155
Spanning Tree globally. To return to the default configuration, please use no
spanning-tree tc-defend command. A switch removes MAC address entries
upon receiving TC-BPDUs. If a malicious user continuously sends TC-BPDUs to
a switch, the switch will be busy with removing MAC address entries, which may
decrease the performance and stability of the network.
Syntax
spanning-tree tc-defend [ threshold threshold ] [ period period ]
no spanning-tree tc-defend
Parameter
threshold —— TC Threshold, ranging from 1 to 100 packets. By default, it is 20.
TC Threshold is the maximum number of the TC-BPDUs received by the switch
in a TC Protect Cycle.
period —— TC Protect Cycle, ranging from 1 to 10 in seconds. By default, it is
5.
Command Mode
Global Configuration Mode
Example
Configure TC Threshold as 30 packets, and TC Protect Cycle as 10 seconds:
TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10
spanning-tree security
Description
The spanning-tree security command is used to configure MSTP Port Protect.
To return to the default configuration, please use no spanning-tree security
command. Port Protect function is to prevent the devices from any malicious
attack against STP features.
Syntax
spanning-tree security [loop { disable | enable }] [root { disable | enable }] [TC
{ disable | enable }] [defend { disable | enable }] [hold { disable | enable }]
no spanning-tree security
Parameter
loop —— Enable/ Disable Loop Protect. By default, it is disabled. Loop Protect
is to prevent the loops in the network brought by recalculating STP because of
link failures and network congestions.
root —— Enable/ Disable Root Protect. By default, it is disabled. Root Protect