1-34
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface
interface-type
interface-number
—
Perform the mCheck operation
stp mcheck
Required
Configuration Example
# Perform the mCheck operation on GigabitEthernet 1/0/1.
1) Perform this configuration in system view
<Sysname> system-view
[Sysname] stp interface GigabitEthernet 1/0/1 mcheck
2) Perform this configuration in Ethernet port view
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] stp mcheck
Configuring Guard Functions
Introduction
The following guard functions are available on an MSTP-enabled switch: BPDU guard, root guard, loop
guard, TC-BPDU attack guard, and BPDU drop.
BPDU guard
Normally, the access ports of the devices operating on the access layer are directly connected to
terminals (such as PCs) or file servers. These ports are usually configured as edge ports to achieve
rapid transition. But they resume non-edge ports automatically upon receiving configuration BPDUs,
which causes spanning tree recalculation and network topology jitter.
Normally, no configuration BPDU will reach edge ports. But malicious users can attack a network by
sending configuration BPDUs deliberately to edge ports to cause network jitter. You can prevent this
type of attacks by utilizing the BPDU guard function. With this function enabled on a switch, the switch
shuts down the edge ports that receive configuration BPDUs and then reports these cases to the
administrator. Ports shut down in this way can only be restored by the administrator.
Root guard
A root bridge and its secondary root bridges must reside in the same region. The root bridge of the CIST
and its secondary root bridges are usually located in the high-bandwidth core region. Configuration
errors or attacks may result in configuration BPDUs with their priorities higher than that of a root bridge,
which causes a new root bridge to be elected and network topology jitter to occur. In this case, flows that
should travel along high-speed links may be led to low-speed links, and network congestion may occur.
You can avoid this problem by utilizing the root guard function. Ports with this function enabled can only
be kept as designated ports in all MSTIs. When a port of this type receives configuration BPDUs with
higher priorities, it turns to the discarding state (rather than become a non-designated port) and stops
forwarding packets (as if it is disconnected from the link). It resumes the normal state if it does not
receive any configuration BPDUs with higher priorities for a specified period.
Содержание Switch 4800G PWR 24-Port
Страница 165: ...1 8 4 mac address es found on port GigabitEthernet1 0 2 ...
Страница 214: ...ii Displaying and Maintaining System Guard 4 1 ...
Страница 445: ...ii ...
Страница 727: ...i Table of Contents Appendix A Acronyms A 1 ...
Страница 730: ...A 3 VOD Video On Demand W WRR Weighted Round Robin X XID eXchange Identification XRN eXpandable Resilient Networking ...