Bpdu Protection Configuration - Huawei Quidway S3100 Series Operation Manual

Operation Manual – MSTP
Quidway S3100 Series Ethernet Switches
The loop prevention function suppresses loops. With this function enabled, a root port
does not gives up its position and blocked ports remain in discarding state (do not
forward packets), and thereby loops can be prevented.
IV. TC-BPDU attack prevention
A switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. If
a malicious user sends a large amount of TC-BPDUs to a switch in a short period, the
switch may busy itself in removing MAC address entries and ARP entries, which may
decreases the performance and stability of the switch.
With the TC-BPDU prevention function enabled, the switch performs only one
removing operation in a specified period (it is 10 seconds by default) after it receives a
TC-BPDU. The switch also checks to see if other TC-BPDUs arrive in this period and
performs another removing operation in the next period if a TC-BPDU is received. Such
a mechanism prevents a switch from busying itself in performing removing operations.
Caution:
Among loop prevention function, root protection function, and edge port setting, only
one can be valid on the same port.
1.5.2 Prerequisites
MSTP runs normally on the switch.

1.5.3 BPDU Protection Configuration

I. Configuration procedure
Table 1-29 Enable the BPDU protection function
Operation
Enter system view
Enable the BPDU
protection function
II. Configuration example
# Enable the BPDU protection function.
<Quidway> system-view
Command
system-view
stp bpdu-protection
Huawei Technologies Proprietary
1-33
Chapter 1 MSTP Configuration
Description
—
Required
The BPDU protection function
is disabled by default.