HP A3100-8 v2 SI Configuration Manual page 88

A3100 v2 switch series layer 2 - lan switching

Hide thumbs Also See for A3100-8 v2 SI:

Installation manual (58 pages)

Configuration manual (189 pages)

Command reference manual (49 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

page of 193

/ 193
Contents
Table of Contents
Bookmarks

Table of Contents

NOTE:

Do not enable loop guard on a port that connects user terminals. Otherwise, the port will stay in the

•

discarding state in all MSTIs because it cannot receive BPDUs.

Among loop guard, root guard and edge port settings, only one function (whichever is configured the

•

earliest) can at a time take effect on a port.

Enabling TC-BPDU guard

When a switch receives topology change (TC) BPDUs (the BPDUs that notify devices of topology

changes), the switch flushes its forwarding address entries. If someone forges TC-BPDUs to attack the

switch, the switch will receive a large number of TC-BPDUs within a short time and be busy with

forwarding address entry flushing. This affects network stability.

With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address

entry flushes that the switch can perform within a specified period of time after it receives the first

TC-BPDU. For TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush

only when the time period expires. This prevents frequent flushing of forwarding address entries.

Follow these steps to enable TC-BPDU guard:

To do...

Enter system view

Enable the TC-BPDU guard function

Configure the maximum number of

forwarding address entry flushes that the

device can perform within a specific time

period after it receives the first TC-BPDU

NOTE:

HP does not recommend you to disable this feature.

Enabling BPDU drop

In an STP-enabled network, after receiving BPDUs, a device performs STP calculation according to the

received BPDUs and forwards received BPDUs to other devices in the network. This allows malicious

attackers to attack the network by forging BPDUs. By continuously sending forged BPDUs, they can make

all the devices in the network perform STP calculations all the time. As a result, problems such as CPU

overload and BPDU protocol status errors occur.

To avoid this problem, you can enable BPDU drop on ports. A BPDU drop-enabled port does not receive

any BPDUs and is invulnerable to forged BPDU attacks.

Follow these steps to enable BPDU drop on an Ethernet interface:

To do...

Enter system view

Enter Ethernet interface view

Enable BPDU drop on the current

interface

Use the command...

system-view

stp tc-protection enable

stp tc-protection threshold

number

Use the command...

system-view

interface interface-type

interface-number

bpdu-drop any

Remarks

—

Optional

Enabled by default.

Optional

6 by default.

Remarks

—

Required

Disabled by default.

Table of Contents

Show Quick Links

Quick Links:
Ethernet Interface Configuration
Configuring Basic Settings of an Ethernet...
Vlan Configuration

Hide quick links:

Table of Contents

This manual is also suitable for:

A3100-8 v2 ei A3100-16 v2 ei A3100-24 v2 ei A3100-8-poe v2 ei A3100-16-poe v2 ei A3100-24-poe v2 ei ... Show all

HP A3100-8 v2 SI Configuration Manual page 88

Hide quick links:

Related Manuals for HP A3100-8 v2 SI

Related Products for HP A3100-8 v2 SI

This manual is also suitable for:

Table of Contents