Displaying and Maintaining MSTP 235Enabling TC-BPDUAttack GuardWhen receiving a TC-BPDU (a PDU used as notification of topology change), thedevice will delete the corresponding forwarding address entry. If someone forgesTC-BPDUs to attack the device, the device will receive a larger number ofTC-BPDUs within a short time, and frequent deletion operations bring a bigburden to the device and hazard network stability.With the TC-BPDU guard function enabled, the device limits the maximumnumber of times of immediately deleting forwarding address entries within 10seconds after it receives TC-BPDUs to the value set with the stp tc-protectionthreshold command (assume the value is X). At the same time, the systemmonitors whether the number of TC-BPDUs received within that period of time islarger than X. If so, the device will perform another deletion operation after thatperiod of time elapses. This prevents frequent deletion of forwarding addressentries.Follow these steps to enable TC-BPDU attack guard:n We recommend that you keep this feature enabled.Displaying andMaintaining MSTPEnter Ethernetinterface viewor port groupviewEnter Ethernetinterface viewinterface interface-typeinterface-numberRequiredUse either command.Configurations made inEthernet interface view willtake effect on the currentport only; configurationsmade in port group view willtake effect on all ports in theport group.Enter portgroup viewport-group { manualport-group-name |aggregation agg-id }Enable the loop guard functionfor the port(s)stp loop-protection RequiredDisabled by defaultTo do… Use the command… RemarksTo do… Use the command… RemarksEnter system view system-view -Enable the TC-BPDU attack guard function stp tc-protection enable OptionalEnabled by defaultConfigure the maximum number of timesthe device deletes forwarding addressentries within a certain period of timeimmediately after it receives TC-BPDUsstp tc-protectionthreshold numberOptional6 by defaultTo do… Use the command… RemarksView the information aboutabnormally blocked portsdisplay stp abnormal-port Available in any viewView the information about portsblocked by STP protection actionsdisplay stp down-port Available in any view