3Com 4500G Family Configuration Manual page 113
24/48 port
Hide thumbs
Also See for 4500G Family:
- Getting started manual (92 pages) ,
- Datasheet (8 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
Enabling TC-BPDU guard
When receiving topology change (TC) BPDUs (the BPDUs used to notify topology changes), a switch
flushes its forwarding address entries. If someone forges TC-BPDUs to attack the switch, the switch will
receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry
flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address
entry flushes that the switch can perform within a certain period of time after receiving the first TC-BPDU.
For TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush only
when the time period expires. This prevents frequent flushing of forwarding address entries.
Follow these steps to enable TC-BPDU guard:
To do...
Enter system view
Enable the TC-BPDU guard
function
Configure the maximum
number of forwarding address
entry flushes that the device
can perform within a specific
time period after it receives the
first TC-BPDU
We recommend that you keep this feature enabled.
Enabling BPDU Dropping
In a STP-enabled network, some users may send BPDU packets to the switch continuously in order to
destroy the network. When a switch receives the BPDU packets, it will forward them to other switches.
As a result, STP calculation is performed repeatedly, which may occupy too much CPU of the switches
or cause errors in the protocol state of the BPDU packets.
In order to avoid this problem, you can enable BPDU dropping on Ethernet ports. Once the function is
enabled on a port, the port will not receive or forward any BPDU packets. In this way, the switch is
protected against the BPDU packet attacks so that the STP calculation is assured to be right.
Follow these steps to enable BPDU dropping:
To do...
Enter system view
Enter Ethernet
interface view,
Enter
or Layer 2
interface view
aggregate
or port group
interface view
view
Enter port
group view
Use the command...
system-view
stp tc-protection enable
stp tc-protection threshold
number
Use the command...
system-view
interface interface-type
interface-number
port-group manual
port-group-name
1-37
Remarks
—
Optional
Enabled by default
Optional
6 by default
Remarks
—
Required
Use either command
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
