TP-Link JetStream TL-SG3216 Reference Manual
  1. Manuals
  2. Brands
  3. TP-Link Manuals
  4. Switch
  5. JetStream TL-SG3216
  6. Reference manual

TP-Link JetStream TL-SG3216 Reference Manual

Jetstream l2 lite managed switch
Hide thumbs Also See for JetStream TL-SG3216:
Table of Contents

Advertisement

Quick Links

See also: User Manual , Cli Reference Manual
TL-SG3216/TL-SG3424
JetStream L2 Lite Managed Switch
Rev: 1.0.2
1910010511

Advertisement

Table of Contents
loading

Related Manuals for TP-Link JetStream TL-SG3216

Summary of Contents for TP-Link JetStream TL-SG3216

  • Page 1 TL-SG3216/TL-SG3424 JetStream L2 Lite Managed Switch Rev: 1.0.2 1910010511...
  • Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.

  • Page 3: Table Of Contents

    CONTENTS Preface ......................1 Chapter 1 Using the CLI ..................4 1.1 Accessing the CLI ......................4 1.1.1 Logon by a console port ..................4 1.1.2 Logon by Telnet ....................6 1.2 CLI Command Modes .....................8 1.3 Security Levels ......................10 1.4 Conventions ........................11 1.4.1 Format Conventions ...................
  • Page 4 show mac-vlan ........................21 Chapter 5 Protocol VLAN Commands............... 22 protocol-vlan template ......................22 protocol-vlan vlan ........................22 show protocol-vlan template....................23 show protocol-vlan vlan ......................23 Chapter 6 Voice VLAN Commands ..............25 voice-vlan enable ........................25 voice-vlan aging-time ......................25 voice-vlan priority ........................26 voice-vlan oui ........................26 switchport voice-vlan mode ....................27 switchport voice-vlan security....................28 show voice-vlan global ......................28...
  • Page 5 lacp system-priority .......................39 lacp port-priority........................40 show lacp ..........................40 show lacp interface........................41 Chapter 10 User Manage Commands..............42 user add ..........................42 user remove ..........................43 user modify status .........................43 user modify type ........................44 user modify password......................44 user access-control disable ....................45 user access-control ip-based....................45 user access-control mac-based.....................46 user access-control port-based .....................46 user max-number ........................47...
  • Page 6 Chapter 12 ARP Inspection Commands.............. 60 arp detection (global)......................60 arp detection trust-port ......................60 arp detection (interface)......................61 arp detection limit-rate ......................61 arp detection recover......................62 show arp detection global......................63 show arp detection interface....................63 show arp detection statistic ....................63 show arp detection statistic reset ..................64 Chapter 13 DoS Defend Command..............
  • Page 7 show dot1x interface ......................79 show radius authentication ....................79 show radius accounting ......................80 Chapter 15 Log Commands ................. 81 logging local buffer ........................81 logging local flash........................81 logging clear ..........................82 logging loghost ........................83 show logging local-config ......................83 show logging loghost ......................84 show logging buffer level .......................84 show logging flash level......................85 Chapter 16 SSH Commands.................
  • Page 8 system-time gmt ........................97 system-time manual ......................98 ip address..........................98 ip dhcp-alloc ..........................99 ip bootp-alloc .........................99 reset ............................100 reboot ..........................100 user-config backup ......................101 user-config load........................101 user-config save ........................102 firmware upgrade ........................102 ping .............................103 tracert ..........................103 loopback ..........................104 show system-info.........................104 show ip address ........................105 Chapter 20 Ethernet Configuration Commands ..........106 interface ethernet ........................106 interface range ethernet ......................106...
  • Page 9 qos ............................116 qos dot1p config ........................116 qos dscp enable ........................117 qos dscp config ........................118 qos scheduler ........................119 show qos port-based ......................120 show qos dot1p ........................120 show qos dscp........................120 show qos scheduler......................121 Chapter 22 Port Mirror Commands ..............122 mirror add ..........................122 mirror remove group ......................123 mirror remove mirrored......................123...
  • Page 10 spanning-tree mcheck ......................140 show spanning-tree global-info....................140 show spanning-tree global-config ..................141 show spanning-tree port-config ...................141 show spanning-tree region ....................142 show spanning-tree msti config ...................142 show spanning-tree msti port ....................142 show spanning-tree security tc-defend ................143 show spanning-tree security port-defend................143 Chapter 25 IGMP Commands................145 igmp-snooping global ......................145 igmp-snooping config ......................145 igmp-snooping vlan-config-add ...................146...
  • Page 11 snmp-rmon history owner ....................163 snmp-rmon history enable ....................163 snmp-rmon event user......................164 snmp-rmon event description ....................164 snmp-rmon event type......................165 snmp-rmon event owner......................166 snmp-rmon event enable.....................166 snmp-rmon alarm config......................167 snmp-rmon alarm owner......................168 snmp-rmon alarm enable.....................169 show snmp global-config .....................169 show snmp view ........................170 show snmp group ........................170 show snmp user ........................170 show snmp community ......................171...

  • Page 12: Preface

    Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SG3216/TL-SG3424 JetStream L2 Lite Managed Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels and some Conventions.
  • Page 13 Provide information about the commands used for protecting the switch from the ARP cheating or ARP Attack. Chapter 13: DoS Defend Command Provide information about the commands used for DoS defend and detecting the DoS attack. Chapter 14: IEEE 802.1X Commands Provide information about the commands used for configuring IEEE 802.1X function.
  • Page 14 Provide information about the commands used for configuring the SNMP (Simple Network Management Protocol) functions. Chapter 27 Cluster Commands Provide information about the commands used for configuring the Cluster Management function.

  • Page 15: Chapter 1 Using The Cli

    Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: Log on to the switch by the console port on the switch. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port To log on to the switch by the console port on the switch, please take the following steps: Connect the PCs or Terminals to the console port on the switch by a provided cable.
  • Page 16 Figure 1-2 Connection Description Select the port to connect in figure 1-3, and click OK. Figure 1-3 Select the port to connect Configure the port selected in the step above as the following figure1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.

  • Page 17: 1.1.2 Logon By Telnet

    Type the User name and Password in the Hyper Terminal window, the factory default value for both of them is admin. The DOS prompt” TP-LINK>” will appear after pressing the Enter button as figure1-5 shown. It indicates that you can use the CLI now.
  • Page 18 Figure 1-6 Open the Run window Type cmd in the prompt Run window as figure 1-7 and click OK. Figure 1-7 Run Window Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter button. Figure 1-8 Connecting to the Switch...

  • Page 19: 1.2 Cli Command Modes

    Type the User name and Password (the factory default value for both of them is admin) and press the Enter button, then you can use the CLI now, which is shown as figure1-9. Figure 1-9 Log in the Switch 1.2 CLI Command Modes The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Database (VLAN Configuration Mode).
  • Page 20 Use the exit command to disconnect the connected with switch (except that switch User EXEC TP-LINK> switch. connected through the Console port). Mode Use the enable command to access Privileged EXEC mode. enable Use the exit command to disconnect the command to enter this...

  • Page 21: 1.3 Security Levels

    you should access the corresponding command mode firstly. Global Configuration Mode: In this mode, global commands are provided, such as the Spanning Tree, Schedule Mode and so on. Interface Configuration Mode: In this mode, users can configure one or several ports, different ports corresponds to different commands a).

  • Page 22: 1.4 Conventions

    1.4 Conventions 1.4.1 Format Conventions The following conventions are used in this Guide: Items in square brackets [ ] are optional Items in braces { } are required Alternative items are grouped in braces and separated by vertical bars. For example: speed {10 | 100 | 1000 } Bold indicates an unalterable keyword.

  • Page 23: Chapter 2 User Interface

    —— super password , which contains 16 characters at most, composing digits, English letters and underdashes only. By default, it is empty. Command Mode Global Configuration Mode Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TP-LINK(config)# enable password admin...

  • Page 24: Disable

    EXEC Mode. Syntax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TP-LINK# disable TP-LINK> configure Description The configure command is used to access Global Configuration Mode from Privileged EXEC Mode. Syntax configure...

  • Page 25: End

    Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode,and then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# Description The end command is used to return to Privileged EXEC Mode. Syntax Command Mode...

  • Page 26: Ieee 802.1Q Vlan Commands

    Syntax vlan database Command Mode Global Configuration Mode Example Access VLAN Configuration Mode: TP-LINK(config)# vlan database TP-LINK(config-vlan)# vlan Description The vlan command is used to creat IEEE 802.1Q VLAN. To delete the IEEE 802.1Q VLAN, please use no vlan command.

  • Page 27: Interface Vlan

    ——VLAN ID,ranging from 1 to 4094. Command Mode Global Configuration Mode Example Configure the VLAN2: TP-LINK(config)# interface vlan 2 description Description The description command is used to assign a description string to a VLAN. To clear the description, please use no description command.

  • Page 28: Switchport Type

    Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Specify the Link Type of port 5 as general: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)#switchport type general switchport allowed vlan Description The switchport allowed vlan command is used to add the desired port to IEEE 802.1Q VLAN,or to remove a port from the correspounding VLAN.

  • Page 29: Switchport Pvid

    TP-LINK(config-if)# switchport allowed vlan add 2 switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. Command Mode Interface Configuration Mode (interface ethernet / interface range ethernet )

  • Page 30: Show Vlan

    TP-LINK(config-if)# switchport general egress-rule 3 tagged show vlan Description The show vlan command is used to display the information of IEEE 802.1Q VLAN . Syntax show vlan [vlan-id] Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. By default , display all the information of IEEE 802.1Q VLAN.

  • Page 31: Chapter 4 Mac Vlan Commands

    , it is empty. Command Mode Global Configuration Mode Example Create VLAN 2 named “RD”,and the MAC address is 00:00:00:00:00:01: TP-LINK(config)# mac-vlan add 2 00:00:00:00:00:01 RD mac-vlan remove Description The mac-vlan remove command is used to delete the subsistent MAC-Based VLAN entry.

  • Page 32: Mac-Vlan Modify

    Global Configuration Mode Example Modify the VLAN ID of the MAC VLAN entry with the MAC address of 00:00:00:00:00:02 as 12: TP-LINK(config)# mac-vlan modify 12 00:00:00:00:00:02 show mac-vlan Description The show mac-vlan command is used to display the information of the MAC VLAN entry .

  • Page 33: Chapter 5 Protocol Vlan Commands

    Example Create a Protocol VLAN template named “arp” whose Frame-type is ethernet2, Ethernet protocol type is 0806. Delete the Protocol template whose number is 2: TP-LINK(config)# protocol-vlan template add arp 0806 ethernet2 TP-LINK(config)# protocol-vlan template remove 2 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol VLAN entry.To...

  • Page 34: Show Protocol-Vlan Template

    Create a Protocol VLAN entry, whose index is 1 and vid is 2, and add port4、5、 6、8 in the protocol vlan. Delete the Protocol VLAN entry whose number is 1: TP-LINK(config)# protocol-vlan vlan 2 template 1 4-6,8 TP-LINK(config)# no protocol-vlan vlan 1...
  • Page 35 Command Mode Any Configuration Mode Example Display information of the protocol-vlan entry: TP-LINK(config)# show protocol-vlan vlan...

  • Page 36: Chapter 6 Voice Vlan Commands

    Command Mode Global Configuration Mode Example Enable the Voice VLAN function for VLAN 2: TP-LINK(config)# voice-vlan enable 2 voice-vlan aging-time Description The voice-vlan aging-time command is used to set the aging time for a voice VLAN. To restore to the default aging time for the Voice VLAN, please use no voice-vlan aging-time command.

  • Page 37: Voice-Vlan Priority

    Command Mode Global Configuration Mode Example Set the aging time for the Voice VLAN as 2880 minutes: TP-LINK(config)# voice-vlan aging-time 2880 voice-vlan priority Description The voice-vlan priority command is used to configure the priority for the VoiceVLAN. To restore to the default priority, please use no voice-vlan priority command.

  • Page 38: Switchport Voice-Vlan Mode

    By default, it is empty. Command Mode Global Configuration Mode Example Create a Voice VLAN OUI descripted as TP-LINK Phone with the MAC address 00:01:E3:00:00:01 and the mask address FF:FF:FF:00:00:00. Andthen delete the Voice VLAN OUI with the MAC address 00:00:00:11:00:01: TP-LINK(config)#...

  • Page 39: Switchport Voice-Vlan Security

    Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable Ethernet port 2 for the Voice VLAN security mode: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport voice-vlan security enable show voice-vlan global Description The show voice-vlan global command is used to display the global configuration information of Voice VLAN.

  • Page 40: Show Voice-Vlan Switchport

    Command Mode Any Configuration Mode Example Display the configuration information of Voice VLAN OUI: TP-LINK(config)# show voice-vlan oui show voice-vlan switchport Description The show voice-vlan switchport command is used to displays the configuration information of the port in the Voice VLAN.

  • Page 41: Chapter 7 Gvrp Commands

    Command Mode Global Configuration Mode Example Enable the GVRP function globally: TP-LINK(config)# gvrp gvrp (interface) Description The gvrp(interface) command is used to enable the GVRP function for the desired port.To disable the GVRP function of this port, please use no gvrp command.

  • Page 42: Gvrp Registration

    Example Enable the GVRP function for ports 2-6: TP-LINK(config)# interface range ethernet 2-6 TP-LINK(config-if)# gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type on the desired port. To restore to the default value, please use no gvrp registration command.

  • Page 43: Show Gvrp Global

    Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the join timer of it to the default value: TP-LINK(config)# interface ethernet 6 TP-LINK(config-if)# gvrp timer leaveall 2000 TP-LINK(config-if)# no gvrp timer join show gvrp global Description The show gvrp global command is used to to display the global GVRP status.

  • Page 44: Show Gvrp Interface

    TP-LINK(config)# show gvrp global show gvrp interface Description The show gvrp interface command is used to display the GVRP configuration information of the specified Ethernet ports. Syntax show gvrp interface [ethernet port-num] Parameter port-num ——The Ethernet port number. By default, the GVRP configuration information of all the Ethernet ports isdisplayed.

  • Page 45: Chapter 8 Lag Commands

    Command Mode Global Configuration Mode Example Access the Interface Link-aggregation Mode and configure the aggregation group 1: TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# interface range link-aggregation Description The interface range link-aggregation command is used to access the Interface range Link-aggregation Mode, and you can configure some aggregation groups at the same time.

  • Page 46: Link-Aggregation

    ——The aggregation group list. You can configure some aggregation groups at the same time. Example Access the Interface range Link-aggregation Mode and configure the aggregation group 1,4-6: TP-LINK(config)# interface range link-aggregation 1,4-6 TP-LINK(config-if)# link-aggregation Description The link-aggregation command is used to add the current Ethernet port to a aggregation group.

  • Page 47: Link-Aggregation Hash-Algorithm

    Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as src_dst_mac: TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac description Description The description command is used to set a description for an aggregation group.To remove the description of an aggregation group, please use no description command.

  • Page 48: Show Interfaces Link-Aggregation

    TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# description movie server show interfaces link-aggregation Description The show interfaces link-aggregation command is used to display the configuration information of the Aggregate Arithmetic and the aggregation groups. Syntax show interface link-aggregation [group-num] Parameter group-num ——The LAG number,ranging from1 to 14. By default, the GVRP configuration information of all the Ethernet ports is displayed.

  • Page 49: Chapter 9 Lacp Commands

    Command Mode Global Configuration Mode Example Enable the LACP function globally: TP-LINK(config)# lacp lacp (interface) Description The lacp(interface) command is used to to enable LACP protocol on the current port. To disable LACP protocol, please use no lacp command.

  • Page 50: Lacp Admin-Key

    Enable LACP protocol on the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp lacp admin-key Description The lacp admin-key command is used to configure the admin key. To restore to the default value, please use no lacp admin-key command. Syntax...

  • Page 51: Lacp Port-Priority

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Set the system priority of port 1 to1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp system-priority 1024 lacp port-priority Description The lacp port-priority command is used to to set the priority of the current port.

  • Page 52: Show Lacp Interface

    [ethernet port-num] Parameter port-num —— The Ethernet port number. By default, display the configuration information of all the Ethernet ports. Command Mode Any Configuration Mode Example Display the configuration information of all the Ethernet ports: TP-LINK(config)# show lacp interface...

  • Page 53: Chapter 10 User Manage Commands

    Admin: can edit, modify and view all the settings of different functions. disable | enable ——Enable/disable the user. Command Mode Global Configuration Mode Example Add and enable a new admin user named tplink, and of which the password is password: TP-LINK(config)#user add tplink password password confirm-password password admin enable...

  • Page 54: User Remove

    Syntax user modify status user-name {disable | enable} Parameter user-name —— The existing user name. disable | enable ——Disable/enable the user. Command Mode Global Configuration Mode Example Change the status of tplink to enabled: TP-LINK(config)# user modify status tplink enable...

  • Page 55: User Modify Type

    | admin —— Access level. Guest: limited user; admin: manager. Command Mode Global Configuration Mode Example Change the access level of tplink to admin: TP-LINK(config)# user modify type tplink admin user modify password Description The user modify password command is used to modify the password for the existing user.

  • Page 56: User Access-Control Disable

    Example Modify the password of tplink as newpwd: TP-LINK(config)# user modify password tplink password newpwd newpwd user access-control disable Description The user access-control disable command is used to cancel the user access-control. Syntax user access-control disable Command Mode Global Configuration Mode...

  • Page 57: User Access-Control Mac-Based

    00:00:13:0A:00:01: TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01 user access-control port-based Description The user access-control port-based command is used to to limit the ports for login. Only the current host and the users connected to these ports you set here are allowed for login.

  • Page 58: User Max-Number

    Example Enable the access-control of the ports 2, port4, port5, port6,and port10: TP-LINK(config)# user access-control port-based 2,4-6,10 user max-number Description The user max-number command is used to configure the number of the users logging on at the same time. To cancel the limit to the numbers of the users loging in, please use no user max-number command.

  • Page 59: Show User Account-List

    10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minites: TP-LINK(config)# user idle-timeout 15 show user account-list Description The show user account-list command is used to display the information of the current users.
  • Page 60 Command Mode Any Configuration Mode Example Display the security configuration information of the users: TP-LINK(config)# show user configuration...

  • Page 61: Chapter 11 Binding Table Commands

    Global Configuration Mode Example Bind an ACL entry with the IP is 192.168.0.1, MAC is 00:00:00:00:00:01, VLAN ID is 2 and the Port number is 5 manually. Andthen enable the entry for the ARP detection.: TP-LINK(config)# binding-table user-bind host1 192.168.0.1...

  • Page 62: Binding-Table Remove

    Command Mode Global Configuration Mode Example Delete the IP-MAC –VID-PORT entry with the indexr 5: TP-LINK(config)# binding-table remove index 5 dhcp-snooping Description The dhcp-snooping command is used to enable the DHCP-snooping function for the switch. To disable the DHCP-snooping function, please use no dhcp-snooping command.

  • Page 63: Dhcp-Snooping Global

    5/10/15/20/25/30 (packet/second). By default, it is 5. Command Mode Global Configuration Mode Example Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, Decline Flow Control as 20 pps for DHCP Snooping TP-LINK(config)# dhcp-snooping global global-rate 30 dec-threshold 20 dec-rate 20...

  • Page 64: Dhcp-Snooping Information Enable

    Command Mode Global Configuration Mode Example Enable the Option 82 function of DHCP Snooping: TP-LINK(config)# dhcp-snooping information enable dhcp-snooping information strategy Description The dhcp-snooping information strategy command is used to select the operation for the Option 82 filed of the DHCP request packets from the Host. To restore to the default option, please use no dhcp-snooping information strategy command.

  • Page 65: Dhcp-Snooping Information User-Defined

    Example Replace the Option 82 field of the packets with the switch defined one and then send out: TP-LINK(config)# dhcp-snooping information strategy replace dhcp-snooping information user-defined Description The dhcp-snooping information user-defined command is used to permit users to define the Option 82. To disable the function, please use no dhcp-snooping information user-defined command.

  • Page 66: Dhcp-Snooping Information Circuit-Id

    Example Configure the sub-option Remote ID for the customized Option 82 as tplink: TP-LINK(config)# dhcp-snooping information remote-id tplink dhcp-snooping information circuit-id Description The dhcp-snooping information circuit-id command is used to configure the sub-option Circuit ID for the customized Option 82.

  • Page 67: Dhcp-Snooping Mac-Verify

    Configure the port 2 to be a Trusted Port: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping trusted dhcp-snooping mac-verify Description The dhcp-snooping mac-verify command is used to enable the MAC Verify feature. To disable the MAC Verify feature, please use no dhcp-snooping mac-verify command.

  • Page 68: Dhcp-Snooping Decline

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Set the Flow Control of port 2 as 20 pps: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping rate-limit 20 dhcp-snooping decline Description The dhcp-snooping decline command is used to enable the Decline Protect feature.

  • Page 69: Show Dhcp-Snooping Global

    Command Mode Any Configuration Mode Example Display the configuration of DHCP Snooping globally: TP-LINK(config)# show dhcp-snooping global show dhcp-snooping information Description The show dhcp-snooping information command is used to display the Option 82 configuration of DHCP Snooping.

  • Page 70: Show Dhcp-Snooping Interface

    [ethernet port-num] Parameter port-num ——The number of the switch port. By default, it will display the configuration of all the ports. Command Mode Any Configuration Mode Example Display the interface configuration of all the ports: TP-LINK(config)# show dhcp-snooping interface...

  • Page 71: Chapter 12 Arp Inspection Commands

    Command Mode Global Configuration Mode Example Enable the ARP Detection function globally: TP-LINK(config)# arp detection arp detection trust-port Description The arp detection trust-port command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port. To clear the Trusted Port list, please use no arp detection trust-port command .The...

  • Page 72: Arp Detection (Interface)

    Command Mode Global Configuration Mode Example Configure the ports 2-5,11-15 as the Trusted Port: TP-LINK(config)# arp detection trust-port 2-5,11-15 arp detection (interface) Description The arp detection (interface) command is used to enable the ARP Defend function. To disable the arp detection function, please use no arp detection command.

  • Page 73: Arp Detection Recover

    Configure the maximum amount of the received ARP packets per second as 50 pps for the port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# arp detection limit-rate 50 arp detection recover Description The arp detection recover command is used to restore to the port to the ARP transmit status from the ARP filter status.

  • Page 74: Show Arp Detection Global

    Command Mode Any Confiuration Mode Example Display the ARP detection configuration globally: TP-LINK(config)# show arp detection global show arp detection interface Description The show arp detection interface command is used to display the interface configuration of ARP detedtion.

  • Page 75: Show Arp Detection Statistic Reset

    The show arp detection statistic reset command is used to clear the statistic fo the the illegal ARP packets received. Syntax show arp detection statistic reset Command Mode Global Configuration Mode Example Clear the statistic of the the illegal ARP packets received: TP-LINK(config)# show arp detection statistic reset...

  • Page 76: Chapter 13 Dos Defend Command

    Command Mode Globlal Configuration Mode Example Enable the DoS defend function globally: TP-LINK(config)# dos-prevent dos-prevent type Description The dos-prevent type command is used to select the DoS Defend Type. To disable the corresponding Defend Type, please use no dos-prevent type command.

  • Page 77: Show Dos-Prevent

    Global Configuration Mode Example Enable three DoS Defend Types named Land attack, Xma Scan attack and Ping flooding attack: TP-LINK(config)# dos-prevent type land xma-scan ping-flood show dos-prevent Description The show dos-prevent command is used to display the DoS information of the detected DoS attack, including enable/disable status, the DoS Defend Type,etc.

  • Page 78: Chapter 14 Ieee 802.1X Commands

    Command Mode Global Configuration Mode Example Enable the IEEE 802.1X function: TP-LINK(config)# dot1x dot1x authentication-method Description The dot1x authentication-method command is used to configure the Authentication Method of IEEE 802.1X. To restore to the default 802.1x authentication method, please use no dot1x authentication-method command.

  • Page 79: Dot1X Guest-Vlan

    Command Mode Global Configuration Mode Example Configure the Authentication Method of IEEE 802.1X as pap: TP-LINK(config)# dot1x authentication-method pap dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function globally. To disable the Guest VLAN function, please use no dot1x guest-vlan command.

  • Page 80: Dot1X Quiet-Period

    Command Mode Global Configuration Mode Example Enable the quiet-period function: TP-LINK(config)# dot1x quiet-period dot1x timer Description The dot1x timer command is used to configure the Quiet Period and the SupplicantTimeout. To restore to the default, please use no dot1x timer command.

  • Page 81: Dot1X Retry

    Example Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6 seconds: TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 dot1x retry Description The dot1x retry command is used to configure the maximum transfer times of the repeated authentication request. To restore to the default value, please use no dot1x retry command.

  • Page 82: Dot1X Guest-Vlan

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable the IEEE 802.1X function for the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function for a specified port.

  • Page 83: Dot1X Port-Method

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Configure the Control Mode for port 1 as authorized-force: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x port-control authorized-force dot1x port-method Description The dot1x port-method command is used to configure the Control Type of IEEE 802.1X for the specified port.

  • Page 84: Radius Authentication Primary-Ip

    Command Mode Global Configuration Mode Example Configure the IP of the authentication server as 10.20.1.100: TP-LINK(config)# radius authentication primary-ip 10.20.1.100 radius authentication secondary-ip Description The radius authentication secondary-ip command is used to configure the IP address of the alternate authentication server. To restore to the default configuration, please use no radius authentication secondary-ip command.

  • Page 85: Radius Authentication Port

    Command Mode Global Configuration Mode Example Configure the IP address of the alternate authentication server as 10.20.1.101: TP-LINK(config)# radius authentication secondary-ip 10.20.1.101 radius authentication port Description The radius authendication port command is used to configure the authentication port of the alternate authentication server. To restore to the default value, please use no radius authendication port command.

  • Page 86: Radius Accounting Enable

    Global Configuration Mode Example Configure the shared password for the switch and the authentication servers as tplink: TP-LINK(config)# radius authentication key tplink radius accounting enable Description The radius accunting enable command is used to enable the accounting feature. To disable the accounting feature, please use no radius accunting enable command.

  • Page 87: Radius Accounting Primary-Ip

    Command Mode Global Configuration Mode Example Configure the IP address of the accounting server as 10.20.1.100: TP-LINK(config)# radius accounting primary-ip 10.20.1.100 radius accounting secondary-ip Description The radius accounting secondary-ip command is used to configure the IP address of the alternate accounting server. To restore to the default configuration, please use no radius accounting secondary-ip command.

  • Page 88: Radius Accounting Port

    TP-LINK(config)# radius accounting secondary-ip 10.20.1.101 radius accounting port Description The radius accounting port command is used to set the UDP port of accounting server(s). To restore to the default value, please use no radius accounting port. Syntax radius accounting port port-num...

  • Page 89: Radius Response-Timeout

    Global Configuration Mode Example Configure the shared password for the switch and the accounting servers as tplink: TP-LINK(config)# radius accounting key tplink radius response-timeout Description The radius response-timeout command is used to configure the maximum time for the switch to wait for the response from the RADIUS authentication and the accounting server.

  • Page 90: Show Dot1X Interface

    Syntax show dot1x global Command Mode Any configuration Mode Example Display the configuration of 801.X globally: TP-LINK(config)# show dot1x global show dot1x interface Description The show dot1x interface command is used to display the port configuration of 801.X. Syntax show dot1x interface [ ethernet port-num ] Parameter port-num ——The number of the Ethernet port, ranging from 1 to 16.

  • Page 91: Show Radius Accounting

    Any configuration Mode Example Display the configuration of the RADIUS authentication server: TP-LINK(config)# show radius authentication show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server. Syntax show radius accounting Command Mode...

  • Page 92: Chapter 15 Log Commands

    | enable —— Disable or enable the log buffer. By default, it is enabled. Command Mode Global Configuration Mode Example Enable the log buffer function and set the severity as 6: TP-LINK(config)# logging local buffer 6 enable logging local flash Description...

  • Page 93: Logging Clear

    Command Mode Global Configuration Mode Example Enable the log file function and set the severity as 7: TP-LINK(config)# logging local flash 7 logging clear Description The logging clear command is used to clear the information in the log buffer and log file.

  • Page 94: Logging Loghost

    Global Configuration Mode Example Enable the log host 2 and set the IP address 192.168.0.148, the level 5: TP-LINK(config)# logging loghost index 2 192.168.0.148 5 enable show logging local-config Description The show logging lolcal-config command is used to display the configuration...

  • Page 95: Show Logging Loghost

    Command Mode Any Configuration Mode Example Display the configuration of the log host 2: TP-LINK(config)# show logging loghost 2 show logging buffer level Description The show logging buffer level command is used to display the log information in the log buffer according to the severity level.

  • Page 96: Show Logging Flash Level

    Any Configuration Mode Example Display the log information from level 0 to level 5 in the log buffer: TP-LINK(config)# show logging buffer level 5 show logging flash level Description The show logging flash level command is used to display the log information in the log file according to the severity level.

  • Page 97: Chapter 16 Ssh Commands

    Command Mode Global Configuration Mode Example Enable the SSH function: TP-LINK(config)# ssh server enable ssh version Description The ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ssh version command.

  • Page 98: Ssh Idle-Timeout

    TP-LINK(config)# ssh version v2 ssh idle-timeout Description The ssh idle-timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use no ssh idle-timeout command. Syntax ssh idle-timeout value no ssh idle-timeout Parameter value —...

  • Page 99: Ssh Download

    Example Download a SSH-1 type key file named ssh-key from TFTP server with the IP Address 192.168.0.148: TP-LINK(config)# ssh download v1 ssh-key ip-address 192.168.0.148 show ssh Description The show ssh command is used to display the global configuration of SSH.

  • Page 100: Chapter 17 Ssl Commands

    Command Mode Global Configuration Mode Example Enable the SSL function: TP-LINK(config)# ssl enable ssl download certificate Description The ssl download certificate command is used to download a certificate to the switch from from TFTP server. Syntax...

  • Page 101: Ssl Download Key

    Example Download a SSL Certificate named ssl-cert from TFTP server with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description The ssl download key command is used to download a SSL key to the switch from TFTP server.
  • Page 102 Display the global configuration of SSL: TP-LINK(config)# show ssl...

  • Page 103: Chapter 18 Address Commands

    Chapter 18 Address Commands Address configuration can improve the network security by configuring the Port Security and maintaining the address information by managing the Address Table. bridge address port-security Description The bridge address port-security command is used to configure port security. To return to the default configuration, please use no bridge address port-security command.

  • Page 104: Bridge Address Static

    —— The Port number of your desired entry. It ranges from 1 to 16. Command Mode Global Configuration Mode Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and Port1 together: TP-LINK(config)# bridge address static mac 00:02:58:4f:6c:23 vid 1 port 1 bridge aging-time Description...

  • Page 105: Bridge Address Filtering

    Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TP-LINK(config)# bridge aging-time 500 bridge address filtering Description The bridge address filtering command is used to add the filtering address entry. To delete the corresponding entry, please use no bridge address filtering command.

  • Page 106: Show Bridge Port-Security

    00:1e:4b:04:01:5d: TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 show bridge port-security Description The show bridge port-security command is used to configure the Port Security for each port, such as configure the Max number of MAC addressed that can be learned on the port and the Learn Mode.

  • Page 107: Show Bridge Aging-Time

    Description The show bridge aging-time command is used to display the Aging Time of the MAC address. Syntax show bridge aging-time Command Mode Any Configuration Mode Example Display the Aging Time of the MAC address: TP-LINK(config)# show bridge aging-time...

  • Page 108: Chapter 19 System Commands

    —— Contact Information. It consists of 32 characters at most. By default, it is empty. Command Mode Global Configuration Mode Example Configure the System Contact as www.tp-link.com.cn: TP-LINK(config)# system-descript contact-info www.tp-link.com.cn system-time gmt Description The system-time gmt command is used to configure the time zone and the IP Address for the NTP Server.

  • Page 109: System-Time Manual

    Example Configure the system time mode as gmt, the time zone is -12, the primary ntp server is 133.100.9.2 and the secondary ntp server is 139.78.100.163: TP-LINK(config)# system-time gmt -12 133.100.9.2 139.78.100.163 system-time manual Description The system-time manual command is used to configure the system time manually.

  • Page 110: Ip Dhcp-Alloc

    Global Configuration Mode Example Configure the system IP as 192.168.0.69 and the Subnet Mask as 255.255.255.0: TP-LINK(config)# ip address 192.168.0.69 255.255.255.0 ip dhcp-alloc Description The ip dhcp-alloc command is used to enable the DHCP Client function. When this function is enabled, the switch will obtain IP from DHCP Client server.

  • Page 111: Reset

    Command Mode Global Configuration Mode Example Enable the BOOTP Protocol to obtain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch (except the IP Address) will restore to the factory defaults and your current settings will be lost.

  • Page 112: User-Config Backup

    Privileged EXEC Mode Example Backup the configuration files by TFTP server with the IP 192.168.0.148 and name this file config.cfg: TP-LINK# user-config backup filename config.cfg ip-address 192.168.0.148 user-config load Description The user-config load command is used to download the configuration file to the switch by TFTP server.

  • Page 113: User-Config Save

    192.168.0.148 and name this file config.cfg: TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 user-config save Description The user-config save command is used to save current settings. Syntax user-config save Command Mode Privileged EXEC Mode Example Save current settings: TP-LINK# user-config save...

  • Page 114: Ping

    192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 milliseconds. If there is not any response after 8 times’ Ping test, the connection between the switch and the network device is failed to establish: TP-LINK# ping 192.168.0.131 –n 8 –l 512 tracert Description The tracert command is used to test the connectivity of the gateways during its journey from the source to destination of the test data.

  • Page 115: Loopback

    192.168.0.131. If the destination device has not been found after 20 maxHops, the connection between the switch and the destination device is failed to establish: TP-LINK# tracert 192.168.0.131 20 loopback Description The loopback command is used to test whether the port is available or not.

  • Page 116: Show Ip Address

    Subnet Mask and Default Gateway of the system, whether the DHCP Client function is enabled or not and some other information. Syntax show ip address Command Mode Any Configuration Mode Example Display the IP Address of the system TP-LINK# show ip address...

  • Page 117: Chapter 20 Ethernet Configuration Commands

    Command Mode Global Configuration Mode Example Enter the Interface Configuration Mode and configure Ethernet port2: TP-LINK(config)# interface ethernet 2 interface range ethernet Description The interface range ethernet command is used to enter the Interface Configuration Mode and configure multiple Ethernet ports at the same time.

  • Page 118: Description

    Example Enter the Interface Configuration Mode, add ports 1-3, 6-9 to the port-list and configure them: TP-LINK(config)# interface range ethernet 1-3,6-9 description Description The description command is used to add a description to the Ethernet port. To clear the description of the corresponding port, please use no description command.

  • Page 119: Flow-Control

    Interface Configuration Mode(interface ethernet / interface range ethernet) Example Disable Ethernet port3: TP-LINK(config)# interface ethernet 3 TP-LINK(config-if)# shutdown flow-control Description The flow-control command is used to enable the flow-control function for a port. To disable the flow-control function for this corresponding port, please use no flow-control command.

  • Page 120: Storm-Control

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Configure the Negotiation Mode as 100M full-duplex for Ethernet port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# negotiation 100f storm-control Description The storm-control command is used to configure the Storm Control function.

  • Page 121: Storm-Control Disable Bc-Rate

    Enable the Storm Control function for port5 and specify the bc-rate as 100kbps, mc-rate as 500kbps and ul-rate as 2Mbps: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control bc-rate 100k mc-rate 500k ul-rate 2m storm-control disable bc-rate Description The storm-control disable bc-rate command is used to disable the Broadcast packets control.

  • Page 122: Storm-Control Disable Ul-Rate

    TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control disable mc-rate storm-control disable ul-rate Description The storm-control disable ul-rate command is used to disable the UL-Frame control. Syntax storm-control disable ul-rate Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Disable the UL-Frame control for port5:...

  • Page 123: Port Rate-Limit Disable Ingress

    TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit ingress 10m egress 1m port rate-limit disable ingress Description The port rate-limit disable ingress command is used to disable the ingress-rate limit. Syntax port rate-limit disable ingress Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet)...

  • Page 124: Show Interface Status

    Command Mode Any Configuration Mode Example Display the configurations of port5: TP-LINK# show interface configuration ethernet 5 show interface status Description The show interface status command is used to display the connective-status of an Ethernet port.

  • Page 125: Show Storm-Control Ethernet

    Command Mode Any Configuration Mode Example Display the statistic information of Ethernet port3: TP-LINK(config)# show interface counters ethernet 3 show storm-control ethernet Description The show storm-control ethernet command is used to display the storm-control information of an Ethernet port.
  • Page 126 — — The port-number of the port selected to display the rate-limit information. It ranges from 1 to 16. By default, the rate-limit information of all ports is displayed. Command Mode Any Configuration Mode Example Display the rate-limit information of all Ethernet ports: TP-LINK(config)# show port rate-limit...

  • Page 127: Chapter 21 Qos Commands

    CoS value of the ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. Example Configure the priority of port 5 as 3: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# qos 3 qos dot1p config Description The qos dot1p config command is used to configure the mapping relation between IEEE 802.1P Priority and Egress Queue.

  • Page 128: Qos Dscp Enable

    Among the priority levels TC0-TC3, the bigger value, the higher priority. Example Map tag value 0 to TC3: TP-LINK(config)# qos dot1p config 0 3 qos dscp enable Description The qos dscp enable command is used to enable the mapping relation between DSCP Priority and Egress Queue.

  • Page 129: Qos Dscp Config

    DSCP priorities are mapped to the corresponding 802.1p priorities. IP datagram will detemin its egress queue based on the mapping relation between 802.1p priority and priority levels. Example Map DSCP values 10,11,15 to CoS0: TP-LINK(config)# qos dscp config 10,11,15 0...

  • Page 130: Qos Scheduler

    —— Equal-Mode. In this mode, all the queues occupy the bandwidth equally. The weight value ratio of all the queues is 1:1:1:1. Command Mode Global Configuration Mode Example Specify the Schedule Mode as Weight Round Robin Mode: TP-LINK(config)# qos scheduler wrr...

  • Page 131: Show Qos Port-Based

    1 to 16. By default, information of all the ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of QoS for port 5: TP-LINK# show qos port-based 5 show qos dot1p Description The show qos dot1p command is used to display the configuration of IEEE 802.1P Priority.

  • Page 132: Show Qos Scheduler

    Command Mode Any Configuration Mode Example Display the configuration of DSCP Priority: TP-LINK# show qos dscp show qos scheduler Description The show qos scheduler command is used to display the schedule rule of the egress queues. Syntax...

  • Page 133: Chapter 22 Port Mirror Commands

    Configure port 3 as mirrored port, port 4 as mirroring port, the mirror mode as both and group number as 1 : TP-LINK(config)# mirror add 3 4 both 1 User Guidelines The mirroring port is corresponding to current interface configuration mode.

  • Page 134: Mirror Remove Group

    [mirrored port] [group-num] Parameter Mirrored port —— The port to be monitored. group-num —— The group number of mirrior group. Command Mode Global Configuration Mode Example Remove mirrored port 1,2-4 from mirror group 1: TP-LINK(config)# mirror remove mirrored 1,2-4 1...

  • Page 135: Show Mirror

    The show mirror command is used to display the configuration of mirror group. Syntax show mirror [group-num] Parameter group-num —— The group number of mirrior group. Command Mode Any Configuration Mode Example Display configuration fo mirror group 1: TP-LINK# show mirror 1...

  • Page 136: Chapter 23 Acl Commands

    Chapter 23 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security. acl time-segment Description The acl time-segment command is used to add Time-Range.

  • Page 137: Acl Holiday

    Command Mode Global Configuration Mode Example Add a time-range named tSeg1, with time from 8:30 to 12:00 at working day: TP-LINK(config)# acl time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl holiday Description The acl holiday command is used to create holiday in Holiday Mode in the acl time-segment command.

  • Page 138: Acl Rule Mac-Acl

    Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20: TP-LINK(config)# acl create 20 acl rule mac-acl Description The acl rule mac-acl command is used to add MAC ACL rule. To delete the corresponding rule, please use no acl rule mac-acl command. MAC ACLs...

  • Page 139: Acl Rule Std-Acl

    TP-LINK(config)# acl create 20 TP-LINK(config)# acl rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 acl rule std-acl Description The acl rule std-acl command is used to add Standard-IP ACL rule.

  • Page 140: Acl Policy Policy-Add

    255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl create 120 TP-LINK(config)# acl rule std-acl 120 10 op permit dip 192.168.0.100 dmask 255.255.255.0 tseg tSeg1 acl policy policy-add Description The acl policy policy-add command is used to add Policy.

  • Page 141: Acl Policy Action-Add

    Command Mode Global Configuration Mode Example Add a Policy named policy1: TP-LINK(config)# acl policy policy-add policy1 acl policy action-add Description The acl policy action-add command is used to add ACLs and create actions for the policy. To delete the corresponding actions, please use no acl policy action-add command.

  • Page 142: Acl Bind To-Port

    Create a Policy named policy1. For the data packets those match ACL 120 in the policy, if the rate beyond 1000kbps, will be discarded by the switch: TP-LINK(config)# acl policy policy-add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl bind to-port Description The acl bind to-port command is used to bind a policy to a port.

  • Page 143: Show Acl Time-Segment

    —— The ID of the VLAN desired to bind, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Bind policy1 to VLAN 2,4-6: TP-LINK(config)# acl bind to-vlan policy1 2,4-6 show acl time-segment Description The show acl time-segment command is used to display the configuration of Time-Range.

  • Page 144: Show Acl Config

    Command Mode Any Configuration Mode Example Display the configuration of the MAC ACL whose ID is 20: TP-LINK> show acl config 20 show acl bind Description The show acl bind command is used to display the configuration of Policy bind.

  • Page 145: Chapter 24 Mstp Commands

    Chapter 24 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as well as optimize paths. spanning-tree global Description The spanning-tree global command is used to configure STP globally.

  • Page 146: Spanning-Tree Common-Config

    4096, Hello Time as 4 seconds, Max Age as 10 seconds, Forward Delay as 10 seconds, TxHold Count as 8pps and Max Hops as 15 hops: TP-LINK(config)# spanning-tree global status enable mode mstp cist 4096 htime 4 mage 10 delay 10 hcount 8 mhop 15...

  • Page 147: Spanning-Tree Region

    Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# spanning-tree common-config status enable pri 64 expath 100 inpath 100 edge enable spanning-tree region Description The spanning-tree region command is used to configure the region of MSTP.

  • Page 148: Spanning-Tree Msti

    Command Mode Global Configuration Mode Example Configure the region name of MSTP as r1, and the revision level as 100: TP-LINK(config)# spanning-tree region r1 100 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance. To return to the default configuration of the corresponding Instance, please use no spanning-tree msti command.

  • Page 149: Spanning-Tree Msti

    Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as 4096: TP-LINK(config)# spanning-tree msti 1 status enable pri 4096 mapped 2-5,8 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree msti command.

  • Page 150: Spanning-Tree Security

    Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets, and TC Protect Cycle as 10 seconds: TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree security Description The spanning-tree security command is used to configure MSTP Port Protect.

  • Page 151: Spanning-Tree Mcheck

    Example Enable Loop Protect, Root Protect, TC Protect, BPDU Protect, and BPDU Filter for port 2: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# spanning-tree security loop enable root enable TC enable defend enable hold enable spanning-tree mcheck Description The spanning-tree mcheck command is used to enable MCheck.

  • Page 152: Show Spanning-Tree Global-Config

    Command Mode Any Configuration Mode Example Display the current status of Spanning Tree: TP-LINK# show spanning-tree global-info show spanning-tree global-config Description The show spanning-tree global-config command is used to display the global configuration of Spanning Tree. Syntax...

  • Page 153: Show Spanning-Tree Region

    —— The ID of the instance selected to display the configuration, ranging from 1 to 8. Command Mode Any Configuration Mode Example Display the configuration of instance 1: TP-LINK(config)# show spanning-tree msti config 1 show spanning-tree msti port Description...

  • Page 154: Show Spanning-Tree Security Tc-Defend

    Command Mode Any Configuration Mode Example Display the configuration of port 5 in Instance 1: TP-LINK(config)# show spanning-tree msti port 1 5 show spanning-tree security tc-defend Description The show spanning-tree security tc-defend command is used to display TC Threshold and TC Protect Cycle of Spanning Tree.

  • Page 155: Command Mode

    —— The port selected to display the configuration, ranging from 1 to 16. By default, the Port Protect configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Protect configuration of port 2: TP-LINK(config)# show spanning-tree security port-defend 2...

  • Page 156: Chapter 25 Igmp Commands

    Command Mode Global Configuration Mode Example Enable IGMP Snooping function, and specify the operation to process unknown multicast as discard: TP-LINK(config)# igmp-snooping global status enable unknown-packet discard igmp-snooping config Description The igmp-snooping config status command is used to configure IGMP Snooping and Fast Leave function for port.

  • Page 157: Igmp-Snooping Vlan-Config-Add

    Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable IGMP Snooping and Fast Leave function for port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping config status enable fast-leave enable igmp-snooping vlan-config-add Description The igmp-snooping vlan-config-add command is used to configure IGMP Snooping parameters for individual VLANs.

  • Page 158: Igmp-Snooping Vlan-Config

    Enable IGMP Snooping for VLAN 1, and configure Router Port Time as 200 seconds, Member Port Time as 100 seconds, Leave time as 10 seconds and Static Router Port as port 1: TP-LINK(config)# igmp-snooping vlan-config-add 1 rtime 200 mtime 100 ltime 10 rport 1 igmp-snooping vlan-config...

  • Page 159: Igmp-Snooping Multi-Vlan-Config

    Example Modify Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 1: TP-LINK(config)# igmp-snooping vlan-config 1 rtime 300 mtime 200 ltime 15 igmp-snooping multi-vlan-config Description The igmp-snooping multi-vlan-config command is used to create Multicast VLAN.

  • Page 160: Igmp-Snooping Static-Entry-Add

    Example Enable Multicast VLAN, and configure Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 2: TP-LINK(config)# igmp-snooping multi-vlan-config enable 2 rtime 300 mtime 200 ltime 15 igmp-snooping static-entry-add...

  • Page 161: Igmp-Snooping Filter-Add

    Add static multicast IP address 225.0.0.1, which correspond to VLAN 2, and configure the forward port as port 1: TP-LINK(config)# igmp-snooping static-entry-add 225.0.0.1 2 1 igmp-snooping filter-add Description The igmp-snooping filter-add command is used to configure the multicast IP-range desired to filter. To delete the corresponding IP-range, please use no igmp-snooping filter-add command.

  • Page 162: Igmp-Snooping Filter

    Command Mode Global Configuration Mode Example Modify the multicast IP-range whose ID is 20 as 225.0.0.10~225.0.0.12: TP-LINK(config)# igmp-snooping filter-config 20 225.0.0.10 225.0.0.12 igmp-snooping filter Description The igmp-snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp-snooping filter command. When...

  • Page 163: Show Igmp-Snooping Global-Config

    IP-range 2, 3, 4, and specify the maximum number of multicast groups for port 5 to join in as 128: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping filter status enable mode accept addr-id 2-4 maxgroup 128 show igmp-snooping global-config Description The show igmp-snooping global-config command is used to display the global configuration of IGMP.

  • Page 164: Show Igmp-Snooping Vlan-Config

    Example Display the IGMP configuration of port 2: TP-LINK> show igmp-snooping port-config 2 show igmp-snooping vlan-config Description The show igmp-snooping vlan-config command is used to display the VLAN configuration of IGMP. Syntax show igmp-snooping vlan-config Command Mode Any Configuration Mode...

  • Page 165: Show Igmp-Snooping Filter-Ip-Addr

    Syntax show igmp-snooping multi-ip-list Command Mode Any Configuration Mode Example Display the Multicast IP table: TP-LINK> show igmp-snooping multi-ip-list show igmp-snooping filter-ip-addr Description The show igmp-snooping filter-ip-addr command is used to display the Multicast Filter IP-Range table. Syntax show igmp-snooping filter-ip-addr...

  • Page 166: Show Igmp-Snooping Packet-Stat

    TP-LINK> show igmp-snooping port-filter 5 show igmp-snooping packet-stat Description The show igmp-snooping packet-stat command is used to display the Packet Statistics information of all ports. Syntax show igmp-snooping packet-stat Command Mode Any Configuration Mode Example Display the Packet Statistics information: TP-LINK>...

  • Page 167: Chapter 26 Snmp Commands

    10 to 64 hexadecimal characters, which must be even number meanwhile. Command Mode Global Configuration Mode Example Enable the SNMP function, and specify the Local Engine ID as 1234567890, the Remote Engine ID as 123456abcdef: TP-LINK(config)# snmp global status enable engine-id 1234567890 remote-id 123456abcdef...

  • Page 168: Snmp View-Add

    Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: TP-LINK(config)# snmp view-add view1 1.3.6.1.6.3.20 include snmp group-add Description The snmp group-add command is used to manage and configure the SNMP group.
  • Page 169 Add group 1, configure its Security Model as SNMP v2c, view1 can be read and edited by group member, and the trap messages sent by view2 can be received by Management station: TP-LINK(config)# snmp group-add group1 smode v2c ro view1 wo view1 inform view2...

  • Page 170: Snmp User-Add

    snmp user-add Description The snmp user-add command is used to add User. To delete the corresponding User, please use no snmp user-add command. The User in a SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access right. Syntax snmp user-add {name} { local | remote } {group-name} [smode { v1 | v2c | v3 }] [slev { noAuthNoPriv | authNoPriv | authPriv }] [cmode { none | MD5 | SHA }]...

  • Page 171: Snmp Community-Add

    MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TP-LINK(config)# snmp user-add admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222 snmp community-add Description The snmp community-add command is used to add Community.

  • Page 172: Snmp Notify-Add

    snmp notify-add Description The snmp notify-add command is used to add Notification. To delete the corresponding Notification, please use no snmp notify-add command. With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views, which allows the management station to monitor and process the events in time.

  • Page 173: Snmp-Rmon History Sample-Cfg

    Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the resending time as 100: TP-LINK(config)# snmp notify-add 192.168.0.1 162 admin smode v2c type inform resend 100 timeout 1000 snmp-rmon history sample-cfg...

  • Page 174: Snmp-Rmon History Owner

    TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100 snmp-rmon history owner Description The snmp-rmon history owner command is used to configure the owner of the history sample entry. To return to the default configuration, please use no snmp-rmon history owner command.

  • Page 175: Snmp-Rmon Event User

    Command Mode Global Configuration Mode Example Configure the user name of entry 1 as user1: TP-LINK(config)# snmp-rmon event user 1 user1 snmp-rmon event description Description The snmp-rmon event description command is used to configure the description of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event description command.

  • Page 176: Snmp-Rmon Event Type

    Command Mode Global Configuration Mode Example Configure the description of entry 1 as description1: TP-LINK(config)# snmp-rmon event description 1 description1 snmp-rmon event type Description The snmp-rmon event type command is used to configure the type of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event type command.

  • Page 177: Snmp-Rmon Event Owner

    Command Mode Global Configuration Mode Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon event owner 1 owner1 snmp-rmon event enable Description The snmp-rmon event enable command is used to enable SNMP-RMON Event entry. To disable the corresponding entry, please use no snmp-rmon event enable command.

  • Page 178: Snmp-Rmon Alarm Config

    Enable the SNMP-RMON Event entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. To return to the default configuration, please use no snmp-rmon alarm config command. Alarm Group is one of the commonly used RMON Groups.

  • Page 179: Snmp-Rmon Alarm Owner

    Global Configuration Mode Example Configure the alarm interval time of the entries 1,2,3 and 6 as 1000 seconds: TP-LINK(config)# snmp-rmon alarm config 1-3,6 interval 1000 snmp-rmon alarm owner Description The snmp-rmon alarm owner command is used to configure the owner of the Alarm Management entry.

  • Page 180: Snmp-Rmon Alarm Enable

    Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon alarm owner 1 owner1 snmp-rmon alarm enable Description The snmp-rmon alarm enable command is used to enable SNMP-RMON Alarm Management entry. To disable the corresponding entry, please use no snmp-rmon alarm enable command.

  • Page 181: Show Snmp View

    Syntax show snmp view Command Mode Any Configuration Mode Example Display the View table: TP-LINK> show snmp view show snmp group Description The show snmp group command is used to display the Group table. Syntax show snmp group Command Mode...

  • Page 182: Show Snmp Community

    TP-LINK> show snmp user show snmp community Description The show snmp community command is used to display the Community table. Syntax show snmp community Command Mode Any Configuration Mode Example Display the Community table: TP-LINK> show snmp community show snmp destination-host...

  • Page 183: Show Snmp-Rmon Event

    Command Mode Any Configuration Mode Example Display the Event configuration of entry 2: TP-LINK> show snmp-rmon event 2 show snmp-rmon alarm Description The show snmp-rmon alarm command is used to display the configuration of the Alarm Management entry.
  • Page 184 1 to 12. You can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all Alarm Management entries: TP-LINK> show snmp-rmon alarm...

  • Page 185: Chapter 27 Cluster Commands

    Time ranges from 5 to 254 in seconds. By default, it is 60. Command Mode Global Configuration Mode Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TP-LINK(config)# cluster ndp status enable aging-timer 120 hello-timer 50...

  • Page 186: Cluster Ntdp

    cluster ntdp Description The cluster ntdp command is used to configure NTDP globally. To return to the default configuration, please use no cluster ntdp command. NTDP (Neighbor Topology Discovery Protocol) is used to collect the NDP information and neighboring connection information of each device in a specific network range. It provides the commander switch with the information of devices which can join the cluster and collects topology information of devices within the specified hops.

  • Page 187: Cluster Explore

    TP-LINK(config)# cluster ntdp status enable interval 20 hop 5 hop-delay 300 port-delay 50 cluster explore Description The cluster explore command is used to enable the topology information collecting function manually. Syntax cluster explore Command Mode Global Configuration Mode Example Enable the topology information collecting function manually:...

  • Page 188: Cluster Manage Role-Change

    Command Mode Global Configuration Mode Example Change the role of the current switch to Candidate Switch: TP-LINK(config)# cluster manage role-change candidate show cluster ndp global Description The show cluster ndp global command is used to display the global configuration of NDP.

  • Page 189: Show Cluster Ndp Port-Status

    16. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NDP configuration of port 2: TP-LINK> show cluster ndp port-status 2 show cluster neighbour Description The show cluster neighbour command is used to display the cluster neighbor information.

  • Page 190: Show Cluster Ntdp Port-Status

    1 to 16. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NTDP configuration of port 2: TP-LINK> show cluster ntdp port-status 2 show cluster ntdp device Description The show cluster ntdp device command is used to display the device table of NTDP.

  • Page 191: Show Cluster Manage Role

    TP-LINK> show cluster ntdp device show cluster manage role Description The show cluster manage role command is used to display the role of the current Switch. Syntax show cluster manage role Command Mode Any Configuration Mode Example Display the role of the current Switch:...

This manual is also suitable for:

Jetstream tl-sg3424

Table of Contents