1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Switch
  5. Quidway S3000 Series
  6. Operation manual

Configure The Switch Security Function - Huawei Quidway S3000 Series Operation Manual

Hide thumbs
Table of Contents

Advertisement

Operation Manual - STP
Quidway S3000 Series Ethernet Switches
You can use the following measure to perform mCheck operation on a port.
I. Configure in system view
Perform the following configuration in system view.
Table2-20 Configure the mCheck variable of a port
Perform mCheck operation on a port.
II. Configure in Ethernet port view
Perform the following configuration in Ethernet port view.
Table2-21 Configure the mCheck variable of a port
Perform mCheck operation on a port.
You can configure mCheck variable on a port with either of the above-mentioned
measures. For more about the commands, refer to the Command Manual.
Note that the command can be used only if the switch runs MSTP. The command does
not make any sense when the switch runs in STP-compatible mode.

2.2.14 Configure the Switch Security Function

An MSTP switch provides BPDU protection and Root protection functions.
For an access device, the access port is generally directly connected to the user
terminal (e.g., PC) or a file server, and the access port is set to edge port to implement
fast transition. When such port receives BPDU packet, the system will automatically set
it as a non-edge port and recalculate the spanning tree, which causes the network
topology flapping. In normal case, these ports will not receive STP BPDU. If someone
forges BPDU to attack the switch, the network will flap. BPDU protection function is
used against such network attack.
The primary and secondary root switches of the spanning tree, especially those of ICST,
shall be located in the same region. It is because the primary and secondary roots of
CIST are generally placed in the core region with a high bandwidth in network design.
In case of configuration error or malicious attack, the legal primary root may receive the
BPDU with a higher priority and then loose its place, which causes network topology
change errors. Due to the illegal change, the traffic supposed to travel over the
Operation
Operation
2-24
Chapter 1 RSTP Configuration
Command
stp interface interface-list mcheck
Command
stp mcheck
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Huawei Quidway S3000 Series

Related Content for Huawei Quidway S3000 Series

Table of Contents