Got it

Enhancing STP and Configuring STP Protection Functions part 3

196 0 0 0

Root Protection

3.1 Context


3.2 Basic Concepts


If SW1 receives superior BPDUs on GE0/0/24 enabled with root protection, SW1 switches the port to the Discarding state. In this way, root protection enforces the root bridge position of SW1.

3. Configuration and Implementation


[SW1] display stp brief
MSTID     Port                 Role    STP State         Protection
   0      GigabitEthernet6/0/22   DESI    FORWARDING    NONE
   0      GigabitEthernet6/0/24 DESI     DISCARDING   ROOT

Enable root protection on GE0/0/24. This function ensures that the port is the designated port, and thereby secures the position of the root bridge. Root protection takes effect only on designated ports.

TC Protection


·        After receiving TC BPDUs, a switch will delete MAC address entries and ARP entries. If attackers forge TC BPDUs to attack the switch, the switch deletes MAC address entries and ARP entries frequently. The switch is heavily burdened, causing potential risks to the network.

·        If TC protection is enabled on the switch, after receiving a TC BPDU, the switch starts the timer at an interval of 10 seconds. In this period, if the switch receives another TC BPDU, the switch can delete MAC address entries and ARP entries once at most to protect the switch.



To learn more:

Enhancing STP and Configuring STP Protection Functions part 1

Enhancing STP and Configuring STP Protection Functions part 2

Enhancing STP and Configuring STP Protection Functions part 4

If you have any problems, please post them in our Community. We are happy to solve them for you!

  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits


Huawei Enterprise Support Community
Huawei Enterprise Support Community
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.