Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SG3210 » Manual Viewer

TP-Link TL-SG3210 TL-SG3210 V1 CLI Reference Guide - Page 158

spanning-tree security

Add to My Manuals
Save this manual to your list of manuals

Page 158 highlights

Spanning Tree globally. To return to the default configuration, please use no spanning-tree tc-defend command. A switch removes MAC address entries upon receiving TC-BPDUs. If a malicious user continuously sends TC-BPDUs to a switch, the switch will be busy with removing MAC address entries, which may decrease the performance and stability of the network. Syntax spanning-tree tc-defend [ threshold threshold ] [ period period ] no spanning-tree tc-defend Parameter threshold -- TC Threshold, ranging from 1 to 100 packets. By default, it is 20. TC Threshold is the maximum number of the TC-BPDUs received by the switch in a TC Protect Cycle. period -- TC Protect Cycle, ranging from 1 to 10 in seconds. By default, it is 5. Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets, and TC Protect Cycle as 10 seconds: TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree security Description The spanning-tree security command is used to configure MSTP Port Protect. To return to the default configuration, please use no spanning-tree security command. Port Protect function is to prevent the devices from any malicious attack against STP features. Syntax spanning-tree security [loop { disable | enable }] [root { disable | enable }] [TC { disable | enable }] [defend { disable | enable }] [hold { disable | enable }] no spanning-tree security Parameter loop -- Enable/ Disable Loop Protect. By default, it is disabled. Loop Protect is to prevent the loops in the network brought by recalculating STP because of link failures and network congestions. root -- Enable/ Disable Root Protect. By default, it is disabled. Root Protect 146

Section	Page
Preface	13
Chapter 1 Using the CLI	16
1.1 Accessing the CLI	16
1.1.1 Logon by a console port	16
1.1.2 Logon by Telnet	18
1.2 CLI Command Modes	20
1.3 Security Levels	22
1.4 Conventions	23
1.4.1 Format Conventions	23
1.4.2 Special Characters	23
1.4.3 Parameter Format	23
Chapter 2 User Interface	24
enable	24
enable password	24
disable	25
configure	25
exit	25
end	26
Chapter 3 IEEE 802.1Q VLAN Commands	27
vlan database	27
vlan	27
interface vlan	28
description	28
switchport type	29
switchport allowed vlan	29
switchport pvid	30
switchport general egress-rule	30
show vlan	31
show interface switchport	31
Chapter 4 MAC VLAN Commands	32
mac-vlan add	32
mac-vlan remove	32
mac-vlan modify	33
show mac-vlan	33
Chapter 5 Protocol VLAN Commands	34
protocol-vlan template	34
protocol-vlan vlan	34
show protocol-vlan template	35
show protocol-vlan vlan	35
Chapter 6 Voice VLAN Commands	37
voice-vlan enable	37
voice-vlan aging-time	37
voice-vlan priority	38
voice-vlan oui	38
switchport voice-vlan mode	39
switchport voice-vlan security	40
show voice-vlan global	40
show voice-vlan oui	40
show voice-vlan switchport	41
Chapter 7 GVRP Commands	42
gvrp	42
gvrp (interface)	42
gvrp registration	43
gvrp timer	43
show gvrp global	44
show gvrp interface	45
Chapter 8 LAG Commands	46
interface link-aggregation	46
interface range link-aggregation	46
link-aggregation	47
link-aggregation hash-algorithm	48
description	48
show interfaces link-aggregation	49
Chapter 9 LACP Commands	50
lacp system-priority	50
lacp admin-key	50
lacp port-priority	51
show lacp interface	51
show lacp system-priority	52
Chapter 10 User Manage Commands	53
user add	53
user remove	54
user modify status	54
user modify type	55
user modify password	55
user access-control disable	56
user access-control ip-based	56
user access-control mac-based	57
user access-control port-based	57
user max-number	58
user idle-timeout	58
show user account-list	59
show user configuration	59
Chapter 11 Binding Table Commands	61
binding-table user-bind	61
binding-table remove	62
dhcp-snooping	62
dhcp-snooping global	63
dhcp-snooping information enable	64
dhcp-snooping information strategy	64
dhcp-snooping information user-defined	65
dhcp-snooping information remote-id	65
dhcp-snooping information circuit-id	66
dhcp-snooping trusted	66
dhcp-snooping mac-verify	67
dhcp-snooping rate-limit	67
dhcp-snooping decline	68
show binding-table	68
show dhcp-snooping global	69
show dhcp-snooping information	69
show dhcp-snooping interface	70
Chapter 12 ARP Inspection Commands	71
arp detection (global)	71
arp detection trust-port	71
arp detection (interface)	72
arp detection limit-rate	72
arp detection recover	73
show arp detection global	74
show arp detection interface	74
show arp detection statistic	74
show arp detection statistic reset	75
Chapter 13 DoS Defend Command	76
dos-prevent	76
dos-prevent type	76
show dos-prevent	77
Chapter 14 IEEE 802.1X Commands	78
dot1x	78
dot1x authentication-method	78
dot1x guest-vlan	79
dot1x quiet-period	80
dot1x timer	80
dot1x retry	81
dot1x(interface)	81
dot1x guest-vlan	82
dot1x port-control	82
dot1x port-method	83
radius authentication primary-ip	84
radius authentication secondary-ip	84
radius authentication port	85
radius authentication key	85
radius accounting enable	86
radius accounting primary-ip	87
radius accounting secondary-ip	87
radius accounting port	88
radius accounting key	88
radius response-timeout	89
show dot1x global	89
show dot1x interface	90
show radius authentication	90
show radius accounting	91
Chapter 15 Log Commands	92
logging local buffer	92
logging local flash	92
logging clear	93
logging loghost	94
show logging local-config	94
show logging loghost	95
show logging buffer level	95
show logging flash level	96
Chapter 16 SSH Commands	97
ssh server enable	97
ssh version	97
ssh idle-timeout	98
ssh max-client	98
ssh download	99
show ssh	99
Chapter 17 SSL Commands	100
ssl enable	100
ssl download certificate	100
ssl download key	101
show ssl	101
Chapter 18 Address Commands	103
bridge address port-security	103
bridge address static	104
bridge aging-time	104
bridge address filtering	105
show bridge port-security	106
show bridge address	106
show bridge aging-time	107
Chapter 19 System Commands	108
system-descript	108
system-time gmt	108
system-time manual	109
system-time dst	109
ip address	110
ip management-vlan	111
ip dhcp-alloc	111
ip bootp-alloc	111
reset	112
reboot	112
user-config backup	113
user-config load	113
user-config save	114
firmware upgrade	114
ping	115
tracert	115
loopback	116
show system-info	116
show ip address	117
show system-time	117
show system-time dst	118
Chapter 20 Ethernet Configuration Commands	119
interface ethernet	119
interface range ethernet	119
description	120
shutdown	120
flow-control	121
negotiation	121
storm-control	122
storm-control disable bc-rate	123
storm-control disable mc-rate	123
storm-control disable ul-rate	124
port rate-limit	124
port rate-limit disable ingress	125
port rate-limit disable egress	125
show interface configuration	125
show interface status	126
show interface counters	126
show storm-control ethernet	127
show port rate-limit	127
Chapter 21 QoS Commands	129
qos	129
qos dot1p config	129
qos dscp enable	130
qos dscp config	131
qos scheduler	132
show qos port-based	133
show qos dot1p	133
show qos dscp	133
show qos scheduler	134
Chapter 22 Port Mirror Commands	135
mirror add	135
mirror remove group	136
mirror remove mirrored	136
show mirror	137
Chapter 23 Port isolation Commands	138
port isolation	138
show port isolation	138
Chapter 24 ACL Commands	140
acl time-segment	140
acl edit time-segment	141
acl holiday	142
acl create	142
acl rule mac-acl	143
acl edit rule mac-acl	144
acl rule std-acl	145
acl edit rule std-acl	146
acl policy policy-add	147
acl policy action-add	148
acl edit action	149
acl bind to-port	150
acl bind to-vlan	150
show acl time-segment	151
show acl holiday	151
show acl config	151
show acl bind	152
Chapter 25 MSTP Commands	153
spanning-tree global	153
spanning-tree common-config	154
spanning-tree region	155
spanning-tree msti	156
spanning-tree msti	157
spanning-tree tc-defend	157
spanning-tree security	158
spanning-tree mcheck	159
show spanning-tree global-info	159
show spanning-tree global-config	160
show spanning-tree port-config	160
show spanning-tree region	161
show spanning-tree msti config	161
show spanning-tree msti port	161
show spanning-tree security tc-defend	162
show spanning-tree security port-defend	162
Chapter 26 IGMP Commands	164
igmp-snooping global	164
igmp-snooping config	164
igmp-snooping vlan-config-add	165
igmp-snooping vlan-config	166
igmp-snooping multi-vlan-config	167
igmp-snooping static-entry-add	168
igmp-snooping filter-add	169
igmp-snooping filter-config	169
igmp-snooping filter	170
show igmp-snooping global-config	171
show igmp-snooping port-config	171
show igmp-snooping vlan-config	172
show igmp-snooping multi-vlan	172
show igmp-snooping multi-ip-list	172
show igmp-snooping filter-ip-addr	173
show igmp-snooping port-filter	173
show igmp-snooping packet-stat	174
show igmp-snooping packet-stat-clear	174
Chapter 27 SNMP Commands	175
snmp global	175
snmp view-add	176
snmp group-add	176
snmp user-add	178
snmp community-add	179
snmp notify-add	180
snmp-rmon history sample-cfg	181
snmp-rmon history owner	182
snmp-rmon history enable	182
snmp-rmon event user	183
snmp-rmon event description	183
snmp-rmon event type	184
snmp-rmon event owner	185
snmp-rmon event enable	185
snmp-rmon alarm config	186
snmp-rmon alarm owner	187
snmp-rmon alarm enable	188
show snmp global-config	188
show snmp view	189
show snmp group	189
show snmp user	189
show snmp community	190
show snmp destination-host	190
show snmp-rmon history	190
show snmp-rmon event	191
show snmp-rmon alarm	191
Chapter 28 Cluster Commands	193
cluster ndp	193
cluster ntdp	194
cluster explore	195
cluster	195
cluster manage role-change	196
show cluster ndp global	196
show cluster ndp port-status	197
show cluster neighbour	197
show cluster ntdp global	197
show cluster ntdp port-status	198
show cluster ntdp device	198