Root
Protection
3.1 Context
3.2 Basic Concepts
If SW1 receives superior BPDUs on GE0/0/24 enabled with root protection, SW1
switches the port to the Discarding state. In this way, root protection
enforces the root bridge position of SW1.
3. Configuration and
Implementation
[SW1] display stp brief
MSTID
Port
Role STP
State Protection
0 GigabitEthernet6/0/22
DESI FORWARDING NONE
0
GigabitEthernet6/0/24 DESI DISCARDING
ROOT
Enable root protection on GE0/0/24. This function ensures that the port is the
designated port, and thereby secures the position of the root bridge. Root
protection takes effect only on designated ports.
TC
Protection
· After receiving TC BPDUs, a switch will delete MAC address entries and ARP entries. If attackers forge TC BPDUs to attack the switch, the switch deletes MAC address entries and ARP entries frequently. The switch is heavily burdened, causing potential risks to the network.
· If TC protection is enabled on the switch, after receiving a TC BPDU, the switch starts the timer at an interval of 10 seconds. In this period, if the switch receives another TC BPDU, the switch can delete MAC address entries and ARP entries once at most to protect the switch.
To learn more:
Enhancing STP and Configuring STP Protection Functions part 1
Enhancing STP and Configuring STP Protection Functions part 2
Enhancing STP and Configuring STP Protection Functions part 4
If you have any problems, please post them in our Community. We are happy to solve them for you!
