R21xx-HP FlexFabric 11900 Layer 2 LAN Switching Configuration Guide
90
The change to the bridge ID of a device in the user access network might cause a change to the spanning
tree topology in the core network. To avoid this problem, you can enable port role restriction on a port.
With this feature enabled, when the port receives a superior BPDU, it becomes an alternate port rather
than a root port.
Make this configuration on the port that connects to the user access network.
To configure port role restriction:
Ste
p
Command Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet or
aggregate interface view.
interface interface-type
interface-number
N/A
3. Enable port role restriction.
stp role-restriction
By default, port role restriction is
disabled.
Configuring TC-BPDU transmission restriction
CAUTION:
Enabling TC-BPDU transmission restriction on a port might cause the previous forwardin
g
address table to
fail to be updated when the topology changes.
The topology change to the user access network might cause the forwarding address changes to the core
network. When the user access network topology is unstable, the user access network might affect the
core network. To avoid this problem, you can enable TC-BPDU transmission restriction on a port. With
this feature enabled, when the port receives a TC-BPDU, it does not forward the TC-BPDU to other ports.
Make this configuration on the port that connects to the user access network.
To configure TC-BPDU transmission restriction:
Ste
p
Command Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet or
aggregate interface view.
interface interface-type
interface-number
N/A
3. Enable TC-BPDU transmission
restriction.
stp tc-restriction
By default, TC-BPDU transmission
restriction is disabled.
Enabling TC-BPDU guard
When a device receives topology change (TC) BPDUs (the BPDUs that notify devices of topology
changes), it flushes its forwarding address entries. If someone forges TC-BPDUs to attack the device, the
device will receive a large number of TC-BPDUs within a short time and be busy with forwarding address
entry flushing. This affects network stability.
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address
entry flushes that the device can perform within a specified period of time (10 seconds) after it receives
the first TC-BPDU. For TC-BPDUs received in excess of the limit, the device performs a forwarding address
entry flush when the time period expires. This prevents frequent flushing of forwarding address entries.