A switch removes MAC address entries upon receiving TC-BPDUs (the packets used to
announce changes in the network topology). If a user maliciously sends a large number of
TC-BPDUs to a switch in a short period, the switch will be busy with removing MAC address
entries, which may decrease the performance and stability of the network.
With TC Protect function enabled, the port will drop the received TC-BPDUs and will not
forward them.
BPDU Protect
BPDU Protect function is used to prevent the port from receiving BPUDs. It is recommended to
enable this function on edge ports.
Normally edge ports do not receive BPDUs, but if a user maliciously attacks the switch by
sending BPDUs, the system automatically configures these ports as non-edge ports and
regenerates the spanning tree.
With BPDU protect function enabled, the edge port will be shut down when it receives BPDUs,
and reports these cases to the administrator. Only the administrator can restore it.
BPDU Filter
BPDU filter function is to prevent BPDU flooding in the network. It is recommended to enable
this function on edge ports.
If a switch receives malicious BPDUs, it forwards these BPDUs to the other switches in the
network, and the spanning tree will be continuously regenerated. In this case, the switch
occupies too much CPU or the protocol status of BPDUs is wrong.
With BPDU filter function enabled, the port does not receive or forward BPDUs, but it sends out
its own BPDUs, preventing the switch from being attacked by BPDUs.
BPDU Flood
BPDU flood function is to control BPDUs forwarding when spanning tree function is globally
disabled.
Generally, if a port receives BPDUs, it will forward them to all the other ports. With BPDU flood
function enabled, the port can only forward BPDUs to other
BPDU-flood-enabled ports
.
123