l2protocol-tunnel drop-threshold (Layer 2 sub-interface view)

Function

The l2protocol-tunnel drop-threshold command configures a drop threshold for Layer 2 protocol data units (PDUs) on an interface enabled with Layer 2 protocol tunneling.

The undo l2protocol-tunnel drop-threshold command restores the default drop threshold for Layer 2 PDUs on an interface enabled with Layer 2 protocol tunneling.

By default, the drop threshold is 0, meaning that the drop threshold for Layer 2 protocol data units (PDUs) on an interface enabled with Layer 2 protocol tunneling is not set.

Format

l2protocol-tunnel drop-threshold rate [ { protocol } &<1-19> ]

undo l2protocol-tunnel drop-threshold [ { rate protocol } | { protocol } &<1-19> ]

Parameters

Parameter Description Value
rate

Specifies the threshold for dropping Layer 2 PDUs per second on an interface enabled with Layer 2 protocol tunneling.

The value is an integer ranging from 1 to 4096, in packets per second.
protocol

Specifies the Layer 2 protocol of which the drop threshold is configured for Layer 2 PDUs.

The protocol as follows:

  • stp
  • lacp
  • dtp
  • gmrp
  • gvrp
  • lldp
  • vtp
  • udld
  • pagp
  • cdp
  • eoam3ah
  • dldp
  • mvrp
  • mmrp
  • e-lmi
  • sstp

One or up to all of the preceding Layer 2 protocols can be specified.

Views

Layer 2 100GE interface view, 100GE interface view, Layer 2 10GE interface view, 10GE interface view, 25GE-L2 view, 25GE interface view, 400GE Layer 2 sub-interface view, 400GE-L2 view, 400GE interface view, Layer 2 40GE interface view, 40GE interface view, 50GE Layer 2 sub-interface view, Layer 2 50GE interface view, 50GE interface view, Eth-Trunk Layer 2 sub-interface view, Layer 2 Eth-Trunk interface view, Eth-Trunk interface view, FlexE sub-interface view, FlexE interface view, GE Layer 2 sub-interface view, Layer 2 GE interface view, GE optical interface view, GE interface view, GE electrical interface view, Layer 2 sub-interface view, Sub-interface view, Interface group view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ethernet write

Usage Guidelines

Usage Scenario

To protect interfaces enabled with Layer 2 protocol tunneling against protocol packet attacks, run the l2protocol-tunnel drop-threshold command to configure a drop threshold for Layer 2 PDUs on the interfaces.

The interfaces drop excess Layer 2 PDUs when the number of Layer 2 PDUs received in 1s exceeds the configured drop threshold.

Prerequisites

Layer 2 protocol tunneling has been enabled using the l2protocol-tunnel vlan or l2protocol-tunnel enable command.

Follow-up Procedure

Run the display l2protocol-tunnel statistics command to view statistics about tunneled Layer 2 PDUs on an interface enabled with Layer 2 protocol tunneling and use the statistics as a reference for traffic statistics and fault diagnosis.

Precautions

Before using the l2protocol-tunnel drop-threshold command, note the following:

  • If no protocol is specified, the configured drop threshold applies to all tunneled Layer 2 protocols on the interface enabled with Layer 2 protocol tunneling.
  • If a protocol is specified, the interface drops the excess Layer 2 PDUs of this specified protocol when the configured drop threshold is exceeded.
  • If you do not specify any protocol when configuring a drop threshold and then you specify a protocol when configuring a drop threshold, the latest configuration takes effect.

Example

# Set the drop threshold for STP BPDUs on an interface enabled with Layer 2 protocol tunneling to 10.
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/1
[~HUAWEI-GigabitEthernet0/1/1] portswitch
[*HUAWEI-GigabitEthernet0/1/1] l2protocol-tunnel stp enable
[~HUAWEI-GigabitEthernet0/1/1] l2protocol-tunnel drop-threshold 10 stp
Parent Topic: Layer 2 Protocol Tunneling Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >