Installation manual
Command Manual - STP
Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Huawei Technologies Proprietary
1-31
Description
Using the stp tc-protection enable command, you can enable the protection function
from being attacked by TC-BPDU packets on the switch. Using the stp tc-protection
disable command, you can disable the protection function.
By default, the protection from TC-BPDU packet attack is enabled.
As a general rule, the switch deletes the corresponding entries in the MAC address
table and ARP table upon receiving TC-BPDU packets. When under malicious attacks
of TC-BPDU packets, the switch shall receive a great number of TC-BPDU packets in a
very short period. Too frequent delete operations shall consume huge switch sources
and bring great risk to network stability.
When the protection from TC-BPDU packet attack is enabled, the switch just perform
one delete operation in a specified period after receiving TC-BPDU packets, as well as
monitoring whether it receives TC-BPDU packets during this period. Even if it detects a
TC-BPDU packet is received in a period shorter than the specified interval, the switch
shall not run the delete operation till the specified interval is reached. This can avoid
frequent delete operations to the MAC address table and ARP table.
Example
# Enable TC-BPDU protection on the switch.
[Quidway] stp tc-protection enable
1.1.34 stp root-protection
Syntax
stp root-protection
undo stp root-protection
View
Ethernet port view
Parameter
None
Description
Using stp root-protection command, you can enable on Root protection the switch.
Using undo stp root-protection command, you can restore the default state of Root
protection.
By default, Root protection is disabled.
In case of configuration error or malicious attack, the legal primary root may receive the
BPDU with a higher priority and then loose its place, which causes network topology