Huawei Quidway S3000-EI Series Operation Manual page 198

Operation Manual - STP
Quidway S3000-EI Series Ethernet Switches
high-speed link may be pulled to the low-speed link
network. Root p
III. loop protection
T he root port and other blocked ports maintain their state according to the BPDUs send
by uplink switch. Once the link is bloc
BPDUs and the switch will select root
turn into specified port and the former blocked ports will e
result, a link loop will be generated.
The security functions can control the generation of
port cannot be c
forward packets, thus to avoid link loop.
IV. TC-protection
As a general rule, the switch deletes the corresponding entries in the MAC address
table and ARP table upon receiving TC-BPDU packets. When under malicious attacks
of TC-BPDU packets, the switch shall receive a great number of TC-BPDU p
very short period. Too frequent delete operations shall consume huge switch sources
and bring great risk to network stability.
When the protection from TC-BPDU packet attack is enabled, the switch just perform
one delete operation in a specified period after re
monitoring whether it receives TC-BPDU packets during this period. Even if it detects a
TC-BPDU packet is received in a period shorter than the specified interval, the switch
shall not run the dele
frequent delete operation
You can use the following command to configure the security functions of the switch.
Perform the following configuration in corresponding configuration modes.
Table 1-22 Configure the switch security function
Configure switch BPDU protection (from system
view)
Restore the disabled BPDU protection state as
defaulted (from system view)
Configure switch Root protection (from system
view)
Restore the disabled Root protection state as
defaulted (from system view)
Configure switch Root protection (from Ethernet
port view)
rotection fun ction is used against such pro
hanged, the blocked port will maintain in "D
te operation till the specified interval is reached. This can avoid
s to the MAC address table and ARP table.
Operation
Huawei Technologies Proprietary
1-25
Chapter 1 MSTP Region-configuration
and congestion will occur on the
blem.
ked or has trouble, then the ports cannot receive
port again. In this case, the former root port will
loop. After it is enabled, the root
ceiving TC-BPDU packets, as well as
stp bpdu-protection
undo stp bpdu-protection
stp interface interface-list
root-protection
undo
interface-list root-protection
stp root-protection
nter forwarding state, as a
iscarding" st ate and do not
ackets in a
Command
stp interface