Configuration Procedure; Configuration Example; Protection Functions Configuration; Introduction To The Protection Functions - 3Com 5500-SI Configuration Manual
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
Configuration Procedure
Configuration Example
Protection Functions
Configuration
Introduction to the
Protection Functions
You can perform the mCheck operation in the following two ways.
Performing the mCheck operation in system view
Table 166 Perform the mCheck operation in system view
Operation
Enter system view
Perform the mCheck operation
Performing the mCheck operation in Ethernet port view
Table 167 Perform the mCheck operation in Ethernet port view
Operation
Enter system view
Enter Ethernet port view
Perform the mCheck operation
CAUTION: Execute the stp mcheck command on switches configured to operate in
MSTP mode only. If a switch is configured to operate in STP or RSTP mode, the stp
mcheck command does not take effect.
Perform the mCheck operation for port Ethernet1/0/1.
1 Configure in system view.
<S5500> system-view
System View: return to User View with Ctrl+Z.
[S5500] stp interface ethernet1/0/1 mcheck
2 Configure in Ethernet port view.
<S5500> system-view
System View: return to User View with Ctrl+Z.
[S5500] interface ethernet1/0/1
[S5500-Ethernet1/0/1] stp mcheck
This section contains configuration information for Protection Functions.
On an MSTP-enabled switch, four protection functions are available: BPDU protection,
root protection, loop prevention, and TC-BPDU attack prevention.
BPDU protection
Typically, access ports of access layer devices have terminals (such as PCs) or file
servers directly connected to them. These ports are usually configured to be edge
ports to achieve rapid transition. When they receive BPDUs, however, they are set as
non-edge ports automatically, which causes MSTP to recalculate the spanning trees,
resulting in network topology jitters.
In normal cases, edge ports are free of BPDUs. But malicious users may attack the
switches by sending forged BPDUs to the edge ports to create network jitters. You
can prevent this type of attack by utilizing the BPDU protection function. With this
function enabled on a switch, once an edge port receives a BPDU, the system
Protection Functions Configuration 185
Command
system-view
stp [ interface interface-list ]
mcheck
Command
system-view
interface interface-type
interface-number
stp mcheck
Description
-
Required
Description
-
-
Required
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
