Page 1 TL-SG5428 24-Port Gigabit L2 Managed Switch with 4 SFP Slots TL-SG5412F 12-Port Gigabit SFP L2 Managed Switch with 4 Combo 1000BASE-T Ports REV2.1.1 1910010847...
Page 2 COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3: Table Of Contents
CONTENTS Preface ………………………………………………………………………………….1 Chapter 1 Using the CLI..................4 1.1 Accessing the CLI......................4 1.1.1 Logon by a console port..................4 1.1.2 Logon by Telnet....................6 1.2 CLI Command Modes ....................11 1.3 Security Levels ......................13 1.4 Conventions ........................13 1.4.1 Format Conventions..................13 1.4.2 Special Characters...................13 1.4.3 Parameter Format ....................14...
Page 4 protocol-vlan..........................25 show protocol-vlan template....................26 show protocol-vlan vlan ......................26 show protocol-vlan interface....................26 Chapter 5 VLAN-VPN Commands ............... 28 dot1q-tunnel ..........................28 dot1q-tunnel tpid........................28 switchport dot1q-tunnel enable....................29 switchport dot1q-tunnel mode uplink ..................29 show dot1q-tunnel .........................30 show dot1q-tunnel interface ....................30 show dot1q-tunnel uplink.......................31 Chapter 6 Voice VLAN Commands ..............
Page 5 show gvrp interface .......................45 Chapter 9 Etherchannel Commands ..............46 channel-group ........................46 port-channel load-balance .....................47 lacp system-priority .......................47 lacp port-priority........................48 show etherchannel ........................48 show etherchannel load-balance...................49 show lacp ..........................49 show lacp sys-id ........................50 Chapter 10 User Manage Commands..............51 user name ..........................51 user access-control ip-based....................52 user access-control mac-based.....................52 user access-control port-based .....................53...
Page 6 show ip dhcp snooping ......................67 show ip dhcp snooping information ..................67 show ip dhcp snooping interface gigabitEthernet ..............68 Chapter 12 ARP Inspection Commands..............69 ip arp inspection(global) ......................69 ip arp inspection trust ......................69 ip arp inspection(interface) ....................70 ip arp inspection limit-rate......................71 ip arp inspection recover .......................71 show ip arp inspection ......................72 show ip arp inspection interface ....................72...
Page 7 show radius accounting ......................86 show radius authentication ....................87 Chapter 16 System Log Commands ..............88 logging buffer.........................88 logging file flash........................89 clear logging ..........................89 logging host index .........................90 show logging local-config ......................91 show logging loghost ......................91 show logging buffer .......................91 show logging flash.........................92 Chapter 17 SSH Commands..................
Page 8 Chapter 20 System Configuration Commands ............107 system-time manual ......................107 system-time ntp ........................107 system-time dst predefined ....................109 system-time dst date ......................109 system-time dst recurring ....................110 hostname..........................111 location ..........................112 contact-info.......................... 112 ip management-vlan ......................113 ip address..........................113 ip address-alloc dhcp ......................114 ip address-alloc bootp ......................
Page 9 storm-control multicast ......................128 storm-control unicast ......................128 storm-control rate ........................129 bandwidth ..........................129 clear counters........................130 show interface status......................130 show interface counters.......................131 show interface description ....................131 show interface flowcontrol ....................132 show interface configuration....................132 show storm-control ......................133 show bandwidth........................133 Chapter 22 QoS Commands .................135 qos ............................135 qos cos ..........................135 qos dscp ..........................136...
Page 10 loopback-detection(interface) ....................148 loopback-detection config....................149 loopback-detection recover ....................149 show loopback-detection global ..................150 show loopback-detection interface ..................150 Chapter 26 ACL Commands .................152 time-range ...........................152 absolute..........................152 periodic..........................153 holiday ..........................154 holiday(global) ........................154 access-list create.........................155 mac access-list........................155 access-list standard......................156 access-list extended ......................157 rule ............................158 access-list policy name......................159 access-list policy action .......................160 redirect interface........................160 s-condition ...........................161...
Page 11 revision ..........................170 spanning-tree mst instance ....................171 spanning-tree mst........................171 spanning-tree priority......................172 spanning-tree tc-defend.......................173 spanning-tree timer......................173 spanning-tree hold-count.....................174 spanning-tree max-hops ......................175 spanning-tree bpdufilter.......................175 spanning-tree bpduguard ....................176 spanning-tree guard loop.....................176 spanning-tree guard root .....................177 spanning-tree guard tc......................177 spanning-tree mcheck ......................178 show spanning-tree active....................178 show spanning-tree bridge ....................179 show spanning-tree interface ....................179 show spanning-tree interface-security .................180...
Page 12 Chapter 29 SNMP Commands................193 snmp-server ........................193 snmp-server view ........................193 snmp-server group ......................194 snmp-server user ........................195 snmp-server community ......................197 snmp-server host.........................197 snmp-server engineID ......................199 snmp-server traps snmp......................199 snmp-server traps link-status....................200 snmp-server traps........................201 snmp-server traps mac......................202 snmp-server traps vlan ......................202 rmon history.........................203 rmon event ..........................204 rmon alarm ..........................205 show snmp-server .......................206...
Page 13 show lldp neighbor-information interface ................216 show lldp traffic interface .....................217 Chapter 31 Cluster Commands................218 cluster ndp...........................218 cluster ntdp ..........................219 cluster explore ........................220 cluster..........................220 cluster ip pool ........................221 cluster commander ......................221 cluster manage........................222 cluster member........................222 cluster candidate .........................223 cluster individual........................223 show cluster ndp........................224 show cluster ntdp.........................224 show cluster neighbour......................225 show cluster ........................225...
Page 14: Preface
Interface). device mentioned this Guide stands TL-SG5428/TL-SG5412F JetStream L2 Managed Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels and some Conventions. Chapter 2: User Interface Provide information about the commands used to switch between five CLI Command Modes.
Page 15 Chapter 12: ARP Inspection Commands Provide information about the commands used for protecting the switch from the ARP cheating or ARP Attack. Chapter 13: IP Verify Source Commands Provide information about the commands used for guarding the IP Source by filtering the IP packets based on the IP-MAC Binding entries.
Page 16 Chapter 26: ACL Commands Provide information about the commands used for configuring the ACL (Access Control List). Chapter 27: MSTP Commands Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree Protocol). Chapter 28: IGMP Commands Provide information about the commands used for configuring the IGMP Snooping (Internet Group Management Protocol Snooping).
Page 17: Chapter 1 Using The Cli
Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: Log on to the switch by the console port on the switch. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port To log on to the switch by the console port on the switch, please take the following steps: Connect the PCs or Terminals to the console port on the switch by a provided cable.
Page 18 Figure 1-2 Connection Description Select the port to connect in Figure 1-3, and click OK. Figure 1-3 Select the port to connect Configure the port selected in the step above as the following Figure 1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.
Page 19: 1.1.2 Logon By Telnet
Figure 1-4 Port Settings The DOS prompt ”TL-SG5428>” will appear after pressing the Enter button as Figure 1-5 shown. It indicates that you can use the CLI now. Figure 1-5 Log in the Switch 1.1.2 Logon by Telnet To successfully create Telnet connection, firstly CLI commands about configuring Telnet login mode, login authentication information and Privileged EXEC Mode password should be configured through Console connection.
Page 20 Login local Mode: It requires username and password, which are both admin by default. Login Mode: It requires no username and password, but a connection password is required. Note: 1. Before Telnet login, you are required to configure Telnet login mode and login authentication information through Console connection.
Page 21 Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-8, and press the Enter button. Figure 1-8 Connecting to the Switch Type the default user name and password admin/admin, then press the Enter button so as to enter User EXEC Mode.
Page 22 Figure 1-10 Enter into the Privileged EXEC Mode  Login Mode Firstly configure the Telnet login mode as “login”, and both the connection password and the Privileged EXEC Mode password as 123 in the prompted DOS screen shown in Figure 1-11. Figure 1-11 Configure login mode Now, you can logon by Telnet in login mode: Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-12, and...
Page 23 Figure 1-12 Connecting to the Switch You are prompted to enter the connection password 123 you have set through Console port connection, and then you are in User EXEC Mode. Figure 1-13 Enter into the User EXEC Mode When entering enable command to access Privileged EXEC Mode, you are required to give the password 123 you have set through Console port connection.
Page 24: 1.2 Cli Command Modes
(except that switch Primary mode once it User EXEC connected through the Console port). is connected with the TL-SG5428> Mode switch. Use the enable command to access Privileged EXEC mode. Enter the disable or exit command to enable Privileged return to User EXEC mode.
Page 25 Logout or Access the next mode interface Use the end command or press Ctrl+Z gigabitEthernet port to return to Privileged EXEC mode. interface range TL-SG5428(config-if) Interface gigabitEthernet Enter the exit or the # command to # or Configuration port-list command to TL-SG5428(config-if- return to Global Configuration mode.
Page 26: 1.3 Security Levels
1.3 Security Levels This switch’s security is divided into two levels: User level and Admin level. User level only allows users to do some simple operations in User EXEC Mode; Admin level allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.
Page 27: 1.4.3 Parameter Format
1.4.3 Parameter Format Some parameters must be entered in special formats which are shown as follows: MAC Address must be entered in the format of xx:xx:xx:xx:xx:xx  One or several values can be typed for a port-list or a vlan-list using comma to separate. Use ...
Page 28: Chapter 2 User Interface
—— super password ， which contains 16 characters at most, composing digits, English letters and underlines only. By default, it is empty. Command Mode Global Configuration Mode Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TL-SG5428(config)# enable password admin...
Page 29: Disable
EXEC Mode. Syntax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TL-SG5428# disable TL-SG5428> configure Description The configure command is used to access Global Configuration Mode from Privileged EXEC Mode. Syntax configure...
Page 30: End
Privileged EXEC Mode and Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: TL-SG5428 (config-if)# exit TL-SG5428(config)# exit TL-SG5428# Description The end command is used to return to Privileged EXEC Mode.
Page 31: Chapter 3 Ieee 802.1Q Vlan Commands
Example Create VLAN 2-10 and VLAN 100: TL-SG5428(config)# vlan 2-10,100 Delete VLAN 2: TL-SG5428(config)# no vlan 2 interface vlan Description The interface vlan command is used to create VLAN Interface and enter Interface VLAN Mode. To delete VLAN Interface, please use no interface vlan command.
Page 32: Name
—— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Create VLAN Interface 2: TL-SG5428(config)# interface vlan 2 name Description The name command is used to assign a description to a VLAN. To clear the description, please use no name command.
Page 33: Switchport Access Vlan
Specify the Link Type of port 3 as access and add it to VLAN 2: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# switchport mode access TL-SG5428(config-if)# switchport access vlan 2 switchport trunk allowed vlan Description The switchport trunk allowed vlan command is used to add the desired Trunk port to IEEE 802.1Q VLAN.
Page 34: Switchport General Allowed Vlan
Specify the Link Type of port 2 as trunk and add it to VLAN 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# switchport mode trunk TL-SG5428(config-if)# switchport trunk allowed vlan 2 switchport general allowed vlan Description The switchport general allowed vlan command is used to add the desired General port to IEEE 802.1Q VLAN and specify the egress rule.
Page 35: Switchport Pvid
TL-SG5428(config-if)# switchport general allowed vlan 2 tagged switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.
Page 36: Show Vlan Brief
Privileged EXEC Mode and Any Configuration Mode Example Display the detailed information of all VLANs: TL-SG5428(config)# show vlan Display the detailed information of VLAN 2: TL-SG5428(config)# show vlan id 2 Display the detailed information of VLAN 3-10: TL-SG5428(config)# show vlan id 3-10...
Page 37: Chapter 4 Protocol Vlan Commands
Global Configuration Mode Example Create a Protocol-based VLAN template named “TP” whose Ethernet protocol type is 0x2024: TL-SG5428(config)# protocol-vlan template name TP ether-type 2024 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol-based VLAN. To delete a Protocol-based VLAN, please use no protocol-vlan command.
Page 38: Protocol-Vlan
Command Mode Global Configuration Mode Example Create Protocol-based VLAN 2 and bind it with Protocol-based VLAN Template TL-SG5428(config)# protocol-vlan vlan 2 template 3 protocol-vlan Description The protocol-vlan command is used to enable the Protocol-based VLAN feature for a specified port. To disable the Protocol-based VLAN feature of this port, please use no protocol-vlan command.
Page 39: Show Protocol-Vlan Template
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the Protocol-based VLAN templates: TL-SG5428(config)# show protocol-vlan template show protocol-vlan vlan Description The show protocol-vlan vlan command is used to display the information about Protocol-based VLAN entry.
Page 40 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the port state and of Protocol-based VLAN interface: TL-SG5428(config)#show protocol-vlan interface...
Page 41: Chapter 5 Vlan-Vpn Commands
Command Mode Global Configuration Mode Example Enable the VLAN-VPN function globally: TL-SG5428(config)#dot1q-tunnel dot1q-tunnel tpid Description The dot1q-tunnel tpid command is used to configure Global TPID of the VLAN-VPN. To restore to the default value, please use the no dot1q-tunnel tpid command.
Page 42: Switchport Dot1Q-Tunnel Enable
Command Mode Global Configuration Mode Example Configure Global TPID of the VLAN-VPN as 0x9100: TL-SG5428(config)#dot1q-tunnel tpid 9100 switchport dot1q-tunnel enable Description The switchport dot1q-tunnel enable command is used to enable the dot1q tunnel feature on specified interface(s). To disable this function on specified interface(s), please use the no switchport dot1q-tunnel enable command.
Page 43: Show Dot1Q-Tunnel
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Gigabit Ethernet port 3 as the VPN Up-link ports: TL-SG5428(config)#interface gigabitEthernet 1/0/3 TL-SG5428(config-if)#switchport dot1q-tunnel mode uplink show dot1q-tunnel Description The show dot1q-tunnel command is used to display the global configuration information of the VLAN VPN.
Page 44: Show Dot1Q-Tunnel Uplink
The show dot1q-tunnel uplink command is used to display the configuration information of the VLAN VPN Up-link ports. Syntax show dot1q-tunnel uplink Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration information of the VLAN VPN Up-link ports: TL-SG5428(config)# show dot1q-tunnel uplink...
Page 45: Chapter 6 Voice Vlan Commands
Command Mode Global Configuration Mode Example Enable the Voice VLAN function for VLAN 10: TL-SG5428(config)# voice vlan 10 voice vlan aging time Description The voice vlan aging time command is used to set the aging time for a voice VLAN. To restore to the default aging time for the Voice VLAN, please use no voice vlan aging time command.
Page 46: Voice Vlan Mac-Address
Command Mode Global Configuration Mode Example Set the aging time for the Voice VLAN as 1 minute: TL-SG5428(config)# voice vlan aging time 1 voice vlan mac-address Description The voice vlan mac-address command is used to create Voice VLAN OUI. To delete the specified Voice VLAN OUI, please use no voice vlan mac-address command.
Page 47: Switchport Voice Vlan Mode
Example Configure the port 3 to operate in the auto voice VLAN mode: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# switchport voice vlan mode auto switchport voice vlan security Description The switchport voice vlan security command is used to enable the Voice VLAN security feature.
Page 48: Show Voice Vlan
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration information of Voice VLAN OUI: TL-SG5428(config)# show voice vlan oui show voice vlan switchport Description The show voice vlan switchport command is used to display the Voice VLAN configuration information of all ports or a specified port.
Page 49 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Voice VLAN configuration information of all ports: TL-SG5428(config)# show voice vlan switchport Display the Voice VLAN configuration information of port 2: TL-SG5428(config)# show voice vlan switchport gigabitEthernet 1/0/2...
Page 50: Chapter 7 Private Vlan Commands
Command Mode VLAN Configuration Mode (VLAN) Example Configure the VLAN 3 as the primary VLAN of the private VLAN: TL-SG5428(config)#vlan 3 TL-SG5428(config-vlan)#private-vlan primary private-vlan secondary Description The private-vlan secondary command is used to configure the designated VLAN as the secondary VLAN of the Private VLAN. To invalid the current secondary VLAN, please use no private-vlan secondary command.
Page 51: Private-Vlan Association
VLAN Configuration Mode (VLAN) Example Associate primary VLAN 3 with secondary VLAN 4 as a private VLAN: TL-SG5428(config)#vlan 3 TL-SG5428(config-vlan)#private-vlan association 4 switchport private-vlan Description The switchport private-vlan command is used to configure the private VLAN mode for the switchport. To invalid the configuration, please use no switchport...
Page 52: Switchport Private-Vlan Host-Association
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure Gigabit Ethernet port 3 as “host”: TL-SG5428(config)#interface gigabitEthernet 1/0/3 TL-SG5428(config-if)#switchport private-vlan host switchport private-vlan host-association Description The switchport private-vlan host-association command is used to add host type port to private VLAN. To remove the port from Private VLAN, please use no switchport private-vlan host-association command.
Page 53: Switchport Private-Vlan Mapping
VLAN 4: TL-SG5428(config)#interface gigabitEthernet 1/0/3 TL-SG5428(config-if)#switchport private-vlan host-association 3 4 switchport private-vlan mapping Description The switchport private-vlan mapping command is used to add promiscuous type port to private VLAN. To remove the port from Private VLAN, please use no switchport private-vlan mapping command.
Page 54 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration information of all Private VLAN: TL-SG5428(config)#show vlan private-vlan...
Page 55: Chapter 8 Gvrp Commands
Command Mode Global Configuration Mode Example Enable the GVRP function globally: TL-SG5428(config)# gvrp gvrp(interface) Description The gvrp command is used to enable the GVRP function for the desired port. To disable the GVRP function of this port, please use no gvrp command. The GVRP feature can only be enabled for the trunk-type ports.
Page 56: Gvrp Registration
Example Enable the GVRP function for ports 2-6: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-6 TL-SG5428(config-if-range)# gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type on the desired port. To restore to the default value, please use no gvrp registration command.
Page 57: Show Gvrp Global
Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the join timer of it to the default value: TL-SG5428(config)# interface gigabitEthernet 1/0/6 TL-SG5428(config-if)# gvrp timer leaveall 2000 TL-SG5428(config-if)# no gvrp timer join show gvrp global Description The show gvrp global command is used to display the global GVRP status.
Page 58: Show Gvrp Interface
—— The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the GVRP configuration information of all Ethernet ports: TL-SG5428(config)# show gvrp interface Display the GVRP configuration information of port 2: TL-SG5428(config)# show gvrp interface gigabitEthernet 1/0/2...
Page 59: Chapter 9 Etherchannel Commands
—— Enable the passive LACP mode. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-4 TL-SG5428(config-if-range)# channel-group 1 mode on...
Page 60: Port-Channel Load-Balance
Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as “src-dst-mac”: TL-SG5428(config)# port-channel load-balance src-dst-mac lacp system-priority Description The lacp system-priority command is used to configure the LACP system priority globally. To return to the default configurations, please use no lacp system-priority command.
Page 61: Lacp Port-Priority
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the LACP port priority as 1024 for ports 1-3: TL-SG5428(config)# interface range gigabitEthernet 1/0/1-3 TL-SG5428(config-if-range)# lacp port-priority 1024 Configure the LACP port priority as 2048 for port 4: TL-SG5428(config)# interface gigabitEthernet 1/0/4...
Page 62: Show Etherchannel Load-Balance
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the detailed information of EtherChannel Group 1: TL-SG5428(config)# show etherchannel 1 detail show etherchannel load-balance Description The show etherchannel load-balance command is used to display the Aggregate Arithmetic of LAG.
Page 63: Show Lacp Sys-Id
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the internal LACP information of EtherChannel Group 1: TL-SG5428(config)# show lacp 1 internal show lacp sys-id Description The show lacp sys-id command is used to display the LACP system priority globally.
Page 64: Chapter 10 User Manage Commands
| enable ——Enable/disable the user. The new added user is enabled by default. Command Mode Global Configuration Mode Example Add and enable a new admin user named tplink, of which the password is password: TL-SG5428(config)# user name tplink password password type admin status enable...
Page 65: User Access-Control Ip-Based
—— The source IP address. Only the users within the IP-range you set here are allowed for login. ip-mask ——The subnet mask of the IP address. Command Mode Global Configuration Mode Example Enable the access-control of the user whose IP address is 192.168.0.148: TL-SG5428(config)# user access-control ip-based 192.168.0.148 255.255.255.255 user access-control mac-based...
Page 66: User Access-Control Port-Based
——The list group of Ethernet ports, in the format of 1/0/1-4. You can appoint 5 ports at most. Command Mode Global Configuration Mode Example Configure that only the users connected to ports 2-6 are allowed to login: TL-SG5428(config)# user access-control port-based interface range gigabitEthernet 1/0/2-6...
Page 67: User Max-Number
Global Configuration Mode Example Configure the maximum number of users’ login as Admin and Guest as 5 and 3: TL-SG5428(config)# user max-num 5 3 user idle-timeout Description The user idle-timeout command is used to configure the timeout time of the switch.
Page 68: Line
Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minutes: TL-SG5428(config)# user idle-timeout 15 line Description The line command is used to enter the Line Configuration Mode and make related configurations for the desired user(s), including the login mode and password configurations.
Page 69: Password
TL-SG5428(config)# line vty 0 5 password Description The password command is used to configure the connection password. To clear the password, please use no password command. Syntax password password no password Parameter password —— Configure the connection password, which contains 16 characters at most, composing digits, English letters and underlines only.
Page 70: Login Local
Configure the login of Console port connection 0 as login mode: TL-SG5428(config)# line console 0 TL-SG5428(config-line)# login Configure the login of virtual terminal connection 0-5 as login mode: TL-SG5428(config)# line vty 0 5 TL-SG5428(config-line)# login login local Description The login local command is used to configure the login of a switch with the user name and password admin/admin.
Page 71: Show User Configuration
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the current users: TL-SG5428(config)# show user account-list show user configuration Description The user configuration command is used to display the security configuration information of the users, including access-control, max-number and the idle-timeout, etc.
Page 72: Chapter 11 Binding Table Commands
Chapter 11 Binding Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be the condition for the ARP Inspection to filter the packets. ip source binding Description The ip source binding command is used to bind the IP address, MAC address, VLAN ID and the Port number together manually.
Page 73: Ip Dhcp Snooping
Bind an entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and Port number 5 manually. And then enable the entry for the ARP detection: TL-SG5428(config)# ip source binding host1 192.168.0.1 00:00:00:00:00:01 vlan 2 interface gigabitEthernet 1/0/5 arp-detection Delete the IP-MAC –VID-PORT entry with the index 5:...
Page 74: Ip Dhcp Snooping Global
Command Mode Global Configuration Mode Example Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, and decline Flow Control as 20 pps for DHCP Snooping: TL-SG5428(config)# ip dhcp snooping global global-rate 30 dec-threshold 20 dec-rate 20...
Page 75: Ip Dhcp Snooping Information Option
Command Mode Global Configuration Mode Example Enable the Option 82 function of DHCP Snooping: TL-SG5428(config)# ip dhcp snooping information option ip dhcp snooping information strategy Description The ip dhcp snooping information strategy command is used to select the operation for the Option 82 field of the DHCP request packets from the Host. To restore to the default option, please use no ip dhcp snooping information strategy command.
Page 76: Ip Dhcp Snooping Information Remote-Id
Example Replace the Option 82 field of the packets with the switch defined one and then send out: TL-SG5428(config)# ip dhcp snooping information strategy replace ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is used to enable and configure the customized sub-option Remote ID for the Option 82.
Page 77: Ip Dhcp Snooping Trust
Example Enable and configure the customized sub-option Circuit ID for the Option 82 as tplink: TL-SG5428(config)# ip dhcp snooping information circuit-id tplink ip dhcp snooping trust Description The ip dhcp snooping trust command is used to configure a port to be a Trusted Port.
Page 78: Ip Dhcp Snooping Mac-Verify
Example Enable the MAC Verify feature for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# ip dhcp snooping mac-verify ip dhcp snooping limit rate Description The ip dhcp snooping limit rate command is used to enable the Flow Control feature for the DHCP packets. The excessive DHCP packets will be discarded.
Page 79: Ip Dhcp Snooping Decline
Example Set the Flow Control of port 2 as 20 pps: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# ip dhcp snooping limit rate 20 ip dhcp snooping decline Description The ip dhcp snooping decline command is used to enable the Decline Protect feature.
Page 80: Show Ip Dhcp Snooping
The show ip dhcp snooping information command is used to display the Option 82 configuration status of DHCP-Snooping. Syntax show ip dhcp snooping information Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Option 82 configuration status of DHCP-Snooping: TL-SG5428# show ip dhcp snooping information...
Page 81: Show Ip Dhcp Snooping Interface Gigabitethernet
[ port ] Parameters port ——The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the DHCP-Snooping configuration of port 2: TL-SG5428# show ip dhcp snooping interface gigabitEthernet 1/0/2...
Page 82: Chapter 12 Arp Inspection Commands
Command Mode Global Configuration Mode Example Enable the ARP Detection function globally: TL-SG5428(config)# ip arp inspection ip arp inspection trust Description The ip arp inspection trust command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port. To clear the Trusted Port list, please use no ip arp detection trust command.
Page 83: Ip Arp Inspection(Interface)
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the ports 2-5 as the Trusted Port: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-5 TL-SG5428(config-if-range)# ip arp inspection trust ip arp inspection(interface) Description The ip arp inspection command is used to enable the ARP Defend function. To disable the ARP detection function, please use no ip arp inspection command.
Page 84: Ip Arp Inspection Limit-Rate
Configure the maximum amount of the received ARP packets per second as 50 pps for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# ip arp inspection limit-rate 50 ip arp inspection recover Description The ip arp inspection recover command is used to restore to the port to the ARP transmit status from the ARP filter status.
Page 85: Show Ip Arp Inspection
Example Restore port 5 to the ARP transmit status: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# ip arp inspection recover show ip arp inspection Description The show ip arp inspection command is used to display the ARP detection global configuration including the enable/disable status and the Trusted Port list.
Page 86: Show Ip Arp Inspection Statistics
TL-SG5428(config)# show ip arp inspection interface Display the configuration of port 2: TL-SG5428(config)# show ip arp inspection interface gigabitEthernet 1/0/2 show ip arp inspection statistics Description The show ip arp inspection statistics command is used to display the number of the illegal ARP packets received.
Page 87: Chapter 13 Ip Verify Source Commands
Enable the IP Verify Source function for gigabitEthernet ports 5-10. Configure that only the packets with its source IP address, source MAC address and port number matched to the IP-MAC binding rules can be processed: TL-SG5428(config)#interface range gigabitEthernet 1/0/5-10 TL-SG5428(config-if-range)#ip verify source sip+mac show ip verify source...
Page 88 Syntax show ip verify source Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the IP Verify Source configuration information: TL-SG5428(config)#show ip verify source...
Page 89: Chapter 14 Dos Defend Command
Command Mode Global Configuration Mode Example Enable the DoS defend function globally: TL-SG5428(config)# ip dos-prevent ip dos-prevent type Description The ip dos-prevent type command is used to select the DoS Defend Type. To disable the corresponding Defend Type, please use no ip dos-prevent type command.
Page 90: Show Ip Dos-Prevent
Command Mode Global Configuration Mode Example Enable the DoS Defend Type named Xma Scan attack: TL-SG5428(config)# ip dos-prevent type xma-scan show ip dos-prevent Description The show ip dos-prevent command is used to display the DoS information of the detected DoS attack, including enable/disable status, the DoS Defend Type.
Page 91: Chapter 15 Ieee 802.1X Commands
Command Mode Global Configuration Mode Example Enable the IEEE 802.1X function: TL-SG5428(config)# dot1x system-auth-control dot1x auth-method Description The dot1x auth-method command is used to configure the Authentication Method of IEEE 802.1X and the default 802.1x authentication method is “eap-md5”.
Page 92: Dot1X Guest-Vlan(Global)
Command Mode Global Configuration Mode Example Configure the Authentication Method of IEEE 802.1X as pap: TL-SG5428(config)# dot1x auth-method pap dot1x guest-vlan(global) Description The dot1x guest-vlan command is used to enable the Guest VLAN function globally. To disable the Guest VLAN function, please use no dot1x guest-vlan command.
Page 93: Dot1X Quiet-Period
Command Mode Global Configuration Mode Example Enable the quiet-period function: TL-SG5428(config)# dot1x quiet-period dot1x timeout Description The dot1x timeout command is used to configure the quiet period and the supplicant timeout. To restore to the default, please use no dot1x timeout command.
Page 94: Dot1X Max-Reauth-Req
Example Configure the quiet period as 100 seconds: TL-SG5428(config)# dot1x timeout quiet-period 100 dot1x max-reauth-req Description The dot1x max-reauth-req command is used to configure the maximum transfer times of the repeated authentication request when the server cannot be connected. To restore to the default value, please use no dot1x max-reauth-req command.
Page 95: Dot1X Guest-Vlan(Interface)
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the IEEE 802.1X function for port 1: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# dot1x dot1x guest-vlan(interface) Description The dot1x guest-vlan command is used to enable the guest VLAN function for a specified port.
Page 96: Dot1X Port-Method
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Control Mode for port 1 as authorized-force: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# dot1x port-control authorized-force dot1x port-method Description The dot1x port-method command is used to configure the control type of IEEE 802.1X for the specified port.
Page 97: Radius
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Control Type for port 1 as port-based: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# dot1x port-method port-based radius Description The radius command is used to configure the parameters of radius.
Page 98: Radius Server-Account
Global Configuration Mode Example Configure the IP address of the accounting server as 10.20.1.100 and password as tplink: TL-SG5428(config)# radius auth-pri 10.20.1.100 auth-key tplink radius server-account Description The radius server-account command is used to enable the accounting feature. To disable the accounting feature, please use no radius server-account command.
Page 99: Show Dot1X Interface
Display the configuration information of 801.X for all ports: TL-SG5428(config)# show dot1x interface Display the configuration information of 801.X for port 1: TL-SG5428(config)# show dot1x interface gigabitEthernet 1/0/1 show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server.
Page 100: Show Radius Authentication
Command Mode Privileged EXEC Mode and Any Configuration Modes Example Display the configuration of the accounting server: TL-SG5428(config)# show radius accounting show radius authentication Description The show radius authentication command is used to display the configuration of the RADIUS authentication server.
Page 101: Chapter 16 System Log Commands
Only the log with the same or smaller severity level value will be output. By default, it is 7 indicating that all the log information will be saved in the log buffer. Command Mode Global Configuration Mode Example Set the severity level as 6: TL-SG5428(config)# logging buffer 6...
Page 102: Logging File Flash
Command Mode Global Configuration Mode Example Enable the log file function and set the severity as 7: TL-SG5428(config)# logging file flash 7 clear logging Description The clear logging command is used to clear the information in the log buffer and log file.
Page 103: Logging Host Index
By default, it is 6 indicating that the log information marked with 0~6 will be sent to the log host. Command Mode Global Configuration Mode Example Enable log host 2 and set its IP address as 192.168.0.148, the level 5: TL-SG5428(config)# logging host index 2 192.168.0.148 5...
Page 104: Show Logging Local-Config
1 to 4. Display the configuration of all the log hosts by default. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of the log host 2: TL-SG5428(config)# show logging loghost 2 show logging buffer Description...
Page 105: Show Logging Flash
Privileged EXEC Mode and Any Configuration Mode Example Display the log information from level 0 to level 5 in the log buffer: TL-SG5428(config)# show logging buffer level 5 show logging flash Description The show logging flash command is used to display the log information in the log file according to the severity level.
Page 106: Chapter 17 Ssh Commands
Command Mode Global Configuration Mode Example Enable the SSH function: TL-SG5428(config)# ip ssh server ip ssh version Description The ip ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ip ssh version command.
Page 107: Ip Ssh Timeout
Example Enable SSH v2: TL-SG5428(config)# ip ssh version v2 ip ssh timeout Description The ip ssh timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use ip ssh timeout command. Syntax...
Page 108: Ip Ssh Download
Example Download a SSH-1 type key file named ssh-key from TFTP server with the IP Address 192.168.0.148: TL-SG5428(config)# ip ssh download v1 ssh-key ip-address 192.168.0.148 show ip ssh Description The show ip ssh command is used to display the global configuration of SSH.
Page 109 Example Display the global configuration of SSH: TL-SG5428(config)# show ip ssh...
Page 110: Chapter 18 Ssl Commands
Command Mode Global Configuration Mode Example Enable the SSL function: TL-SG5428(config)# ip http secure-server ip http secure-server download certificate Description The ip http secure-server download certificate command is used to download a certificate to the switch from TFTP server.
Page 111: Ip Http Secure-Server Download Key
BASE64 encoded. ip-addr —— The IP address of the TFTP server. Command Mode Global Configuration Mode Example Download a SSL key named ssl-key from TFTP server with the IP address of 192.168.0.146: TL-SG5428(config)# ip http secure-server download key ssl-key ip-address 192.168.0.146...
Page 112: Show Ip Http Secure-Server
The show ip http secure-server command is used to display the global configuration of SSL. Syntax show ip http secure-server Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the global configuration of SSL: TL-SG5428(config)# show ip http secure-server...
Page 113: Chapter 19 Mac Address Commands
—— The Ethernet port number of your desired entry. Command Mode Global Configuration Mode Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and port 1 together: TL-SG5428(config)# mac address-table static mac 00:02:58:4f:6c:23 vid 1 interface gigabitEthernet 1/0/1...
Page 114: Mac Address-Table Aging-Time
Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TL-SG5428(config)# mac address-table aging-time 500 mac address-table filtering Description The mac address-table filtering command is used to add the filtering address entry. To delete the corresponding entry, please use no mac address-table filtering command.
Page 115: Mac Address-Table Max-Mac-Count
Global Configuration Mode Example Add a filtering address entry of which VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TL-SG5428(config)# mac address-table filtering mac 00:1e:4b:04:01:5d vid mac address-table max-mac-count Description The mac address-table max-mac-count command is used to configure the Port Security.
Page 116: Show Mac Address-Table Address
Enable Port Security function for port 1, select Static mode as the learn mode, and specify the maximum number of MAC addresses that can be learned on this port as 30: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# mac address-table max-mac-count max-number 30 mode static status enable show mac address-table address Description The show mac address-table address command is used to display the information of all Address entries.
Page 117: Show Mac Address-Table Max-Mac-Count Interface Gigabitethernet
The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the security configuration of all ports: TL-SG5428(config)# show mac address-table max-mac-count interface gigabitEthernet Display the security configuration of port 1: TL-SG5428(config)# show mac address-table max-mac-count interface gigabitEthernet 1/0/1...
Page 118: Show Mac Address-Table Mac-Num
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the address configuration of port 1: TL-SG5428(config)# show mac address-table interface gigabitEthernet 1/0/1 show mac address-table mac-num Description The show mac address-table mac-num command is used to display the total amount of MAC address table.
Page 119: Show Mac Address-Table Vlan
Syntax show mac address-table vlan vid Parameter —— The specified VLAN id. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the MAC address configuration of vlan 1: TL-SG5428(config)# show mac address-table vlan 1...
Page 120: Chapter 20 System Configuration Commands
Command Mode Global Configuration Mode Example Configure the system time as 02/14/2012- 12:30:00: TL-SG5428(config)# system-time manual 02/14/2012-12:30:00 system-time ntp Description The system-time ntp command is used to configure the time zone and the IP Address for the NTP Server. The switch will get UTC automatically if it has connected to a NTP Server.
Page 121 UTC-11:00 —— TimeZone for Coordinated Universal Time-11. UTC-10:00 —— TimeZone for Hawaii. UTC-09:00 —— TimeZone for Alaska. UTC-08:00 —— TimeZone for Pacific Time(US Canada). UTC-07:00 —— TimeZone for Mountain Time(US Canada). UTC-06:00 —— TimeZone for Central Time(US Canada). UTC-05:00 —— TimeZone for Eastern Time(US Canada). UTC-04:30 ——...
Page 122: System-Time Dst Predefined
Configure the system time mode as NTP, the time zone is UTC-12:00, the primary NTP server is 133.100.9.2 and the secondary NTP server is 139.78.100.163, the fetching-rate is 11 hours: TL-SG5428(config)# system-time ntp UTC-12:00 133.100.9.2 139.79.100.163 system-time dst predefined Description The system-time dst predefined command is used to select a predefined DST configuration and the configuration can be recycled.
Page 123: System-Time Dst Recurring
, the end time as 00:00 am on October 1 and the offset as 30 minutes: TL-SG5428(config)# system-time dst date Apr 1 00:00 Oct 1 00:00 30 system-time dst recurring Description The system-time dst recurring command is used to specify the DST configuration in recurring mode.
Page 124: Hostname
Specify the DST start time of the switch as 2:00 am on the first Sunday in May, the end time as 2:00 am on the last Sunday in October and the offset as 45 minutes: TL-SG5428(config)# system-time dst recurring first Sun May 02:00 last Sun Oct 02:00 45 hostname Description The hostname command is used to configure the system name.
Page 125: Location
—— System Name. The length of the name ranges from 1 to 32 characters. By default, it is the device name, for example “TL-SG5428”. Command Mode Global Configuration Mode Example Configure the system name as TPLINK: TL-SG5428(config)# hostname TPLINK...
Page 126: Ip Management-Vlan
Command Mode Global Configuration Mode Example Set the VLAN6 as management VLAN: TL-SG5428(config)# ip management-vlan 6 ip address Description The ip address command is used to configure the system IP Address, Subnet Mask and Default Gateway. To restore to the factory defaults, please use no ip address command.
Page 127: Ip Address-Alloc Dhcp
Configure the system IP as 192.168.0.69 and the Subnet Mask as 255.255.255.0 when the management VLAN of the switch is VLAN1: TL-SG5428(config)# interface vlan 1 TL-SG5428(config-if)# ip address 192.168.0.69 255.255.255.0 ip address-alloc dhcp Description The ip address-alloc dhcp command is used to enable the DHCP Client function.
Page 128: Reset
Interface Configuration Mode (interface vlan) Example Enable the BOOTP Protocol to obtain IP address from BOOTP Server when the management VLAN of the switch is VLAN1: TL-SG5428(config)# interface vlan 1 TL-SG5428(config-if)# ip address-alloc bootp reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch will restore to the factory defaults and your current settings will be lost.
Page 129: Copy Running-Config Startup-Config
Syntax copy running-config startup-config Command Mode Privileged EXEC Mode Example Save current settings: TL-SG5428# copy running-config startup-config copy startup-config tftp Description The copy startup-config tftp command is used to backup the configuration file to TFTP server. Syntax copy startup-config tftp ip-address ip-addr filename name Parameter ip-addr ——...
Page 130: Copy Tftp Startup-Config
TL-SG5428# copy startup-config tftp ip-address 192.168.0.148 filename config.cfg copy tftp startup-config Description The copy tftp startup-config command is used to download the configuration file to the switch from TFTP server. Syntax copy tftp startup-config ip-address ip-addr filename name Parameter ip-addr —— IP Address of the TFTP server.
Page 131 Example Upgrade the switch system file named as firmware.bin via the TFTP server with the IP address 192.168.0.148: TL-SG5428# firmware upgrade ip-address 192.168.0.148 filename firmware.bin...
Page 132: Ping
192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 milliseconds. If there is not any response after 8 times’ Ping test, the connection between the switch and the network device is failed to establish: TL-SG5428# ping 192.168.0.131 –n 8 –l 512 tracert Description The tracert command is used to test the connectivity of the gateways during its journey from the source to destination of the test data.
Page 133: Loopback Interface
Command Mode User EXEC Mode and Privileged EXEC Mode Example Do an Internal-type loopback test for port 1: TL-SG5428# loopback interface gigabitEthernet 1/0/1 internal Do an External-type loopback test for port 1: TL-SG5428# loopback interface gigabitEthernet 1/0/1 external show system-time...
Page 134: Show System-Time Dst
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the DST time information of the switch TL-SG5428# show system-time dst show system-time ntp Description The show system-time ntp command is used to display the NTP mode configuration information.
Page 135: Show System-Info
Parameter port —— The number of the port which is selected for Cable test. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Show the cable-diagnostics of port 3: TL-SG5428# show cable-diagnostics interface gigabitEthernet 1/0/3...
Page 136: Chapter 21 Ethernet Configuration Commands
Command Mode Global Configuration Mode Example To enter the Interface gigabitEthernet Configuration Mode and configure port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 interface range gigabitEthernet Description The interface range gigabitEthernet command is used to enter the interface range gigabitEthernet Configuration Mode and configure multiple Gigabit Ethernet ports at the same time.
Page 137: Description
Example To enter the Interface range gigabitEthernet Configuration Mode, and configure ports 1, 2, 3, 6, 7 and 9 at the same time by adding them to one port-list: TL-SG5428(config)# interface range gigabitEthernet 1/0/1-3,1/0/6-7,1/0/9 description Description The description command is used to add a description to the Ethernet port. To clear the description of the corresponding port, please use no description command.
Page 138: Flow-Control
The media-type command is used to configure the media type of Combo port. For a Combo port, the media type should be configured before you set its speed and mode. This command does not apply to TL-SG5428 since TL-SG5428 has no Combo port.
Page 139: Duplex
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Duplex Mode as full-duplex for port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# duplex full speed Description The speed command is used to configure the Speed Mode for an Ethernet port.
Page 140: Storm-Control Broadcast
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Speed Mode as 100Mbps for port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# speed 100 storm-control broadcast Description The storm-control broadcast command is used to enable the broadcast control function.
Page 141: Storm-Control Multicast
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the multicast control function for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# storm-control multicast storm-control unicast Description The storm-control unicast command is used to enable the unicast control function.
Page 142: Storm-Control Rate
Enable the unicast control function for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# storm-control unicast storm-control rate Description The storm-control rate command is used to configure storm control rate. To disable the storm control function, please use no storm-control rate command.
Page 143: Clear Counters
Example Configure the ingress-rate as 5120Kbps and egress-rate as 1024Kbps for port TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# bandwidth ingress 5120 egress 1024 clear counters Description The clear counters command is used to clear the statistic information of all the Ethernet ports.
Page 144: Show Interface Counters
Example Display the connective-status of all ports: TL-SG5428(config)# show interface status Display the connective-status of port 1: TL-SG5428(config)# show interface gigabitEthernet 1/0/1 status show interface counters Description The show interface counters command is used to display the statistic information of all ports or an Ethernet port.
Page 145: Show Interface Flowcontrol
Example Display the description of all Ethernet ports: TL-SG5428(config)# show interface description Display the description of port 2: TL-SG5428(config)# show interface gigabitEthernet 1/0/2 description show interface flowcontrol Description The show interface flowcontrol command is used to display the flow-control information of an Ethernet port.
Page 146: Show Storm-Control
Example Display the configurations of all Ethernet ports: TL-SG5428(config)# show interface configuration Display the configurations of port 2: TL-SG5428(config)# show interface gigabitEthernet 1/0/2 configuration show storm-control Description The show storm-control command is used to display the storm-control information of Ethernet ports.
Page 147 }] Parameter port —— The Ethernet port number. port-list —— The list of the Ethernet ports. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the bandwidth-limit information of port 4: TL-SG5428(config)# show bandwidth interface gigabitEthernet 1/0/4...
Page 148: Chapter 22 Qos Commands
CoS value of the ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. Example Configure the priority of port 5 as 3: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# qos 3 qos cos Description The qos cos command is used to enable the mapping relation between IEEE802.1P Priority and TC egress queue.
Page 149: Qos Dscp
Example Enable the mapping relation between IEEE 802.1P Priority and egress queue: TL-SG5428(config)# qos cos qos dscp Description The qos dscp command is used to enable the mapping relation between DSCP Priority and CoS value.
Page 150: Qos Queue Dscp-Map
Among the priority levels TC0-TC3, the bigger value, the higher priority. Example Map CoS 5 to TC 2.: TL-SG5428(config)# qos queue cos-map 5 2 qos queue dscp-map Description The qos queue dscp-map command is used to configure the mapping relation between DSCP Priority and the CoS value.
Page 151: Qos Queue Mode
(0-7)-CoS 0, (8-15)-CoS 1, (16-23)-CoS 2, (24-31)-CoS 3, (32-39)-CoS 4, (40-47)-CoS 5, (48-55)-CoS 6, (56-63)-CoS 7. Example Map DSCP values 10-12 to CoS 2: TL-SG5428(config)# qos queue dscp-map 10-12 2 qos queue mode Description The qos queue mode command is used to configure the Schedule Mode. To return to the default configuration, please use no qos queue mode command.
Page 152: Show Qos Interface
Command Mode Global Configuration Mode Example Specify the Schedule Mode as Weight Round Robin Mode: TL-SG5428(config)# qos queue mode wrr show qos interface Description The show qos interface command is used to display the configuration of QoS based on port priority.
Page 153: Show Qos Cos-Map
Display the configuration of QoS for port 5: TL-SG5428# show qos interface gigabitEthernet 1/0/5 Display the configuration of QoS for ports 1-4: TL-SG5428# show qos interface range gigabitEthernet 1/0/1-4 show qos cos-map Description The show qos cos-map command is used to display the configuration of IEEE 802.1P Priority and the mapping relation between cos-id and tc-id.
Page 154: Show Qos Status
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the schedule rule of the egress queues: TL-SG5428# show qos queue mode show qos status Description The show qos status command is used to display the status of IEEE 802.1P priority and DSCP priority.
Page 155: Chapter 23 Port Mirror Commands
—— The Ethernet port number. Command Mode Global Configuration Mode Example Create monitor session 1 and configure port 1 as the monitoring port: TL-SG5428(config)# monitor session destination interface gigabitEthernet 1/0/1 Delete the monitor session 1: TL-SG5428(config)# no monitor session 1...
Page 156: Monitor Session Source Interface
monitor session source interface Description The monitor session source interface command is used to configure the monitored port. To delete the corresponding monitored port, please use no monitor session source interface command. Syntax monitor session session_num source interface gigabitEthernet port-list mode no monitor session session_num source interface gigabitEthernet port-list mode...
Page 157: Show Monitor Session
TL-SG5428(config)# monitor session 1 source interface gigabitEthernet 1/0/4-5,1/0/7 rx Delete port 4 in monitor session 1 and its configuration: TL-SG5428(config)# monitor session source interface gigabitEthernet 1/0/4 rx show monitor session Description The show monitor session command is used to display the configuration of port monitoring.
Page 158: Chapter 24 Port Isolation Commands
Set port 1, 2, and 4 to the forward port list of port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# port isolation gi-forward-list 1/0/1-2,1/0/4 Set all Ethernet ports to forward port list of port 2, namely restore to the default setting:...
Page 159 The number of Ethernet port you want to show its forward port list, in the format of 1/0/2. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the forward-list of port 2: TL-SG5428# show port isolation interface gigabitEthernet 1/0/2 Display the forward-list of all Ethernet ports: TL-SG5428# show port isolation interface...
Page 160: Chapter 25 Loopback Detection Commands
Command Mode Global Configuration Mode Example Enable the loopback detection function globally: TL-SG5428(config)# loopback-detection loopback-detection interval Description The loopback-detection interval command is used to define the interval of sending loopback detection packets from switch ports to network, aiming at detecting network loops periodically.
Page 161: Loopback-Detection Recovery-Time
Example Specify the interval-time as 50 seconds: TL-SG5428(config)# loopback-detection interval 50 loopback-detection recovery-time Description The loopback-detection recovery-time command is used to configure the time after which the blocked port would automatically recover to normal status. Syntax loopback-detection recovery-time recovery-time Parameter recovery-time ——...
Page 162: Loopback-Detection Config
TL-SG5428(config)# interface range gigabitEthernet 1/0/1-3 TL-SG5428(Config-if-range)# loopback-detection loopback-detection config Description The loopback-detection config command is used to configure the process-mode and recovery-mode for the ports by which the switch copes with the detected loops. Syntax loopback-detection config [ process-mode { alert | port-based }]...
Page 163: Show Loopback-Detection Global
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Recover the blocked port 2 to normal status: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# loopback-detection recover show loopback-detection global Description The show loopback-detection global command is used to display the global configuration of loopback detection function such as loopback detection global status, loopback detection interval and loopback detection recovery time.
Page 164: Command Mode
Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of loopback detection function and the status of all ports: TL-SG5428# show loopback-detection interface Display the configuration of loopback detection function and the status of port 5: TL-SG5428# show loopback-detection interface gigabitEthernet 1/0/5...
Page 165: Chapter 26 Acl Commands
—— The Time-Range name, ranging from 1 to 16 characters. Command Mode Global Configuration Mode Example Add a time-range named “tRange1”: TL-SG5428(config)# time-range tRange1 absolute Description The absolute command is used to configure a Time-Range into an absoluteness mode. To delete the corresponding absoluteness mode Time-range, please use no absolute command.
Page 166: Periodic
Time-range Create Configuration Mode Example Configure the time-range “tRange1” with time from May 5, 2012 to Oct. 5, 2012: TL-SG5428(config)# time-range tRange1 TL-SG5428(config-time-range)# absolute start 05/05/2012 end 10/05/2012 periodic Description The periodic command is used to configure the Time-Range into an periodic mode.
Page 167: Holiday
TL-SG5428(config-time-range)# periodic week-date off-day time-slice1 08:30-12:00 holiday Description The holiday command is used to configure the time-range into Holiday Mode under Time-range Create Configuration Mode. To delete the corresponding Holiday Mode time-range, please use no holiday command. Syntax holiday no holiday...
Page 168: Access-List Create
Example Define National Day, configuring the start date as October 1st, and the end date as October 3rd: TL-SG5428(config)# holiday nationalday start-date 10/01 end-date 10/03 access-list create Description The access-list create command is used to create standard-IP ACL and extend-IP ACL.
Page 169: Access-List Standard
Example Create a MAC ACL whose ID is 23: TL-SG5428(config)# mac access-list 23 access-list standard Description The access-list standard command is used to add Standard-IP ACL rule. To delete the corresponding rule, please use no access-list standard command. Standard-IP ACLs analyze and process data packets based on a series of match conditions, which can be the source IP addresses and destination IP addresses carried in the packets.
Page 170: Access-List Extended
255.255.255.0, the time-range for the rule to take effect is “tRange1”, and the packets match this rule will be forwarded by the switch: TL-SG5428(config)# access-list create 120 TL-SG5428(config)# access-list standard rule permit 192.168.0.100 smask 255.255.255.0 tseg tRange1 access-list extended Description The access-list extended command is used to add Extended-IP ACL rule.
Page 171: Rule
IP address is 192.168.0.100, the source IP address mask is 255.255.255.0, the time-range for the rule to take effect is “tRange1”, and the packets match this rule will be forwarded by the switch: TL-SG5428(config)# access-list create 220 TL-SG5428(config)# access-list...
Page 172: Access-List Policy Name
11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule to take effect is “tRange1”, and the packets match this rule will be forwarded by the switch: TL-SG5428(config)# mac access-list 20 TL-SG5428(config-mac-acl)# rule 10 permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tRange1 access-list policy name Description The access-list policy name command is used to add Policy.
Page 173: Access-List Policy Action
Command Mode Global Configuration Mode Example Add ACL whose ID is 120 to policy1 and create an action for them: TL-SG5428(config)# access-list policy action policy1 120 redirect interface Description The redirect interface command is used to configure Direction function of policy action for specified ports.
Page 174: S-Condition
Edit the actions for policy1. For the data packets matching ACL 120 in the policy, if the rate beyond 1000kbps, they will be discarded by the switch: TL-SG5428(config)# access-list policy action policy1 120 TL-SG5428(config-action)# s-condition rate 1000 osd discard s-mirror...
Page 175: Access-List Bind(Interface)
ACL 120 as port 2: TL-SG5428(config)# access-list policy action policy1 120 TL-SG5428(config-action)# s-mirror interface gigabitEthernet 1/0/2 access-list bind(interface) Description The access-list bind command is used to bind a policy to a specified port. To cancel the bind relation, please use no access-list bind command.
Page 176: Show Time-Range
Example Bind policy1 to VLAN 2: TL-SG5428(config)# interface vlan 2 TL-SG5428(config-if)# access-list bind policy1 show time-range Description The show time-range command is used to display the configuration of Time-Range. Syntax show time-range Command Mode Privileged EXEC Mode and Any Configuration Mode...
Page 177: Show Access-List Policy
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of a policy named policy1: TL-SG5428(config)# show access-list policy policy1 show access-list bind Description The show access-list bind command is used to display the configuration of Policy bind.
Page 178 Example Display the configuration of Policy bind: TL-SG5428(config)# show access-list bind...
Page 179: Chapter 27 Mstp Commands
The spanning-tree command is used to enable STP function for a port. To disable the STP function, please use no spanning-tree command. Syntax spanning-tree no spanning-tree Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the STP function for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2...
Page 180: Spanning-Tree Common-Config
TL-SG5428(config-if)# spanning-tree spanning-tree common-config Description The spanning-tree common-config command is used to configure the parameters of the ports for comparison in the CIST and the common parameters of all instances. To return to the default configuration, please use no spanning-tree common-config command. CIST (Common and Internal Spanning Tree) is the spanning tree in a switched network, connecting all devices in the network.
Page 181: Spanning-Tree Mode
Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# spanning-tree common-config port-priority 64 ext-cost 100 int-cost 100 portfast enable point-to-point open spanning-tree mode...
Page 182: Instance
— — The VLAN ID selected to mapping with the corresponding instance. Command Mode MST Configuration Mode Example Map the VLANs 1-100 to Instance 1: TL-SG5428(config)# spanning-tree mst configuration TL-SG5428(config-mst)# instance 1 vlan 1-100 Disable Instance 1, namely remove all the mapping VLANs 1-100: TL- SG5428(config)# spanning-tree mst configuration...
Page 183: Name
TL- SG5428(config-mst)# no instance 1 Remove VLANs 1-50 in mapping VLANs 1-100 for Instance 1: TL-SG5428(config)# spanning-tree mst configuration TL-SG5428(config-mst)# no instance 1 vlan 1-50 name Description The name command is used to configure the region name of MST instance.
Page 184: Spanning-Tree Mst Instance
Command Mode Global Configuration Mode Example Enable the MST Instance 1 and configure its priority as 4096: TL-SG5428(config)# spanning-tree mst instance 1 priority 4096 spanning-tree mst Description The spanning-tree mst command is used to configure MST Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree mst command.
Page 185: Spanning-Tree Priority
Example Configure the priority of port 1 in MST Instance 1 as 64, and path cost as 2000: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# spanning-tree mst instance 1 port-priority 64 cost 2000 spanning-tree priority Description The spanning-tree priority command is used to configure the bridge priority. To return to the default value of bridge priority, please use no spanning-tree priority command.
Page 186: Spanning-Tree Tc-Defend
Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets and TC Protect Cycle as 10 seconds: TL-SG5428(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree timer Description The spanning-tree timer command is used to configure forward-time, hello-time and max-age of Spanning Tree. To return to the default configurations, please use no spanning-tree timer command.
Page 187: Spanning-Tree Hold-Count
Global Configuration Mode Example Configure forward-time, hello-time and max-age for Spanning Tree as 16 seconds, 3 seconds and 22 seconds respectively: TL-SG5428(config)# spanning-tree timer forward-time 16 hello-time 3 max-age 22 spanning-tree hold-count Description The spanning-tree hold-count command is used to configure the maximum number of BPDU packets transmitted per Hello Time interval.
Page 188: Spanning-Tree Max-Hops
TL-SG5428(config)# spanning-tree hold-count 8 spanning-tree max-hops Description The spanning-tree max-hops command is used to configure the maximum number of hops that occur in a specific region before the BPDU is discarded. To return to the default configurations, please use no spanning-tree max-hops command.
Page 189: Spanning-Tree Bpduguard
Example Enable the BPDU filter function for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# spanning-tree bpdufilter spanning-tree bpduguard Description The spanning-tree bpduguard command is used to enable the BPDU protect function for a port. With the BPDU protect function enabled, the port will set itself automatically as ERROR-PORT when it receives BPDU packets, and the port will disable the forwarding function for a while.
Page 190: Spanning-Tree Guard Root
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the Loop Protect function for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# spanning-tree guard loop spanning-tree guard root Description The spanning-tree guard root command is used to enable the Root Protect function for a port.
Page 191: Spanning-Tree Mcheck
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the TC Protect of Spanning Tree for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# spanning-tree guard tc spanning-tree mcheck Description The spanning-tree mcheck command is used to enable mcheck.
Page 192: Show Spanning-Tree Bridge
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the active information of spanning-tree: TL-SG5428(config)# show spanning-tree active show spanning-tree bridge Description The show spanning-tree bridge command is used to display the bridge parameters. Syntax...
Page 193: Show Spanning-Tree Interface-Security
Example Display the spanning-tree information of all ports: TL-SG5428(config)# show spanning-tree interface Display the spanning-tree information of port 2: TL-SG5428(config)# show spanning-tree interface gigabitEthernet 1/0/2 Display the spanning-tree mode information of port 2: TL-SG5428(config)# show spanning-tree interface gigabitEthernet 1/0/2 mode...
Page 194: Show Spanning-Tree Mst
Display the region information and mapping information of VLAN and MST Instance: TL-SG5428(config)#show spanning-tree mst configuration Display the related information of MST Instance 1: TL-SG5428(config)#show spanning-tree mst instance 1 Display all the ports information of MST Instance 1: TL-SG5428(config)#show spanning-tree mst instance 1 interface...
Page 195: Chapter 28 Igmp Commands
Command Mode Global Configuration Mode Example Enable IGMP Snooping function: TL-SG5428(config)# ip igmp snooping ip igmp snooping(interface) Description The ip igmp snooping command is used to enable the IGMP Snooping function for the desired port. To disable the IGMP Snooping function, please use no ip igmp snooping command.
Page 196: Ip Igmp Snooping Immediate-Leave
Example Enable the Fast Leave function for port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# ip igmp snooping immediate-leave ip igmp snooping drop-unknown Description The ip igmp snooping drop-unknown command is used to process the unknown multicast as discard. To disable the operation of processing the unknown multicast as discard, please use no ip igmp snooping drop-unknown command.
Page 197: Ip Igmp Snooping Vlan-Config
ip igmp snooping vlan-config Description The ip igmp snooping vlan-config command is used to enable VLAN IGMP Snooping function or to modify IGMP Snooping parameters, and to create static multicast IP entry. To disable the VLAN IGMP Snooping function, please use no ip igmp snooping vlan-config command.
Page 198: Ip Igmp Snooping Multi-Vlan-Config
Member Port Time as 200 seconds for VLAN 1-3, and set the Leave time as 15 seconds for VLAN 1-2: TL-SG5428(config)# ip igmp snooping vlan-config 1-3 rtime 300 TL-SG5428(config)# ip igmp snooping vlan-config 1-3 mtime 200 TL-SG5428(config)# ip igmp snooping vlan-config 1-2 ltime 15 Add static multicast IP address 225.0.0.1, which corresponds to VLAN 2, and...
Page 199: Ip Igmp Snooping Filter Add-Id
Enable Multicast VLAN 3, and configure Router Port Time as 100 seconds, Member Port Time 100 seconds, Leave Time 3 seconds, and Static Router Port port 3: TL-SG5428(config)# ip igmp snooping multi-vlan-config 3 rtime 100 TL-SG5428(config)# ip igmp snooping multi-vlan-config 3 mtime 100 TL-SG5428(config)# ip igmp snooping multi-vlan-config 3 ltime 3...
Page 200: Ip Igmp Snooping Filter(Global)
Global Configuration Mode Example Modify the multicast IP-range whose ID is 3 as 225.1.1.1~226.3.2.1: TL-SG5428(config)# ip igmp snooping filter 3 225.1.1.1 226.3.2.1 ip igmp snooping filter(interface) Description The ip igmp snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp snooping filter command.
Page 201: Ip Igmp Snooping Filter Maxgroup
Example Specify the maximum number of multicast groups for ports 2-5 to join in as 10: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-5 TL-SG5428(config-if-range)# ip igmp snooping filter maxgroup 10 ip igmp snooping filter mode Description The ip igmp snooping filter mode command is used to configure the Action...
Page 202: Show Ip Igmp Snooping
Example Specify the Action Mode as accept for port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# ip igmp snooping filter mode accept show ip igmp snooping Description The show ip igmp snooping command is used to display the global configuration of IGMP snooping.
Page 203: Show Ip Igmp Snooping Vlan
Privileged EXEC Mode and Any Configuration Mode Example Display the IGMP filter configuration of all ports: TL-SG5428# show ip igmp snooping interface gigabitEthernet filter Display the IGMP basic configuration of port 2: TL-SG5428# show ip igmp snooping interface gigabitEthernet 1/0/2...
Page 204: Show Ip Igmp Snooping Multi-Vlan
TL-SG5428# show ip igmp snooping vlan 2 show ip igmp snooping multi-vlan Description The show ip igmp snooping multi-vlan command is used to display the Multicast VLAN configuration. Syntax show ip igmp snooping multi-vlan Command Mode Privileged EXEC Mode and Any Configuration Mode...
Page 205: Show Ip Igmp Snooping Filter
TL-SG5428(config)#show ip igmp snooping groups vlan 5 static Display the count of dynamic multicast entries of VLAN 5 TL-SG5428(config)#show ip igmp snooping groups vlan 5 dynamic count Display the count of static multicast entries of VLAN 5 TL-SG5428(config)#show ip igmp snooping groups vlan 5 static count...
Page 206: Chapter 29 Snmp Commands
Command Mode Global Configuration Mode Example Enable the SNMP function: TL-SG5428(config)# snmp-server snmp-server view Description The snmp-server view command is used to add View. To delete the corresponding View, please use no snmp-server view command. The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs.
Page 207: Snmp-Server Group
Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: TL-SG5428(config)# snmp-server view view1 1.3.6.1.6.3.20 include snmp-server group Description The snmp-server group command is used to manage and configure the SNMP group.
Page 208: Snmp-Server User
View viewDefault as read-write, besides the notification messages sent by View viewDefault can be received by Management station: TL-SG5428(config)# snmp-server group group1 smode v3 slev authNoPriv read viewDefault write viewDefault notify viewDefault Delete group 1:...
Page 209 Security Level of the group as authPriv, the Authentication Mode of the user as MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TL-SG5428(config)# snmp-server user admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222...
Page 210: Snmp-Server Community
Global Configuration Mode Example Add community public, and the community has read-write management right to View viewDefault: TL-SG5428(config)# snmp-server community public read-write viewDefault snmp-server host Description The snmp-server host command is used to add Notification. To delete the corresponding Notification, please use no snmp-server host command.
Page 211 Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the retries time as 100: TL-SG5428(config)# snmp-server host 192.168.0.146 162 admin smode v2c type inform retries 100 timeout 1000...
Page 212: Snmp-Server Engineid
Command Mode Global Configuration Mode Example Specify the local engineID as 1234567890, and the remote engineID as abcdef123456: TL-SG5428(config)# snmp-server engineID local 1234567890 remote abcdef123456 snmp-server traps snmp Description The snmp-server traps snmp command is used to enable SNMP standard traps which include four types: linkup, linkdown, warmstart and coldstart.
Page 213: Snmp-Server Traps Link-Status
Command Mode Global Configuration Mode Example Enable SNMP standard linkup trap for the switch: TL-SG5428(config)# snmp-server traps snmp linkup snmp-server traps link-status Description The snmp-server traps link-status command is used to enable SNMP link status trap for the specified port. To disable the sending of SNMP link status trap, please use no snmp-server traps link-status command.
Page 214: Snmp-Server Traps
—— Enable spanning-tree trap. It is sent when the port forwarding status changes or the port receives TCN packet or packet with TC flag. Command Mode Global Configuration Mode Example Enable SNMP extended bandwidth-control trap for the switch: TL-SG5428(config)# snmp-server traps bandwidth-control...
Page 215: Snmp-Server Traps Mac
Enable all SNMP extended MAC address-related traps for the switch: TL-SG5428(config)# snmp-server traps mac Enable new MAC address trap only for the switch: TL-SG5428(config)# snmp-server traps mac new snmp-server traps vlan Description The snmp-server traps vlan command is used to enable SNMP extended VLAN-related traps which include two types: create and delete.
Page 216: Rmon History
Enable all SNMP extended VLAN-related traps for the switch： TL-SG5428(config)# snmp-server traps vlan Enable VLAN-created trap only for the switch: TL-SG5428(config)# snmp-server traps vlan create rmon history Description The rmon history command is used to configure the history sample entry. To return to the default configuration, please use no rmon history command.
Page 217: Rmon Event
Global Configuration Mode Example Configure the sample port as Gi1/0/2 and the sample interval as 100 seconds for the entry 1-3: TL-SG5428(config)# rmon history 1-3 interface gigabitEthernet 1/0/2 interval 100 owner owner1 rmon event Description The rmon event command is used to configure the entries of SNMP-RMON Event.
Page 218: Rmon Alarm
Configure the user name of entry 1, 2, 3 and 4 as user1, the description of the event as description1, the type of event as log and the owner of the event as owner1: TL-SG5428(config)# rmon event 1-4 user user1 description description1 type log owner owner1 rmon alarm...
Page 219: Show Snmp-Server
Global Configuration Mode Example Configure the port of entries of 1,2 and 3 as port 2, the owners as owner1 and the alarm intervals as 100 seconds TL-SG5428(config)# rmon alarm 1-3 interface gigabitEthernet 1/0/2 owner owner1 interval 100 show snmp-server Description The show snmp-server command is used to display SNMP configuration globally.
Page 220: Show Snmp-Server View
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the View table: TL-SG5428# show snmp-server view show snmp-server group Description The show snmp-server group command is used to display the Group table. Syntax show snmp-server group...
Page 221: Show Snmp-Server Community
Syntax show snmp-server user Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the User table: TL-SG5428# show snmp-server user show snmp-server community Description The show snmp-server community command is used to display the Community table. Syntax show snmp-server community...
Page 222: Show Rmon History
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the engineID: TL-SG5428# show snmp-server engineID show rmon history Description The show rmon history command is used to display the configuration of the history sample entry.
Page 223: Show Rmon Alarm
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Event configuration of entry1-4: TL-SG5428# show rmon event 1-4 show rmon alarm Description The show rmon alarm command is used to display the configuration of the Alarm Management entry.
Page 224: Chapter 30 Lldp Commands
Command Mode Global Configuration Mode Example Enable LLDP function globally: TL-SG5428(config)# lldp lldp hold-multiplier Description The lldp hold-multiplier command is used to configure the Hold Multiplier parameter. The aging time of the local information in the neighbor device is determined by the actual TTL value used in the sending LLDPDU.
Page 225: Lldp Timer
Command Mode Global Configuration Mode Example Specify Hold Multiplier as 5: TL-SG5428(config)# lldp hold-multiplier 5 lldp timer Description The lldp timer command is used to configure the parameters about transmission. To return to the default configuration, please use no lldp timer command.
Page 226: Lldp Receive
Global Configuration Mode Example Specify the Transmit Interval of LLDPDU as 45 seconds and Trap message to NMS as 120 seconds: TL-SG5428(config)# lldp timer tx-interval 45 TL-SG5428(config)# lldp timer notify-interval 120 lldp receive Description The lldp receive command is used to enable the designated port to receive LLDPDU.
Page 227: Lldp Snmp-Trap
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable port 1 to transmit LLDPDU: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# lldp transmit lldp snmp-trap Description The lldp snmp-trap command is used to enable the port’s SNMP notification. If enabled, the port will notify the trap event to network management system.
Page 228: Show Lldp
Example Exclude “management-address” and “port-vlan-id” TLVs in LLDPDU outgoing from port 1: TL-SG5428(config)# interface gigabitEthernet 1/0/1 TL-SG5428(config-if)# no lldp tlv-select management-address port-vlan show lldp Description The show lldp command is used to display the global configuration of LLDP and LLDP-MED fast start repeat count number.
Page 229: Show Lldp Local-Information Interface
Privileged EXEC Mode and Any Configuration Mode Example Display the LLDP and LLDP-MED local information of port 1: TL-SG5428# show lldp local-information interface gigabitEthernet 1/0/1 show lldp neighbor-information interface Description The show lldp neighbor-information interface command is used to display...
Page 230: Show Lldp Traffic Interface
Privileged EXEC Mode and Any Configuration Mode Example Display the LLDP and LLDP-MED neighbor information of port 1: TL-SG5428# show lldp neighbor-information interface gigabitEthernet 1/0/1 show lldp traffic interface Description The show lldp traffic interface command is used to display the LLDP statistic information between the local device and neighbor device of the corresponding port.
Page 231: Chapter 31 Cluster Commands
NDP packets from this switch. Aging Time ranges from 5 to 255 in seconds. By default, it is 180. Command Mode Global Configuration Mode Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TL-SG5428(config)# cluster ndp...
Page 232: Cluster Ntdp
TL-SG5428(config)# cluster ndp timer hello 50 aging 120 Change Aging Time to 80 seconds: TL-SG5428(config)# cluster ndp timer aging 80 Change Hello Time to 80 seconds: TL-SG5428(config)# cluster ndp timer hello 80 cluster ntdp Description The cluster ntdp command is used to configure NTDP globally. To return to the default configuration, please use no cluster ntdp command.
Page 233: Cluster Explore
Example Enable NTDP function globally, and specify NTDP Hops as 5, NTDP Interval Time as 30 minutes: TL-SG5428(config)# cluster ntdp TL-SG5428(config)# cluster ntdp timer interval-timer 30 TL-SG5428(config)# cluster ntdp hop 5 cluster explore Description The cluster explore command is used to manually collect the topology information.
Page 234: Cluster Ip Pool
Example Enable NDP and NTDP function for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# cluster ndp enable ntdp enable cluster ip pool Description The cluster ip pool command is used to create a new cluster. If no specified cluster name is set through cluster commander command, the newly created cluster will enjoy the system default name “tplink-cluster”.
Page 235: Cluster Manage
Interval Time ranges from 1 to 255 in seconds. It is 20 by default. Command Mode Global Configuration Mode Example Specify the Hold Time and Interval Time of the cluster as 50 seconds: TL-SG5428(config)#cluster manage holdtime 50 TL-SG5428(config)#cluster manage timer 50 cluster member...
Page 236: Cluster Candidate
Command Mode Global Configuration Mode Example Add the switch whose MAC address is 00:74:5D:61:67:48 to the cluster: TL-SG5428(config)#cluster member mac-address 00:74:5D:61:67:48 cluster candidate Description The cluster candidate command is used to specify the current switch as candidate switch.
Page 237: Show Cluster Ndp
Display the NDP configuration of all Ethernet ports: TL-SG5428# show cluster ndp interface Display the NDP configuration of port 2: TL-SG5428# show cluster ndp interface gigabitEthernet 1/0/2 show cluster ntdp Description The show cluster ntdp command is used to display NTDP configuration or the information of device collected through NTDP.
Page 238: Show Cluster Neighbour
Display the NTDP configuration of all Ethernet ports: TL-SG5428#show cluster ntdp interface Display the NTDP configuration of port 2: TL-SG5428# show cluster ntdp interface gigabitEthernet 1/0/2 Display the information of device collected through NTDP: TL-SG5428# show cluster ntdp device-list show cluster neighbour...
Page 239: Show Cluster Member
The show cluster manage role command is used to display the cluster role of the current switch. Syntax show cluster manage role Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the role of the current switch: TL-SG5428(config)# show cluster manage role...

This manual is also suitable for:

Tl-sg5412f

TP-Link TL-SG5428 Cli Reference Manual

Chapter 1 Using the CLI

Chapter 2 User Interface

Chapter 3 IEEE 802.1Q VLAN Commands

Chapter 4 Protocol VLAN Commands

Chapter 5 VLAN-VPN Commands

Chapter 6 Voice VLAN Commands

Chapter 7 Private VLAN Commands

Chapter 8 GVRP Commands

Chapter 9 Etherchannel Commands

Chapter 10 User Manage Commands

Chapter 11 Binding Table Commands

Chapter 12 ARP Inspection Commands

Chapter 13 IP Verify Source Commands

Chapter 14 Dos Defend Command

Chapter 15 IEEE 802.1X Commands

Chapter 16 System Log Commands

Chapter 17 SSH Commands

Chapter 18 SSL Commands

Chapter 19 MAC Address Commands

Chapter 20 System Configuration Commands

Chapter 21 Ethernet Configuration Commands

Chapter 22 Qos Commands

Chapter 23 Port Mirror Commands

Chapter 24 Port Isolation Commands

Chapter 25 Loopback Detection Commands

Chapter 26 ACL Commands

Chapter 27 MSTP Commands

Quick Links

Related Manuals for TP-Link TL-SG5428

Summary of Contents for TP-Link TL-SG5428