Operation Manual – MSTPH3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration1-32upstream switch for a certain period, the switch selects a new root port; the original rootport becomes a designated port; and the blocked ports transit to forwarding state. Thismay cause loops in the network.The loop guard function suppresses loops. With this function enabled, if linkcongestions or uni-directional link failures occur, both the root port and the blockedports become designated ports and change to discarding state. In this case, they stopforwarding packets, and thereby loops can be prevented.IV. TC-BPDU attack guardA switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. Ifa malicious user sends a large amount of TC-BPDUs to a switch in a short period, theswitch may busy itself in removing MAC address entries and ARP entries, which maydecreases the performance and stability of the switch.With the TC-BPDU guard function enabled, the switch performs only one removingoperation in a specified period ( 10 seconds by default) after it receives a TC-BPDU.The switch also checks to see if other TC-BPDUs arrive in this period and performsanother removing operation in the next period if a TC-BPDU is received. Such amechanism prevents a switch from busying itself in performing removing operations.Caution:Among loop guard function, root guard function, and edge port setting, only one can bevalid on a port at one time.1.5.2 Configuration PrerequisitesMSTP runs normally on the switch.1.5.3 BPDU Guard ConfigurationI. Configuration procedureFollow these steps to enable the BPDU guard function:To do ... Use the command ... RemarksEnter system view system-view —Enable the BPDUguard function stp bpdu-protectionRequiredThe BPDU guard function isdisabled by default.