Page 1 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch Rev: 1.0.0 1910010299...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3: Table Of Contents
CONTENTS Preface........................1 Chapter 1 Using the CLI ..................4 1.1 Accessing the CLI ......................4 1.1.1 Logon by a console port ..................4 1.1.2 Logon by Telnet ....................6 1.2 CLI Command Modes .....................8 1.3 Security Levels ......................11 1.4 Conventions ........................11 1.4.1 Format Conventions ...................
Page 4 mac-vlan interface .........................22 show mac-vlan ........................23 show mac-vlan interface......................23 Chapter 5 Protocol VLAN Commands............... 24 protocol-vlan template ......................24 protocol-vlan vlan ........................24 protocol-vlan interface ......................25 show protocol-vlan template....................26 show protocol-vlan vlan ......................26 show protocol-vlan interface....................26 Chapter 6 VLAN-VPN Commands..............28 vlan-vpn enable ........................28 vlan-vpn tpid ..........................28 vlan-vpn vlan-mapping add ....................29 vlan-vpn vlan-mapping modify....................29...
Page 5 gvrp registration........................40 gvrp timer ..........................40 show gvrp global ........................41 show gvrp interface .......................42 Chapter 9 LAG Commands ................43 interface link-aggregation ......................43 interface range link-aggregation ....................43 link-aggregation........................44 link-aggregation hash-algorithm ....................45 description ..........................45 show interfaces link-aggregation ...................46 Chapter 10 LACP Commands ................47 lacp............................47 lacp (interface)........................47 lacp admin-key ........................48...
Page 6 binding-table remove ......................60 dhcp-snooping........................60 dhcp-snooping global ......................61 dhcp-snooping information enable ..................62 dhcp-snooping information strategy ..................62 dhcp-snooping information user-defined ................63 dhcp-snooping information remote-id ..................63 dhcp-snooping information circuit-id..................64 dhcp-snooping trusted ......................64 dhcp-snooping mac-verify .....................65 dhcp-snooping rate-limit ......................65 dhcp-snooping decline......................66 show binding-table.........................67 show dhcp-snooping global ....................67 show dhcp-snooping information...................67 show dhcp-snooping interface....................68 Chapter 13 ARP Inspection Commands..............
Page 7 Chapter 16 IEEE 802.1X Commands ..............80 dot1x............................80 dot1x authentication-method ....................80 dot1x guest-vlan ........................81 dot1x quiet-period........................82 dot1x timer..........................82 dot1x retry ..........................83 dot1x............................83 dot1x guest-vlan ........................84 dot1x port-control ........................84 dot1x port-method .........................85 radius authentication primary-ip ....................86 radius authentication secondary-ip..................87 radius authentication port ......................87 radius authentication key.......................88 radius accounting enable.......................88 radius accounting primary-ip ....................89...
Page 8 ssh version ..........................100 ssh idle-timeout ........................101 ssh max-client ........................101 ssh download ........................102 show ssh ..........................102 Chapter 19 SSL Commands ................104 ssl enable ..........................104 ssl download certificate .......................104 ssl download key .........................105 show ssl..........................105 Chapter 20 Address Commands.................107 bridge address port-security ....................107 bridge address static ......................108 bridge aging-time.........................109 bridge address filtering ......................109...
Page 9 interface Ethernet ........................120 interface range Ethernet ......................120 description ...........................121 shutdown ..........................121 flow-control ..........................122 negotiation...........................122 storm-control ........................123 storm-control disable bc-rate ....................124 storm-control disable mc-rate ....................124 storm-control disable ul-rate ....................125 port rate-limit ........................125 port rate-limit disable ingress....................126 port rate-limit disable egress ....................126 show interface configuration....................127 show interface status......................127 show interface counters.......................128...
Page 10 acl create..........................140 acl rule mac-acl ........................141 acl rule std-acl ........................142 acl policy policy-add ......................143 acl policy action-add ......................144 acl bind to-port........................145 acl bind to-vlan ........................146 show acl time-segment......................146 show acl holiday ........................147 show acl config........................147 show acl bind........................147 Chapter 26 MSTP Commands ................149 spanning-tree global ......................149 spanning-tree common-config .....................150 spanning-tree region......................151...
Page 11 igmp filter-config ........................165 igmp filter..........................166 show igmp global-config ......................167 show igmp port-config ......................167 show igmp vlan-config ......................168 show igmp multi-vlan ......................168 show igmp multi-ip-list ......................168 show igmp filter-ip-addr .......................169 show igmp port-filter ......................169 show igmp packet-stat......................170 show igmp packet-stat-clear ....................170 Chapter 28 SNMP Commands................171 snmp global .........................171 snmp view-add ........................172...
Page 12 show snmp-rmon alarm .......................188 Chapter 29 Cluster Commands................189 cluster ndp...........................189 cluster ntdp ..........................190 cluster explore ........................191 cluster..........................191 cluster create........................192 cluster manage config ......................192 cluster manage member-add....................193 cluster manage role-change ....................193 show cluster ndp global .......................194 show cluster ndp port-status....................194 show cluster neighbour......................195 show cluster ntdp global ......................195 show cluster ntdp port-status....................196 show cluster ntdp device .....................196...
Page 13: Preface
24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch. Overview of this Guide...
Page 14 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 12: Binding Table Commands Provide information about the commands used for binding the IP address, MAC address, VLAN and the connected Port number of the Host together. Chapter 13: ARP Inspection Commands Provide information about the commands used for protecting the switch from the ARP cheating or ARP Attack.
Page 15 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Provide information about the commands used for configuring the ACL (Access Control List). Chapter 26: MSTP Commands Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree Protocol).
Page 16: Chapter 1 Using The Cli
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: Log on to the switch by a RS-232 serial console port on the switch.
Page 17 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Figure 1-2 Connection Description Select the port to connect in figure 1-3, and click OK. Figure 1-3 Select the port to connect Configure the port selected in the step above as the following figure1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.
Page 18: 1.1.2 Logon By Telnet
Type the User name and Password in the Hyper Terminal window, the factory default value for both of them is admin. The DOS prompt” TP-LINK>” will appear after pressing the Enter button as figure1-5 shown. It indicates that you can use the CLI now.
Page 19 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Figure 1-6 Open the Run window Type cmd in the prompt Run window as figure 1-7 and click OK. Figure 1-7 Run Window Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter...
Page 20: 1.2 Cli Command Modes
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Figure 1-8 Connecting to the Switch Type the User name and Password (the factory default value for both of them is admin) and press the Enter button, then you can use the CLI now, which is shown as figure1-9.
Page 21 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide The following table gives detailed information about the Accessing path, Prompt of each mode and how to exit the current mode and access the next mode. Accessing Logout or Access the next...
Page 22 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Use the interface type Use the end command or press Ctrl+Z number command to to return to Privileged EXEC mode. Interface enter this mode from TP-LINK(config-if Enter exit command to return to Global...
Page 23: 1.3 Security Levels
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide history: Display the commands history. 1.3 Security Levels This switch’s security is divided into two levels: User level and Admin level. User level only allows users to do some simple operations in User EXEC Mode; Admin level allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.
Page 24: 1.4.3 Parameter Format
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide If a blank is contained in a character string, single or double quotation marks should be used, for example ’hello world’, ”hello world”, and the words in the quotation marks will be identified as a string.
Page 25: Chapter 2 User Interface
—— super password ， which contains 16 characters at most, composing digits, English letters and underdashes only. By default, it is empty. Command Mode Global Configuration Mode Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TP-LINK(config)# enable password admin...
Page 26: Disable
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Syntax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TP-LINK# disable TP-LINK>...
Page 27: End
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide exit Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode,and then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# Description The end command is used to return to Privileged EXEC Mode.
Page 28: Chapter 3 Ieee 802.1Q Vlan Commands
Syntax vlan database Command Mode Global Configuration Mode Example Access VLAN Configuration Mode: TP-LINK(config)# vlan database TP-LINK(config-vlan)# vlan Description The vlan command is used to creat IEEE 802.1Q VLAN. To delete the IEEE 802.1Q VLAN, please use no vlan command.
Page 29: Interface Vlan
——VLAN ID,ranging from 1 to 4094. Command Mode Global Configuration Mode Example Configure the VLAN2: TP-LINK(config)# interface vlan 2 description Description The description command is used to assign a description string to a VLAN. To clear the description, please use no description command.
Page 30: Switchport Type
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# interface vlan 2 TP-LINK(config-if)#description vlan2 switchport type Description The switchport type command is used to configure the Link Types for the ports. Syntax switchport type { access | trunk | general } Parameter access | trunk | general ——...
Page 31: Switchport Pvid
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# interface Ethernet 2 TP-LINK(config-if)# switchport allowed vlan add 2 switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id ——...
Page 32: Show Vlan
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config-if)# switchport general egress-rule tagged show vlan Description The show vlan command is used to display the information of IEEE 802.1Q VLAN . Syntax show vlan [vlan-id] Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. By default , display all the information of IEEE 802.1Q VLAN.
Page 33: Chapter 4 Mac Vlan Commands
, it is empty. Command Mode Global Configuration Mode Example Create VLAN 2 named “RD”,and the MAC address is 00:00:00:00:00:01: TP-LINK(config)# mac-vlan add 2 00:00:00:00:00:01 RD mac-vlan remove Description The mac-vlan remove command is used to delete the subsistent MAC-Based VLAN entry.
Page 34: Mac-Vlan Modify
Example Modify the VLAN ID of the MAC VLAN entry with the MAC address of 00:00:00:00:00:02 as 12: TP-LINK(config)# mac-vlan modify 12 00:00:00:00:00:02 mac-vlan interface Description The mac-vlan interface command is used to enable the port for the MAC VLAN feature.
Page 35: Show Mac-Vlan
24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Enable the ports 1-3,11-15 for the MAC VLAN feature: TP-LINK(config)# mac-vlan interface 1-3,11-15 show mac-vlan Description The show mac-vlan command is used to display the information of the MAC VLAN entry .
Page 36: Chapter 5 Protocol Vlan Commands
Global Configuration Mode Example Create a Protocol VLAN template named “arp” whose Ethernet protocol type is 0806 and delete the Protocol template whose number is 2: TP-LINK(config)# protocol-vlan template add arp 0806 TP-LINK(config)# protocol-vlan template remove 2 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol VLAN entry.To...
Page 37: Protocol-Vlan Interface
Global Configuration Mode Example Create a Protocol VLAN entry, whose index is 1 and vid is 2. And then delete the Protocol VLAN entry whose number is 1: TP-LINK(config)# protocol-vlan vlan 2 template 1 TP-LINK(config)# no protocol-vlan vlan 1 protocol-vlan interface Description The protocol-vlan interface command is used to enable the Protocol VLAN feature for a specified port.
Page 38: Show Protocol-Vlan Template
Command Mode Any Configuration Mode Example Display the information of the Protocol VLAN templates: TP-LINK(config)# show protocol-vlan template show protocol-vlan vlan Description The show protocol-vlan vlan command is used to display the information about Protocol VLAN entry.
Page 39 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Any Configuration Mode Example Display the configuration of the protocol-vlan interface: TP-LINK(config)# show protocol-vlan interface...
Page 40: Chapter 6 Vlan-Vpn Commands
Command Mode Global Configuration Mode Example Enable the VLAN-VPN function globally: TP-LINK(config)# vlan-vpn enable vlan-vpn tpid Description The vlan-vpn tpid command is used to configure Global TPID of the VLAN-VPN. To restore to the default value, please use the no vlan-vpn tpid command.
Page 41: Vlan-Vpn Vlan-Mapping Add
Global Configuration Mode Example Add a VLAN Mapping entry with the C-VLAN being 2 and the SP-VLAN being 200: TP-LINK(config)# vlan-vpn vlan-mapping add 2 200 vlan-vpn vlan-mapping modify Description The vlan-vpn vlan-mapping modify command is used to modify the subsistent...
Page 42: Vlan-Vpn Vlan-Mapping Remove
Global Configuration Mode Example Modify the subsistent VLAN Mapping entry with the C-VLAN 2,and reconfigure the SP-VLAN as 100: TP-LINK(config)# vlan-vpn vlan-mapping modify 2 100 vlan-vpn vlan-mapping remove Description The vlan-vpn vlan-mapping remove command is used to delete the subsistent VLAN Mapping entry according to the C-VLAN ID.
Page 43: Vlan-Vpn Uplink
Command Mode Global Configuration Mode Example Enable the VLAN Mapping feature for the ports 2-5,16-18: TP-LINK(config)# vlan-vpn vlan-mapping interface 2-5,16-18 vlan-vpn uplink Description The vlan-vpn uplink command is used to configure a specified port as the VPN Up-link port. To cancel this VPN Up-link port, please use the no vlan-vpn uplink command.
Page 44: Show Vlan-Vpn Uplink
Command Mode Any Configuration Mode Example Display the global configuration information of the VLAN VPN: TP-LINK(config)# show vlan-vpn global show vlan-vpn uplink Description The show vlan-vpn uplink command is used to display the configuration information of the VLAN VPN Up-link ports.
Page 45: Show Vlan-Vpn Vlan-Mapping Interface
The show vlan-vpn vlan-mapping interface command is used to display the VLAN Mapping port enable state. port state of VLAN Mapping Syntax show vlan-vpn vlan-mapping interface Command Mode Any Configuration Mode Example Display the VLAN Mapping port enable state: TP-LINK(config)# show vlan-vpn vlan-mapping interface...
Page 46: Chapter 7 Voice Vlan Commands
Command Mode Global Configuration Mode Example Enable the Voice VLAN function for VLAN 2: TP-LINK(config)# voice-vlan enable 2 voice-vlan aging-time Description The voice-vlan aging-time command is used to set the aging time for a voice VLAN. To restore to the default aging time for the Voice VLAN, please use no voice-vlan aging-time command.
Page 47: Voice-Vlan Priority
Command Mode Global Configuration Mode Example Set the aging time for the Voice VLAN as 2880 minutes: TP-LINK(config)# voice-vlan aging-time 2880 voice-vlan priority Description The voice-vlan priority command is used to configure the priority for the VoiceVLAN. To restore to the default priority, please use no voice-vlan priority command.
Page 48: Switchport Voice-Vlan Mode
By default, it is empty. Command Mode Global Configuration Mode Example Create a Voice VLAN OUI descripted as TP-LINK Phone with the MAC address 00:01:E3:00:00:01 and the mask address FF:FF:FF:00:00:00. Andthen delete the Voice VLAN OUI with the MAC address 00:00:00:11:00:01: TP-LINK(config)#...
Page 49: Switchport Voice-Vlan Security
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config-if)# switchport voice-vlan mode manual switchport voice-vlan security Description The switchport voice-vlan security command is used to configure the Voice VLAN security mode. Syntax switchport voice-vlan security {disable | enable} Parameter disable / enable ——...
Page 50: Show Voice-Vlan Oui
Command Mode Any Configuration Mode Example Display the configuration information of Voice VLAN OUI: TP-LINK(config)# show voice-vlan oui show voice-vlan switchport Description The show voice-vlan switchport command is used to displays the configuration information of the port in the Voice VLAN.
Page 51: Chapter 8 Gvrp Commands
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 8 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagate the local VLAN registration information to other switches, without having to individually configure each VLAN.
Page 52: Gvrp Registration
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Enable the GVRP function for ports 2-6: TP-LINK(config)# interface range Ethernet 2-6 TP-LINK(config-if)# gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type on the desired port.
Page 53: Show Gvrp Global
Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the join timer of it to the default value: TP-LINK(config)# interface Ethernet 6 TP-LINK(config-if)# gvrp timer leaveall 2000 TP-LINK(config-if)# no gvrp timer join show gvrp global Description The show gvrp global command is used to to display the global GVRP status.
Page 54: Show Gvrp Interface
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Display the global GVRP status: TP-LINK(config)# show gvrp global show gvrp interface Description The show gvrp interface command is used to display the GVRP configuration information of the specified Ethernet ports.
Page 55: Chapter 9 Lag Commands
Command Mode Global Configuration Mode Example Access the Interface Link-aggregation Mode and configure the aggregation group 1: TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# interface range link-aggregation Description The interface range link-aggregation command is used to access the Interface range Link-aggregation Mode, and you can configure some aggregation groups at the same time.
Page 56: Link-Aggregation
——The aggregation group list. You can configure some aggregation groups at the same time. Example Access the Interface range Link-aggregation Mode and configure the aggregation group 1,4-6: TP-LINK(config)# interface range link-aggregation 1,4-6 TP-LINK(config-if)# link-aggregation Description The link-aggregation command is used to add the current Ethernet port to a aggregation group.
Page 57: Link-Aggregation Hash-Algorithm
Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as src_dst_mac: TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac description Description The description command is used to set a description for an aggregation group.To remove the description of an aggregation group, please use no description command.
Page 58: Show Interfaces Link-Aggregation
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# description “movie server” show interfaces link-aggregation Description The show interfaces link-aggregation command is used to display the configuration information of the Aggregate Arithmetic and the aggregation groups.
Page 59: Chapter 10 Lacp Commands
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 10 LACP Commands LACP (Link Aggregation Control Protocol) is defined in IEEE802.3ad and enables the dynamic link aggregation and disaggregation by exchanging LACP packets with its partner. The switch can dynamically group similarly configured ports into a single logical link, which will highly extend the bandwidth and flexibly balance the load.
Page 60: Lacp Admin-Key
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Enable LACP protocol on the port 1: TP-LINK(config)# interface Ethernet 1 TP-LINK(config-if)# lacp lacp admin-key Description The lacp admin-key command is used to configure the admin key. To restore to the default value, please use no lacp admin-key command.
Page 61: Lacp Port-Priority
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Set the system priority of port 1 to1024: TP-LINK(config)# interface Ethernet 1 TP-LINK(config-if)# lacp system-priority 1024 lacp port-priority Description The lacp port-priority command is used to to set the priority of the current port.
Page 62: Show Lacp Interface
[Ethernet port-num] Parameter port-num —— The Ethernet port number. By default, display the configuration information of all the Ethernet ports. Command Mode Any Configuration Mode Example Display the configuration information of all the Ethernet ports: TP-LINK(config)# show lacp interface...
Page 63: Chapter 11 User Manage Commands
Admin: can edit, modify and view all the settings of different functions. disable | enable ——Enable/disable the user. Command Mode Global Configuration Mode Example Add and enable a new admin user named tplink, and of which the password is password: TP-LINK(config)#user add tplink password password confirm-password password admin enable...
Page 64: User Remove
Syntax user modify status user-name {disable | enable} Parameter user-name —— The existing user name. disable | enable ——Disable/enable the user. Command Mode Global Configuration Mode Example Change the status of tplink to enabled: TP-LINK(config)# user modify status tplink enable...
Page 65: User Modify Type
| admin —— Access level. Guest: limited user; admin: manager. Command Mode Global Configuration Mode Example Change the access level of tplink to admin: TP-LINK(config)# user modify type tplink admin user modify password Description The user modify password command is used to modify the password for the existing user.
Page 66: User Access-Control Disable
24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Global Configuration Mode Example Modify the password of tplink as newpwd: TP-LINK(config)# user modify password tplink password newpwd newpwd user access-control disable Description The user access-control disable command is used to cancel the user access-control.
Page 67: User Access-Control Mac-Based
00:00:13:0A:00:01: TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01 user access-control port-based Description The user access-control port-based command is used to to limit the ports for login. Only the current host and the users connected to these ports you set here are allowed for login.
Page 68: User Max-Number
Command Mode Global Configuration Mode Example Enable the access-control of the ports 2, port4, port5, port6,and port10: TP-LINK(config)# user access-control port-based 2,4-6,10 user max-number Description The user max-number command is used to configure the number of the users logging on at the same time. To cancel the limit to the numbers of the users loging in, please use no user max-number command.
Page 69: Show User Account-List
10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minites: TP-LINK(config)# user idle-timeout 15 show user account-list Description The show user account-list command is used to display the information of the current users.
Page 70 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide information of the users, including access-control, max-number and the idle-timeout, etc. Syntax show user configuration Command Mode Any Configuration Mode Example Display the security configuration information of the users: TP-LINK(config)# show user configuration...
Page 71: Chapter 12 Binging Table Commands
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 12 Binging Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be the condition for the ARP Inspection and IP Source Guard to filter the packets.
Page 72: Binding-Table Remove
Command Mode Global Configuration Mode Example Delete the IP-MAC –VID-PORT entry with the indexr 5: TP-LINK(config)# binding-table remove index 5 dhcp-snooping Description The dhcp-snooping command is used to enable the DHCP-snooping function for the switch. To disable the DHCP-snooping function, please use no dhcp-snooping command.
Page 73: Dhcp-Snooping Global
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Enable the DHCP-snooping function globally: TP-LINK(config)# dhcp-snooping dhcp-snooping global Description The dhcp-snooping global command is used to configure the DHCP snooping globally. To restore to the default value, please use no dhcp-snooping global command.
Page 74: Dhcp-Snooping Information Enable
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# dhcp-snooping global global-rate 80 dec-threshold 20 dec-rate 20 dhcp-snooping information enable Description The dhcp-snooping information enable command is used to enable the Option 82 function of DHCP Snooping. To disable the Option 82 function, please use no dhcp-snooping information enable command.
Page 75: Dhcp-Snooping Information User-Defined
Global Configuration Mode Example Replace the Option 82 field of the packets with the switch defined one and then send out: TP-LINK(config)# dhcp-snooping information strategy replace dhcp-snooping information user-defined Description The dhcp-snooping information user-defined command is used to permit users to define the Option 82. To disable the function, please use no dhcp-snooping information user-defined command.
Page 76: Dhcp-Snooping Information Circuit-Id
Command Mode Global Configuration Mode Example Configure the sub-option Remote ID for the customized Option 82 as tplink: TP-LINK(config)# dhcp-snooping information remote-id tplink dhcp-snooping information circuit-id Description The dhcp-snooping information circuit-id command is used to configure the sub-option Circuit ID for the customized Option 82.
Page 77: Dhcp-Snooping Mac-Verify
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the port 2 to be a Trusted Port: TP-LINK(config)# interface Ethernet 2 TP-LINK(config-if)# dhcp-snooping trusted dhcp-snooping mac-verify Description The dhcp-snooping mac-verify command is used to enable the MAC Verify feature.
Page 78: Dhcp-Snooping Decline
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Set the Flow Control of port 2 as 20 pps: TP-LINK(config)# interface Ethernet 2 TP-LINK(config-if)# dhcp-snooping rate-limit 20 dhcp-snooping decline Description The dhcp-snooping decline command is used to enable the Decline Protect feature.
Page 79: Show Binding-Table
Command Mode Any Configuration Mode Example Display the configuration of DHCP Snooping globally: TP-LINK(config)# show dhcp-snooping global show dhcp-snooping information Description The show dhcp-snooping information command is used to display the Option 82 configuration of DHCP Snooping.
Page 80: Show Dhcp-Snooping Interface
Command Mode Any Configuration Mode Example Display the Option 82 configuration of DHCP Snooping: TP-LINK(config)# show dhcp-snooping information show dhcp-snooping interface Description The show dhcp-snooping interface command is used to display the interface configuration of DHCP Snooping.
Page 81: Chapter 13 Arp Inspection Commands
Command Mode Global Configuration Mode Example Enable the ARP Detection function globally: TP-LINK(config)# arp detection arp detection trust-port Description The arp detection trust-port command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port. To clear the Trusted Port list, please use no arp detection trust-port command .The...
Page 82: Arp Detection (Interface)
Command Mode Global Configuration Mode Example Configure the ports 2-5,11-15 as the Trusted Port: TP-LINK(config)# arp detection trust-port 2-5,11-15 arp detection (interface) Description The arp detection (interface) command is used to enable the ARP Defend function. To disable the arp detection function, please use no arp detection command.
Page 83: Arp Detection Recover
Configure the maximum amount of the received ARP packets per second as 50 pps for the port 5: TP-LINK(config)# interface Ethernet 5 TP-LINK(config-if)# arp detection limit-rate 50 arp detection recover Description The arp detection recover command is used to restore to the port to the ARP transmit status from the ARP filter status.
Page 84: Show Arp Detection Global
Command Mode Any Confiuration Mode Example Display the ARP detection configuration globally: TP-LINK(config)# show arp detection global show arp detection interface Description The show arp detection interface command is used to display the interface configuration of ARP detedtion.
Page 85: Show Arp Detection Statistic
Command Mode Any Configuration Mode Example Display the number of the illegal ARP packets received: TP-LINK(config)# show arp detection statistic arp detection reset-statistic Description The arp detection reset-statistic command is used to clear the statistic fo the the illegal ARP packets received.
Page 86: Chapter 14 Ip Source Guard Commands
Enable the IP Source Guard function for the ports 5-10. Configure that only the packets with its source IP address, source MAC address and port number matched to the IP-MAC binding rules can be processed: TP-LINK(config)# interface range Ethernet 5-10 TP-LINK(config-if)# ip source guard sip+mac...
Page 87: Show Ip Source Guard
Description The show ip source guard command is used to display the IP Source Guard configuration. Syntax show ip source guard Command Mode Any Configuration Mode Example Display the IP Source Guard configuration: TP-LINK(config)# show ip source guard...
Page 88: Chapter 15 Dos Defend Command
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 15 DoS Defend Command DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend enabled, the switch can analyze the specific field of the received packets and provide the defend measures to ensure the normal working of the local network.
Page 89: Dos-Prevent Type
Global Configuration Mode Example Specify the transmission rate of the Ping packets and the SYN/SYN-ACK packets as 256K and 1m: TP-LINK(config)# dos-prevent global 256k 1m dos-prevent type Description The dos-prevent type command is used to select the DoS Defend Type. To disable the corresponding Defend Type, please use no dos-prevent type command.
Page 90: Dos-Prevent Detect
Global Configuration Mode Example Enable four DoS Defend Types named Land attack, Xma Scan attack, Smurf attack and Ping flooding attack: TP-LINK(config)# dos-prevent land xma-scan smurf ping-flood dos-prevent detect Description The dos-prevent detect command is used to detect the DoS attack. DoS Detect functions to detect the details of the DoS attack packets, based on which you can quickly locate the attacker in the local network.
Page 91: Show Dos-Prevent
Command Mode Global Configuration Mode Example Clear the information statistic of the detected DoS attack: TP-LINK(config)# dos-prevent reset-statistic show dos-prevent Description The show dos-prevent command is used to display the DoS information of the detected DoS attack, including enable/disable status, the DoS Defend Type, the count of the attack,etc.
Page 92: Chapter 16 Ieee 802.1X Commands
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 16 IEEE 802.1X Commands IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the supplicant passing the authentication can access the LAN.
Page 93: Dot1X Guest-Vlan
Command Mode Global Configuration Mode Example Configure the Authentication Method of IEEE 802.1X as pap: TP-LINK(config)# dot1x authentication-method pap dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function globally. To disable the Guest VLAN function, please use no dot1x guest-vlan command.
Page 94: Dot1X Quiet-Period
Command Mode Global Configuration Mode Example Enable the quiet-period function: TP-LINK(config)# dot1x quiet-period dot1x timer Description The dot1x timer command is used to configure the Quiet Period and the SupplicantTimeout. To restore to the default, please use no dot1x timer command.
Page 95: Dot1X Retry
Global Configuration Mode Example Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6 seconds: TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 dot1x retry Description The dot1x retry command is used to configure the maximum transfer times of the repeated authentication request.
Page 96: Dot1X Guest-Vlan
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable the IEEE 802.1X function for the port 1: TP-LINK(config)# interface Ethernet 1 TP-LINK(config-if)# dot1x dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function for a specified port.
Page 97: Dot1X Port-Method
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the Control Mode for port 1 as authorized-force: TP-LINK(config)# interface Ethernet 1 TP-LINK(config-if)# dot1x port-control authorized-force dot1x port-method Description The dot1x port-method command is used to configure the Control Type of IEEE 802.1X for the specified port.
Page 98: Radius Authentication Primary-Ip
User Service）server is used as the Authentication server generally. Syntax radius authentication primary-ip ip-addr Parameter ip-addr —— The IP address of the authentication server. Command Mode Global Configuration Mode Example Configure the IP of the authentication server as 10.20.1.100: TP-LINK(config)# radius authentication primary-ip 10.20.1.100...
Page 99: Radius Authentication Secondary-Ip
Command Mode Global Configuration Mode Example Configure the IP address of the alternate authentication server as 10.20.1.101: TP-LINK(config)# radius authentication secondary-ip 10.20.1.101 radius authentication port Description The radius authendication port command is used to configure the authentication port of the alternate authentication server. To restore to the default value, please use no radius authendication port command.
Page 100: Radius Authentication Key
24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Global Configuration Mode Example Configure the authentication port of the alternate authentication server as 1815: TP-LINK(config)# radius authentication port 1815 radius authentication key Description The radius authentication key command is used to configure the shared password for the switch and the authentication servers to exchange messages.
Page 101: Radius Accounting Primary-Ip
Command Mode Global Configuration Mode Example Configure the IP address of the accounting server as 10.20.1.100: TP-LINK(config)# radius accounting primary-ip 10.20.1.100 radius accounting secondary-ip Description The radius accounting secondary-ip command is used to configure the IP address of the alternate accounting server. To restore to the default configuration, please use no radius accounting secondary-ip command.
Page 102: Radius Accounting Port
Command Mode Global Configuration Mode Example Configure the IP address of the alternate accounting server as 10.20.1.101: TP-LINK(config)# radius accounting secondary-ip 10.20.1.101 radius accounting port Description The radius accounting port command is used to set the UDP port of accounting server(s). To restore to the default value, please use no radius accounting port.
Page 103: Radius Response-Timeout
Global Configuration Mode Example Configure the shared password for the switch and the accounting servers as tplink: TP-LINK(config)# radius accounting key tplink radius response-timeout Description The radius response-timeout command is used to configure the maximum time for the switch to wait for the response from the RADIUS authentication and the accounting server.
Page 104: Show Dot1X Global
Example Configure the maximum time for the switch to wait for the response from the RADIUS authentication and the accounting server as 5 seconds: TP-LINK(config)# radius response-timeout 5 show dot1x global Description The show dot1x global command is used to display the global configuration of 801.X.
Page 105: Show Radius Authentication
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Display the port configuration of 801.X: TP-LINK(config)# show dot1x interface show radius authentication Description The show radius authentication command is used to display the configuration of the RADIUS authentication server.
Page 106: Chapter 17 Log Commands
By default, it is 7 indicating that all the log information will be saved in the log buffer. disable | enable —— Disable or enable the log buffer. By default, it is enabled. Command Mode Global Configuration Mode Example Enable the log buffer function and set the severity as 6: TP-LINK(config)# logging local buffer 6 enable...
Page 107: Logging Local Flash
Command Mode Global Configuration Mode Example Enable the log file function and set the severity as 7: TP-LINK(config)# logging local flash 7 logging clear Description The logging clear command is used to clear the information in the log buffer and log file.
Page 108: Logging Loghost
Command Mode Global Configuration Mode Example Clear the information in the log file: TP-LINK(config)# logging clear buffer logging loghost Description The logging loghost command is used to configure the Log Host. To clear the configuration of the specified Log Host, please use no logging loghost command.
Page 109: Show Logging Local-Config
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# logging loghost index 2 192.168.0.148 5 enable show logging local-config Description The show logging lolcal-config command is used to display the configuration of the Local Log including the log buffer and the log file.
Page 110: Show Logging Buffer
Command Mode Any Configuration Mode Example Display all the log information in the log buffer: TP-LINK(config)# show logging buffer show logging flash Description The show logging flash command is used to display the log information in the log file according to the severity level.
Page 111 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Display the log information with the level marked 0~3 in the log file: TP-LINK(config)# show logging flash...
Page 112: Chapter 18 Ssh Commands
Command Mode Global Configuration Mode Example Enable the SSH function: TP-LINK(config)# ssh server enable ssh version Description The ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ssh version command.
Page 113: Ssh Idle-Timeout
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Enable SSH v2: TP-LINK(config)# ssh version v2 ssh idle-timeout Description The ssh idle-timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use no ssh idle-timeout command.
Page 114: Ssh Download
Example Download a SSH-1 type key file named ssh-key from TFTP server with the IP Address 192.168.0.148: TP-LINK(config)# ssh download v1 ssh-key ip-address 192.168.0.148 show ssh Description The show ssh command is used to display the global configuration of SSH.
Page 115 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Display the global configuration of SSH: TP-LINK(config)# show ssh...
Page 116: Chapter 19 Ssl Commands
Command Mode Global Configuration Mode Example Enable the SSL function: TP-LINK(config)# ssl enable ssl download certificate Description The ssl download certificate command is used to download a certificate to the switch from from TFTP server. Syntax...
Page 117: Ssl Download Key
Example Download a SSL Certificate named ssl-cert from TFTP server with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description The ssl download key command is used to download a SSL key to the switch from TFTP server.
Page 118 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Command Mode Any Configuration Mode Example Display the global configuration of SSL: TP-LINK(config)# show ssl...
Page 119: Chapter 20 Address Commands
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 20 Address Commands Address configuration can improve the network security by configuring the Port Security and maintaining the address information by managing the Address Table. bridge address port-security Description The bridge address port-security command is used to configure port security.
Page 120: Bridge Address Static
—— The Port number of your desired entry. It ranges from 1 to 28. Command Mode Global Configuration Mode Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and Port1 together: TP-LINK(config)# bridge address static mac 00:02:58:4f:6c:23 vid 1 port 1...
Page 121: Bridge Aging-Time
Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TP-LINK(config)# bridge aging-time 500 bridge address filtering Description The bridge address filtering command is used to add the filtering address entry. To delete the corresponding entry, please use no bridge address filtering command.
Page 122: Show Bridge Dynamic-Bind
Global Configuration Mode Example Add a filtering address entry whose VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 show bridge dynamic-bind Description The show bridge dynamic-bind command is used to configure the Port Security for each port, such as configure the Max number of MAC addressed that can be learned on the port and the Learn Mode.
Page 123: Show Bridge Aging-Time
24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Any Configuration Mode Example Display the information of all Address entries: TP-LINK(config)# show bridge address all show bridge aging-time Description The show bridge aging-time command is used to display the Aging Time of the MAC address.
Page 124: Chapter 21 System Commands
—— Contact Information. It consists of 32 characters at most. By default, it is empty. Command Mode Global Configuration Mode Example Configure the System Contact as www.tp-link.com.cn: TP-LINK(config)# system-descript contact-info www.tp-link.com.cn ip address Description The ip address command is used to configure the IP Address, Subnet Mask and Default Gateway.
Page 125: Ip Dhcp-Alloc
Global Configuration Mode Example Configure the system IP as 192.168.0.69 and the Subnet Mask as 255.255.255.0: TP-LINK(config)# ip address 192.168.0.69 255.255.255.0 ip dhcp-alloc Description The ip dhcp-alloc command is used to enable the DHCP Client function. When this function is enabled, the switch will obtain IP from DHCP Client server. To disable the DHCP Client function, please use no ip dhcp-alloc command.
Page 126: Reset
Command Mode Global Configuration Mode Example Enable the BOOTP Protocol to obtain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch (except the IP Address) will restore to the factory defaults and your current settings will be lost.
Page 127: User-Config Backup
Privileged EXEC Mode Example Backup the configuration files by TFTP server with the IP 192.168.0.148 and name this file config.cfg: TP-LINK# user-config backup filename config.cfg ip-address 192.168.0.148 user-config load Description The user-config load command is used to download the configuration file to the switch by TFTP server.
Page 128: User-Config Save
Example Download the configuration file to the switch by TFTP server with the IP 192.168.0.148 and name this file config.cfg: TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 user-config save Description The user-config save command is used to save current settings.
Page 129: Ping
24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Upgrade the switch system via the TFTP server with the IP 192.168.0.148: TP-LINK# firmware upgrade filename firmware.bin ip-address 192.168.0.148 ping Description The ping command is used to test the connectivity between the switch and one node of the network.
Page 130: Loopback
192.168.0.131. If the destination device has not been found after 20 maxHops, the connection between the switch and the destination device is failed to establish: TP-LINK# tracert 192.168.0.131 20 loopback Description The loopback command is used to test whether the port is available or not.
Page 131: Show System-Info
Subnet Mask and Default Gateway of the system, whether the DHCP Client function is enabled or not and some other information. Syntax show ip address Command Mode Any Configuration Mode Example Display the IP Address of the system TP-LINK# show ip address...
Page 132: Chapter 22 Ethernet Configuration Commands
Command Mode Global Configuration Mode Example Enter the Interface Configuration Mode and configure Ethernet port2: TP-LINK(config)# interface Ethernet 2 interface range Ethernet Description The interface range Ethernet command is used to enter the Interface Configuration Mode and configure multiple Ethernet ports at the same time.
Page 133: Description
Example Enter the Interface Configuration Mode, add ports 1-3, 6-9 to the port-list and configure them: TP-LINK(config)# interface range Ethernet 1-3,6-9 description Description The description command is used to add a description to the Ethernet port. To clear the description of the corresponding port, please use no description command.
Page 134: Flow-Control
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Disable Ethernet port3: TP-LINK(config)# interface Ethernet 3 TP-LINK(config-if)# shutdown flow-control Description The flow-control command is used to enable the flow-control function for a port. To disable the flow-control function for this corresponding port, please use no flow-control command.
Page 135: Storm-Control
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the Negotiation Mode as 100M full-duplex for Ethernet port5: TP-LINK(config)# interface Ethernet 5 TP-LINK(config-if)# negotiation 100f storm-control Description The storm-control command is used to configure the Storm Control function.
Page 136: Storm-Control Disable Bc-Rate
Enable the Storm Control function for port5 and specify the bc-rate as 100kbps, mc-rate as 500kbps and ul-rate as 2Mbps: TP-LINK(config)# interface Ethernet 5 TP-LINK(config-if)# storm-control bc-rate 100k mc-rate 500k ul-rate 2m storm-control disable bc-rate Description The storm-control disable bc-rate command is used to disable the Broadcast packets control.
Page 137: Storm-Control Disable Ul-Rate
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Disable the Multicast packets control for port5: TP-LINK(config)# interface Ethernet 5 TP-LINK(config-if)# storm-control disable mc-rate storm-control disable ul-rate Description The storm-control disable ul-rate command is used to disable the UL-Frame control.
Page 138: Port Rate-Limit Disable Ingress
24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Configure the ingress-rate as 10Mbps and egress-rate as 1Mbps for port5: TP-LINK(config)# interface Ethernet 5 TP-LINK(config-if)# port rate-limit ingress 10m egress 1m port rate-limit disable ingress Description The port rate-limit disable ingress command is used to disable the ingress-rate limit.
Page 139: Show Interface Configuration
Command Mode Any Configuration Mode Example Display the configurations of port5: TP-LINK# show interface configuration Ethernet 5 show interface status Description The show interface status command is used to display the connective-status of an Ethernet port.
Page 140: Show Interface Counters
Command Mode Any Configuration Mode Example Display the statistic information of Ethernet port3: TP-LINK(config)# show interface counters Ethernet 3 show storm-control Ethernet Description The show storm-control Ethernet command is used to display the storm-control information of an Ethernet port.
Page 141: Show Port Rate-Limit
— — The port-number of the port selected to display the rate-limit information. It ranges from 1 to 28. By default, the rate-limit information of all ports is displayed. Command Mode Any Configuration Mode Example Display the rate-limit information of all Ethernet ports: TP-LINK(config)# show port rate-limit...
Page 142: Chapter 23 Qos Commands
CoS value of the ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. Example Configure the priority of port 5 as 3: TP-LINK(config)# interface Ethernet 5 TP-LINK(config-if)# qos 3 qos dot1p enable Description The qos dot1p enable command is used to enable the mapping relation between IEEE 802.1P Priority and Egress Queue.
Page 143: Qos Dot1P Config
Command Mode Global Configuration Mode Example Enable the mapping relation between IEEE 802.1P Priority and Egress Queue: TP-LINK(config)# qos dot1p enable qos dot1p config Description The qos dot1p config command is used to configure the mapping relation between IEEE 802.1P Priority and Egress Queue. To return to the default configuration, please use no qos dot1p config command.
Page 144: Qos Dscp Enable
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Map tag value 0 to TC3: TP-LINK(config)# qos dot1p config 0 3 qos dscp enable Description The qos dscp enable command is used to enable the mapping relation between DSCP Priority and Egress Queue.
Page 145: Qos Scheduler
Among the priority levels TC0-TC3, the bigger value, the higher priority. Example Map DSCP values 10,11,15 to TC0: TP-LINK(config)# qos dscp config 10,11,15 0 qos scheduler Description The qos scheduler command is used to configure the Schedule Mode. To return to the default configuration, please use no qos scheduler command.
Page 146: Show Qos Port-Based
—— The Ethernet port selected to display the configuration, ranging from 1 to 28. By default, information of all the ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of QoS for port 5: TP-LINK# show qos port-based 5...
Page 147: Show Qos Dot1P
Syntax show qos dot1p Command Mode Any Configuration Mode Example Display the configuration of IEEE 802.1P Priority: TP-LINK# show qos dot1p show qos dscp Description The show qos dscp command is used to display the configuration of DSCP Priority. Syntax...
Page 148 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Any Configuration Mode Example Display the schedule rule of the egress queues: TP-LINK# show qos scheduler...
Page 149: Chapter 24 Port Mirror Commands
Command Mode Interface Configuration Mode（interface Ethernet） Example Configure port 1 as mirroring port: TP-LINK(config)# interface Ethernet 1 TP-LINK(config-if)# port mirror port mirrored Description The port mirrored command is used to configure the port monitoring. To delete the corresponding configuration, please use no port mirrored command.
Page 150: Show Port Mirror
Configure port 2,5,6,7 and 9 as mirrored ports, port 1 as the mirroring port, and enable ingress monitoring: TP-LINK(config)# interface Ethernet 1 TP-LINK(config-if)# port mirror TP-LINK(config-if)# port mirrored 2,5-7,9 ingress show port mirror Description The show port mirror command is used to display the configuration of port monitoring.
Page 151: Chapter 25 Acl Commands
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 25 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security.
Page 152: Acl Holiday
Command Mode Global Configuration Mode Example Add a time-range named tSeg1, with time from 8:30 to 12:00 at working day: TP-LINK(config)# acl time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl holiday Description The acl holiday command is used to create holiday in Holiday Mode in the acl time-segment command.
Page 153: Acl Rule Mac-Acl
Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20: TP-LINK(config)# acl create 20 acl rule mac-acl Description The acl rule mac-acl command is used to add MAC ACL rule. To delete the corresponding rule, please use no acl rule mac-acl command. MAC ACLs...
Page 154: Acl Rule Std-Acl
TP-LINK(config)# acl create 20 TP-LINK(config)# acl rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 acl rule std-acl Description The acl rule std-acl command is used to add Standard-IP ACL rule.
Page 155: Acl Policy Policy-Add
255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl create 120 TP-LINK(config)# acl rule std-acl 120 10 op permit dip 192.168.0.100 dmask 255.255.255.0 tseg tSeg1 acl policy policy-add Description The acl policy policy-add command is used to add Policy.
Page 156: Acl Policy Action-Add
Command Mode Global Configuration Mode Example Add a Policy named policy1: TP-LINK(config)# acl policy policy-add policy1 acl policy action-add Description The acl policy action-add command is used to add ACLs and create actions for the policy. To delete the corresponding actions, please use no acl policy action-add command.
Page 157: Acl Bind To-Port
Create a Policy named policy1. For the data packets those match ACL 120 in the policy, if the rate beyond 1000kbps, will be discarded by the switch: TP-LINK(config)# acl policy policy-add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl bind to-port Description The acl bind to-port command is used to bind a policy to a port.
Page 158: Acl Bind To-Vlan
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# acl bind to-port policy1 1 acl bind to-vlan Description The acl bind to-vlan command is used to bind a policy to a VLAN. To cancel the bind relation, please use no policy to-vlan command.
Page 159: Show Acl Holiday
Command Mode Any Configuration Mode Example Display the configuration of the MAC ACL whose ID is 20: TP-LINK> show acl config 20 show acl bind Description The show acl bind command is used to display the configuration of Policy bind.
Page 160 TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Display the configuration of Policy bind: TP-LINK> show acl bind...
Page 161: Chapter 26 Mstp Commands
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Chapter 26 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as well as optimize paths.
Page 162: Spanning-Tree Common-Config
4096, Hello Time as 4 seconds, Max Age as 10 seconds, Forward Delay as 10 seconds, TxHold Count as 8pps and Max Hops as 15 hops: TP-LINK(config)# spanning-tree global state enable mode mstp cist 4096 htime 4 mage 10 delay 10 hcount 8 mhop 15...
Page 163: Spanning-Tree Region
Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: TP-LINK(config)# interface Ethernet 1 TP-LINK(config-if)# spanning-tree common-config enable enable pri 64 expath 100 inpath 100 edge enable spanning-tree region Description The spanning-tree region command is used to configure the region of MSTP.
Page 164: Spanning-Tree Msti
Command Mode Global Configuration Mode Example Configure the region name of MSTP as r1, and the revision level as 100: TP-LINK(config)# spanning-tree region r1 100 spanning-tree msti Description The spannint-tree msti command is used to configure MSTP Instance. To return to the default configuration of the corresponding Instance, please use no spanning-tree msti command.
Page 165: Spanning-Tree Msti
Example Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as 4096: TP-LINK(config)# spanning-tree msti 1 status enable pri 4096 mapped 2-5,8 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree msti command.
Page 166: Spanning-Tree Tc-Defend
Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets, and TC Protect Cycle as 10 seconds: TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree security Description The spanning-tree security command is used to configure MSTP Port Protect.
Page 167: Spanning-Tree Mcheck
Example Enable Loop Protect, Root Protect, TC Protect, BPDU Protect, and BPDU Filter for port 2: TP-LINK(config)# interface Ethernet 2 TP-LINK(config-if)# spanning-tree security loop enable root enable TC enable defend enable hold enable spanning-tree mcheck Description The spanning-tree mcheck command is used to enable MCheck.
Page 168: Show Spanning-Tree Global-Info
Command Mode Any Configuration Mode Example Display the current status of Spanning Tree: TP-LINK# show spanning-tree global-info show spanning-tree global-config Description The show spanning-tree global-config command is used to display the global configuration of Spanning Tree. Syntax...
Page 169: Show Spanning-Tree Region
By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of port 5: TP-LINK(config)# show spanning-tree port-config 5 show spanning-tree region Description The show spanning-tree region command is used to display the Region configuration of MSTP.
Page 170: Show Spanning-Tree Msti Port
Command Mode Any Configuration Mode Example Display the configuration of port 5 in Instance 1: TP-LINK(config)# show spanning-tree msti port 1 5 show spanning-tree security tc-defend Description The show spanning-tree security tc-defend command is used to display TC Threshold and TC Protect Cycle of Spanning Tree.
Page 171: Show Spanning-Tree Security Port-Defend
—— The port selected to display the configuration, ranging from 1 to 28. By default, the Port Protect configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Protect configuration of port 2: TP-LINK(config)# show spanning-tree security port-defend 2...
Page 172: Chapter 27 Igmp Commands
Global Configuration Mode Example Enable IGMP Snooping function, and specify the operation to process unknown multicast as discard: TP-LINK(config)# igmp global state enable unknown-packet discard igmp config Description The igmp config state command is used to configure IGMP Snooping and Fast Leave function for port.
Page 173: Igmp Vlan-Config-Add
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable IGMP Snooping and Fast Leave function for port 5: TP-LINK(config)# interface Ethernet 5 TP-LINK(config-if)# igmp config state enable fast-leave enable igmp vlan-config-add Description The igmp vlan-config-add command is used to configure IGMP Snooping parameters for individual VLANs.
Page 174: Igmp Vlan-Config
Enable IGMP Snooping for VLAN 1, and configure Router Port Time as 200 seconds, Member Port Time as 100 seconds, Leave time as 10 seconds and Static Router Port as port 1: TP-LINK(config)# igmp vlan-config-add 1 rtime 200 mtime 100 ltime 10 rport 1 igmp vlan-config...
Page 175: Igmp Multi-Vlan-Config
Example Modify Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 1: TP-LINK(config)# igmp vlan-config 1 rtime 300 mtime 200 ltime 15 igmp multi-vlan-config Description The igmp multi-vlan-config command is used to create Multicast VLAN. To...
Page 176: Igmp Static-Entry-Add
Example Enable Multicast VLAN, and configure Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 2: TP-LINK(config)# igmp multi-vlan-config enable 2 rtime 300 mtime 200 ltime 15 igmp static-entry-add Description The igmp static-entry-add command is used to create static multicast IP entry.
Page 177: Igmp Filter-Add
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# igmp static-entry-add 225.0.0.1 2 3 igmp filter-add Description The igmp filter-add command is used to configure the multicast IP-range desired to filter. To delete the corresponding IP-range, please use no igmp filter-add command.
Page 178: Igmp Filter
Command Mode Global Configuration Mode Example Modify the multicast IP-range whose ID is 20 as 225.0.0.10~225.0.0.12: TP-LINK(config)# igmp filter- config 20 225.0.0.10 225.0.0.12 igmp filter Description The igmp filter command is used to configure Port Filter. To return to the default configuration, please use no igmp filter command.
Page 179: Show Igmp Global-Config
IP-range 2, 3, 4, and specify the maximum number of multicast groups for port 5 to join in as 128: TP-LINK(config)# interface Ethernet 5 TP-LINK(config-if)# igmp filter state enable mode accept addr-id 2-4 maxgroup 128 show igmp global-config Description The show igmp global-config command is used to display the global configuration of IGMP.
Page 180: Show Igmp Vlan-Config
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Example Display the IGMP configuration of port 2: TP-LINK> show igmp global-config 2 show igmp vlan-config Description The show igmp vlan-config command is used to display the VLAN configuration of IGMP.
Page 181: Show Igmp Filter-Ip-Addr
Syntax show igmp multi-ip-list Command Mode Any Configuration Mode Example Display the Multicast IP table: TP-LINK> show igmp multi-ip-list show igmp filter-ip-addr Description The show igmp filter-ip-addr command is used to display the Multicast Filter IP-Range table. Syntax show igmp filter-ip-addr...
Page 182: Show Igmp Packet-Stat
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Display the Multicast Filter configuration of port 5: TP-LINK> show igmp port-filter 5 show igmp packet-stat Description The show igmp packet-stat command is used to display the Packet Statistics information of all ports.
Page 183: Chapter 28 Snmp Commands
10 to 64 hexadecimal characters, which must be even number meanwhile. Command Mode Global Configuration Mode Example Enable the SNMP function, and specify the Local Engine ID as 1234567890, the Remote Engine ID as 123456abcdef: TP-LINK(config)# snmp global enable enable engine-id 1234567890 remote-id 123456abcdef...
Page 184: Snmp View-Add
Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: TP-LINK(config)# snmp view-add view1 1.3.6.1.6.3.20 include snmp group-add Description The snmp group-add command is used to manage and configure the SNMP group.
Page 185: Command Mode
Add group 1, configure its Security Model as SNMP v2c, view1 can be read and edited by group member, and the trap messages sent by view2 can be receiced by Management station: TP-LINK(config)# snmp group-add group1 smode v2c ro view1 wo view1 inform view2...
Page 186: Snmp User-Add
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide snmp user-add Description The snmp user-add command is used to add User. To delete the corresponding User, please use no snmp user-add command. The User in a SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access right.
Page 187: Snmp Community-Add
MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TP-LINK(config)# snmp user-add admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222 snmp community-add Description The snmp community-add command is used to add Community.
Page 188: Snmp Notify-Add
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# snmp community-add community1 read-write view1 snmp notify-add Description The snmp notify-add command is used to add Notification. To delete the corresponding Notification, please use no snmp notify-add command. With the...
Page 189: Snmp-Rmon History Sample-Cfg
Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the resending time as 100: TP-LINK(config)# snmp notify-add 192.168.0.1 162 admin smode v2c type inform resend 100 timeout 1000 snmp-rmon history sample-cfg...
Page 190: Snmp-Rmon History Owner
Example Configure the sample port as 1, and the sample interval as 100 seconds for the entries 1-3: TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100 snmp-rmon history owner Description The snmp-rmon history owner command is used to configure the owner of the history sample entry.
Page 191: Snmp-Rmon Event User
—— The name of the User to which the event belongs, ranging from 1 to 16 characters. By default, it is public. Command Mode Global Configuration Mode Example Configure the user name of entry 1 as user1: TP-LINK(config)# snmp-rmon event user 1 user1...
Page 192: Snmp-Rmon Event Description
Command Mode Global Configuration Mode Example Configure the description of entry 1 as description1: TP-LINK(config)# snmp-rmon event description 1 description1 snmp-rmon event type Description The snmp-rmon event type command is used to configure the type of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event type command.
Page 193: Snmp-Rmon Event Owner
Command Mode Global Configuration Mode Example Configure the event type of entries 1,2,3,4 and 8 as log: TP-LINK(config)# snmp-rmon event type 1-4,8 log snmp-rmon event owner Description The snmp-rmon event owner command is used to configure the owner of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event owner command.
Page 194: Snmp-Rmon Alarm Config
Command Mode Global Configuration Mode Example Enable the SNMP-RMON Event entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. To return to the default configuration, please use no snmp-rmon alarm config command.
Page 195: Snmp-Rmon Alarm Owner
Global Configuration Mode Example Configure the alarm interval time of the entries 1,2,3 and 6 as 1000 seconds: TP-LINK(config)# snmp-rmon alarm config 1-3,6 interval 1000 snmp-rmon alarm owner Description The snmp-rmon alarm owner command is used to configure the owner of the Alarm Management entry.
Page 196: Snmp-Rmon Alarm Enable
Command Mode Global Configuration Mode Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon alarm owner 1 owner1 snmp-rmon alarm enable Description The snmp-rmon alarm enable command is used to enable SNMP-RMON Alarm Management entry. To disable the corresponding entry, please use no snmp-rmon alarm enable command.
Page 197: Show Snmp View
Syntax show snmp global-config Command Mode Any Configuration Mode Example Display SNMP configuration globally: TP-LINK> show snmp global-config show snmp view Description The show snmp view command is used to display the View table. Syntax show snmp view Command Mode...
Page 198: Show Snmp User
Syntax show snmp user Command Mode Any Configuration Mode Example Display the User table: TP-LINK> show snmp user show snmp community Description The show snmp community command is used to display the Community table. Syntax show snmp community Command Mode...
Page 199: Show Snmp-Rmon History
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Display the Notification table: TP-LINK> show snmp destination-host show snmp-rmon history Description The show snmp-rmon history command is used to display the configuration of the history sample entry. Syntax...
Page 200: Show Snmp-Rmon Alarm
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide Display the Event configuration of entry 2: TP-LINK> show snmp-rmon event 2 show snmp-rmon alarm Description The show snmp-rmon alarm command is used to display the configuration of the Alarm Management entry.
Page 201: Chapter 29 Cluster Commands
Time ranges from 5 to 254 in seconds. By default, it is 60. Command Mode Global Configuration Mode Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TP-LINK(config)# cluster ndp status enable aging-timer 120 hello-timer 50...
Page 202: Cluster Ntdp
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide cluster ntdp Description The cluster ntdp command is used to configure NTDP globally. To return to the default configuration, please use no cluster ntdp command. NTDP (Neighbor Topology Discovery Protocol) is used to collect the NDP information and neighboring connection information of each device in a specific network range.
Page 203: Cluster Explore
TL-SL5428E 24-port 10/100Mbps + 4-port Gigabit L2 Managed Switch CLI Guide TP-LINK(config)# cluster ntdp interval 20 hop 5 hop-delay 300 port-delay cluster explore Description The cluster explore command is used to enable the topology information collecting function manually. Syntax cluster explore...
Page 204: Cluster Create
Example Specify the current switch as commander switch, create cluster c1, and configure the cluster IP address pool as 10.90.90.1~10.90.90.254: TP-LINK(config)# cluster create c1 10.90.90.10 255.255.255.0 cluster manage config Description The cluster manage config command is used to configure Cluster.
Page 205: Cluster Manage Member-Add
Global Configuration Mode Example Specify the Hold Time and Interval Time of cluster c1 as 50 seconds: TP-LINK(config)# cluster manage config c1 50 50 cluster manage member-add Description The cluster manage member-add command is used to add member switch. To delete the corresponding member, please use no cluster manage member-add command.
Page 206: Show Cluster Ndp Global
Command Mode Global Configuration Mode Example Change the role of the current switch to Commander Switch: TP-LINK(config)# cluster manage role-change candidate show cluster ndp global Description The show cluster ndp global command is used to display the global configuration of NDP.
Page 207: Show Cluster Neighbour
28. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NDP configuration of port 2: TP-LINK> show cluster ndp port-status 2 show cluster neighbour Description The show cluster neighbour command is used to display the cluster neighbor information.
Page 208: Show Cluster Ntdp Port-Status
1 to 28. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NTDP configuration of port 2: TP-LINK> show cluster ntdp port-status 2 show cluster ntdp device Description The show cluster ntdp device command is used to display the device table of NTDP.
Page 209: Show Cluster Manage Member
Command Mode Any Configuration Mode Example Display the global configuration of Cluster: TP-LINK> show cluster manage config show cluster manage member Description The show cluster manage member command is used to display the member information. Syntax...

TP-Link TL-SL5428E Cli Reference Manual

Preface

Chapter 1 Using the CLI

Chapter 2 User Interface

Chapter 3 IEEE 802.1Q VLAN Commands

Chapter 4 MAC VLAN Commands

Chapter 5 Protocol VLAN Commands

Chapter 6 VLAN-VPN Commands

Chapter 7 Voice VLAN Commands

Chapter 8 GVRP Commands

Chapter 9 LAG Commands

Chapter 10 LACP Commands

Chapter 11 User Manage Commands

Chapter 12 Binging Table Commands

Chapter 13 ARP Inspection Commands

Chapter 14 IP Source Guard Commands

Chapter 15 Dos Defend Command

Chapter 16 IEEE 802.1X Commands

Chapter 17 Log Commands

Chapter 18 SSH Commands

Chapter 19 SSL Commands

Chapter 20 Address Commands

Chapter 21 System Commands

Chapter 22 Ethernet Configuration Commands

Chapter 23 Qos Commands

Chapter 24 Port Mirror Commands

Chapter 25 ACL Commands

Chapter 26 MSTP Commands

Chapter 27 IGMP Commands

Chapter 28 SNMP Commands

Quick Links

Related Manuals for TP-Link TL-SL5428E

Summary of Contents for TP-Link TL-SL5428E