Home » TP-Link Manuals » Hubs & Switches » TP-Link T1600G-18TS » Manual Viewer

TP-Link T1600G-18TS T1600G-18TSUN V2 CLI Reference Guide Guide - Page 420

dos-prevent, no ip dos-prevent type

View all TP-Link T1600G-18TS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 420 highlights

Syntax ip dos-prevent type { land | scan-synfin | xma-scan | null-scan | port-less-1024 | blat | ping-flood | syn-flood | win-nuke | ping-of-death | smurf } no ip dos-prevent type { land | scan-synfin | xma-scan | null-scan | port-less-1024 | blat | ping-flood | syn-flood | win-nuke | ping-of-death | smurf } Parameter land --The attacker sends a specific fake SYN (synchronous) packet to the destination host. Because both of the source IP address and the destination IP address of the SYN packet are set to be the IP address of the host, the host will be trapped in an endless circle of building the initial connection. scan-synfin --The attacker sends the packet with its SYN field and the FIN field set to 1. The SYN field is used to request initial connection whereas the FIN field is used to request disconnection. Therefore, the packet of this type is illegal. xma-scan --The attacker sends the illegal packet with its TCP index, FIN, URG and PSH field set to 1. null-scan --The attacker sends the illegal packet with its TCP index and all the control fields set to 0. During the TCP connection and data transmission, the packets with all control fields set to 0 are considered illegal. port-less-1024 --The attacker sends the illegal packet with its TCP SYN field set to 1 and source port smaller than 1024. blat --The attacker sends the illegal packet with the same source port and destination port on Layer 4 and with its URG field set to 1. Similar to the Land Attack, the system performance of the attacked host is reduced because the Host circularly attempts to build a connection with the attacker. ping-flood --The attacker floods the destination system with Ping packets, creating a broadcast storm that makes it impossible for the system to respond to legal communication. syn-flood --The attacker uses a fake IP address to send TCP request packets to the server. Upon receiving the request packets, the server responds with SYN-ACK packets. Since the IP address is fake, no response will be returned. The server will keep on sending SYN-ACK packets. If the attacker sends overflowing fake request packets, the network resource will be occupied maliciously and the requests of the legal clients will be denied. win-nuke --Because the Operation System with bugs cannot correctly process the URG (Urgent Pointer) of TCP packets, the attacker sends this 399

Section	Page
Preface	22
Chapter 1 Using the CLI	26
1.1 Accessing the CLI	26
1.1.1 Logon by Telnet	26
1.1.2 Logon by SSH	27
1.2 CLI Command Modes	32
1.3 Privilege Restrictions	35
1.4 Conventions	35
1.4.1 PoE Disclaimer	35
1.4.2 Format Conventions	36
1.4.3 Special Characters	36
1.4.4 Parameter Format	36
Chapter 2 User Interface	37
2.1 enable	37
2.2 service password-encryption	37
2.3 enable password	38
2.4 enable secret	39
2.5 configure	40
2.6 exit	41
2.7 end	41
2.8 clipaging	42
2.9 history	42
2.10 history clear	43
Chapter 3 User Management Commands	44
3.1 user name (password)	44
3.2 user name (secret)	45
3.3 show user account-list	46
3.4 show user configuration	47
Chapter 4 System Configuration Commands	48
4.1 system-time manual	48
4.2 system-time ntp	48
4.3 system-time dst predefined	50
4.4 system-time dst date	51
4.5 system-time dst recurring	52
4.6 hostname	53
4.7 location	54
4.8 contact-info	54
4.9 led (Only for Certain Devices)	55
4.10 ip address	55
4.11 ip address-alloc	56
4.12 controller cloud-based (Only for Certain Devices)	57
4.13 controller inform-url (Only for Certain Devices)	58
4.14 reset	58
4.15 service reset-disable	59
4.16 reboot	60
4.17 reboot-schedule	60
4.18 copy running-config startup-config	61
4.19 copy startup-config tftp	62
4.20 copy tftp startup-config	62
4.21 copy backup-config tftp	63
4.22 copy backup-config startup-config	64
4.23 copy running-config backup-config	64
4.24 copy tftp backup-config	65
4.25 boot application	65
4.26 boot config	66
4.27 remove backup-image	67
4.28 firmware upgrade	67
4.29 ping	68
4.30 tracert	69
4.31 show system-info	70
4.32 show image-info	71
4.33 show boot	71
4.34 show running-config	72
4.35 show startup-config	72
4.36 show system-time	73
4.37 show system-time dst	73
4.38 show system-time ntp	74
4.39 show cable-diagnostics interface	74
4.40 show cpu-utilization	75
4.41 show memory-utilization	75
4.42 show controller (Only for Certain Devices)	76
Chapter 5 EEE Configuration Commands	77
5.1 eee	77
5.2 show interface eee	77
Chapter 6 SDM Template Commands	79
6.1 sdm prefer	79
6.2 show sdm prefer	80
Chapter 7 Time Range Commands	81
7.1 time-range	81
7.2 absolute	81
7.3 periodic	82
7.4 holiday (time-range mode)	83
7.5 holiday	84
7.6 show holiday	84
7.7 show time-range	85
Chapter 8 Port Configuration Commands	86
8.1 interface gigabitEthernet	86
8.2 interface range gigabitEthernet	86
8.3 description	87
8.4 shutdown	88
8.5 flow-control	89
8.6 duplex	89
8.7 jumbo-size	90
8.8 speed	90
8.9 serdes-mode	91
8.10 clear counters	92
8.11 show interface status	92
8.12 show interface counters	93
8.13 show interface configuration	94
Chapter 9 Port Isolation Commands	95
9.1 port isolation	95
9.2 show port isolation interface	96
Chapter 10 Loopback Detection Commands	97
10.1 loopback-detection (global)	97
10.2 loopback-detection interval	97
10.3 loopback-detection recovery-time	98
10.4 loopback-detection (interface)	99
10.5 loopback-detection config process-mode	99
10.6 loopback-detection recover	100
10.7 show loopback-detection global	101
10.8 show loopback-detection interface	101
Chapter 11 Etherchannel Commands	103
11.1 channel-group	103
11.2 port-channel load-balance	104
11.3 lacp system-priority	105
11.4 lacp port-priority	106
11.5 show etherchannel	106
11.6 show etherchannel load-balance	107
11.7 show lacp	108
11.8 show lacp sys-id	108
Chapter 12 MAC Address Commands	110
12.1 mac address-table static	110
12.2 no mac address-table dynamic	111
12.3 mac address-table aging-time	111
12.4 mac address-table filtering	112
12.5 mac address-table max-mac-count	113
12.6 show mac address-table	114
12.7 clear mac address-table	115
12.8 show mac address-table aging-time	115
12.9 show mac address-table max-mac-count	116
12.10 show mac address-table interface	116
12.11 show mac address-table count	117
12.12 show mac address-table address	117
12.13 show mac address-table vlan	118
Chapter 13 IEEE 802.1Q VLAN Commands	119
13.1 vlan	119
13.2 name	120
13.3 vlan_trunk (globally)	120
13.4 vlan_trunk (interface)	121
13.5 switchport general allowed vlan	121
13.6 switchport pvid	122
13.7 switchport check ingress	123
13.8 switchport acceptable frame	124
13.9 show vlan summary	124
13.10 show vlan brief	125
13.11 show vlan	125
13.12 show interface switchport	126
Chapter 14 MAC-based VLAN Commands	127
14.1 mac-vlan mac-address	127
14.2 mac-vlan	128
14.3 show mac-vlan	128
14.4 show mac-vlan interface	129
Chapter 15 Protocol-based VLAN Commands	130
15.1 protocol-vlan template	130
15.2 protocol-vlan vlan	131
15.3 protocol-vlan group	132
15.4 show protocol-vlan template	132
15.5 show protocol-vlan vlan	133
Chapter 16 GVRP Commands	134
16.1 gvrp	134
16.2 gvrp (interface)	134
16.3 gvrp registration	135
16.4 gvrp timer	136
16.5 show gvrp interface	137
16.6 show gvrp global	138
Chapter 17 IGMP Snooping Commands	139
17.1 ip igmp snooping (global)	139
17.2 ip igmp snooping version	139
17.3 ip igmp snooping drop-unknown	140
17.4 ip igmp snooping header-validation	141
17.5 ip igmp snooping vlan-config	141
17.6 ip igmp snooping vlan-config (immediate-leave)	143
17.7 ip igmp snooping vlan-config (report-suppression)	143
17.8 ip igmp snooping vlan-config (router-ports-forbidden)	144
17.9 ip igmp snooping vlan-config (rport interface)	145
17.10 ip igmp snooping vlan-config (static)	146
17.11 ip igmp snooping vlan-config (querier)	147
17.12 ip igmp snooping (interface)	148
17.13 ip igmp snooping max-groups	149
17.14 ip igmp snooping immediate-leave	150
17.15 ip igmp profile	150
17.16 deny	151
17.17 permit	151
17.18 range	152
17.19 ip igmp filter	153
17.20 clear ip igmp snooping statistics	153
17.21 show ip igmp snooping	154
17.22 show ip igmp snooping interface	154
17.23 show ip igmp snooping vlan	155
17.24 show ip igmp snooping groups	156
17.25 show ip igmp profile	157
Chapter 18 MLD Snooping Commands	158
18.1 ipv6 mld snooping (global)	158
18.2 ipv6 mld snooping drop-unknown	158
18.3 ipv6 mld snooping vlan-config	159
18.4 ipv6 mld snooping vlan-config (immediate-leave)	160
18.5 ipv6 mld snooping vlan-config (report-suppression)	161
18.6 ipv6 mld snooping vlan-config (router-ports-forbidden)	162
18.7 ipv6 mld snooping vlan-config (rport interface)	163
18.8 ipv6 mld snooping vlan-config (static)	163
18.9 ipv6 mld snooping vlan-config (querier)	164
18.10 ipv6 mld snooping (interface)	166
18.11 ipv6 mld snooping max-groups	166
18.12 ipv6 mld snooping immediate-leave	167
18.13 ipv6 mld profile	168
18.14 deny	169
18.15 permit	169
18.16 range	170
18.17 ipv6 mld filter	170
18.18 clear ipv6 mld snooping statistics	171
18.19 show ipv6 mld snooping	171
18.20 show ipv6 mld snooping interface	172
18.21 show ipv6 mld snooping vlan	173
18.22 show ipv6 mld snooping groups	173
18.23 show ipv6 mld profile	174
Chapter 19 MVR Commands	175
19.1 mvr (global)	175
19.2 mvr group	175
19.3 mvr mode	176
19.4 mvr querytime	177
19.5 mvr vlan	178
19.6 mvr (interface)	178
19.7 mvr type	179
19.8 mvr immediate	180
19.9 mvr vlan (group)	180
19.10 show mvr	181
19.11 show mvr interface	182
19.12 show mvr members	182
Chapter 20 MSTP Commands	184
20.1 debug spanning-tree	184
20.2 spanning-tree (global)	185
20.3 spanning-tree (interface)	185
20.4 spanning-tree common-config	186
20.5 spanning-tree mode	187
20.6 spanning-tree mst configuration	188
20.7 instance	188
20.8 name	189
20.9 revision	190
20.10 spanning-tree mst instance	191
20.11 spanning-tree mst	191
20.12 spanning-tree priority	192
20.13 spanning-tree timer	193
20.14 spanning-tree hold-count	194
20.15 spanning-tree max-hops	194
20.16 spanning-tree bpdufilter	195
20.17 spanning-tree bpduflood	196
20.18 spanning-tree bpduguard	196
20.19 spanning-tree guard loop	197
20.20 spanning-tree guard root	198
20.21 spanning-tree guard tc	198
20.22 spanning-tree mcheck	199
20.23 show spanning-tree active	199
20.24 show spanning-tree bridge	200
20.25 show spanning-tree interface	200
20.26 show spanning-tree interface-security	201
20.27 show spanning-tree mst	202
Chapter 21 LLDP Commands	204
21.1 lldp	204
21.2 lldp forward_message	204
21.3 lldp hold-multiplier	205
21.4 lldp timer	206
21.5 lldp receive	207
21.6 lldp transmit	207
21.7 lldp snmp-trap	208
21.8 lldp tlv-select	209
21.9 lldp management-address	209
21.10 lldp med-fast-count	210
21.11 lldp med-status	211
21.12 lldp med-tlv-select	211
21.13 lldp med-location	212
21.14 show lldp	213
21.15 show lldp interface	213
21.16 show lldp local-information interface	214
21.17 show lldp neighbor-information interface	215
21.18 show lldp traffic interface	215
Chapter 22 Static Routes Commands	217
22.1 ip routing	217
22.2 interface vlan	217
22.3 interface loopback	218
22.4 switchport	218
22.5 interface range port-channel	219
22.6 description	220
22.7 shutdown	220
22.8 interface port-channel	221
22.9 ip route	222
22.10 ipv6 routing	222
22.11 ipv6 route	223
22.12 show interface vlan	224
22.13 show ip interface	224
22.14 show ip interface brief	225
22.15 show ip route	225
22.16 show ip route specify	226
22.17 show ip route summary	227
22.18 show ipv6 interface	227
22.19 show ipv6 route	228
22.20 show ipv6 route summary	228
Chapter 23 IPv6 Address Configuration Commands	230
23.1 ipv6 enable	230
23.2 ipv6 address autoconfig	230
23.3 ipv6 address link-local	231
23.4 ipv6 address dhcp	232
23.5 ipv6 address ra	232
23.6 ipv6 address eui-64	233
23.7 ipv6 address	234
23.8 show ipv6 interface	235
Chapter 24 ARP Commands	236
24.1 arp	236
24.2 clear arp-cache	237
24.3 arp dynamicrenew	237
24.4 arp timeout	238
24.5 gratuitous-arp intf-status-up enable	238
24.6 gratuitous-arp dup-ip-detected enable	239
24.7 gratuitous-arp learning enable	239
24.8 gratuitous-arp send-interval	240
24.9 ip proxy-arp	241
24.10 ip local-proxy-arp	241
24.11 show arp	242
24.12 show ip arp (interface)	243
24.13 show ip arp summary	243
24.14 show gratuitous-arp	244
24.15 show ip proxy-arp	244
Chapter 25 DHCP Server Commands	246
25.1 service dhcp server	246
25.2 ip dhcp server extend-option capwap-ac-ip	246
25.3 ip dhcp server extend-option vendor-class-id	247
25.4 ip dhcp server exclude-address	248
25.5 ip dhcp server pool	248
25.6 ip dhcp server ping timeout	249
25.7 ip dhcp server ping packets	250
25.8 network	250
25.9 lease	251
25.10 address hardware-address	252
25.11 address client-identifier	253
25.12 default-gateway	253
25.13 dns-server	254
25.14 netbios-name-server	255
25.15 netbios-node-type	255
25.16 next-server	256
25.17 domain-name	257
25.18 bootfile	257
25.19 show ip dhcp server status	258
25.20 show ip dhcp server statistics	258
25.21 show ip dhcp server extend-option	259
25.22 show ip dhcp server pool	259
25.23 show ip dhcp server excluded-address	260
25.24 show ip dhcp server manual-binding	260
25.25 show ip dhcp server binding	261
25.26 clear ip dhcp server statistics	261
25.27 clear ip dhcp server binding	262
Chapter 26 DHCP Relay Commands	263
26.1 service dhcp relay	263
26.2 ip dhcp relay hops	263
26.3 ip dhcp relay time	264
26.4 ip helper-address	265
26.5 ip dhcp relay information	265
26.6 ip dhcp relay information strategy	266
26.7 ip dhcp relay information format	267
26.8 ip dhcp relay information circuit-id	268
26.9 ip dhcp relay information remote-id	268
26.10 ip dhcp relay default-interface	269
26.11 ip dhcp relay vlan	270
26.12 show ip dhcp relay	270
Chapter 27 DHCP L2 Relay Commands	272
27.1 ip dhcp l2relay	272
27.2 ip dhcp l2relay vlan	272
27.3 ip dhcp l2relay information	273
27.4 ip dhcp l2relay information strategy	273
27.5 ip dhcp l2relay information format	274
27.6 ip dhcp l2relay information circuit-id	275
27.7 ip dhcp l2relay information remote-id	276
27.8 show ip dhcp l2relay	276
27.9 show ip dhcp l2relay interface	277
Chapter 28 QoS Commands	278
28.1 qos trust mode	278
28.2 qos port-priority	279
28.3 qos cos-map	279
28.4 qos dot1p-remap	280
28.5 qos dscp-map	281
28.6 qos dscp-remap	282
28.7 qos queue mode	282
28.8 show qos cos-map	283
28.9 show qos dot1p-remap	284
28.10 show qos dscp-map	284
28.11 show qos dscp-remap	285
28.12 show qos port-priority interface	285
28.13 show qos trust interface	286
28.14 show qos queue interface	286
Chapter 29 Bandwidth Control Commands	288
29.1 storm-control rate-mode	288
29.2 storm-control	289
29.3 storm-control exceed	290
29.4 storm-control recover	290
29.5 bandwidth	291
29.6 show storm-control	292
29.7 show bandwidth	292
Chapter 30 Voice VLAN Commands	294
30.1 voice vlan	294
30.2 voice vlan (interface)	294
30.3 voice vlan priority	295
30.4 voice vlan oui	296
30.5 show voice vlan	296
30.6 show voice vlan oui-table	297
30.7 show voice vlan interface	297
Chapter 31 Auto VoIP Commands	299
31.1 auto-voip	299
31.2 auto-voip (interface)	299
31.3 auto-voip dot1p	300
31.4 auto-voip untagged	301
31.5 auto-voip none	301
31.6 no auto-voip (interface)	302
31.7 auto-voip dscp	302
31.8 auto-voip data priority	303
31.9 show auto-voip	303
Chapter 32 Access Control Commands	305
32.1 user access-control ip-based enable	305
32.2 user access-control ip-based	305
32.3 user access-control mac-based enable	306
32.4 user access-control mac-based	307
32.5 user access-control port-based enable	308
32.6 user access-control port-based	308
Chapter 33 HTTP and HTTPS Commands	310
33.1 ip http server	310
33.2 ip http port	311
33.3 ip http max-users	311
33.4 ip http session timeout	312
33.5 ip http secure-server	313
33.6 ip http secure-port	313
33.7 ip http secure-protocol	314
33.8 ip http secure-ciphersuite	315
33.9 ip http secure-max-users	316
33.10 ip http secure-session timeout	317
33.11 ip http secure-server download certificate	317
33.12 ip http secure-server download key	318
33.13 show ip http configuration	319
33.14 show ip http secure-server	320
Chapter 34 SSH Commands	321
34.1 ip ssh server	321
34.2 ip ssh port	321
34.3 ip ssh version	322
34.4 ip ssh algorithm	323
34.5 ip ssh timeout	323
34.6 ip ssh max-client	324
34.7 ip ssh download	325
34.8 remove public-key	325
34.9 show ip ssh	326
Chapter 35 Telnet Commands	327
35.1 telnet	327
35.2 telnet enable	327
35.3 telnet port	328
35.4 show telnet-status	328
Chapter 36 AAA Commands	330
36.1 tacacas-server host	330
36.2 show tacacs-server	331
36.3 radius-server host	332
36.4 show radius-server	333
36.5 aaa group	334
36.6 server	335
36.7 show aaa group	335
36.8 aaa authentication login	336
36.9 aaa authentication enable	337
36.10 aaa authentication dot1x default	338
36.11 aaa accounting dot1x default	339
36.12 show aaa authentication	339
36.13 show aaa accounting	340
36.14 line telnet	340
36.15 login authentication (telnet)	341
36.16 line ssh	342
36.17 login authentication (ssh)	342
36.18 enable authentication (telnet)	343
36.19 enable authentication (ssh)	344
36.20 ip http login authentication	344
36.21 ip http enable authentication	345
36.22 show aaa global	346
36.23 enable admin password	346
36.24 enable admin secret	347
36.25 enable-admin	349
Chapter 37 IEEE 802.1x Commands	350
37.1 dot1x system-auth-control	350
37.2 dot1x handshake	351
37.3 dot1x auth-protocol	351
37.4 dot1x vlan-assignment	352
37.5 dot1x accounting	353
37.6 dot1x mab	354
37.7 dot1x guest-vlan	354
37.8 dot1x timeout quiet-period	355
37.9 dot1x timeout supp-timeout	356
37.10 dot1x max- req	357
37.11 dot1x	357
37.12 dot1x port-control	358
37.13 dot1x port-method	359
37.14 dot1x auth-init	360
37.15 dot1x auth-reauth	360
37.16 show dot1x global	361
37.17 show dot1x interface	362
37.18 show dot1x auth-state interface	362
Chapter 38 Port Security Commands	364
38.1 mac address-table max-mac count	364
38.2 show mac address-table max-mac-count	364
Chapter 39 Port Mirroring Commands	366
39.1 monitor session destination interface	366

Match case Limit results 1 per page

399

Syntax

dos-prevent

type

{

land

scan-synfin

xma-scan

null-scan

smurf }

no ip dos-prevent type

{ land | scan-synfin | xma-scan | null-scan |

smurf }

Parameter

land ——The attacker sends a specific fake SYN (synchronous) packet to the

destination host. Because both of the source IP address and the destination

IP address of the SYN packet are set to be the IP address of the host, the

host will be trapped in an endless circle of building the initial connection.

scan-synfin ——The attacker sends the packet with its SYN field and the FIN

field set to 1. The SYN field is used to request initial connection whereas the

FIN field is used to request disconnection. Therefore, the packet of this type

is illegal.

xma-scan ——The attacker sends the illegal packet with its TCP index, FIN,

URG and PSH field set to 1.

null-scan ——The attacker sends the illegal packet with its TCP index and all

the control fields set to 0. During the TCP connection and data transmission,

the packets with all control fields set to 0 are considered illegal.

port-less-1024 ——The attacker sends the illegal packet with its TCP SYN

field set to 1 and source port smaller than 1024.

blat ——The attacker sends the illegal packet with the same source port and

destination port on Layer 4 and with its URG field set to 1. Similar to the Land

Attack, the system performance of the attacked host is reduced because the

Host circularly attempts to build a connection with the attacker.

ping-flood ——The attacker floods the destination system with Ping packets,

creating a broadcast storm that makes it impossible for the system to

respond to legal communication.

syn-flood ——The attacker uses a fake IP address to send TCP request

packets to the server. Upon receiving the request packets, the server

responds with SYN-ACK packets. Since the IP address is fake, no response

will be returned. The server will keep on sending SYN-ACK packets. If the

attacker sends overflowing fake request packets, the network resource will

be occupied maliciously and the requests of the legal clients will be denied.

win-nuke ——Because the Operation System with bugs cannot correctly

process the URG (Urgent Pointer) of TCP packets, the attacker sends this