Enabling Tc-Bpdu Guard - H3C S5120-SI Series Operation Manual
Hide thumbs
Also See for S5120-SI Series:
- Command reference manual (910 pages) ,
- Configuration manual (745 pages) ,
- Installation manual (70 pages)
Table of Contents
Advertisement
By keeping receiving BPDUs from the upstream device, a device can maintain the state of the root port
and blocked ports. However, due to link congestion or unidirectional link failures, these ports may fail to
receive BPDUs from the upstream devices. In this case, the downstream device will reselect the port
roles: those ports in forwarding state that failed to receive upstream BPDUs will become designated
ports, and the blocked ports will transition to the forwarding state, resulting in loops in the switched
network. The loop guard function can suppress the occurrence of such loops.
If a loop guard–enabled port fails to receive BPDUs from the upstream device, and if the port took part
in STP calculation, all the instances on the port, no matter what roles the port plays, will be set to, and
stay in, the Discarding state.
Follow these steps to enable loop guard:
To do...
Enter system view
Enter
interface view
or port group
view
Enable the loop guard function
for the port(s)
Enabling TC-BPDU Guard
When receiving topology change (TC) BPDUs (the BPDUs used to notify topology changes), a switch
flushes its forwarding address entries. If someone forges TC-BPDUs to attack the switch, the switch will
receive a larger number of TC-BPDUs within a short time and be busy with forwarding address entry
flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address
entry flushes that the switch can perform within 10 seconds after receiving the first TC-BPDU. For
TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush only
when the 10-second timer expires. This prevents frequent flushing of forwarding address entries.
Follow these steps to enable TC-BPDU guard:
To do...
Enter system view
Enable the TC-BPDU guard
function
Configure the maximum
number of forwarding address
entry flushes that the device
can perform within a specific
time period after it receives the
first TC-BPDU
Use the command...
system-view
Enter Ethernet
interface view,
interface interface-type
or Layer 2
interface-number
aggregate
interface view
Enter port
port-group manual
group view
port-group-name
stp loop-protection
Use the command...
system-view
stp tc-protection enable
stp tc-protection threshold
number
1-41
Remarks
—
Required
Use either command.
Configurations made in
interface view will take effect
on the current port only;
configurations made in port
group view will take effect on
all ports in the port group.
Required
Disabled by default
Remarks
—
Optional
Enabled by default
Optional
6 by default
Advertisement
Chapters
Table of Contents
Troubleshooting
