Page 1 TL-SL3428 JetStream L2 Managed Switch Rev: 1.1.0 1910010622...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3: Table Of Contents
TL-SL3428 JetStream L2 Managed Switch CLI Guide CONTENTS Preface ......................1 Chapter 1 Using the CLI ..................4 1.1 Accessing the CLI ......................4 1.1.1 Logon by a console port ..................4 1.1.2 Logon by Telnet ....................6 1.2 CLI Command Modes .....................8 1.3 Security Levels ......................
Page 4 TL-SL3428 JetStream L2 Managed Switch CLI Guide show protocol-vlan template....................23 show protocol-vlan vlan ......................23 show protocol-vlan interface....................23 Chapter 5 Voice VLAN Commands ..............25 voice-vlan enable ........................25 voice-vlan aging-time ......................25 voice-vlan oui ........................26 switchport voice-vlan mode ....................27 show voice-vlan global ......................27 show voice-vlan oui .......................28...
Page 5 TL-SL3428 JetStream L2 Managed Switch CLI Guide user modify status .........................42 user modify type ........................43 user modify password......................43 user access-control disable ....................44 user access-control ip-based....................44 user access-control mac-based.....................45 user access-control port-based .....................45 user max-number ........................46 user idle-timeout ........................46 show user account-list ......................47 show user configuration......................47...
Page 6 TL-SL3428 JetStream L2 Managed Switch CLI Guide show arp detection statistic ....................63 show arp detection statistic reset ..................63 Chapter 12 DoS Defend Command..............64 dos-prevent ...........................64 dos-prevent type........................64 show dos-prevent ........................65 Chapter 13 IEEE 802.1X Commands ..............66 dot1x............................66 dot1x auth-method ........................66 dot1x guest-vlan ........................67...
Page 7 TL-SL3428 JetStream L2 Managed Switch CLI Guide show logging local-config ......................83 show logging loghost ......................83 show logging buffer .......................84 show logging flash.........................84 Chapter 15 SSH Commands................. 86 ssh server enable ........................86 ssh version ..........................86 ssh idle-timeout ........................87 ssh max-client ........................87 ssh download ........................88...
Page 8 TL-SL3428 JetStream L2 Managed Switch CLI Guide user-config load........................103 user-config save ........................104 firmware upgrade ........................104 ping .............................105 tracert ..........................105 loopback ..........................106 show system-info.........................106 show ip address ........................107 show system-time........................107 show system-time dst ......................108 show system-time source ....................108 show system-time mode......................108 Chapter 19 Ethernet Configuration Commands ..........110...
Page 9 TL-SL3428 JetStream L2 Managed Switch CLI Guide show qos dscp........................124 show qos scheduler......................124 Chapter 21 Port Mirror Commands ..............126 mirror add ..........................126 mirror remove group ......................127 mirror remove mirrored......................127 show mirror..........................128 Chapter 22 Port isolation Commands ..............129 port isolation ........................129 show port isolation.......................129...
Page 10 TL-SL3428 JetStream L2 Managed Switch CLI Guide spanning-tree mcheck ......................150 show spanning-tree global-info....................151 show spanning-tree global-config ..................151 show spanning-tree port-config ...................151 show spanning-tree region ....................152 show spanning-tree msti config ...................152 show spanning-tree msti port ....................153 show spanning-tree security tc-defend ................153 show spanning-tree security port-defend................154...
Page 11 TL-SL3428 JetStream L2 Managed Switch CLI Guide snmp-rmon history enable ....................174 snmp-rmon event user......................175 snmp-rmon event description ....................176 snmp-rmon event type......................176 snmp-rmon event owner......................177 snmp-rmon event enable.....................177 snmp-rmon alarm config......................178 snmp-rmon alarm owner......................179 snmp-rmon alarm enable.....................180 show snmp global-config .....................180 show snmp view ........................181...
Page 12: Preface
JetStream L2 Managed Switch CLI Guide Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SL3428 JetStream L2 Managed Switch. Overview of this Guide...
Page 13 TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 12: DoS Defend Command Provide information about the commands used for DoS defend and detecting the DoS attack. Chapter 13: IEEE 802.1X Commands Provide information about the commands used for configuring IEEE 802.1X function.
Page 14 TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 26: SNMP Commands Provide information about the commands used for configuring the SNMP (Simple Network Management Protocol) functions. Chapter 27: Cluster Commands Provide information about the commands used for configuring the Cluster Management function.
Page 15: Chapter 1 Using The Cli
TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: Log on to the switch by the console port on the switch.
Page 16 TL-SL3428 JetStream L2 Managed Switch CLI Guide Figure 1-2 Connection Description Select the port to connect in figure 1-3, and click OK. Figure 1-3 Select the port to connect Configure the port selected in the step above as the following figure1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.
Page 17: 1.1.2 Logon By Telnet
Type the User name and Password in the Hyper Terminal window, the factory default value for both of them is admin. The DOS prompt” TP-LINK>” will appear after pressing the Enter button as figure1-5 shown. It indicates that you can use the CLI now.
Page 18 TL-SL3428 JetStream L2 Managed Switch CLI Guide Figure 1-6 Open the Run window Type cmd in the prompt Run window as figure 1-7 and click OK. Figure 1-7 Run Window Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter...
Page 19: 1.2 Cli Command Modes
TL-SL3428 JetStream L2 Managed Switch CLI Guide Figure 1-8 Connecting to the Switch Type the User name and Password (the factory default value for both of them is admin) and press the Enter button, then you can use the CLI now, which is shown as figure1-9.
Page 20 TL-SL3428 JetStream L2 Managed Switch CLI Guide The following table gives detailed information about the Accessing path, Prompt of each mode and how to exit the current mode and access the next mode. Accessing Logout or Access the next Mode...
Page 21 TL-SL3428 JetStream L2 Managed Switch CLI Guide Use the interface type Use the end command or press Ctrl+Z number command to to return to Privileged EXEC mode. Interface enter this mode from TP-LINK(config-if Enter exit command to return to Global...
Page 22: 1.3 Security Levels
TL-SL3428 JetStream L2 Managed Switch CLI Guide history: Display the commands history.  1.3 Security Levels This switch’s security is divided into two levels: User level and Admin level. User level only allows users to do some simple operations in User EXEC Mode; Admin level allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.
Page 23: 1.4.3 Parameter Format
TL-SL3428 JetStream L2 Managed Switch CLI Guide If a blank is contained in a character string, single or double quotation marks should be used,  for example ’hello world’, ”hello world”, and the words in the quotation marks will be identified as a string.
Page 24: Chapter 2 User Interface
—— super password ， which contains 16 characters at most, composing digits, English letters and underdashes only. By default, it is empty. Command Mode Global Configuration Mode Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TP-LINK(config)# enable password admin...
Page 25: Disable
TL-SL3428 JetStream L2 Managed Switch CLI Guide disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Syntax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TP-LINK# disable TP-LINK>...
Page 26: End
TL-SL3428 JetStream L2 Managed Switch CLI Guide exit Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# Description The end command is used to return to Privileged EXEC Mode.
Page 27: Chapter 3 Ieee 802.1Q Vlan Commands
Syntax vlan database Command Mode Global Configuration Mode Example Access VLAN Configuration Mode: TP-LINK(config)# vlan database TP-LINK(config-vlan)# vlan Description The vlan command is used to create IEEE 802.1Q VLAN. To delete the IEEE 802.1Q VLAN, please use no vlan command.
Page 28: Interface Vlan
——VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Configure the VLAN2: TP-LINK(config)# interface vlan 2 description Description The description command is used to assign a description string to a VLAN. To clear the description, please use no description command.
Page 29: Switchport Type
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK(config)# interface vlan 2 TP-LINK(config-if)#description vlan2 switchport type Description The switchport type command is used to configure the Link Types for the ports. Syntax switchport type { access | trunk | general } Parameter access | trunk | general ——...
Page 30: Switchport Pvid
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport allowed vlan add 2 switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id —— VLAN ID, ranging from 1 to 4094.
Page 31: Show Vlan
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport general egress-rule 3 tagged show vlan Description The show vlan command is used to display the information of IEEE 802.1Q VLAN . Syntax show vlan [vlan-id] Parameter vlan-id ——...
Page 32: Chapter 4 Protocol Vlan Commands
Global Configuration Mode Example Create a Protocol VLAN template named “arp” whose Ethernet protocol type is 0806 and delete the Protocol template whose number is 2: TP-LINK(config)# protocol-vlan template add arp 0806 TP-LINK(config)# protocol-vlan template remove 2 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol VLAN entry.
Page 33: Protocol-Vlan Interface
Global Configuration Mode Example Create a Protocol VLAN entry, whose index is 1 and vid is 2. And then delete the Protocol VLAN entry whose number is 1: TP-LINK(config)# protocol-vlan vlan 2 template 1 TP-LINK(config)# no protocol-vlan vlan 1 protocol-vlan interface Description The protocol-vlan interface command is used to enable the Protocol VLAN feature for a specified port.
Page 34: Show Protocol-Vlan Template
Command Mode Any Configuration Mode Example Display the information of the Protocol VLAN templates: TP-LINK(config)# show protocol-vlan template show protocol-vlan vlan Description The show protocol-vlan vlan command is used to display the information about Protocol VLAN entry.
Page 35 TL-SL3428 JetStream L2 Managed Switch CLI Guide Any Configuration Mode Example Display the configuration of the protocol-vlan interface: TP-LINK(config)# show protocol-vlan interface...
Page 36: Chapter 5 Voice Vlan Commands
Command Mode Global Configuration Mode Example Enable the Voice VLAN function for VLAN 2: TP-LINK(config)# voice-vlan enable 2 voice-vlan aging-time Description The voice-vlan aging-time command is used to set the aging time for a voice VLAN. To restore to the default aging time for the Voice VLAN, please use no voice-vlan aging-time command.
Page 37: Voice-Vlan Oui
By default, it is empty. Command Mode Global Configuration Mode Example Create a Voice VLAN OUI descripted as TP-LINK Phone with the MAC address 00:01:E3:00:00:01 and the mask address FF:FF:FF:00:00:00. And then delete the Voice VLAN OUI with the MAC address 00:00:00:11:00:01: TP-LINK(config)#...
Page 38: Switchport Voice-Vlan Mode
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure Ethernet port 2 to operate in the manual voice VLAN mode: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport voice-vlan mode manual show voice-vlan global Description The show voice-vlan global command is used to display the global configuration information of Voice VLAN.
Page 39: Show Voice-Vlan Oui
Command Mode Any Configuration Mode Example Display the configuration information of Voice VLAN OUI: TP-LINK(config)# show voice-vlan oui show voice-vlan switchport Description The show voice-vlan switchport command is used to displays the configuration information of the port in the Voice VLAN.
Page 40: Chapter 6 Gvrp Commands
TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 6 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagate the local VLAN registration information to other switches, without having to individually configure each VLAN.
Page 41: Gvrp Registration
TL-SL3428 JetStream L2 Managed Switch CLI Guide Example Enable the GVRP function for ports 2-6: TP-LINK(config)# interface range ethernet 2-6 TP-LINK(config-if)# gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type on the desired port. To restore to the default value, please use no gvrp registration command.
Page 42: Show Gvrp Global
Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the join timer of it to the default value: TP-LINK(config)# interface ethernet 6 TP-LINK(config-if)# gvrp timer leaveall 2000 TP-LINK(config-if)# no gvrp timer join show gvrp global Description The show gvrp global command is used to display the global GVRP status.
Page 43: Show Gvrp Interface
TL-SL3428 JetStream L2 Managed Switch CLI Guide Example Display the global GVRP status: TP-LINK(config)# show gvrp global show gvrp interface Description The show gvrp interface command is used to display the GVRP configuration information of the specified Ethernet ports. Syntax...
Page 44: Chapter 7 Lag Commands
Command Mode Global Configuration Mode Example Access the Interface Link-aggregation Mode and configure the aggregation group 1: TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# interface range link-aggregation Description The interface range link-aggregation command is used to access the Interface range Link-aggregation Mode, and you can configure some aggregation groups at the same time.
Page 45: Link-Aggregation
——The aggregation group list. You can configure some aggregation groups at the same time. Example Access the Interface range Link-aggregation Mode and configure the aggregation group 1,4-6: TP-LINK(config)# interface range link-aggregation 1,4-6 TP-LINK(config-if)# link-aggregation Description The link-aggregation command is used to add the current Ethernet port to an aggregation group.
Page 46: Link-Aggregation Hash-Algorithm
Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as src_dst_mac: TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac description Description The description command is used to set a description for an aggregation group. To remove the description of an aggregation group, please use no description command.
Page 47: Show Interface Link-Aggregation
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# description “movie server” show interface link-aggregation Description The show interface link-aggregation command is used to display the configuration information of the Aggregate Arithmetic and the aggregation groups. Syntax...
Page 48: Chapter 8 Lacp Commands
—— system-priority, ranging from 0 to 65535. By default, the value is 32768. Example Set global lacp system priority 1024: TP-LINK(config)# lacp system-priority 1024 lacp (interface) Description The lacp(interface) command is used to enable LACP protocol on the current port.
Page 49: Lacp Admin-Key
JetStream L2 Managed Switch CLI Guide Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable LACP protocol on the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp lacp admin-key Description The lacp admin-key command is used to configure the admin key. To restore the default value, please use no lacp admin-key command.
Page 50: Show Lacp Interface
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Set the port priority of port 1 to 1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp port-priority 1024 show lacp interface Description The show lacp interface command is used to display the port configuration information of LACP.
Page 51 TL-SL3428 JetStream L2 Managed Switch CLI Guide Syntax show lacp system-priority Command Mode Any Configuration Mode Example Display the global system priority value of LACP: TP-LINK(config)# show lacp system-priority...
Page 52: Chapter 9 User Manage Commands
Admin: can edit, modify and view all the settings of different functions. disable | enable ——Enable/disable the user. Command Mode Global Configuration Mode Example Add and enable a new admin user named tplink, and of which the password is password: TP-LINK(config)#user add tplink password password confirm-password password admin enable...
Page 53: User Remove
The current user can't be modified by itself. Syntax user modify status user-name {disable | enable} Parameter user-name —— The existing user name. disable | enable ——Disable/enable the user. Command Mode Global Configuration Mode Example Enable the status of user “tplink”: TP-LINK(config)# user modify status tplink enable...
Page 54: User Modify Type
| admin —— Access level. Guest: limited user; admin: manager. Command Mode Global Configuration Mode Example Change the access level of tplink to admin: TP-LINK(config)# user modify type tplink admin user modify password Description The user modify password command is used to modify the password for the existing user.
Page 55: User Access-Control Disable
JetStream L2 Managed Switch CLI Guide Global Configuration Mode Example Modify the password of tplink as newpwd: TP-LINK(config)# user modify password tplink password newpwd newpwd user access-control disable Description The user access-control disable command is used to cancel the user access-control.
Page 56: User Access-Control Mac-Based
00:00:13:0A:00:01: TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01 user access-control port-based Description The user access-control port-based command is used to limit the ports for login. Only the users connected to these ports you set here are allowed for login.
Page 57: User Max-Number
Command Mode Global Configuration Mode Example Enable the access-control of the ports 2, port4, port5, port6,and port10: TP-LINK(config)# user access-control port-based 2,4-6,10 user max-number Description The user max-number command is used to configure the number of the users logging on at the same time. To cancel the limit to the numbers of the users logging in, please use no user max-number command.
Page 58: Show User Account-List
10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minutes: TP-LINK(config)# user idle-timeout 15 show user account-list Description The show user account-list command is used to display the information of the current users.
Page 59 TL-SL3428 JetStream L2 Managed Switch CLI Guide information of the users, including access-control, max-number and the idle-timeout, etc. Syntax show user configuration Command Mode Any Configuration Mode Example Display the security configuration information of the users: TP-LINK(config)# show user configuration...
Page 60: Chapter 10 Binding Table Commands
TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 10 Binding Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be the condition for the ARP Inspection to filter the packets.
Page 61: Binding-Table Remove
Command Mode Global Configuration Mode Example Delete the IP-MAC –VID-PORT entry with the index 5: TP-LINK(config)# binding-table remove index 5 dhcp-snooping Description The dhcp-snooping command is used to enable the DHCP-snooping function for the switch. To disable the DHCP-snooping function, please use no dhcp-snooping command.
Page 62: Dhcp-Snooping Global
5/10/15/20/25/30 (packet/second). By default, it is 5. Command Mode Global Configuration Mode Example Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, and decline Flow Control as 20 pps for DHCP Snooping TP-LINK(config)# dhcp-snooping global global-rate 30 dec-threshold 20 dec-rate 20...
Page 63: Dhcp-Snooping Information Enable
Command Mode Global Configuration Mode Example Enable the Option 82 function of DHCP Snooping: TP-LINK(config)# dhcp-snooping information enable dhcp-snooping information strategy Description The dhcp-snooping information strategy command is used to select the operation for the Option 82 field of the DHCP request packets from the Host. To restore to the default option, please use no dhcp-snooping information strategy command.
Page 64: Dhcp-Snooping Information User-Defined
Global Configuration Mode Example Replace the Option 82 field of the packets with the switch defined one and then send out: TP-LINK(config)# dhcp-snooping information strategy replace dhcp-snooping information user-defined Description The dhcp-snooping information user-defined command is used to permit users to define the Option 82. To disable the function, please use no dhcp-snooping information user-defined command.
Page 65: Dhcp-Snooping Information Circuit-Id
JetStream L2 Managed Switch CLI Guide Global Configuration Mode Example Configure the sub-option Remote ID for the customized Option 82 as tplink: TP-LINK(config)# dhcp-snooping information remote-id tplink dhcp-snooping information circuit-id Description The dhcp-snooping information circuit-id command is used to configure the sub-option Circuit ID for the customized Option 82.
Page 66: Dhcp-Snooping Mac-Verify
JetStream L2 Managed Switch CLI Guide Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the port 2 to be a Trusted Port: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping trusted dhcp-snooping mac-verify Description The dhcp-snooping mac-verify command is used to enable the MAC Verify feature.
Page 67: Dhcp-Snooping Decline
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Set the Flow Control of port 2 as 20 pps: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping rate-limit 20 dhcp-snooping decline Description The dhcp-snooping decline command is used to enable the Decline Protect feature.
Page 68: Show Dhcp-Snooping Global
Command Mode Any Configuration Mode Example Display the configuration of DHCP Snooping globally: TP-LINK(config)# show dhcp-snooping global show dhcp-snooping information Description The show dhcp-snooping information command is used to display the Option 82 configuration of DHCP Snooping.
Page 69: Show Dhcp-Snooping Interface
JetStream L2 Managed Switch CLI Guide Any Configuration Mode Example Display the Option 82 configuration of DHCP Snooping: TP-LINK(config)# show dhcp-snooping information show dhcp-snooping interface Description The show dhcp-snooping interface command is used to display the interface configuration of DHCP Snooping.
Page 70: Chapter 11 Arp Inspection Commands
Command Mode Global Configuration Mode Example Enable the ARP Detection function globally: TP-LINK(config)# arp detection arp detection trust-port Description The arp detection trust-port command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port. To clear the Trusted Port list, please use no arp detection trust-port command .The...
Page 71: Arp Detection (Interface)
Command Mode Global Configuration Mode Example Configure the ports 2-5,11-15 as the Trusted Port: TP-LINK(config)# arp detection trust-port 2-5,11-15 arp detection (interface) Description The arp detection (interface) command is used to enable the ARP Defend function. To disable the arp detection function, please use no arp detection command.
Page 72: Arp Detection Recover
Configure the maximum amount of the received ARP packets per second as 50 pps for the port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# arp detection limit-rate 50 arp detection recover Description The arp detection recover command is used to restore to the port to the ARP transmit status from the ARP filter status.
Page 73: Show Arp Detection Global
Command Mode Any Configuration Mode Example Display the ARP detection configuration globally: TP-LINK(config)# show arp detection global show arp detection interface Description The show arp detection interface command is used to display the interface configuration of ARP detection.
Page 74: Show Arp Detection Statistic
The show arp detection statistic reset command is used to clear the statistic of the illegal ARP packets received. Syntax show arp detection statistic reset Command Mode Global Configuration Mode Example Clear the statistic of the illegal ARP packets received: TP-LINK(config)# show arp detection statistic reset...
Page 75: Chapter 12 Dos Defend Command
TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 12 DoS Defend Command DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend enabled, the switch can analyze the specific field of the received packets and provide the defend measures to ensure the normal working of the local network.
Page 76: Show Dos-Prevent
Global Configuration Mode Example Enable two DoS Defend Types named Xma Scan attack and Ping flooding attack: TP-LINK(config)# dos-prevent xma-scan ping-flood show dos-prevent Description The show dos-prevent command is used to display the DoS information of the detected DoS attack, including enable/disable status, the DoS Defend Type, the count of the attack,etc.
Page 77: Chapter 13 Ieee 802.1X Commands
TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 13 IEEE 802.1X Commands IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the supplicant passing the authentication can access the LAN. dot1x Description The dot1x command is used to enable the IEEE 802.1X function globally. To disable the IEEE 802.1X function, please use no dot1x command.
Page 78: Dot1X Guest-Vlan
Command Mode Global Configuration Mode Example Configure the Authentication Method of IEEE 802.1X as pap: TP-LINK(config)# dot1x auth-method pap dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function globally. To disable the Guest VLAN function, please use no dot1x guest-vlan command.
Page 79: Dot1X Quiet-Period
Command Mode Global Configuration Mode Example Enable the quiet-period function: TP-LINK(config)# dot1x quiet-period dot1x timer Description The dot1x timer command is used to configure the Quiet Period and the SupplicantTimeout. To restore to the default, please use no dot1x timer command.
Page 80: Dot1X Retry
Global Configuration Mode Example Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6 seconds: TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 dot1x retry Description The dot1x retry command is used to configure the maximum transfer times of the repeated authentication request.
Page 81: Dot1X Guest-Vlan
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable the IEEE 802.1X function for the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x dot1x guest-vlan Description The dot1x guest-vlan command is used to enable the Guest VLAN function for a specified port.
Page 82: Dot1X Port-Method
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the Control Mode for port 1 as authorized-force: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x port-control authorized-force dot1x port-method Description The dot1x port-method command is used to configure the Control Type of IEEE 802.1X for the specified port.
Page 83: Radius Authentication Primary-Ip
User Service）server is used as the Authentication server generally. Syntax radius authentication primary-ip ip-addr Parameter ip-addr —— The IP address of the authentication server. Command Mode Global Configuration Mode Example Configure the IP of the authentication server as 10.20.1.100: TP-LINK(config)# radius authentication primary-ip 10.20.1.100...
Page 84: Radius Authentication Secondary-Ip
Command Mode Global Configuration Mode Example Configure the IP address of the alternate authentication server as 10.20.1.101: TP-LINK(config)# radius authentication secondary-ip 10.20.1.101 radius authentication port Description The radius authentication port command is used to configure the authentication port of the alternate authentication server. To restore to the default value, please use no radius authentication port command.
Page 85: Radius Authentication Key
JetStream L2 Managed Switch CLI Guide Global Configuration Mode Example Configure the authentication port of the alternate authentication server as 1815: TP-LINK(config)# radius authentication port 1815 radius authentication key Description The radius authentication key command is used to configure the shared password for the switch and the authentication servers to exchange messages.
Page 86: Radius Accounting Primary-Ip
Command Mode Global Configuration Mode Example Configure the IP address of the accounting server as 10.20.1.100: TP-LINK(config)# radius accounting primary-ip 10.20.1.100 radius accounting secondary-ip Description The radius accounting secondary-ip command is used to configure the IP address of the alternate accounting server. To restore to the default configuration, please use no radius accounting secondary-ip command.
Page 87: Radius Accounting Port
Command Mode Global Configuration Mode Example Configure the IP address of the alternate accounting server as 10.20.1.101: TP-LINK(config)# radius accounting secondary-ip 10.20.1.101 radius accounting port Description The radius accounting port command is used to set the UDP port of accounting server(s). To restore to the default value, please use no radius accounting port.
Page 88: Radius Response-Timeout
Global Configuration Mode Example Configure the shared password for the switch and the accounting servers as tplink: TP-LINK(config)# radius accounting key tplink radius response-timeout Description The radius response-timeout command is used to configure the maximum time for the switch to wait for the response from the RADIUS authentication and the accounting server.
Page 89: Show Dot1X Global
Example Configure the maximum time for the switch to wait for the response from the RADIUS authentication and the accounting server as 5 seconds: TP-LINK(config)# radius response-timeout 5 show dot1x global Description The show dot1x global command is used to display the global configuration of 801.X.
Page 90: Show Radius Authentication
TL-SL3428 JetStream L2 Managed Switch CLI Guide Example Display the port configuration of 801.X: TP-LINK(config)# show dot1x interface show radius authentication Description The show radius authentication command is used to display the configuration of the RADIUS authentication server. Syntax show radius authentication...
Page 91: Chapter 14 Log Commands
By default, it is 7 indicating that all the log information will be saved in the log buffer. disable | enable —— Disable or enable the log buffer. By default, it is enabled. Command Mode Global Configuration Mode Example Enable the log buffer function and set the severity as 6: TP-LINK(config)# logging local buffer 6 enable...
Page 92: Logging Local Flash
Command Mode Global Configuration Mode Example Enable the log file function and set the severity as 7: TP-LINK(config)# logging local flash 7 logging clear Description The logging clear command is used to clear the information in the log buffer and log file.
Page 93: Logging Loghost
Command Mode Global Configuration Mode Example Clear the information in the log file: TP-LINK(config)# logging clear buffer logging loghost Description The logging loghost command is used to configure the Log Host. To clear the configuration of the specified Log Host, please use no logging loghost command.
Page 94: Show Logging Local-Config
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK(config)# logging loghost index 2 192.168.0.148 5 enable show logging local-config Description The show logging local-config command is used to display the configuration of the Local Log including the log buffer and the log file.
Page 95: Show Logging Buffer
Any Configuration Mode Example Display the log information from level 0 to level 5 in the log buffer: TP-LINK(config)# show logging buffer level 5 show logging flash Description The show logging flash level command is used to display the log information in the log file according to the severity level.
Page 96 TL-SL3428 JetStream L2 Managed Switch CLI Guide Display the log information with the level marked 0~3 in the log file: TP-LINK(config)# show logging flash level 3...
Page 97: Chapter 15 Ssh Commands
Command Mode Global Configuration Mode Example Enable the SSH function: TP-LINK(config)# ssh server enable ssh version Description The ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ssh version command.
Page 98: Ssh Idle-Timeout
TL-SL3428 JetStream L2 Managed Switch CLI Guide Enable SSH v2: TP-LINK(config)# ssh version v2 ssh idle-timeout Description The ssh idle-timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use no ssh idle-timeout command.
Page 99: Ssh Download
Example Download a SSH-1 type key file named ssh-key from TFTP server with the IP Address 192.168.0.148: TP-LINK(config)# ssh download v1 ssh-key ip-address 192.168.0.148 show ssh Description The show ssh command is used to display the global configuration of SSH.
Page 100 TL-SL3428 JetStream L2 Managed Switch CLI Guide Example Display the global configuration of SSH: TP-LINK(config)# show ssh...
Page 101: Chapter 16 Ssl Commands
Command Mode Global Configuration Mode Example Enable the SSL function: TP-LINK(config)# ssl enable ssl download certificate Description The ssl download certificate command is used to download a certificate to the switch from TFTP server. Syntax...
Page 102: Ssl Download Key
Example Download a SSL Certificate named ssl-cert from TFTP server with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description The ssl download key command is used to download a SSL key to the switch from TFTP server.
Page 103 TL-SL3428 JetStream L2 Managed Switch CLI Guide Command Mode Any Configuration Mode Example Display the global configuration of SSL: TP-LINK(config)# show ssl...
Page 104: Chapter 17 Address Commands
TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 17 Address Commands Address configuration can improve the network security by configuring the Port Security and maintaining the address information by managing the Address Table. bridge address port-security Description The bridge address port-security command is used to configure port security.
Page 105: Bridge Address Static
—— The Port number of your desired entry. It ranges from 1 to 28. Command Mode Global Configuration Mode Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and Port1 together: TP-LINK(config)# bridge address static mac 00:02:58:4f:6c:23 vid 1 port 1...
Page 106: Bridge Aging-Time
Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TP-LINK(config)# bridge aging-time 500 bridge address filtering Description The bridge address filtering command is used to add the filtering address entry. To delete the corresponding entry, please use no bridge address filtering command.
Page 107: Show Bridge Port-Security
Global Configuration Mode Example Add a filtering address entry whose VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 show bridge port-security Description The show bridge port-security command is used to configure the Port Security for each port, such as configure the Max number of MAC addressed that can be learned on the port and the Learn Mode.
Page 108: Show Bridge Aging-Time
JetStream L2 Managed Switch CLI Guide Any Configuration Mode Example Display the information of all Address entries: TP-LINK(config)# show bridge address all show bridge aging-time Description The show bridge aging-time command is used to display the Aging Time of the MAC address.
Page 109: Chapter 18 System Commands
—— Contact Information. It consists of 32 characters at most. By default, it is empty. Command Mode Global Configuration Mode Example Configure the System Contact as www.tp-link.com.cn: TP-LINK(config)# system-descript contact-info www.tp-link.com.cn system-time gmt Description The system-time gmt command is used to configure the time zone and the IP Address for the NTP Server.
Page 110: System-Time Manual
Example Configure the system time mode as gmt, the time zone is -12, the primary ntp server is 133.100.9.2 and the secondary ntp server is 139.78.100.163: TP-LINK(config)# system-time gmt -12 133.100.9.2 139.78.100.163 system-time manual Description The system-time manual command is used to configure the system time manually.
Page 111: Ip Address
Global Configuration Mode Example Configure the dst, dst is from April 1 00:00 to November 1 23:00. TP-LINK(config)# system-time dst 04/01 0 11/01 23 ip address Description The ip address command is used to configure the IP Address, Subnet Mask and Default Gateway.
Page 112: Ip Management-Vlan
Command Mode Global Configuration Mode Example Set the VLAN6 as IP management VLAN: TP-LINK(config)# ip management-vlan 6 ip dhcp-alloc Description The ip dhcp-alloc command is used to enable the DHCP Client function. When this function is enabled, the switch will obtain IP from DHCP Client server.
Page 113: Reset
Command Mode Global Configuration Mode Example Enable the BOOTP Protocol to obtain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch (except the IP Address) will restore to the factory defaults and your current settings will be lost.
Page 114: User-Config Backup
Privileged EXEC Mode Example Backup the configuration files by TFTP server with the IP 192.168.0.148 and name this file config.cfg: TP-LINK# user-config backup filename config.cfg ip-address 192.168.0.148 user-config load Description The user-config load command is used to download the configuration file to the switch by TFTP server.
Page 115: User-Config Save
TL-SL3428 JetStream L2 Managed Switch CLI Guide 192.168.0.148 and name this file config.cfg: TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 user-config save Description The user-config save command is used to save current settings. Syntax user-config save Command Mode Privileged EXEC Mode...
Page 116: Ping
192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 milliseconds. If there is not any response after 8 times’ Ping test, the connection between the switch and the network device is failed to establish: TP-LINK# ping 192.168.0.131 –n 8 –l 512 tracert Description The tracert command is used to test the connectivity of the gateways during its journey from the source to destination of the test data.
Page 117: Loopback
192.168.0.131. If the destination device has not been found after 20 maxHops, the connection between the switch and the destination device is failed to establish: TP-LINK# tracert 192.168.0.131 20 loopback Description The loopback command is used to test whether the port is available or not.
Page 118: Show Ip Address
Syntax show ip address Command Mode Any Configuration Mode Example Display the IP Address of the system TP-LINK# show ip address show system-time Description The show system-time command is used to display the time information of the switch. Syntax show system-time...
Page 119: Show System-Time Dst
Command Mode Any Configuration Mode Example Display the DST time information of the switch TP-LINK# show system-time dst show system-time source Description The show system-time source command is used to display the source of current time of the switch.
Page 120 TL-SL3428 JetStream L2 Managed Switch CLI Guide Any Configuration Mode Example Display the configured mode for the switch to get system time TP-LINK# show system-time mode...
Page 121: Chapter 19 Ethernet Configuration Commands
Command Mode Global Configuration Mode Example Enter the Interface Configuration Mode and configure Ethernet port2: TP-LINK(config)# interface ethernet 2 interface range ethernet Description The interface range ethernet command is used to enter the Interface Configuration Mode and configure multiple Ethernet ports at the same time.
Page 122: Description
Example Enter the Interface Configuration Mode, add ports 1-3, 6-9 to the port-list and configure them: TP-LINK(config)# interface range ethernet 1-3,6-9 description Description The description command is used to add a description to the Ethernet port. To clear the description of the corresponding port, please use no description command.
Page 123: Flow-Control
JetStream L2 Managed Switch CLI Guide Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Disable Ethernet port3: TP-LINK(config)# interface ethernet 3 TP-LINK(config-if)# shutdown flow-control Description The flow-control command is used to enable the flow-control function for a port.
Page 124: Storm-Control
Command Mode Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the Negotiation Mode as 100Mbps full-duplex for Ethernet port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# negotiation 100f storm-control Description The storm-control command is used to configure the Storm Control function.
Page 125: Port Rate-Limit
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Configure the ingress-rate as 5120Kbps and egress-rate as 1024Kbps for port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit ingress 5120 egress 1024 port rate-limit disable ingress Description The port rate-limit disable ingress command is used to disable the...
Page 126: Port Rate-Limit Disable Egress
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Disable the ingress-rate limit for port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit disable ingress port rate-limit disable egress Description The port rate-limit disable egress command is used to disable the egress-rate limit.
Page 127: Show Interface Status
Command Mode Any Configuration Mode Example Display the configurations of port5: TP-LINK# show interface configuration ethernet 5 show interface status Description The show interface status command is used to display the connective-status of an Ethernet port.
Page 128: Show Storm-Control Ethernet
JetStream L2 Managed Switch CLI Guide Any Configuration Mode Example Display the statistic information of Ethernet port3: TP-LINK(config)# show interface counters ethernet 3 show storm-control ethernet Description The show storm-control ethernet command is used to display the storm-control information of an Ethernet port.
Page 129 TL-SL3428 JetStream L2 Managed Switch CLI Guide Any Configuration Mode Example Display the rate-limit information of all Ethernet ports: TP-LINK(config)# show port rate-limit...
Page 130: Chapter 20 Qos Commands
CoS value of the ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. Example Configure the priority of port 5 as 3: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# qos 3 qos dot1p enable Description The qos dot1p enable command is used to enable the mapping relation between IEEE 802.1P Priority and Egress Queue.
Page 131: Qos Dot1P Config
Command Mode Global Configuration Mode Example Enable the mapping relation between IEEE 802.1P Priority and Egress Queue: TP-LINK(config)# qos dot1p enable qos dot1p config Description The qos dot1p config command is used to configure the mapping relation between IEEE 802.1P Priority and Egress Queue. To return to the default configuration, please use no qos dot1p config command.
Page 132: Qos Dscp Enable
TL-SL3428 JetStream L2 Managed Switch CLI Guide Example Map tag value 0 to TC3: TP-LINK(config)# qos dot1p config 0 3 qos dscp enable Description The qos dscp enable command is used to enable the mapping relation between DSCP Priority and Egress Queue. To disable the mapping relation, please use no qos dscp enable command.
Page 133: Qos Scheduler
Among the priority levels TC0-TC3, the bigger value, the higher priority. Example Map DSCP values 10,11,15 to TC0: TP-LINK(config)# qos dscp config 10,11,15 0 qos scheduler Description The qos scheduler command is used to configure the Schedule Mode. To return to the default configuration, please use no qos scheduler command.
Page 134: Show Qos Port-Based
—— The Ethernet port selected to display the configuration, ranging from 1 to 28. By default, information of all the ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of QoS for port 5: TP-LINK# show qos port-based 5...
Page 135: Show Qos Dot1P
Syntax show qos dot1p Command Mode Any Configuration Mode Example Display the configuration of IEEE 802.1P Priority: TP-LINK# show qos dot1p show qos dscp Description The show qos dscp command is used to display the configuration of DSCP Priority. Syntax...
Page 136 TL-SL3428 JetStream L2 Managed Switch CLI Guide Any Configuration Mode Example Display the schedule rule of the egress queues: TP-LINK# show qos scheduler...
Page 137: Chapter 21 Port Mirror Commands
Configure port 3 as mirrored port, port 4 as mirroring port, the mirror mode as both and group number as 1 : TP-LINK(config)# mirror add 3 4 both 1 User Guidelines The mirroring port is corresponding to current interface configuration mode.
Page 138: Mirror Remove Group
The group number of mirror group. Command Mode Global Configuration Mode Example Remove mirror group 1: TP-LINK(config)# mirror remove group 1 mirror remove mirrored Description The mirror remove mirrored command is used to remove the mirrored port from the mirror group.
Page 139: Show Mirror
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK(config)# mirror remove mirrored 1,2-4 1 show mirror Description The show mirror command is used to display the configuration of mirror group. Syntax show mirror [group-num] Parameter group-num —— The group number of mirror group.
Page 140: Chapter 22 Port Isolation Commands
Command Mode Interface Configuration Mode Example Configure port 1 and port 2 can only forward packets to port 6 and port 13: TP-LINK(config)# interface range ethernet 1-2 TP-LINK(config-if)# port isolation 6,13 show port isolation Description The show port isolation command is used to display the forward portlist of a port.
Page 141 TL-SL3428 JetStream L2 Managed Switch CLI Guide Any Configuration Mode Example Display the forward-list of port 6: TP-LINK# show port isolation 6...
Page 142: Chapter 23 Acl Commands
TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 23 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security.
Page 143: Acl Edit Time-Segment
Command Mode Global Configuration Mode Example Add a time-range named tSeg1, with time from 8:30 to 12:00 at working day: TP-LINK(config)# acl time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl edit time-segment Description The acl edit time-segment command is used to edit Time-Range.
Page 144: Acl Holiday
TL-SL3428 JetStream L2 Managed Switch CLI Guide Example Edit the time-range named tSeg1, with time from 8:30 to 12:00 at working day: TP-LINK(config)# acl edit time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl holiday Description The acl holiday command is used to create holiday in Holiday Mode in the acl time-segment command.
Page 145: Acl Rule Mac-Acl
Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20: TP-LINK(config)# acl create 20 acl rule mac-acl Description The acl rule mac-acl command is used to add MAC ACL rule. To delete the corresponding rule, please use no acl rule mac-acl command. MAC ACLs...
Page 146: Acl Edit Rule Mac-Acl
TP-LINK(config)# acl create 20 TP-LINK(config)# acl rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 acl edit rule mac-acl Description The acl edit rule mac-acl command is used to edit MAC ACL rule.
Page 147: Acl Rule Std-Acl
11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl edit rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 acl rule std-acl Description The acl rule std-acl command is used to add Standard-IP ACL rule.
Page 148: Acl Edit Rule Std-Acl
255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl create 120 TP-LINK(config)# acl rule std-acl 120 10 op permit dip 192.168.0.100 dmask 255.255.255.0 tseg tSeg1 acl edit rule std-acl Description The acl edit rule std-acl command is used to edit Standard-IP ACL rule.
Page 149: Acl Policy Policy-Add
192.168.0.100, the source IP address mask is 255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl edit rule std-acl 120 10 op permit dip 192.168.0.100 dmask 255.255.255.0 tseg tSeg1 acl policy policy-add Description The acl policy policy-add command is used to add Policy.
Page 150: Acl Policy Action-Add
Command Mode Global Configuration Mode Example Add a Policy named policy1: TP-LINK(config)# acl policy policy-add policy1 acl policy action-add Description The acl policy action-add command is used to add ACLs and create actions for the policy. To delete the corresponding actions, please use no acl policy action-add command.
Page 151: Acl Edit Action
Create a Policy named policy1. For the data packets those match ACL 120 in the policy, if the rate beyond 1000kbps, will be discarded by the switch: TP-LINK(config)# acl policy policy-add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl edit action Description The acl edit action command is used to edit actions for the policy.
Page 152: Acl Bind To-Port
Edit the actions for the policy1. For the data packets those match ACL 120 in the policy, if the rate beyond 1000kbps, will be discarded by the switch: TP-LINK(config)# acl edit action policy1 120 rate 1000 osd discard acl bind to-port Description The acl bind to-port command is used to bind a policy to a port.
Page 153: Show Acl Time-Segment
TL-SL3428 JetStream L2 Managed Switch CLI Guide Global Configuration Mode Example Bind policy1 to VLAN 2: TP-LINK(config)# acl bind to-vlan policy1 2 show acl time-segment Description The show acl time-segment command is used to display the configuration of Time-Range. Syntax...
Page 154: Show Acl Bind
Command Mode Any Configuration Mode Example Display the configuration of the MAC ACL whose ID is 20: TP-LINK> show acl config 20 show acl bind Description The show acl bind command is used to display the configuration of Policy bind.
Page 155: Chapter 24 Mstp Commands
TL-SL3428 JetStream L2 Managed Switch CLI Guide Chapter 24 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as well as optimize paths.
Page 156: Spanning-Tree Common-Config
4096, Hello Time as 4 seconds, Max Age as 10 seconds, Forward Delay as 10 seconds, TxHold Count as 8pps and Max Hops as 15 hops: TP-LINK(config)# spanning-tree global status enable mode mstp cist 4096 htime 4 mage 10 delay 10 hcount 8 mhop 15...
Page 157: Spanning-Tree Region
Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# spanning-tree common-config status enable pri 64 expath 100 inpath 100 edge enable spanning-tree region Description The spanning-tree region command is used to configure the region of MSTP.
Page 158: Spanning-Tree Msti
Command Mode Global Configuration Mode Example Configure the region name of MSTP as r1, and the revision level as 100: TP-LINK(config)# spanning-tree region r1 100 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance. To return to the default configuration of the corresponding Instance, please use no spanning-tree msti command.
Page 159: Spanning-Tree Msti
Example Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as 4096: TP-LINK(config)# spanning-tree msti 1 status enable pri 4096 mapped 2-5,8 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree msti command.
Page 160: Spanning-Tree Tc-Defend
Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets and TC Protect Cycle as 10 seconds: TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree security Description The spanning-tree security command is used to configure MSTP Port Protect.
Page 161: Spanning-Tree Mcheck
Example Enable Loop Protect, Root Protect, TC Protect, BPDU Protect, and BPDU Filter for port 2: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# spanning-tree security loop enable root enable TC enable defend enable hold enable spanning-tree mcheck Description The spanning-tree mcheck command is used to enable MCheck.
Page 162: Show Spanning-Tree Global-Info
Command Mode Any Configuration Mode Example Display the current status of Spanning Tree: TP-LINK# show spanning-tree global-info show spanning-tree global-config Description The show spanning-tree global-config command is used to display the global configuration of Spanning Tree. Syntax...
Page 163: Show Spanning-Tree Region
By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of port 5: TP-LINK(config)# show spanning-tree port-config 5 show spanning-tree region Description The show spanning-tree region command is used to display the Region configuration of MSTP.
Page 164: Show Spanning-Tree Msti Port
Command Mode Any Configuration Mode Example Display the configuration of port 5 in Instance 1: TP-LINK(config)# show spanning-tree msti port 1 5 show spanning-tree security tc-defend Description The show spanning-tree security tc-defend command is used to display TC Threshold and TC Protect Cycle of Spanning Tree.
Page 165: Show Spanning-Tree Security Port-Defend
—— The port selected to display the configuration, ranging from 1 to 28. By default, the Port Protect configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Protect configuration of port 2: TP-LINK(config)# show spanning-tree security port-defend 2...
Page 166: Chapter 25 Igmp Commands
Command Mode Global Configuration Mode Example Enable IGMP Snooping function, and specify the operation to process unknown multicast as discard: TP-LINK(config)# igmp-snooping global status enable unknown-packet discard igmp-snooping config Description The igmp-snooping config status command is used to configure IGMP...
Page 167: Igmp-Snooping Vlan-Config-Add
Interface Configuration Mode（interface ethernet / interface range ethernet） Example Enable IGMP Snooping and Fast Leave function for port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping config status enable fast-leave enable igmp-snooping vlan-config-add Description The igmp-snooping vlan-config-add command is used to configure IGMP Snooping parameters for individual VLANs.
Page 168: Igmp-Snooping Vlan-Config
Enable IGMP Snooping for VLAN 1, and configure Router Port Time as 200 seconds, Member Port Time as 100 seconds, Leave time as 10 seconds and Static Router Port as port 1: TP-LINK(config)# igmp-snooping vlan-config-add 1 rtime 200 mtime 100 ltime 10 rport 1 igmp-snooping vlan-config...
Page 169: Igmp-Snooping Multi-Vlan-Config
Example Modify Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 1: TP-LINK(config)# igmp-snooping vlan-config 1 rtime 300 mtime 200 ltime 15 igmp-snooping multi-vlan-config Description The igmp-snooping multi-vlan-config command is used to create Multicast VLAN.
Page 170: Igmp-Snooping Static-Entry-Add
Example Enable Multicast VLAN, and configure Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 2: TP-LINK(config)# igmp-snooping multi-vlan-config enable 2 rtime 300 mtime 200 ltime 15 igmp-snooping static-entry-add...
Page 171: Igmp-Snooping Filter-Add
Global Configuration Mode Example Add static multicast IP address 225.0.0.1, which correspond to VLAN 2, and configure the forward port as port 1: TP-LINK(config)# igmp-snooping static-entry-add 225.0.0.1 2 1 igmp-snooping filter-add Description The igmp-snooping filter-add command is used to configure the multicast IP-range desired to filter.
Page 172: Igmp-Snooping Filter
Command Mode Global Configuration Mode Example Modify the multicast IP-range whose ID is 20 as 225.0.0.10~225.0.0.12: TP-LINK(config)# igmp-snooping filter- config 20 225.0.0.10 225.0.0.12 igmp-snooping filter Description The igmp-snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp-snooping filter command. When...
Page 173: Show Igmp-Snooping Global-Config
IP-range 2, 3, 4, and specify the maximum number of multicast groups for port 5 to join in as 128: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping filter status enable mode accept addr-id 2-4 maxgroup 128 show igmp-snooping global-config Description The show igmp-snooping global-config command is used to display the global configuration of IGMP.
Page 174: Show Igmp-Snooping Vlan-Config
By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the IGMP configuration of port 2: TP-LINK> show igmp-snooping port-config 2 show igmp-snooping vlan-config Description The show igmp-snooping vlan-config command is used to display the VLAN configuration of IGMP.
Page 175: Show Igmp-Snooping Multi-Ip-List
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK> show igmp-snooping multi-vlan show igmp-snooping multi-ip-list Description The show igmp-snooping multi-ip-list command is used to display the Multicast IP table. Syntax show igmp-snooping multi-ip-list Command Mode Any Configuration Mode Example Display the Multicast IP table: TP-LINK>...
Page 176: Show Igmp-Snooping Packet-Stat
1 to 28. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Multicast Filter configuration of port 5: TP-LINK> show igmp-snooping port-filter 5 show igmp-snooping packet-stat Description The show igmp-snooping packet-stat command is used to display the Packet Statistics information of all ports.
Page 177 TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK> show igmp-snooping packet-stat-clear...
Page 178: Chapter 26 Snmp Commands
64 hexadecimal characters, which must be even number meanwhile. Command Mode Global Configuration Mode Example Enable the SNMP function, and specify the Local Engine ID as 1234567890, the Remote Engine ID as 123456abcdef: TP-LINK(config)# snmp global status enable engine-id 1234567890 remote-id 123456abcdef...
Page 179: Snmp View-Add
Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: TP-LINK(config)# snmp view-add view1 1.3.6.1.6.3.20 include snmp group-add Description The snmp group-add command is used to manage and configure the SNMP group.
Page 180 Add group 1, configure its Security Model as SNMP v2c, view1 can be read and edited by group member, and the trap messages sent by view2 can be received by Management station: TP-LINK(config)# snmp group-add group1 smode v2c ro view1 wo view1 notify view2...
Page 181: Snmp User-Add
TL-SL3428 JetStream L2 Managed Switch CLI Guide snmp user-add Description The snmp user-add command is used to add User. To delete the corresponding User, please use no snmp user-add command. The User in a SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access right.
Page 182: Snmp Community-Add
MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TP-LINK(config)# snmp user-add admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222 snmp community-add Description The snmp community-add command is used to add Community.
Page 183: Snmp Notify-Add
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK(config)# snmp community-add community1 read-write view1 snmp notify-add Description The snmp notify-add command is used to add Notification. To delete the corresponding Notification, please use no snmp notify-add command. With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views, which allows the management station to monitor and process the events in time.
Page 184: Snmp-Rmon History Sample-Cfg
Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the resending time as 100: TP-LINK(config)# snmp notify-add 192.168.0.1 162 admin smode v2c type inform resend 100 timeout 1000 snmp-rmon history sample-cfg...
Page 185: Snmp-Rmon History Owner
Example Configure the sample port as 1, and the sample interval as 100 seconds for the entries 1-3: TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100 snmp-rmon history owner Description The snmp-rmon history owner command is used to configure the owner of the history sample entry.
Page 186: Snmp-Rmon Event User
—— The name of the User to which the event belongs, ranging from 1 to 16 characters. By default, it is public. Command Mode Global Configuration Mode Example Configure the user name of entry 1 as user1: TP-LINK(config)# snmp-rmon event user 1 user1...
Page 187: Snmp-Rmon Event Description
Command Mode Global Configuration Mode Example Configure the description of entry 1 as description1: TP-LINK(config)# snmp-rmon event description 1 description1 snmp-rmon event type Description The snmp-rmon event type command is used to configure the type of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event type command.
Page 188: Snmp-Rmon Event Owner
Command Mode Global Configuration Mode Example Configure the event type of entries 1,2,3,4 and 8 as log: TP-LINK(config)# snmp-rmon event type 1-4,8 log snmp-rmon event owner Description The snmp-rmon event owner command is used to configure the owner of SNMP-RMON Event. To return to the default configuration, please use no snmp-rmon event owner command.
Page 189: Snmp-Rmon Alarm Config
Command Mode Global Configuration Mode Example Enable the SNMP-RMON Event entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. To return to the default configuration, please use no snmp-rmon alarm config command.
Page 190: Snmp-Rmon Alarm Owner
Global Configuration Mode Example Configure the alarm interval time of the entries 1,2,3 and 6 as 1000 seconds: TP-LINK(config)# snmp-rmon alarm config 1-3,6 interval 1000 snmp-rmon alarm owner Description The snmp-rmon alarm owner command is used to configure the owner of the Alarm Management entry.
Page 191: Snmp-Rmon Alarm Enable
Command Mode Global Configuration Mode Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon alarm owner 1 owner1 snmp-rmon alarm enable Description The snmp-rmon alarm enable command is used to enable SNMP-RMON Alarm Management entry. To disable the corresponding entry, please use no snmp-rmon alarm enable command.
Page 192: Show Snmp View
Syntax show snmp global-config Command Mode Any Configuration Mode Example Display SNMP configuration globally: TP-LINK> show snmp global-config show snmp view Description The show snmp view command is used to display the View table. Syntax show snmp view Command Mode...
Page 193: Show Snmp User
Syntax show snmp user Command Mode Any Configuration Mode Example Display the User table: TP-LINK> show snmp user show snmp community Description The show snmp community command is used to display the Community table. Syntax show snmp community Command Mode...
Page 194: Show Snmp-Rmon History
TL-SL3428 JetStream L2 Managed Switch CLI Guide Display the Notification table: TP-LINK> show snmp destination-host show snmp-rmon history Description The show snmp-rmon history command is used to display the configuration of the history sample entry. Syntax show snmp-rmon history [index] Parameter index ——...
Page 195: Show Snmp-Rmon Alarm
TL-SL3428 JetStream L2 Managed Switch CLI Guide Display the Event configuration of entry 2: TP-LINK> show snmp-rmon event 2 show snmp-rmon alarm Description The show snmp-rmon alarm command is used to display the configuration of the Alarm Management entry. Syntax...
Page 196: Chapter 27 Cluster Commands
Time ranges from 5 to 254 in seconds. By default, it is 60. Command Mode Global Configuration Mode Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TP-LINK(config)# cluster ndp status enable aging-timer 120 hello-timer 50...
Page 197: Cluster Ntdp
TL-SL3428 JetStream L2 Managed Switch CLI Guide cluster ntdp Description The cluster ntdp command is used to configure NTDP globally. To return to the default configuration, please use no cluster ntdp command. NTDP (Neighbor Topology Discovery Protocol) is used to collect the NDP information and neighboring connection information of each device in a specific network range.
Page 198: Cluster Explore
TL-SL3428 JetStream L2 Managed Switch CLI Guide TP-LINK(config)# cluster ntdp status enable interval 20 hop 5 hop-delay 300 port-delay 50 cluster explore Description The cluster explore command is used to enable the topology information collecting function manually. Syntax cluster explore...
Page 199: Cluster Manage Role-Change
Command Mode Global Configuration Mode Example Change the role of the current switch to Candidate Switch: TP-LINK(config)# cluster manage role-change candidate show cluster ndp global Description The show cluster ndp global command is used to display the global configuration of NDP.
Page 200: Show Cluster Ndp Port-Status
28. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NDP configuration of port 2: TP-LINK> show cluster ndp port-status 2 show cluster neighbour Description The show cluster neighbour command is used to display the cluster neighbor information.
Page 201: Show Cluster Ntdp Port-Status
1 to 28. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NTDP configuration of port 2: TP-LINK> show cluster ntdp port-status 2 show cluster ntdp device Description The show cluster ntdp device command is used to display the device table of NTDP.
Page 202: Show Cluster Manage Role
TL-SL3428 JetStream L2 Managed Switch CLI Guide Display the device table of NTDP: TP-LINK> show cluster ntdp device show cluster manage role Description The show cluster manage role command is used to display the role of the current switch. Syntax...

TP-Link JetStream TL-SL3428 Cli Reference Manual

Preface

Chapter 1 Using the CLI

Chapter 2 User Interface

Chapter 3 IEEE 802.1Q VLAN Commands

Chapter 4 Protocol VLAN Commands

Chapter 5 Voice VLAN Commands

Chapter 6 GVRP Commands

Chapter 7 LAG Commands

Chapter 8 LACP Commands

Chapter 9 User Manage Commands

Chapter 10 Binding Table Commands

Chapter 11 ARP Inspection Commands

Chapter 12 Dos Defend Command

Chapter 13 IEEE 802.1X Commands

Chapter 14 Log Commands

Chapter 15 SSH Commands

Chapter 16 SSL Commands

Chapter 17 Address Commands

Chapter 18 System Commands

Chapter 19 Ethernet Configuration Commands

Chapter 20 Qos Commands

Chapter 21 Port Mirror Commands

Chapter 22 Port Isolation Commands

Chapter 23 ACL Commands

Chapter 24 MSTP Commands

Chapter 25 IGMP Commands

Chapter 26 SNMP Commands

Quick Links

Related Manuals for TP-Link JetStream TL-SL3428

Summary of Contents for TP-Link JetStream TL-SL3428