Page 2
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
CONTENTS Preface ………………………………………………………………………………….1 Chapter 1 Using the CLI..................4 1.1 Accessing the CLI......................4 1.1.1 Logon by a console port..................4 1.1.2 Logon by Telnet....................6 1.2 CLI Command Modes ....................11 1.3 Security Levels ......................13 1.4 Conventions ........................13 1.4.1 Format Conventions..................13 1.4.2 Special Characters...................13 1.4.3 Parameter Format ....................14...
Page 4
protocol-vlan..........................25 show protocol-vlan template....................26 show protocol-vlan vlan ......................26 show protocol-vlan interface....................26 Chapter 5 VLAN-VPN Commands ............... 28 dot1q-tunnel ..........................28 dot1q-tunnel tpid........................28 switchport dot1q-tunnel enable....................29 switchport dot1q-tunnel mode uplink ..................29 show dot1q-tunnel .........................30 show dot1q-tunnel interface ....................30 show dot1q-tunnel uplink.......................31 Chapter 6 Voice VLAN Commands ..............
Page 5
show gvrp interface .......................45 Chapter 9 Etherchannel Commands ..............46 channel-group ........................46 port-channel load-balance .....................47 lacp system-priority .......................47 lacp port-priority........................48 show etherchannel ........................48 show etherchannel load-balance...................49 show lacp ..........................49 show lacp sys-id ........................50 Chapter 10 User Manage Commands..............51 user name ..........................51 user access-control ip-based....................52 user access-control mac-based.....................52 user access-control port-based .....................53...
Page 6
show ip dhcp snooping ......................67 show ip dhcp snooping information ..................67 show ip dhcp snooping interface gigabitEthernet ..............68 Chapter 12 ARP Inspection Commands..............69 ip arp inspection(global) ......................69 ip arp inspection trust ......................69 ip arp inspection(interface) ....................70 ip arp inspection limit-rate......................71 ip arp inspection recover .......................71 show ip arp inspection ......................72 show ip arp inspection interface ....................72...
Page 7
show radius accounting ......................86 show radius authentication ....................87 Chapter 16 System Log Commands ..............88 logging buffer.........................88 logging file flash........................89 clear logging ..........................89 logging host index .........................90 show logging local-config ......................91 show logging loghost ......................91 show logging buffer .......................91 show logging flash.........................92 Chapter 17 SSH Commands..................
Page 8
Chapter 20 System Configuration Commands ............107 system-time manual ......................107 system-time ntp ........................107 system-time dst predefined ....................109 system-time dst date ......................109 system-time dst recurring ....................110 hostname..........................111 location ..........................112 contact-info.......................... 112 ip management-vlan ......................113 ip address..........................113 ip address-alloc dhcp ......................114 ip address-alloc bootp ......................
Page 9
storm-control multicast ......................128 storm-control unicast ......................128 storm-control rate ........................129 bandwidth ..........................129 clear counters........................130 show interface status......................130 show interface counters.......................131 show interface description ....................131 show interface flowcontrol ....................132 show interface configuration....................132 show storm-control ......................133 show bandwidth........................133 Chapter 22 QoS Commands .................135 qos ............................135 qos cos ..........................135 qos dscp ..........................136...
Interface). device mentioned this Guide stands TL-SG5428/TL-SG5412F JetStream L2 Managed Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels and some Conventions. Chapter 2: User Interface Provide information about the commands used to switch between five CLI Command Modes.
Page 15
Chapter 12: ARP Inspection Commands Provide information about the commands used for protecting the switch from the ARP cheating or ARP Attack. Chapter 13: IP Verify Source Commands Provide information about the commands used for guarding the IP Source by filtering the IP packets based on the IP-MAC Binding entries.
Page 16
Chapter 26: ACL Commands Provide information about the commands used for configuring the ACL (Access Control List). Chapter 27: MSTP Commands Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree Protocol). Chapter 28: IGMP Commands Provide information about the commands used for configuring the IGMP Snooping (Internet Group Management Protocol Snooping).
Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: Log on to the switch by the console port on the switch. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port To log on to the switch by the console port on the switch, please take the following steps: Connect the PCs or Terminals to the console port on the switch by a provided cable.
Page 18
Figure 1-2 Connection Description Select the port to connect in Figure 1-3, and click OK. Figure 1-3 Select the port to connect Configure the port selected in the step above as the following Figure 1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.
Figure 1-4 Port Settings The DOS prompt ”TL-SG5428>” will appear after pressing the Enter button as Figure 1-5 shown. It indicates that you can use the CLI now. Figure 1-5 Log in the Switch 1.1.2 Logon by Telnet To successfully create Telnet connection, firstly CLI commands about configuring Telnet login mode, login authentication information and Privileged EXEC Mode password should be configured through Console connection.
Page 20
Login local Mode: It requires username and password, which are both admin by default. Login Mode: It requires no username and password, but a connection password is required. Note: 1. Before Telnet login, you are required to configure Telnet login mode and login authentication information through Console connection.
Page 21
Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-8, and press the Enter button. Figure 1-8 Connecting to the Switch Type the default user name and password admin/admin, then press the Enter button so as to enter User EXEC Mode.
Page 22
Figure 1-10 Enter into the Privileged EXEC Mode Login Mode Firstly configure the Telnet login mode as “login”, and both the connection password and the Privileged EXEC Mode password as 123 in the prompted DOS screen shown in Figure 1-11. Figure 1-11 Configure login mode Now, you can logon by Telnet in login mode: Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-12, and...
Page 23
Figure 1-12 Connecting to the Switch You are prompted to enter the connection password 123 you have set through Console port connection, and then you are in User EXEC Mode. Figure 1-13 Enter into the User EXEC Mode When entering enable command to access Privileged EXEC Mode, you are required to give the password 123 you have set through Console port connection.
(except that switch Primary mode once it User EXEC connected through the Console port). is connected with the TL-SG5428> Mode switch. Use the enable command to access Privileged EXEC mode. Enter the disable or exit command to enable Privileged return to User EXEC mode.
Page 25
Logout or Access the next mode interface Use the end command or press Ctrl+Z gigabitEthernet port to return to Privileged EXEC mode. interface range TL-SG5428(config-if) Interface gigabitEthernet Enter the exit or the # command to # or Configuration port-list command to TL-SG5428(config-if- return to Global Configuration mode.
1.3 Security Levels This switch’s security is divided into two levels: User level and Admin level. User level only allows users to do some simple operations in User EXEC Mode; Admin level allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.
1.4.3 Parameter Format Some parameters must be entered in special formats which are shown as follows: MAC Address must be entered in the format of xx:xx:xx:xx:xx:xx One or several values can be typed for a port-list or a vlan-list using comma to separate. Use ...
—— super password , which contains 16 characters at most, composing digits, English letters and underlines only. By default, it is empty. Command Mode Global Configuration Mode Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TL-SG5428(config)# enable password admin...
EXEC Mode. Syntax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TL-SG5428# disable TL-SG5428> configure Description The configure command is used to access Global Configuration Mode from Privileged EXEC Mode. Syntax configure...
Privileged EXEC Mode and Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: TL-SG5428 (config-if)# exit TL-SG5428(config)# exit TL-SG5428# Description The end command is used to return to Privileged EXEC Mode.
Example Create VLAN 2-10 and VLAN 100: TL-SG5428(config)# vlan 2-10,100 Delete VLAN 2: TL-SG5428(config)# no vlan 2 interface vlan Description The interface vlan command is used to create VLAN Interface and enter Interface VLAN Mode. To delete VLAN Interface, please use no interface vlan command.
—— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Create VLAN Interface 2: TL-SG5428(config)# interface vlan 2 name Description The name command is used to assign a description to a VLAN. To clear the description, please use no name command.
Specify the Link Type of port 3 as access and add it to VLAN 2: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# switchport mode access TL-SG5428(config-if)# switchport access vlan 2 switchport trunk allowed vlan Description The switchport trunk allowed vlan command is used to add the desired Trunk port to IEEE 802.1Q VLAN.
Specify the Link Type of port 2 as trunk and add it to VLAN 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# switchport mode trunk TL-SG5428(config-if)# switchport trunk allowed vlan 2 switchport general allowed vlan Description The switchport general allowed vlan command is used to add the desired General port to IEEE 802.1Q VLAN and specify the egress rule.
TL-SG5428(config-if)# switchport general allowed vlan 2 tagged switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.
Privileged EXEC Mode and Any Configuration Mode Example Display the detailed information of all VLANs: TL-SG5428(config)# show vlan Display the detailed information of VLAN 2: TL-SG5428(config)# show vlan id 2 Display the detailed information of VLAN 3-10: TL-SG5428(config)# show vlan id 3-10...
Global Configuration Mode Example Create a Protocol-based VLAN template named “TP” whose Ethernet protocol type is 0x2024: TL-SG5428(config)# protocol-vlan template name TP ether-type 2024 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol-based VLAN. To delete a Protocol-based VLAN, please use no protocol-vlan command.
Command Mode Global Configuration Mode Example Create Protocol-based VLAN 2 and bind it with Protocol-based VLAN Template TL-SG5428(config)# protocol-vlan vlan 2 template 3 protocol-vlan Description The protocol-vlan command is used to enable the Protocol-based VLAN feature for a specified port. To disable the Protocol-based VLAN feature of this port, please use no protocol-vlan command.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the Protocol-based VLAN templates: TL-SG5428(config)# show protocol-vlan template show protocol-vlan vlan Description The show protocol-vlan vlan command is used to display the information about Protocol-based VLAN entry.
Page 40
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the port state and of Protocol-based VLAN interface: TL-SG5428(config)#show protocol-vlan interface...
Command Mode Global Configuration Mode Example Enable the VLAN-VPN function globally: TL-SG5428(config)#dot1q-tunnel dot1q-tunnel tpid Description The dot1q-tunnel tpid command is used to configure Global TPID of the VLAN-VPN. To restore to the default value, please use the no dot1q-tunnel tpid command.
Command Mode Global Configuration Mode Example Configure Global TPID of the VLAN-VPN as 0x9100: TL-SG5428(config)#dot1q-tunnel tpid 9100 switchport dot1q-tunnel enable Description The switchport dot1q-tunnel enable command is used to enable the dot1q tunnel feature on specified interface(s). To disable this function on specified interface(s), please use the no switchport dot1q-tunnel enable command.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Gigabit Ethernet port 3 as the VPN Up-link ports: TL-SG5428(config)#interface gigabitEthernet 1/0/3 TL-SG5428(config-if)#switchport dot1q-tunnel mode uplink show dot1q-tunnel Description The show dot1q-tunnel command is used to display the global configuration information of the VLAN VPN.
The show dot1q-tunnel uplink command is used to display the configuration information of the VLAN VPN Up-link ports. Syntax show dot1q-tunnel uplink Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration information of the VLAN VPN Up-link ports: TL-SG5428(config)# show dot1q-tunnel uplink...
Command Mode Global Configuration Mode Example Enable the Voice VLAN function for VLAN 10: TL-SG5428(config)# voice vlan 10 voice vlan aging time Description The voice vlan aging time command is used to set the aging time for a voice VLAN. To restore to the default aging time for the Voice VLAN, please use no voice vlan aging time command.
Command Mode Global Configuration Mode Example Set the aging time for the Voice VLAN as 1 minute: TL-SG5428(config)# voice vlan aging time 1 voice vlan mac-address Description The voice vlan mac-address command is used to create Voice VLAN OUI. To delete the specified Voice VLAN OUI, please use no voice vlan mac-address command.
Example Configure the port 3 to operate in the auto voice VLAN mode: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# switchport voice vlan mode auto switchport voice vlan security Description The switchport voice vlan security command is used to enable the Voice VLAN security feature.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration information of Voice VLAN OUI: TL-SG5428(config)# show voice vlan oui show voice vlan switchport Description The show voice vlan switchport command is used to display the Voice VLAN configuration information of all ports or a specified port.
Page 49
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Voice VLAN configuration information of all ports: TL-SG5428(config)# show voice vlan switchport Display the Voice VLAN configuration information of port 2: TL-SG5428(config)# show voice vlan switchport gigabitEthernet 1/0/2...
Command Mode VLAN Configuration Mode (VLAN) Example Configure the VLAN 3 as the primary VLAN of the private VLAN: TL-SG5428(config)#vlan 3 TL-SG5428(config-vlan)#private-vlan primary private-vlan secondary Description The private-vlan secondary command is used to configure the designated VLAN as the secondary VLAN of the Private VLAN. To invalid the current secondary VLAN, please use no private-vlan secondary command.
VLAN Configuration Mode (VLAN) Example Associate primary VLAN 3 with secondary VLAN 4 as a private VLAN: TL-SG5428(config)#vlan 3 TL-SG5428(config-vlan)#private-vlan association 4 switchport private-vlan Description The switchport private-vlan command is used to configure the private VLAN mode for the switchport. To invalid the configuration, please use no switchport...
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure Gigabit Ethernet port 3 as “host”: TL-SG5428(config)#interface gigabitEthernet 1/0/3 TL-SG5428(config-if)#switchport private-vlan host switchport private-vlan host-association Description The switchport private-vlan host-association command is used to add host type port to private VLAN. To remove the port from Private VLAN, please use no switchport private-vlan host-association command.
VLAN 4: TL-SG5428(config)#interface gigabitEthernet 1/0/3 TL-SG5428(config-if)#switchport private-vlan host-association 3 4 switchport private-vlan mapping Description The switchport private-vlan mapping command is used to add promiscuous type port to private VLAN. To remove the port from Private VLAN, please use no switchport private-vlan mapping command.
Page 54
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration information of all Private VLAN: TL-SG5428(config)#show vlan private-vlan...
Command Mode Global Configuration Mode Example Enable the GVRP function globally: TL-SG5428(config)# gvrp gvrp(interface) Description The gvrp command is used to enable the GVRP function for the desired port. To disable the GVRP function of this port, please use no gvrp command. The GVRP feature can only be enabled for the trunk-type ports.
Example Enable the GVRP function for ports 2-6: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-6 TL-SG5428(config-if-range)# gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type on the desired port. To restore to the default value, please use no gvrp registration command.
Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the join timer of it to the default value: TL-SG5428(config)# interface gigabitEthernet 1/0/6 TL-SG5428(config-if)# gvrp timer leaveall 2000 TL-SG5428(config-if)# no gvrp timer join show gvrp global Description The show gvrp global command is used to display the global GVRP status.
—— The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the GVRP configuration information of all Ethernet ports: TL-SG5428(config)# show gvrp interface Display the GVRP configuration information of port 2: TL-SG5428(config)# show gvrp interface gigabitEthernet 1/0/2...
—— Enable the passive LACP mode. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-4 TL-SG5428(config-if-range)# channel-group 1 mode on...
Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as “src-dst-mac”: TL-SG5428(config)# port-channel load-balance src-dst-mac lacp system-priority Description The lacp system-priority command is used to configure the LACP system priority globally. To return to the default configurations, please use no lacp system-priority command.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the LACP port priority as 1024 for ports 1-3: TL-SG5428(config)# interface range gigabitEthernet 1/0/1-3 TL-SG5428(config-if-range)# lacp port-priority 1024 Configure the LACP port priority as 2048 for port 4: TL-SG5428(config)# interface gigabitEthernet 1/0/4...
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the detailed information of EtherChannel Group 1: TL-SG5428(config)# show etherchannel 1 detail show etherchannel load-balance Description The show etherchannel load-balance command is used to display the Aggregate Arithmetic of LAG.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the internal LACP information of EtherChannel Group 1: TL-SG5428(config)# show lacp 1 internal show lacp sys-id Description The show lacp sys-id command is used to display the LACP system priority globally.
| enable ——Enable/disable the user. The new added user is enabled by default. Command Mode Global Configuration Mode Example Add and enable a new admin user named tplink, of which the password is password: TL-SG5428(config)# user name tplink password password type admin status enable...
—— The source IP address. Only the users within the IP-range you set here are allowed for login. ip-mask ——The subnet mask of the IP address. Command Mode Global Configuration Mode Example Enable the access-control of the user whose IP address is 192.168.0.148: TL-SG5428(config)# user access-control ip-based 192.168.0.148 255.255.255.255 user access-control mac-based...
——The list group of Ethernet ports, in the format of 1/0/1-4. You can appoint 5 ports at most. Command Mode Global Configuration Mode Example Configure that only the users connected to ports 2-6 are allowed to login: TL-SG5428(config)# user access-control port-based interface range gigabitEthernet 1/0/2-6...
Global Configuration Mode Example Configure the maximum number of users’ login as Admin and Guest as 5 and 3: TL-SG5428(config)# user max-num 5 3 user idle-timeout Description The user idle-timeout command is used to configure the timeout time of the switch.
Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minutes: TL-SG5428(config)# user idle-timeout 15 line Description The line command is used to enter the Line Configuration Mode and make related configurations for the desired user(s), including the login mode and password configurations.
TL-SG5428(config)# line vty 0 5 password Description The password command is used to configure the connection password. To clear the password, please use no password command. Syntax password password no password Parameter password —— Configure the connection password, which contains 16 characters at most, composing digits, English letters and underlines only.
Configure the login of Console port connection 0 as login mode: TL-SG5428(config)# line console 0 TL-SG5428(config-line)# login Configure the login of virtual terminal connection 0-5 as login mode: TL-SG5428(config)# line vty 0 5 TL-SG5428(config-line)# login login local Description The login local command is used to configure the login of a switch with the user name and password admin/admin.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the current users: TL-SG5428(config)# show user account-list show user configuration Description The user configuration command is used to display the security configuration information of the users, including access-control, max-number and the idle-timeout, etc.
Chapter 11 Binding Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be the condition for the ARP Inspection to filter the packets. ip source binding Description The ip source binding command is used to bind the IP address, MAC address, VLAN ID and the Port number together manually.
Bind an entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and Port number 5 manually. And then enable the entry for the ARP detection: TL-SG5428(config)# ip source binding host1 192.168.0.1 00:00:00:00:00:01 vlan 2 interface gigabitEthernet 1/0/5 arp-detection Delete the IP-MAC –VID-PORT entry with the index 5:...
Command Mode Global Configuration Mode Example Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, and decline Flow Control as 20 pps for DHCP Snooping: TL-SG5428(config)# ip dhcp snooping global global-rate 30 dec-threshold 20 dec-rate 20...
Command Mode Global Configuration Mode Example Enable the Option 82 function of DHCP Snooping: TL-SG5428(config)# ip dhcp snooping information option ip dhcp snooping information strategy Description The ip dhcp snooping information strategy command is used to select the operation for the Option 82 field of the DHCP request packets from the Host. To restore to the default option, please use no ip dhcp snooping information strategy command.
Example Replace the Option 82 field of the packets with the switch defined one and then send out: TL-SG5428(config)# ip dhcp snooping information strategy replace ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is used to enable and configure the customized sub-option Remote ID for the Option 82.
Example Enable and configure the customized sub-option Circuit ID for the Option 82 as tplink: TL-SG5428(config)# ip dhcp snooping information circuit-id tplink ip dhcp snooping trust Description The ip dhcp snooping trust command is used to configure a port to be a Trusted Port.
Example Enable the MAC Verify feature for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# ip dhcp snooping mac-verify ip dhcp snooping limit rate Description The ip dhcp snooping limit rate command is used to enable the Flow Control feature for the DHCP packets. The excessive DHCP packets will be discarded.
Example Set the Flow Control of port 2 as 20 pps: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# ip dhcp snooping limit rate 20 ip dhcp snooping decline Description The ip dhcp snooping decline command is used to enable the Decline Protect feature.
The show ip dhcp snooping information command is used to display the Option 82 configuration status of DHCP-Snooping. Syntax show ip dhcp snooping information Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Option 82 configuration status of DHCP-Snooping: TL-SG5428# show ip dhcp snooping information...
[ port ] Parameters port ——The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the DHCP-Snooping configuration of port 2: TL-SG5428# show ip dhcp snooping interface gigabitEthernet 1/0/2...
Command Mode Global Configuration Mode Example Enable the ARP Detection function globally: TL-SG5428(config)# ip arp inspection ip arp inspection trust Description The ip arp inspection trust command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port. To clear the Trusted Port list, please use no ip arp detection trust command.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the ports 2-5 as the Trusted Port: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-5 TL-SG5428(config-if-range)# ip arp inspection trust ip arp inspection(interface) Description The ip arp inspection command is used to enable the ARP Defend function. To disable the ARP detection function, please use no ip arp inspection command.
Configure the maximum amount of the received ARP packets per second as 50 pps for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# ip arp inspection limit-rate 50 ip arp inspection recover Description The ip arp inspection recover command is used to restore to the port to the ARP transmit status from the ARP filter status.
Example Restore port 5 to the ARP transmit status: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# ip arp inspection recover show ip arp inspection Description The show ip arp inspection command is used to display the ARP detection global configuration including the enable/disable status and the Trusted Port list.
TL-SG5428(config)# show ip arp inspection interface Display the configuration of port 2: TL-SG5428(config)# show ip arp inspection interface gigabitEthernet 1/0/2 show ip arp inspection statistics Description The show ip arp inspection statistics command is used to display the number of the illegal ARP packets received.
Enable the IP Verify Source function for gigabitEthernet ports 5-10. Configure that only the packets with its source IP address, source MAC address and port number matched to the IP-MAC binding rules can be processed: TL-SG5428(config)#interface range gigabitEthernet 1/0/5-10 TL-SG5428(config-if-range)#ip verify source sip+mac show ip verify source...
Page 88
Syntax show ip verify source Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the IP Verify Source configuration information: TL-SG5428(config)#show ip verify source...
Command Mode Global Configuration Mode Example Enable the DoS defend function globally: TL-SG5428(config)# ip dos-prevent ip dos-prevent type Description The ip dos-prevent type command is used to select the DoS Defend Type. To disable the corresponding Defend Type, please use no ip dos-prevent type command.
Command Mode Global Configuration Mode Example Enable the DoS Defend Type named Xma Scan attack: TL-SG5428(config)# ip dos-prevent type xma-scan show ip dos-prevent Description The show ip dos-prevent command is used to display the DoS information of the detected DoS attack, including enable/disable status, the DoS Defend Type.
Command Mode Global Configuration Mode Example Enable the IEEE 802.1X function: TL-SG5428(config)# dot1x system-auth-control dot1x auth-method Description The dot1x auth-method command is used to configure the Authentication Method of IEEE 802.1X and the default 802.1x authentication method is “eap-md5”.
Command Mode Global Configuration Mode Example Configure the Authentication Method of IEEE 802.1X as pap: TL-SG5428(config)# dot1x auth-method pap dot1x guest-vlan(global) Description The dot1x guest-vlan command is used to enable the Guest VLAN function globally. To disable the Guest VLAN function, please use no dot1x guest-vlan command.
Command Mode Global Configuration Mode Example Enable the quiet-period function: TL-SG5428(config)# dot1x quiet-period dot1x timeout Description The dot1x timeout command is used to configure the quiet period and the supplicant timeout. To restore to the default, please use no dot1x timeout command.
Example Configure the quiet period as 100 seconds: TL-SG5428(config)# dot1x timeout quiet-period 100 dot1x max-reauth-req Description The dot1x max-reauth-req command is used to configure the maximum transfer times of the repeated authentication request when the server cannot be connected. To restore to the default value, please use no dot1x max-reauth-req command.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the IEEE 802.1X function for port 1: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# dot1x dot1x guest-vlan(interface) Description The dot1x guest-vlan command is used to enable the guest VLAN function for a specified port.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Control Mode for port 1 as authorized-force: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# dot1x port-control authorized-force dot1x port-method Description The dot1x port-method command is used to configure the control type of IEEE 802.1X for the specified port.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Control Type for port 1 as port-based: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# dot1x port-method port-based radius Description The radius command is used to configure the parameters of radius.
Global Configuration Mode Example Configure the IP address of the accounting server as 10.20.1.100 and password as tplink: TL-SG5428(config)# radius auth-pri 10.20.1.100 auth-key tplink radius server-account Description The radius server-account command is used to enable the accounting feature. To disable the accounting feature, please use no radius server-account command.
Display the configuration information of 801.X for all ports: TL-SG5428(config)# show dot1x interface Display the configuration information of 801.X for port 1: TL-SG5428(config)# show dot1x interface gigabitEthernet 1/0/1 show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server.
Command Mode Privileged EXEC Mode and Any Configuration Modes Example Display the configuration of the accounting server: TL-SG5428(config)# show radius accounting show radius authentication Description The show radius authentication command is used to display the configuration of the RADIUS authentication server.
Only the log with the same or smaller severity level value will be output. By default, it is 7 indicating that all the log information will be saved in the log buffer. Command Mode Global Configuration Mode Example Set the severity level as 6: TL-SG5428(config)# logging buffer 6...
Command Mode Global Configuration Mode Example Enable the log file function and set the severity as 7: TL-SG5428(config)# logging file flash 7 clear logging Description The clear logging command is used to clear the information in the log buffer and log file.
By default, it is 6 indicating that the log information marked with 0~6 will be sent to the log host. Command Mode Global Configuration Mode Example Enable log host 2 and set its IP address as 192.168.0.148, the level 5: TL-SG5428(config)# logging host index 2 192.168.0.148 5...
1 to 4. Display the configuration of all the log hosts by default. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of the log host 2: TL-SG5428(config)# show logging loghost 2 show logging buffer Description...
Privileged EXEC Mode and Any Configuration Mode Example Display the log information from level 0 to level 5 in the log buffer: TL-SG5428(config)# show logging buffer level 5 show logging flash Description The show logging flash command is used to display the log information in the log file according to the severity level.
Command Mode Global Configuration Mode Example Enable the SSH function: TL-SG5428(config)# ip ssh server ip ssh version Description The ip ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ip ssh version command.
Example Enable SSH v2: TL-SG5428(config)# ip ssh version v2 ip ssh timeout Description The ip ssh timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use ip ssh timeout command. Syntax...
Example Download a SSH-1 type key file named ssh-key from TFTP server with the IP Address 192.168.0.148: TL-SG5428(config)# ip ssh download v1 ssh-key ip-address 192.168.0.148 show ip ssh Description The show ip ssh command is used to display the global configuration of SSH.
Page 109
Example Display the global configuration of SSH: TL-SG5428(config)# show ip ssh...
Command Mode Global Configuration Mode Example Enable the SSL function: TL-SG5428(config)# ip http secure-server ip http secure-server download certificate Description The ip http secure-server download certificate command is used to download a certificate to the switch from TFTP server.
BASE64 encoded. ip-addr —— The IP address of the TFTP server. Command Mode Global Configuration Mode Example Download a SSL key named ssl-key from TFTP server with the IP address of 192.168.0.146: TL-SG5428(config)# ip http secure-server download key ssl-key ip-address 192.168.0.146...
The show ip http secure-server command is used to display the global configuration of SSL. Syntax show ip http secure-server Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the global configuration of SSL: TL-SG5428(config)# show ip http secure-server...
—— The Ethernet port number of your desired entry. Command Mode Global Configuration Mode Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and port 1 together: TL-SG5428(config)# mac address-table static mac 00:02:58:4f:6c:23 vid 1 interface gigabitEthernet 1/0/1...
Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TL-SG5428(config)# mac address-table aging-time 500 mac address-table filtering Description The mac address-table filtering command is used to add the filtering address entry. To delete the corresponding entry, please use no mac address-table filtering command.
Global Configuration Mode Example Add a filtering address entry of which VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TL-SG5428(config)# mac address-table filtering mac 00:1e:4b:04:01:5d vid mac address-table max-mac-count Description The mac address-table max-mac-count command is used to configure the Port Security.
Enable Port Security function for port 1, select Static mode as the learn mode, and specify the maximum number of MAC addresses that can be learned on this port as 30: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# mac address-table max-mac-count max-number 30 mode static status enable show mac address-table address Description The show mac address-table address command is used to display the information of all Address entries.
The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the security configuration of all ports: TL-SG5428(config)# show mac address-table max-mac-count interface gigabitEthernet Display the security configuration of port 1: TL-SG5428(config)# show mac address-table max-mac-count interface gigabitEthernet 1/0/1...
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the address configuration of port 1: TL-SG5428(config)# show mac address-table interface gigabitEthernet 1/0/1 show mac address-table mac-num Description The show mac address-table mac-num command is used to display the total amount of MAC address table.
Syntax show mac address-table vlan vid Parameter —— The specified VLAN id. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the MAC address configuration of vlan 1: TL-SG5428(config)# show mac address-table vlan 1...
Command Mode Global Configuration Mode Example Configure the system time as 02/14/2012- 12:30:00: TL-SG5428(config)# system-time manual 02/14/2012-12:30:00 system-time ntp Description The system-time ntp command is used to configure the time zone and the IP Address for the NTP Server. The switch will get UTC automatically if it has connected to a NTP Server.
Page 121
UTC-11:00 —— TimeZone for Coordinated Universal Time-11. UTC-10:00 —— TimeZone for Hawaii. UTC-09:00 —— TimeZone for Alaska. UTC-08:00 —— TimeZone for Pacific Time(US Canada). UTC-07:00 —— TimeZone for Mountain Time(US Canada). UTC-06:00 —— TimeZone for Central Time(US Canada). UTC-05:00 —— TimeZone for Eastern Time(US Canada). UTC-04:30 ——...
Configure the system time mode as NTP, the time zone is UTC-12:00, the primary NTP server is 133.100.9.2 and the secondary NTP server is 139.78.100.163, the fetching-rate is 11 hours: TL-SG5428(config)# system-time ntp UTC-12:00 133.100.9.2 139.79.100.163 system-time dst predefined Description The system-time dst predefined command is used to select a predefined DST configuration and the configuration can be recycled.
, the end time as 00:00 am on October 1 and the offset as 30 minutes: TL-SG5428(config)# system-time dst date Apr 1 00:00 Oct 1 00:00 30 system-time dst recurring Description The system-time dst recurring command is used to specify the DST configuration in recurring mode.
Specify the DST start time of the switch as 2:00 am on the first Sunday in May, the end time as 2:00 am on the last Sunday in October and the offset as 45 minutes: TL-SG5428(config)# system-time dst recurring first Sun May 02:00 last Sun Oct 02:00 45 hostname Description The hostname command is used to configure the system name.
—— System Name. The length of the name ranges from 1 to 32 characters. By default, it is the device name, for example “TL-SG5428”. Command Mode Global Configuration Mode Example Configure the system name as TPLINK: TL-SG5428(config)# hostname TPLINK...
Command Mode Global Configuration Mode Example Set the VLAN6 as management VLAN: TL-SG5428(config)# ip management-vlan 6 ip address Description The ip address command is used to configure the system IP Address, Subnet Mask and Default Gateway. To restore to the factory defaults, please use no ip address command.
Configure the system IP as 192.168.0.69 and the Subnet Mask as 255.255.255.0 when the management VLAN of the switch is VLAN1: TL-SG5428(config)# interface vlan 1 TL-SG5428(config-if)# ip address 192.168.0.69 255.255.255.0 ip address-alloc dhcp Description The ip address-alloc dhcp command is used to enable the DHCP Client function.
Interface Configuration Mode (interface vlan) Example Enable the BOOTP Protocol to obtain IP address from BOOTP Server when the management VLAN of the switch is VLAN1: TL-SG5428(config)# interface vlan 1 TL-SG5428(config-if)# ip address-alloc bootp reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch will restore to the factory defaults and your current settings will be lost.
Syntax copy running-config startup-config Command Mode Privileged EXEC Mode Example Save current settings: TL-SG5428# copy running-config startup-config copy startup-config tftp Description The copy startup-config tftp command is used to backup the configuration file to TFTP server. Syntax copy startup-config tftp ip-address ip-addr filename name Parameter ip-addr ——...
TL-SG5428# copy startup-config tftp ip-address 192.168.0.148 filename config.cfg copy tftp startup-config Description The copy tftp startup-config command is used to download the configuration file to the switch from TFTP server. Syntax copy tftp startup-config ip-address ip-addr filename name Parameter ip-addr —— IP Address of the TFTP server.
Page 131
Example Upgrade the switch system file named as firmware.bin via the TFTP server with the IP address 192.168.0.148: TL-SG5428# firmware upgrade ip-address 192.168.0.148 filename firmware.bin...
192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 milliseconds. If there is not any response after 8 times’ Ping test, the connection between the switch and the network device is failed to establish: TL-SG5428# ping 192.168.0.131 –n 8 –l 512 tracert Description The tracert command is used to test the connectivity of the gateways during its journey from the source to destination of the test data.
Command Mode User EXEC Mode and Privileged EXEC Mode Example Do an Internal-type loopback test for port 1: TL-SG5428# loopback interface gigabitEthernet 1/0/1 internal Do an External-type loopback test for port 1: TL-SG5428# loopback interface gigabitEthernet 1/0/1 external show system-time...
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the DST time information of the switch TL-SG5428# show system-time dst show system-time ntp Description The show system-time ntp command is used to display the NTP mode configuration information.
Parameter port —— The number of the port which is selected for Cable test. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Show the cable-diagnostics of port 3: TL-SG5428# show cable-diagnostics interface gigabitEthernet 1/0/3...
Command Mode Global Configuration Mode Example To enter the Interface gigabitEthernet Configuration Mode and configure port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 interface range gigabitEthernet Description The interface range gigabitEthernet command is used to enter the interface range gigabitEthernet Configuration Mode and configure multiple Gigabit Ethernet ports at the same time.
Example To enter the Interface range gigabitEthernet Configuration Mode, and configure ports 1, 2, 3, 6, 7 and 9 at the same time by adding them to one port-list: TL-SG5428(config)# interface range gigabitEthernet 1/0/1-3,1/0/6-7,1/0/9 description Description The description command is used to add a description to the Ethernet port. To clear the description of the corresponding port, please use no description command.
The media-type command is used to configure the media type of Combo port. For a Combo port, the media type should be configured before you set its speed and mode. This command does not apply to TL-SG5428 since TL-SG5428 has no Combo port.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Duplex Mode as full-duplex for port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# duplex full speed Description The speed command is used to configure the Speed Mode for an Ethernet port.
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Speed Mode as 100Mbps for port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# speed 100 storm-control broadcast Description The storm-control broadcast command is used to enable the broadcast control function.
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the multicast control function for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# storm-control multicast storm-control unicast Description The storm-control unicast command is used to enable the unicast control function.
Enable the unicast control function for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# storm-control unicast storm-control rate Description The storm-control rate command is used to configure storm control rate. To disable the storm control function, please use no storm-control rate command.
Example Configure the ingress-rate as 5120Kbps and egress-rate as 1024Kbps for port TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# bandwidth ingress 5120 egress 1024 clear counters Description The clear counters command is used to clear the statistic information of all the Ethernet ports.
Example Display the connective-status of all ports: TL-SG5428(config)# show interface status Display the connective-status of port 1: TL-SG5428(config)# show interface gigabitEthernet 1/0/1 status show interface counters Description The show interface counters command is used to display the statistic information of all ports or an Ethernet port.
Example Display the description of all Ethernet ports: TL-SG5428(config)# show interface description Display the description of port 2: TL-SG5428(config)# show interface gigabitEthernet 1/0/2 description show interface flowcontrol Description The show interface flowcontrol command is used to display the flow-control information of an Ethernet port.
Example Display the configurations of all Ethernet ports: TL-SG5428(config)# show interface configuration Display the configurations of port 2: TL-SG5428(config)# show interface gigabitEthernet 1/0/2 configuration show storm-control Description The show storm-control command is used to display the storm-control information of Ethernet ports.
Page 147
}] Parameter port —— The Ethernet port number. port-list —— The list of the Ethernet ports. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the bandwidth-limit information of port 4: TL-SG5428(config)# show bandwidth interface gigabitEthernet 1/0/4...
CoS value of the ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. Example Configure the priority of port 5 as 3: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# qos 3 qos cos Description The qos cos command is used to enable the mapping relation between IEEE802.1P Priority and TC egress queue.
Example Enable the mapping relation between IEEE 802.1P Priority and egress queue: TL-SG5428(config)# qos cos qos dscp Description The qos dscp command is used to enable the mapping relation between DSCP Priority and CoS value.
Among the priority levels TC0-TC3, the bigger value, the higher priority. Example Map CoS 5 to TC 2.: TL-SG5428(config)# qos queue cos-map 5 2 qos queue dscp-map Description The qos queue dscp-map command is used to configure the mapping relation between DSCP Priority and the CoS value.
(0-7)-CoS 0, (8-15)-CoS 1, (16-23)-CoS 2, (24-31)-CoS 3, (32-39)-CoS 4, (40-47)-CoS 5, (48-55)-CoS 6, (56-63)-CoS 7. Example Map DSCP values 10-12 to CoS 2: TL-SG5428(config)# qos queue dscp-map 10-12 2 qos queue mode Description The qos queue mode command is used to configure the Schedule Mode. To return to the default configuration, please use no qos queue mode command.
Command Mode Global Configuration Mode Example Specify the Schedule Mode as Weight Round Robin Mode: TL-SG5428(config)# qos queue mode wrr show qos interface Description The show qos interface command is used to display the configuration of QoS based on port priority.
Display the configuration of QoS for port 5: TL-SG5428# show qos interface gigabitEthernet 1/0/5 Display the configuration of QoS for ports 1-4: TL-SG5428# show qos interface range gigabitEthernet 1/0/1-4 show qos cos-map Description The show qos cos-map command is used to display the configuration of IEEE 802.1P Priority and the mapping relation between cos-id and tc-id.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the schedule rule of the egress queues: TL-SG5428# show qos queue mode show qos status Description The show qos status command is used to display the status of IEEE 802.1P priority and DSCP priority.
—— The Ethernet port number. Command Mode Global Configuration Mode Example Create monitor session 1 and configure port 1 as the monitoring port: TL-SG5428(config)# monitor session destination interface gigabitEthernet 1/0/1 Delete the monitor session 1: TL-SG5428(config)# no monitor session 1...
monitor session source interface Description The monitor session source interface command is used to configure the monitored port. To delete the corresponding monitored port, please use no monitor session source interface command. Syntax monitor session session_num source interface gigabitEthernet port-list mode no monitor session session_num source interface gigabitEthernet port-list mode...
TL-SG5428(config)# monitor session 1 source interface gigabitEthernet 1/0/4-5,1/0/7 rx Delete port 4 in monitor session 1 and its configuration: TL-SG5428(config)# monitor session source interface gigabitEthernet 1/0/4 rx show monitor session Description The show monitor session command is used to display the configuration of port monitoring.
Set port 1, 2, and 4 to the forward port list of port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# port isolation gi-forward-list 1/0/1-2,1/0/4 Set all Ethernet ports to forward port list of port 2, namely restore to the default setting:...
Page 159
The number of Ethernet port you want to show its forward port list, in the format of 1/0/2. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the forward-list of port 2: TL-SG5428# show port isolation interface gigabitEthernet 1/0/2 Display the forward-list of all Ethernet ports: TL-SG5428# show port isolation interface...
Command Mode Global Configuration Mode Example Enable the loopback detection function globally: TL-SG5428(config)# loopback-detection loopback-detection interval Description The loopback-detection interval command is used to define the interval of sending loopback detection packets from switch ports to network, aiming at detecting network loops periodically.
Example Specify the interval-time as 50 seconds: TL-SG5428(config)# loopback-detection interval 50 loopback-detection recovery-time Description The loopback-detection recovery-time command is used to configure the time after which the blocked port would automatically recover to normal status. Syntax loopback-detection recovery-time recovery-time Parameter recovery-time ——...
TL-SG5428(config)# interface range gigabitEthernet 1/0/1-3 TL-SG5428(Config-if-range)# loopback-detection loopback-detection config Description The loopback-detection config command is used to configure the process-mode and recovery-mode for the ports by which the switch copes with the detected loops. Syntax loopback-detection config [ process-mode { alert | port-based }]...
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Recover the blocked port 2 to normal status: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# loopback-detection recover show loopback-detection global Description The show loopback-detection global command is used to display the global configuration of loopback detection function such as loopback detection global status, loopback detection interval and loopback detection recovery time.
Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of loopback detection function and the status of all ports: TL-SG5428# show loopback-detection interface Display the configuration of loopback detection function and the status of port 5: TL-SG5428# show loopback-detection interface gigabitEthernet 1/0/5...
—— The Time-Range name, ranging from 1 to 16 characters. Command Mode Global Configuration Mode Example Add a time-range named “tRange1”: TL-SG5428(config)# time-range tRange1 absolute Description The absolute command is used to configure a Time-Range into an absoluteness mode. To delete the corresponding absoluteness mode Time-range, please use no absolute command.
Time-range Create Configuration Mode Example Configure the time-range “tRange1” with time from May 5, 2012 to Oct. 5, 2012: TL-SG5428(config)# time-range tRange1 TL-SG5428(config-time-range)# absolute start 05/05/2012 end 10/05/2012 periodic Description The periodic command is used to configure the Time-Range into an periodic mode.
TL-SG5428(config-time-range)# periodic week-date off-day time-slice1 08:30-12:00 holiday Description The holiday command is used to configure the time-range into Holiday Mode under Time-range Create Configuration Mode. To delete the corresponding Holiday Mode time-range, please use no holiday command. Syntax holiday no holiday...
Example Define National Day, configuring the start date as October 1st, and the end date as October 3rd: TL-SG5428(config)# holiday nationalday start-date 10/01 end-date 10/03 access-list create Description The access-list create command is used to create standard-IP ACL and extend-IP ACL.
Example Create a MAC ACL whose ID is 23: TL-SG5428(config)# mac access-list 23 access-list standard Description The access-list standard command is used to add Standard-IP ACL rule. To delete the corresponding rule, please use no access-list standard command. Standard-IP ACLs analyze and process data packets based on a series of match conditions, which can be the source IP addresses and destination IP addresses carried in the packets.
255.255.255.0, the time-range for the rule to take effect is “tRange1”, and the packets match this rule will be forwarded by the switch: TL-SG5428(config)# access-list create 120 TL-SG5428(config)# access-list standard rule permit 192.168.0.100 smask 255.255.255.0 tseg tRange1 access-list extended Description The access-list extended command is used to add Extended-IP ACL rule.
IP address is 192.168.0.100, the source IP address mask is 255.255.255.0, the time-range for the rule to take effect is “tRange1”, and the packets match this rule will be forwarded by the switch: TL-SG5428(config)# access-list create 220 TL-SG5428(config)# access-list...
11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule to take effect is “tRange1”, and the packets match this rule will be forwarded by the switch: TL-SG5428(config)# mac access-list 20 TL-SG5428(config-mac-acl)# rule 10 permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tRange1 access-list policy name Description The access-list policy name command is used to add Policy.
Command Mode Global Configuration Mode Example Add ACL whose ID is 120 to policy1 and create an action for them: TL-SG5428(config)# access-list policy action policy1 120 redirect interface Description The redirect interface command is used to configure Direction function of policy action for specified ports.
Edit the actions for policy1. For the data packets matching ACL 120 in the policy, if the rate beyond 1000kbps, they will be discarded by the switch: TL-SG5428(config)# access-list policy action policy1 120 TL-SG5428(config-action)# s-condition rate 1000 osd discard s-mirror...
ACL 120 as port 2: TL-SG5428(config)# access-list policy action policy1 120 TL-SG5428(config-action)# s-mirror interface gigabitEthernet 1/0/2 access-list bind(interface) Description The access-list bind command is used to bind a policy to a specified port. To cancel the bind relation, please use no access-list bind command.
Example Bind policy1 to VLAN 2: TL-SG5428(config)# interface vlan 2 TL-SG5428(config-if)# access-list bind policy1 show time-range Description The show time-range command is used to display the configuration of Time-Range. Syntax show time-range Command Mode Privileged EXEC Mode and Any Configuration Mode...
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of a policy named policy1: TL-SG5428(config)# show access-list policy policy1 show access-list bind Description The show access-list bind command is used to display the configuration of Policy bind.
Page 178
Example Display the configuration of Policy bind: TL-SG5428(config)# show access-list bind...
The spanning-tree command is used to enable STP function for a port. To disable the STP function, please use no spanning-tree command. Syntax spanning-tree no spanning-tree Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the STP function for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2...
TL-SG5428(config-if)# spanning-tree spanning-tree common-config Description The spanning-tree common-config command is used to configure the parameters of the ports for comparison in the CIST and the common parameters of all instances. To return to the default configuration, please use no spanning-tree common-config command. CIST (Common and Internal Spanning Tree) is the spanning tree in a switched network, connecting all devices in the network.
Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# spanning-tree common-config port-priority 64 ext-cost 100 int-cost 100 portfast enable point-to-point open spanning-tree mode...
— — The VLAN ID selected to mapping with the corresponding instance. Command Mode MST Configuration Mode Example Map the VLANs 1-100 to Instance 1: TL-SG5428(config)# spanning-tree mst configuration TL-SG5428(config-mst)# instance 1 vlan 1-100 Disable Instance 1, namely remove all the mapping VLANs 1-100: TL- SG5428(config)# spanning-tree mst configuration...
TL- SG5428(config-mst)# no instance 1 Remove VLANs 1-50 in mapping VLANs 1-100 for Instance 1: TL-SG5428(config)# spanning-tree mst configuration TL-SG5428(config-mst)# no instance 1 vlan 1-50 name Description The name command is used to configure the region name of MST instance.
Command Mode Global Configuration Mode Example Enable the MST Instance 1 and configure its priority as 4096: TL-SG5428(config)# spanning-tree mst instance 1 priority 4096 spanning-tree mst Description The spanning-tree mst command is used to configure MST Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree mst command.
Example Configure the priority of port 1 in MST Instance 1 as 64, and path cost as 2000: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# spanning-tree mst instance 1 port-priority 64 cost 2000 spanning-tree priority Description The spanning-tree priority command is used to configure the bridge priority. To return to the default value of bridge priority, please use no spanning-tree priority command.
Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets and TC Protect Cycle as 10 seconds: TL-SG5428(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree timer Description The spanning-tree timer command is used to configure forward-time, hello-time and max-age of Spanning Tree. To return to the default configurations, please use no spanning-tree timer command.
Global Configuration Mode Example Configure forward-time, hello-time and max-age for Spanning Tree as 16 seconds, 3 seconds and 22 seconds respectively: TL-SG5428(config)# spanning-tree timer forward-time 16 hello-time 3 max-age 22 spanning-tree hold-count Description The spanning-tree hold-count command is used to configure the maximum number of BPDU packets transmitted per Hello Time interval.
TL-SG5428(config)# spanning-tree hold-count 8 spanning-tree max-hops Description The spanning-tree max-hops command is used to configure the maximum number of hops that occur in a specific region before the BPDU is discarded. To return to the default configurations, please use no spanning-tree max-hops command.
Example Enable the BPDU filter function for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# spanning-tree bpdufilter spanning-tree bpduguard Description The spanning-tree bpduguard command is used to enable the BPDU protect function for a port. With the BPDU protect function enabled, the port will set itself automatically as ERROR-PORT when it receives BPDU packets, and the port will disable the forwarding function for a while.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the Loop Protect function for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# spanning-tree guard loop spanning-tree guard root Description The spanning-tree guard root command is used to enable the Root Protect function for a port.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the TC Protect of Spanning Tree for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# spanning-tree guard tc spanning-tree mcheck Description The spanning-tree mcheck command is used to enable mcheck.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the active information of spanning-tree: TL-SG5428(config)# show spanning-tree active show spanning-tree bridge Description The show spanning-tree bridge command is used to display the bridge parameters. Syntax...
Example Display the spanning-tree information of all ports: TL-SG5428(config)# show spanning-tree interface Display the spanning-tree information of port 2: TL-SG5428(config)# show spanning-tree interface gigabitEthernet 1/0/2 Display the spanning-tree mode information of port 2: TL-SG5428(config)# show spanning-tree interface gigabitEthernet 1/0/2 mode...
Display the region information and mapping information of VLAN and MST Instance: TL-SG5428(config)#show spanning-tree mst configuration Display the related information of MST Instance 1: TL-SG5428(config)#show spanning-tree mst instance 1 Display all the ports information of MST Instance 1: TL-SG5428(config)#show spanning-tree mst instance 1 interface...
Command Mode Global Configuration Mode Example Enable IGMP Snooping function: TL-SG5428(config)# ip igmp snooping ip igmp snooping(interface) Description The ip igmp snooping command is used to enable the IGMP Snooping function for the desired port. To disable the IGMP Snooping function, please use no ip igmp snooping command.
Example Enable the Fast Leave function for port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# ip igmp snooping immediate-leave ip igmp snooping drop-unknown Description The ip igmp snooping drop-unknown command is used to process the unknown multicast as discard. To disable the operation of processing the unknown multicast as discard, please use no ip igmp snooping drop-unknown command.
ip igmp snooping vlan-config Description The ip igmp snooping vlan-config command is used to enable VLAN IGMP Snooping function or to modify IGMP Snooping parameters, and to create static multicast IP entry. To disable the VLAN IGMP Snooping function, please use no ip igmp snooping vlan-config command.
Member Port Time as 200 seconds for VLAN 1-3, and set the Leave time as 15 seconds for VLAN 1-2: TL-SG5428(config)# ip igmp snooping vlan-config 1-3 rtime 300 TL-SG5428(config)# ip igmp snooping vlan-config 1-3 mtime 200 TL-SG5428(config)# ip igmp snooping vlan-config 1-2 ltime 15 Add static multicast IP address 225.0.0.1, which corresponds to VLAN 2, and...
Enable Multicast VLAN 3, and configure Router Port Time as 100 seconds, Member Port Time 100 seconds, Leave Time 3 seconds, and Static Router Port port 3: TL-SG5428(config)# ip igmp snooping multi-vlan-config 3 rtime 100 TL-SG5428(config)# ip igmp snooping multi-vlan-config 3 mtime 100 TL-SG5428(config)# ip igmp snooping multi-vlan-config 3 ltime 3...
Global Configuration Mode Example Modify the multicast IP-range whose ID is 3 as 225.1.1.1~226.3.2.1: TL-SG5428(config)# ip igmp snooping filter 3 225.1.1.1 226.3.2.1 ip igmp snooping filter(interface) Description The ip igmp snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp snooping filter command.
Example Specify the maximum number of multicast groups for ports 2-5 to join in as 10: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-5 TL-SG5428(config-if-range)# ip igmp snooping filter maxgroup 10 ip igmp snooping filter mode Description The ip igmp snooping filter mode command is used to configure the Action...
Example Specify the Action Mode as accept for port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# ip igmp snooping filter mode accept show ip igmp snooping Description The show ip igmp snooping command is used to display the global configuration of IGMP snooping.
Privileged EXEC Mode and Any Configuration Mode Example Display the IGMP filter configuration of all ports: TL-SG5428# show ip igmp snooping interface gigabitEthernet filter Display the IGMP basic configuration of port 2: TL-SG5428# show ip igmp snooping interface gigabitEthernet 1/0/2...
TL-SG5428# show ip igmp snooping vlan 2 show ip igmp snooping multi-vlan Description The show ip igmp snooping multi-vlan command is used to display the Multicast VLAN configuration. Syntax show ip igmp snooping multi-vlan Command Mode Privileged EXEC Mode and Any Configuration Mode...
TL-SG5428(config)#show ip igmp snooping groups vlan 5 static Display the count of dynamic multicast entries of VLAN 5 TL-SG5428(config)#show ip igmp snooping groups vlan 5 dynamic count Display the count of static multicast entries of VLAN 5 TL-SG5428(config)#show ip igmp snooping groups vlan 5 static count...
Command Mode Global Configuration Mode Example Enable the SNMP function: TL-SG5428(config)# snmp-server snmp-server view Description The snmp-server view command is used to add View. To delete the corresponding View, please use no snmp-server view command. The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs.
Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: TL-SG5428(config)# snmp-server view view1 1.3.6.1.6.3.20 include snmp-server group Description The snmp-server group command is used to manage and configure the SNMP group.
View viewDefault as read-write, besides the notification messages sent by View viewDefault can be received by Management station: TL-SG5428(config)# snmp-server group group1 smode v3 slev authNoPriv read viewDefault write viewDefault notify viewDefault Delete group 1:...
Page 209
Security Level of the group as authPriv, the Authentication Mode of the user as MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TL-SG5428(config)# snmp-server user admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222...
Global Configuration Mode Example Add community public, and the community has read-write management right to View viewDefault: TL-SG5428(config)# snmp-server community public read-write viewDefault snmp-server host Description The snmp-server host command is used to add Notification. To delete the corresponding Notification, please use no snmp-server host command.
Page 211
Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the retries time as 100: TL-SG5428(config)# snmp-server host 192.168.0.146 162 admin smode v2c type inform retries 100 timeout 1000...
Command Mode Global Configuration Mode Example Specify the local engineID as 1234567890, and the remote engineID as abcdef123456: TL-SG5428(config)# snmp-server engineID local 1234567890 remote abcdef123456 snmp-server traps snmp Description The snmp-server traps snmp command is used to enable SNMP standard traps which include four types: linkup, linkdown, warmstart and coldstart.
Command Mode Global Configuration Mode Example Enable SNMP standard linkup trap for the switch: TL-SG5428(config)# snmp-server traps snmp linkup snmp-server traps link-status Description The snmp-server traps link-status command is used to enable SNMP link status trap for the specified port. To disable the sending of SNMP link status trap, please use no snmp-server traps link-status command.
—— Enable spanning-tree trap. It is sent when the port forwarding status changes or the port receives TCN packet or packet with TC flag. Command Mode Global Configuration Mode Example Enable SNMP extended bandwidth-control trap for the switch: TL-SG5428(config)# snmp-server traps bandwidth-control...
Enable all SNMP extended MAC address-related traps for the switch: TL-SG5428(config)# snmp-server traps mac Enable new MAC address trap only for the switch: TL-SG5428(config)# snmp-server traps mac new snmp-server traps vlan Description The snmp-server traps vlan command is used to enable SNMP extended VLAN-related traps which include two types: create and delete.
Enable all SNMP extended VLAN-related traps for the switch: TL-SG5428(config)# snmp-server traps vlan Enable VLAN-created trap only for the switch: TL-SG5428(config)# snmp-server traps vlan create rmon history Description The rmon history command is used to configure the history sample entry. To return to the default configuration, please use no rmon history command.
Global Configuration Mode Example Configure the sample port as Gi1/0/2 and the sample interval as 100 seconds for the entry 1-3: TL-SG5428(config)# rmon history 1-3 interface gigabitEthernet 1/0/2 interval 100 owner owner1 rmon event Description The rmon event command is used to configure the entries of SNMP-RMON Event.
Configure the user name of entry 1, 2, 3 and 4 as user1, the description of the event as description1, the type of event as log and the owner of the event as owner1: TL-SG5428(config)# rmon event 1-4 user user1 description description1 type log owner owner1 rmon alarm...
Global Configuration Mode Example Configure the port of entries of 1,2 and 3 as port 2, the owners as owner1 and the alarm intervals as 100 seconds TL-SG5428(config)# rmon alarm 1-3 interface gigabitEthernet 1/0/2 owner owner1 interval 100 show snmp-server Description The show snmp-server command is used to display SNMP configuration globally.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the View table: TL-SG5428# show snmp-server view show snmp-server group Description The show snmp-server group command is used to display the Group table. Syntax show snmp-server group...
Syntax show snmp-server user Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the User table: TL-SG5428# show snmp-server user show snmp-server community Description The show snmp-server community command is used to display the Community table. Syntax show snmp-server community...
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the engineID: TL-SG5428# show snmp-server engineID show rmon history Description The show rmon history command is used to display the configuration of the history sample entry.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Event configuration of entry1-4: TL-SG5428# show rmon event 1-4 show rmon alarm Description The show rmon alarm command is used to display the configuration of the Alarm Management entry.
Command Mode Global Configuration Mode Example Enable LLDP function globally: TL-SG5428(config)# lldp lldp hold-multiplier Description The lldp hold-multiplier command is used to configure the Hold Multiplier parameter. The aging time of the local information in the neighbor device is determined by the actual TTL value used in the sending LLDPDU.
Command Mode Global Configuration Mode Example Specify Hold Multiplier as 5: TL-SG5428(config)# lldp hold-multiplier 5 lldp timer Description The lldp timer command is used to configure the parameters about transmission. To return to the default configuration, please use no lldp timer command.
Global Configuration Mode Example Specify the Transmit Interval of LLDPDU as 45 seconds and Trap message to NMS as 120 seconds: TL-SG5428(config)# lldp timer tx-interval 45 TL-SG5428(config)# lldp timer notify-interval 120 lldp receive Description The lldp receive command is used to enable the designated port to receive LLDPDU.
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable port 1 to transmit LLDPDU: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# lldp transmit lldp snmp-trap Description The lldp snmp-trap command is used to enable the port’s SNMP notification. If enabled, the port will notify the trap event to network management system.
Example Exclude “management-address” and “port-vlan-id” TLVs in LLDPDU outgoing from port 1: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# no lldp tlv-select management-address port-vlan show lldp Description The show lldp command is used to display the global configuration of LLDP and LLDP-MED fast start repeat count number.
Privileged EXEC Mode and Any Configuration Mode Example Display the LLDP and LLDP-MED local information of port 1: TL-SG5428# show lldp local-information interface gigabitEthernet 1/0/1 show lldp neighbor-information interface Description The show lldp neighbor-information interface command is used to display...
Privileged EXEC Mode and Any Configuration Mode Example Display the LLDP and LLDP-MED neighbor information of port 1: TL-SG5428# show lldp neighbor-information interface gigabitEthernet 1/0/1 show lldp traffic interface Description The show lldp traffic interface command is used to display the LLDP statistic information between the local device and neighbor device of the corresponding port.
NDP packets from this switch. Aging Time ranges from 5 to 255 in seconds. By default, it is 180. Command Mode Global Configuration Mode Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TL-SG5428(config)# cluster ndp...
TL-SG5428(config)# cluster ndp timer hello 50 aging 120 Change Aging Time to 80 seconds: TL-SG5428(config)# cluster ndp timer aging 80 Change Hello Time to 80 seconds: TL-SG5428(config)# cluster ndp timer hello 80 cluster ntdp Description The cluster ntdp command is used to configure NTDP globally. To return to the default configuration, please use no cluster ntdp command.
Example Enable NTDP function globally, and specify NTDP Hops as 5, NTDP Interval Time as 30 minutes: TL-SG5428(config)# cluster ntdp TL-SG5428(config)# cluster ntdp timer interval-timer 30 TL-SG5428(config)# cluster ntdp hop 5 cluster explore Description The cluster explore command is used to manually collect the topology information.
Example Enable NDP and NTDP function for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# cluster ndp enable ntdp enable cluster ip pool Description The cluster ip pool command is used to create a new cluster. If no specified cluster name is set through cluster commander command, the newly created cluster will enjoy the system default name “tplink-cluster”.
Interval Time ranges from 1 to 255 in seconds. It is 20 by default. Command Mode Global Configuration Mode Example Specify the Hold Time and Interval Time of the cluster as 50 seconds: TL-SG5428(config)#cluster manage holdtime 50 TL-SG5428(config)#cluster manage timer 50 cluster member...
Command Mode Global Configuration Mode Example Add the switch whose MAC address is 00:74:5D:61:67:48 to the cluster: TL-SG5428(config)#cluster member mac-address 00:74:5D:61:67:48 cluster candidate Description The cluster candidate command is used to specify the current switch as candidate switch.
Display the NDP configuration of all Ethernet ports: TL-SG5428# show cluster ndp interface Display the NDP configuration of port 2: TL-SG5428# show cluster ndp interface gigabitEthernet 1/0/2 show cluster ntdp Description The show cluster ntdp command is used to display NTDP configuration or the information of device collected through NTDP.
Display the NTDP configuration of all Ethernet ports: TL-SG5428#show cluster ntdp interface Display the NTDP configuration of port 2: TL-SG5428# show cluster ntdp interface gigabitEthernet 1/0/2 Display the information of device collected through NTDP: TL-SG5428# show cluster ntdp device-list show cluster neighbour...
The show cluster manage role command is used to display the cluster role of the current switch. Syntax show cluster manage role Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the role of the current switch: TL-SG5428(config)# show cluster manage role...