3com 5500-SI Manual De Usuario
Protection Functions Configuration 185
Configuration Procedure
You can perform the mCheck operation in the following two ways.
Performing the mCheck operation in system view
Performing the mCheck operation in Ethernet port view
CAUTION: Execute the stp mcheck command on switches configured to operate in
MSTP mode only. If a switch is configured to operate in STP or RSTP mode, the stp
mcheck command does not take effect.
MSTP mode only. If a switch is configured to operate in STP or RSTP mode, the stp
mcheck command does not take effect.
Configuration Example
Perform the mCheck operation for port Ethernet1/0/1.
1 Configure in system view.
<S5500> system-view
System View: return to User View with Ctrl+Z.
[S5500] stp interface ethernet1/0/1 mcheck
2 Configure in Ethernet port view.
<S5500> system-view
System View: return to User View with Ctrl+Z.
[S5500] interface ethernet1/0/1
[S5500-Ethernet1/0/1] stp mcheck
Protection Functions
Configuration
Configuration
This section contains configuration information for Protection Functions.
Introduction to the
Protection Functions
On an MSTP-enabled switch, four protection functions are available: BPDU protection,
root protection, loop prevention, and TC-BPDU attack prevention.
root protection, loop prevention, and TC-BPDU attack prevention.
BPDU protection
Typically, access ports of access layer devices have terminals (such as PCs) or file
servers directly connected to them. These ports are usually configured to be edge
ports to achieve rapid transition. When they receive BPDUs, however, they are set as
non-edge ports automatically, which causes MSTP to recalculate the spanning trees,
resulting in network topology jitters.
servers directly connected to them. These ports are usually configured to be edge
ports to achieve rapid transition. When they receive BPDUs, however, they are set as
non-edge ports automatically, which causes MSTP to recalculate the spanning trees,
resulting in network topology jitters.
In normal cases, edge ports are free of BPDUs. But malicious users may attack the
switches by sending forged BPDUs to the edge ports to create network jitters. You
can prevent this type of attack by utilizing the BPDU protection function. With this
function enabled on a switch, once an edge port receives a BPDU, the system
switches by sending forged BPDUs to the edge ports to create network jitters. You
can prevent this type of attack by utilizing the BPDU protection function. With this
function enabled on a switch, once an edge port receives a BPDU, the system
Table 166 Perform the mCheck operation in system view
Operation
Command
Description
Enter system view
system-view
-
Perform the mCheck operation
stp [ interface interface-list ]
mcheck
mcheck
Required
Table 167 Perform the mCheck operation in Ethernet port view
Operation
Command
Description
Enter system view
system-view
-
Enter Ethernet port view
interface interface-type
interface-number
interface-number
-
Perform the mCheck operation
stp mcheck
Required