3com 8807 Reference Guide
204
C
HAPTER
13: MSTP C
ONFIGURATION
C
OMMANDS
Description
Use the stp tc-protection enable command to enable the protection function so
that the switch is protected against attack from TC-BPDU packets.
that the switch is protected against attack from TC-BPDU packets.
Use the stp tc-protection disable command to disable the protection function.
By default, the protection against TC-BPDU packet attack is enabled.
As a general rule, the switch deletes the corresponding entries in the MAC address
table and ARP table upon receiving TC-BPDU packets. Under malicious attacks of
TC-BPDU packets, the switch shall receive a great number of TC-BPDU packets in a
very short period. Too frequent delete operations shall consume huge switch
resources and bring great risk to network stability.
table and ARP table upon receiving TC-BPDU packets. Under malicious attacks of
TC-BPDU packets, the switch shall receive a great number of TC-BPDU packets in a
very short period. Too frequent delete operations shall consume huge switch
resources and bring great risk to network stability.
When the protection from TC-BPDU packet attack is enabled, the switch just
perform one delete operation in a specified period (generally, 15 seconds) after
receiving TC-BPDU packets, as well as monitoring whether it receives TC-BPDU
packets during this period. Even if it detects a TC-BPDU packet is received in a
period shorter than the specified interval, the switch shall not run the delete
operation till the specified interval is reached. This can avoid frequent delete
operations to the MAC address table and ARP table.
perform one delete operation in a specified period (generally, 15 seconds) after
receiving TC-BPDU packets, as well as monitoring whether it receives TC-BPDU
packets during this period. Even if it detects a TC-BPDU packet is received in a
period shorter than the specified interval, the switch shall not run the delete
operation till the specified interval is reached. This can avoid frequent delete
operations to the MAC address table and ARP table.
Example
# Enable TC-BPDU protection on the switch.
<SW8800>system-view
System View: return to User View with Ctrl+Z.
[SW8800] stp tc-protection enable
stp timer forward-delay
Syntax
stp timer forward-delay centi-senconds
undo stp timer forward-delay
View
System view
Parameter
centi-senconds: Specifies Forward Delay, which is in the range from 400 to 3000
and measured in centiseconds. By default, the Forward Delay of the switch is 1500
centiseconds.
and measured in centiseconds. By default, the Forward Delay of the switch is 1500
centiseconds.
Description
Use the stp timer forward-delay command to configure Forward Delay for the
switch.
switch.
Use the undo stp timer forward-delay command to restore the default Forward
Delay.
Delay.
To avoid temporary loop, MSTP defines a medium state, Learning, when the port
switches from the Discarding state to Forwarding state. There is also a delay before
state switchover to guarantee the synchronous switchover with the remote switch.
switches from the Discarding state to Forwarding state. There is also a delay before
state switchover to guarantee the synchronous switchover with the remote switch.