< Home

stp tc-protection threshold

Function

The stp tc-protection threshold command sets the number of times that a device handles received TC BPDUs and updates forwarding entries within a unit time.

The undo stp tc-protection threshold command restores the default setting.

By default, after a device receives TC BPDUs, the default number of times that the device handles the TC BPDUs and updates forwarding entries is 1 within a unit time.

Format

stp tc-protection threshold threshold

undo stp tc-protection threshold

Parameters

Parameter Description Value
threshold Indicates the number of times that a device handles the TC BPDU and updates forwarding entries per unit of time. The value is an integer ranging from 1 to 255.

Views

System view or MST process region view

VBST does not support processes. When VBST is running, you cannot run the stp tc-protection threshold command in the MSTP process view.

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On a Layer 2 network where MSTP is run, a switching device that receives TC BPDUs will delete the corresponding MAC entries and ARP entries. Frequent deletion operations will greatly affect the CPU, leading to a high CPU usage.

The TC attack defense function is enabled by default, the number of times that TC BPDUs are processed by the switching device within a unit time is configurable (the default unit time is 2s, and the default number of times is 1). If the number of TC BPDUs that the switching device receives within a unit time exceeds the specified threshold, the switching device handles TC BPDUs only for the specified number of times. Additional TC BPDUs are processed by the switching device as a whole for once after the timer (that is, the specified time period) expires. In this manner, the switching device is prevented from frequently deleting its MAC entries and ARP entries so that the CPU is protected against overburden.

The value of the unit time is consistent with the Hello time and can be set using the stp timer hello command.

Example

# Set the threshold update forwarding entries to 5.
<HUAWEI> system-view
[HUAWEI] stp tc-protection threshold 5
Parent Topic: STP/RSTP/MSTP/VBST Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >