With TC snooping enabled, a device actively updates the MAC address table entries and ARP entries
upon receiving TC-BPDUs, so that the device can normally forward the user traffic.
NOTE:
For more information about MAC address table entries, see the chapter "MAC address table
•
configuration."
•
For more information about ARP, see Layer 3—IP Services Configuration Guide.
TC snooping does not support PVST TC-BPDUs. As a result, TC snooping does not take effect in a PVST
•
network.
Follow these steps to configure TC snooping:
To do...
Enter system view
Globally disable the spanning tree
feature
Enable TC snooping
NOTE:
TC snooping and STP are mutually exclusive. You must globally disable the spanning tree feature before
•
enable TC snooping.
TC snooping does not take effect on the ports on which BPDU tunneling is enabled for spanning tree
•
protocols. For more information about BPDU tunneling, see the chapter "BPDU tunneling configuration."
Configuring protection functions
A spanning tree device supports the following protection functions:
BPDU guard
•
•
Root guard
Loop guard
•
•
TC-BPDU guard
BPDU drop
•
Configuration prerequisites
The spanning tree feature has been correctly configured on the device.
Enabling BPDU guard
For access layer devices, the access ports can directly connect to the user terminals (such as PCs) or file
servers. The access ports are configured as edge ports to allow rapid transition. When these ports
receive configuration BPDUs, the system automatically sets the ports as non-edge ports and starts a new
spanning tree calculation process. This causes a change of network topology. Under normal conditions,
these ports should not receive configuration BPDUs. However, if someone forges configuration BPDUs
maliciously to attack the devices, the network will become unstable.
Use the command...
system-view
undo stp enable
stp tc-snooping
95
Description
—
Required
By default, the spanning tree
feature is disabled globally.
Required
Disabled by default.