TP-Link JetStream L2 Lite TL-SG3210 Cli Reference Manual
  1. Manuals
  2. Brands
  3. TP-Link Manuals
  4. Switch
  5. JetStream L2 Lite TL-SG3210
  6. Cli reference manual

TP-Link JetStream L2 Lite TL-SG3210 Cli Reference Manual

Managed switch
Hide thumbs Also See for JetStream L2 Lite TL-SG3210:
Table of Contents

Advertisement

Quick Links

See also: User Manual , Cli Reference Manual
TL-SG3210
JetStream L2 Lite Managed Switch
Rev: 1.0.0
1910010509

Advertisement

Table of Contents
loading

Related Manuals for TP-Link JetStream L2 Lite TL-SG3210

Summary of Contents for TP-Link JetStream L2 Lite TL-SG3210

  • Page 1 TL-SG3210 JetStream L2 Lite Managed Switch Rev: 1.0.0 1910010509...
  • Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.

  • Page 3: Table Of Contents

    CONTENTS Preface ......................1 Chapter 1 Using the CLI ..................4 1.1 Accessing the CLI ......................4 1.1.1 Logon by a console port ..................4 1.1.2 Logon by Telnet ....................6 1.2 CLI Command Modes .....................8 1.3 Security Levels ......................10 1.4 Conventions ........................11 1.4.1 Format Conventions ...................
  • Page 4 show mac-vlan ........................21 Chapter 5 Protocol VLAN Commands............... 22 protocol-vlan template ......................22 protocol-vlan vlan ........................22 show protocol-vlan template....................23 show protocol-vlan vlan ......................23 Chapter 6 Voice VLAN Commands ..............25 voice-vlan enable ........................25 voice-vlan aging-time ......................25 voice-vlan priority ........................26 voice-vlan oui ........................26 switchport voice-vlan mode ....................27 switchport voice-vlan security....................28 show voice-vlan global ......................28...
  • Page 5 show lacp interface........................39 show lacp system-priority ......................40 Chapter 10 User Manage Commands..............41 user add ..........................41 user remove ..........................42 user modify status .........................42 user modify type ........................43 user modify password......................43 user access-control disable ....................44 user access-control ip-based....................44 user access-control mac-based.....................45 user access-control port-based .....................45 user max-number ........................46 user idle-timeout ........................46...
  • Page 6 arp detection trust-port ......................59 arp detection (interface)......................60 arp detection limit-rate ......................60 arp detection recover......................61 show arp detection global......................62 show arp detection interface....................62 show arp detection statistic ....................62 show arp detection statistic reset ..................63 Chapter 13 DoS Defend Command..............64 dos-prevent ...........................64 dos-prevent type........................64 show dos-prevent ........................65 Chapter 14 IEEE 802.1X Commands ..............
  • Page 7 show radius accounting ......................79 Chapter 15 Log Commands ................. 80 logging local buffer ........................80 logging local flash........................80 logging clear ..........................81 logging loghost ........................82 show logging local-config ......................82 show logging loghost ......................83 show logging buffer level .......................83 show logging flash level......................84 Chapter 16 SSH Commands.................
  • Page 8 system-time dst ........................97 ip address..........................98 ip management-vlan ......................99 ip dhcp-alloc ..........................99 ip bootp-alloc .........................99 reset ............................100 reboot ..........................100 user-config backup ......................101 user-config load........................101 user-config save ........................102 firmware upgrade ........................102 ping .............................103 tracert ..........................103 loopback ..........................104 show system-info.........................104 show ip address ........................105 show system-time........................105 show system-time dst ......................106 Chapter 20 Ethernet Configuration Commands ..........107...
  • Page 9 Chapter 21 QoS Commands................117 qos ............................117 qos dot1p config ........................117 qos dscp enable ........................118 qos dscp config ........................119 qos scheduler ........................120 show qos port-based ......................121 show qos dot1p ........................121 show qos dscp........................121 show qos scheduler......................122 Chapter 22 Port Mirror Commands ..............123 mirror add ..........................123 mirror remove group ......................124 mirror remove mirrored......................124...
  • Page 10 show acl bind........................140 Chapter 25 MSTP Commands ................141 spanning-tree global ......................141 spanning-tree common-config .....................142 spanning-tree region......................143 spanning-tree msti .......................144 spanning-tree msti .......................145 spanning-tree tc-defend.......................145 spanning-tree security ......................146 spanning-tree mcheck ......................147 show spanning-tree global-info....................147 show spanning-tree global-config ..................148 show spanning-tree port-config ...................148 show spanning-tree region ....................149 show spanning-tree msti config ...................149 show spanning-tree msti port ....................149...
  • Page 11 show igmp-snooping packet-stat-clear ................162 Chapter 27 SNMP Commands................163 snmp global .........................163 snmp view-add ........................164 snmp group-add ........................164 snmp user-add ........................166 snmp community-add ......................167 snmp notify-add........................168 snmp-rmon history sample-cfg ....................169 snmp-rmon history owner ....................170 snmp-rmon history enable ....................170 snmp-rmon event user......................171 snmp-rmon event description ....................171 snmp-rmon event type......................172 snmp-rmon event owner......................173...
  • Page 12 show cluster neighbour......................185 show cluster ntdp global ......................185 show cluster ntdp port-status....................186 show cluster ntdp device .....................186 show cluster manage role....................187...

  • Page 13: Preface

    Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SG3210 JetStream L2 Lite Managed Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels and some Conventions.
  • Page 14 Provide information about the commands used for protecting the switch from the ARP cheating or ARP Attack. Chapter 13: DoS Defend Command Provide information about the commands used for DoS defend and detecting the DoS attack. Chapter 14: IEEE 802.1X Commands Provide information about the commands used for configuring IEEE 802.1X function.
  • Page 15 Provide information about the commands used for configuring the IGMP Snooping (Internet Group Management Protocol Snooping). Chapter 27: SNMP Commands Provide information about the commands used for configuring the SNMP (Simple Network Management Protocol) functions. Chapter 28 Cluster Commands Provide information about the commands used for configuring the Cluster Management function.

  • Page 16: Chapter 1 Using The Cli

    Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: Log on to the switch by the console port on the switch. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port To log on to the switch by the console port on the switch, please take the following steps: Connect the PCs or Terminals to the console port on the switch by a provided cable.
  • Page 17 Figure 1-2 Connection Description Select the port to connect in figure 1-3, and click OK. Figure 1-3 Select the port to connect Configure the port selected in the step above as the following figure1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.

  • Page 18: 1.1.2 Logon By Telnet

    Type the User name and Password in the Hyper Terminal window, the factory default value for both of them is admin. The DOS prompt” TP-LINK>” will appear after pressing the Enter button as figure1-5 shown. It indicates that you can use the CLI now.
  • Page 19 Figure 1-6 Open the Run window Type cmd in the prompt Run window as figure 1-7 and click OK. Figure 1-7 Run Window Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter button. Figure 1-8 Connecting to the Switch...

  • Page 20: 1.2 Cli Command Modes

    Type the User name and Password (the factory default value for both of them is admin) and press the Enter button, then you can use the CLI now, which is shown as figure1-9. Figure 1-9 Log in the Switch 1.2 CLI Command Modes The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Database (VLAN Configuration Mode).
  • Page 21 Use the exit command to disconnect the connected with switch (except that switch User EXEC TP-LINK> switch. connected through the Console port). Mode Use the enable command to access Privileged EXEC mode. enable Use the exit command to disconnect the command to enter this...

  • Page 22: 1.3 Security Levels

    you should access the corresponding command mode firstly. Global Configuration Mode: In this mode, global commands are provided, such as the Spanning Tree, Schedule Mode and so on. Interface Configuration Mode: In this mode, users can configure one or several ports, different ports corresponds to different commands a).

  • Page 23: 1.4 Conventions

    1.4 Conventions 1.4.1 Format Conventions The following conventions are used in this Guide: Items in square brackets [ ] are optional Items in braces { } are required Alternative items are grouped in braces and separated by vertical bars. For example: speed {10 | 100 | 1000 } Bold indicates an unalterable keyword.

  • Page 24: Chapter 2 User Interface

    —— super password , which contains 16 characters at most, composing digits, English letters and underdashes only. By default, it is empty. Command Mode Global Configuration Mode Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TP-LINK(config)# enable password admin...

  • Page 25: Disable

    EXEC Mode. Syntax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TP-LINK# disable TP-LINK> configure Description The configure command is used to access Global Configuration Mode from Privileged EXEC Mode. Syntax configure...

  • Page 26: End

    Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode,and then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# Description The end command is used to return to Privileged EXEC Mode. Syntax Command Mode...

  • Page 27: Chapter 3 Ieee 802.1Q Vlan Commands

    Syntax vlan database Command Mode Global Configuration Mode Example Access VLAN Configuration Mode: TP-LINK(config)# vlan database TP-LINK(config-vlan)# vlan Description The vlan command is used to creat IEEE 802.1Q VLAN. To delete the IEEE 802.1Q VLAN, please use no vlan command.

  • Page 28: Interface Vlan

    ——VLAN ID,ranging from 1 to 4094. Command Mode Global Configuration Mode Example Configure the VLAN2: TP-LINK(config)# interface vlan 2 description Description The description command is used to assign a description string to a VLAN. To clear the description, please use no description command.

  • Page 29: Switchport Type

    Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Specify the Link Type of port 5 as general: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)#switchport type general switchport allowed vlan Description The switchport allowed vlan command is used to add the desired port to IEEE 802.1Q VLAN,or to remove a port from the correspounding VLAN.

  • Page 30: Switchport Pvid

    TP-LINK(config-if)# switchport allowed vlan add 2 switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. Command Mode Interface Configuration Mode (interface ethernet / interface range ethernet )

  • Page 31: Show Vlan

    TP-LINK(config-if)# switchport general egress-rule 3 tagged show vlan Description The show vlan command is used to display the information of IEEE 802.1Q VLAN . Syntax show vlan [vlan-id] Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. By default , display all the information of IEEE 802.1Q VLAN.

  • Page 32: Chapter 4 Mac Vlan Commands

    , it is empty. Command Mode Global Configuration Mode Example Create VLAN 2 named “RD”,and the MAC address is 00:00:00:00:00:01: TP-LINK(config)# mac-vlan add 2 00:00:00:00:00:01 RD mac-vlan remove Description The mac-vlan remove command is used to delete the subsistent MAC-Based VLAN entry.

  • Page 33: Mac-Vlan Modify

    Global Configuration Mode Example Modify the VLAN ID of the MAC VLAN entry with the MAC address of 00:00:00:00:00:02 as 12: TP-LINK(config)# mac-vlan modify 12 00:00:00:00:00:02 show mac-vlan Description The show mac-vlan command is used to display the information of the MAC VLAN entry .

  • Page 34: Chapter 5 Protocol Vlan Commands

    Example Create a Protocol VLAN template named “arp” whose Frame-type is ethernet2, Ethernet protocol type is 0806. Delete the Protocol template whose number is 2: TP-LINK(config)# protocol-vlan template add arp 0806 ethernet2 TP-LINK(config)# protocol-vlan template remove 2 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol VLAN entry.To...

  • Page 35: Show Protocol-Vlan Template

    Create a Protocol VLAN entry, whose index is 1 and vid is 2, and add port4、5、 6、8 in the protocol vlan. Delete the Protocol VLAN entry whose number is 1: TP-LINK(config)# protocol-vlan vlan 2 template 1 4-6,8 TP-LINK(config)# no protocol-vlan vlan 1...
  • Page 36 Command Mode Any Configuration Mode Example Display information of the protocol-vlan entry: TP-LINK(config)# show protocol-vlan vlan...

  • Page 37: Chapter 6 Voice Vlan Commands

    Command Mode Global Configuration Mode Example Enable the Voice VLAN function for VLAN 2: TP-LINK(config)# voice-vlan enable 2 voice-vlan aging-time Description The voice-vlan aging-time command is used to set the aging time for a voice VLAN. To restore to the default aging time for the Voice VLAN, please use no voice-vlan aging-time command.

  • Page 38: Voice-Vlan Priority

    Command Mode Global Configuration Mode Example Set the aging time for the Voice VLAN as 2880 minutes: TP-LINK(config)# voice-vlan aging-time 2880 voice-vlan priority Description The voice-vlan priority command is used to configure the priority for the VoiceVLAN. To restore to the default priority, please use no voice-vlan priority command.

  • Page 39: Switchport Voice-Vlan Mode

    By default, it is empty. Command Mode Global Configuration Mode Example Create a Voice VLAN OUI descripted as TP-LINK Phone with the MAC address 00:01:E3:00:00:01 and the mask address FF:FF:FF:00:00:00. Andthen delete the Voice VLAN OUI with the MAC address 00:00:00:11:00:01: TP-LINK(config)#...

  • Page 40: Switchport Voice-Vlan Security

    Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable Ethernet port 2 for the Voice VLAN security mode: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport voice-vlan security enable show voice-vlan global Description The show voice-vlan global command is used to display the global configuration information of Voice VLAN.

  • Page 41: Show Voice-Vlan Switchport

    Command Mode Any Configuration Mode Example Display the configuration information of Voice VLAN OUI: TP-LINK(config)# show voice-vlan oui show voice-vlan switchport Description The show voice-vlan switchport command is used to displays the configuration information of the port in the Voice VLAN.

  • Page 42: Chapter 7 Gvrp Commands

    Command Mode Global Configuration Mode Example Enable the GVRP function globally: TP-LINK(config)# gvrp gvrp (interface) Description The gvrp(interface) command is used to enable the GVRP function for the desired port.To disable the GVRP function of this port, please use no gvrp command.

  • Page 43: Gvrp Registration

    Example Enable the GVRP function for ports 2-6: TP-LINK(config)# interface range ethernet 2-6 TP-LINK(config-if)# gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type on the desired port. To restore to the default value, please use no gvrp registration command.

  • Page 44: Show Gvrp Global

    Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the join timer of it to the default value: TP-LINK(config)# interface ethernet 6 TP-LINK(config-if)# gvrp timer leaveall 2000 TP-LINK(config-if)# no gvrp timer join show gvrp global Description The show gvrp global command is used to to display the global GVRP status.

  • Page 45: Show Gvrp Interface

    TP-LINK(config)# show gvrp global show gvrp interface Description The show gvrp interface command is used to display the GVRP configuration information of the specified Ethernet ports. Syntax show gvrp interface [ethernet port-num] Parameter port-num ——The Ethernet port number. By default, the GVRP configuration information of all the Ethernet ports isdisplayed.

  • Page 46: Chapter 8 Lag Commands

    Command Mode Global Configuration Mode Example Access the Interface Link-aggregation Mode and configure the aggregation group 1: TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# interface range link-aggregation Description The interface range link-aggregation command is used to access the Interface range Link-aggregation Mode, and you can configure some aggregation groups at the same time.

  • Page 47: Link-Aggregation

    ——The aggregation group list. You can configure some aggregation groups at the same time. Example Access the Interface range Link-aggregation Mode and configure the aggregation group 1,4-6: TP-LINK(config)# interface range link-aggregation 1,4-6 TP-LINK(config-if)# link-aggregation Description The link-aggregation command is used to add the current Ethernet port to a aggregation group.

  • Page 48: Link-Aggregation Hash-Algorithm

    Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as src_dst_mac: TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac description Description The description command is used to set a description for an aggregation group.To remove the description of an aggregation group, please use no description command.

  • Page 49: Show Interfaces Link-Aggregation

    TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# description movie server show interfaces link-aggregation Description The show interfaces link-aggregation command is used to display the configuration information of the Aggregate Arithmetic and the aggregation groups. Syntax show interface link-aggregation [group-num] Parameter group-num ——The LAG number,ranging from1 to 14. By default, the GVRP configuration information of all the Ethernet ports is displayed.

  • Page 50: Chapter 9 Lacp Commands

    —— system-priority, ranging from 0 to 65535. By default, the value is 32768. Example Set global lacp system priority 1024: TP-LINK(config)# lacp system-priority 1024 lacp admin-key Description The lacp admin-key command is used to configure the admin key. To restore to the default value, please use no lacp admin-key command.

  • Page 51: Lacp Port-Priority

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Configure the admin key of port 1 as 1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp admin-key 1024 lacp port-priority Description The lacp port-priority command is used to set the port priority for a port. To restore to the default priority, please use no lacp port-priority command.

  • Page 52: Show Lacp System-Priority

    Ethernet ports. Command Mode Any Configuration Mode Example Display the configuration information of all the Ethernet ports: TP-LINK(config)# show lacp interface show lacp system-priority Description The show lacp system-priority command is used to display the global system priority value of LACP.

  • Page 53: Chapter 10 User Manage Commands

    Admin: can edit, modify and view all the settings of different functions. disable | enable ——Enable/disable the user. Command Mode Global Configuration Mode Example Add and enable a new admin user named tplink, and of which the password is password: TP-LINK(config)#user add tplink password password confirm-password password admin enable...

  • Page 54: User Remove

    Syntax user modify status user-name {disable | enable} Parameter user-name —— The existing user name. disable | enable ——Disable/enable the user. Command Mode Global Configuration Mode Example Change the status of tplink to enabled: TP-LINK(config)# user modify status tplink enable...

  • Page 55: User Modify Type

    | admin —— Access level. Guest: limited user; admin: manager. Command Mode Global Configuration Mode Example Change the access level of tplink to admin: TP-LINK(config)# user modify type tplink admin user modify password Description The user modify password command is used to modify the password for the existing user.

  • Page 56: User Access-Control Disable

    Example Modify the password of tplink as newpwd: TP-LINK(config)# user modify password tplink password newpwd newpwd user access-control disable Description The user access-control disable command is used to cancel the user access-control. Syntax user access-control disable Command Mode Global Configuration Mode...

  • Page 57: User Access-Control Mac-Based

    00:00:13:0A:00:01: TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01 user access-control port-based Description The user access-control port-based command is used to to limit the ports for login. Only the users connected to these ports you set here are allowed for login.

  • Page 58: User Max-Number

    Example Enable the access-control of the ports 2, port4, port5, port6,and port8: TP-LINK(config)# user access-control port-based 2,4-6,8 user max-number Description The user max-number command is used to configure the number of the users logging on at the same time. To cancel the limit to the numbers of the users loging in, please use no user max-number command.

  • Page 59: Show User Account-List

    10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minites: TP-LINK(config)# user idle-timeout 15 show user account-list Description The show user account-list command is used to display the information of the current users.
  • Page 60 Command Mode Any Configuration Mode Example Display the security configuration information of the users: TP-LINK(config)# show user configuration...

  • Page 61: Chapter 11 Binding Table Commands

    Global Configuration Mode Example Bind an ACL entry with the IP is 192.168.0.1, MAC is 00:00:00:00:00:01, VLAN ID is 2 and the Port number is 5 manually. Andthen enable the entry for the ARP detection.: TP-LINK(config)# binding-table user-bind host1 192.168.0.1...

  • Page 62: Binding-Table Remove

    Command Mode Global Configuration Mode Example Delete the IP-MAC –VID-PORT entry with the index 5: TP-LINK(config)# binding-table remove index 5 dhcp-snooping Description The dhcp-snooping command is used to enable the DHCP-snooping function for the switch. To disable the DHCP-snooping function, please use no dhcp-snooping command.

  • Page 63: Dhcp-Snooping Global

    5/10/15/20/25/30 (packet/second). By default, it is 5. Command Mode Global Configuration Mode Example Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, Decline Flow Control as 20 pps for DHCP Snooping TP-LINK(config)# dhcp-snooping global global-rate 30 dec-threshold 20 dec-rate 20...

  • Page 64: Dhcp-Snooping Information Enable

    Command Mode Global Configuration Mode Example Enable the Option 82 function of DHCP Snooping: TP-LINK(config)# dhcp-snooping information enable dhcp-snooping information strategy Description The dhcp-snooping information strategy command is used to select the operation for the Option 82 filed of the DHCP request packets from the Host. To restore to the default option, please use no dhcp-snooping information strategy command.

  • Page 65: Dhcp-Snooping Information User-Defined

    Example Replace the Option 82 field of the packets with the switch defined one and then send out: TP-LINK(config)# dhcp-snooping information strategy replace dhcp-snooping information user-defined Description The dhcp-snooping information user-defined command is used to permit users to define the Option 82. To disable the function, please use no dhcp-snooping information user-defined command.

  • Page 66: Dhcp-Snooping Information Circuit-Id

    Example Configure the sub-option Remote ID for the customized Option 82 as tplink: TP-LINK(config)# dhcp-snooping information remote-id tplink dhcp-snooping information circuit-id Description The dhcp-snooping information circuit-id command is used to configure the sub-option Circuit ID for the customized Option 82.

  • Page 67: Dhcp-Snooping Mac-Verify

    Configure the port 2 to be a Trusted Port: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping trusted dhcp-snooping mac-verify Description The dhcp-snooping mac-verify command is used to enable the MAC Verify feature. To disable the MAC Verify feature, please use no dhcp-snooping mac-verify command.

  • Page 68: Dhcp-Snooping Decline

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Set the Flow Control of port 2 as 20 pps: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping rate-limit 20 dhcp-snooping decline Description The dhcp-snooping decline command is used to enable the Decline Protect feature.

  • Page 69: Show Dhcp-Snooping Global

    Command Mode Any Configuration Mode Example Display the configuration of DHCP Snooping globally: TP-LINK(config)# show dhcp-snooping global show dhcp-snooping information Description The show dhcp-snooping information command is used to display the Option 82 configuration of DHCP Snooping.

  • Page 70: Show Dhcp-Snooping Interface

    [ethernet port-num] Parameter port-num ——The number of the switch port. By default, it will display the configuration of all the ports. Command Mode Any Configuration Mode Example Display the interface configuration of all the ports: TP-LINK(config)# show dhcp-snooping interface...

  • Page 71: Chapter 12 Arp Inspection Commands

    Command Mode Global Configuration Mode Example Enable the ARP Detection function globally: TP-LINK(config)# arp detection arp detection trust-port Description The arp detection trust-port command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port. To clear the Trusted Port list, please use no arp detection trust-port command .The...

  • Page 72: Arp Detection (Interface)

    Command Mode Global Configuration Mode Example Configure the ports 2-4,5-8 as the Trusted Port: TP-LINK(config)# arp detection trust-port 2-4,5-8 arp detection (interface) Description The arp detection (interface) command is used to enable the ARP Defend function. To disable the arp detection function, please use no arp detection command.

  • Page 73: Arp Detection Recover

    Configure the maximum amount of the received ARP packets per second as 50 pps for the port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# arp detection limit-rate 50 arp detection recover Description The arp detection recover command is used to restore to the port to the ARP transmit status from the ARP filter status.

  • Page 74: Show Arp Detection Global

    Command Mode Any Confiuration Mode Example Display the ARP detection configuration globally: TP-LINK(config)# show arp detection global show arp detection interface Description The show arp detection interface command is used to display the interface configuration of ARP detedtion.

  • Page 75: Show Arp Detection Statistic Reset

    The show arp detection statistic reset command is used to clear the statistic fo the the illegal ARP packets received. Syntax show arp detection statistic reset Command Mode Global Configuration Mode Example Clear the statistic of the the illegal ARP packets received: TP-LINK(config)# show arp detection statistic reset...

  • Page 76: Chapter 13 Dos Defend Command

    Command Mode Globlal Configuration Mode Example Enable the DoS defend function globally: TP-LINK(config)# dos-prevent dos-prevent type Description The dos-prevent type command is used to select the DoS Defend Type. To disable the corresponding Defend Type, please use no dos-prevent type command.

  • Page 77: Show Dos-Prevent

    Global Configuration Mode Example Enable three DoS Defend Types named Land attack, Xma Scan attack and Ping flooding attack: TP-LINK(config)# dos-prevent type land xma-scan ping-flood show dos-prevent Description The show dos-prevent command is used to display the DoS information of the detected DoS attack, including enable/disable status, the DoS Defend Type,etc.

  • Page 78: Chapter 14 Ieee 802.1X Commands

    Command Mode Global Configuration Mode Example Enable the IEEE 802.1X function: TP-LINK(config)# dot1x dot1x authentication-method Description The dot1x authentication-method command is used to configure the Authentication Method of IEEE 802.1X. To restore to the default 802.1x authentication method, please use no dot1x authentication-method command.

  • Page 79: Dot1X Guest-Vlan

    Command Mode Global Configuration Mode Example Configure the Authentication Method of IEEE 802.1X as pap: TP-LINK(config)# dot1x authentication-method pap dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function globally. To disable the Guest VLAN function, please use no dot1x guest-vlan command.

  • Page 80: Dot1X Quiet-Period

    Command Mode Global Configuration Mode Example Enable the quiet-period function: TP-LINK(config)# dot1x quiet-period dot1x timer Description The dot1x timer command is used to configure the Quiet Period and the SupplicantTimeout. To restore to the default, please use no dot1x timer command.

  • Page 81: Dot1X Retry

    Example Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6 seconds: TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 dot1x retry Description The dot1x retry command is used to configure the maximum transfer times of the repeated authentication request. To restore to the default value, please use no dot1x retry command.

  • Page 82: Dot1X Guest-Vlan

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable the IEEE 802.1X function for the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function for a specified port.

  • Page 83: Dot1X Port-Method

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Configure the Control Mode for port 1 as authorized-force: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x port-control authorized-force dot1x port-method Description The dot1x port-method command is used to configure the Control Type of IEEE 802.1X for the specified port.

  • Page 84: Radius Authentication Primary-Ip

    Command Mode Global Configuration Mode Example Configure the IP of the authentication server as 10.20.1.100: TP-LINK(config)# radius authentication primary-ip 10.20.1.100 radius authentication secondary-ip Description The radius authentication secondary-ip command is used to configure the IP address of the alternate authentication server. To restore to the default configuration, please use no radius authentication secondary-ip command.

  • Page 85: Radius Authentication Port

    Command Mode Global Configuration Mode Example Configure the IP address of the alternate authentication server as 10.20.1.101: TP-LINK(config)# radius authentication secondary-ip 10.20.1.101 radius authentication port Description The radius authendication port command is used to configure the authentication port of the alternate authentication server. To restore to the default value, please use no radius authendication port command.

  • Page 86: Radius Accounting Enable

    Global Configuration Mode Example Configure the shared password for the switch and the authentication servers as tplink: TP-LINK(config)# radius authentication key tplink radius accounting enable Description The radius accunting enable command is used to enable the accounting feature. To disable the accounting feature, please use no radius accunting enable command.

  • Page 87: Radius Accounting Primary-Ip

    Command Mode Global Configuration Mode Example Configure the IP address of the accounting server as 10.20.1.100: TP-LINK(config)# radius accounting primary-ip 10.20.1.100 radius accounting secondary-ip Description The radius accounting secondary-ip command is used to configure the IP address of the alternate accounting server. To restore to the default configuration, please use no radius accounting secondary-ip command.

  • Page 88: Radius Accounting Port

    TP-LINK(config)# radius accounting secondary-ip 10.20.1.101 radius accounting port Description The radius accounting port command is used to set the UDP port of accounting server(s). To restore to the default value, please use no radius accounting port. Syntax radius accounting port port-num...

  • Page 89: Radius Response-Timeout

    Global Configuration Mode Example Configure the shared password for the switch and the accounting servers as tplink: TP-LINK(config)# radius accounting key tplink radius response-timeout Description The radius response-timeout command is used to configure the maximum time for the switch to wait for the response from the RADIUS authentication and the accounting server.

  • Page 90: Show Dot1X Interface

    Syntax show dot1x global Command Mode Any configuration Mode Example Display the configuration of 801.X globally: TP-LINK(config)# show dot1x global show dot1x interface Description The show dot1x interface command is used to display the port configuration of 801.X. Syntax show dot1x interface [ ethernet port-num ] Parameter port-num ——The number of the Ethernet port, ranging from 1 to 16.

  • Page 91: Show Radius Accounting

    Any configuration Mode Example Display the configuration of the RADIUS authentication server: TP-LINK(config)# show radius authentication show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server. Syntax show radius accounting Command Mode...

  • Page 92: Chapter 15 Log Commands

    | enable —— Disable or enable the log buffer. By default, it is enabled. Command Mode Global Configuration Mode Example Enable the log buffer function and set the severity as 6: TP-LINK(config)# logging local buffer 6 enable logging local flash Description...

  • Page 93: Logging Clear

    Command Mode Global Configuration Mode Example Enable the log file function and set the severity as 7: TP-LINK(config)# logging local flash 7 logging clear Description The logging clear command is used to clear the information in the log buffer and log file.

  • Page 94: Logging Loghost

    Global Configuration Mode Example Enable the log host 2 and set the IP address 192.168.0.148, the level 5: TP-LINK(config)# logging loghost index 2 192.168.0.148 5 enable show logging local-config Description The show logging lolcal-config command is used to display the configuration...

  • Page 95: Show Logging Loghost

    Command Mode Any Configuration Mode Example Display the configuration of the log host 2: TP-LINK(config)# show logging loghost 2 show logging buffer level Description The show logging buffer level command is used to display the log information in the log buffer according to the severity level.

  • Page 96: Show Logging Flash Level

    Any Configuration Mode Example Display the log information from level 0 to level 5 in the log buffer: TP-LINK(config)# show logging buffer level 5 show logging flash level Description The show logging flash level command is used to display the log information in the log file according to the severity level.

  • Page 97: Chapter 16 Ssh Commands

    Command Mode Global Configuration Mode Example Enable the SSH function: TP-LINK(config)# ssh server enable ssh version Description The ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ssh version command.

  • Page 98: Ssh Idle-Timeout

    TP-LINK(config)# ssh version v2 ssh idle-timeout Description The ssh idle-timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use no ssh idle-timeout command. Syntax ssh idle-timeout value no ssh idle-timeout Parameter value —...

  • Page 99: Ssh Download

    Example Download a SSH-1 type key file named ssh-key from TFTP server with the IP Address 192.168.0.148: TP-LINK(config)# ssh download v1 ssh-key ip-address 192.168.0.148 show ssh Description The show ssh command is used to display the global configuration of SSH.

  • Page 100: Chapter 17 Ssl Commands

    Command Mode Global Configuration Mode Example Enable the SSL function: TP-LINK(config)# ssl enable ssl download certificate Description The ssl download certificate command is used to download a certificate to the switch from from TFTP server. Syntax...

  • Page 101: Ssl Download Key

    Example Download a SSL Certificate named ssl-cert from TFTP server with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description The ssl download key command is used to download a SSL key to the switch from TFTP server.
  • Page 102 Display the global configuration of SSL: TP-LINK(config)# show ssl...

  • Page 103: Chapter 18 Address Commands

    Chapter 18 Address Commands Address configuration can improve the network security by configuring the Port Security and maintaining the address information by managing the Address Table. bridge address port-security Description The bridge address port-security command is used to configure port security. To return to the default configuration, please use no bridge address port-security command.

  • Page 104: Bridge Address Static

    —— The Port number of your desired entry. It ranges from 1 to 16. Command Mode Global Configuration Mode Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and Port1 together: TP-LINK(config)# bridge address static mac 00:02:58:4f:6c:23 vid 1 port 1 bridge aging-time Description...

  • Page 105: Bridge Address Filtering

    Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TP-LINK(config)# bridge aging-time 500 bridge address filtering Description The bridge address filtering command is used to add the filtering address entry. To delete the corresponding entry, please use no bridge address filtering command.

  • Page 106: Show Bridge Port-Security

    00:1e:4b:04:01:5d: TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 show bridge port-security Description The show bridge port-security command is used to configure the Port Security for each port, such as configure the Max number of MAC addressed that can be learned on the port and the Learn Mode.

  • Page 107: Show Bridge Aging-Time

    Description The show bridge aging-time command is used to display the Aging Time of the MAC address. Syntax show bridge aging-time Command Mode Any Configuration Mode Example Display the Aging Time of the MAC address: TP-LINK(config)# show bridge aging-time...

  • Page 108: Chapter 19 System Commands

    —— Contact Information. It consists of 32 characters at most. By default, it is empty. Command Mode Global Configuration Mode Example Configure the System Contact as www.tp-link.com.cn: TP-LINK(config)# system-descript contact-info www.tp-link.com.cn system-time gmt Description The system-time gmt command is used to configure the time zone and the IP Address for the NTP Server.

  • Page 109: System-Time Manual

    Example Configure the system time mode as gmt, the time zone is -12, the primary ntp server is 133.100.9.2 and the secondary ntp server is 139.78.100.163: TP-LINK(config)# system-time gmt -12 133.100.9.2 139.78.100.163 system-time manual Description The system-time manual command is used to configure the system time manually.

  • Page 110: Ip Address

    Global Configuration Mode Example Configure the dst, dst is from April 1 00:00 to November 1 23:00. TP-LINK(config)# system-time dst 04/01 0 11/01 23 ip address Description The ip address command is used to configure the IP Address, Subnet Mask and Default Gateway.

  • Page 111: Ip Management-Vlan

    TP-LINK(config)# ip address 192.168.0.69 255.255.255.0 ip management-vlan Description The ip management-vlan command is used to configure the management VLAN, through which you can log on to the switch. Syntax ip management-vlan {vlan-id} Parameter vlan-id —— VLAN ID, ranging from 1 to 4094.

  • Page 112: Reset

    Command Mode Global Configuration Mode Example Enable the BOOTP Protocol to obtain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch (except the IP Address) will restore to the factory defaults and your current settings will be lost.

  • Page 113: User-Config Backup

    Privileged EXEC Mode Example Backup the configuration files by TFTP server with the IP 192.168.0.148 and name this file config.cfg: TP-LINK# user-config backup filename config.cfg ip-address 192.168.0.148 user-config load Description The user-config load command is used to download the configuration file to the switch by TFTP server.

  • Page 114: User-Config Save

    192.168.0.148 and name this file config.cfg: TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 user-config save Description The user-config save command is used to save current settings. Syntax user-config save Command Mode Privileged EXEC Mode Example Save current settings: TP-LINK# user-config save...

  • Page 115: Ping

    192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 milliseconds. If there is not any response after 8 times’ Ping test, the connection between the switch and the network device is failed to establish: TP-LINK# ping 192.168.0.131 –n 8 –l 512 tracert Description The tracert command is used to test the connectivity of the gateways during its journey from the source to destination of the test data.

  • Page 116: Loopback

    192.168.0.131. If the destination device has not been found after 20 maxHops, the connection between the switch and the destination device is failed to establish: TP-LINK# tracert 192.168.0.131 20 loopback Description The loopback command is used to test whether the port is available or not.

  • Page 117: Show Ip Address

    Syntax show ip address Command Mode Any Configuration Mode Example Display the IP Address of the system TP-LINK# show ip address show system-time Description The show system-time command is used to display the time information of the switch. Syntax show system-time...

  • Page 118: Show System-Time Dst

    Description The show system-time dst command is used to display the DST time information of the switch. Syntax show system-time dst Command Mode Any Configuration Mode Example Display the DST time information of the switch TP-LINK# show system-time dst...

  • Page 119: Chapter 20 Ethernet Configuration Commands

    Command Mode Global Configuration Mode Example Enter the Interface Configuration Mode and configure Ethernet port2: TP-LINK(config)# interface ethernet 2 interface range ethernet Description The interface range ethernet command is used to enter the Interface Configuration Mode and configure multiple Ethernet ports at the same time.

  • Page 120: Description

    Example Enter the Interface Configuration Mode, add ports 1-3, 6-8 to the port-list and configure them: TP-LINK(config)# interface range ethernet 1-3,6-8 description Description The description command is used to add a description to the Ethernet port. To clear the description of the corresponding port, please use no description command.

  • Page 121: Flow-Control

    Interface Configuration Mode(interface ethernet / interface range ethernet) Example Disable Ethernet port3: TP-LINK(config)# interface ethernet 3 TP-LINK(config-if)# shutdown flow-control Description The flow-control command is used to enable the flow-control function for a port. To disable the flow-control function for this corresponding port, please use no flow-control command.

  • Page 122: Storm-Control

    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Configure the Negotiation Mode as 100M full-duplex for Ethernet port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# negotiation 100f storm-control Description The storm-control command is used to configure the Storm Control function.

  • Page 123: Storm-Control Disable Bc-Rate

    Enable the Storm Control function for port5 and specify the bc-rate as 128kbps, mc-rate as 512kbps and ul-rate as 2Mbps: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control bc-rate 128k mc-rate 512k ul-rate 2m storm-control disable bc-rate Description The storm-control disable bc-rate command is used to disable the Broadcast packets control.

  • Page 124: Storm-Control Disable Ul-Rate

    TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control disable mc-rate storm-control disable ul-rate Description The storm-control disable ul-rate command is used to disable the UL-Frame control. Syntax storm-control disable ul-rate Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Disable the UL-Frame control for port5:...

  • Page 125: Port Rate-Limit Disable Ingress

    TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit ingress 5120 egress 1024 port rate-limit disable ingress Description The port rate-limit disable ingress command is used to disable the ingress-rate limit. Syntax port rate-limit disable ingress Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet)...

  • Page 126: Show Interface Status

    Command Mode Any Configuration Mode Example Display the configurations of port5: TP-LINK# show interface configuration ethernet 5 show interface status Description The show interface status command is used to display the connective-status of an Ethernet port.

  • Page 127: Show Storm-Control Ethernet

    Command Mode Any Configuration Mode Example Display the statistic information of Ethernet port3: TP-LINK(config)# show interface counters ethernet 3 show storm-control ethernet Description The show storm-control ethernet command is used to display the storm-control information of an Ethernet port.
  • Page 128 — — The port-number of the port selected to display the rate-limit information. It ranges from 1 to 10. By default, the rate-limit information of all ports is displayed. Command Mode Any Configuration Mode Example Display the rate-limit information of all Ethernet ports: TP-LINK(config)# show port rate-limit...

  • Page 129: Chapter 21 Qos Commands

    CoS value of the ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. Example Configure the priority of port 5 as 3: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# qos 3 qos dot1p config Description The qos dot1p config command is used to configure the mapping relation between IEEE 802.1P Priority and Egress Queue.

  • Page 130: Qos Dscp Enable

    Among the priority levels TC0-TC3, the bigger value, the higher priority. Example Map tag value 0 to TC3: TP-LINK(config)# qos dot1p config 0 3 qos dscp enable Description The qos dscp enable command is used to enable the mapping relation between DSCP Priority and Egress Queue.

  • Page 131: Qos Dscp Config

    DSCP priorities are mapped to the corresponding 802.1p priorities. IP datagram will detemin its egress queue based on the mapping relation between 802.1p priority and priority levels. Example Map DSCP values 10,11,15 to CoS0: TP-LINK(config)# qos dscp config 10,11,15 0...

  • Page 132: Qos Scheduler

    —— Equal-Mode. In this mode, all the queues occupy the bandwidth equally. The weight value ratio of all the queues is 1:1:1:1. Command Mode Global Configuration Mode Example Specify the Schedule Mode as Weight Round Robin Mode: TP-LINK(config)# qos scheduler wrr...

  • Page 133: Show Qos Port-Based

    1 to 10. By default, information of all the ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of QoS for port 5: TP-LINK# show qos port-based 5 show qos dot1p Description The show qos dot1p command is used to display the configuration of IEEE 802.1P Priority.

  • Page 134: Show Qos Scheduler

    Command Mode Any Configuration Mode Example Display the configuration of DSCP Priority: TP-LINK# show qos dscp show qos scheduler Description The show qos scheduler command is used to display the schedule rule of the egress queues. Syntax...

  • Page 135: Chapter 22 Port Mirror Commands

    Configure port 3 as mirrored port, port 4 as mirroring port, the mirror mode as both and group number as 1 : TP-LINK(config)# mirror add 3 4 both 1 User Guidelines The mirroring port is corresponding to current interface configuration mode.

  • Page 136: Mirror Remove Group

    [mirrored port] [group-num] Parameter Mirrored port —— The port to be monitored. group-num —— The group number of mirrior group. Command Mode Global Configuration Mode Example Remove mirrored port 1,2-4 from mirror group 1: TP-LINK(config)# mirror remove mirrored 1,2-4 1...

  • Page 137: Show Mirror

    The show mirror command is used to display the configuration of mirror group. Syntax show mirror [group-num] Parameter group-num —— The group number of mirrior group. Command Mode Any Configuration Mode Example Display configuration fo mirror group 1: TP-LINK# show mirror 1...

  • Page 138: Chapter 23 Port Isolation Commands

    Command Mode Interface Configuration Mode (interface ethernet/interface range ethernet) Example Configure port 1 and port 2 can only forward packets to port 6 and port 10: TP-LINK(config)# interface range ethernet 1-2 TP-LINK(config-if)# port isolation 6,10 show port isolation Description The show port isolation command is used to display the forward portlist of a port.
  • Page 139 Example Display the forward-list of port 6: TP-LINK# show port isolation 6...

  • Page 140: Chapter 24 Acl Commands

    Chapter 24 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security. acl time-segment Description The acl time-segment command is used to add Time-Range.

  • Page 141: Acl Edit Time-Segment

    Command Mode Global Configuration Mode Example Add a time-range named tSeg1, with time from 8:30 to 12:00 at working day: TP-LINK(config)# acl time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl edit time-segment Description The acl edit time-segment command is used to edit Time-Range.

  • Page 142: Acl Holiday

    TP-LINK(config)# acl edit time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl holiday Description The acl holiday command is used to create holiday in Holiday Mode in the acl time-segment command. To delete the corresponding holiday, please use no acl holiday command.

  • Page 143: Acl Rule Mac-Acl

    Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20: TP-LINK(config)# acl create 20 acl rule mac-acl Description The acl rule mac-acl command is used to add MAC ACL rule. To delete the corresponding rule, please use no acl rule mac-acl command. MAC ACLs...

  • Page 144: Acl Edit Rule Mac-Acl

    TP-LINK(config)# acl create 20 TP-LINK(config)# acl rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 acl edit rule mac-acl Description The acl edit rule mac-acl command is used to edit MAC ACL rule.

  • Page 145: Acl Rule Std-Acl

    11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl edit rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 acl rule std-acl Description The acl rule std-acl command is used to add Standard-IP ACL rule.

  • Page 146: Acl Edit Rule Std-Acl

    255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl create 120 TP-LINK(config)# acl rule std-acl 120 10 op permit dip 192.168.0.100 dmask 255.255.255.0 tseg tSeg1 acl edit rule std-acl Description The acl edit rule std-acl command is used to edit Standard-IP ACL rule.

  • Page 147: Acl Policy Policy-Add

    192.168.0.100, the source IP address mask is 255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl edit rule std-acl 120 10 op permit dip 192.168.0.100 dmask 255.255.255.0 tseg tSeg1 acl policy policy-add Description The acl policy policy-add command is used to add Policy.

  • Page 148: Acl Policy Action-Add

    Command Mode Global Configuration Mode Example Add a Policy named policy1: TP-LINK(config)# acl policy policy-add policy1 acl policy action-add Description The acl policy action-add command is used to add ACLs and create actions for the policy. To delete the corresponding actions, please use no acl policy action-add command.

  • Page 149: Acl Edit Action

    Create a Policy named policy1. For the data packets those match ACL 120 in the policy, if the rate beyond 1000kbps, will be discarded by the switch: TP-LINK(config)# acl policy policy-add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl edit action Description The acl edit action command is used to edit actions for the policy.

  • Page 150: Acl Bind To-Port

    Command Mode Global Configuration Mode Example Bind policy1 to Port 1,3-5: TP-LINK(config)# acl bind to-port policy1 1,3-5 acl bind to-vlan Description The acl bind to-vlan command is used to bind a policy to a VLAN. To cancel the bind relation, please use no policy to-vlan command.

  • Page 151: Show Acl Time-Segment

    Syntax show acl time-segment Command Mode Any Configuration Mode Example Display the configuration of Time-Range: TP-LINK> show acl time-segment show acl holiday Description The show acl holiday command is used to display the defined holiday. Syntax show acl holiday Command Mode...

  • Page 152: Show Acl Bind

    Any Configuration Mode Example Display the configuration of the MAC ACL whose ID is 20: TP-LINK> show acl config 20 show acl bind Description The show acl bind command is used to display the configuration of Policy bind. Syntax show acl bind...

  • Page 153: Chapter 25 Mstp Commands

    Chapter 25 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as well as optimize paths. spanning-tree global Description The spanning-tree global command is used to configure STP globally.

  • Page 154: Spanning-Tree Common-Config

    4096, Hello Time as 4 seconds, Max Age as 10 seconds, Forward Delay as 10 seconds, TxHold Count as 8pps and Max Hops as 15 hops: TP-LINK(config)# spanning-tree global status enable mode mstp cist 4096 htime 4 mage 10 delay 10 hcount 8 mhop 15...

  • Page 155: Spanning-Tree Region

    Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# spanning-tree common-config status enable pri 64 expath 100 inpath 100 edge enable spanning-tree region Description The spanning-tree region command is used to configure the region of MSTP.

  • Page 156: Spanning-Tree Msti

    Command Mode Global Configuration Mode Example Configure the region name of MSTP as r1, and the revision level as 100: TP-LINK(config)# spanning-tree region r1 100 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance. To return to the default configuration of the corresponding Instance, please use no spanning-tree msti command.

  • Page 157: Spanning-Tree Msti

    Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as 4096: TP-LINK(config)# spanning-tree msti 1 status enable pri 4096 mapped 2-5,8 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree msti command.

  • Page 158: Spanning-Tree Security

    Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets, and TC Protect Cycle as 10 seconds: TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree security Description The spanning-tree security command is used to configure MSTP Port Protect.

  • Page 159: Spanning-Tree Mcheck

    Example Enable Loop Protect, Root Protect, TC Protect, BPDU Protect, and BPDU Filter for port 2: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# spanning-tree security loop enable root enable TC enable defend enable hold enable spanning-tree mcheck Description The spanning-tree mcheck command is used to enable MCheck.

  • Page 160: Show Spanning-Tree Global-Config

    Command Mode Any Configuration Mode Example Display the current status of Spanning Tree: TP-LINK# show spanning-tree global-info show spanning-tree global-config Description The show spanning-tree global-config command is used to display the global configuration of Spanning Tree. Syntax...

  • Page 161: Show Spanning-Tree Region

    —— The ID of the instance selected to display the configuration, ranging from 1 to 8. Command Mode Any Configuration Mode Example Display the configuration of instance 1: TP-LINK(config)# show spanning-tree msti config 1 show spanning-tree msti port Description...

  • Page 162: Show Spanning-Tree Security Tc-Defend

    Command Mode Any Configuration Mode Example Display the configuration of port 5 in Instance 1: TP-LINK(config)# show spanning-tree msti port 1 5 show spanning-tree security tc-defend Description The show spanning-tree security tc-defend command is used to display TC Threshold and TC Protect Cycle of Spanning Tree.

  • Page 163: Command Mode

    —— The port selected to display the configuration, ranging from 1 to 10. By default, the Port Protect configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Protect configuration of port 2: TP-LINK(config)# show spanning-tree security port-defend 2...

  • Page 164: Chapter 26 Igmp Commands

    Command Mode Global Configuration Mode Example Enable IGMP Snooping function, and specify the operation to process unknown multicast as discard: TP-LINK(config)# igmp-snooping global status enable unknown-packet discard igmp-snooping config Description The igmp-snooping config status command is used to configure IGMP Snooping and Fast Leave function for port.

  • Page 165: Igmp-Snooping Vlan-Config-Add

    Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable IGMP Snooping and Fast Leave function for port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping config status enable fast-leave enable igmp-snooping vlan-config-add Description The igmp-snooping vlan-config-add command is used to configure IGMP Snooping parameters for individual VLANs.

  • Page 166: Igmp-Snooping Vlan-Config

    Enable IGMP Snooping for VLAN 1, and configure Router Port Time as 200 seconds, Member Port Time as 100 seconds, Leave time as 10 seconds and Static Router Port as port 1: TP-LINK(config)# igmp-snooping vlan-config-add 1 rtime 200 mtime 100 ltime 10 rport 1 igmp-snooping vlan-config...

  • Page 167: Igmp-Snooping Multi-Vlan-Config

    Example Modify Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 1: TP-LINK(config)# igmp-snooping vlan-config 1 rtime 300 mtime 200 ltime 15 igmp-snooping multi-vlan-config Description The igmp-snooping multi-vlan-config command is used to create Multicast VLAN.

  • Page 168: Igmp-Snooping Static-Entry-Add

    Example Enable Multicast VLAN, and configure Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 2: TP-LINK(config)# igmp-snooping multi-vlan-config enable 2 rtime 300 mtime 200 ltime 15 igmp-snooping static-entry-add...

  • Page 169: Igmp-Snooping Filter-Add

    1: TP-LINK(config)# igmp-snooping static-entry-add 225.0.0.1 2 1 igmp-snooping filter-add Description The igmp-snooping filter-add command is used to configure the multicast IP-range desired to filter. To delete the corresponding IP-range, please use no igmp-snooping filter-add command. When IGMP Snooping is enabled, you can specified the multicast IP-range the ports can join so as to restrict users ordering multicast programs via configuring multicast filter rules.

  • Page 170: Igmp-Snooping Filter

    Command Mode Global Configuration Mode Example Modify the multicast IP-range whose ID is 20 as 225.0.0.10~225.0.0.12: TP-LINK(config)# igmp-snooping filter-config 20 225.0.0.10 225.0.0.12 igmp-snooping filter Description The igmp-snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp-snooping filter command. When...

  • Page 171: Show Igmp-Snooping Global-Config

    IP-range 2, 3, 4, and specify the maximum number of multicast groups for port 5 to join in as 128: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping filter status enable mode accept addr-id 2-4 maxgroup 128 show igmp-snooping global-config Description The show igmp-snooping global-config command is used to display the global configuration of IGMP.

  • Page 172: Show Igmp-Snooping Vlan-Config

    Example Display the IGMP configuration of port 2: TP-LINK> show igmp-snooping port-config 2 show igmp-snooping vlan-config Description The show igmp-snooping vlan-config command is used to display the VLAN configuration of IGMP. Syntax show igmp-snooping vlan-config Command Mode Any Configuration Mode...

  • Page 173: Show Igmp-Snooping Filter-Ip-Addr

    Syntax show igmp-snooping multi-ip-list Command Mode Any Configuration Mode Example Display the Multicast IP table: TP-LINK> show igmp-snooping multi-ip-list show igmp-snooping filter-ip-addr Description The show igmp-snooping filter-ip-addr command is used to display the Multicast Filter IP-Range table. Syntax show igmp-snooping filter-ip-addr...

  • Page 174: Show Igmp-Snooping Packet-Stat

    TP-LINK> show igmp-snooping port-filter 5 show igmp-snooping packet-stat Description The show igmp-snooping packet-stat command is used to display the Packet Statistics information of all ports. Syntax show igmp-snooping packet-stat Command Mode Any Configuration Mode Example Display the Packet Statistics information: TP-LINK>...

  • Page 175: Chapter 27 Snmp Commands

    10 to 64 hexadecimal characters, which must be even number meanwhile. Command Mode Global Configuration Mode Example Enable the SNMP function, and specify the Local Engine ID as 1234567890, the Remote Engine ID as 123456abcdef: TP-LINK(config)# snmp global status enable engine-id 1234567890 remote-id 123456abcdef...

  • Page 176: Snmp View-Add

    Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: TP-LINK(config)# snmp view-add view1 1.3.6.1.6.3.20 include snmp group-add Description The snmp group-add command is used to manage and configure the SNMP group.
  • Page 177 Add group 1, configure its Security Model as SNMP v2c, view1 can be read and edited by group member, and the trap messages sent by view2 can be received by Management station: TP-LINK(config)# snmp group-add group1 smode v2c ro view1 wo view1 inform view2...

  • Page 178: Snmp User-Add

    snmp user-add Description The snmp user-add command is used to add User. To delete the corresponding User, please use no snmp user-add command. The User in a SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access right. Syntax snmp user-add {name} { local | remote } {group-name} [smode { v1 | v2c | v3 }] [slev { noAuthNoPriv | authNoPriv | authPriv }] [cmode { none | MD5 | SHA }]...

  • Page 179: Snmp Community-Add

    MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TP-LINK(config)# snmp user-add admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222 snmp community-add Description The snmp community-add command is used to add Community.

  • Page 180: Snmp Notify-Add

    snmp notify-add Description The snmp notify-add command is used to add Notification. To delete the corresponding Notification, please use no snmp notify-add command. With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views, which allows the management station to monitor and process the events in time.

  • Page 181: Snmp-Rmon History Sample-Cfg

    Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the resending time as 100: TP-LINK(config)# snmp notify-add 192.168.0.1 162 admin smode v2c type inform resend 100 timeout 1000 snmp-rmon history sample-cfg...

  • Page 182: Snmp-Rmon History Owner

    TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100 snmp-rmon history owner Description The snmp-rmon history owner command is used to configure the owner of the history sample entry. To return to the default configuration, please use no snmp-rmon history owner command.

  • Page 183: Snmp-Rmon Event User

    Command Mode Global Configuration Mode Example Configure the user name of entry 1 as user1: TP-LINK(config)# snmp-rmon event user 1 user1 snmp-rmon event description Description The snmp-rmon event description command is used to configure the description of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event description command.

  • Page 184: Snmp-Rmon Event Type

    Command Mode Global Configuration Mode Example Configure the description of entry 1 as description1: TP-LINK(config)# snmp-rmon event description 1 description1 snmp-rmon event type Description The snmp-rmon event type command is used to configure the type of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event type command.

  • Page 185: Snmp-Rmon Event Owner

    Command Mode Global Configuration Mode Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon event owner 1 owner1 snmp-rmon event enable Description The snmp-rmon event enable command is used to enable SNMP-RMON Event entry. To disable the corresponding entry, please use no snmp-rmon event enable command.

  • Page 186: Snmp-Rmon Alarm Config

    Enable the SNMP-RMON Event entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. To return to the default configuration, please use no snmp-rmon alarm config command. Alarm Group is one of the commonly used RMON Groups.

  • Page 187: Snmp-Rmon Alarm Owner

    Global Configuration Mode Example Configure the alarm interval time of the entries 1,2,3 and 6 as 1000 seconds: TP-LINK(config)# snmp-rmon alarm config 1-3,6 interval 1000 snmp-rmon alarm owner Description The snmp-rmon alarm owner command is used to configure the owner of the Alarm Management entry.

  • Page 188: Snmp-Rmon Alarm Enable

    Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon alarm owner 1 owner1 snmp-rmon alarm enable Description The snmp-rmon alarm enable command is used to enable SNMP-RMON Alarm Management entry. To disable the corresponding entry, please use no snmp-rmon alarm enable command.

  • Page 189: Show Snmp View

    Syntax show snmp view Command Mode Any Configuration Mode Example Display the View table: TP-LINK> show snmp view show snmp group Description The show snmp group command is used to display the Group table. Syntax show snmp group Command Mode...

  • Page 190: Show Snmp Community

    TP-LINK> show snmp user show snmp community Description The show snmp community command is used to display the Community table. Syntax show snmp community Command Mode Any Configuration Mode Example Display the Community table: TP-LINK> show snmp community show snmp destination-host...

  • Page 191: Show Snmp-Rmon Event

    Command Mode Any Configuration Mode Example Display the Event configuration of entry 2: TP-LINK> show snmp-rmon event 2 show snmp-rmon alarm Description The show snmp-rmon alarm command is used to display the configuration of the Alarm Management entry.
  • Page 192 1 to 12. You can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all Alarm Management entries: TP-LINK> show snmp-rmon alarm...

  • Page 193: Chapter 28 Cluster Commands

    Time ranges from 5 to 254 in seconds. By default, it is 60. Command Mode Global Configuration Mode Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TP-LINK(config)# cluster ndp status enable aging-timer 120 hello-timer 50...

  • Page 194: Cluster Ntdp

    cluster ntdp Description The cluster ntdp command is used to configure NTDP globally. To return to the default configuration, please use no cluster ntdp command. NTDP (Neighbor Topology Discovery Protocol) is used to collect the NDP information and neighboring connection information of each device in a specific network range. It provides the commander switch with the information of devices which can join the cluster and collects topology information of devices within the specified hops.

  • Page 195: Cluster Explore

    TP-LINK(config)# cluster ntdp status enable interval 20 hop 5 hop-delay 300 port-delay 50 cluster explore Description The cluster explore command is used to enable the topology information collecting function manually. Syntax cluster explore Command Mode Global Configuration Mode Example Enable the topology information collecting function manually:...

  • Page 196: Cluster Manage Role-Change

    Command Mode Global Configuration Mode Example Change the role of the current switch to Candidate Switch: TP-LINK(config)# cluster manage role-change candidate show cluster ndp global Description The show cluster ndp global command is used to display the global configuration of NDP.

  • Page 197: Show Cluster Ndp Port-Status

    10. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NDP configuration of port 2: TP-LINK> show cluster ndp port-status 2 show cluster neighbour Description The show cluster neighbour command is used to display the cluster neighbor information.

  • Page 198: Show Cluster Ntdp Port-Status

    1 to 10. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NTDP configuration of port 2: TP-LINK> show cluster ntdp port-status 2 show cluster ntdp device Description The show cluster ntdp device command is used to display the device table of NTDP.

  • Page 199: Show Cluster Manage Role

    TP-LINK> show cluster ntdp device show cluster manage role Description The show cluster manage role command is used to display the role of the current switch. Syntax show cluster manage role Command Mode Any Configuration Mode Example Display the role of the current switch:...

Table of Contents