EasyManuals Logo

H3C S3100 Series Command Manual

H3C S3100 Series
1244 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #278 background imageLoading...
Page #278 background image
1-39
Examples
# Enable the root guard function on Ethernet 1/0/1.
z Enable the root guard function on Ethernet 1/0/1 in Ethernet port view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] stp root-protection
z Enable the root guard function on Ethernet 1/0/1 in system view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] stp interface Ethernet 1/0/1 root-protection
# Enable the root guard function on Ethernet 1/0/2 to Ethernet 1/0/4 in system view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] stp interface Ethernet 1/0/2 to Ethernet 1/0/4 root-protection
stp tc-protection
Syntax
stp tc-protection enable
stp tc-protection disable
View
System view
Parameters
None
Description
Use the stp tc-protection enable command to enable the TC-BPDU attack guard function.
Use the stp tc-protection disable command to disable the TC-BPDU attack guard function.
By default, the TC-BPDU guard attack function is enabled, and the MAC address table and ARP entries
can be removed for up to six times within 10 seconds.
Normally, a switch removes the MAC address table and ARP entries upon receiving TC-BPDUs. If a
malicious user sends a large amount of TC-BPDUs to a switch in a short period, the switch may be busy
in removing the MAC address table and ARP entries frequently, which may affect spanning tree
calculation, occupy large amount of bandwidth and increase switch CPU utilization.
With the TC-BPDU attack guard function enabled, a switch performs a removing operation upon
receiving a TC-BPDU and triggers a timer (set to 10 seconds by default) at the same time. Before the
timer expires, the switch only performs the removing operation for limited times (up to six times by
default) regardless of the number of the TC-BPDUs it receives. Such a mechanism prevents a switch
from being busy in removing the MAC address table and ARP entries.
Examples
# Enable the TC-BPDU attack guard function on the switch.

Table of Contents

Other manuals for H3C S3100 Series

Preview: Operation Manual
Operation Manual1057 pages
Preview: Installation Manual
Installation Manual94 pages
Preview: Operation Manual Product Overview
Operation Manual Product Overview11 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S3100 Series and is the answer not in the manual?

H3C S3100 Series Specifications

General IconGeneral
BrandH3C
ModelS3100 Series
CategorySwitch
LanguageEnglish

Related product manuals