The stp tc-protection command enables the trap function for the Topology Change (TC) BPDU protection.
The undo stp tc-protection command disables the trap function for the TC BPDU protection.
By default, the trap function for the TC BPDU protection is disabled.
Usage Scenario
The TC attack defense function is enabled by default, you can run the stp tc-protection interval command to set the time that a device needs to process the maximum number of TC BPDUs which is configured using the stp tc-protection threshold command. If there are packets exceeding the maximum number, the switch processes the packets after the time specified in the stp tc-protection interval command expires. For example, if the time is set to 10 seconds and the maximum number is set to 5, when a switch receives TC BPDUs, the switch processes only the first 5 TC BPDUs within 10 seconds and processes the other TC BPDUs after the time expires. In this way, the device does not frequently update its MAC address entries and ARP entries, reducing CPU usage.
To learn about detailed processing information on TC BPDUs, run the stp tc-protection command to enable the trap function for the TC BPDU protection. After the function is enabled, MSTP_1.3.6.1.4.1.2011.5.25.42.4.2.15 hwMstpiTcGuarded and MSTP_1.3.6.1.4.1.2011.5.25.42.4.2.16 hwMstpProTcGuarded are generated.
Precautions
The trap function for the TC BPDU protection takes effect only when the snmp-agent trap enable feature-name mstp and stp tc-protection are both run.