TP-Link TL-SG5412F Reference Manual

24-port gigabit l2 managed switch with 4 sfp slots; 12-port gigabit sfp l2 managed switch with 4 combo 1000base-t ports

Hide thumbs Also See for TL-SG5412F:

User manual (257 pages)

Cli reference manual (239 pages)

Installation manual (32 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

page of 216

/ 216
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

See also: User Manual , Cli Reference Manual

TL-SG5428

24-Port Gigabit L2 Managed Switch with 4 SFP Slots

TL-SG5412F

12-Port Gigabit SFP L2 Managed Switch with 4 Combo

1000BASE-T Ports

Rev: 2.0.0

1910010630

Table of Contents

Summary of Contents for TP-Link TL-SG5412F

Page 1 TL-SG5428 24-Port Gigabit L2 Managed Switch with 4 SFP Slots TL-SG5412F 12-Port Gigabit SFP L2 Managed Switch with 4 Combo 1000BASE-T Ports Rev: 2.0.0 1910010630...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3: Table Of Contents
CONTENTS Preface ......................1 Chapter 1 Using the CLI ..................4 1.1 Accessing the CLI......................4 1.1.1 Logon by a console port ..................4 1.1.2 Logon by Telnet .......................6 1.2 CLI Command Modes......................8 1.3 Security Levels ........................10 1.4 Conventions ........................10 1.4.1 Format Conventions ....................10 1.4.2 Special Characters ....................
Page 4 show protocol-vlan template....................22 show protocol-vlan vlan ......................22 show protocol-vlan interface....................22 Chapter 5 VLAN-VPN Commands..............24 vlan-vpn enable ........................24 vlan-vpn tpid ..........................24 vlan-vpn interface ........................25 vlan-vpn uplink ........................25 show vlan-vpn global ......................26 show vlan-vpn uplink ......................26 show vlan-vpn interface......................27 Chapter 6 Voice VLAN Commands ..............
Page 5 interface range link-aggregation ....................40 link-aggregation........................41 link-aggregation hash-algorithm ....................42 description ..........................42 show interface link-aggregation.....................43 Chapter 10 LACP Commands ................44 lacp system-priority .......................44 lacp (interface)........................44 lacp admin-key ........................45 lacp port-priority........................45 show lacp system-priority ......................46 show lacp interface........................46 Chapter 11 User Manage Commands..............48 user add ..........................48 user remove ..........................49 user modify status .........................49...
Page 6 dhcp-snooping trusted ......................61 dhcp-snooping mac-verify .....................62 dhcp-snooping rate-limit ......................62 dhcp-snooping decline......................63 show binding-table.........................63 show dhcp-snooping global ....................64 show dhcp-snooping information...................64 show dhcp-snooping interface....................65 Chapter 13 ARP Inspection Commands.............. 66 arp detection (global)......................66 arp detection trust-port ......................66 arp detection (interface)......................67 arp detection limit-rate ......................67 arp detection recover......................68 show arp detection global......................69 show arp detection interface....................69...
Page 7 dot1x port-method .........................80 radius authentication primary-ip ....................81 radius authentication secondary-ip ..................81 radius authentication port ......................82 radius authentication key.......................83 radius accounting enable.......................83 radius accounting primary-ip ....................84 radius accounting secondary-ip.....................84 radius accounting port ......................85 radius accounting key......................85 radius response-timeout ......................86 show dot1x global........................87 show dot1x interface ......................87 show radius authentication ....................87 show radius accounting ......................88...
Page 8 Chapter 20 Address Commands.................100 bridge address port-security ....................100 bridge address static ......................101 bridge aging-time.........................102 bridge address filtering ......................102 show bridge port-security ....................103 show bridge address ......................103 show bridge aging-time .......................104 Chapter 21 System Commands ................105 system-descript ........................105 system-time gmt ........................105 system-time manual ......................106 system-time dst ........................106 ip address..........................107...
Page 9 shutdown ..........................117 flow-control .......................... 118 negotiation........................... 118 storm-control ........................119 port rate-limit ........................120 port rate-limit disable ingress....................120 port rate-limit disable egress ....................121 show interface configuration....................121 show interface status......................122 show interface counters.......................122 show storm-control ethernet ....................123 show port rate-limit ......................123 Chapter 23 QoS Commands................124 qos ............................124 qos dot1p enable.........................124...
Page 10 acl create..........................138 acl rule mac-acl ........................139 acl edit rule mac-acl ......................140 acl rule std-acl ........................141 acl edit rule std-acl.......................142 acl policy policy-add ......................143 acl policy action-add ......................144 acl edit action ........................145 acl bind to-port........................145 acl bind to-vlan ........................146 show acl time-segment......................146 show acl holiday ........................147 show acl config........................147 show acl bind........................148...
Page 11 igmp-snooping multi-vlan-config..................163 igmp-snooping static-entry-add ...................164 igmp-snooping filter-add ......................165 igmp-snooping filter-config ....................165 igmp-snooping filter ......................166 show igmp-snooping global-config ..................167 show igmp-snooping port-config..................167 show igmp-snooping vlan-config ..................168 show igmp-snooping multi-vlan ...................168 show igmp-snooping multi-ip-list ..................169 show igmp-snooping filter-ip-addr ..................169 show igmp-snooping port-filter ....................169 show igmp-snooping packet-stat ..................170 show igmp-snooping packet-stat-clear ................170 Chapter 29 SNMP Commands................171...
Page 12 show snmp destination-host ....................186 show snmp-rmon history .....................186 show snmp-rmon event .......................187 show snmp-rmon alarm .......................187 Chapter 30 Cluster Commands................189 cluster ndp...........................189 cluster ntdp ..........................190 cluster explore ........................191 cluster..........................191 cluster create........................192 cluster manage config ......................192 cluster manage member......................193 cluster manage role-change ....................193 show cluster ndp global .......................194 show cluster ndp port-status....................194 show cluster neighbour......................195...
Page 13: Preface
Interface). device mentioned this Guide stands TL-SG5428/TL-SG5412F JetStream L2 Managed Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels and some Conventions. Chapter 2: User Interface Provide information about the commands used to switch between five CLI Command Modes.
Page 14 Chapter 12: Binding Table Commands Provide information about the commands used for binding the IP address, MAC address, VLAN and the connected Port number of the Host together. Chapter 13: ARP Inspection Commands Provide information about the commands used for protecting the switch from the ARP cheating or ARP Attack.
Page 15 Chapter 26: ACL Commands Provide information about the commands used for configuring the ACL (Access Control List). Chapter 27: MSTP Commands Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree Protocol). Chapter 28: IGMP Commands Provide information about the commands used for configuring the IGMP Snooping (Internet Group Management Protocol Snooping).
Page 16: Chapter 1 Using The Cli
Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: Log on to the switch by the console port on the switch. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port To log on to the switch by the console port on the switch, please take the following steps: Connect the PCs or Terminals to the console port on the switch by a provided cable.
Page 17 Figure 1-2 Connection Description Select the port to connect in figure 1-3, and click OK. Figure 1-3 Select the port to connect Configure the port selected in the step above as the following figure1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.
Page 18: 1.1.2 Logon By Telnet
Type the User name and Password in the Hyper Terminal window, the factory default value for both of them is admin. The DOS prompt” TP-LINK>” will appear after pressing the Enter button as figure1-5 shown. It indicates that you can use the CLI now.
Page 19 Figure 1-6 Open the Run window Type cmd in the prompt Run window as figure 1-7 and click OK. Figure 1-7 Run Window Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter button. Figure 1-8 Connecting to the Switch...
Page 20: 1.2 Cli Command Modes
Type the User name and Password (the factory default value for both of them is admin) and press the Enter button, then you can use the CLI now, which is shown as figure1-9. Figure 1-9 Log in the Switch 1.2 CLI Command Modes The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Database (VLAN Configuration Mode).
Page 21 (except that the switch is User EXEC the switch. connected through the Console port). TP-LINK> Mode Use the enable command to access Privileged EXEC mode. enable Use the exit command to disconnect command to enter...
Page 22: 1.3 Security Levels
a). Interface Ethernet: Configure parameters for an Ethernet port, such as Duplex-mode, flow control status. b). Interface range Ethernet: The commands contained are the same as that of the Interface Ethernet. Configure parameters for several Ethernet ports. c). Interface link-aggregation: Configure parameters for a link-aggregation, such as broadcast storm.
Page 23: 1.4.2 Special Characters
Items in braces { } are required  Alternative items are grouped in braces and separated by vertical bars. For example: speed  {10 | 100 | 1000 } Bold indicates an unalterable keyword. For example: show logging  Normal Font indicates a constant (several options are enumerated and only one can be ...
Page 24: Chapter 2 User Interface
—— super password ， which contains 16 characters at most, composing digits, English letters and underdashes only. By default, it is empty. Command Mode Global Configuration Mode Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TP-LINK(config)# enable password admin...
Page 25: Disable
EXEC Mode. Syntax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TP-LINK# disable TP-LINK> configure Description The configure command is used to access Global Configuration Mode from Privileged EXEC Mode. Syntax configure...
Page 26: End
Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# Description The end command is used to return to Privileged EXEC Mode. Syntax Command Mode...
Page 27: Chapter 3 Ieee 802.1Q Vlan Commands
Syntax vlan database Command Mode Global Configuration Mode Example Access VLAN Configuration Mode: TP-LINK(config)# vlan database TP-LINK(config-vlan)# vlan Description The vlan command is used to create IEEE 802.1Q VLAN. To delete the IEEE 802.1Q VLAN, please use no vlan command.
Page 28: Interface Vlan
——VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Configure the VLAN2: TP-LINK(config)# interface vlan 2 TP-LINK(config-if)# description Description The description command is used to assign a description string to a VLAN. To clear the description, please use no description command.
Page 29: Switchport Type
Example Specify the description string of the VLAN 2 as “vlan2”: TP-LINK(config)# interface vlan 2 TP-LINK(config-if)#description vlan2 switchport type Description The switchport type command is used to configure the Link Types for the ports. Syntax switchport type { access | trunk | general } Parameter access | trunk | general ——...
Page 30: Switchport Pvid
Example Add port 2 to IEEE 802.1Q VLAN: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport allowed vlan add 2 switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id ——...
Page 31: Show Vlan
Specify the egress-rule of port 2 in vlan 3 as tagged: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport general egress-rule 3 tagged show vlan Description The show vlan command is used to display the information of IEEE 802.1Q VLAN . Syntax...
Page 32: Chapter 4 Protocol Vlan Commands
Global Configuration Mode Example Create a Protocol VLAN template named “arp” whose Ethernet protocol type is 0806 and delete the Protocol template whose number is 2: TP-LINK(config)# protocol-vlan template add arp 0806 TP-LINK(config)# protocol-vlan template remove 2 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol VLAN entry.
Page 33: Protocol-Vlan Interface
Global Configuration Mode Example Create a Protocol VLAN entry, whose index is 1 and vid is 2. And then delete the Protocol VLAN entry whose number is 1: TP-LINK(config)# protocol-vlan vlan 2 template 1 TP-LINK(config)# no protocol-vlan vlan 1 protocol-vlan interface Description The protocol-vlan interface command is used to enable the Protocol VLAN feature for a specified port.
Page 34: Show Protocol-Vlan Template
Command Mode Any Configuration Mode Example Display the information of the Protocol VLAN templates: TP-LINK(config)# show protocol-vlan template show protocol-vlan vlan Description The show protocol-vlan vlan command is used to display the information about Protocol VLAN entry.
Page 35 Example Display the configuration of the protocol-vlan interface: TP-LINK(config)# show protocol-vlan interface...
Page 36: Chapter 5 Vlan-Vpn Commands
Command Mode Global Configuration Mode Example Enable the VLAN-VPN function globally: TP-LINK(config)# vlan-vpn enable vlan-vpn tpid Description The vlan-vpn tpid command is used to configure Global TPID of the VLAN-VPN. To restore to the default value, please use the no vlan-vpn tpid command.
Page 37: Vlan-Vpn Interface
Command Mode Global Configuration Mode Example Configure Global TPID of the VLAN-VPN as 8200: TP-LINK(config)# vlan-vpn tpid 8200 vlan-vpn interface Description The vlan-vpn interface command is used to enable the VLAN VPN feature for a specified port. To disable the VLAN VPN feature of this port, please use the no vlan-vpn interface command.
Page 38: Show Vlan-Vpn Global
Command Mode Global Configuration Mode Example Configure the ports 1, 3-5, and 8-10 as the VPN Up-link ports: TP-LINK(config)# vlan-vpn uplink 1,3-5,8-10 show vlan-vpn global Description The show vlan-vpn global command is used to display the global configuration information of the VLAN VPN.
Page 39: Show Vlan-Vpn Interface
Example Display the configuration information of the VLAN VPN Up-link ports: TP-LINK(config)# show vlan-vpn uplink show vlan-vpn interface Description The show vlan-vpn interface command is used to display the VLAN VPN port enable state. Syntax show vlan-vpn interface Command Mode...
Page 40: Chapter 6 Voice Vlan Commands
Command Mode Global Configuration Mode Example Enable the Voice VLAN function for VLAN 2: TP-LINK(config)# voice-vlan enable 2 voice-vlan aging-time Description The voice-vlan aging-time command is used to set the aging time for a voice VLAN. To restore to the default aging time for the Voice VLAN, please use no voice-vlan aging-time command.
Page 41: Voice-Vlan Oui
By default, it is empty. Command Mode Global Configuration Mode Example Create a Voice VLAN OUI descripted as TP-LINK Phone with the MAC address 00:01:E3:00:00:01 and the mask address FF:FF:FF:00:00:00. And then delete the Voice VLAN OUI with the MAC address 00:00:00:11:00:01: TP-LINK(config)#...
Page 42: Switchport Voice-Vlan Mode
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure Ethernet port 2 to operate in the manual voice VLAN mode: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport voice-vlan mode manual switchport voice-vlan security Description The switchport voice-vlan security command is used to configure the Voice VLAN security mode.
Page 43: Show Voice-Vlan Global
Command Mode Any Configuration Mode Example Display the configuration information of Voice VLAN globally: TP-LINK(config)# show voice-vlan global show voice-vlan oui Description The show voice-vlan oui command is used to display the configuration information of Voice VLAN OUI.
Page 44: Command Mode
—— Ethernet port. By default, it will display the configuration information of all the ports in the Voice VLAN. Command Mode Any Configuration Mode Example Display the configuration information of all the ports in the Voice VLAN: TP-LINK(config)# show voice-vlan switchport...
Page 45: Chapter 7 Private Vlan Commands
Global Configuration Mode Example Create the Private VLAN as VLAN15 for primary VLAN and VLAN150 for secondary VLAN: TP-LINK(config)# private-vlan primary 15 secondary 150 switchport private-vlan Description The switchport private-vlan command is used to configure the private VLAN mode for the switchport. To remove the port from Private VLAN, please use no switchport private-vlan command.
Page 46: Show Private-Vlan
Add promiscuous port10 in Private VLAN as VLAN15 for primary VLAN and VLAN150 for secondary VLAN: TP-LINK(config)# interface ethernet 10 TP-LINK(config-if)# switchport private-vlan promiscuous 15 150 show private-vlan Description The show private-vlan command is used to display the Private VLAN configured on the switch.
Page 47 Command Mode Any Configuration Mode Example Display the configuration information of all the ports in the Private VLAN: TP-LINK(config)# show private-vlan switchport...
Page 48: Chapter 8 Gvrp Commands
Command Mode Global Configuration Mode Example Enable the GVRP function globally: TP-LINK(config)# gvrp gvrp (interface) Description The gvrp (interface) command is used to enable the GVRP function for the desired port. To disable the GVRP function of this port, please use no gvrp command.
Page 49: Gvrp Registration
Example Enable the GVRP function for ports 2-6: TP-LINK(config)# interface range ethernet 2-6 TP-LINK(config-if)# gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type on the desired port. To restore to the default value, please use no gvrp registration command.
Page 50: Show Gvrp Global
Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the join timer of it to the default value: TP-LINK(config)# interface ethernet 6 TP-LINK(config-if)# gvrp timer leaveall 2000 TP-LINK(config-if)# no gvrp timer join show gvrp global Description The show gvrp global command is used to display the global GVRP status.
Page 51: Show Gvrp Interface
TP-LINK(config)# show gvrp global show gvrp interface Description The show gvrp interface command is used to display the GVRP configuration information of the specified Ethernet ports. Syntax show gvrp interface [ethernet port-num] Parameter port-num ——The Ethernet port number. By default, the GVRP configuration information of all the Ethernet ports is displayed.
Page 52: Chapter 9 Lag Commands
Command Mode Global Configuration Mode Example Access the Interface Link-aggregation Mode and configure the aggregation group 1: TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# interface range link-aggregation Description The interface range link-aggregation command is used to access the Interface range Link-aggregation Mode, and you can configure some aggregation groups at the same time.
Page 53: Link-Aggregation
Example Access the Interface range Link-aggregation Mode and configure the aggregation group 1, 4-6: TP-LINK(config)# interface range link-aggregation 1,4-6 TP-LINK(config-if)# link-aggregation Description The link-aggregation command is used to add the current Ethernet port to an aggregation group.
Page 54: Link-Aggregation Hash-Algorithm
Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as src_dst_mac: TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac description Description The description command is used to set a description for an aggregation group. To remove the description of an aggregation group, please use no description command.
Page 55: Show Interface Link-Aggregation
TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# description “movie server” show interface link-aggregation Description The show interface link-aggregation command is used to display the configuration information of the Aggregate Arithmetic and the aggregation groups. Syntax show interface link-aggregation [group-num] Parameter group-num ——The LAG number, ranging from1 to 14. By default, the LAG configuration information of all the Ethernet ports is displayed.
Page 56: Chapter 10 Lacp Commands
Command Mode Global Configuration Mode Example Set the system priority as1024: TP-LINK(config)# lacp system-priority 1024 lacp (interface) Description The lacp(interface) command is used to enable LACP protocol on the current port. To disable LACP protocol, please use no lacp command.
Page 57: Lacp Admin-Key
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable LACP protocol on the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp lacp admin-key Description The lacp admin-key command is used to configure the admin key. To restore to the default value, please use no lacp admin-key command.
Page 58: Show Lacp System-Priority
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Set the port priority of port 1 to 1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp port-priority 1024 show lacp system-priority Description The show lacp system-priority command is used to display the global system priority value of LACP.
Page 59 Command Mode Any Configuration Mode Example Display the configuration information of all the Ethernet ports: TP-LINK(config)# show lacp interface...
Page 60: Chapter 11 User Manage Commands
Admin: edit, modify and view all the settings of different functions. disable | enable ——Enable/disable the user. Command Mode Global Configuration Mode Example Add and enable a new admin user named tplink, and of which the password is password: TP-LINK(config)#user add tplink password password confirm-password password admin enable...
Page 61: User Remove
The current user can't be modified by itself. Syntax user modify status user-name {disable | enable} Parameter user-name —— The existing user name. disable | enable ——Disable/enable the user. Command Mode Global Configuration Mode Example Enable the status of user “tp-link”: TP-LINK(config)# user modify status tplink enable...
Page 62: User Modify Type
| admin —— Access level. Guest: limited user; admin: manager. Command Mode Global Configuration Mode Example Change the access level of tplink to admin: TP-LINK(config)# user modify type tplink admin user modify password Description The user modify password command is used to modify the password for the existing user.
Page 63: User Access-Control Disable
Example Modify the password of tplink as newpwd: TP-LINK(config)# user modify password tplink password newpwd newpwd user access-control disable Description The user access-control disable command is used to cancel the user access-control. Syntax user access-control disable Command Mode Global Configuration Mode...
Page 64: User Access-Control Mac-Based
00:00:13:0A:00:01: TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01 user access-control port-based Description The user access-control port-based command is used to limit the ports for login. Only the users connected to these ports you set here are allowed for login.
Page 65: User Max-Number
Example Enable the access-control of the ports 2, port4, port5, port6, and port10: TP-LINK(config)# user access-control port-based 2,4-6,10 user max-number Description The user max-number command is used to configure the number of the users logging on at the same time. To cancel the limit to the numbers of the users logging in, please use no user max-number command.
Page 66: Show User Account-List
10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minutes: TP-LINK(config)# user idle-timeout 15 show user account-list Description The show user account-list command is used to display the information of the current users.
Page 67 Syntax show user configuration Command Mode Any Configuration Mode Example Display the security configuration information of the users: TP-LINK(config)# show user configuration...
Page 68: Chapter 12 Binding Table Commands
Bind an ACL entry with the IP is 192.168.0.1, MAC is 00:00:00:00:00:01, VLAN ID is 2 and the Port number is 5 manually. And then enable the entry for the ARP detection and IP filter function: TP-LINK(config)# binding-table user-bind host1 192.168.0.1...
Page 69: Binding-Table Remove
Command Mode Global Configuration Mode Example Delete the IP-MAC –VID-PORT entry with the index 5: TP-LINK(config)# binding-table remove index 5 dhcp-snooping Description The dhcp-snooping command is used to enable the DHCP-snooping function for the switch. To disable the DHCP-snooping function, please use no dhcp-snooping command.
Page 70: Dhcp-Snooping Global
5/10/15/20/25/30 (packet/second). By default, it is 5. Command Mode Global Configuration Mode Example Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, and decline Flow Control as 20 pps for DHCP Snooping TP-LINK(config)# dhcp-snooping global global-rate 30 dec-threshold 20 dec-rate 20...
Page 71: Dhcp-Snooping Information Enable
Command Mode Global Configuration Mode Example Enable the Option 82 function of DHCP Snooping: TP-LINK(config)# dhcp-snooping information enable dhcp-snooping information strategy Description The dhcp-snooping information strategy command is used to select the operation for the Option 82 field of the DHCP request packets from the Host. To restore to the default option, please use no dhcp-snooping information strategy command.
Page 72: Dhcp-Snooping Information User-Defined
Example Replace the Option 82 field of the packets with the switch defined one and then send out: TP-LINK(config)# dhcp-snooping information strategy replace dhcp-snooping information user-defined Description The dhcp-snooping information user-defined command is used to permit users to define the Option 82. To disable the function, please use no dhcp-snooping information user-defined command.
Page 73: Dhcp-Snooping Information Circuit-Id
Example Configure the sub-option Remote ID for the customized Option 82 as tplink: TP-LINK(config)# dhcp-snooping information remote-id tplink dhcp-snooping information circuit-id Description The dhcp-snooping information circuit-id command is used to configure the sub-option Circuit ID for the customized Option 82.
Page 74: Dhcp-Snooping Mac-Verify
Example Configure the port 2 to be a Trusted Port: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping trusted dhcp-snooping mac-verify Description The dhcp-snooping mac-verify command is used to enable the MAC Verify feature. To disable the MAC Verify feature, please use no dhcp-snooping mac-verify command.
Page 75: Dhcp-Snooping Decline
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Set the Flow Control of port 2 as 20 pps: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping rate-limit 20 dhcp-snooping decline Description The dhcp-snooping decline command is used to enable the Decline Protect feature.
Page 76: Show Dhcp-Snooping Global
Command Mode Any Configuration Mode Example Display the configuration of DHCP Snooping globally: TP-LINK(config)# show dhcp-snooping global show dhcp-snooping information Description The show dhcp-snooping information command is used to display the Option 82 configuration of DHCP Snooping.
Page 77: Show Dhcp-Snooping Interface
Example Display the Option 82 configuration of DHCP Snooping: TP-LINK(config)# show dhcp-snooping information show dhcp-snooping interface Description The show dhcp-snooping interface command is used to display the interface configuration of DHCP Snooping. Syntax show dhcp snooping interface [ethernet port-num] Parameter port-num ——The number of the switch port.
Page 78: Chapter 13 Arp Inspection Commands
Command Mode Global Configuration Mode Example Enable the ARP Detection function globally: TP-LINK(config)# arp detection arp detection trust-port Description The arp detection trust-port command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port. To clear the Trusted Port list, please use no arp detection trust-port command .The...
Page 79: Arp Detection (Interface)
Command Mode Global Configuration Mode Example Configure the ports 2-5, 11-15 as the Trusted Port: TP-LINK(config)# arp detection trust-port 2-5,11-15 arp detection (interface) Description The arp detection (interface) command is used to enable the ARP Defend function. To disable the arp detection function, please use no arp detection command.
Page 80: Arp Detection Recover
Configure the maximum amount of the received ARP packets per second as 50 pps for the port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# arp detection limit-rate 50 arp detection recover Description The arp detection recover command is used to restore to the port to the ARP transmit status from the ARP filter status.
Page 81: Show Arp Detection Global
Command Mode Any Configuration Mode Example Display the ARP detection configuration globally: TP-LINK(config)# show arp detection global show arp detection interface Description The show arp detection interface command is used to display the interface configuration of ARP detection.
Page 82: Show Arp Detection Statistic Reset
The show arp detection statistic reset command is used to clear the statistic of the illegal ARP packets received. Syntax show arp detection statistic reset Command Mode Global Configuration Mode Example Clear the statistic of the illegal ARP packets received: TP-LINK(config)# show arp detection statistic reset...
Page 83: Chapter 14 Ip Source Guard Commands
Enable the IP Source Guard function for the ports 5-10. Configure that only the packets with its source IP address, source MAC address and port number matched to the IP-MAC binding rules can be processed: TP-LINK(config)# interface range ethernet 5-10 TP-LINK(config-if)# ip source guard sip+mac...
Page 84: Show Ip Source Guard
Description The show ip source guard command is used to display the IP Source Guard configuration. Syntax show ip source guard [ethernet port] Command Mode Any Configuration Mode Example Display the IP Source Guard configuration: TP-LINK(config)# show ip source guard...
Page 85: Chapter 15 Dos Defend Command
Command Mode Global Configuration Mode Example Enable the DoS defend function globally: TP-LINK(config)# dos-prevent dos-prevent type Description The dos-prevent type command is used to select the DoS Defend Type. To disable the corresponding Defend Type, please use no dos-prevent type command.
Page 86: Show Dos-Prevent
Global Configuration Mode Example Enable two DoS Defend Types named Xma Scan attack and Ping flooding attack: TP-LINK(config)# dos-prevent type xma-scan ping-flood show dos-prevent Description The show dos-prevent command is used to display the DoS information of the detected DoS attack, including enable/disable status, the DoS Defend Type, the count of the attack, etc.
Page 87: Chapter 16 Ieee 802.1X Commands
Command Mode Global Configuration Mode Example Enable the IEEE 802.1X function: TP-LINK(config)# dot1x dot1x auth-method Description The dot1x auth-method command is used to configure the Authentication Method of IEEE 802.1X. To restore to the default 802.1x authentication method, please use no dot1x auth-method command.
Page 88: Dot1X Guest-Vlan
Command Mode Global Configuration Mode Example Configure the Authentication Method of IEEE 802.1X as pap: TP-LINK(config)# dot1x auth-method pap dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function globally. To disable the Guest VLAN function, please use no dot1x guest-vlan command.
Page 89: Dot1X Quiet-Period
Command Mode Global Configuration Mode Example Enable the quiet-period function: TP-LINK(config)# dot1x quiet-period dot1x timer Description The dot1x timer command is used to configure the Quiet Period and the SupplicantTimeout. To restore to the default, please use no dot1x timer command.
Page 90: Dot1X Retry
Example Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6 seconds: TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 dot1x retry Description The dot1x retry command is used to configure the maximum transfer times of the repeated authentication request. To restore to the default value, please use no dot1x retry command.
Page 91: Dot1X Guest-Vlan
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable the IEEE 802.1X function for the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function for a specified port.
Page 92: Dot1X Port-Method
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the Control Mode for port 1 as authorized-force: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x port-control authorized-force dot1x port-method Description The dot1x port-method command is used to configure the Control Type of IEEE 802.1X for the specified port.
Page 93: Radius Authentication Primary-Ip
Command Mode Global Configuration Mode Example Configure the IP of the authentication server as 10.20.1.100: TP-LINK(config)# radius authentication primary-ip 10.20.1.100 radius authentication secondary-ip Description The radius authentication secondary-ip command is used to configure the IP address of the alternate authentication server. To restore to the default...
Page 94: Radius Authentication Port
Command Mode Global Configuration Mode Example Configure the IP address of the alternate authentication server as 10.20.1.101: TP-LINK(config)# radius authentication secondary-ip 10.20.1.101 radius authentication port Description The radius authentication port command is used to configure the authentication port of the alternate authentication server. To restore to the default value, please use no radius authentication port command.
Page 95: Radius Authentication Key
Global Configuration Mode Example Configure the shared password for the switch and the authentication servers as tplink: TP-LINK(config)# radius authentication key tplink radius accounting enable Description The radius accounting enable command is used to enable the accounting feature. To disable the accounting feature, please use no radius accounting enable command.
Page 96: Radius Accounting Primary-Ip
Command Mode Global Configuration Mode Example Configure the IP address of the accounting server as 10.20.1.100: TP-LINK(config)# radius accounting primary-ip 10.20.1.100 radius accounting secondary-ip Description The radius accounting secondary-ip command is used to configure the IP address of the alternate accounting server. To restore to the default configuration, please use no radius accounting secondary-ip command.
Page 97: Radius Accounting Port
Command Mode Global Configuration Mode Example Configure the IP address of the alternate accounting server as 10.20.1.101: TP-LINK(config)# radius accounting secondary-ip 10.20.1.101 radius accounting port Description The radius accounting port command is used to set the UDP port of accounting server(s). To restore to the default value, please use no radius accounting port.
Page 98: Radius Response-Timeout
Global Configuration Mode Example Configure the shared password for the switch and the accounting servers as tplink: TP-LINK(config)# radius accounting key tplink radius response-timeout Description The radius response-timeout command is used to configure the maximum time for the switch to wait for the response from the RADIUS authentication and the accounting server.
Page 99: Show Dot1X Global
Syntax show dot1x global Command Mode Any configuration Mode Example Display the configuration of 801.X globally: TP-LINK(config)# show dot1x global show dot1x interface Description The show dot1x interface command is used to display the port configuration of 801.X. Syntax show dot1x interface [ ethernet port-num ] Parameter port-num ——The number of the Ethernet port.
Page 100: Show Radius Accounting
Command Mode Any configuration Mode Example Display the configuration of the RADIUS authentication server: TP-LINK(config)# show radius authentication show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server.
Page 101: Chapter 17 Log Commands
| enable —— Disable or enable the log buffer. By default, it is enabled. Command Mode Global Configuration Mode Example Enable the log buffer function and set the severity as 6: TP-LINK(config)# logging local buffer 6 enable logging local flash Description...
Page 102: Logging Clear
Command Mode Global Configuration Mode Example Enable the log file function and set the severity as 7: TP-LINK(config)# logging local flash 7 logging clear Description The logging clear command is used to clear the information in the log buffer and log file.
Page 103: Logging Loghost
Global Configuration Mode Example Enable the log host 2 and set the IP address 192.168.0.148, the level 5: TP-LINK(config)# logging loghost index 2 192.168.0.148 5 enable show logging local-config Description The show logging local-config command is used to display the configuration...
Page 104: Show Logging Loghost
Command Mode Any Configuration Mode Example Display the configuration of the log host 2: TP-LINK(config)# show logging loghost 2 show logging buffer Description The show logging buffer level command is used to display the log information in the log buffer according to the severity level.
Page 105: Show Logging Flash
Any Configuration Mode Example Display the log information from level 0 to level 5 in the log buffer: TP-LINK(config)# show logging buffer level 5 show logging flash Description The show logging flash level command is used to display the log information in the log file according to the severity level.
Page 106: Chapter 18 Ssh Commands
Command Mode Global Configuration Mode Example Enable the SSH function: TP-LINK(config)# ssh server enable ssh version Description The ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ssh version command.
Page 107: Ssh Idle-Timeout
TP-LINK(config)# ssh version v2 ssh idle-timeout Description The ssh idle-timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use no ssh idle-timeout command. Syntax ssh idle-timeout value no ssh idle-timeout Parameter value ——...
Page 108: Ssh Download
Example Download a SSH-1 type key file named ssh-key from TFTP server with the IP Address 192.168.0.148: TP-LINK(config)# ssh download v1 ssh-key ip-address 192.168.0.148 show ssh Description The show ssh command is used to display the global configuration of SSH.
Page 109: Chapter 19 Ssl Commands
Command Mode Global Configuration Mode Example Enable the SSL function: TP-LINK(config)# ssl enable ssl download certificate Description The ssl download certificate command is used to download a certificate to the switch from TFTP server. Syntax...
Page 110: Ssl Download Key
Example Download a SSL Certificate named ssl-cert from TFTP server with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description The ssl download key command is used to download a SSL key to the switch from TFTP server.
Page 111 Example Display the global configuration of SSL: TP-LINK(config)# show ssl...
Page 112: Chapter 20 Address Commands
Chapter 20 Address Commands Address configuration can improve the network security by configuring the Port Security and maintaining the address information by managing the Address Table. bridge address port-security Description The bridge address port-security command is used to configure port security. To return to the default configuration, please use no bridge address port-security command.
Page 113: Bridge Address Static
—— The Port number of your desired entry. It ranges from 1 to 12. Command Mode Global Configuration Mode Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and Port1 together: TP-LINK(config)# bridge address static mac 00:02:58:4f:6c:23 vid 1 port 1...
Page 114: Bridge Aging-Time
Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TP-LINK(config)# bridge aging-time 500 bridge address filtering Description The bridge address filtering command is used to add the filtering address entry. To delete the corresponding entry, please use no bridge address filtering command.
Page 115: Show Bridge Port-Security
Global Configuration Mode Example Add a filtering address entry whose VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 show bridge port-security Description The show bridge port-security command is used to configure the Port Security for each port, such as configure the Max number of MAC addressed that can be learned on the port and the Learn Mode.
Page 116: Show Bridge Aging-Time
Example Display the information of all Address entries: TP-LINK(config)# show bridge address all show bridge aging-time Description The show bridge aging-time command is used to display the Aging Time of the MAC address. Syntax show bridge aging-time Command Mode Any Configuration Mode...
Page 117: Chapter 21 System Commands
—— Contact Information. It consists of 32 characters at most. By default, it is empty. Command Mode Global Configuration Mode Example Configure the System Contact as www.tp-link.com: TP-LINK(config)# system-descript contact-info www.tp-link.com system-time gmt Description The system-time gmt command is used to configure the time zone and the IP Address for the NTP Server.
Page 118: System-Time Manual
Example Configure the system time mode as gmt, the time zone is -12, the primary ntp server is 133.100.9.2 and the secondary ntp server is 139.78.100.163: TP-LINK(config)# system-time gmt -12 133.100.9.2 139.78.100.163 system-time manual Description The system-time manual command is used to configure the system time manually.
Page 119: Ip Address
Global Configuration Mode Example Configure the dst, dst is from April 1 00:00 to November 1 23:00. TP-LINK(config)# system-time dst 04/01 00:00 11/01 23:00 ip address Description The ip address command is used to configure the IP Address, Subnet Mask and Default Gateway.
Page 120: Ip Management-Vlan
Command Mode Global Configuration Mode Example Set the VLAN6 as IP management VLAN: TP-LINK(config)# ip management-vlan 6 ip dhcp-alloc Description The ip dhcp-alloc command is used to enable the DHCP Client function. When this function is enabled, the switch will obtain IP from DHCP Client server.
Page 121: Reset
Command Mode Global Configuration Mode Example Enable the BOOTP Protocol to obtain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch will restore to the factory defaults and your current settings will be lost.
Page 122: User-Config Backup
Privileged EXEC Mode Example Backup the configuration files by TFTP server with the IP 192.168.0.148 and name this file config.cfg: TP-LINK# user-config backup filename config.cfg ip-address 192.168.0.148 user-config load Description The user-config load command is used to download the configuration file to the switch by TFTP server.
Page 123: User-Config Save
TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 user-config save Description The user-config save command is used to save current settings. Syntax user-config save Command Mode Privileged EXEC Mode Example Save current settings: TP-LINK# user-config save firmware upgrade Description The firmware upgrade command is used to upgrade the switch system via the TFTP server.
Page 124: Tracert
192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 milliseconds. If there is not any response after 8 times’ Ping test, the connection between the switch and the network device is failed to establish: TP-LINK# ping 192.168.0.131 –n 8 –l 512 tracert Description The tracert command is used to test the connectivity of the gateways during its journey from the source to destination of the test data.
Page 125: Loopback
192.168.0.131. If the destination device has not been found after 20 maxHops, the connection between the switch and the destination device is failed to establish: TP-LINK# tracert 192.168.0.131 20 loopback Description The loopback command is used to test whether the port is available or not.
Page 126: Show Ip Address
Syntax show ip address Command Mode Any Configuration Mode Example Display the IP Address of the system TP-LINK# show ip address show system-time Description The show system-time command is used to display the time information of the switch. Syntax show system-time...
Page 127: Show System-Time Source
Command Mode Any Configuration Mode Example Display the DST time information of the switch TP-LINK# show system-time dst show system-time source Description The show system-time source command is used to display the time source of the switch.
Page 128: Chapter 22 Ethernet Configuration Commands
Command Mode Global Configuration Mode Example Enter the Interface Configuration Mode and configure Ethernet port2: TP-LINK(config)# interface ethernet 2 interface range ethernet Description The interface range ethernet command is used to enter the Interface Configuration Mode and configure multiple Ethernet ports at the same time.
Page 129: Description
Example Enter the Interface Configuration Mode, add ports 1-3, 6-9 to the port-list and configure them: TP-LINK(config)# interface range ethernet 1-3,6-9 description Description The description command is used to add a description to the Ethernet port. To clear the description of the corresponding port, please use no description command.
Page 130: Flow-Control
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Disable Ethernet port3: TP-LINK(config)# interface ethernet 3 TP-LINK(config-if)# shutdown flow-control Description The flow-control command is used to enable the flow-control function for a port. To disable the flow-control function for this corresponding port, please use no flow-control command.
Page 131: Storm-Control
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the Negotiation Mode as 100M full-duplex for Ethernet port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# negotiation 100f storm-control Description The storm-control command is used to configure the Storm Control function.
Page 132: Port Rate-Limit
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the ingress-rate as 1Mbps and egress-rate as 10Mbps for port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit ingress 1024 egress 10240 port rate-limit disable ingress Description The port rate-limit disable ingress command is used to disable the ingress-rate limit.
Page 133: Port Rate-Limit Disable Egress
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Disable the ingress-rate limit for port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit disable ingress port rate-limit disable egress Description The port rate-limit disable egress command is used to disable the egress-rate limit.
Page 134: Show Interface Status
Example Display the configurations of port5: TP-LINK# show interface configuration ethernet 5 show interface status Description The show interface status command is used to display the connective-status of an Ethernet port. Syntax show interface status ethernet [interface] Parameter Interface —— The port selected to display the connective-status. By default, the connective-status of all ports is displayed.
Page 135: Show Storm-Control Ethernet
By default, the storm-control information of all ports is displayed. Command Mode Any Configuration Mode Example Display the storm-control information of all Ethernet ports: TP-LINK(config)# show storm-control ethernet show port rate-limit Description The show port rate-limit command is used to display the rate-limit information of an Ethernet port.
Page 136: Chapter 23 Qos Commands
CoS value of the ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. Example Configure the priority of port 5 as 3: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# qos 3 qos dot1p enable Description The qos dot1p enable command is used to enable the mapping relation between IEEE 802.1P Priority and Egress Queue.
Page 137: Qos Dot1P Config
Command Mode Global Configuration Mode Example Enable the mapping relation between IEEE 802.1P Priority and Egress Queue: TP-LINK(config)# qos dot1p enable qos dot1p config Description The qos dot1p config command is used to configure the mapping relation between IEEE 802.1P Priority and Egress Queue. To return to the default configuration, please use no qos dot1p config command.
Page 138: Qos Dscp Enable
Example Map tag value 0 to TC3: TP-LINK(config)# qos dot1p config 0 3 qos dscp enable Description The qos dscp enable command is used to enable the mapping relation between DSCP Priority and Egress Queue. To disable the mapping relation, please use no qos dscp enable command.
Page 139: Qos Scheduler
Among the priority levels TC0-TC3, the bigger value, the higher priority. Example Map DSCP values 10,11,15 to TC0: TP-LINK(config)# qos dscp config 10,11,15 0 qos scheduler Description The qos scheduler command is used to configure the Schedule Mode. To return to the default configuration, please use no qos scheduler command.
Page 140: Show Qos Port-Based
[interface-num] Parameter interface-num —— The Ethernet port selected to display the configuration. By default, information of all the ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of QoS for port 5: TP-LINK# show qos port-based 5...
Page 141: Show Qos Dot1P
Syntax show qos dot1p Command Mode Any Configuration Mode Example Display the configuration of IEEE 802.1P Priority: TP-LINK# show qos dot1p show qos dscp Description The show qos dscp command is used to display the configuration of DSCP Priority. Syntax...
Page 142 Example Display the schedule rule of the egress queues: TP-LINK# show qos scheduler...
Page 143: Chapter 24 Port Mirror Commands
Chapter 24 Port Mirror Commands Port Mirror refers to the process of forwarding copies of packets from one port to a mirroring port. Usually, the mirroring port is connected to data diagnose device, which is used to analyze the mirrored packets for monitoring and troubleshooting the network. mirror add Description The mirror add command is used to configure Port Mirror function, to create a...
Page 144: Mirror Remove Mirrored
TP-LINK(config)# mirror add 2,5-7,9 10 ingress 1 mirror remove mirrored Description The mirror remove mirrored command is used to remove mirrored ports from a mirror group. Syntax mirror remove mirrored port-list group-num Parameter port-list —— List of mirrored port.
Page 145: Show Mirror
Description The show mirror command is used to display the configuration of port monitoring. Syntax show mirror [group-num] Command Mode Any Configuration Mode Example Display current port monitoring configuration: TP-LINK# show mirror...
Page 146: Chapter 25 Port Isolation Commands
Command Mode Interface Configuration Mode Example Configure port 1 and port 2 can only forward packets to port 6 and port 13: TP-LINK(config)# interface range ethernet 1-2 TP-LINK(config-if)# port isolation 6,13 show port isolation Description The show port isolation command is used to display the forward portlist of a port.
Page 147 Example Display the forward-list of port 6: TP-LINK# show port isolation 6...
Page 148: Chapter 26 Acl Commands
Chapter 26 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security. acl time-segment Description The acl time-segment command is used to add Time-Range.
Page 149: Acl Edit Time-Segment
Command Mode Global Configuration Mode Example Add a time-range named tSeg1, with time from 8:30 to 12:00 at working day: TP-LINK(config)# acl time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl edit time-segment Description The acl edit time-segment command is used to edit Time-Range.
Page 150: Acl Holiday
TP-LINK(config)# acl edit time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl holiday Description The acl holiday command is used to create holiday in Holiday Mode in the acl time-segment command. To delete the corresponding holiday, please use no acl holiday command.
Page 151: Acl Rule Mac-Acl
Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20: TP-LINK(config)# acl create 20 acl rule mac-acl Description The acl rule mac-acl command is used to add MAC ACL rule. To delete the corresponding rule, please use no acl rule mac-acl command. MAC ACLs...
Page 152: Acl Edit Rule Mac-Acl
TP-LINK(config)# acl create 20 TP-LINK(config)# acl rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 acl edit rule mac-acl Description The acl edit rule mac-acl command is used to edit MAC ACL rule.
Page 153: Acl Rule Std-Acl
11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl edit rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 acl rule std-acl Description The acl rule std-acl command is used to add Standard-IP ACL rule.
Page 154: Acl Edit Rule Std-Acl
255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl create 120 TP-LINK(config)# acl rule std-acl 120 10 op permit dip 192.168.0.100 dmask 255.255.255.0 tseg tSeg1 acl edit rule std-acl Description The acl rule std-acl command is used to edit Standard-IP ACL rule.
Page 155: Acl Policy Policy-Add
255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl edit rule std-acl 120 10 op permit dip 192.168.0.100 dmask 255.255.255.0 tseg tSeg1 acl policy policy-add Description The acl policy policy-add command is used to add Policy.
Page 156: Acl Policy Action-Add
Command Mode Global Configuration Mode Example Add a Policy named policy1: TP-LINK(config)# acl policy policy-add policy1 acl policy action-add Description The acl policy action-add command is used to add ACLs and create actions for the policy. To delete the corresponding actions, please use no acl policy action-add command.
Page 157: Acl Edit Action
TP-LINK(config)# acl policy policy-add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl edit action Description The acl edit action command is used to edit actions for the policy. Syntax acl edit action {policy-name} {acl-id} [rate rate] [osd {none | discard}] [e-port...
Page 158: Acl Bind To-Vlan
Command Mode Global Configuration Mode Example Bind policy1 to Port 1: TP-LINK(config)# acl bind to-port policy1 1 acl bind to-vlan Description The acl bind to-vlan command is used to bind a policy to a VLAN. To cancel the bind relation, please use no policy to-vlan command.
Page 159: Show Acl Holiday
Syntax show acl config acl-id Parameter acl-id —— The ID of the ACL selected to display the configuration. Command Mode Any Configuration Mode Example Display the configuration of the MAC ACL whose ID is 20: TP-LINK> show acl config 20...
Page 160: Show Acl Bind
Description The show acl bind command is used to display the configuration of Policy bind. Syntax show acl bind Command Mode Any Configuration Mode Example Display the configuration of Policy bind: TP-LINK> show acl bind...
Page 161: Chapter 27 Mstp Commands
Chapter 27 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as well as optimize paths. spanning-tree global Description The spanning-tree global command is used to configure STP globally.
Page 162: Spanning-Tree Common-Config
4096, Hello Time as 4 seconds, Max Age as 10 seconds, Forward Delay as 10 seconds, TxHold Count as 8pps and Max Hops as 15 hops: TP-LINK(config)# spanning-tree global status enable mode mstp cist 4096 htime 4 mage 10 delay 10 hcount 8 mhop 15...
Page 163: Spanning-Tree Region
Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# spanning-tree common-config status enable pri 64 expath 100 inpath 100 edge enable spanning-tree region Description The spanning-tree region command is used to configure the region of MSTP.
Page 164: Spanning-Tree Msti
Command Mode Global Configuration Mode Example Configure the region name of MSTP as r1, and the revision level as 100: TP-LINK(config)# spanning-tree region r1 100 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance. To return to the default configuration of the corresponding Instance, please use no spanning-tree msti command.
Page 165: Spanning-Tree Msti
Example Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as 4096: TP-LINK(config)# spanning-tree msti 1 status enable pri 4096 mapped 2-5,8 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree msti command.
Page 166: Spanning-Tree Tc-Defend
Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets, and TC Protect Cycle as 10 seconds: TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree security Description The spanning-tree security command is used to configure MSTP Port Protect.
Page 167: Spanning-Tree Mcheck
Example Enable Loop Protect, Root Protect, TC Protect, BPDU Protect, and BPDU Filter for port 2: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# spanning-tree security loop enable root enable TC enable defend enable hold enable spanning-tree mcheck Description The spanning-tree mcheck command is used to enable MCheck.
Page 168: Show Spanning-Tree Global-Info
Command Mode Any Configuration Mode Example Display the current status of Spanning Tree: TP-LINK# show spanning-tree global-info show spanning-tree global-config Description The show spanning-tree global-config command is used to display the global configuration of Spanning Tree. Syntax...
Page 169: Show Spanning-Tree Region
Command Mode Any Configuration Mode Example Display the configuration of port 5: TP-LINK(config)# show spanning-tree port-config 5 show spanning-tree region Description The show spanning-tree region command is used to display the Region configuration of MSTP.
Page 170: Show Spanning-Tree Msti Port
Command Mode Any Configuration Mode Example Display the configuration of port 5 in Instance 1: TP-LINK(config)# show spanning-tree msti port 1 5 show spanning-tree security tc-defend Description The show spanning-tree security tc-defend command is used to display TC Threshold and TC Protect Cycle of Spanning Tree.
Page 171: Show Spanning-Tree Security Port-Defend
—— The port selected to display the configuration. By default, the Port Protect configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Protect configuration of port 2: TP-LINK(config)# show spanning-tree security port-defend 2...
Page 172: Chapter 28 Igmp Commands
Command Mode Global Configuration Mode Example Enable IGMP Snooping function, and specify the operation to process unknown multicast as discard: TP-LINK(config)# igmp-snooping global status enable unknown-packet discard igmp-snooping config Description The igmp-snooping config status command is used to configure IGMP Snooping and Fast Leave function for port.
Page 173: Igmp-Snooping Vlan-Config-Add
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable IGMP Snooping and Fast Leave function for port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping config status enable fast-leave enable igmp-snooping vlan-config-add Description The igmp-snooping vlan-config-add command is used to configure IGMP Snooping parameters for individual VLANs.
Page 174: Igmp-Snooping Vlan-Config
Enable IGMP Snooping for VLAN 1, and configure Router Port Time as 200 seconds, Member Port Time as 100 seconds, Leave time as 10 seconds and Static Router Port as port 1: TP-LINK(config)# igmp-snooping vlan-config-add 1 rtime 200 mtime 100 ltime 10 rport 1 igmp-snooping vlan-config...
Page 175: Igmp-Snooping Multi-Vlan-Config
Example Modify Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 1: TP-LINK(config)# igmp-snooping vlan-config 1 rtime 300 mtime 200 ltime 15 igmp-snooping multi-vlan-config Description The igmp-snooping multi-vlan-config command is used to create Multicast VLAN.
Page 176: Igmp-Snooping Static-Entry-Add
Example Enable Multicast VLAN, and configure Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 2: TP-LINK(config)# igmp-snooping multi-vlan-config enable 2 rtime 300 mtime 200 ltime 15 igmp-snooping static-entry-add...
Page 177: Igmp-Snooping Filter-Add
Example Add static multicast IP address 225.0.0.1, which correspond to VLAN 2, and configure the forward port as port 1: TP-LINK(config)# igmp-snooping static-entry-add 225.0.0.1 2 1 igmp-snooping filter-add Description The igmp-snooping filter-add command is used to configure the multicast IP-range desired to filter. To delete the corresponding IP-range, please use no igmp-snooping filter-add command.
Page 178: Igmp-Snooping Filter
Command Mode Global Configuration Mode Example Modify the multicast IP-range whose ID is 20 as 225.0.0.10~225.0.0.12: TP-LINK(config)# igmp-snooping filter-config 20 225.0.0.10 225.0.0.12 igmp-snooping filter Description The igmp-snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp-snooping filter command. When...
Page 179: Show Igmp-Snooping Global-Config
IP-range 2, 3, 4, and specify the maximum number of multicast groups for port 5 to join in as 128: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping filter status enable mode accept addr-id 2-4 maxgroup 128 show igmp-snooping global-config Description The show igmp-snooping global-config command is used to display the global configuration of IGMP.
Page 180: Show Igmp-Snooping Vlan-Config
Command Mode Any Configuration Mode Example Display the IGMP configuration of port 2: TP-LINK> show igmp-snooping port-config 2 show igmp-snooping vlan-config Description The show igmp-snooping vlan-config command is used to display the VLAN configuration of IGMP. Syntax show igmp-snooping vlan-config...
Page 181: Show Igmp-Snooping Multi-Ip-List
Syntax show igmp-snooping multi-ip-list Command Mode Any Configuration Mode Example Display the Multicast IP table: TP-LINK> show igmp-snooping multi-ip-list show igmp-snooping filter-ip-addr Description The show igmp-snooping filter-ip-addr command is used to display the Multicast Filter IP-Range table. Syntax show igmp-snooping filter-ip-addr...
Page 182: Show Igmp-Snooping Packet-Stat
By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Multicast Filter configuration of port 5: TP-LINK> show igmp-snooping port-filter 5 show igmp-snooping packet-stat Description The show igmp-snooping packet-stat command is used to display the Packet Statistics information of all ports.
Page 183: Chapter 29 Snmp Commands
64 hexadecimal characters, which must be even number meanwhile. Command Mode Global Configuration Mode Example Enable the SNMP function, and specify the Local Engine ID as 1234567890, the Remote Engine ID as 123456abcdef: TP-LINK(config)# snmp global status enable engine-id 1234567890 remote-id 123456abcdef...
Page 184: Snmp View-Add
Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: TP-LINK(config)# snmp view-add view1 1.3.6.1.6.3.20 include snmp group-add Description The snmp group-add command is used to manage and configure the SNMP group.
Page 185 Add group 1, configure its Security Model as SNMP v2c, view1 can be read and edited by group member, and the trap messages sent by view2 can be received by Management station: TP-LINK(config)# snmp group-add group1 smode v2c ro view1 wo view1 notify view2...
Page 186: Snmp User-Add
snmp user-add Description The snmp user-add command is used to add User. To delete the corresponding User, please use no snmp user-add command. The User in a SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access right. Syntax snmp user-add {name} { local | remote } {group-name} [smode { v1 | v2c | v3 }] [slev { noAuthNoPriv | authNoPriv | authPriv }] [cmode { none | MD5 | SHA }]...
Page 187: Snmp Community-Add
MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TP-LINK(config)# snmp user-add admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222 snmp community-add Description The snmp community-add command is used to add Community.
Page 188: Snmp Notify-Add
snmp notify-add Description The snmp notify-add command is used to add Notification. To delete the corresponding Notification, please use no snmp notify-add command. With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views, which allows the management station to monitor and process the events in time.
Page 189: Snmp-Rmon History Sample-Cfg
Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the resending time as 100: TP-LINK(config)# snmp notify-add 192.168.0.1 162 admin smode v2c type inform resend 100 timeout 1000 snmp-rmon history sample-cfg...
Page 190: Snmp-Rmon History Owner
TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100 snmp-rmon history owner Description The snmp-rmon history owner command is used to configure the owner of the history sample entry. To return to the default configuration, please use no snmp-rmon history owner command.
Page 191: Snmp-Rmon Event User
Command Mode Global Configuration Mode Example Configure the user name of entry 1 as user1: TP-LINK(config)# snmp-rmon event user 1 user1 snmp-rmon event description Description The snmp-rmon event description command is used to configure the description of SNMP-RMON Event. To return to the default configuration, please...
Page 192: Snmp-Rmon Event Type
Command Mode Global Configuration Mode Example Configure the description of entry 1 as description1: TP-LINK(config)# snmp-rmon event description 1 description1 snmp-rmon event type Description The snmp-rmon event type command is used to configure the type of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event type command.
Page 193: Snmp-Rmon Event Owner
Command Mode Global Configuration Mode Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon event owner 1 owner1 snmp-rmon event enable Description The snmp-rmon event enable command is used to enable SNMP-RMON Event entry. To disable the corresponding entry, please use no snmp-rmon event enable command.
Page 194: Snmp-Rmon Alarm Config
Example Enable the SNMP-RMON Event entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. To return to the default configuration, please use no snmp-rmon alarm config command. Alarm Group is one of the commonly used RMON Groups.
Page 195: Snmp-Rmon Alarm Owner
Global Configuration Mode Example Configure the alarm interval time of the entries 1, 2, 3 and 6 as 1000 seconds: TP-LINK(config)# snmp-rmon alarm config 1-3,6 interval 1000 snmp-rmon alarm owner Description The snmp-rmon alarm owner command is used to configure the owner of the Alarm Management entry.
Page 196: Snmp-Rmon Alarm Enable
Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon alarm owner 1 owner1 snmp-rmon alarm enable Description The snmp-rmon alarm enable command is used to enable SNMP-RMON Alarm Management entry. To disable the corresponding entry, please use no snmp-rmon alarm enable command.
Page 197: Show Snmp View
Syntax show snmp view Command Mode Any Configuration Mode Example Display the View table: TP-LINK> show snmp view show snmp group Description The show snmp group command is used to display the Group table. Syntax show snmp group Command Mode...
Page 198: Show Snmp Community
TP-LINK> show snmp user show snmp community Description The show snmp community command is used to display the Community table. Syntax show snmp community Command Mode Any Configuration Mode Example Display the Community table: TP-LINK> show snmp community show snmp destination-host...
Page 199: Show Snmp-Rmon Event
Command Mode Any Configuration Mode Example Display the Event configuration of entry 2: TP-LINK> show snmp-rmon event 2 show snmp-rmon alarm Description The show snmp-rmon alarm command is used to display the configuration of the Alarm Management entry.
Page 200 1 to 12. You can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all Alarm Management entries: TP-LINK> show snmp-rmon alarm...
Page 201: Chapter 30 Cluster Commands
Time ranges from 5 to 254 in seconds. By default, it is 60. Command Mode Global Configuration Mode Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TP-LINK(config)# cluster ndp status enable aging-timer 120 hello-timer 50...
Page 202: Cluster Ntdp
Enable NTDP function globally, and specify NTDP Interval Time as 20 minutes, NTDP Hops as 5, NTDP Hop Delay as 300 milliseconds, and NTDP Port Delay as 50 milliseconds: TP-LINK(config)# cluster ntdp status enable interval 20 hop 5 hop-delay 300 port-delay 50...
Page 203: Cluster Explore
—— Enable/ Disable NTDP function for the port. By default, it is enabled. Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable NDP and NTDP function for port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# cluster ndp enable ntdp enable...
Page 204: Cluster Create
Example Specify the current switch as commander switch, create cluster c1, and configure the cluster IP address pool as 10.90.90.1~10.90.90.254: TP-LINK(config)# cluster create c1 10.90.90.10 255.255.255.0 cluster manage config Description The cluster manage config command is used to configure Cluster.
Page 205: Cluster Manage Member
Global Configuration Mode Example Specify the Hold Time and Interval Time of cluster c1 as 50 seconds: TP-LINK(config)# cluster manage config c1 50 50 cluster manage member Description The cluster manage member command is used to add member switch. To delete the corresponding member, please use no cluster manage member command.
Page 206: Show Cluster Ndp Global
Command Mode Global Configuration Mode Example Change the role of the current switch to Commander Switch: TP-LINK(config)# cluster manage role-change candidate show cluster ndp global Description The show cluster ndp global command is used to display the global configuration of NDP.
Page 207: Show Cluster Neighbour
Command Mode Any Configuration Mode Example Display the NDP configuration of port 2: TP-LINK> show cluster ndp port-status 2 show cluster neighbour Description The show cluster neighbour command is used to display the cluster neighbor information.
Page 208: Show Cluster Ntdp Port-Status
Command Mode Any Configuration Mode Example Display the NTDP configuration of port 2: TP-LINK> show cluster ntdp port-status 2 show cluster ntdp device Description The show cluster ntdp device command is used to display the device table of NTDP.
Page 209: Show Cluster Manage Member
Command Mode Any Configuration Mode Example Display the global configuration of Cluster: TP-LINK> show cluster manage config show cluster manage member Description The show cluster manage member command is used to display the member information. Syntax...
Page 210: Chapter 31 Lldp Commands
Command Mode Global Configuration Mode Example Enable lldp function globally: TP-LINK(config)# lldp enable lldp hold-multiplier Description The lldp hold-multiplier command is used to configure the Hold Multiplier parameter. The aging time of the local information in the neighbor device is determined by the actual TTL value used in the sending LLDPDU.
Page 211: Lldp Timer
Command Mode Global Configuration Mode Example Specify Hold Multiplier as 5: TP-LINK(config)# lldp hold-multiplier 5 lldp timer Description The lldp timer command is used to configure the parameters about transmission. To return to the default configuration, please use no lldp timer command.
Page 212: Lldp Admin-Status
Global Configuration Mode Example Specify the Transmit Interval of LLDPDU as 45 seconds and Trap message to NMS as 120 seconds: TP-LINK(config)# lldp timer tx-interval 45 TP-LINK(config)# lldp timer notify-interval 120 lldp admin-status Description The lldp admin-status command is used to configure the port’s LLDP operating mode.
Page 213: Lldp Snmp-Trap
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable the ports' SNMP notification for port8: TP-LINK(config)# interface ethernet 8 TP-LINK(config-if)# lldp snmp-trap lldp tlv-select Description The lldp tlv-select command is used to configure TLVs to be included in outgoing LLDPDU.
Page 214: Show Lldp Global
TP-LINK(config)# interface ethernet 8 TP-LINK(config-if)# no lldp tlv-select management-address port-vlan-id show lldp global Description The show lldp global command is used to display the global configuration of LLDP. Syntax show lldp global Command Mode Any Configuration Mode Example Display the global configuration of LLDP: TP-LINK>...
Page 215: Show Lldp Local-Information
—— The port selected to display the information of LLDP. Command Mode Any Configuration Mode Example Display the LLDP information of port 8: TP-LINK> show lldp local-information 8 show lldp neighbor-information Description The show lldp neighbor-information command is used to display the neighbor information of the certain port.
Page 216 Syntax show lldp statistics [port] Parameter port —— The port selected to display the neighbor information. Command Mode Any Configuration Mode Example Display the LLDP statistic information of port 8: TP-LINK> show lldp statistics 8...

This manual is also suitable for:

Tl-sg5428

TP-Link TL-SG5412F Reference Manual

Preface

Chapter 1 Using the CLI

Chapter 2 User Interface

Chapter 3 IEEE 802.1Q VLAN Commands

Chapter 4 Protocol VLAN Commands

Chapter 5 VLAN-VPN Commands

Chapter 6 Voice VLAN Commands

Chapter 7 Private VLAN Commands

Chapter 8 GVRP Commands

Chapter 9 LAG Commands

Chapter 10 LACP Commands

Chapter 11 User Manage Commands

Chapter 12 Binding Table Commands

Chapter 13 ARP Inspection Commands

Chapter 14 IP Source Guard Commands

Chapter 15 Dos Defend Command

Chapter 16 IEEE 802.1X Commands

Chapter 17 Log Commands

Chapter 18 SSH Commands

Chapter 19 SSL Commands

Chapter 20 Address Commands

Chapter 21 System Commands

Chapter 22 Ethernet Configuration Commands

Chapter 23 Qos Commands

Chapter 24 Port Mirror Commands

Chapter 25 Port Isolation Commands

Chapter 26 ACL Commands

Chapter 27 MSTP Commands

Chapter 28 IGMP Commands

Chapter 29 SNMP Commands

Quick Links

Related Manuals for TP-Link TL-SG5412F

Summary of Contents for TP-Link TL-SG5412F