Page 1 " " VN/UN564:1VN/UN5674" LgvUvtgco"N4"Ocpcigf"Uykvej" " " REV1.2.3 1910011785...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3 EQPVGPVU Rtghceg" 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 3 Ejcrvgt"3 Wukpi"vjg"ENK 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 6 1.1 Accessing the CLI ......................4 1.1.1 Logon by a console port ..................4 1.1.2 Logon by Telnet ....................6 1.2 CLI Command Modes ....................10 1.3 Security Levels ......................11 1.4 Conventions ........................12 1.4.1 Format Conventions ...................12 1.4.2 Special Characters....................12 1.4.3 Parameter Format....................12 Ejcrvgt"4...
Page 4 protocol-vlan..........................25 show protocol-vlan template....................26 show protocol-vlan vlan ......................26 show protocol-vlan interface....................27 Ejcrvgt"7 Xqkeg"XNCP"Eqoocpfu 00000000000000000000000000000000000000000000000000000000000000000000 4: voice vlan ..........................28 voice vlan aging time ......................28 voice vlan mac-address......................29 switchport voice vlan mode ....................30 show voice vlan ........................30 show voice vlan oui .......................31 show voice vlan switchport ....................31 Ejcrvgt"8 IXTR"Eqoocpfu000000000000000000000000000000000000000000000000000000000000000000000000000000 55...
Page 5 line............................46 password ..........................47 login............................47 login local ..........................48 show user account-list ......................49 show user configuration......................49 Ejcrvgt"; Dkpfkpi"Vcdng"Eqoocpfu00000000000000000000000000000000000000000000000000000000000000000 72 ip source binding ........................50 ip dhcp snooping ........................51 ip dhcp snooping global......................51 ip dhcp snooping information option ..................52 ip dhcp snooping information strategy ...................53 ip dhcp snooping information remote-id.................54 ip dhcp snooping information circuit-id ..................54 ip dhcp snooping trust ......................55...
Page 6 Ejcrvgt"34 KGGG":2403Z"Eqoocpfu 0000000000000000000000000000000000000000000000000000000000000000000 89 dot1x system-auth-control .....................67 dot1x auth-method ........................67 dot1x guest-vlan(global) ......................68 dot1x quiet-period........................69 dot1x timeout.........................69 dot1x max-reauth-req ......................70 dot1x............................70 dot1x guest-vlan(interface) ....................71 dot1x port-control ........................71 dot1x port-method .........................72 radius.............................73 radius server-account ......................74 show dot1x global........................74 show dot1x interface ......................75 show radius accounting ......................75 show radius authentication ....................76 Ejcrvgt"35 U{uvgo"Nqi"Eqoocpfu00000000000000000000000000000000000000000000000000000000000000000000 99...
Page 7 ip http secure-server download certificate ................87 ip http secure-server download key ..................88 show ip http secure-server ....................89 Ejcrvgt"38 OCE"Cfftguu"Eqoocpfu00000000000000000000000000000000000000000000000000000000000000000 ;2 mac address-table static......................90 mac address-table aging-time ....................91 mac address-table filtering ....................91 mac address-table max-mac-count ..................92 show mac address-table address ..................93 show mac address-table aging-time ..................94 show mac address-table max-mac-count interface ...............94 show mac address-table interface ..................95...
Page 8 loopback interface .......................109 show system-time........................ 110 show system-time dst ......................110 show system-time ntp......................111 show system-info......................... 111 show running-config ......................111 show cable-diagnostics interface..................112 Ejcrvgt"3: Gvjgtpgv"Eqphkiwtcvkqp"Eqoocpfu 000000000000000000000000000000000000000000000000335 interface fastEthernet ......................113 interface range fastEthernet ....................113 interface gigabitEthernet...................... 114 interface range gigabitEthernet ...................
Page 9 qos queue dscp-map ......................129 qos queue mode........................130 show qos interface ......................131 show qos cos-map ......................132 show qos dscp-map ......................132 show qos queue mode ......................133 show qos status........................133 Ejcrvgt"42 Rqtv"Okttqt"Eqoocpfu 00000000000000000000000000000000000000000000000000000000000000000000356 monitor session destination interface ..................134 monitor session source interface..................135 show monitor session ......................136 Ejcrvgt"43 Rqtv"kuqncvkqp"Eqoocpfu 0000000000000000000000000000000000000000000000000000000000000000359 port isolation ........................137 show port isolation.......................138...
Page 10 access-list policy action .......................152 redirect interface........................153 s-condition ...........................153 s-mirror ..........................154 access-list bind(interface)....................155 access-list bind(vlan) ......................155 show time-range........................156 show holiday........................156 show access-list ........................156 show access-list policy ......................157 show access-list bind ......................157 Ejcrvgt"46 OUVR"Eqoocpfu 0000000000000000000000000000000000000000000000000000000000000000000000000000037; spanning-tree(global)......................159 spanning-tree(interface) ......................159 spanning-tree common-config .....................160 spanning-tree mode......................161 spanning-tree mst configuration ..................162 instance ..........................162 name ...........................163...
Page 11 show spanning-tree mst ......................175 Ejcrvgt"47 KIOR"Eqoocpfu000000000000000000000000000000000000000000000000000000000000000000000000000000398 ip igmp snooping(global) .....................176 ip igmp snooping(interface) ....................176 ip igmp snooping immediate-leave ..................177 ip igmp snooping drop-unknown..................177 ip igmp snooping vlan-config ....................178 ip igmp snooping multi-vlan-config ..................179 ip igmp snooping filter add-id....................180 ip igmp snooping filter(global)....................181 ip igmp snooping filter(interface) ..................181 ip igmp snooping filter maxgroup..................182 ip igmp snooping filter mode....................182...
Page 12 show snmp-server view .......................201 show snmp-server group .....................202 show snmp-server user .......................202 show snmp-server community.....................203 show snmp-server host .......................203 show snmp-server engineID....................203 show rmon history .......................204 show rmon event .........................204 show rmon alarm.........................205 Ejcrvgt"49 Enwuvgt"Eqoocpfu000000000000000000000000000000000000000000000000000000000000000000000000000428 cluster ndp...........................206 cluster ntdp ..........................207 cluster explore ........................208 cluster..........................208 cluster candidate .........................209...
Page 13 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rtghceg" This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SL3428/TL-SL3452 JetStream L2 Managed Switch without any explanation. The commands in this guilde apply to these models if not specially noted, and TL-SL3428 is taken as an example model in the example commands.
Page 14 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt";<"Dkpfkpi"Vcdng"Eqoocpfu" Provide information about the commands used for binding the IP address, MAC address, VLAN and the connected Port number of the Host together. Besides it also provide information about the commands used for monitoring the process of the Host obtaining the IP address from DHCP server, and record the IP address, MAC address, VLAN and the connected Port number of the Host for automatic binding.
Page 15 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"43<"Rqtv"Kuqncvkqp"Eqoocpfu" Provide information about the commands used for configuring the Port isolation function. Ejcrvgt"44<"Nqqrdcem"Fgvgevkqp"Eqoocpfu" Provide information about the commands used for loopback detection." Ejcrvgt"45<"CEN"Eqoocpfu" Provide information about the commands used for configuring the ACL (Access Control List). Ejcrvgt"46<"OUVR"Eqoocpfu"...
Page 16 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"3" Wukpi"vjg"ENK" 303" " Ceeguukpi"vjg"ENK" " You can log on to the switch and access the CLI by the following two methods: Log on to the switch by the console port on the switch. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port.
Page 17 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Figure 1-2 Connection Description Select the port to connect in Figure 1-3, and click"QM. Figure 1-3 Select the port to connect Configure the port selected in the step above as the following Figure 1-4 shown. Configure Dkvu"rgt"ugeqpf as 38400, Fcvc"dkvu as 8, Rctkv{ as None, Uvqr"dkvu"as 1, Hnqy"eqpvtqn"as None, and then click QM.
Page 18 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg The DOS prompt” TL-SL3428>” will appear after pressing the" Gpvgt button as Figure 1-5 shown. It indicates that you can use the CLI now. Figure 1-5 Log in the Switch 30304" " Nqiqp"d{"Vgnpgv" To successfully create Telnet connection, firstly CLI commands about configuring Telnet login mode, login authentication information and Privileged EXEC Mode password should be configured through Console connection.
Page 19 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Now, you can logon by Telnet in nqikp"nqecn"mode. Make sure the switch and the PC are in the same LAN. Click Uvctv → Twp to open the"Twp window and type eof in the prompt Run window as Figure 1-7 and click QM. Figure 1-7 Run Window Open Telnet, then type"vgnpgv"3;4038:0203"in the command prompt"shown as Figure 1-8, and press the Gpvgt button.
Page 20 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Type gpcdng command to enter Privileged EXEC Mode. A password that you have set through Console port connection is required. Here the password is set as"345. Figure 1-10 Enter to the Privileged EXEC Mode ...
Page 21 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Figure 1-12 Connecting to the Switch You are prompted to enter the connection password 345"you have set through Console port connection, and then you are in User EXEC Mode. Figure 1-13 Enter into the User EXEC Mode When entering gpcdng command to access Privileged EXEC Mode, you are required to give the password 345 you have set through Console port connection.
Page 22 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg 304" " ENK"Eqoocpf"Oqfgu" The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode. Interface Configuration Mode can also be divided into Interface fastEthernet, Interface gigabitEthernet, Interface link-aggregation and some other modes, which is shown as the following diagram.
Page 23 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Oqfg" Ceeguukpi"Rcvj" Rtqorv" Nqiqwv"qt"Ceeguu"vjg"pgzv"oqfg Use the gpf command or press Evtn-\ to Use the xncp" vlan-list VLAN return to Privileged EXEC mode. command to enter this VN/UN564:*eqphki/" Configuration mode from Global xncp+% Enter the gzkv"or"% command to return to Mode Configuration mode.
Page 24 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg User level only allows users to do some simple operations in User EXEC Mode; Admin level allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode. Users get the privilege to the User level once connecting console port with the switch or logging in by Telnet.
Page 25 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg MAC Address must be enter in the format of xx:xx:xx:xx:xx:xx  One or several values can be typed for a port-list or a vlan-list using comma to separate. Use  a hyphen to designate a range of values, for instance, 1,3-5,7 indicates choosing 1,3,4,5,and The port number must enter in the format of 1/0/3, meaning unit/slot/port.
Page 26 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"4" Wugt"Kpvgthceg" gpcdng" Fguetkrvkqp" The gpcdng command is used to access Privileged EXEC Mode from User EXEC Mode. U{pvcz" gpcdng" Eqoocpf"Oqfg" User EXEC Mode Gzcorng" If you have set the password to access Privileged EXEC Mode from User EXEC Mode: VN/UN564:@gpcdng"...
Page 27 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg fkucdng" Fguetkrvkqp" The fkucdng command is used to return to User EXEC Mode from Privileged EXEC Mode. U{pvcz" fkucdng" Eqoocpf"Oqfg" Privileged EXEC Mode Gzcorng" Return to User EXEC Mode from Privileged EXEC Mode: VN/UN564:%fkucdng"...
Page 28 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" gzkv" Eqoocpf"Oqfg" Any Configuration Mode Gzcorng" Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: VN/UN564:*eqphki/kh+%gzkv" VN/UN564:*eqphki+%gzkv" VN/UN564:%" gpf" Fguetkrvkqp" The gpf command is used to return to Privileged EXEC Mode. U{pvcz"...
Page 29 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"5" KGGG":2403S"XNCP"Eqoocpfu" VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logical LANs flexibly. Hosts in the same VLAN can communicate with each other, regardless of their physical locations. VLAN can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific domains.
Page 30 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" kpvgthceg"xncp"vlan-id pq"kpvgthceg"xncp"vlan-id Rctcogvgt" vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Create VLAN Interface 2: VN/UN564:*eqphki+%kpvgthceg"xncp"2" pcog Fguetkrvkqp" The pcog command is used to assign a description string to a VLAN. To clear the description, please use pq"pcog command.
Page 31 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg uykvejrqtv"oqfg Fguetkrvkqp" The uykvejrqtv" oqfg command is used to configure the Link Types for the ports. U{pvcz" uykvejrqtv"oqfg { access | trunk | general } Rctcogvgt" access | trunk | general —— Link Types. There are three Link Types for the ports.
Page 32 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Configure Fast Ethernet port 3 whose link type is “access” to VLAN 2: VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv"1/0/3 VN/UN564:*eqphki/kh+%uykvejrqtv"ceeguu xncp 2" uykvejrqtv"vtwpm"cnnqygf"xncp Fguetkrvkqp" The uykvejrqtv"vtwpm"cnnqygf"xncp command is used to add the desired Trunk port to IEEE 802.1Q VLAN, or to remove a port from the corresponding VLAN. U{pvcz"...
Page 33 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" uykvejrqtv"igpgtcn"cnnqygf"xncp"vlan-list { tagged | untagged }" pq"uykvejrqtv"igpgtcn"cnnqygf"xncp"vlan-list Rctcogvgt" vlan-list —— VLAN ID list, ranging from 2 to 4094, in the format of 2-3, 5. It is multi-optional. tagged | untagged —— egress-rule. Eqoocpf"Oqfg"...
Page 34 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Specify the PVID of Fast Ethernet port 3 as 1: VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv 1/0/3 VN/UN564:*eqphki/kh+%uykvejrqtv"rxkf 1" ujqy"xncp"uwooct{ Fguetkrvkqp" The ujqy" xncp" uwooct{ command is used to display the summarized information of IEEE 802.1Q VLAN. U{pvcz"...
Page 35 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"xncp Fguetkrvkqp" The ujqy" xncp command is used to display the detailed information of IEEE 802.1Q VLAN. U{pvcz" ujqy"xncp [kf vlan-list] Rctcogvgt" vlan-list —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Using the ujqy"xncp command without parameter displays the detailed information of all VLANs.
Page 36 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"6" Rtqvqeqn/dcugf"XNCP"Eqoocpfu" Protocol VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A Protocol is relative to a single VLAN ID. The untagged packets and the priority-tagged packets matching the protocol template will be tagged with this VLAN ID.
Page 37 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg rtqvqeqn/xncp"xncp" Fguetkrvkqp" The rtqvqeqn/xncp" xncp command is used to create a Protocol-based VLAN entry. To delete a Protocol-based VLAN entry, please use pq" rtqvqeqn/xncp xncp command. U{pvcz" rtqvqeqn/xncp"xncp"vlan-id vgorncvg"template-idx pq"rtqvqeqn/xncp"xncp group-idx Rctcogvgt" vlan-vid —— Specify IEEE 802.1Q VLAN ID, ranging from 1-4094. template-idx ——The number of the Protocol-based VLAN Template.
Page 38 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" rtqvqeqn/xncp" pq"rtqvqeqn/xncp Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng" Enable the Protocol-based VLAN feature for the Gigabit Ethernet port 25: VN/UN564:*eqphki+%kpvgthceg"ikicdkvGvjgtpgv"1/0/25 VN/UN564:*eqphki/kh+%rtqvqeqn/xncp"...
Page 39 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" ujqy"rtqvqeqn/xncp"xncp Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display information of the Protocol-based VLAN entry: VN/UN564:*eqphki+%ujqy rtqvqeqn/xncp"xncp ujqy"rtqvqeqn/xncp"kpvgthceg" Fguetkrvkqp" The ujqy"rtqvqeqn/xncp"kpvgthceg command is used to display port state and of Protocol-based VLAN interface. U{pvcz"...
Page 40 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"7" Xqkeg"XNCP"Eqoocpfu" Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with voice devices attached to voice VLANs, you can perform QoS-related configuration for voice data, ensuring the transmission priority of voice data stream and voice quality.
Page 41 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" xqkeg"xncp"cikpi"vkog"time" pq"xqkeg"xncp"cikpi"vkog Rctcogvgt" time —— Aging time (in minutes) to be set for the Voice VLAN. It ranges from 1 to 43200. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Set the aging time for the Voice VLAN as 1 minute: VN/UN564:*eqphki+%xqkeg"xncp"cikpi"vkog"1"...
Page 42 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Create a Voice VLAN OUI described as “TP-Phone” with the OUI address 00:11:11:11:11:11 and the mask address FF:FF:FF:00:00:00: VN/UN564:*eqphki+%xqkeg" xncp" oce/cfftguu" 00:11:11:11:11:11" ocum" FF:FF:FF:00:00:00"fguetkrvkqp"TP- Phone uykvejrqtv"xqkeg"xncp"oqfg" Fguetkrvkqp" The uykvejrqtv" xqkeg" xncp" oqfg" command is used to configure the Voice VLAN mode for the Ethernet port.
Page 43 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the configuration information of Voice VLAN globally: VN/UN564:*eqphki+%ujqy"xqkeg"xncp" ujqy"xqkeg"xncp"qwk" Fguetkrvkqp" The ujqy" xqkeg" xncp" qwk command is used to display the configuration information of Voice VLAN OUI. U{pvcz"...
Page 44 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the configuration information of Fast Ethernet port 1 in the Voice VLAN: VN/UN564:*eqphki+%ujqy"xqkeg"xncp"uykvejrqtv"hcuvGvjgtpgv 1/0/1" Display the configuration information of all the ports in the Voice VLAN: VN/UN564:*eqphki+%ujqy"xqkeg"xncp"uykvejrqtv"...
Page 45 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"8" IXTR"Eqoocpfu" GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagate the local VLAN registration information to other switches, without having to individually configure each VLAN.
Page 46 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEhternet) Gzcorng" Enable the GVRP function for Fast Ethernet ports 2-6: VN/UN564:*eqphki+%kpvgthceg"tcpig"hcuvGvjgtpgv 1/0/2-6" VN/UN564:*eqphki/kh/tcpig+%ixtr" " ixtr"tgikuvtcvkqp" Fguetkrvkqp" The ixtr"...
Page 47 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ixtr"vkogt" Fguetkrvkqp" The ixtr"vkogt command is used to set a GVRP timer for the desired port. To restore to the default setting of a GARP timer, please use pq" ixtr" vkogt command. U{pvcz" ixtr"vkogt"{ leaveall | join | leave } value pq"ixtr"vkogt"{ leaveall | join | leave } Rctcogvgt"...
Page 48 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"ixtr"inqdcn" Fguetkrvkqp" The ujqy"ixtr"inqdcn command is used to display the global GVRP status. U{pvcz" ujqy"ixtr"inqdcn" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the global GVRP status: VN/UN564:*eqphki+%ujqy"ixtr"inqdcn" ujqy"ixtr"kpvgthceg" Fguetkrvkqp" The ujqy"ixtr"kpvgthceg command is used to display the GVRP configuration information of a specified Ethernet port or of all Ethernet ports.
Page 49 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"9" Gvjgtejcppgn"Eqoocpfu" Etherchannel Commands are used to configure LAG and LACP function. LAG (Link Aggregation Group) is to combine a number of ports together to make a single high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is the sum of bandwidth of its member port.
Page 50 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg rqtv/ejcppgn"nqcf/dcncpeg" Fguetkrvkqp" The"rqtv/ejcppgn"nqcf/dcncpeg"command is used to configure the Aggregate Arithmetic for LAG. To return to the default configurations, please use" pq" rqtv/ejcppgn"nqcf/dcncpeg command. U{pvcz" rqtv/ejcppgn"nqcf/dcncpeg {src-dst-mac | src-dst-ip} pq"rqtv/ejcppgn"nqcf/dcncpeg Rctcogvgt" src-dst-mac —— The source and destination MAC address. When this option is selected, the Aggregate Arithmetic will be based on the source and destination MAC addresses of the packets.
Page 51 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" pri —— The system priority, ranging from 0 to 65535. It is 32768 by default. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Configure the LACP system priority as 1024 globally: VN/UN564:*eqphki+%ncer"u{uvgo/rtkqtkv{ 1024 ncer"rqtv/rtkqtkv{" Fguetkrvkqp" The"ncer"rqtv/rtkqtkv{"command is used to configure the LACP system priority globally.
Page 52 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" channel-group-num —— The EtherChannel Group number, ranging from 1 to 14. By default, it is empty, and will display the information of all EtherChannel Groups. detail —— The detailed information of EtherChannel. summary ——...
Page 53 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" channel-group-num —— The EtherChannel Group number, ranging from 1 to 14. By default, it is empty, and will display the information of all LACP groups. internal —— The internal LACP information. neighbor —— The neighbor LACP information. Eqoocpf"Oqfg"...
Page 54 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt":" Wugt"Ocpcig"Eqoocpfu" User Manage Commands are used to manage the user’s logging information by Web, CLI or SSH, so as to protect the settings of the switch from being randomly changed. wugt"pcog" Fguetkrvkqp" The wugt"...
Page 55 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:*eqphki+%wugt"pcog"tplink rcuuyqtf password"v{rg admin uvcvwu enable wugt"ceeguu/eqpvtqn"kr/dcugf" Fguetkrvkqp" The wugt" ceeguu/eqpvtqn" kr/dcugf" command is used to limit the IP-range of the users for login. Only the users within the IP-range you set here are allowed to login.
Page 56 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" wugt"ceeguu/eqpvtqn oce/dcugf mac-addr pq"wugt"ceeguu/eqpvtqn Rctcogvgt" mac-addr —— The source MAC address. Only the user with this MAC address is allowed to login. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Configure that only the user with the MAC address 00:00:13:0A:00:01 is allowed to login: VN/UN564:*eqphki+%wugt"ceeguu/eqpvtqn"oce/dcugf 00:00:13:0A:00:01 wugt"ceeguu/eqpvtqn"rqtv/dcugf"...
Page 57 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:*eqphki+%wugt" ceeguu/eqpvtqn" rqtv/dcugf" kpvgthceg" tcpig" " hcuvGvjgtpgv 1/0/2-6" wugt"ocz/pwodgt" Fguetkrvkqp" The wugt"ocz/pwodgt command is used to configure the maximum login user number at the same time. To cancel the limit on login number, please use pq" wugt"ocz/pwodgt command.
Page 58 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" minutes ——The timeout time, ranging from 5 to 30 in minutes. The value is 10 by default. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Configure the timeout time of the switch as 15 minutes: VN/UN564:*eqphki+%wugt"kfng/vkogqwv"15 nkpg"...
Page 59 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Enter the Virtual Terminal configuration mode so as to prepare further configurations such as password and login mode for virtual terminal 0 to 5: VN/UN564:*eqphki+%nkpg"xv{"0 5 rcuuyqtf" Fguetkrvkqp" The" rcuuyqtf command is used to configure the connection password. To clear the password, please use"pq"rcuuyqtf"command.
Page 60 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" nqikp Eqoocpf"Oqfg" Line Configuration Mode Gzcorng" Configure the login of Console port connection 0 as login mode: VN/UN564:*eqphki+%nkpg"eqpuqng 0 VN/UN564:*eqphki/nkpg+%nqikp Configure the login of virtual terminal connection 0-5 as login mode: VN/UN564:*eqphki+%nkpg"xv{ 0 5 VN/UN564:*eqphki/nkpg+%nqikp nqikp"nqecn"...
Page 61 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"wugt"ceeqwpv/nkuv" Fguetkrvkqp" The ujqy"wugt"ceeqwpv/nkuv command is used to display the information of the current users. U{pvcz" ujqy"wugt"ceeqwpv/nkuv" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the information of the current users: VN/UN564:*eqphki+%ujqy"wugt"ceeqwpv/nkuv ujqy"wugt"eqphkiwtcvkqp"...
Page 62 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt";" Dkpfkpi"Vcdng"Eqoocpfu" You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be the condition for the ARP Inspection and IP verify source to filter the packets.
Page 63 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Bind an ACL entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and the Port number 5 manually. And then enable the entry for the ARP detection: VN/UN564:*eqphki+%kr"...
Page 64 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg The"kr"fjer"upqqrkpi"inqdcn command is configure DHCP-Snooping globally. To restore to the default value, please use pq" fjer/upqqrkpi" inqdcn" command. U{pvcz" kr" fjer" upqqrkpi" inqdcn" {" [inqdcn/tcvg global-rate] [fge/vjtgujqnf dec-threshold] [fge/tcvg dec-rate] } pq"kr"fjer"upqqrkpi"inqdcn" Rctcogvgt" global-rate ——...
Page 65 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" kr"fjer"upqqrkpi"kphqtocvkqp"qrvkqp pq"kr"fjer"upqqrkpi"kphqtocvkqp"qrvkqp" Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Enable the Option 82 function of DHCP Snooping: VN/UN564:*eqphki+%kr"fjer"upqqrkpi"kphqtocvkqp"qrvkqp kr"fjer"upqqrkpi"kphqtocvkqp"uvtcvgi{" Fguetkrvkqp" The" kr" fjer" upqqrkpi"kphqtocvkqp" uvtcvgi{" command is used to select the operation for the Option 82 field of the DHCP request packets from the Host. To restore to the default option, please use"...
Page 66 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg kr"fjer"upqqrkpi"kphqtocvkqp"tgoqvg/kf" Fguetkrvkqp" The"kr"fjer"upqqrkpi"kphqtocvkqp"tgoqvg/kf"command is used to enable and configure the customized sub-option Remote ID for the Option 82. To return to default Remote ID for the Option 82, please use pq kr" fjer" upqqrkpi" kphqtocvkqp"tgoqvg/kf"command.
Page 67 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg string —— Enter the sub-option Circuit ID, which contains 32 characters at most. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Enable and configure the customized sub-option Circuit ID for the Option 82 as “tplink”: VN/UN564:*eqphki+%kr"fjer"upqqrkpi"kphqtocvkqp"ektewkv/kf"tplink kr"fjer"upqqrkpi"vtwuv"...
Page 68 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg MAC address of the Host. The MAC Verify feature is to compare the two fields and discard the packet if the two fields are different. U{pvcz" kr"fjer"upqqrkpi"oce/xgtkh{" pq"kr"fjer"upqqrkpi"oce/xgtkh{" Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng"...
Page 69 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:*eqphki/kh+%kr"fjer"upqqrkpi"nkokv"tcvg"20 kr"fjer"upqqrkpi"fgenkpg" Fguetkrvkqp" The"kr"fjer"upqqrkpi"fgenkpg command is used to enable the Decline Protect feature. To disable the Decline Protect feature, please use" pq kr" fjer" upqqrkpi"fgenkpg command. U{pvcz" kr"fjer"upqqrkpi"fgenkpg" pq"kr"fjer"upqqrkpi"fgenkpg" Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng"...
Page 70 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"kr"fjer"upqqrkpi" Fguetkrvkqp" The"ujqy"kr"fjer"upqqrkpi command is used to display the running status of DHCP-Snooping. U{pvcz" ujqy"kr"fjer"upqqrkpi" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the running status of DHCP-Snooping: VN/UN564:%ujqy"kr"fjer"upqqrkpi" ujqy"kr"fjer"upqqrkpi"kphqtocvkqp" Fguetkrvkqp" The"...
Page 71 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" ujqy"kr"fjer"upqqrkpi"kpvgthceg"["hcuvGvjgtpgv port | ikicdkvGvjgtpgv port ] Rctcogvgtu" port ——The Fast/Gigabit Ethernet port number. Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the DHCP-Snooping configuration of all Ethernet ports: VN/UN564:%ujqy"kr"fjer"upqqrkpi"kpvgthceg Display the DHCP-Snooping configuration of Fast Ethernet port 5: VN/UN564:%ujqy"kr"fjer"upqqrkpi"kpvgthceg"hcuvGvjgtpgv"1/0/5...
Page 72 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"32" CTR"Kpurgevkqp"Eqoocpfu" ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc. kr"ctr"kpurgevkqp*inqdcn+" Fguetkrvkqp" The kr ctr"kpurgevkqp"command is used to enable the ARP Detection function globally.
Page 73 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEhternet) Gzcorng" Configure the Fast Ethernet ports 2-5 as the Trusted Port: VN/UN564:*eqphki+%kpvgthceg"tcpig hcuvGvjgtpgv 1/0/2-5 VN/UN564:*eqphki/kh/tcpig+%kr"ctr"kpurgevkqp"vtwuv kr"ctr"kpurgevkqp*kpvgthceg+" Fguetkrvkqp"...
Page 74 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg kr"ctr"kpurgevkqp"nkokv/tcvg" Fguetkrvkqp" The kr"ctr"kpurgevkqp"nkokv/tcvg command is used to configure the ARP speed of a specified port. To restore to the default speed, please use pq" kr" ctr" kpurgevkqp"nkokv/tcvg command. U{pvcz" kr"ctr"kpurgevkqp"nkokv/tcvg"value pq"kr"ctr"kpurgevkqp"nkokv/tcvg" Rctcogvgt" value ——The value to specify the maximum amount of the received ARP packets per second, ranging from 10 to 100 in pps(packet/second).
Page 75 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Restore Fast Ethernet port 5 to the ARP transmit status: VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv 1/0/5 VN/UN564:*eqphki/kh+%kr"ctr"kpurgevkqp"tgeqxgt" ujqy"kr"ctr"kpurgevkqp" Fguetkrvkqp" The ujqy" kr" ctr" kpurgevkqp command is used to display the ARP detection global configuration including the enable/disable status and the Trusted Port list. U{pvcz"...
Page 76 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Display the configuration of Fast Ethernet port 1: VN/UN564:*eqphki+%ujqy"kr"ctr"kpurgevkqp"kpvgthceg"hcuvGvjgtpgv"1/0/1" Display the configuration of all Ethernet ports: VN/UN564:*eqphki+%ujqy"kr"ctr"kpurgevkqp"kpvgthceg" ujqy"kr"ctr"kpurgevkqp"uvcvkuvkeu" Fguetkrvkqp" The"ujqy"kr"ctr"kpurgevkqp"uvcvkuvkeu command is used to display the number of the illegal ARP packets received. U{pvcz"...
Page 77 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"33" FqU"Fghgpf"Eqoocpf" DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend enabled, the switch can analyze the specific field of the received packets and provide the defend measures to ensure the normal working of the local network.
Page 78 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" scan-synfin —— Scan SYNFIN attack. xma-scan —— Xma Scan attack. null-scan —— NULL Scan attack. port-less-1024 ——The SYN packets whose Source Port less than 1024. ping-flood —— Ping flooding attack. With the ping flood attack enabled, the switch will limit automatically the forwarding speed of ping packets to 512 Kbps when attacked by ping flood.
Page 79 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"34" KGGG":2403Z"Eqoocpfu" IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the supplicant passing the authentication can access the LAN. fqv3z"u{uvgo/cwvj/eqpvtqn" Fguetkrvkqp" The fqv3z u{uvgo/cwvj/eqpvtqn command is used to enable the IEEE 802.1X function globally.
Page 80 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg pap: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client. The transmission of EAP packets is terminated at the switch and the EAP packets are converted to the other protocol (such as RADIUS) packets for transmission eap-md5: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client.
Page 81 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg fqv3z"swkgv/rgtkqf" Fguetkrvkqp" The fqv3z"swkgv/rgtkqf command is used to enable the quiet-period function. To disable the function, please use"pq"fqv3z"swkgv/rgtkqf command. U{pvcz" fqv3z"swkgv/rgtkqf" pq"fqv3z"swkgv/rgtkqf" Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Enable the quiet-period function: VN/UN564:*eqphki+%fqv3z"swkgv/rgtkqf" fqv3z"vkogqwv" Fguetkrvkqp"...
Page 82 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Global Configuration Mode Gzcorng" Configure the quiet period as 100 seconds: VN/UN564:*eqphki+%fqv3z"vkogqwv"swkgv/rgtkqf"100" fqv3z"ocz/tgcwvj/tgs" Fguetkrvkqp" The fqv3z" ocz/tgcwvj/tgs" command is used to configure the maximum transfer times of the repeated authentication request when the server cannot be connected.
Page 83 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg fqv3z" pq"fqv3z" Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng" Enable the IEEE 802.1X function for the Fast Ethernet port 1: VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv"1/0/1" VN/UN564:*eqphki/kh+%fqv3z" fqv3z"iwguv/xncp*kpvgthceg+"...
Page 84 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg The fqv3z" rqtv/eqpvtqn command is used to configure the Control Mode of IEEE 802.1X for the specified port. By default, the control mode is “auto”. To restore to the default configuration, please use" pq" fqv3z" rqtv/eqpvtqn command.
Page 85 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" mac-based | port-based ——The control type for the port. mac-based: Any client connected to the port should pass the 802.1X authentication for access. port-based: All the clients connected to the port can access the network on the condition that any one of the clients has passed the 802.1X Authentication.
Page 86 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ceev/rqtv" port —— The UDP port of accounting server(s) ranging from 1 to 65535. The default value is 1813. ceev/mg{"keyvalue —— The shared password for the switch and the accounting servers to exchange messages which contains 15 characters at most. vkogqwv value ——...
Page 87 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg The ujqy"fqv3z"inqdcn"command is used to display the global configuration of 801.X. U{pvcz" ujqy"fqv3z"inqdcn" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the configuration of 801.X globally: VN/UN564:*eqphki+%ujqy"fqv3z"inqdcn" ujqy"fqv3z"kpvgthceg" Fguetkrvkqp" The ujqy"fqv3z"kpvgthceg"command is used to display all ports or the specified port’s configuration information of 801.X.
Page 88 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg The ujqy"tcfkwu"ceeqwpvkpi command is used to display the configuration of the accounting server. U{pvcz" ujqy"tcfkwu"ceeqwpvkpi " Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Modes Gzcorng" Display the configuration of the accounting server: VN/UN564:*eqphki+%ujqy"tcfkwu"ceeqwpvkpi" ujqy"tcfkwu"cwvjgpvkecvkqp"...
Page 89 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"35" U{uvgo"Nqi"Eqoocpfu" The log information will record the settings and operation of the switch respectively for you to monitor operation status and diagnose malfunction. nqiikpi"dwhhgt" Fguetkrvkqp" The nqiikpi" dwhhgt" command is used to configure the severity level and the status of the configuration input to the log buffer.
Page 90 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg nqiikpi"hkng"hncuj" Fguetkrvkqp" The nqiikpi"hkng"hncuj command is used to configure the level and the status of the log file input. To disable the logging file flash funtion, please use pq nqiikpi" hkng"hncuj"command. The log file indicates the flash sector for saving system log. The information in the log file will not be lost after the switch is restarted and can be got by the ujqy"nqiikpi"hncuj"command."...
Page 91 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" buffer | flash —The output channels: buffer and flash. Clear the information of the two channels, by default. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Clear the information in the log file: VN/UN564:*eqphki+%engct nqiikpi buffer" nqiikpi"jquv"kpfgz"...
Page 92 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Set the IP address as 192.168.0.148, the level 5: VN/UN564:*eqphki+%nqiikpi"jquv"kpfgz 2 192.168.0.148 5 " ujqy"nqiikpi"nqecn/eqphki" Fguetkrvkqp" The ujqy"nqiikpi"nqecn/eqphki command is used to display the configuration of the Local Log including the log buffer and the log file. U{pvcz"...
Page 93 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Display the configuration of the log host 2: VN/UN564:*eqphki+%ujqy"nqiikpi"nqijquv"2" ujqy"nqiikpi"dwhhgt" Fguetkrvkqp" The ujqy"nqiikpi"dwhhgt command is used to display the log information in the log buffer according to the severity level. U{pvcz" ujqy"nqiikpi"dwhhgt"[ngxgn level] Rctcogvgt"...
Page 94 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the log information with the level marked 0~3 in the log file: VN/UN564:*eqphki+%ujqy"nqiikpi"hncuj"ngxgn"3...
Page 95 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"36" UUJ"Eqoocpfu" SSH (Security Shell) can provide the unsecured remote management with security and powerful authentication to ensure the security of the management information. kr"uuj"ugtxgt" Fguetkrvkqp" The" kr uuj" ugtxgt" command is used to enable SSH function. To disable the SSH function, please use pq"kr uuj"ugtxgt"command.
Page 96 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Enable SSH v2: VN/UN564:*eqphki+%kr"uuj"xgtukqp"v2 kr"uuj"vkogqwv" Fguetkrvkqp" The"kr"uuj"vkogqwv"command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use kr"uuj"vkogqwv"command. U{pvcz" kr"uuj"vkogqwv"value pq"kr"uuj"vkogqwv Rctcogvgt" value —— The Idle-timeout time. During this period, the system will automatically release the connection if there is no operation from the client.
Page 97 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Specify the maximum number of the connections to the SSH server as 3: VN/UN564:*eqphki+%kr"uuj"ocz/enkgpv"3 kr"uuj"fqypnqcf" Fguetkrvkqp" The" kr" uuj" fqypnqcf" command is used to download the SSH key file from TFTP server.
Page 98 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the global configuration of SSH: VN/UN564:*eqphki+%ujqy"kr"uuj...
Page 99 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"37" UUN"Eqoocpfu" " SSL（Secure Sockets Layer）, a security protocol, is to provide a secure connection for the application layer protocol(e.g. HTTP) based on TCP. Adopting asymmetrical encryption technology, SSL uses key pair to encrypt/decrypt information. A key pair refers to a public key (contained in the certificate) and its corresponding private key.
Page 100 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" ssl-cert —— The name of the SSL certificate which is selected to download to the switch. The length of the name ranges from 1 to 25 characters. The Certificate must be BASE64 encoded. ip-addr ——...
Page 101 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"kr"jvvr"ugewtg/ugtxgt" Fguetkrvkqp" The ujqy" kr" jvvr" ugewtg/ugtxgt command is used to display the global configuration of SSL. U{pvcz" ujqy"kr"jvvr"ugewtg/ugtxgt" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the global configuration of SSL: VN/UN564:*eqphki+%ujqy"kr"jvvr"ugewtg/ugtxgt"...
Page 102 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"38" OCE"Cfftguu"Eqoocpfu" " MAC address configuration can improve the network security by configuring the Port Security and maintaining the address information by managing the address Table. oce"cfftguu/vcdng"uvcvke" Fguetkrvkqp" The"oce"cfftguu/vcdng"uvcvke"command is used to add the static MAC address entry.
Page 103 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Delete the static address entry whose MAC address is 00:02:58:4f:6c:23: VN/UN564:*eqphki+%pq"oce"cfftguu/vcdng"uvcvke"00:02:58:4f:6c:23 oce"cfftguu/vcdng"cikpi/vkog" Fguetkrvkqp" The"oce"cfftguu/vcdng"cikpi/vkog"command is used to configure aging time for the dynamic address. To return to the default configuration, please use pq" oce"cfftguu/vcdng"cikpi/vkog"command.
Page 104 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" mac-addr —— The MAC address to be filtered. vid —— The corresponding VLAN ID of the MAC address. It ranges from 1 to 4094. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Add a filtering address entry of which VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: VN/UN564:*eqphki+%oce"cfftguu/vcdng"hknvgtkpi"oce"00:1e:4b:04:01:5d"xkf"1"...
Page 105 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg deleted manually. The learned entries will be cleared after the switch is rebooted. When permanent mode is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually too. However, the learned entries will be saved even the switch is rebooted.
Page 106 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"oce"cfftguu/vcdng"cikpi/vkog" Fguetkrvkqp" The" ujqy" oce" cfftguu/vcdng" cikpi/vkog" command is used to display the Aging Time of the MAC address. U{pvcz" ujqy"oce"cfftguu/vcdng"cikpi/vkog" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the Aging Time of the MAC address: VN/UN564:*eqphki+%ujqy"oce"cfftguu/vcdng"cikpi/vkog"...
Page 107 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"oce"cfftguu/vcdng"kpvgthceg" " Fguetkrvkqp" The" ujqy" oce" cfftguu/vcdng" kpvgthceg" command is used to display the address configuration of an Ethernet port. U{pvcz" ujqy"oce"cfftguu/vcdng"kpvgthceg"{ hcuvGvjgtpgv port | ikicdkvGvjgtpgv port }" Rctcogvgt" ——" port The Fast/Gigabit Ethernet port number. Eqoocpf"Oqfg"...
Page 108 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" ujqy"oce"cfftguu/vcdng"oce"mac-addr" Rctcogvgt" mac-addr —— The specified MAC address. Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the information of the MAC address 00:00:00:00:23:00 VN/UN564:*eqphki+%ujqy"oce"cfftguu/vcdng"oce"00:00:00:00:23:00" ujqy"oce"cfftguu/vcdng"xncp" Fguetkrvkqp" The" ujqy" oce" cfftguu/vcdng" xncp" command is used to display the MAC address configuration of the specified vlan.
Page 109 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"39" U{uvgo"Eqphkiwtcvkqp"Eqoocpfu" System Configuration Commands can be used to configure the system information and system IP of the switch, and to reboot and reset the switch, upgrade the switch system and commands used for device diagnose, including loopback test and cable test.
Page 110 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg UTC-12:00 —— TimeZone for International Date Line West. UTC-11:00 —— TimeZone for Coordinated Universal Time-11. UTC-10:00 —— TimeZone for Hawaii. UTC-09:00 —— TimeZone for Alaska. UTC-08:00 —— TimeZone for Pacific Time(US Canada). UTC-07:00 —— TimeZone for Mountain Time(US Canada). UTC-06:00 ——...
Page 111 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Global Configuration Mode Gzcorng" Configure the system time mode as NTP, the time zone is UTC-12:00, the primary NTP server is 133.100.9.2 and the secondary NTP server is 139.78.100.163, the fetching-rate is 11 hours: VN/UN564:*eqphki+%u{uvgo/vkog"...
Page 112 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg The"u{uvgo/vkog"fuv"fcvg"command is used to specify the DST configuration in Date mode. This configuration is recurring in use. By default, the current year is used as the starting time. DST time periods should be within 12 months over one/two year.
Page 113 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg u{uvgo/vkog" fuv" tgewttkpi {sweek} {sday} {smonth} {stime} {eweek} {eday} {emonth} {etime} [offset] Rctcogvgt" sweek —— Week to start, with the options: first, second, third, fourth, last. sday —— Day to start, with the options: Sun, Mon, Tue, Wed, Thu, Fri, Sat. smonth——...
Page 114 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg hostname —— System Name, ranging from 1 to 32 characters. It is the product name by default. Here it is TL-SL3428. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Configure the system name as TPLINK: VN/UN564:*eqphki+%jquvpcog TPLINK" nqecvkqp"...
Page 115 —— Contact Information. It consists of 32 characters at most. It is www.tp-link.com by default. Eqoocpf"Oqfg" Global Configuration Mode" Gzcorng" Configure the system contact information as www.tp-link.com: VN/UN564:*eqphki+%eqpvcev-kphq"www.tp-link.com kr"ocpcigogpv/xncp" Fguetkrvkqp" The" kr" ocpcigogpv/xncp" command is used to configure the management VLAN, through which you can log on to the switch.
Page 116 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg pq"kr"cfftguu" Rctcogvgt" ip-addr —— The system IP of the switch. The default system IP is 192.168.0.1. ip-mask —— The Subnet Mask of the switch. The default Subnet Mask is 255.255.255.0. gateway —— The Default Gateway of the switch. By default, it is empty. Eqoocpf"Oqfg"...
Page 117 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg The"kr"cfftguu/cnnqe"dqqvr"command is used to enable the BOOTP Protocol. When the BOOTP Protocol is enabled, the switch will obtain IP address from BOOTP Server. This command should be configured in the Interface Configuration Mode of the management VLAN. U{pvcz"...
Page 118 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg tgdqqv" Eqoocpf"Oqfg" Privileged EXEC Mode Gzcorng" Reboot the switch: VN/UN564:%tgdqqv" eqr{"twppkpi/eqphki"uvctvwr/eqphki" Fguetkrvkqp" The eqr{"twppkpi/eqphki"uvctvwr/eqphki"command is used to save the current settings. U{pvcz" eqr{"twppkpi/eqphki"uvctvwr/eqphki Eqoocpf"Oqfg" Privileged EXEC Mode Gzcorng" Save current settings: VN/UN564:%eqr{"twppkpi/eqphki"uvctvwr/eqphki" eqr{"uvctvwr/eqphki"vhvr" Fguetkrvkqp"...
Page 119 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Backup the configuration files to TFTP server with the IP 192.168.0.148 and name this file config.cfg: VN/UN564:% eqr{" uvctvwr/eqphki" vhvr" kr/cfftguu 192.168.0.148 hkngpcog config" eqr{"vhvr"uvctvwr/eqphki" Fguetkrvkqp" The eqr{"vhvr"uvctvwr/eqphki"command is used to download the configuration file to the switch from TFTP server.
Page 120 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ip-addr —— IP address of the TFTP server. name —— Specify the name for the firmware file. Eqoocpf"Oqfg" Privileged EXEC Mode Gzcorng" Upgrade the switch system file named as firmware.bin from the TFTP server with the IP address 192.168.0.148: VN/UN564:%hktoyctg"writcfg"kr/cfftguu"192.168.0.148"hkngpcog"firmware.bin rkpi"...
Page 121 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg vtcegtv" Fguetkrvkqp" The vtcegtv"command is used to test the connectivity of the gateways during its journey from the source to destination of the test data. U{pvcz" vtcegtv {ip_address} [-w {waitTime} ] [-h {maxHops} ] Rctcogvgt"...
Page 122 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" User EXEC Mode and Privileged EXEC Mode Gzcorng" Do an internal-type loopback test for Gigabit Ethernet port 25: VN/UN564:%"nqqrdcem"kpvgthceg"ikicdkvGvjgtpgv"1/0/25 internal Do an external-type loopback test for Gigabit Ethernet port 25: VN/UN564:%"nqqrdcem"kpvgthceg"ikicdkvGvjgtpgv 1/0/25 external ujqy"u{uvgo/vkog"...
Page 123 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Display the DST time information of the switch VN/UN564:%ujqy"u{uvgo/vkog"fuv" ujqy"u{uvgo/vkog"pvr" Fguetkrvkqp" The ujqy" u{uvgo/vkog" pvr" command is used to display the NTP mode configuration information. U{pvcz" ujqy"u{uvgo/vkog"pvr" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng"...
Page 124 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg The ujqy" twppkpi/eqphki" command is used to display the current operating configuration of the system or of a specified port. U{pvcz" ujqy"twppkpi/eqphki"[ kpvgthceg"{ hcuvGvjgtpgv"port"~"ikicdkvGvjgtpgv port } ] Rctcogvgt port —— The Fast/Gigabit Ethernet port number. Eqoocpf"Oqfg"...
Page 125 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"3:" Gvjgtpgv"Eqphkiwtcvkqp"Eqoocpfu" Ethernet Configuration Commands can be used to configure the Bandwidth Control, Negotiation Mode and Storm Control for Ethernet ports. kpvgthceg"hcuvGvjgtpgv Fguetkrvkqp" The kpvgthceg" hcuvGvjgtpgv" command is used to enter the interface fastEthernet Configuration Mode and configure the corresponding Fast Ethernet port.
Page 126 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Wugt"Iwkfgnkpgu" " Command in the" Kpvgthceg" Tcpig" hcuvGvjgtpgv" Mode is executed independently on all ports in the range. It does not effect the execution on the other ports at all if the command results in an error on one port. Gzcorng"...
Page 127 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt port-list —— The list of Gigabit Ethernet ports. Eqoocpf"Oqfg" Global Configuration Mode Wugt"Iwkfgnkpgu" " Command in the" Kpvgthceg" Tcpig" ikicdkvGvjgtpgv" Mode is executed independently on all ports in the range. It does not affect the execution on the other ports at all if the command results in an error on one port.
Page 128 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujwvfqyp Fguetkrvkqp" The" ujwvfqyp" command is used to disable an Ethernet port. To enable this port again, please use pq"ujwvfqyp"command. U{pvcz" ujwvfqyp" pq"ujwvfqyp" Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng"...
Page 129 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ogfkc/v{rg" Fguetkrvkqp" The"ogfkc/v{rg"command is used to configure the media type of Combo port. For a Combo port, the media type should be configured before you set its speed and mode. This command does not apply to TL-SL3452 since TL-SL3452 has no Combo port.
Page 130 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Configure the Duplex Mode as full-duplex for Gigabit Ethernet port 25: VN/UN564:*eqphki+%kpvgthceg"ikicdkvGvjgtpgv"1/0/25 VN/UN564:*eqphki/kh+%fwrngz full" urggf" Fguetkrvkqp" The"urggf"command is used to configure the Speed Mode for an Ethernet port. To return to the default configuration, please use pq"urggf"command." U{pvcz"...
Page 131 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg uvqto/eqpvtqn dtqcfecuv" pq"uvqto/eqpvtqn"dtqcfecuv" " Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng" Enable the broadcast control function for Fast Ethernet port 5: VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv"1/0/5 VN/UN564:*eqphki/kh+%uvqto/eqpvtqn"dtqcfecuv"...
Page 132 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg wpkecuv"command. Unicast control function allows the switch to filter UL frame in the network. If the transmission rate of the UL frames exceeds the set bandwidth in the tcvg, the packets will be automatically uvqto/eqpvqtn"...
Page 133 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Specify the storm control rate as 2Mbps for port5: VN/UN564:*eqphki+% interface fastEthernet 1/0/5 VN/UN564:*eqphki/kh+% storm-control rate 2m" dcpfykfvj" Fguetkrvkqp" The" dcpfykfvj" command is used to configure the bandwidth limit for an Ethernet port. To disable the bandwidth limit, please use pq" dcpfykfvj" command.
Page 134 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg engct"eqwpvgtu" Fguetkrvkqp" The engct"eqwpvgtu"command is used to clear the statistic information of all the Ethernet ports." U{pvcz" engct"eqwpvgtu Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Clear the statistic information of all Ethernet ports VN/UN564:*eqphki+%engct"eqwpvgtu" ujqy"kpvgthceg"uvcvwu" Fguetkrvkqp"...
Page 135 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"kpvgthceg"eqwpvgtu Fguetkrvkqp" The ujqy" kpvgthceg" eqwpvgtu" command is used to display the statistic information of an Ethernet port. U{pvcz" ujqy"kpvgthceg"[hcuvGvjgtpgv port"| ikicdkvGvjgtpgv port]"eqwpvgtu Rctcogvgt port —— The Fast/Gigabit Ethernet port number. By default, the statistic information of all ports is displayed.
Page 136 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"kpvgthceg"hnqyeqpvtqn Fguetkrvkqp" The ujqy"kpvgthceg"hnqyeqpvtqn"command is used to display the flow-control information of an Ethernet port." U{pvcz" ujqy"kpvgthceg"[ hcuvGvjgtpgv port"| ikicdkvGvjgtpgv port ]"hnqyeqpvtqn Rctcogvgt port —— The Fast/Gigabit Ethernet port number. Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng"...
Page 137 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"uvqto/eqpvtqn" Fguetkrvkqp" The ujqy" uvqto/eqpvtqn command is used to display the storm-control information of an Ethernet port. U{pvcz" ujqy" uvqto/eqpvtqn [ kpvgthceg { hcuvGvjgtpgv port | ikicdkvGvjgtpgv port | tcpig"hcuvGvjgtpgv port-list | tcpig"ikicdkvGvjgtpgv port-list } ]" Rctcogvgt port ——...
Page 138 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Display the bandwidth-limit information of Gigabit Ethernet port 25: VN/UN564:*eqphki+%ujqy"dcpfykfvj"kpvgthceg"ikicdkvGvjgtpgv"1/0/25" Display the bandwidth-limit information of Fast Ethernet ports 2, 6, 7, 8: VN/UN564:*eqphki+%ujqy" dcpfykfvj" kpvgthceg" tcpig" hcuvGvjgtpgv" 1/0/2,1/0/6-8"...
Page 139 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"3;" SqU"Eqoocpfu" QoS (Quality of Service) function is used to optimize the network performance. It provides you with network service experience of a better quality. squ" Fguetkrvkqp" The"squ command is used to configure CoS (Class of Service) based on port. To return to the default configuration, please use pq"squ command.
Page 140 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" squ"equ pq"squ"equ Eqoocpf"Oqfg" Global Configuration Mode Wugt"Iwkfgnkpgu" IEEE 802.1P gives the Pri field in IEEE 802.1Q tag a recommended definition. When the mapping relation between IEEE 802.1P Priority and TC egress queue is enabled, the data will be classified into the egress queue based on this mapping relation.
Page 141 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg squ"swgwg"equ/ocr" Fguetkrvkqp" The squ"swgwg"equ/ocr command is used to configure the mapping relation between IEEE 802.1P priority tag/IEEE 802.1Q tag, CoS value and the TC egress queue. To return to the default configuration, please use pq"squ"swgwg" equ/ocr command.
Page 142 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg divide IP datagram into 64 priorities. When DSCP Priority is enabled, IP datagram are mapped to different priority levels based on DSCP priority mode; non-IP datagram with IEEE 802.1Q tag are mapped to different priority levels based on IEEE 802.1P priority mode if IEEE 802.1P Priority is enabled;...
Page 143 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg queues and scheduling algorithms you set. On this switch, the priority levels are labeled as TC0, TC1… TC3. U{pvcz" squ"swgwg"oqfg"{ sp | wrr | sp+wrr | equ } pq"squ"swgwg"oqfg Rctcogvgt" sp —— Strict-Priority Mode. In this mode, the queue with higher priority will occupy the whole bandwidth.
Page 144 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" ujqy" squ" kpvgthceg" [ hcuvGvjgtpgv port" | ikicdkvGvjgtpgv port |" tcpig hcuvGvjgtpgv port-list |"tcpig"ikicdkvGvjgtpgv port-list ] " Rctcogvgt" port —— The Fast/Gigabit Ethernet port number. port-list —— The list of Ethernet ports. Eqoocpf"Oqfg"...
Page 145 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" ujqy"squ"fuer/ocr" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the configuration of DSCP Priority: VN/UN564:%ujqy squ"fuer/ocr" ujqy"squ"swgwg"oqfg" Fguetkrvkqp" The ujqy"squ"swgwg"oqfg command is used to display the schedule rule of the egress queues. U{pvcz"...
Page 146 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"42" Rqtv"Okttqt"Eqoocpfu" Port Mirror refers to the process of forwarding copies of packets from one port to a monitoring port. Usually, the monitoring port is connected to data diagnose device, which is used to analyze the monitored packets for monitoring and troubleshooting the network.
Page 147 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg oqpkvqt"uguukqp"uqwteg"kpvgthceg" Fguetkrvkqp" " oqpkvqt" uguukqp" uqwteg kpvgthceg command is used to configure the monitored port. To delete the corresponding monitored port, please use" pq oqpkvqt"uguukqp"uqwteg kpvgthceg command. U{pvcz" oqpkvqt" uguukqp" session_num uqwteg kpvgthceg { hcuvGvjgtpgv port-list | ikicdkvGvjgtpgv port-list } mode pq"...
Page 148 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:*eqphki+%oqpkvqt" uguukqp 1" uqwteg" kpvgthceg" hcuvGvjgtpgv 1/0/4-5,1/0/7 rx Delete the Fast Ethernet port 4 in monitor session 1 and its configuration: VN/UN564:*eqphki+%pq" oqpkvqt" uguukqp" 1" uqwteg" kpvgthceg" hcuvGvjgtpgv 1/0/4 rx ujqy"oqpkvqt"uguukqp" " Fguetkrvkqp" The ujqy"...
Page 149 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"43" Rqtv"kuqncvkqp"Eqoocpfu" Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding the port to forward packets to the ports that are not on its forwarding port list. rqtv"kuqncvkqp"...
Page 150 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"rqtv"kuqncvkqp" Fguetkrvkqp" The ujqy"rqtv"kuqncvkqp command is used to display the forward port list of a port. U{pvcz" ujqy"rqtv"kuqncvkqp"kpvgthceg [ hcuvGvjgtpgv port | ikicdkvGvjgtpgv port ] Rctcogvgt " port —— The number of Ethernet port you want to show its forward port list, in the format of 1/0/2.
Page 151 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"44" Nqqrdcem"Fgvgevkqp"Eqoocpfu" With loopback detection feature enabled, the switch can detect loops using loopback detection packets. When a loop is detected, the switch will display an alert or further block the corresponding port according to the configuration. nqqrdcem/fgvgevkqp*inqdcn+"...
Page 152 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Specify the interval-time as 50 seconds: VN/UN564:*eqphki+%nqqrdcem/fgvgevkqp"kpvgtxcn 50" nqqrdcem/fgvgevkqp"tgeqxgt{/vkog" Fguetkrvkqp" The nqqrdcem/fgvgevkqp" tgeqxgt{/vkog command is used to configure the time after which the blocked port would automatically recover to normal status. U{pvcz" nqqrdcem/fgvgevkqp"tgeqxgt{/vkog"recovery-time"...
Page 153 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Enable the loopback detection function of Gigabit Ethernet ports 25-27: VN/UN564:*eqphki+%kpvgthceg"tcpig"ikicdkvGvjgtpgv"1/0/25-27 VN/UN564:*eqphki/kh/tcpig+%nqqrdcem/fgvgevkqp" nqqrdcem/fgvgevkqp"eqphki" Fguetkrvkqp" The nqqrdcem/fgvgevkqp" eqphki command is used to configure the process-mode and recovery-mode for the ports by which the switch copes with the detected loops.
Page 154 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg nqqrdcem/fgvgevkqp"tgeqxgt" Fguetkrvkqp" The"nqqrdcem/fgvgevkqp"tgeqxgt"command is used to remove the block status of selected ports, thus recovering the blocked ports to normal status. U{pvcz" nqqrdcem/fgvgevkqp"tgeqxgt Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng"...
Page 155 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"nqqrdcem/fgvgevkqp"kpvgthceg" Fguetkrvkqp" The ujqy" nqqrdcem/fgvgevkqp" kpvgthceg command is used to display the configuration of loopback detection function and the status of all ports or of a specified Fast/Gigabit Ethernet port. U{pvcz" ujqy" nqqrdcem/fgvgevkqp" kpvgthceg" [ hcuvGvjgtpgv port | ikicdkvGvjgtpgv port ]"...
Page 156 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"45" CEN"Eqoocpfu" ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security.
Page 157 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" cduqnwvg"uvctv start-date gpf"end-date pq"cduqnwvg" Rctcogvgt" start-date —— The start date in Absoluteness Mode, in the format of MM/DD/YYYY. By default, it is 01/01/2000. end-date —— The end date in Absoluteness Mode, in the format of MM/DD/YYYY.
Page 158 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Configure the time-range tSeg1 with time from 8:30 to 12:00 at weekend: VN/UN564:*eqphki+%vkog/tcpig"tSeg1" VN/UN564:*eqphki/vkog/tcpig+%rgtkqfke" yggm/fcvg" off-day" vkog/unkeg3" 08:30-12:00" jqnkfc{" Fguetkrvkqp" The jqnkfc{ command is used to configure the time-range into Holiday Mode under Time-range Create Configuration Mode.
Page 159 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg end-date —— The end date of the holiday, in the format of MM/DD, for instance, 05/03. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Define National Day, configuring the start date as October 1st, and the end date as October 3rd:"...
Page 160 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" oce"ceeguu/nkuv"access-list-num pq"oce"ceeguu/nkuv"access-list-num" Rctcogvgt" access-list-num —— ACL ID, ranging from 0 to 99. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Create a MAC ACL whose ID is 23: VN/UN564:*eqphki+%oce"ceeguu/nkuv"23" ceeguu/nkuv"uvcpfctf" Fguetkrvkqp" The ceeguu/nkuv" uvcpfctf command is used to add Standard-IP ACL rule. To delete the corresponding rule, please use pq"ceeguu/nkuv"uvcpfctf command.
Page 161 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg destination-ip-mask —— The destination IP address mask. It is required if you typed the destination IP address. time-segment —— The time-range for the rule to take effect. By default, it is not limited. frag ——...
Page 162 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg source-ip —— The source IP address contained in the rule. source-ip-mask —— The source IP address mask. It is required if you typed the source IP address. destination-ip —— The destination IP address contained in the rule. destination-ip-mask ——...
Page 163 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg twng" Fguetkrvkqp" The twng command is used to configure MAC ACL rule. To delete the corresponding rule, please use pq"twng command. U{pvcz" twng rule-id { deny | permit } [ [uoce source-mac] uocum source-mac-mask ] [ [foce destination-mac] focum destination-mac-mask ] [xkf vlan-id] [v{rg ethernet-type] [rtk user-pri] [vugi time-segment] pq"twng rule-id"...
Page 164 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:*eqphki+%oce"ceeguu/nkuv"20" VN/UN564:*eqphki/oce/cen+%twng" 10 permit uoce 00:01:3F:48:16:23 uocum 11:11:11:11:11:00 xkf 2 rtk 5 vugi tSeg1 ceeguu/nkuv"rqnke{"pcog" Fguetkrvkqp" The ceeguu/nkuv" rqnke{" pcog command is used to add Policy. To delete the corresponding Policy, please use pq" ceeguu/nkuv" rqnke{" pcog command. A Policy is used to control the data packets those match the corresponding ACL rules by configuring ACLs and actions together for effect.
Page 165 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" policy-name —— The Policy Name, ranging from 1 to 16 characters. acl-id —— The ID of the ACL to which the above policy is applied. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Add ACL whose ID is 120 to policy1 and create an action for them: VN/UN564:*eqphki+%ceeguu/nkuv"rqnke{"cevkqp"policy1 120"...
Page 166 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" u/eqpfkvkqp"tcvg"rate"quf"{none | discard} Rctcogvgt" rate —— The rate of Stream Condition, ranging from 0 to 100000kbps. osd —— Out of Band disposal of Stream Condition. It is the disposal way of the data packets those are transmitted beyond the rate.
Page 167 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ceeguu/nkuv"dkpf*kpvgthceg+" Fguetkrvkqp" The ceeguu/nkuv"dkpf command is used to bind a policy to a specified port. To cancel the bind relation, please use pq"ceeguu/nkuv"dkpf command. U{pvcz" ceeguu/nkuv"dkpf"policy-name pq"ceeguu/nkuv"dkpf policy-name Rctcogvgt" policy-name —— The name of the policy desired to bind. Eqoocpf"Oqfg"...
Page 168 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Bind policy1 to VLAN 2: VN/UN564:*eqphki+%kpvgthceg"xncp"2" VN/UN564:*eqphki/kh+%ceeguu/nkuv"dkpf policy1 ujqy"vkog/tcpig" Fguetkrvkqp" The ujqy" vkog/tcpig command is used to display the configuration of time-range. U{pvcz" ujqy"vkog/tcpig" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng"...
Page 169 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" ujqy"ceeguu/nkuv"[acl-id]" Rctcogvgt" acl-id —— The ID of the ACL selected to display the configuration. Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the configuration of the MAC ACL whose ID is 20: VN/UN564:%ujqy"ceeguu/nkuv 20 ujqy"ceeguu/nkuv"rqnke{"...
Page 170 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Display the configuration of Policy bind: VN/UN564:%ujqy"ceeguu/nkuv"dkpf"...
Page 171 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"46" OUVR"Eqoocpfu" MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as well as optimize paths.
Page 172 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv"1/0/2" VN/UN564:*eqphki/kh+%urcppkpi/vtgg" urcppkpi/vtgg"eqooqp/eqphki" Fguetkrvkqp" The urcppkpi/vtgg" eqooqp/eqphki command is used to configure the parameters of the ports for comparison in the CIST and the common parameters of all instances. To return to the default configuration, please use pq" urcppkpi/vtgg"...
Page 173 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg designated port, they can transit their states to forwarding rapidly to reduce the unnecessary forward delay. Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng"...
Page 174 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg urcppkpi/vtgg"ouv"eqphkiwtcvkqp" Fguetkrvkqp" The urcppkpi/vtgg" ouv" eqphkiwtcvkqp command is used to access MST Configuration Mode from Global Configuration Mode, as to configure the VLAN-Instance mapping, region name and revision level. To return to the default configuration of the corresponding Instance, please use pq"...
Page 175 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Map the VLANs 1-100 to Instance 1:" VN/UN564:*eqphki+%urcppkpi/vtgg"ouv"eqphkiwtcvkqp" VN/UN564:*eqphki/ouv+%kpuvcpeg"1"xncp"1-100 Disable Instance 1, namely remove all the mapping VLANs 1-100:" VN/UN564:*eqphki+%urcppkpi/vtgg"ouv"eqphkiwtcvkqp" VN/UN564:*eqphki/ouv+%pq"kpuvcpeg"1" Remove VLANs 1-50 in mapping VLANs 1-100 for Instance 1:" VN/UN564:*eqphki+%urcppkpi/vtgg"ouv"eqphkiwtcvkqp" VN/UN564:*eqphki/ouv+%pq"kpuvcpeg"1"xncp"1-50 pcog"...
Page 176 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgtu" revision —— The revision level for MST region identification, ranging from 0 to 65535. Eqoocpf"Oqfg" MST Configuration Mode" Gzcorng" Configure the revision level of MST as 100:" VN/UN564:*eqphki+%urcppkpi/vtgg"ouv"eqphkiwtcvkqp" VN/UN564:*eqphki/ouv+%tgxkukqp 100 urcppkpi/vtgg"ouv"kpuvcpeg" Fguetkrvkqp" The urcppkpi/vtgg"ouv"kpuvcpeg"command is used to configure the priority of MST instance.
Page 177 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg urcppkpi/vtgg"ouv" Fguetkrvkqp" The urcppkpi/vtgg"ouv command is used to configure MST Instance Port. To return to the default configuration of the corresponding Instance Port, please use"pq urcppkpi/vtgg"ouv"command. A port can play different roles in different spanning tree instance.
Page 178 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg U{pvcz" urcppkpi/vtgg"rtkqtkv{"pri pq"urcppkpi/vtgg"rtkqtkv{" Rctcogvgt" pri —— Bridge priority, ranging from 0 to 61440. It is 32768 by default. Eqoocpf"Oqfg" Global Configuration Mode" Gzcorng" Configure the bridge priority as 4096:" VN/UN564:*eqphki+%urcppkpi/vtgg"rtkqtkv{"4096 urcppkpi/vtgg"ve/fghgpf" Fguetkrvkqp" The urcppkpi/vtgg"ve/fghgpf command is used to configure the TC Protect of Spanning Tree globally.
Page 179 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg urcppkpi/vtgg"vkogt" Fguetkrvkqp" The urcppkpi/vtgg" vkogt command is used to configure forward-time, hello-time and max-age of Spanning Tree. To return to the default configurations, please use pq"urcppkpi/vtgg"vkogt"command. U{pvcz" urcppkpi/vtgg" vkogt" {" [hqtyctf/vkog forward-time] [jgnnq/vkog hello-time] [ocz/cig max-age] } pq"urcppkpi/vtgg"vkogt Rctcogvgt"...
Page 180 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg urcppkpi/vtgg"jqnf/eqwpv"value pq"urcppkpi/vtgg"jqnf/eqwpv Rctcogvgt" value —— The maximum number of BPDU packets transmitted per Hello Time interval, ranging from 1 to 20 in pps. By default, it is 5. Eqoocpf"Oqfg" Global Configuration Mode" Gzcorng" Configure the hold-count of STP as 8pps:"...
Page 181 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg urcppkpi/vtgg"drfwhknvgt" Fguetkrvkqp" The urcppkpi/vtgg" drfwhknvgt" command is used to enable the BPDU filter function for a port. With the function enabled, the port can be prevented from receiving and sending any BPDU packets. To disable the BPDU filter function, please use pq"urcppkpi/vtgg"drfwhknvgt command.
Page 182 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv"1/0/2" VN/UN564:*eqphki/kh+%urcppkpi/vtgg"drfwiwctf" urcppkpi/vtgg"iwctf"nqqr" Fguetkrvkqp" The urcppkpi/vtgg"iwctf"nqqr"command is used to enable the Loop Protect function for a port. Loop Protect is to prevent the loops in the network brought by recalculating STP because of link failures and network congestions. To disable the Loop Protect function, please use pq"urcppkpi/vtgg"iwctf"nqqr command.
Page 183 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng" Enable the Root Protect function for Fast Ethernet port 2: VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv"1/0/2" VN/UN564:*eqphki/kh+%urcppkpi/vtgg"iwctf"tqqv"...
Page 184 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg urcppkpi/vtgg"iwctf"ve" Fguetkrvkqp" The urcppkpi/vtgg" iwctf" ve command is used to enable the TC Protect of Spanning Tree function for a port. To disable the TC Protect of Spanning Tree function, please use pq"urcppkpi/vtgg"iwctf"ve command. A switch removes MAC address entries upon receiving TC-BPDUs.
Page 185 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv"1/0/2" VN/UN564:*eqphki/kh+%urcppkpi/vtgg"oejgem" ujqy"urcppkpi/vtgg"cevkxg" Fguetkrvkqp" The ujqy" urcppkpi/vtgg" cevkxg command is used to display the active information of spanning-tree. U{pvcz" ujqy"urcppkpi/vtgg"cevkxg" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the active information of spanning-tree:" VN/UN564:*eqphki+%ujqy"urcppkpi/vtgg"cevkxg"...
Page 186 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"urcppkpi/vtgg"kpvgthceg" Fguetkrvkqp" The ujqy" urcppkpi/vtgg" kpvgthceg command is used to display the spanning-tree information of all ports or a specified port. U{pvcz" ujqy" urcppkpi/vtgg" kpvgthceg [ hcuvGvjgtpgv port | ikicdkvGvjgtpgv port ]" [edge | ext-cost | int-cost | mode | p2p | priority | role | state | status] Rctcogvgt"...
Page 187 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Display the protect information of all ports:" VN/UN564:*eqphki+%ujqy"urcppkpi/vtgg"kpvgthceg/ugewtkv{" Display the protect information of Gigabit Ethernet port 25:" VN/UN564:*eqphki+%ujqy" urcppkpi/vtgg" kpvgthceg/ugewtkv{" ikicdkvGvjgtpgv 1/0/25" " Display the interface security bpdufilter information:" VN/UN564:*eqphki+%"ujqy"urcppkpi/vtgg"kpvgthceg/ugewtkv{"drfwhknvgt" ujqy"urcppkpi/vtgg"ouv" Fguetkrvkqp" The ujqy"...
Page 188 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"47" KIOR"Eqoocpfu" IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on Layer 2 switch. It can effectively prevent multicast groups being broadcasted in the network. kr"kior"upqqrkpi*inqdcn+" Fguetkrvkqp" The kr kior"upqqrkpi"command is used to configure IGMP Snooping globally. To disable the IGMP Snooping function, please use pq"...
Page 189 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Enable IGMP Snooping function of Gigabit Ethernet port 25: VN/UN564:*eqphki+%kpvgthceg ikicdkvGvjgtpgv"1/0/25 VN/UN564:*eqphki/kh+%kr"kior"upqqrkpi" kr"kior"upqqrkpi"koogfkcvg/ngcxg" Fguetkrvkqp" The" kr" kior" upqqrkpi" koogfkcvg/ngcxg" command is used to configure the Fast Leave function for port. To disable the Fast Leave function, please use pq" kr"kior"upqqrkpi"koogfkcvg/ngcxg command.
Page 190 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Specify the operation of processing unknown multicast as “discard”: VN/UN564:*eqphki+%kr"kior"upqqrkpi"ftqr/wpmpqyp" kr"kior"upqqrkpi"xncp/eqphki" Fguetkrvkqp" The"kr"kior"upqqrkpi"xncp/eqphki command is used to enable VLAN IGMP Snooping function or to modify IGMP Snooping parameters, and to create static multicast IP entry.
Page 191 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg the format of 1/0/2; Gigabit Ethernet port, ranging from 1-4, in the format of 1/0/2. vlan-id —— The VLAN ID of the multicast IP, ranging from 1 to 4094. ip —— The static multicast IP address. port-list ——...
Page 192 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg leave-time —— Leave Time, which is the interval between the switch receiving a leave message from a host and the switch removing the host from the multicast groups. Leave Time ranges from 1 to 30 in seconds. By default, it is 1. port ——...
Page 193 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg kr"kior"upqqrkpi"hknvgt*inqdcn+" Fguetkrvkqp" The"kr"kior"upqqrkpi"hknvgt"command is used to add or modify the multicast filtering IP-range. To delete the multicast filtering IP-range, please use" pq" kr" kior"upqqrkpi"hknvgt command. U{pvcz" kr"kior"upqqrkpi"hknvgt id start-ip end-ip pq kr"kior"upqqrkpi"hknvgt id Rctcogvgt"...
Page 194 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng" Enable IGMP Snooping filter function for Gigabit Ethernet port 26: VN/UN564:*eqphki+%kpvgthceg ikicdkvGvjgtpgv"1/0/26" VN/UN564:*eqphki/kh+%kr"kior"upqqrkpi"hknvgt" kr"kior"upqqrkpi"hknvgt"oczitqwr" Fguetkrvkqp" The"...
Page 195 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" mode —— Action Mode, with “refuse” and “accept” options. “Refuse” indicates only the multicast packets whose multicast IP is not in the IP-range will be processed, while “accept” indicates only the multicast packets whose multicast IP is in the IP-range will be processed.
Page 196 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy" kr" kior" upqqrkpi" kpvgthceg" {" hcuvGvjgtpgv port-list | ikicdkvGvjgtpgv port-list } { basic-config | filter | packet-stat }" Rctcogvgt" port —— The Fast/Gigabit Ethernet port number. By default, the configuration of all ports is displayed. basic-config | filter | packet-stat ——...
Page 197 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"kr"kior"upqqrkpi"ownvk/xncp" Fguetkrvkqp" The ujqy" kr" kior" upqqrkpi" ownvk/xncp command is used to display the Multicast VLAN configuration. U{pvcz" ujqy"kr"kior"upqqrkpi"ownvk/xncp" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the Multicast VLAN configuration: VN/UN564:%ujqy"kr"kior"upqqrkpi"ownvk/xncp"...
Page 198 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg VN/UN564:%ujqy"kr"kior"upqqrkpi"itqwru Display all the multicast entries in VLAN 5: VN/UN564:*eqphki+%ujqy"kr"kior"upqqrkpi"itqwru"xncp"5 Display the count of multicast entries in VLAN 5: VN/UN564:*eqphki+%ujqy"kr"kior"upqqrkpi"itqwru"xncp"5 count ujqy"kr"kior"upqqrkpi"hknvgt" Fguetkrvkqp" The ujqy"kr"kior"upqqrkpi"hknvgt command is used to display the Multicast Filter address table. U{pvcz"...
Page 199 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"48" UPOR"Eqoocpfu" SNMP (Simple Network Management Protocol) functions are used to manage the network devices for a smooth communication, which can facilitate the network administrators to monitor the network nodes and implement the proper operation. upor/ugtxgt"...
Page 200 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" name —— The entry name of View, ranging from 1 to 16 characters. Each View can include several entries with the same name. mib-oid —— MIB Object ID. It is the Object Identifier (OID) for the entry of View, ranging from 1 to 61 characters.
Page 201 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg smode —— Security Model, with v1、v2c and v3 options. They represent SNMP v1, SNMP v2c and SNMP v3. slev —— The Security Level of SNMP v3 Group. There are three options, including noAuthNoPriv（no authorization and no encryption）、authNoPriv （authorization and no encryption）...
Page 202 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Rctcogvgt" name —— User Name, ranging from 1 to 16 characters. local | remote —— User Type, with local and remote options. Local indicates that the user is connected to a local SNMP engine, while remote indicates that the user is connected to a remote SNMP engine.
Page 203 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Add Local User admin to Group group2, and configure the Security Model of the user as v3, the Security Level of the group as authPriv, the Authentication Mode of the user as MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: VN/UN564:*eqphki+%upor/ugtxgt"...
Page 204 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg upor/ugtxgt"jquv" Fguetkrvkqp" The upor/ugtxgt" jquv command is used to add Notification. To delete the corresponding Notification, please use pq" upor/ugtxgt" jquv command. With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views, which allows the management station to monitor and process the events in time.
Page 205 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg timeout —— The maximum time for the switch to wait for the response from the management station before resending a request, ranging from 1 to 3600 in seconds. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Add a Notification entry, and configure the IP address of the management Host as 192.168.0.146, the UDP port as 162, the User name of the management station as admin, the Security Model of the management station as v2c, the type...
Page 206 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Specify the local engineID as 1234567890, and the remote engineID as abcdef123456: VN/UN564:*eqphki+%upor/ugtxgt" gpikpgKF" nqecn" 1234567890" tgoqvg" abcdef123456" upor/ugtxgt"vtcru"upor" Fguetkrvkqp" The upor/ugtxgt vtcru" upor command is used to enable SNMP standard traps which include four types: linkup, linkdown, warmstart and coldstart. To disable the sending of SNMP standard traps, please use pq"upor/ugtxgt"vtcru"...
Page 207 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg upor/ugtxgt"vtcru"nkpm/uvcvwu" Fguetkrvkqp" The upor/ugtxgt" vtcru" nkpm/uvcvwu" command is used to enable SNMP link status trap for the specified port. To disable the sending of SNMP link status trap, please use pq"upor/ugtxgt"vtcru"nkpm/uvcvwu"command. U{pvcz" upor/ugtxgt"vtcru"nkpm/uvcvwu pq"upor/ugtxgt"vtcru"nkpm/uvcvwu"...
Page 208 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ipaddr-change —— Enable ipaddr-change trap. It is sent when IP address is changed such as user manually modifies the IP address or the switch obtains a new IP address from DHCP. loopback-detection —— Enable loopback-detection trap. It is sent when the switch detects loopback or loopback is cleared.
Page 209 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg max-learned —— Enable MAC address max-learned trap. It is sent when the amount of learned MAC address reaches the limit which is configured in port security module. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Enable all SNMP extended MAC address-related traps for the switch: VN/UN564:*eqphki+%"upor/ugtxgt"vtcru"oce"...
Page 210 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg toqp"jkuvqt{" Fguetkrvkqp" The toqp"jkuvqt{ command is used to configure the history sample entry. To return to the default configuration, please use pq" toqp" jkuvqt{ command. RMON (Remote Monitoring), basing on SNMP architecture, functions to monitor the network.
Page 211 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg command. Event Group, as one of the commonly used RMON Groups, is used to define RMON events. Alarms occur when an event is detected. U{pvcz" toqp"gxgpv index { [ wugt user-name ] [ fguetkrvkqp descript ] [ v{rg {none | log | notify | log-notify } ] [qypgt owner-name] } pq"toqp"gxgpv index Rctcogvgt"...
Page 212 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg value of a monitored variable exceeds the threshold, an alarm event is generated, which triggers the switch to act in the set way. U{pvcz" toqp" cncto index kpvgthceg" {" hcuvGvjgtpgv port | ikicdkvGvjgtpgv port } [ cncto/xctkcdng"...
Page 213 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg triggered either the sampled value exceeds the Rising Threshold or is under the Falling Threshold . By default, the Alarm Type is all. owner-name —— The owner of the entry, ranging from 1 to 16 characters. By default, it is monitor.
Page 214 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the View table: VN/UN564:%ujqy"upor/ugtxgt"xkgy" ujqy"upor/ugtxgt"itqwr" Fguetkrvkqp" The ujqy"upor/ugtxgt"itqwr"command is used to display the Group table." U{pvcz" ujqy"upor/ugtxgt"itqwr" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng"...
Page 215 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"upor/ugtxgt"eqoowpkv{" Fguetkrvkqp" The ujqy" upor/ugtxgt" eqoowpkv{ command is used to display the Community table. U{pvcz" ujqy"upor/ugtxgt"eqoowpkv{" Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the Community table:" VN/UN564:%ujqy"upor/ugtxgt"eqoowpkv{" ujqy"upor/ugtxgt"jquv" Fguetkrvkqp" The ujqy"upor/ugtxgt"jquv"command is used to display the Host table." U{pvcz"...
Page 216 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Display the engineID:" VN/UN564:%ujqy"upor/ugtxgt"gpikpgKF" ujqy"toqp"jkuvqt{" Fguetkrvkqp" The ujqy"toqp"jkuvqt{ command is used to display the configuration of the history sample entry. U{pvcz" ujqy"toqp"jkuvqt{"[index]" Rctcogvgt" index —— The index number of the entry selected to display the configuration, ranging from 1 to 12, in the format of 1-3, 5.
Page 217 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the Event configuration of entry1-4: VN/UN564:%ujqy"toqp"gxgpv 1-4" ujqy"toqp"cncto" Fguetkrvkqp" The ujqy" toqp" cncto command is used to display the configuration of the Alarm Management entry. U{pvcz"...
Page 218 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Ejcrvgt"49" Enwuvgt"Eqoocpfu" Cluster Management function enables a network administrator to manage the scattered devices in the network via a management device. After a commander switch is configured, management and maintenance operations intended for the member devices in a cluster is implemented by the commander device.
Page 219 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg Gzcorng" Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: VN/UN564:*eqphki+%enwuvgt"pfr" " VN/UN564:*eqphki+%enwuvgt"pfr"vkogt"jgnnq"50 cikpi"120" enwuvgt"pvfr" Fguetkrvkqp" The enwuvgt"pvfr command is used to configure NTDP globally. To return to the default configuration, please use pq"...
Page 220 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg hop-value —— NTDP Hops, which is the hop count the switch topology collects. NTDP Hops ranges from 1 to 16. By default, it is 3. Eqoocpf"Oqfg" Global Configuration Mode Gzcorng" Enable NTDP function globally, and specify NTDP Hops as 5, NTDP Interval Time as 30 minutes: VN/UN564:*eqphki+%enwuvgt"pvfr"...
Page 221 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ntdp —— Enable/ Disable NTDP function for the port. By default, it is enabled. Eqoocpf"Oqfg" Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Gzcorng" Enable NDP and NTDP function for Fast Ethernet port 5: VN/UN564:*eqphki+%kpvgthceg"hcuvGvjgtpgv"1/0/5"...
Page 222 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"enwuvgt"pfr" Fguetkrvkqp" The ujqy" enwuvgt" pfr" command is used to display NDP configuration of certain ports. U{pvcz" ujqy"enwuvgt"pfr"["kpvgthceg"[ hcuvGvjgtpgv"port | ikicdkvGvjgtpgv port] ] Rctcogvgt" port —— The Fast/Gigabit Ethernet port number. By default, the configuration of all Fast / Gigabit Ethernet ports is displayed.
Page 223 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"enwuvgt"pvfr" Fguetkrvkqp" The ujqy" enwuvgt" pvfr command is used to display NTDP configuration information. U{pvcz" ujqy" enwuvgt" pvfr" [" kpvgthceg" [hcuvGvjgtpgv" port | ikicdkvGvjgtpgv port ] | fgxkeg/nkuv"] Rctcogvgt" port —— The Fast/Gigabit Ethernet port number. By default, the configuration of all Fast / Gigabit Ethernet ports is displayed.
Page 224 VN/UN564:1VN/UN5674 LgvUvtgco" N4" Ocpcigf" Uykvej" ENK" Iwkfg ujqy"enwuvgt"ocpcig"tqng" Fguetkrvkqp" The ujqy" enwuvgt" ocpcig" tqng command is used to display the role of the current switch. U{pvcz" ujqy"enwuvgt"ocpcig"tqng Eqoocpf"Oqfg" Privileged EXEC Mode and Any Configuration Mode Gzcorng" Display the role of the current switch: VN/UN564:*eqphki+%ujqy"enwuvgt"ocpcig"tqng"...

This manual is also suitable for:

Jetstream tl-sl3428

TP-Link JetStream TL-SL3452 Reference Manual

Quick Links

Need help?

Questions and answers

Related Manuals for TP-Link JetStream TL-SL3452

Summary of Contents for TP-Link JetStream TL-SL3452

This manual is also suitable for: