Filter
Top Products
DES-7200 Configuration Guide Chapter 10 MSTP Configuration
10-19
10.2.4 Understanding
BPDU Filter
The BPDU filter can be enabled globally or on individual interface. There are
some slightly difference between these two ways.
You can use the spanning-tree portfast bpdufilter default command to
enable the BPDU filter globally in the global configuration mode. In this status,
the BPDU messages can not be received or sent through a Port Fast-enabled
port or a AutoEdge port, leading to no BPDU messages received by the host
directly connecting the port. The BPDU filter will be disabled when the Port Fast
is disabled for the AutoEdge port receives the BPDU message.
You can also use the spanning-tree bpdufilter enable command to enable the
BPDU filter on individual interface in the interface configuration mode (it is not
related to whether it is AutoEdge port or not). In this situation, this interface will
not receive or transmit the BPDU message, but execute the forwarding directly.
10.2.5 Understanding
Tc-protection
TC-BPDU messages are BPDU messages carrying with TC flag. When the L2
switch receives these messages, the network topology will change and the
MAC address table will be deleted. And for L3 switch, the route table will be
deleted and the port state in the ARP entry will change. To prevent the switch
from processing abovementioned operations when pseudo TC-BPDU
messages attack maliciously, too-heavy burden and network turbulance, the
TC-protection function comes into being.
Tc-protection can only be enabled or disabled globally. It is enabled by default.
Once Tc-protection is enabled, the switch will delete the message within a
certain period of time (usually 4 seconds) after receiving the TC-BPDU
message while monitoring the TC-BPDU message. If it receives the TC-BPDU
message during this period, it will perform the delete operation again after this
period expires. This eliminates the need of frequently deleting MAC address
entries and ARP entries.
10.2.6 Understanding
TC Guard
The Tc-Protection function can reduce the removal of MAC address entries and
ARP entries when a lot number of TC messages are generated in a network.
However, you need to do more delete oeprations in case of TC message attack.
Furthermore, the TC message is propagated and will have an effect on the
whole network. The TC Guard function allows you to disable the propagation of
the TC message globally or on ports. When TC Guard function is configured