EasyManua.ls Logo

Huawei quidway s7700 - Configuring Root Protection on an Interface

Huawei quidway s7700
648 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Context
An attacker may send pseudo TC-BPDUs to attack switching devices. Switching devices receive
a large number of TC BPDUs in a short time and delete entries frequently, which burdens system
processing and degrades network stability.
TC protection is used to suppress TC-BPDUs. The number of times that TC-BPDUs are
processed by a switching device within a given time period is configurable. If the number of
TC-BPDUs that the switching device receives within a given time exceeds the specified
threshold, the switching device handles TC-BPDUs only for the specified number of times.
Excessive TC-BPDUs are processed by the switching device as a whole for once after the timer
(that is, the specified time period) expires. This protects the switching device from frequently
deleting MAC entries and ARP entries, thus avoiding over-burdened.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 (Optional) Run:
stp process process-id
The MSTP process view is displayed.
NOTE
This step is needed only when you perform configurations in an MSTP process with a non-zero ID. If you
perform configurations in the MSTP process 0, skip is step.
Step 3 Run:
stp tc-protection
TC protection is enabled for the MSTP process.
By default, TC protection is enabled on the switching device.
Step 4 Run:
stp tc-protection threshold threshold
The threshold of the number of times the MSTP process handles the received TC-BPDUs and
updates forwarding entries within a given time is set.
NOTE
The value of the given time is consistent with the MSTP Hello time set by using the stp timer hello hello-
time command.
----End
9.5.4 Configuring Root Protection on an Interface
The root protection function on a switching device protects a root bridge by preserving the role
of a designated port.
Context
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive
BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve
Quidway S7700 Smart Routing Switch
Configuration Guide - Ethernet 9 MSTP Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
451

Table of Contents

Other manuals for Huawei quidway s7700

Preview: Configuration Guide
Configuration Guide833 pages
Preview: Configuration Guide - Multicast
Configuration Guide - Multicast551 pages
Preview: Configuration Guide - Qos
Configuration Guide - Qos117 pages

Related product manuals