Support User Manuals

3Com 4500 Switch User Manual

Open as PDF

of 742

1-37

z You are recommended to enable loop guard on the root port and alternate port of a non-root bridge.

z Loop guard, root guard, and edge port settings are mutually exclusive. With one of these functions

enabled on a port, any of the other two functions cannot take effect even if you have configured it

on the port.

Configuration Prerequisites

MSTP runs normally on the switch.

Configuration procedure

Follow these steps to configure loop guard:

To do... Use the command... Remarks

Enter system view

system-view

—

Enter Ethernet port view

interface interface-type

interface-number

—

Enable the loop guard function on

the current port

stp loop-protection

Required

The loop guard function is

disabled by default.

Configuration example

# Enable the loop guard function on Ethernet 1/0/1.

<Sysname> system-view

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] stp loop-protection

Configuring TC-BPDU Attack Guard

Normally, a switch removes its MAC address table and ARP entries upon receiving Topology Change

BPDUs (TC-BPDUs). If a malicious user sends a large amount of TC-BPDUs to a switch in a short

period, the switch may be busy in removing the MAC address table and ARP entries, which may affect

spanning tree calculation, occupy large amount of bandwidth and increase switch CPU utilization.

With the TC-BPDU attack guard function enabled, a switch performs a removing operation upon

receiving a TC-BPDU and triggers a timer (set to 10 seconds by default) at the same time. Before the

timer expires, the switch only performs the removing operation for limited times (up to six times by

default) regardless of the number of the TC-BPDUs it receives. Such a mechanism prevents a switch

from being busy in removing the MAC address table and ARP entries.

You can use the stp tc-protection threshold command to set the maximum times for a switch to

remove the MAC address table and ARP entries in a specific period. When the number of the

TC-BPDUs received within a period is less than the maximum times, the switch performs a removing

operation upon receiving a TC-BPDU. After the number of the TC-BPDUs received reaches the

maximum times, the switch stops performing the removing operation. For example, if you set the

previous next