Protection Function Configuration - Huawei Quidway S5600 Series Operation Manual

Operation Manual – MSTP
Quidway S5600 Series Ethernet Switches-Release 1510
II. Performing the mCheck operation in Ethernet port view
Table 1-29 Perform the mCheck operation in Ethernet port view
Operation
Enter system view
Enter Ethernet port
view
Perform
mCheck operation
1.4.3 Configuration Example
# Perform the mCheck operation on GigabitEthernet1/0/1 port
Configure in system view.
<Quidway> system-view
[Quidway] stp interface GigabitEthernet1/0/1 mcheck
Configure in Ethernet port view.
<Quidway> system-view
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] stp mcheck

1.5 Protection Function Configuration

1.5.1 Introduction
The following protection functions are available on an MSTP-enabled switch: BPDU
protection, root protection, loop prevention, and TC-BPDU attack prevention.
I. BPDU protection
Normally, the access ports of the devices operating on the access layer directly connect
to terminals (such as PCs) or file servers. These ports are usually configured as edge
ports to achieve rapid transition. But they resume non-edge ports automatically upon
receiving configuration BPDUs, which causes spanning tree regeneration and network
topology jitter.
Normally, no configuration BPDU will reach edge ports. But malicious users can attack
a network by sending configuration BPDUs deliberately to edge ports to cause network
jitter. You can prevent this type of attacks by utilizing the BPDU protection function.
With this function enabled on a switch, the switch shuts down the edge ports that
receive configuration BPDUs and then reports these cases to the administrator. If a port
is shut down, only the administrator can restore it.
Command
system-view
interface interface-type
interface-number
the
stp mcheck
Huawei Technologies Proprietary
1-32
Chapter 1 MSTP Configuration
Description
—
—
Required