STP dual-system backup networking is the commonest networking mode in the enterprise network field. In this networking mode, if many layer 2 swtiches are attached to the S9500 series devices, the core devices will receive many TC or TCN messages accordingly. According to the general processing, the relevant ARP and MAC addresses will be deleted each time a TC/TCN message is received. Such frequent deletion of ARP and MAC addresses will make a great impact on normal services, and is obviously inappropriate. S9500 processes this networking specially according to its characteristics.
1. Default configuration. After STP is enabled, all the ports will be in the DISCARDING state, in which case the dynamic ARP and MAC addresses on all the ports will be deleted.
2. During normal system running, if a port changes into the DISCARDING state, the dynamic ARP and MAC addresses will be deleted from that port.
3. When S9500 receives TC or TCN, it deletes MAC address or ARP by default. But it does not delete the ARP entry completely. On the contrary, it saves the mapping relation of ARP and MAC address, and sends a correspondent ARP request to ensure the ARP entry updates times when the network topology changes. You can enable or disable deleting the ARP entry when TC or TCN is received. The deletion operation is enabled globally and disabled in the port, but if one is enabled, the ARP learnt by the port will be deleted when TC is received. Command: stp reset-arp enable/disable. When the function is disabled at the port and globally, if TC or TCN is received, only the MAC address is deleted, while ARP is updated according to the MAC address.
4. S9500 can be protected from TC attacks when it receives too many TC packets. In other words, it dispose TC or TCN only one or two times in a specified period to prevent MAC address and ARP entry changes too frequently.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作