1-36
Follow these steps to enable root guard:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter Ethernet
interface view, or
Layer 2
aggregate
interface view
interface interface-type
interface-number
Enter
interface view
or port group
view
Enter port group
view
port-group manual
port-group-name
Required
Use either command.
Enable the root guard function for
the port(s)
stp root-protection
Required
Disabled by default
Enabling Loop guard
By keeping receiving BPDUs from the upstream device, a device can maintain the state of the root port
and blocked ports. However, due to link congestion or unidirectional link failures, these ports may fail to
receive BPDUs from the upstream devices. In this case, the downstream device will reselect the port
roles: Those ports in forwarding state that failed to receive upstream BPDUs will become designated
ports, and the blocked ports will transition to the forwarding state, resulting in loops in the switched
network. The loop guard function can suppress the occurrence of such loops.
If a loop guard–enabled port fails to receive BPDUs from the upstream device, and if the port takes part
in STP calculation, all the instances on the port, no matter what roles the port plays, will be set to, and
stay in, the Discarding state.
Make this configuration on the root port or an alternate port of a device.
Follow these steps to enable loop guard:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter Ethernet
interface view, or
Layer 2
aggregate
interface view
interface interface-type
interface-number
Enter
interface view
or port group
view
Enter port group
view
port-group manual
port-group-name
Required
Use either command.
Enable the loop guard function for
the ports
stp loop-protection
Required
Disabled by default
Enabling TC-BPDU guard
When receiving topology change (TC) BPDUs (the BPDUs used to notify topology changes), a switch
flushes its forwarding address entries. If someone forges TC-BPDUs to attack the switch, the switch will
receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry
flushing. This affects network stability.
Summary of Contents for S5500-SI Series
Page 161: ...3 10 GigabitEthernet1 0 1 2 MANUAL...
Page 220: ...1 7 Clearing ARP entries from the ARP table may cause communication failures...
Page 331: ...1 7 1 1 ms 1 ms 1 ms 1 1 6 1 2 1 ms 1 ms 1 ms 1 1 4 1 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 493: ...2 8...
Page 1111: ...1 10 Installing patches Installation completed and patches will continue to run after reboot...