93receive a large number of TC-BPDUs within a short time and be busy with forwarding address entryflushing. This affects network stability.With the TC-BPDU guard function, you can set the maximum number of immediate forwarding addressentry flushes that the switch can perform within a certain period of time after receiving the first TC-BPDU.For TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush onlywhen the time period expires. This prevents frequent flushing of forwarding address entries.Follow these steps to enable TC-BPDU guard:To do... Use the command... RemarksEnter system view system-view —Enable the TC-BPDU guard function stp tc-protection enable OptionalEnabled by default.Configure the maximum number offorwarding address entry flushes that thedevice can perform within a specific timeperiod after it receives the first TC-BPDUstp tc-protection thresholdnumberOptional6 by default.NOTE:H3C does not recommend you to disable this feature.Enabling BPDU dropIn an STP-enabled network, after receiving BPDUs, a device performs STP calculation according to thereceived BPDUs and forwards received BPDUs to other devices in the network. This allows maliciousattackers to forge BPDUs to attack the network: By continuously sending forged BPDUs, they can make allthe devices in the network perform STP calculations all the time. As a result, problems such as CPUoverload and BPDU protocol status errors occur.To avoid this problem, you can enable BPDU drop on ports. A BPDU drop-enabled port does not receiveany BPDUs and is invulnerable to forged BPDU attacks.Follow these steps to enable BPDU drop on an Ethernet interface:To do... Use the command... RemarksEnter system view system-view —Enter Ethernet interface view interface interface-typeinterface-number —Enable BPDU drop on the currentinterface bpdu-drop any RequiredDisabled by default.Displaying and maintaining MSTPTo do... Use the command... RemarksDisplay information about abnormallyblocked portsdisplay stp abnormal-port [ | { begin |exclude | include } regular-expression ] Available in any view