Page 1: Cli Reference Guide
CLI Reference Guide T2500G-10TS (TL-SG3210) 1910012120 REV1.1.0 May 2017...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-Link Technologies Co., Ltd. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-Link Technologies Co., Ltd.
Page 3: Table Of Contents
CONTENTS Preface ..........................1 Chapter 1 Using the CLI ....................4 Accessing the CLI ........................... 4 1.1.1 Logon by a console port ...................... 4 1.1.2 Logon by Telnet ........................6 1.1.3 Logon by SSH ........................10 CLI Command Modes ........................15 Privilege Restrictions ........................
Page 4 switchport general allowed vlan ....................33 switchport pvid ..........................34 3.10 show vlan summary........................34 3.11 show vlan brief ..........................35 3.12 show vlan ............................35 3.13 show interface switchport ......................36 Chapter 4 MAC-based VLAN Commands ..............37 mac-vlan mac-address ....................... 37 mac-vlan ............................
Page 5 show voice vlan switchport ....................... 55 Chapter 8 L2PT Commands ..................56 l2protocol-tunnel .......................... 56 l2protocol-tunnel type ........................ 56 show l2protocol-tunnel global ....................58 show l2protocol-tunnel interface .................... 58 Chapter 9 GVRP Commands ..................60 gvrp ..............................60 gvrp (interface)..........................60 gvrp registration ..........................
Page 6 11.13 show user configuration ......................81 11.14 show telnet-status........................82 Chapter 12 HTTP and HTTPS Commands ..............83 12.1 ip http server ..........................83 12.2 ip http max-users .......................... 84 12.3 ip http session timeout ....................... 84 12.4 ip http secure-server ........................85 12.5 ip http secure-protocol.......................
Page 7 14.4 ip arp inspection limit-rate ...................... 107 14.5 ip arp inspection recover ......................108 14.6 show ip arp inspection ......................108 14.7 show ip arp inspection interface ..................109 14.8 show ip arp inspection statistics ..................109 14.9 clear ip arp inspection statistics ................... 110 Chapter 15 DoS Defend Commands ................
Page 8 Chapter 18 System Log Commands ................132 18.1 logging buffer ..........................132 18.2 logging file flash ......................... 133 18.3 logging file flash frequency ....................133 18.4 logging file flash level ....................... 134 18.5 logging host index ........................135 18.6 clear logging ..........................136 18.7 show logging local-config.......................
Page 9 21.2 system-time ntp ......................... 153 21.3 system-time dst predefined ....................155 21.4 system-time dst date ....................... 156 21.5 system-time dst recurring ...................... 157 21.6 hostname ............................158 21.7 location ............................158 21.8 contact-info ..........................159 21.9 reset ............................... 160 21.10 reboot ............................
Page 10 Chapter 23 Ethernet Configuration Commands ............. 179 23.1 interface gigabitEthernet ......................179 23.2 interface range gigabitEthernet.................... 179 23.3 description ........................... 180 23.4 shutdown ............................181 23.5 flow-control ..........................182 23.6 duplex ............................182 23.7 speed ............................. 183 23.8 storm-control ..........................184 23.9 bandwidth .............................
Page 11 Chapter 27 Loopback Detection Commands ............202 27.1 loopback-detection(global) ....................202 27.2 loopback-detection interval ....................202 27.3 loopback-detection recovery-time ..................203 27.4 loopback-detection(interface) ....................204 27.5 loopback-detection config ..................... 204 27.6 loopback-detection recover ....................205 27.7 show loopback-detection global..................206 27.8 show loopback-detection interface ..................
Page 12 29.4 spanning-tree mode ......................... 227 29.5 spanning-tree mst configuration ..................228 29.6 instance ............................228 29.7 name ............................... 229 29.8 revision ............................230 29.9 spanning-tree mst instance ....................231 29.10 spanning-tree mst ........................231 29.11 spanning-tree priority ......................232 29.12 spanning-tree tc-defend ......................
Page 13 31.4 ip igmp snooping immediate-leave ..................251 31.5 ip igmp snooping drop-unknown ..................251 31.6 ip igmp snooping vlan-config ....................252 31.7 ip igmp snooping multi-vlan-config ..................253 31.8 ip igmp snooping filter(global) ....................255 31.9 ip igmp snooping filter(interface) ..................255 31.10 ip igmp snooping filter add-id ....................
Page 14 32.16 ipv6 mld snooping querier vlan ..................... 276 32.17 ipv6 mld snooping querier vlan max-response-time ............. 277 32.18 ipv6 mld snooping querier vlan query-interval ..............278 32.19 ipv6 mld snooping querier vlan query-source ..............278 32.20 ipv6 mld snooping filter(global) ..................... 279 32.21 ipv6 mld snooping filter(interface) ..................
Page 15 33.18 show snmp-server view ......................305 33.19 show snmp-server group ......................305 33.20 show snmp-server user ......................306 33.21 show snmp-server community ..................... 306 33.22 show snmp-server host ......................306 33.23 show snmp-server engineID ....................307 33.24 show rmon history ........................307 33.25 show rmon event ........................
Page 16 35.9 server ............................. 329 35.10 show aaa group .......................... 330 35.11 aaa authentication login ......................331 35.12 aaa authentication enable....................... 332 35.13 aaa authentication dot1x default ..................333 35.14 aaa accounting dot1x default ....................333 35.15 show aaa authentication ......................334 35.16 show aaa accounting ........................
Page 17: Preface
Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for T2500G-10TS JetStream 8-Port Gigabit L2 Managed Switch with 2 SFP Slots without any explanation. Overview of this Guide...
Page 18 Chapter 12: HTTP and HTTPS Commands Provide information about the commands used for configuring the HTTP and HTTPS logon. Chapter 13: Binding Table Commands Provide information about the commands used for binding the IP address, MAC address, VLAN and the connected Port number of the Host together. Besides it also provide information about the commands used for monitoring the process of the Host obtaining the IP address from DHCP server, and record the IP address, MAC address, VLAN and the connected Port number of the Host for automatic binding.
Page 19 Chapter 25: Port Mirror Commands Provide information about the commands used for configuring the Port Mirror function. Chapter 26: Port Isolation Commands Provide information about the commands used for configuring Port Isolation function. Chapter 27: Loopback Detection Commands Provide information about the commands used for configuring the Loopback Detection function.
Page 20: Chapter 1 Using The Cli
64-bit Windows 8.1  After the TP-Link USB Console Driver is installed, the PC’s USB port will act as RS-232 serial port when the PC’s USB port is connected to the switch’s Micro-USB console port. And the PC’s USB port will act as standard USB port when the PC’s USB port is unplugged from the...
Page 21 Logon  Take the following steps to log on to the switch by the console port. Connect the PCs or Terminals to the console port on the switch by the provided cable. Start the terminal emulation program (such as the HyperTerminal) on the PC. Specify the connection COM port in the terminal emulation program.
Page 22: Logon By Telnet
The DOS prompt ”T2500G-10TS>” will appear after pressing the Enter button as shown in Figure 1-1. It indicates that you can use the CLI now. Figure 1-2 Log in the Switch 1.1.2 Logon by Telnet Telnet login has the following two modes. You can choose one according to your needs: Login local Mode: It requires username and password, which are both admin by default.
Page 23 Now, you can logon by Telnet in login local mode. Make sure the switch and the PC are in the same LAN. Click Start and type in cmd in the Search programs and files window and press the Enter button. Figure 1-4 Run Window Type telnet 192.168.0.1 in the command prompt shown as Figure 1-4, and press the Enter button.
Page 24 Type enable command to enter Privileged EXEC Mode. Figure 1-7 Enter into the Priviledged EXEC Mode Now you can manage your switch with CLI commands through Telnet connection. Login Mode  Firstly configure the Telnet login mode as “login” and the connection password as 456 in the prompted DOS screen shown in Figure 1-7.
Page 25 Type telnet 192.168.0.1 in the command prompt shown as Figure 1-9, and press the Enter button. Figure 1-10 Connecting to the Switch You are prompted to enter the connection password 456 you have set through Console port connection, and then you are in User EXEC Mode. Figure 1-11 Enter into the User EXEC Mode Type enable command to enter Privileged EXEC Mode.
Page 26: Logon By Ssh
1.1.3 Logon by SSH To log on by SSH, a Putty client software is recommended. There are two authentication modes to set up an SSH connection: Password Authentication Mode: It requires username and password, which are both admin by default. Key Authentication Mode: It requires a public key for the switch and a private key for the SSH client software.
Page 27 Password Authentication Mode  Open the software to log on to the interface of PuTTY. Enter the IP address of the switch into Host Name field; keep the default value 22 in the Port field; select SSH as the Connection type. Figure 1-14 SSH Connection Config Click the Open button in the above figure to log on to the switch.
Page 28 Key Authentication Mode  Select the key type and key length, and generate SSH key. Figure 1-16 Generate SSH Key Note: The key length is in the range of 512 to 3072 bits. During the key generation, randomly moving the mouse quickly can accelerate the key generation.
Page 29 After the key is successfully generated, please save the public key and private key to a TFTP server. Figure 1-17 Save the Generated Key Log on to the switch by Telnet and download the public key file from the TFTP server to the switch, as the following figure shows: Figure 1-18 Download the Public Key...
Page 30 Note: The key type should accord with the type of the key file. The SSH key downloading can not be interrupted. After the public key is downloaded, please log on to the interface of PuTTY and enter the IP address for login. Figure 1-19 SSH Connection Config...
Page 31: Cli Command Modes
Click Browse to download the private key file to SSH client software and click Open. Figure 1-20 Download the Private Key After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded.
Page 32 Accessing Path Prompt next mode Use the exit command to User EXEC Primary mode once it disconnect the switch. T2500G-10TS> is connected with the Use the enable command to Mode switch. access Privileged EXEC mode. Enter the disable or the exit...
Page 33 Layer 2 Interface: Use the end command or Use the interface press Ctrl+Z to return to Privileged EXEC mode. port, gigabitEthernet T2500G-10TS (config-if)# Interface Enter the exit or the # or interface range command to return to Global Configuration gigabitEthernet Configuration mode.
Page 34: Privilege Restrictions
Global Configuration Mode: In this mode, global commands are provided, such as the  Spanning Tree, Schedule Mode and so on. Interface Configuration Mode: In this mode, users can configure one or several ports,  different ports corresponds to different commands a).
Page 35: Conventions
Conventions 1.4.1 Format Conventions The following conventions are used in this Guide: Items in square brackets [ ] are optional  Items in braces { } are required  Alternative items are grouped in braces and separated by vertical bars. For example: ...
Page 36: Chapter 2 User Interface
User EXEC Mode Privilege Requirement None. Example If you have set the password to access Privileged EXEC Mode from User EXEC Mode: T2500G-10TS>enable Enter password： T2500G-10TS# enable-admin Description The enable-admin command is used to evaluate the current log-in user to the Admin access level.
Page 37: Service Password-Encryption
To disable the global encryption function, please use no service password-encryption command. Syntax service password-encryption no service password-encryption Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Enable the global encryption function: T2500G-10TS(config)# service password-encryption...
Page 38: Enable Password
enable password Description The enable password command is used to set or change the password for users to access Privileged EXEC Mode from User EXEC Mode. To remove the password, please use no enable password command. This command uses the symmetric encryption. Syntax password encrypted-password...
Page 39: Enable Secret
Example Set the super password as “admin” and unencrypted to access Privileged EXEC Mode from User EXEC Mode: T2500G-10TS(config)#enable password 0 admin enable secret Description The enable secret command is used to set a secret password, which is using an MD5 encryption algorithm, for users to access Privileged EXEC Mode from User EXEC Mode.
Page 40: Configure
Set the secret password as “admin” and unencrypted to access Privileged EXEC Mode from User EXEC Mode. The password will be displayed in the encrypted form. T2500G-10TS(config)#enable secret 0 admin configure Description The configure command is used to access Global Configuration Mode from Privileged EXEC Mode.
Page 41: End
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: T2500G-10TS(config-if)# exit T2500G-10TS(config)#exit T2500G-10TS# Description The end command is used to return to Privileged EXEC Mode. Syntax...
Page 42: Show History
Privileged EXEC Mode and any Configuration Mode Privilege Requirement None. Example Show the commands you have entered in the current mode: T2500G-10TS (config)# show history 1 show history 2.11 clear history Description The clear history command is used to clear the commands you have entered in the current mode, therefore these commands will not be shown next time you use the show history command.
Page 43 Command Mode Privileged EXEC Mode and any Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Clear the commands you have entered in the current mode: T2500G-10TS(config)# clear history...
Page 44: Chapter 3 Ieee 802.1Q Vlan Commands
2-3, 5. It is multi-optional. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Create VLAN 2-10 and VLAN 100: T2500G-10TS(config)# vlan 2-10,100 Delete VLAN 2: T2500G-10TS(config)# no vlan 2...
Page 45: Interface Vlan
Only Admin, Operator and Power User level users have access to these commands. Example Create VLAN Interface 2: T2500G-10TS(config)# interface vlan 2 name Description The name command is used to assign a description to a VLAN. To clear the description, please use no name command.
Page 46: Switchport Mode
Only Admin, Operator and Power User level users have access to these commands. Example Specify the name of VLAN 2 as “group1”: T2500G-10TS(config)# vlan 2 T2500G-10TS(config-vlan)# name group1 switchport mode Description The switchport mode command is used to configure the Link Types for the ports.
Page 47: Switchport Access Vlan
Example Configure Gigabit Ethernet port 1/0/3 whose link type is “access” to VLAN 2: T2500G-10TS(config)#interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)#switchport access vlan 2 switchport trunk allowed vlan Description The switchport trunk allowed vlan command is used to add the desired Trunk port to IEEE 802.1Q VLAN. To remove a Trunk port from the corresponding VLAN, please use no switchport trunk allowed vlan command.
Page 48: Switchport Trunk Allowed Vlan All
Configure the link type of port 2 as trunk and add it to VLAN 2: T2500G-10TS(config)#interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)#switchport mode trunk T2500G-10TS(config-if)#switchport trunk allowed vlan 2 switchport trunk allowed vlan all Description The switchport trunk allowed vlan all command is used to add the desired trunk port to all the IEEE 802.1Q VLANs.
Page 49: Switchport General Allowed Vlan
Configure the link type of port 2 as trunk and add it to all the VLANs: T2500G-10TS(config)#interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)#switchport mode trunk T2500G-10TS(config-if)# switchport trunk allowed vlan all switchport general allowed vlan Description The switchport general allowed vlan command is used to add the desired General port to IEEE 802.1Q VLAN, or to remove a port from the...
Page 50: Switchport Pvid
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the PVID of port 1/0/2 as 2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# switchport pvid 2 3.10 show vlan summary Description The show vlan summary command is used to display the summarized information of IEEE 802.1Q VLAN.
Page 51: Show Vlan Brief
Example Display the summarized information of IEEE 802.1Q VLAN: T2500G-10TS(config)# show vlan summary 3.11 show vlan brief Description The show vlan brief command is used to display the brief information of IEEE 802.1Q VLAN. Syntax show vlan brief Command Mode...
Page 52: Show Interface Switchport
Privilege Requirement None. Example Display the information of vlan 5: T2500G-10TS(config)# show vlan id 5 3.13 show interface switchport Description The show interface switchport command is used to display the IEEE 802.1Q VLAN configuration information of the specified port/port channel.
Page 53: Chapter 4 Mac-Based Vlan Commands
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Create VLAN 2 with the MAC address 00:11:11:01:01:12 and the name “TP”: T2500G-10TS(config)#mac-vlan mac-address 00:11:11:01:01:12 vlan 2 description TP...
Page 54: Mac-Vlan
Only Admin, Operator and Power User level users have access to these commands. Example Enable the Gigabit Ethernet port 1/0/3 for the MAC-based VLAN feature: T2500G-10TS(config)#interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)#mac-vlan show mac-vlan Description The show mac-vlan command is used to display the information of the MAC-based VLAN entry.
Page 55 Privilege Requirement None. Parameter mac-addr —— MAC address, in the format of XX:XX:XX:XX:XX:XX. vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Example Display the information of all the MAC-based VLAN entry: T2500G-10TS(config)#show mac-vlan all...
Page 56: Chapter 5 Protocol-Based Vlan Commands
Chapter 5 Protocol-based VLAN Commands Protocol VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A Protocol is relative to a single VLAN ID. The untagged packets and the priority-tagged packets matching the protocol template will be tagged with this VLAN ID. protocol-vlan template Description The protocol-vlan template command is used to create Protocol-based...
Page 57: Protocol-Vlan Vlan
Example Create a Protocol-based VLAN template named “TP” whose Ethernet protocol type is 0x2024: T2500G-10TS(config)#protocol-vlan template name TP frame ether_2 ether-type 2024 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol-based VLAN entry. To delete a Protocol-based VLAN entry, please use no protocol-vlan vlan command.
Page 58: Protocol-Vlan Group
Only Admin, Operator and Power User level users have access to these commands. Example Add Gigabit Ethernet port 20 to protocol group 1: T2500G-10TS(config)#interface gigabitEthernet 1/0/20 T2500G-10TS(config-if)#protocol-vlan group 1 show protocol-vlan template Description The show protocol-vlan template command is used to display the information of the Protocol-based VLAN templates.
Page 59: Show Protocol-Vlan Vlan
Privilege Requirement None. Example Display the information of the Protocol-based VLAN templates: T2500G-10TS(config)#show protocol-vlan template show protocol-vlan vlan Description The show protocol-vlan vlan command is used to display the information about Protocol-based VLAN entry. Syntax show protocol-vlan vlan Command Mode...
Page 60: Chapter 6 Vlan-Vpn Commands
Only Admin, Operator and Power User level users have access to these commands. Example Enable the VLAN-VPN function globally: T2500G-10TS(config)#dot1q-tunnel dot1q-tunnel tpid Description The dot1q-tunnel tpid command is used to configure Global TPID of the VLAN-VPN. To restore to the default value, please use the no dot1q-tunnel...
Page 61: Dot1Q-Tunnel Mapping
Only Admin, Operator and Power User level users have access to these commands. Example Configure Global TPID of the VLAN-VPN as 0x9100: T2500G-10TS(config)#dot1q-tunnel tpid 9100 dot1q-tunnel mapping Description The dot1q-tunnel mapping command is used to enable the VLAN Mapping feature globally. To disable this function, please use the no dot1q-tunnel mapping command.
Page 62: Switchport Dot1Q-Tunnel Mapping
Add a VLAN Mapping entry on the Gigabit Ethernet port 1/0/3 with the Customer VLAN as VLAN 2, the Service Provider priority as 1, the Service Provider VLAN as VLAN 3 and the description as TP: T2500G-10TS(config)#interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)#switchport dot1q-tunnel mapping 2 3 1 TP...
Page 63: Switchport Dot1Q-Tunnel Missdrop
Only Admin, Operator and Power User level users have access to these commands. Example Enable the VLAN-VPN missdrop function for Gigabit Ethernet port 1/0/3: T2500G-10TS (config)#interface gigabitEthernet 1/0/3 T2500G-10TS (config-if)#switchport dot1q-tunnel missdrop switchport dot1q-tunnel mode Description The switchport dot1q-tunnel mode command is used to configure the VPN port’s mode.
Page 64: Show Dot1Q-Tunnel
Only Admin, Operator and Power User level users have access to these commands. Example Configure the Gigabit Ethernet port 1/0/3 as the VPN UNI ports: T2500G-10TS(config)#interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)#switchport dot1q-tunnel mode uni show dot1q-tunnel Description The show dot1q-tunnel command is used to display the global configuration information of the VLAN VPN.
Page 65: Show Dot1Q-Tunnel Mapping
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the information of VLAN Mapping entry: T2500G-10TS(config)#show dot1q-tunnel mapping show dot1q-tunnel interface Description The show dot1q-tunnel mapping interface command is used to display the VLAN VPN port type.
Page 66: Chapter 7 Voice Vlan Commands
Only Admin, Operator and Power User level users have access to these commands. Example Enable the Voice VLAN function for VLAN 10: T2500G-10TS(config)# voice vlan 10 voice vlan aging time Description The voice vlan aging time command is used to set the aging time for a voice VLAN.
Page 67: Voice Vlan Priority
Only Admin, Operator and Power User level users have access to these commands. Example Set the aging time for the Voice VLAN as 1 minute: T2500G-10TS(config)# voice vlan aging time 1 voice vlan priority Description The voice vlan priority command is used to configure the priority for the Voice VLAN.
Page 68: Voice Vlan Mac-Address
Example Configure the priority of the Voice VLAN as 5: T2500G-10TS(config)# voice vlan priority 5 voice vlan mac-address Description The voice vlan mac-address command is used to create Voice VLAN OUI. To delete the specified Voice VLAN OUI, please use no voice vlan mac-address command.
Page 69: Switchport Voice Vlan Mode
Example Configure the port 1/0/3 to operate in the auto voice VLAN mode: T2500G-10TS(config)# interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)# switchport voice vlan mode auto switchport voice vlan security Description The switchport voice vlan security command is used to enable the Voice VLAN security feature.
Page 70: Show Voice Vlan
Example Enable port 1/0/3 for the Voice VLAN security feature: T2500G-10TS(config)# interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)# switchport voice vlan security show voice vlan Description The show voice vlan command is used to display the global configuration information of Voice VLAN.
Page 71: Show Voice Vlan Switchport
Only Admin, Operator and Power User level users have access to these commands. Example Display the Voice VLAN configuration information of all ports and port channels: T2500G-10TS(config)# show voice vlan switchport Display the Voice VLAN configuration information of port 1/0/2: T2500G-10TS(config)# show voice vlan switchport gigabitEthernet 1/0/2...
Page 72: Chapter 8 L2Pt Commands
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable the L2PT function globally: T2500G-10TS(config)# l2protocol-tunnel l2protocol-tunnel type Description The l2protocol-tunnel type command is used to configure the L2PT function on a specified port. To disable the L2PT function on the specified port, please...
Page 73: Command Mode
Syntax l2protocol-tunnel type nni l2protocol-tunnel type uni { 01000ccccccc | 01000ccccccd | gvrp | stp | lacp threshold | all } [ threshold no l2protocol-tunnel Parameter nni —— Specify the port type according to its connecting device in the network. Specify the port’s type as NNI if it is connecting to the ISP network. uni ——...
Page 74: Show L2Protocol-Tunnel Global
Configure port 1/0/3 as a UNI port for STP packets with the threshold as 1000 packets/second: T2500G-10TS (config)#interface gigabitEthernet 1/0/3 T2500G-10TS (config-if)# l2protocol-tunnel type uni stp threshold 1000 show l2protocol-tunnel global Description The show l2protocol-tunnel global command is used to display the global L2PT status.
Page 75 Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the L2PT configuration information of Gigabit Ethernet port 1/0/1: T2500G-10TS(config)#show l2protocol-tunnel interface gigabitEthernet 1/0/1 Display the L2PT configuration information of all Ethernet ports: T2500G-10TS(config)#show l2protocol-tunnel interface...
Page 76: Chapter 9 Gvrp Commands
Only Admin, Operator and Power User level users have access to these commands. Example Enable the GVRP function globally: T2500G-10TS(config)#gvrp gvrp (interface) Description The gvrp command is used to enable the GVRP function for the desired port. To disable it, please use no gvrp command. The GVRP feature can only be enabled for the trunk-type ports.
Page 77: Gvrp Registration
Only Admin, Operator and Power User level users have access to these commands. Example Enable the GVRP function for Gigabit Ethernet ports 1/0/2-6: T2500G-10TS(config)#interface range gigabitEthernet 1/0/2-6 T2500G-10TS(config-if-range)#gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type for the desired port.
Page 78: Gvrp Timer
Example Configure the GVRP registration mode as “fixed” for Gigabit Ethernet ports 1/0/2-6: T2500G-10TS(config)#interface range gigabitEthernet 1/0/2-6 T2500G-10TS(config-if-range)#gvrp registration fixed gvrp timer Description The gvrp timer command is used to set a GVRP timer for the desired port. To restore to the default setting of a GARP timer, please use no gvrp timer command.
Page 79: Show Gvrp Interface
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the GVRP configuration information of Gigabit Ethernet port 1: T2500G-10TS(config)#show gvrp interface gigabitEthernet 1/0/1 Display the GVRP configuration information of all Ethernet ports: T2500G-10TS(config)#show gvrp interface...
Page 80: Show Gvrp Global
Description The show gvrp global command is used to display the global GVRP status. Syntax show gvrp global Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the global GVRP status: T2500G-10TS(config)#show gvrp global...
Page 81: Chapter 10 Etherchannel Commands
Chapter 10 Etherchannel Commands Etherchannel Commands are used to configure LAG and LACP function. LAG (Link Aggregation Group) is to combine a number of ports together to make a single high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is the sum of bandwidth of its member port.
Page 82: Port-Channel Load-Balance
Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: T2500G-10TS(config)# interface range gigabitEthernet 1/0/2-4 T2500G-10TS(config-if-range)# channel-group 1 mode on 10.2 port-channel load-balance Description The port-channel load-balance command is used to configure the Aggregate Arithmetic for LAG. To return to the default configurations, please use no port-channel load-balance command.
Page 83: Lacp System-Priority
Only Admin, Operator and Power User level users have access to these commands. Example Configure the LACP system priority as 1024 globally: T2500G-10TS(config)# lacp system-priority 1024 10.4 lacp port-priority Description The lacp port-priority command is used to configure the LACP port priority for specified ports.
Page 84: Show Etherchannel
Only Admin, Operator and Power User level users have access to these commands. Example Configure the LACP port priority as 1024 for ports 1-3: T2500G-10TS(config)# interface range gigabitEthernet 1/0/1-3 T2500G-10TS(config-if-range)# lacp port-priority 1024 Configure the LACP port priority as 2048 for port 4: T2500G-10TS(config)# interface gigabitEthernet 1/0/4 T2500G-10TS(config-if)# lacp port-priority 2048 10.5...
Page 85: Show Etherchannel Load-Balance
Example Display the detailed information of EtherChannel Group 1: T2500G-10TS(config)# show etherchannel 1 detail 10.6 show etherchannel load-balance Description The show etherchannel load-balance command is used to display the Aggregate Arithmetic of LAG. Syntax show etherchannel load-balance Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None.
Page 86: Show Lacp Sys-Id
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the internal LACP information of EtherChannel Group 1: T2500G-10TS(config)# show lacp 1 internal 10.8 show lacp sys-id Description The show lacp sys-id command is used to display the LACP system priority globally.
Page 87: Chapter 11 User Management Commands
Chapter 11 User Management Commands User Manage Commands are used to manage the user’s logging information by Web, Telnet or SSH, so as to protect the settings of the switch from being randomly changed. 11.1 user name (password) Description The user name command is used to add a new user or modify the existed users’...
Page 88: User Name (Secret)
Example Add and enable a new admin user named “tplink”, of which the password is “admin” and unencrypted: T2500G-10TS(config)#user name tplink privilege admin password 0 admin 11.2 user name (secret) Description The user name command is used to add a new user or modify the existed users’...
Page 89: User Access-Control Ip-Based
Example Add and enable a new admin user named “tplink”, of which the password is “admin”. The password will be displayed in the encrypted form. T2500G-10TS(config)#user name tplink privilege admin secret 0 admin 11.3 user access-control ip-based Description The user access-control ip-based command is used to limit the IP-range of the users for login.
Page 90: User Access-Control Mac-Based
—— Delete the specified IP-based entry. The index ranges from 1 to 5. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable the access-control of the user whose IP address is 192.168.0.148: T2500G-10TS(config)# user access-control ip-based 192.168.0.148 255.255.255.255 11.4...
Page 91: User Access-Control Port-Based
Only Admin and Operator level users have access to these commands. Example Configure that only the user whose MAC address is 00:00:13:0A:00:01 is allowed to login: T2500G-10TS(config)# user access-control mac-based 00:00:13:0A:00:01 11.5 user access-control port-based Description The user access-control port-based command is used to limit the ports for login.
Page 92: Line
Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure that only the users connected to ports 1/0/2-6 are allowed to login: T2500G-10TS(config)# user access-control port-based interface range gigabitEthernet 1/0/2-6 11.6 line Description...
Page 93: Password
Enter the Console port configuration mode and configure the console port 0: T2500G-10TS(config)#line console 0 Enter the Virtual Terminal configuration mode so as to prepare further configurations such as password and login mode for virtual terminal 0 to 5: T2500G-10TS(config)#line vty 0 5 11.7 password Description The password command is used to configure the connection password.
Page 94: Login
T2500G-10TS(config)#line console 0 T2500G-10TS(config-line)#password 0 tplink Configure the connection password of virtual terminal connection 0-5 as “tplink” and unencrypted: T2500G-10TS(config)#line vty 0 5 T2500G-10TS(config-line)#password 0 tplink 11.8 login Description The login command is used to configure the login mode of a switch which uses connection password to login.
Page 95: Login Local
T2500G-10TS(config-line)#login Configure the login of virtual terminal connection 0-5 as login mode: T2500G-10TS(config)#line vty 0 5 T2500G-10TS(config-line)#login 11.9 login local Description The login local command is used to configure the login mode of the switch which uses the user name and password to login.
Page 96: Telnet
Privilege Requirement Only Admin level users have access to these commands. Example Enable the RJ-45 console input: T2500G-10TS(config)# line console 0 T2500G-10TS(config-line)# media-type rj45 Receive the micro-USB console input prior to the RJ-45 console input: T2500G-10TS(config)# line console 0 T2500G-10TS(config-line)# no media-type rj45 11.11 telnet...
Page 97: Show User Account-List
Privilege Requirement Only Admin level users have access to these commands. Example Display the information of the current users: T2500G-10TS(config)# show user account-list 11.13 show user configuration Description The show user configuration command is used to display the security configuration information of the users, including access-control, max-number and the idle-timeout, etc.
Page 98: Show Telnet-Status
Example Display the security configuration information of the users: T2500G-10TS(config)# show user configuration 11.14 show telnet-status Description The show telnet-status command is used to display the configuration information of the Telnet function. Syntax show telnet-status Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None.
Page 99: Chapter 12 Http And Https Commands
Syntax ip http server no ip http server Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Disable the HTTP function: T2500G-10TS(config)# no ip http server...
Page 100: Ip Http Max-Users
Only Admin and Operator level users have access to these commands. Example Configure the maximum number of the Admin and Guest users logging on to the HTTP server as 5 and 3: T2500G-10TS(config)# ip http max-users 5 3 12.3 ip http session timeout Description The ip http session timeout command is used to configure the connection timeout of the HTTP server.
Page 101: Ip Http Secure-Server
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the timeout time of the HTTP connection as 15 minutes: T2500G-10TS(config)# ip http session timeout 15 12.4 ip http secure-server Description The ip http secure-server command is used to enable the HTTPS server within the switch.
Page 102: Ip Http Secure-Protocol
Only Admin, Operator and Power User level users have access to these commands. Example Configure the protocol of SSL connection as SSL 3.0: T2500G-10TS(config)# ip http secure-protocol ssl3 12.6 ip http secure-ciphersuite Description The ip http secure-ciphersuite command is used to configure the cipherSuites over the SSL connection supported by the switch.
Page 103: Ip Http Secure-Max-Users
Only Admin, Operator and Power User level users have access to these commands. Example Configure the ciphersuite to be used for encryption over the SSL connection as 3des-ede-cbc-sha: T2500G-10TS(config)# ip http secure-ciphersuite 3des-ede-cbc-sha 12.7 ip http secure-max-users Description The ip http secure-max-users command is used to configure the maximum number of users that are allowed to connect to the HTTPs server.
Page 104: Ip Http Secure-Session Timeout
Example Configure the maximum number of the Admin and Guest users logging on to the HTTPs server as 5 and 3: T2500G-10TS(config)# ip http secure-max-users 5 3 12.8 ip http secure-session timeout Description The ip http secure-session timeout command is used to configure the connection timeout of the HTTPS server.
Page 105: Ip Http Secure-Server Download Certificate
Example Download an SSL Certificate named ssl-cert from TFTP server with the IP address of 192.168.0.146: T2500G-10TS(config)# ip http secure-server download certificate ssl-cert ip-address 192.168.0.146 Download an SSL Certificate named ssl-cert from TFTP server with the IP address of fe80::1234...
Page 106: Ip Http Secure-Server Download Key
Example Download an SSL key named ssl-key from TFTP server with the IP address of 192.168.0.146: T2500G-10TS(config)# ip http secure-server download key ssl-key ip-address 192.168.0.146 Download an SSL key named ssl-key from TFTP server with the IP address of fe80::1234...
Page 107: Show Ip Http Configuration
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration information of the HTTP server: T2500G-10TS(config)# show ip http configuration 12.12 show ip http secure-server Description The show ip http secure-server command is used to display the global configuration of SSL.
Page 108: Chapter 13 Binding Table Commands
Chapter 13 Binding Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be the condition for the ARP Inspection to filter the packets. 13.1 ip source binding Description The ip source binding command is used to bind the IP address, MAC address, VLAN ID and the Port number together manually.
Page 109: Ip Source Binding Index
192.168.0.1 00:00:00:00:00:01 vlan 2 interface gigabitEthernet 1/0/5 arp-detection Delete the IP-MAC–VID-PORT entry with the index 5: T2500G-10TS(config)#no ip source binding index 5 13.2 ip source binding index Description The ip source binding index command is used to modify the existing entry of ip source binding.
Page 110: Ip Dhcp Snooping
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Modify the hostname as “tp-link” of the entry with the index 1: T2500G-10TS(config)#ip source binding index 1 hostname tp-link 13.3 ip dhcp snooping Description The ip dhcp snooping command is used to enable DHCP-Snooping function globally.
Page 111: Ip Dhcp Snooping Global
Only Admin, Operator and Power User level users have access to these commands. Example Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, and decline Flow Control as 20 pps for DHCP Snooping: T2500G-10TS(config)# ip dhcp snooping global global-rate 30 dec-threshold 20 dec-rate 20...
Page 112: Ip Dhcp Snooping Information Option
Example Enable the Option 82 function of DHCP Snooping on port 1/0/1: T2500G-10TS(config)# interface gigabitEthernet 1/0/1 T2500G-10TS(config)#ip dhcp snooping information option 13.6 ip dhcp snooping information strategy Description The ip dhcp snooping information strategy command is used to select the operation for the Option 82 field of the DHCP request packets from the Host.
Page 113: Ip Dhcp Snooping Information Format
Example Replace the Option 82 field of the packets with the switch defined one and then send out on port 1/0/1: T2500G-10TS(config)# interface gigabitEthernet 1/0/1 T2500G-10TS(config)# ip dhcp snooping information strategy replace 13.7 ip dhcp snooping information format Description The ip dhcp snooping information format command is used to select the format of option 82 sub-option value field.
Page 114: Ip Dhcp Snooping Information Remote-Id
Example Select the format of option 82 sub-option value field as TLV (type-length-value) on port 1/0/1: T2500G-10TS(config)#interface gigabitEthernet 1/0/1 T2500G-10TS(config-if)#ip dhcp snooping information format normal 13.8 ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is used to enable and configure the customized sub-option Remote ID for the Option 82.
Page 115: Ip Dhcp Snooping Information Circuit-Id
Example Enable and configure the customized sub-option Remote ID for the Option 82 as tplink on port 1/0/1: T2500G-10TS(config)# interface gigabitEthernet 1/0/1 T2500G-10TS(config)# ip dhcp snooping information remote-id tplink 13.9 ip dhcp snooping information circuit-id Description The ip dhcp snooping information circuit-id command is used to enable and configure the customized sub-option Circuit ID for the Option 82.
Page 116: Ip Dhcp Snooping Trust
Example Configure port 2 to be a Trusted Port: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# ip dhcp snooping trust 13.11 ip dhcp snooping mac-verify Description The ip dhcp snooping mac-verify command is used to enable the MAC Verify feature. To disable the MAC Verify feature, please use no ip dhcp snooping mac-verify command.
Page 117: Ip Dhcp Snooping Limit Rate
Example Enable the MAC Verify feature for port 2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# ip dhcp snooping mac-verify 13.12 ip dhcp snooping limit rate Description The ip dhcp snooping limit rate command is used to enable the Flow Control feature for the DHCP packets.
Page 118: Ip Dhcp Snooping Decline
Example Set the Flow Control of port 2 as 20 pps: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# ip dhcp snooping limit rate 20 13.13 ip dhcp snooping decline Description The ip dhcp snooping decline command is used to enable the Decline Protect feature.
Page 119: Show Ip Dhcp Snooping Information
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the Option 82 configuration status of DHCP-Snooping: T2500G-10TS# show ip dhcp snooping information 13.16 show ip dhcp snooping interface gigabitEthernet Description The show ip dhcp snooping interface gigabitEthernet command is used to display the DHCP-Snooping configuration of desired Gigabit Ethernet ports.
Page 120 Parameters port ——The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the DHCP-Snooping configuration of port 2: T2500G-10TS# show ip dhcp snooping interface gigabitEthernet 1/0/2...
Page 121: Chapter 14 Arp Inspection Commands
Only Admin, Operator and Power User level users have access to these commands. Example Enable the ARP Detection function globally: T2500G-10TS(config)#ip arp inspection 14.2 ip arp inspection trust Description The ip arp inspection trust command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port.
Page 122: Ip Arp Inspection(Interface)
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the Gigabit Ethernet ports 1/0/2-5 as the Trusted Port: T2500G-10TS(config)#interface range gigabitEthernet 1/0/2-5 T2500G-10TS(config-if-range)#ip arp inspection trust 14.3 ip arp inspection(interface) Description The ip arp inspection command is used to enable the ARP Defend function.
Page 123: Ip Arp Inspection Limit-Rate
Only Admin, Operator and Power User level users have access to these commands. Example Configure the maximum amount of the received ARP packets per second as 50 pps for Gigabit Ethernet port 5: T2500G-10TS(config)#interface gigabitEthernet 1/0/5 T2500G-10TS(config-if)#ip arp inspection limit-rate 50...
Page 124: Ip Arp Inspection Recover
Only Admin, Operator and Power User level users have access to these commands. Example Restore Gigabit Ethernet port 1/0/5 to the ARP transmit status: T2500G-10TS(config)#interface gigabitEthernet 1/0/5 T2500G-10TS(config-if)#ip arp inspection recover 14.6 show ip arp inspection Description The show ip arp inspection command is used to display the ARP detection global configuration including the enable/disable status and the Trusted Port list.
Page 125: Show Ip Arp Inspection Interface
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration of Gigabit Ethernet port 1/0/1: T2500G-10TS(config)#show ip arp inspection interface gigabitEthernet 1/0/1 Display the configuration of all Ethernet ports: T2500G-10TS(config)#show ip arp inspection interface 14.8 show ip arp inspection statistics...
Page 126: Clear Ip Arp Inspection Statistics
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the number of the illegal ARP packets received: T2500G-10TS(config)#show ip arp inspection statistics 14.9 clear ip arp inspection statistics Description The clear ip arp inspection statistics command is used to clear the statistic of the illegal ARP packets received.
Page 127: Chapter 15 Dos Defend Commands
Only Admin, Operator and Power User level users have access to these commands. Example Enable the DoS defend function globally: T2500G-10TS(config)#ip dos-prevent 15.2 ip dos-prevent type Description The ip dos-prevent type command is used to select the DoS Defend Type.
Page 128: Show Ip Dos-Prevent
Only Admin, Operator and Power User level users have access to these commands. Example Enable the DoS Defend Type named Land attack: T2500G-10TS(config)#ip dos-prevent type land 15.3 show ip dos-prevent Description The show ip dos-prevent command is used to display the DoS information of the detected DoS attack, including enable/disable status, the DoS Defend Type, the count of the attack, etc.
Page 129 Syntax show ip dos-prevent Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the DoS information of the detected DoS attack globally: T2500G-10TS(config)#show ip dos-prevent...
Page 130: Chapter 16 Ieee 802.1X Commands
 status of the supplicant. It is usually an 802.1X-supported network device, such as this TP-Link switch. It acts as an intermediary (proxy) between the supplicant and the authentication server, requesting identity information from the supplicant, verifying that information with the authentication server, and relaying a response to the supplicant.
Page 131: Dot1X Handshake
The dot1x handshake command is used enable the handshake feature. The handshake feature is used to detect the connection status between the TP-Link 802.1x supplicant and the switch. Please disable the handshake feature if you are using a non-TP-Link 802.1x-compliant client software. This feature is enabled by default. Syntax...
Page 132: Dot1X Accounting
Only Admin, Operator and Power User level users have access to these commands. Example Configure the Authentication Method of IEEE 802.1X as “pap”: T2500G-10TS(config)#dot1x auth-method pap 16.4 dot1x accounting Description The dot1x accounting command is used to enable the IEEE 802.1X accounting function globally.
Page 133: Dot1X Vlan-Assignment
To disable the 802.1X VLAN assignment feature, please use no dot1x vlan-assignment command. Syntax dot1x vlan-assignment no dot1x vlan-assignment Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the 802.1X VLAN assignment feature globally: T2500G-10TS(config)# dot1x vlan-assignment...
Page 134: Dot1X Guest-Vlan(Global)
Only Admin, Operator and Power User level users have access to these commands. Example Enable the Guest VLAN function for VLAN 5: T2500G-10TS(config)#dot1x guest-vlan 5 16.7 dot1x quiet-period Description The dot1x quiet-period command is used to enable the quiet-period function.
Page 135: Dot1X Timeout Supplicant-Timeout
Example Enable the quiet-period function: T2500G-10TS(config)#dot1x quiet-period Enable the quiet-period function and set the quiet-period as 5 seconds: T2500G-10TS(config)#dot1x quiet-period 5 16.8 dot1x timeout supplicant-timeout Description The dot1x timeout supplicant-timeout command is used to configure the supplicant timeout. To restore to the default, please use no dot1x timeout supplicant-timeout command.
Page 136: Dot1X Max-Reauth-Req
Only Admin, Operator and Power User level users have access to these commands. Example Configure the supplicant’s timeout value as 5 seconds: T2500G-10TS(config)#dot1x timeout supplicant-timeout 5 16.9 dot1x max-reauth-req Description The dot1x max-reauth-req command is used to configure the maximum transfer times of the repeated authentication request when the server cannot be connected.
Page 137: Dot1X
Only Admin, Operator and Power User level users have access to these commands. Example Enable the IEEE 802.1X function for the Gigabit Ethernet port 1: T2500G-10TS(config)#interface gigabitEthernet 1/0/1 T2500G-10TS(config-if)#dot1x 16.11 dot1x guest-vlan(interface) Description The dot1x guest-vlan command is used to enable the guest VLAN function for a specified port.
Page 138: Dot1X Mab
Only Admin, Operator and Power User level users have access to these commands. Example Enable the Guest VLAN function for Gigabit Ethernet port 1/0/2: T2500G-10TS(config)#interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)#dot1x guest-vlan 16.12 dot1x mab Description The dot1x mab command is used to enable the MAB feature for the port.
Page 139: Dot1X Port-Control
Example Enable the MAB feature for Gigabit Ethernet port 20: T2500G-10TS (config)#interface gigabitEthernet 1/0/20 T2500G-10TS (config-if)#dot1x mab 16.13 dot1x port-control Description The dot1x port-control command is used to configure the Control Mode of IEEE 802.1X for the specified port. By default, the control mode is “auto”. To restore to the default configuration, please use no dot1x port-control command.
Page 140: Dot1X Port-Method
T2500G-10TS(config)#interface gigabitEthernet 1/0/20 T2500G-10TS(config-if)#dot1x port-control authorized-force 16.14 dot1x port-method Description The dot1x port-method command is used to configure the control type of IEEE 802.1X for the specified port. By default, the control type is “mac-based”. To restore to the default configuration, please use no dot1x port-method command.
Page 141: Show Dot1X Global
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration of 801.X globally: T2500G-10TS(config)#show dot1x global 16.16 show dot1x interface Description The show dot1x interface command is used to display all ports or the specified port’s configuration information of 801.X.
Page 142 Example Display the configuration information of 801.X for Gigabit Ethernet port 20: T2500G-10TS(config)#show dot1x interface gigabitEthernet 1/0/20 Display the configuration information of 801.X for all Ethernet ports: T2500G-10TS(config)#show dot1x interface...
Page 143: Chapter 17 Pppoe Id-Insertion Commands
To disable the PPPoE ID-Insertion function, please use no pppoe id-insertion command. Syntax pppoe id-insertion no pppoe id-insertion Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the PPPoE ID-Insertion function: T2500G-10TS(config)# pppoe id-insertion...
Page 144: Pppoe Circuit-Id(Interface)
Only Admin, Operator and Power User level users have access to these commands. Example Enable the PPPoE Circuit-ID Insertion function for the Gigabit Ethernet port 1/0/1: T2500G-10TS (config)# interface gigabitEthernet 1/0/1 T2500G-10TS (config-if)# pppoe circuit-id 17.3 pppoe circuit-id type Description The pppoe circuit-id type command is used to configure the type of PPPoE Circuit-ID for a specified port.
Page 145: Pppoe Remote-Id
Example Configure the type of PPPoE Circuit-ID as “mac” for the Gigabit Ethernet port 1/0/1: T2500G-10TS (config)# interface gigabitEthernet 1/0/1 T2500G-10TS (config-if)# pppoe circuit-id type mac 17.4 pppoe remote-id Description The pppoe remote-id command is used to enable the PPPoE Remote-ID Insertion and configure the Remote-ID value for a specified port.
Page 146: Show Pppoe Id-Insertion Global
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration of PPPoE Circuit-ID Insertion function globally: T2500G-10TS # show pppoe circuit-id global 17.6 show pppoe id-insertion interface Description The show pppoe id-insertion interface command is used to display all ports’...
Page 147 Display the configuration information of PPPoE Circuit-ID Insertion function of all Ethernet ports: T2500G-10TS# show pppoe id-insertion interface Display the configuration of PPPoE Circuit-ID Insertion function of the Gigabit Ethernet port 1/0/1 : T2500G-10TS# show pppoe id-insertion interface gigabitEthernet 1/0/1...
Page 148: Chapter 18 System Log Commands
By default, it is 6 indicating that all the log information between level 0-6 will be saved in the log buffer. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Set the severity level as 5: T2500G-10TS(config)#logging buffer 5...
Page 149: Logging File Flash
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable the log file flash function: T2500G-10TS(config)#logging file flash 18.3 logging file flash frequency Description The logging file flash frequency command is used to specify the frequency to synchronize the system log file in the log buffer to the flash.
Page 150: Logging File Flash Level
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Specify the log file synchronization frequency as 10 hours: T2500G-10TS(config)#logging file flash frequency periodic10 18.4 logging file flash level Description The logging file flash level command is used to specify the system log message severity level.
Page 151: Logging Host Index
Only Admin and Operator level users have access to these commands. Example Save the log messages with their severities equal or higher than 7 to the flash : T2500G-10TS(config)#logging file flash level 7 18.5 logging host index Description The logging host index command is used to configure the Log Host. To clear the configuration of the specified Log Host, please use no logging host index command.
Page 152: Clear Logging
T2500G-10TS(config)# logging host index 2 192.168.0.148 5 18.6 clear logging Description The clear logging command is used to clear the information in the log buffer and log file. Syntax clear logging [ buffer | flash ] Parameter buffer | flash —The output channels: buffer and flash. Clear the information of the two channels, by default.
Page 153: Show Logging Loghost
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration of the log host 2: T2500G-10TS(config)# show logging loghost 2 18.9 show logging buffer Description The show logging buffer command is used to display the log information in the log buffer according to the severity level.
Page 154: Show Logging Flash
None. Example Display the log information from level 0 to level 5 in the log buffer: T2500G-10TS(config)# show logging buffer level 5 18.10 show logging flash Description The show logging flash command is used to display the log information in the log file according to the severity level.
Page 155: Chapter 19 Ssh Commands
Only Admin, Operator and Power User level users have access to these commands. Example Enable the SSH function: T2500G-10TS(config)# ip ssh server 19.2 ip ssh version Description The ip ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ip ssh version command.
Page 156: Ip Ssh Algorithm
Only Admin, Operator and Power User level users have access to these commands. Example Enable SSH v2: T2500G-10TS(config)# ip ssh version v2 19.3 ip ssh algorithm Description The ip ssh algorithm command is used to configure the algorithm in SSH function.
Page 157: Ip Ssh Timeout
Only Admin, Operator and Power User level users have access to these commands. Example Specify the idle-timeout time of SSH as 30 seconds: T2500G-10TS(config)# ip ssh timeout 30 19.5 ip ssh max-client Description The ip ssh max-client command is used to specify the maximum number of the connections to the SSH server.
Page 158: Ip Ssh Download
Only Admin, Operator and Power User level users have access to these commands. Example Specify the maximum number of the connections to the SSH server as 3: T2500G-10TS(config)# ip ssh max-client 3 19.6 ip ssh download Description The ip ssh download command is used to download the SSH key file from TFTP server.
Page 159: Remove Public-Key
192.168.0.148 Download an SSH-1 type key file named ssh-key from TFTP server with the IP address fe80::1234: T2500G-10TS(config)# ip ssh download v1 ssh-key ip-address fe80::1234 19.7 remove public-key Description The remove public-key command is used to remove the SSH public key from the switch.
Page 160 Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the global configuration of SSH: T2500G-10TS(config)# show ip ssh...
Page 161: Chapter 20 Mac Address Commands
Only Admin, Operator and Power User level users have access to these commands. Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and port 1 together: T2500G-10TS(config)# mac address-table static 00:02:58:4f:6c:23 vid 1 interface gigabitEthernet 1/0/1...
Page 162: Mac Address-Table Aging-Time
Only Admin, Operator and Power User level users have access to these commands. Example Configure the aging time as 500 seconds: T2500G-10TS(config)# mac address-table aging-time 500 20.3 mac address-table filtering Description The mac address-table filtering command is used to add the filtering address entry.
Page 163: Mac Address-Table Max-Mac-Count
Example Add a filtering address entry of which VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: T2500G-10TS(config)# mac address-table filtering 00:1e:4b:04:01:5d vid 1 20.4 mac address-table max-mac-count Description The mac address-table max-mac-count command is used to configure the Port Security.
Page 164: Show Mac Address-Table
30. When the number of MAC address entries reaches 30 on this port, new entry will be dropped : T2500G-10TS(config)# interface gigabitEthernet 1/0/1 T2500G-10TS(config-if)# mac address-table max-mac-count max-number 30 mode static status drop 20.5 show mac address-table...
Page 165: Clear Mac Address-Table
Only Admin, Operator and Power User level users have access to these commands. Example Clear the information of all static address entries: T2500G-10TS(config)# clear mac address-table static 20.7 show mac address-table aging-time Description The show mac address-table aging-time command is used to display the...
Page 166: Show Mac Address-Table Max-Mac-Count
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the security configuration of all ports: T2500G-10TS(config)# show mac address-table max-mac-count interface gigabitEthernet Display the security configuration of port 1/0/1: T2500G-10TS(config)# show mac address-table max-mac-count interface gigabitEthernet 1/0/1...
Page 167: Show Mac Address-Table Interface
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the address configuration of port 1/0/1: T2500G-10TS(config)# show mac address-table interface gigabitEthernet 1/0/1 20.10 show mac address-table count Description The show mac address-table count command is used to display the total amount of MAC address table.
Page 168: Show Mac Address-Table Address
Syntax show mac address-table vlan Parameter —— The specified VLAN id. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the MAC address configuration of vlan 1: T2500G-10TS(config)# show mac address-table vlan 1...
Page 169: Chapter 21 System Configuration Commands
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the system mode as manual, and the time is 12/20/2010 17:30:35 T2500G-10TS(config)# system-time manual 12/20/2010-17:30:35 21.2 system-time ntp Description The system-time ntp command is used to configure the time zone and the IP address for the NTP Server.
Page 170 The detailed information that each time-zone means are displayed as follow: UTC-12:00 —— TimeZone for International Date Line West. UTC-11:00 —— TimeZone for Coordinated Universal Time-11. UTC-10:00 —— TimeZone for Hawaii. UTC-09:00 —— TimeZone for Alaska. UTC-08:00 —— TimeZone for Pacific Time(US Canada). UTC-07:00 ——...
Page 171: System-Time Dst Predefined
Only Admin and Operator level users have access to these commands. Example Configure the system time mode as NTP, the time zone is UTC-12:00, the primary NTP server is 133.100.9.2 and the secondary NTP server is 139.78.100.163, the fetching-rate is 11 hours: T2500G-10TS(config)# system-time UTC-12:00 133.100.9.2 139.79.100.163 11 21.3...
Page 172: System-Time Dst Date
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the daylight saving time as USA standard: T2500G-10TS(config)#system-time dst predefined USA 21.4 system-time dst date Description The system-time dst date command is used to configure the one-off daylight saving time.
Page 173: System-Time Dst Recurring
Configure the DST start time as 00:00 am on April 1 , the end time as 00:00 am on October 1 and the offset as 30 minutes: T2500G-10TS(config)# system-time dst date Apr 1 00:00 Oct 1 00:00 30 21.5 system-time dst recurring Description The system-time dst recurring command is used to configure the recurring daylight saving time.
Page 174: Hostname
Parameter hostname —— System Name. The length of the name ranges from 1 to 32 characters. By default, it is the device name, for example “T2500G-10TS”. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands.
Page 175: Contact-Info
—— Contact Information. It consists of 32 characters at most. It is “www.tp-link.com” by default. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the system contact information as www.tp-link.com: T2500G-10TS(config)# contact info www.tp-link.com...
Page 176: Reset
Privilege Requirement Only Admin level users have access to these commands. Example Reset the software of the switch: T2500G-10TS# reset 21.10 reboot Description The reboot command is used to reboot the Switch. To avoid damage, please don’t turn off the device while rebooting.
Page 177: Copy Running-Config Startup-Config
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Save current settings: T2500G-10TS# copy running-config startup-config 21.12 copy startup-config tftp Description The copy startup-config tftp command is used to backup the configuration file to TFTP server.
Page 178: Copy Tftp Startup-Config
T2500G-10TS# copy startup-config tftp ip-address 192.168.0.148 filename config Backup the configuration files to TFTP server with the IP fe80::1234 and name this file config.cfg: T2500G-10TS# copy startup-config tftp ip-address fe80::1234 filename config 21.13 copy tftp startup-config Description The copy tftp startup-config command is used to download the configuration file to the switch from TFTP server.
Page 179: Boot Application
Privilege Requirement Only Admin level users have access to these commands. Example Configure the image2.bin as the startup image: T2500G-10TS(config)# boot application filename image2 startup 21.15 remove backup-image Description The remove backup-image command is used to delete the backup-image. Syntax...
Page 180: Firmware Upgrade
Upgrade the switch’s backup iamge file with the file firmware.bin in the TFTP server with the IP address 192.168.0.148, and reboot the switch with this firmware: T2500G-10TS# firmware upgrade ip-address 192.168.0.148 filename firmware.bin It will only upgrade the backup image. Continue? (Y/N):y...
Page 181: Ping
T2500G-10TS# firmware upgrade ip-address fe80::1234 filename firmware.bin It will only upgrade the backup image. Continue? (Y/N):y Operation OK! Reboot with the backup image? (Y/N): n 21.17 ping Description The ping command is used to test the connectivity between the switch and one node of the network.
Page 182: Tracert
T2500G-10TS# ping 192.168.0.131 –n 8 –l 512 To test the connectivity between the switch and the network device with the count count IP fe80::1234, please specify the (-l) as 512 bytes and (-i) as 1000 milliseconds. If there is not any response after 8 times’ Ping test, the connection between the switch and the network device is failed to establish: T2500G-10TS# ping fe80::1234 –n 8 –l 512...
Page 183: Show System-Info
If the destination device has not been found after 20 the connection between the switch and the destination device is failed to establish: T2500G-10TS# tracert fe80::1234 20 21.19 show system-info Description The show system-info command is used to display System Description, Device Name, Device Location, System Contact, Hardware Version, Firmware Version, System Time, Run Time and so on.
Page 184: Show Running-Config
Example Display the system boot configuration information: T2500G-10TS# show boot 21.21 show running-config Description The show running-config command is used to display the current operating configurations of the system or of a specified port. Syntax show running-config [ all ] Parameter all ——...
Page 185: Show Startup-Config
Privilege Requirement Only Admin level users have access to these commands. Example Display the operating configuration that includes the “vlan” keyword: T2500G-10TS# show running-config | include vlan 21.23 show startup-config Description The show startup-config command is used to display the current configuration saved in the switch.
Page 186: Show System-Time Dst
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the DST time information of the switch T2500G-10TS# show system-time dst 21.26 show system-time ntp Description The show system-time ntp command is used to display the NTP mode configuration information.
Page 187: Show Cable-Diagnostics Interface Gigabitethernet
Privilege Requirement None. Example Show the cable-diagnostics of port 3: T2500G-10TS# show cable-diagnostics interface gigabitEthernet 1/0/3 21.28 show cable-diagnostics careful interface Description The show cable-diagnostics careful interface gigabitEthernet command is used to display the connection status of the cable connected to the switch.
Page 188 Parameter port —— The number of the port which is selected for Cable test. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Show the cable-diagnostics of port 3: T2500G-10TS# show cable-diagnostics careful interface gigabitEthernet 1/0/3...
Page 189: Chapter 22 Ipv6 Address Configuration Commands
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the IPv6 function on the VLAN interface 1： T2500G-10TS(config)# interface vlan 1 T2500G-10TS(config-if)# ipv6 enable 22.2 ipv6 address autoconfig Description This command is used to enable the automatic configuration of the ipv6 link-local address.
Page 190: Ipv6 Address Link-Local
Only Admin, Operator and Power User level users have access to these commands. Example Enable the automatic configuration of the ipv6 link-local address on VLAN interface 1: T2500G-10TS(config)# interface vlan 1 T2500G-10TS(config-if)# ipv6 address autoconfig 22.3 ipv6 address link-local Description The ipv6 address link-local command is used to configure the ipv6 link-local address manually on a specified interface.
Page 191: Ipv6 Address Dhcp
Only Admin, Operator and Power User level users have access to these commands. Example Configure the link-local address as fe80::1234 on the VLAN interface 1: T2500G-10TS(config)# interface vlan 1 T2500G-10TS(config-if)# ipv6 address fe80::1234 link-local 22.4 ipv6 address dhcp Description The ipv6 address dhcp command is used to enable the DHCPv6 Client function.
Page 192: Ipv6 Address Eui-64
Only Admin, Operator and Power User level users have access to these commands. Example Enable the automatic ipv6 address configuration function to obtain IPv6 address through the RA message on VLAN interface 1: T2500G-10TS(config)# interface vlan 1 T2500G-10TS(config-if)# ipv6 address ra 22.6 ipv6 address eui-64 Description This command is used to manually configure a global IPv6 address with an extended unique identifier (EUI) in the low-order 64 bits on the interface.
Page 193: Ipv6 Address
Example Configure an EUI-64 global address on the interface with the network prefix 3ffe::/64: T2500G-10TS(config)# interface vlan 1 T2500G-10TS(config-if)# ipv6 address 3ffe::/64 eui-64 22.7 ipv6 address Description This command is used to manually configure a global IPv6 address on the interface.
Page 194: Show Ipv6 Interface
Syntax show ipv6 interface Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the ipv6 information of the management interface: T2500G-10TS(config)# show ipv6 interface...
Page 195: Chapter 23 Ethernet Configuration Commands
Only Admin, Operator and Power User level users have access to these commands. Example To enter the Interface gigabitEthernet Configuration Mode and configure port T2500G-10TS(config)# interface gigabitEthernet 1/0/2 23.2 interface range gigabitEthernet Description The interface range gigabitEthernet command is used to enter the interface range gigabitEthernet Configuration Mode and configure multiple Gigabit Ethernet ports at the same time.
Page 196: Description
Example To enter the Interface range gigabitEthernet Configuration Mode, and configure ports 1, 2, 3, 6, 7 and 9 at the same time by adding them to one port-list: T2500G-10TS(config)# interface range gigabitEthernet 1/0/1-3,1/0/6-7,1/0/9 23.3 description Description The description command is used to add a description to the Ethernet port.
Page 197: Shutdown
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Add a description Port_5 to port 1/0/5: T2500G-10TS(config)# interface gigabitEthernet 1/0/5 T2500G-10TS(config-if)# description Port_5 23.4 shutdown Description The shutdown command is used to disable an Ethernet port. To enable this port again, please use no shutdown command.
Page 198: Flow-Control
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable the flow-control function for port 1/0/3: T2500G-10TS(config)# interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)# flow-control 23.6 duplex Description The duplex command is used to configure the Duplex Mode for an Ethernet port.
Page 199: Speed
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the Duplex Mode as full-duplex for port 1/0/3: T2500G-10TS(config)# interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)# duplex full 23.7 speed Description The speed command is used to configure the Speed Mode for an Ethernet port.
Page 200: Storm-Control
Only Admin, Operator and Power User level users have access to these commands. Example Configure the broadcast storm control rate as 2Mbps on port 1/0/5: T2500G-10TS(config)# interface gigabitEthernet 1/0/5 T2500G-10TS(config-if)# storm-control broadcast rate 2m 23.9 bandwidth Description The bandwidth command is used to configure the bandwidth limit for an Ethernet port.
Page 201: Clear Counters
Example Configure the ingress-rate as 5120Kbps and egress-rate as 1024Kbps for port 1/0/5: T2500G-10TS(config)# interface gigabitEthernet 1/0/5 T2500G-10TS(config-if)# bandwidth ingress 5120 egress 1024 23.10 clear counters Description The clear counters command is used to clear the statistics information of all the Ethernet ports.
Page 202: Show Interface Status
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the statistics information of all Ethernet ports: T2500G-10TS(config)# show interface counters Display the statistics information of port 1/0/2: T2500G-10TS(config)# show interface counters gigabitEthernet 1/0/2...
Page 203: Show Interface Configuration
[ interface gigabitEthernet Parameter —— port-list The list of Ethernet ports. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the storm-control information of port 4, 5, 6, and 7: T2500G-10TS(config)# show storm-control interface gigabitEthernet 1/0/4-7...
Page 204: Show Bandwidth
[ interface gigabitEthernet Parameter —— port-list The list of Ethernet ports. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the bandwidth-limit information of port 1/0/4: T2500G-10TS(config)# show bandwidth interface gigabitEthernet 1/0/4...
Page 205: Chapter 24 Qos Commands
CoS value of the ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. Example Configure the priority of port 5 as 3: T2500G-10TS(config)# interface gigabitEthernet 1/0/5 T2500G-10TS(config-if)# qos 3...
Page 206: Qos Dscp
DSCP priority and CoS value. Example Enable the mapping relation between DSCP Priority and CoS value: T2500G-10TS(config)# qos dscp 24.3 qos queue cos-map Description The qos queue cos-map command is used to configure the mapping relation between IEEE 802.1P priority tag/IEEE 802.1Q tag, CoS value and the TC...
Page 207: Qos Queue Dscp-Map
Among the priority levels TC0-TC3, the bigger value, the higher priority. Example Map CoS 5 to TC 2: T2500G-10TS(config)# qos queue cos-map 5 2 24.4 qos queue dscp-map Description The qos queue dscp-map command is used to configure the mapping relation between DSCP Priority and the CoS value.
Page 208: Qos Queue Mode
(0-7)-CoS 0, (8-15)-CoS 1, (16-23)-CoS 2, (24-31)-CoS 3, (32-39)-CoS 4, (40-47)-CoS 5, (48-55)-CoS 6, (56-63)-CoS 7. Example Map DSCP values 10-12 to CoS 2: T2500G-10TS(config)# qos queue dscp-map 10-12 2 24.5 qos queue mode Description The qos queue mode command is used to configure the Schedule Mode. To return to the default Equal-Mode, please use no qos queue mode command.
Page 209: Show Qos Interface
Only Admin, Operator and Power User level users have access to these commands. Example Specify the Schedule Mode as Weight Round Robin Mode: T2500G-10TS(config)# qos queue mode wrr 24.6 show qos interface Description The show qos interface command is used to display the configuration of QoS based on port priority.
Page 210: Show Qos Cos-Map
Example Display the configuration of QoS for all ports and LAGs: T2500G-10TS# show qos interface Display the configuration of QoS for ports 1/0/1-4: T2500G-10TS# show qos interface gigabitEthernet 1/0/1-4 24.7 show qos cos-map Description The show qos cos-map command is used to display the configuration of IEEE 802.1P Priority and the mapping relation between cos-id and tc-id.
Page 211: Show Qos Queue Mode
Privilege Requirement None. Example Display the schedule rule of the egress queues: T2500G-10TS# show qos queue mode 24.10 show qos status Description The show qos status command is used to display the status of IEEE 802.1P priority and DSCP priority.
Page 212 Privilege Requirement None. Example Display the status of IEEE 802.1P priority and DSCP priority: T2500G-10TS# show qos status...
Page 213: Chapter 25 Port Mirror Commands
Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Create monitor session 1 and configure port 1/0/1 as the monitoring port: T2500G-10TS(config)# monitor session destination interface gigabitEthernet 1/0/1 Delete the monitoring port 1/0/2 from monitor session 1：...
Page 214: Monitor Session Source Interface
T2500G-10TS(config)# no monitor session 1 destination interface gigabitEthernet 1/0/2 Delete the monitor session 1: T2500G-10TS(config)# no monitor session 1 25.2 monitor session source interface Description The monitor session source interface command is used to configure the monitored port. To delete the corresponding monitored port, please use no monitor session source interface command.
Page 215: Show Monitor Session
—— The monitor session number, can only be specified as 1. It is optional. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the monitoring configuration of monitor session 1: T2500G-10TS(config)# show monitor session 1...
Page 216: Chapter 26 Port Isolation Commands
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Set port 1, 2, 4 and port channel 2 to the forward list of port 1/0/5: T2500G-10TS(config)# interface gigabitEthernet 1/0/5 T2500G-10TS(config-if)# port isolation gi-forward-list 1/0/1-2,1/0/4...
Page 217: Show Port Isolation Interface
1/0/2. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the forward-list of port 1/0/2: T2500G-10TS# show port isolation interface gigabitEthernet 1/0/2 Display the forward-list of all Ethernet ports: T2500G-10TS# show port isolation interface...
Page 218: Chapter 27 Loopback Detection Commands
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the loopback detection function globally: T2500G-10TS(config)# loopback-detection 27.2 loopback-detection interval Description The loopback-detection interval command is used to define the interval of sending loopback detection packets from switch ports to network, aiming at detecting network loops periodically.
Page 219: Loopback-Detection Recovery-Time
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the interval-time as 50 seconds: T2500G-10TS(config)# loopback-detection interval 50 27.3 loopback-detection recovery-time Description The loopback-detection recovery-time command is used to configure the time after which the blocked port would automatically recover to normal status.
Page 220: Loopback-Detection(Interface)
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the loopback detection function of ports 1-3: T2500G-10TS(config)# interface range gigabitEthernet 1/0/1-3 T2500G-10TS(Config-if-range)# loopback-detection 27.5 loopback-detection config Description The loopback-detection config command is used to configure the process-mode and recovery-mode for the ports by which the switch copes with the detected loops.
Page 221: Loopback-Detection Recover
Only Admin, Operator and Power User level users have access to these commands. Example Configure the loopback detection process-mode as port-based and recovery-mode as manual for port 2: T2500G-10TS (config)# interface gigabitEthernet 1/0/2 T2500G-10TS (config-if)# loopback-detection config process-mode port-based recovery-mode manual 27.6 loopback-detection recover...
Page 222: Show Loopback-Detection Global
Example Recover the blocked port 1/0/2 to normal status: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# loopback-detection recover 27.7 show loopback-detection global Description The show loopback-detection global command is used to display the global configuration of loopback detection function such as loopback detection global status, loopback detection interval and loopback detection recovery time.
Page 223 Privilege Requirement None. Example Display the configuration of loopback detection function and the status of all ports: T2500G-10TS# show loopback-detection interface Display the configuration of loopback detection function and the status of port 5: T2500G-10TS# show loopback-detection interface gigabitEthernet 1/0/5...
Page 224: Chapter 28 Acl Commands
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Add a time-range named tSeg1: T2500G-10TS(config)# time-range tSeg1 28.2 absolute Description The absolute command is used to configure a time-range into an absoluteness mode. To delete the corresponding Absoluteness Mode...
Page 225: Periodic
Only Admin, Operator and Power User level users have access to these commands. Example Configure the time-range tSeg1 with time from May 5, 2012 to Oct. 5, 2012: T2500G-10TS(config)# time-range tSeg1 T2500G-10TS(config-time-range)# absolute start 05/05/2012 end 10/05/2012 28.3 periodic Description The periodic command is used to configure the time-range into periodic mode.
Page 226: Holiday
Time-range Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the time-range tSeg1 with time from 8:30 to 12:00 at weekend: T2500G-10TS(config)#time-range tSeg1 T2500G-10TS(config-time-range)#periodic week-date weekend time-slice1 08:30-12:00 28.4 holiday...
Page 227: Holiday(Global)
Only Admin, Operator and Power User level users have access to these commands. Example Define National Day, configuring the start date as October 1st, and the end date as October 3rd: T2500G-10TS(config)#holiday nationalday start-date 10/01 end-date 10/03 28.6 access-list create Description The access-list create command is used to create standard-IP ACL and extend-IP ACL.
Page 228: Mac Access-List
Only Admin, Operator and Power User level users have access to these commands. Example Create a standard-IP ACL whose ID is 123: T2500G-10TS(config)# access-list create 123 28.7 mac access-list Description The mac access-list command is used to create MAC ACL. To set the detailed configurations for a specified MAC ACL, please use mac access-list command to access Mac Access-list Configuration Mode.
Page 229: Access-List Standard
28.8 access-list standard Description The access-list standard command is used to add Standard-IP ACL rule. To delete the corresponding rule, please use no access-list standard command. Standard-IP ACLs analyze and process data packets based on a series of match conditions, which can be the source IP addresses and destination IP addresses carried in the packets.
Page 230: Access-List Extended
255.255.255.0, the time-range for the rule to take effect is “tRange1”, and the packets match this rule will be forwarded by the switch: T2500G-10TS(config)# access-list create 120 T2500G-10TS(config)# access-list standard 120 rule 10 permit sip 192.168.0.100 smask 255.255.255.0 tseg tSeg1 28.9...
Page 231: Rule
255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: T2500G-10TS(config)# access-list create 220 T2500G-10TS(config)# access-list extended 220 rule 10 permit sip 192.168.0.100 smask 255.255.255.0 tseg tSeg1 28.10 rule Description The rule command is used to configure MAC ACL rule.
Page 232: Access-List Policy Name
“tRange1”, and the packets match this rule will be forwarded by the switch: T2500G-10TS(config)# mac access-list 20 T2500G-10TS(config-mac-acl)# rule 10 permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tRange1 28.11 access-list policy name Description The access-list policy name command is used to add Policy.
Page 233: Access-List Policy Action
Only Admin, Operator and Power User level users have access to these commands. Example Add a Policy named policy1: T2500G-10TS(config)# access-list policy name policy1 28.12 access-list policy action Description The access-list policy action command is used to add ACLs and create actions for the policy.
Page 234: Redirect Interface
Only Admin, Operator and Power User level users have access to these commands. Example Add ACL whose ID is 120 to policy1 and create an action for them: T2500G-10TS(config)# access-list policy action policy1 120 28.13 redirect interface Description The redirect interface command is used to configure Direction function of policy action for specified ports.
Page 235: S-Mirror
Example Edit the actions for policy1. For the data packets matching ACL 120 in the policy, if the rate beyond 1000kbps, they will be discarded by the switch: T2500G-10TS(config)#access-list policy action policy1 120 T2500G-10TS(config-action)#s-condition rate 1000 osd discard 28.15 s-mirror...
Page 236: Qos-Remark
Only Admin, Operator and Power User level users have access to these commands. Example Edit the actions for policy1. For the data packets matching ACL 120, specify the DSCP region as 30 and local priority 2: T2500G-10TS(config)#access-list policy action policy1 120 T2500G-10TS(config-action)# qos-remark dscp 30 priority 2...
Page 237: Access-List Bind(Interface)
Only Admin, Operator and Power User level users have access to these commands. Example Bind policy1 to port 1/0/2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# access-list bind policy1 28.18 access-list bind(vlan) Description The access-list bind command is used to bind a policy to a VLAN. To cancel the bind relation, please use no access-list bind command.
Page 238: Show Access-List
Only Admin, Operator and Power User level users have access to these commands. Example Bind policy1 to VLAN 2: T2500G-10TS(config)# interface vlan 2 T2500G-10TS(config-if)# access-list bind policy1 28.19 show access-list Description The show access-list command is used to display configuration of ACL.
Page 239: Show Access-List Policy
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the information of a policy named policy1: T2500G-10TS(config)# show access-list policy policy1 28.22 show access-list bind Description The show access-list bind command is used to display the configuration of Policy bind.
Page 240 Example Display the configuration of Policy bind: T2500G-10TS(config)# show access-list bind...
Page 241: Chapter 29 Mstp Commands
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the STP function: T2500G-10TS(config)# spanning-tree 29.2 spanning-tree(interface) Description The spanning-tree command is used to enable STP function for a port. To disable the STP function, please use no spanning-tree command.
Page 242: Spanning-Tree Common-Config
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the STP function for port 1/0/2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# spanning-tree 29.3 spanning-tree common-config Description The spanning-tree common-config command is used to configure the parameters of the ports for comparison in the CIST and the common parameters of all instances.
Page 243: Spanning-Tree Mode
Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: T2500G-10TS(config)# interface gigabitEthernet 1/0/1 T2500G-10TS(config-if)# spanning-tree common-config port-priority 64 ext-cost 100 int-cost 100 portfast enable point-to-point open 29.4...
Page 244: Spanning-Tree Mst Configuration
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the spanning-tree mode as mstp: T2500G-10TS(config)# spanning-tree mode mstp 29.5 spanning-tree mst configuration Description The spanning-tree mst configuration command is used to access MST Configuration Mode from Global Configuration Mode, as to configure the VLAN-Instance mapping, region name and revision level.
Page 245: Name
T2500G-10TS(config)# spanning-tree mst configuration T2500G-10TS(config-mst)# no instance 1 Remove VLANs 1-50 in mapping VLANs 1-100 for Instance 1: T2500G-10TS(config)# spanning-tree mst configuration T2500G-10TS(config-mst)# no instance 1 vlan 1-50 29.7 name Description The name command is used to configure the region name of MST instance.
Page 246: Revision
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the region name of MST as “region1”: T2500G-10TS(config)# spanning-tree mst configuration T2500G-10TS(config-mst)# name region1 29.8 revision Description The revision command is used to configure the revision level of MST instance.
Page 247: Spanning-Tree Mst Instance
Only Admin, Operator and Power User level users have access to these commands. Example Enable the MST Instance 1 and configure its priority as 4096: T2500G-10TS(config)# spanning-tree mst instance 1 priority 4096 29.10 spanning-tree mst Description The spanning-tree mst command is used to configure MST Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree mst command.
Page 248: Spanning-Tree Priority
Example Configure the priority of port 1 in MST Instance 1 as 64, and path cost as 2000: T2500G-10TS(config)# interface gigabitEthernet 1/0/1 T2500G-10TS(config-if)# spanning-tree mst instance 1 port-priority 64 cost 2000 29.11 spanning-tree priority Description The spanning-tree priority command is used to configure the bridge priority.
Page 249: Spanning-Tree Tc-Defend
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure TC Threshold as 30 packets and TC Protect Cycle as 10 seconds: T2500G-10TS(config)# spanning-tree tc-defend threshold 30 period 10...
Page 250: Spanning-Tree Timer
Only Admin, Operator and Power User level users have access to these commands. Example Configure forward-time, hello-time and max-age for Spanning Tree as 16 seconds, 3 seconds and 22 seconds respectively: T2500G-10TS(config)# spanning-tree timer forward-time 16 hello-time 3 max-age 22...
Page 251: Spanning-Tree Hold-Count
Only Admin, Operator and Power User level users have access to these commands. Example Configure the hold-count of STP as 8pps: T2500G-10TS(config)# spanning-tree hold-count 8 29.15 spanning-tree max-hops Description The spanning-tree max-hops command is used to configure the maximum number of hops that occur in a specific region before the BPDU is discarded.
Page 252: Spanning-Tree Bpdufilter
Only Admin, Operator and Power User level users have access to these commands. Example Configure the max-hops of STP as 30: T2500G-10TS(config)# spanning-tree max-hops 30 29.16 spanning-tree bpdufilter Description The spanning-tree bpdufilter command is used to enable the BPDU filter function for a port.
Page 253: Spanning-Tree Guard Loop
Only Admin, Operator and Power User level users have access to these commands. Example Enable the BPDU protect function for port 1/0/2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# spanning-tree bpduguard 29.18 spanning-tree guard loop Description The spanning-tree guard loop command is used to enable the Loop Protect function for a port.
Page 254: Spanning-Tree Guard Root
Example Enable the Loop Protect function for port 2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# spanning-tree guard loop 29.19 spanning-tree guard root Description The spanning-tree guard root command is used to enable the Root Protect function for a port. With the Root Protect function enabled, the root bridge will set itself automatically as ERROR-PORT when receiving BPDU packets with higher priority, in order to maintain the role of root ridge.
Page 255: Spanning-Tree Mcheck
Only Admin, Operator and Power User level users have access to these commands. Example Enable the TC Protect of Spanning Tree for port 2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# spanning-tree guard tc 29.21 spanning-tree mcheck Description The spanning-tree mcheck command is used to enable mcheck.
Page 256: Show Spanning-Tree Active
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the active information of spanning-tree: T2500G-10TS(config)# show spanning-tree active 29.23 show spanning-tree bridge Description The show spanning-tree bridge command is used to display the bridge parameters. Syntax...
Page 257: Show Spanning-Tree Interface
Example Display the spanning-tree information of all ports: T2500G-10TS(config)# show spanning-tree interface Display the spanning-tree information of port 1/0/2: T2500G-10TS(config)# show spanning-tree interface gigabitEthernet 1/0/2 Display the spanning-tree mode information of port 1/0/2: T2500G-10TS(config)# show spanning-tree interface gigabitEthernet 1/0/2 mode 29.25 show spanning-tree interface-security...
Page 258: Show Spanning-Tree Mst
Display the protect information of port 1: T2500G-10TS(config)# show spanning-tree interface-security gigabitEthernet 1/0/1 Display the interface security bpdufilter information: T2500G-10TS(config)# show spanning-tree interface-security bpdufilter 29.26 show spanning-tree mst Description The show spanning-tree mst command is used to display the related information of MST Instance.
Page 259 T2500G-10TS(config)#show spanning-tree mst configuration Display the related information of MST Instance 1: T2500G-10TS(config)#show spanning-tree mst instance 1 Display all the ports information of MST Instance 1: T2500G-10TS(config)#show spanning-tree mst instance 1 interface...
Page 260: Chapter 30 Dldp Commands
Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable the DLDP function globally: T2500G-10TS(config)# dldp 30.2 dldp interval Description The dldp interval command is used to define the interval of sending advertisement packets on ports that are in the advertisement state.
Page 261: Dldp Shut-Mode
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Specify the interval of sending advertisement packets as 10 seconds: T2500G-10TS(config)# dldp interval 10 30.3 dldp shut-mode Description The dldp shut-mode command is used to configure the shutdown mode when a unidirectional link is detected.
Page 262: Dldp Reset(Global)
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable the DLDP function of ports 1/0/2-4: T2500G-10TS (config)# interface range gigabitEthernet 1/0/2-4...
Page 263: Dldp Reset(Interface)
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Reset the DLDP function of ports 2-4: T2500G-10TS (config)# interface range gigabitEthernet 1/0/2-4 T2500G-10TS (config-if-range)# dldp reset 30.7 show dldp Description The show dldp command is used to display the global configuration of DLDP function such as DLDP global state, DLDP interval and shut mode.
Page 264: Show Dldp Interface
—— The Gigabit Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration and state of all ports: T2500G-10TS# show dldp interface Display the configuration and state of port 1/0/5: T2500G-10TS# show dldp interface gigabitEthernet 1/0/5...
Page 265: Chapter 31 Igmp Snooping Commands
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable IGMP Snooping function: T2500G-10TS(config)# ip igmp snooping 31.2 ip igmp snooping(interface) Description The ip igmp snooping command is used to enable the IGMP Snooping function for the desired port.
Page 266: Ip Igmp Snooping Report-Suppression
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the IGMP report suppression function: T2500G-10TS(config)# ip igmp snooping report-suppression...
Page 267: Ip Igmp Snooping Immediate-Leave
Only Admin, Operator and Power User level users have access to these commands. Example Enable the Fast Leave function for port 1/0/3: T2500G-10TS(config)# interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)# ip igmp snooping immediate-leave 31.5 ip igmp snooping drop-unknown Description The ip igmp snooping drop-unknown command is used to process the unknown multicast as discard.
Page 268: Ip Igmp Snooping Vlan-Config
Example Specify the operation to process unknown multicast as discard: T2500G-10TS(config)# ip igmp snooping drop-unknown 31.6 ip igmp snooping vlan-config Description The ip igmp snooping vlan-config command is used to enable VLAN IGMP Snooping function or to modify IGMP Snooping parameters, and to create static multicast IP entry.
Page 269: Ip Igmp Snooping Multi-Vlan-Config
Member Port Time as 200 seconds for VLAN 1-3, and set the router port as 1/0/1 for VLAN 1-2: T2500G-10TS(config)# ip igmp snooping vlan-config 1-3 rtime 300 T2500G-10TS(config)# ip igmp snooping vlan-config 1-3 mtime 200 T2500G-10TS(config)# ip igmp snooping vlan-config 1-2 rport interface gigabitEthernet 1/0/1 Add static multicast IP address 225.0.0.1, which corresponds to VLAN 2, and...
Page 270 Enable Multicast VLAN 3, and configure Router Port Time as 100 seconds, Member Port Time 100 seconds, and Static Router Port port 1/0/3: T2500G-10TS(config)# ip igmp snooping multi-vlan-config 3 rtime 100 T2500G-10TS(config)# ip igmp snooping multi-vlan-config 3 mtime 100 T2500G-10TS(config)# ip igmp snooping multi-vlan-config 3 rport...
Page 271: Ip Igmp Snooping Filter(Global)
Only Admin, Operator and Power User level users have access to these commands. Example Modify the multicast IP-range whose ID is 3 as 225.1.1.1–226.3.2.1: T2500G-10TS(config)#ip igmp snooping filter 3 225.1.1.1 226.3.2.1 31.9 ip igmp snooping filter(interface) Description The ip igmp snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp snooping filter command.
Page 272: Ip Igmp Snooping Filter Add-Id
Example Enable IGMP Snooping filter function for Gigabit Ethernet port 1/0/2: T2500G-10TS(config)#interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)#ip igmp snooping filter 31.10 ip igmp snooping filter add-id Description The ip igmp snooping filter add-id command is used to configure the multicast IP-range desired to filter. To delete the corresponding IP-range, please use no ip igmp snooping filter add-id command.
Page 273: Ip Igmp Snooping Filter Maxgroup
Example Bind the filtering address ID 2-6 to Gigabit Ethernet port 1/0/3: T2500G-10TS(config)#interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)#ip igmp snooping filter addr-id 2-6 31.11 ip igmp snooping filter maxgroup Description The ip igmp snooping filter maxgroup command is used to specify the maximum number of multicast groups for a port to join in.
Page 274: Ip Igmp Snooping Querier Vlan
Example Specify the Action Mode as “accept” for Gigabit Ethernet port 1/0/3: T2500G-10TS(config)#interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)#ip igmp snooping filter mode accept 31.13 ip igmp snooping querier vlan Description The ip igmp snooping querier vlan command is used to enable the IGMP Snooping Querier function of the VLAN(s).
Page 275: Ip Igmp Snooping Querier Vlan (General Query)
Only Admin, Operator and Power User level users have access to these commands. Example Enable the IGMP Snooping Querier function of VLAN 1: T2500G-10TS(config)#ip igmp snooping querier vlan 1 31.14 ip igmp snooping querier vlan (general query) Description The ip igmp snooping querier vlan command is used to configure the parameters for IGMP Snooping Querier to send a general query frame.
Page 276: Ip Igmp Snooping Querier Vlan (Specific Query)
Example For VLAN 2, specify its query-interval as 200 seconds, and the response-time as 20 seconds: T2500G-10TS(config)#ip igmp snooping querier vlan 2 query-interval 200 T2500G-10TS(config)#ip igmp snooping querier vlan 2 max-response-time 20 31.15 ip igmp snooping querier vlan (specific query)
Page 277: Ip Igmp Snooping Authentication
RADIUS server is configured. For how to enable AAA function and configure RADIUS server, please refer to aaa enable radius-server host. Example Enable IGMP authentication on port 1/0/3: T2500G-10TS(config)# interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)# ip igmp snooping authentication...
Page 278: Ip Igmp Snooping Accounting
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Clear the statistics of the IGMP packets: T2500G-10TS(config)# clear ip igmp snooping statistics...
Page 279: Show Ip Igmp Snooping
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the global configuration of IGMP: T2500G-10TS# show ip igmp snooping 31.20 show ip igmp snooping interface Description The show ip igmp snooping interface command is used to display the port configuration of IGMP snooping.
Page 280: Show Ip Igmp Snooping Vlan
T2500G-10TS# show ip igmp snooping interface basic-config Display the IGMP basic configuration of port 1/0/2: T2500G-10TS# show ip igmp snooping interface gigabitEthernet 1/0/2 basic-config Display the IGMP packet statistics of ports 1/0/1-4: T2500G-10TS# show ip igmp snooping interface gigabitEthernet 1/0/1-4 packet-stat 31.21 show ip igmp snooping vlan...
Page 281: Show Ip Igmp Snooping Groups
Privilege Requirement None. Example Display the Multicast VLAN configuration: T2500G-10TS# show ip igmp snooping multi-vlan 31.23 show ip igmp snooping groups Description The show ip igmp snooping groups command is used to display the information of all IGMP snooping groups. It can be extended to some other commands to display the dynamic and static multicast information of a selected VLAN.
Page 282: Show Ip Igmp Snooping Querier
T2500G-10TS(config)#show ip igmp snooping groups vlan 5 dynamic count Display the count of static multicast entries of VLAN 5 T2500G-10TS(config)#show ip igmp snooping groups vlan 5 static count 31.24 show ip igmp snooping querier Description The show ip igmp snooping querier command is used to display the Querier configuration of VLAN.
Page 283: Chapter 32 Mld Snooping Commands
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable MLD Snooping: T2500G-10TS(config)# ipv6 mld snooping 32.2 ipv6 mld snooping router-aging-time Description The ipv6 mld snooping router-aging-time command is used to specify router port aging time globally. The default aging time is 260 seconds. To...
Page 284: Ipv6 Mld Snooping Member-Aging-Time
Only Admin, Operator and Power User level users have access to these commands. Example Specify MLD Snooping router port aging time as 100 seconds globally: T2500G-10TS(config)# ipv6 mld snooping router-aging-time 100 32.3 ipv6 mld snooping member-aging-time Description The ipv6 mld snooping member-aging-time command is used to specify member port aging time globally.
Page 285: Ipv6 Mld Snooping Report-Suppression
Only Admin, Operator and Power User level users have access to these commands. Example Disable Report message suppression function: T2500G-10TS(config)# no ipv6 mld snooping report-suppression 32.5 ipv6 mld snooping unknown-filter Description The ipv6 mld snooping unknown-filter command is used to enable the unknown multicast packets filter function.
Page 286: Ipv6 Mld Snooping Last-Listener Query-Inteval
Only Admin, Operator and Power User level users have access to these commands. Example Specify the interval of Specific Query Message to 3 seconds: T2500G-10TS(config)# ipv6 mld snooping last-listener query-inteval 3 32.7 ipv6 mld snooping last-listener query-count Description The ipv6 mld snooping last-listener query-count command is used to specify the numbers of Specific Query Message to be sent.
Page 287: Ipv6 Mld Snooping Multicast-Vlan
Only Admin, Operator and Power User level users have access to these commands. Example Specify the number of Specific Query Message to 3: T2500G-10TS(config)# ipv6 mld snooping last-listener query-count 3 32.8 ipv6 mld snooping multicast-vlan Description The ipv6 mld snooping multicast-vlan command is used to enable the multicast VLAN function.
Page 288: Ipv6 Mld Snooping Multicast-Vlan Vlan-Id
Only Admin, Operator and Power User level users have access to these commands. Example Specify multicast VLAN as VLAN 2: T2500G-10TS(config)# ipv6 mld snooping multicast-vlan vlan-id 2 32.10 ipv6 mld snooping vlan Description The ipv6 mld snooping vlan command is used to enable MLD Snooping function on a specified VLAN.
Page 289: Ipv6 Mld Snooping Vlan Router-Aging-Time
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the router port aging time as 100 seconds in VLAN 2: T2500G-10TS(config)# ipv6 mld snooping vlan 2 router-aging-time 100...
Page 290: Ipv6 Mld Snooping Vlan Member-Aging-Time
Example Specify the member port aging time as 300 seconds in VLAN 2: T2500G-10TS(config)# ipv6 mld snooping vlan 2 member-aging-time 300 32.13 ipv6 mld snooping vlan immediate-leave Description The ipv6 mld snooping vlan immediate-leave command is used to enable the immediate leave function on a specified VLAN.
Page 291: Ipv6 Mld Snooping Vlan Mrouter
Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the gigabitEthernet 1/0/2 as static router port in VLAN 2: T2500G-10TS(config)# ipv6 mld snooping vlan 2 mrouter interface gigabitEthernet 1/0/2...
Page 292: Ipv6 Mld Snooping Vlan Static
Example Configure the static multicast group ff80::1234 in VLAN 2 with the member port gigabitEthernet 1/0/2: T2500G-10TS(config)# ipv6 mld snooping vlan 2 static ff80::1234 interface gigabitEthernet 1/0/2 32.16 ipv6 mld snooping querier vlan Description The ipv6 mld snooping querier vlan command is used to enable the MLD Querier function.
Page 293: Ipv6 Mld Snooping Querier Vlan Max-Response-Time
Only Admin, Operator and Power User level users have access to these commands. Example Enable MLD Querier function on VLAN 2: T2500G-10TS(config)# ipv6 mld snooping querier vlan 2 32.17 ipv6 mld snooping querier vlan max-response-time Description The ipv6 mld snooping querier vlan max-response-time command is used to specify the max response time of the Query message.
Page 294: Ipv6 Mld Snooping Querier Vlan Query-Interval
Example Specify the interval to send the Query Message as 10s on VLAN 2: T2500G-10TS(config)# ipv6 mld snooping querier vlan 2 query-interval 10 32.19 ipv6 mld snooping querier vlan query-source Description The ipv6 mld snooping querier vlan query-source command is used to specify the source address which sends the Query message.
Page 295: Ipv6 Mld Snooping Filter(Global)
Example Specify the source address which sends the Query message as fe80::1234 on VLAN 2: T2500G-10TS(config)# ipv6 mld snooping querier vlan 2 query-source fe80::1234 32.20 ipv6 mld snooping filter(global) Description The ipv6 mld snooping filter command is used to configure the multicast group filter entries in the format of ip-range.
Page 296: Ipv6 Mld Snooping Filter(Interface)
Example Create filter entry with filter ID as 2, start IP as ff80::1234 and end IP as ff80::1235: T2500G-10TS(config)# ipv6 mld snooping filter 2 ff80::1234 ff80::1235 32.21 ipv6 mld snooping filter(interface) Description The ipv6 mld snooping filter command is used to enable the filter function on the interface.
Page 297: Ipv6 Mld Snooping Filter-Id
Example Configure the filter mode as refuse on interface gigabitEthernet 1/0/2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# ipv6 mld snooping filter-mode refuse 32.23 ipv6 mld snooping filter-id Description The ipv6 mld snooping filter-id command is used to specify the filter id on the interface.
Page 298: Ipv6 Mld Snooping Max-Group
T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# ipv6 mld snooping filter-id 1,10 32.24 ipv6 mld snooping max-group Description The ipv6 mld snooping max-group command is used to specify the limit number of groups for a port to join in. The default value is 256. To restore the default value, please use no ipv6 mld snooping max-group command.
Page 299: Show Ipv6 Mld Snooping
Only Admin, Operator and Power User level users have access to these commands. Example Clear the statistics of the MLD packets: T2500G-10TS(config)# clear ipv6 mld snooping statistics 32.26 show ipv6 mld snooping Description The show ipv6 mld snooping command is used to display the global configuration of MLD Snooping.
Page 300: Show Ipv6 Mld Snooping Static-Mcast
Privilege Requirement None. Example Display all of the VLAN information: T2500G-10TS(config)# show ipv6 mld snooping vlan 32.28 show ipv6 mld snooping static-mcast Description The show ipv6 mld snooping static-mcast command is used to display the static multicast groups configured by users.
Page 301: Show Ipv6 Mld Snooping Filter
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display all of the multicast groups: T2500G-10TS(config)# show ipv6 mld snooping group 32.30 show ipv6 mld snooping filter Description The show ipv6 mld snooping filter command is used to display the filter entries.
Page 302: Show Ipv6 Mld Snooping Interface Filter
Privilege Requirement None. Example Display all filter ids bounded to all interface: T2500G-10TS(config)# show ipv6 mld snooping interface filter 32.33 show ipv6 mld snooping querier Description The show ipv6 mld snooping querier command is used to display the Querier configuration of VLAN.
Page 303: Show Ipv6 Mld Snooping Statistics
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display all Querier information: T2500G-10TS(config)# show ipv6 mld snooping querier 32.34 show ipv6 mld snooping statistics Description The show ipv6 mld snooping statistics command is used to display the statistics of the MLD packets.
Page 304: Chapter 33 Snmp Commands
Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Enable the SNMP function: T2500G-10TS(config)# snmp-server 33.2 snmp-server view Description The snmp-server view command is used to add View. To delete the corresponding View, please use no snmp-server view command. The OID...
Page 305: Snmp-Server Group
Only Admin level users have access to these commands. Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: T2500G-10TS(config)# snmp-server view view1 1.3.6.1.6.3.20 include 33.3 snmp-server group Description The snmp-server group command is used to manage and configure the SNMP group.
Page 306 View viewDefault as read-write, besides the notification messages sent by View viewDefault can be received by Management station: T2500G-10TS(config)# snmp-server group group1 smode v3 slev authNoPriv read viewDefault write viewDefault notify viewDefault Delete group 1: T2500G-10TS(config)# no snmp-server group group1 smode v3 slev authNoPriv...
Page 307: Snmp-Server User
33.4 snmp-server user Description The snmp-server user command is used to add User. To delete the corresponding User, please use no snmp-server user command. The User in an SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access right. Syntax name group-name...
Page 308: Snmp-Server Community
Mode of the user as MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: T2500G-10TS(config)# snmp-server user admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222 33.5...
Page 309: Snmp-Server Host
Privilege Requirement Only Admin level users have access to these commands. Example Add community public, and the community has read-write management right to View viewDefault: T2500G-10TS(config)# snmp-server community public read-write viewDefault 33.6 snmp-server host Description The snmp-server host command is used to add Notification. To delete the corresponding Notification, please use no snmp-server host command.
Page 310 Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the retries time as 100: T2500G-10TS(config)# snmp-server host fe80::1234 162 admin smode v2c type inform retries 100 timeout 1000...
Page 311: Snmp-Server Engineid
Privilege Requirement Only Admin level users have access to these commands. Example Specify the local engineID as 1234567890, and the remote engineID as abcdef123456: T2500G-10TS(config)# snmp-server engineID local 1234567890 remote abcdef123456 33.8 snmp-server traps snmp Description The snmp-server traps snmp command is used to enable SNMP standard...
Page 312: Snmp-Server Traps Link-Status
Privilege Requirement Only Admin level users have access to these commands. Example Enable SNMP standard linkup trap for the switch: T2500G-10TS(config)# snmp-server traps snmp linkup 33.9 snmp-server traps link-status Description The snmp-server traps link-status command is used to enable SNMP link status trap for the specified port.
Page 313: Snmp-Server Traps
Privilege Requirement Only Admin level users have access to these commands. Example Enable SNMP link status trap for port 3: T2500G-10TS(config)# interface gigabitEthernet 1/0/3 T2500G-10TS(config-if)# snmp-server traps link-status 33.10 snmp-server traps Description The snmp-server traps command is used to enable SNMP extended traps.
Page 314: Snmp-Server Traps Mac
Privilege Requirement Only Admin level users have access to these commands. Example Enable SNMP extended bandwidth-control trap for the switch: T2500G-10TS(config)# snmp-server traps bandwidth-control 33.11 snmp-server traps mac Description The snmp-server traps mac command is used to enable SNMP extended...
Page 315: Snmp-Server Traps Vlan
Enable all SNMP extended MAC address-related traps for the switch: T2500G-10TS(config)# snmp-server traps mac Enable new MAC address trap only for the switch: T2500G-10TS(config)# snmp-server traps mac new 33.12 snmp-server traps vlan Description The snmp-server traps vlan command is used to enable SNMP extended VLAN-related traps which include two types: create and delete.
Page 316: Rmon History
T2500G-10TS(config)# snmp-server traps vlan Enable VLAN-created trap only for the switch: T2500G-10TS(config)# snmp-server traps vlan create 33.13 rmon history Description The rmon history command is used to configure the history sample entry. To return to the default configuration, please use no rmon history command.
Page 317: Rmon Event
T2500G-10TS(config)# rmon history 1-3 interface gigabitEthernet 1/0/2 interval 100 owner owner1 33.14 rmon event Description The rmon event command is used to configure the entries of SNMP-RMON Event. To return to the default configuration, please use no rmon event command. Event Group, as one of the commonly used RMON Groups, is used to define RMON events.
Page 318: Rmon Alarm
T2500G-10TS(config)# rmon event 1-4 user user1 description description1 type log owner owner1 33.15 rmon alarm Description The rmon alarm command is used to configure SNMP-RMON Alarm Management. To return to the default configuration, please use no rmon alarm command. Alarm Group is one of the commonly used RMON Groups.
Page 319: Rmon Statistics
Example Configure rmon alarm entries 1-3 binding with statistics entry 2, the owners as owner1 and the alarm intervals as 100 seconds: T2500G-10TS(config)#rmon alarm 1-3 stats-index 2 owner owner1 interval 33.16 rmon statistics Description The rmon statistics command is used to configure the entries of SNMP-RMON statistics.
Page 320: Show Snmp-Server
Only Admin level users have access to these commands. Example Configure the statistics entries 1-3 with the statistics port as 1/0/1, owner as owner1 and status as valid: T2500G-10TS(config)#rmon statistics 1-3 interface gigabitEthernet 1/0/1 owner owner1 status valid 33.17 show snmp-server Description The show snmp-server command is used to display SNMP configuration globally.
Page 321: Show Snmp-Server View
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Display the View table: T2500G-10TS# show snmp-server view 33.19 show snmp-server group Description The show snmp-server group command is used to display the Group table. Syntax...
Page 322: Show Snmp-Server User
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Display the User table: T2500G-10TS# show snmp-server user 33.21 show snmp-server community Description The show snmp-server community command is used to display the Community table.
Page 323: Show Snmp-Server Engineid
Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Display the Host table: T2500G-10TS# show snmp-server host 33.23 show snmp-server engineID Description The show snmp-server engineID command is used to display the engineID of the SNMP.
Page 324: Show Rmon Event
By default, the configuration of all SNMP-RMON enabled entries is displayed. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Display the Event configuration of entry1-4: T2500G-10TS# show rmon event 1-4...
Page 325: Show Rmon Alarm
Only Admin level users have access to these commands. Example Display the configuration of the Alarm Management entry 1-2: T2500G-10TS# show rmon alarm 1-2 33.27 show rmon statistics Description The show rmon statistics command is used to display the configuration of the specified statistics entry.
Page 326 Privilege Requirement Only Admin level users have access to these commands. Example Display the configuration of the statistics entry 1: T2500G-10TS#show rmon statistics 1...
Page 327: Chapter 34 Lldp Commands
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable LLDP function globally: T2500G-10TS(config)#lldp 34.2 lldp hold-multiplier Description The lldp hold-multiplier command is used to configure the Hold Multiplier parameter. The aging time of the local information in the neighbor device is determined by the actual TTL value used in the sending LLDPDU.
Page 328: Lldp Timer
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify Hold Multiplier as 5: T2500G-10TS(config)#lldp hold-multiplier 5 34.3 lldp timer Description The lldp timer command is used to configure the parameters about transmission. To return to the default configuration, please use no lldp timer command.
Page 329: Lldp Receive
Only Admin, Operator and Power User level users have access to these commands. Example Specify the Transmit Interval of LLDPDU as 45 seconds and Trap message to NMS as 120 seconds: T2500G-10TS(config)#lldp timer tx-interval 45 T2500G-10TS(config)#lldp timer notify-interval 120 34.4 lldp receive Description The lldp receive command is used to enable the designated port to receive LLDPDU.
Page 330: Lldp Transmit
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable Gigabit Ethernet port 1/0/1 to transmit LLDPDU: T2500G-10TS(config)# interface gigabitEthernet 1/0/1 T2500G-10TS(config-if)#lldp transmit 34.6 lldp snmp-trap Description The lldp snmp-trap command is used to enable the port’s SNMP notification.
Page 331: Lldp Tlv-Select
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Exclude “management-address” and “port-vlan-id” TLVs in LLDPDU outgoing from Gigabit Ethernet port 1/0/1: T2500G-10TS(config)# interface gigabitEthernet 1/0/1 T2500G-10TS(config-if)# no lldp tlv-select management-address port-vlan...
Page 332: Lldp Med-Fast-Count
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Specify Fast Start Count as 5: T2500G-10TS(config)# lldp med-fast-count 5 34.9 lldp med-status Description The lldp med-status command is used to enable the LLDP-MED feature for the corresponding port.
Page 333: Lldp Med-Tlv-Select
Only Admin, Operator and Power User level users have access to these commands. Example Enable the LLDP-MED feature for port 1/0/2: T2500G-10TS(config)# interface gigabitEthernet 1/0/2 T2500G-10TS(config-if)# lldp med-status 34.10 lldp med-tlv-select Description The lldp med-tlv-select command is used to configure LLDP-MED TLVs to be included in outgoing LLDPDU for the corresponding port.
Page 334: Lldp Med-Location
T2500G-10TS(config-if)# no lldp med-tlv-select network-policy inventory- management 34.11 lldp med-location Description The lldp med-location command is used to configure the Location Identification TLV's content in outgoing LLDPDU of the port. Syntax identifier lldp med-location emergency-number civic-address language province-state county [ [ language...
Page 335: Show Lldp
[ gigabitEthernet Parameters port —— The Ethernet port number Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the LLDP configuration of Gigabit Ethernet port 1/0/1: T2500G-10TS#show lldp interface gigabitEthernet 1/0/1...
Page 336: Show Lldp Local-Information Interface
Privilege Requirement None. Example Display the LLDP information of Gigabit Ethernet port 1/0/1: T2500G-10TS#show lldp local-information interface gigabitEthernet 1/0/1 34.15 show lldp neighbor-information interface Description The show lldp neighbor-information interface command is used to display the neighbor information of the corresponding port. By default, the neighbor information of all the ports will be displayed.
Page 337: Show Lldp Traffic Interface
[ gigabitEthernet Parameters port —— The Ethernet port number Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the LLDP statistic information of Gigabit Ethernet port 1/0/1: T2500G-10TS#show lldp traffic interface gigabitEthernet 1/0/1...
Page 338: Chapter 35 Aaa Commands
Chapter 35 AAA Commands AAA stands for authentication, authorization and accounting. This feature is used to authenticate users trying to log in to the switch or trying to access the administrative level privilege. Applicable Access Application  The authentication can be applied on the following access applications: Console, Telnet, SSH and HTTP.
Page 339: Enable Admin Password
Example Enable the AAA function globally: T2500G-10TS(config)# aaa enable 35.2 enable admin password Description The enable admin password command is used to elevate the current logged-in user from guest to admin and gain administrator level privileges. The authentication password is possibly authenticated in RADIUS/TACACS+ servers, user-defined server groups or local on the switch.
Page 340: Enable Admin Secret
Example Set the elevation password as 123 for the current logged-in user to gain administrator level privileges: T2500G-10TS(config)#enable admin password 0 123 35.3 enable admin secret Description The enable admin secret command is used to elevate the current logged-in user from guest to admin and gain administrator level privileges.
Page 341: Tacacas-Server Host
Example Set the secret elevation password as 123 for the current logged-in user to gain administrator level privileges. The password will be displayed in the encrypted form: T2500G-10TS(config)#enable admin secret 0 123 35.4 tacacas-server host Description The tacacs-server host command is used to configure a new TACACS+ server.
Page 342: Show Tacacs-Server
Example Configure a TACACS+ server with the IP address as 1.1.1.1, TCP port as 1500, timeout as 6 seconds, and the unencrypted key string as 12345. T2500G-10TS(config)# tacacs-server host 1.1.1.1 port 1500 timeout 6 key 12345 35.5 show tacacs-server...
Page 343: Radius-Server Host
Example Display the information of all the TACACS+ servers: T2500G-10TS(config)# show tacacs-server 35.6 radius-server host Description The radius-server host command is used to configure a new RADIUS server. To delete the specified RADIUS server, please use no radius-server host command.
Page 344: Show Radius-Server
Configure a RADIUS server with the IP address as 1.1.1.1, authentication port as 1200, timeout as 6 seconds, retransmit times as 3, and the unencrypted key string as 12345. T2500G-10TS (config)# radius-server host 1.1.1.1 auth-port 1200 timeout 6 retransmit 3 key 12345 35.7...
Page 345: Aaa Group
Privilege Requirement Only Admin level users have access to these commands. Example Create a RADIUS server group with the name radius1: T2500G-10TS(config)# aaa group radius radius1 35.9 server Description This server command is used to add the existing server in the defined server group.
Page 346: Show Aaa Group
Privilege Requirement Only Admin level users have access to these commands. Example Create the RADIUS server 1.1.1.1 to RADIUS server group “radius1”: T2500G-10TS(config)# aaa group radius radius1 T2500G-10TS(aaa-group)# server 1.1.1.1 35.10 show aaa group Description This show aaa group command is used to display the summary information of the AAA groups.
Page 347: Aaa Authentication Login
User Guidelines By default the login authentication method list is “default” with “local” as method1. Example Configure a login authentication method list “list1” with the priority1 method as radius and priority2 method as local: T2500G-10TS(config)# aaa authenticaiton login list1 radius local...
Page 348: Aaa Authentication Enable
User Guidelines By default the enable authentication method is “default” with “none” as method1. Example Configure a privilege authentication method list “list2” with the priority1 method as radius and priority2 method as local: T2500G-10TS(config)# aaa authenticaiton enable list2 radius local...
Page 349: Aaa Authentication Dot1X Default
Only Admin level users have access to these commands. Example Configure the default 802.1X authentication method as “radius1”: T2500G-10TS(config)# aaa authentication dot1x default radius1 35.14 aaa accounting dot1x default Description This aaa accounting dot1x default command is used to configure an 802.1X accounting method list.
Page 350: Show Aaa Authentication
Only Admin level users have access to these commands. Example Configure the default 802.1X accounting method as “radius1”: T2500G-10TS(config)# aaa accounting dot1x default radius1 35.15 show aaa authentication Description This show aaa authentication command is used to display the summary information of the authentication login, enable and dot1x metheod list.
Page 351: Show Aaa Accounting
Only Admin level users have access to these commands. Example Display the information of the default 802.1X accounting method list: T2500G-10TS(config)# show aaa accounting 35.17 line console Description The line console command is used to enter the Line Configuration Mode configure the console port to which you want to apply the authentication list.
Page 352: Login Authentication(Console)
“default” by default, which contains the method “local”. Command Mode Line Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Configure the login authentication method list on the console port as “list1”: T2500G-10TS(config)# line console 0 T2500G-10TS(config-line)# login authentication list1...
Page 353: Enable Authentication(Console)
Privilege Requirement Only Admin level users have access to these commands. Example Configure the enable authentication method list on the console port as “list2”: T2500G-10TS(config)# line console 0 T2500G-10TS(config-line)# enable authentication list2 35.20 line telnet Description The line telnet command is used to enter the Line Configuration Mode to configure the telnet terminal line to which you want to apply the authentication list.
Page 354: Login Authentication(Telnet)
“default” by default, which contains the method “local”. Command Mode Line Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Configure the login authentication method list on the telnet terminal line as “list1”: T2500G-10TS(config)#line telnet T2500G-10TS(config-line)# login authentication list1...
Page 355: Line Ssh
Privilege Requirement Only Admin level users have access to these commands. Example Enter the ssh terminal line configuration mode: T2500G-10TS(config)#line ssh 35.23 login authentication(ssh) Description The login authentication command is used to apply the login authentication method list to the ssh terminal line. To restore to the default authentication method list, please use the no login authentication command.
Page 356: Enable Authentication(Telnet)
Example Configure the login authentication method list on the ssh terminal line as “list1”: T2500G-10TS(config)# line ssh T2500G-10TS(config-line)# login authentication list1 35.24 enable authentication(telnet) Description The enable authentication command is used to apply the privilege authentication method list to the telnet terminal line. To restore to the default authentication method list, please use the no enable authentication command.
Page 357: Enable Authentication(Ssh)
Example Configure the enable authentication method list on the ssh terminal line as “list2”: T2500G-10TS(config)# line ssh T2500G-10TS(config-line)# enable authentication list2 35.26 ip http login authentication Description The ip http login authentication command is used to apply the login authentication method list to users accessing through HTTP. To restore to the default authentication method list, please use the no ip http login authentication command.
Page 358: Ip Http Enable Authentication
Only Admin level users have access to these commands. Example Configure the login authentication method list on the HTTP access as “list1”: T2500G-10TS(config)# ip http login authentication list1 35.27 ip http enable authentication Description The ip http enable authentication command is used to apply the privilege authentication method list to users accessing through HTTP.
Page 359: Show Aaa Global
Example Configure the enable authentication method list on the HTTP access as “list2”: T2500G-10TS(config)# ip http enable authentication list2 35.28 show aaa global Description This show aaa global command is used to display global status of AAA function and the login/enable method lists of different application modules: console, telnet, ssh and HTTP.
Page 360: Chapter 36 Dhcp Relay Commands
Only Admin, Operator and Power User level users have access to these commands. Example Enable DHCP Relay function globally: T2500G-10TS(config)# ip dhcp relay 36.2 ip dhcp relay information option Description The ip dhcp relay information option command is used to enable option 82 support in DHCP Relay.
Page 361: Ip Dhcp Relay Information Strategy
Only Admin, Operator and Power User level users have access to these commands. Example Specify the option 82 policy as replace to replace the Option 82 field with the local parameter on receiving the DHCP request packet: T2500G-10TS(config)# ip dhcp relay information strategy replace...
Page 362: Ip Dhcp Relay Information Format
Example Select the format of option 82 sub-option value field as TLV (type-length-value): T2500G-10TS (config)#ip dhcp relay information format normal 36.5 ip dhcp relay information circuit-id Description The ip dhcp relay information circuit-id command is used to specify the custom circuit ID when option 82 customization is enabled.
Page 363: Ip Dhcp Relay Information Remote-Id
Only Admin, Operator and Power User level users have access to these commands. Example Specify the circuit ID as “TP-Link”: T2500G-10TS(config)# ip dhcp relay information circuit-id TP-Link 36.6 ip dhcp relay information remote-id Description The ip dhcp relay information remote-id command is used to specify the custom remote ID when option 82 customization is enabled.
Page 364: Ip Dhcp Relay Vlan
Only Admin, Operator and Power User level users have access to these commands. Example Add DHCP server address 192.168.2.1 to VLAN 1 ： T2500G-10TS (config)# ip dhcp relay vlan 1 helper-address 192.168.2.1 36.8 show ip dhcp relay Description The show ip dhcp relay command is used to display the global status and Option 82 configuration of DHCP Relay.
Page 365 Privilege Requirement None. Example Display the configuration of DHCP Relay: T2500G-10TS(config)# show ip dhcp relay...

This manual is also suitable for:

Tl-sg3210

TP-Link T2500G-10TS Cli Reference Manual

Preface

Chapter 1 Using the CLI

Chapter 2 User Interface

Chapter 3 IEEE 802.1Q VLAN Commands

Chapter 4 MAC-Based VLAN Commands

Chapter 5 Protocol-Based VLAN Commands

Chapter 6 VLAN-VPN Commands

Chapter 7 Voice VLAN Commands

Chapter 8 L2PT Commands

Chapter 9 GVRP Commands

Chapter 10 Etherchannel Commands

Chapter 11 User Management Commands

Chapter 12 HTTP and HTTPS Commands

Chapter 13 Binding Table Commands

Chapter 14 ARP Inspection Commands

Chapter 15 Dos Defend Commands

Chapter 16 IEEE 802.1X Commands

Chapter 17 Pppoe ID-Insertion Commands

Chapter 18 System Log Commands

Chapter 19 SSH Commands

Chapter 20 MAC Address Commands

Chapter 21 System Configuration Commands

Chapter 22 Ipv6 Address Configuration Commands

Chapter 23 Ethernet Configuration Commands

Chapter 24 Qos Commands

Chapter 25 Port Mirror Commands

Chapter 26 Port Isolation Commands

Chapter 27 Loopback Detection Commands

Chapter 28 ACL Commands

Quick Links

CLI Reference Guide

Related Manuals for TP-Link T2500G-10TS

Summary of Contents for TP-Link T2500G-10TS