutdown ports. This feature disables the device to reactivate edge ports that are
shut down after the feature is configured. These edge ports will remain down after you execute the
undo stp port shutdown permanent command. To reactivate these edge ports, you must use the
undo shutdown command.
For more information about the port status detection interval, see device management configuration
in Fundamentals Configuration Guide.
To disable the device to reactivate edge ports shut down by BPDU guard:
Command
system-view
stp tc-protection enable
stp tc-protection
threshold number
Command
system-view
interface interface-type
interface-number
bpdu-drop any
88
Remarks
N/A
Optional.
Enabled by default.
Optional.
6 by default.
Remarks
N/A
N/A
Disabled by default.
Hide quick links:
Advertisement
Table of Contents
