7.5.2 Configuring BPDU Protection on a Switching Device
After BPDU protection is enabled, a switching device shuts down an edge port if the edge port
receives a BPDU, and notifies the NMS of the shutdown event.
Context
Edge ports are directly connected to user terminal and will not receive BPDUs. Attackers may
send pseudo BPDUs to attack the switching device. If the edge ports receive the BPDUs, the
switching device configures the edge ports as non-edge ports and triggers a new spanning tree
calculation. Network flapping then occurs. BPDU protection can be used to protect switching
devices against malicious attacks.
Perform the following steps on a switching device that has an edge port.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
stp bpdu-protection
BPDU protection is enabled on the switching device.
By default, BPDU protection is disabled on the switching device.
----End
Follow-up Procedure
To allow an edge port to automatically start after being shut down, you can run the error-down
auto-recovery cause bpdu-protection interval interval-value command to configure the auto
recovery function and set the delay on the port. After the delay expires, the port automatically
goes Up. interval interval-value ranges from 30 to 86400, in seconds. Note the following when
setting this parameter:
l There is no default value for the recovery time. Therefore, you must specify a delay when
configuring this command.
l The smaller the interval-value is, the shorter it takes for the edge port to go Up, and the
more frequently the edge port alternates between Up and Down.
l The larger the interval-value is, the longer it takes for the edge port to go Up, and the longer
the service interruption lasts.
7.5.3 Configuring TC Protection on a Switching Device
After TC protection is enabled, you can set the number of times a switching device processes
TC BPDUs within a given time. TC protection avoids frequent deletion of MAC address entries
and ARP entries, thereby protecting switching devices.
Huawei AR3200 Series Enterprise Routers
Configuration Guide - LAN 7 STP/RSTP Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
204
To Next Page
Loading...
