Follow-up Procedure
If you want an edge port to automatically recover from the error-down state, run the error-down
auto-recovery cause bpdu-protection interval interval-value command in the system view to
configure the auto recovery function and set a recovery delay on the port. Then a port in error-
down state can automatically go Up after the delay expires. Note the following when setting the
recovery delay:
l By default, the auto recovery function is disabled; therefore, the recovery delay parameter
does not have a default value. When you enable the auto recovery function, you must set
a recovery delay.
l A smaller value of interval-value indicates a shorter time taken for an edge port to go Up,
and a higher frequency of Up/Down state transitions on the port.
l A larger value of interval-value indicates a longer time taken for the edge port to go Up,
and a longer service interruption time.
l The auto recovery function takes effect only for the interfaces that transition to the error-
down state after the error-down auto-recovery command is executed.
7.6.3.2 Configuring TC Protection on a Switching Device
Context
If attackers forge TC-BPDUs to attack the switching device, the switching device receives a
large number of TC BPDUs within a short time. If MAC address entries and ARP entries are
deleted frequently, the switching device is heavily burdened, causing potential risks to the
network.
TC protection is used to suppress TC BPDUs. The number of times that TC BPDUs are processed
by a switching device within a given time period is configurable. If the number of TC BPDUs
that the switching device receives within a given time exceeds the specified threshold, the
switching device handles TC BPDUs only for the specified number of times. Excess TC BPDUs
are processed by the switching device as a whole for once after the specified time period expires.
This protects the switching device from frequently deleting MAC entries and ARP entries,
therefore avoiding overburden.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
stp tc-protection threshold threshold
The number of times the MSTP process handles the received TC BPDUs and updates forwarding
entries within a given time is set.
NOTE
The time is set using the stp tc-protection interval command.
----End
Huawei AR530&AR550 Series Industrial Switch Routers
Configuration Guide - Ethernet Switching
7 MSTP Configuration
Issue 01 (2014-11-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
260
To Next Page
Loading...
