Page 2
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 5
Chapter 8 SSH Commands................. 46 ip ssh server ..........................46 ip ssh version ........................46 ip ssh timeout ........................47 ip ssh max-client........................47 ip ssh download........................48 show ip ssh..........................48 Chapter 9 SSL Commands ................. 50 ip http secure-server......................50 ip http secure-server download certificate ................50 ip http secure-server download key ..................51 show ip http secure-server ....................52 Chapter 10 MAC Address Commands..............
Page 6
ip address-alloc dhcp ......................67 ip address-alloc bootp ......................68 reset ............................68 reboot ............................69 copy running-config startup-config ..................69 copy startup-config tftp ......................70 copy tftp startup-config ......................70 firmware upgrade ........................71 ping ............................71 tracert ............................72 loopback interface gigabitEthernet ..................73 show system-info........................73 show running-config ......................74 show system-time........................74 show system-time dst ......................74 show system-time ntp......................75...
Page 7
Chapter 13 QoS Commands................. 88 qos ............................88 qos dscp ..........................88 qos queue cos-map .......................89 qos queue dscp-map ......................90 qos queue mode........................91 show qos interface ........................92 show qos cos-map ........................92 show qos dscp-map ......................93 show qos queue mode ......................93 show qos status........................93 Chapter 14 Port Mirror Commands ..............
Page 8
access-list bind(interface)....................110 access-list bind(vlan) ......................110 show access-list ........................111 show access-list policy ......................111 show access-list bind ......................112 Chapter 18 DHCP Filtering Commands..............113 ip dhcp filtering ........................113 ip dhcp filtering trust ......................113 show ip dhcp filtering ......................114 show ip dhcp filtering interface ....................
Page 9
show spanning-tree mst ......................129 Chapter 20 IGMP Commands................131 ip igmp snooping(global) .....................131 ip igmp snooping(interface) ....................131 ip igmp snooping immediate-leave ..................132 ip igmp snooping drop-unknown..................132 ip igmp snooping vlan-config ....................133 ip igmp snooping multi-vlan-config ..................134 ip igmp snooping filter add-id....................135 ip igmp snooping filter(global)....................136 ip igmp snooping filter(interface) ..................136 ip igmp snooping filter maxgroup..................137...
Page 10
show snmp-server view .......................156 show snmp-server group .....................156 show snmp-server user .......................157 show snmp-server community.....................157 show snmp-server host .......................157 show snmp-server engineID....................158 show rmon history .......................158 show rmon event .........................159 show rmon alarm.........................159...
Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SG2008 8-Port Gigabit Smart Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels and some Conventions.
Page 12
Chapter 11: System Configuration Commands Provide information about the commands used for configuring the System information and System IP, reboot and reset the switch, upgrade the switch system and commands used for device diagnose, including loopback test and cable test. Chapter 12: Ethernet Configuration Commands Provide information about the commands used for configuring the Bandwidth Control, Negotiation Mode, and Storm Control for enthernet ports.
Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by logging on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1. Logon by Telnet To log on to the switch by a Telnet connection, please take the following steps: Click Start →...
Type in enable command to enter Privileged EXEC Mode. Figure 1-3 Enter into Priviledged EXEC Mode 1.1.2. Logon by SSH To log on by SSH, a Putty client software is recommended. There are two authentication modes to set up an SSH connection: Password Authentication Mode: It requires username and password, which are both admin by default.
Page 15
Password Authentication Mode Open the software to log on to the interface of PuTTY. Enter the IP address of the switch into Host Name field; keep the default value 22 in the Port field; select SSH as the Connection type.
Page 16
Key Authentication Mode Select the key type and key length, and generate SSH key. Figure 1-7 Generate SSH Key Note: The key length is in the range of 256 to 3072 bits. During the key generation, randomly moving the mouse quickly can accelerate the key generation.
Page 17
After the key is successfully generated, please save the public key and private key to a TFTP server. Figure 1-8 Save the Generated Key Log on to the switch by Telnet and download the public key file from the TFTP server to the switch, as the following figure shows: Figure 1-9 Download the Public Key...
Page 18
Note: 1. The key type should accord with the type of the key file. 2. The SSH key downloading can not be interrupted. After the public key is downloaded, please log on to the interface of PuTTY and enter the IP address for login.
Click Browse to download the private key file to SSH client software and click Open. Figure 1-11 Download the Private Key After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded. Figure 1-12 Log on the Switch 1.2 CLI Command Modes The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode,...
Page 20
Prompt Path mode Primary mode exit command User EXEC once disconnect the switch. TL-SG2008> connected with the Use the enable command to Mode switch. access Privileged EXEC Mode. enable Enter the disable or the exit Privileged command to enter command to return to User EXEC...
Page 21
Logout or Access the next Mode Prompt Path mode Use the interface Use the end command or press type number Ctrl+Z to return to Privileged EXEC TL-SG2008 (config-if)# command to enter Mode. Interface this mode from Enter exit command or the # Configuration Global...
3. Some commands are global, that means they can be performed in all modes: show: display all information of switch, for example: statistic information, port information, VLAN information. history: Display the commands history. 1.3 Security Levels This switch’s security is divided into two levels: User level and Admin level. User level only allows users to do some simple operations in User EXEC Mode;...
1.4.2 Special Characters You should pay attentions to the description below if the variable is a character string: These six characters ” < > , \ & can not be input. If a blank is contained in a character string, single or double quotation marks should be used, ...
Command Mode User EXEC Mode Example If you have set the password to access Privileged EXEC Mode from User EXEC Mode: TL-SG2008>enable Enter password: TL-SG2008# enable password Description The enable password command is used to set the password for users to access Privileged EXEC Mode from User EXEC Mode.
Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TL-SG2008(config)# enable password admin disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Syntax disable Command Mode...
Privileged EXEC Mode and Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: TL-SG2008(config-if)# exit TL-SG2008(config)#exit TL-SG2008# Description The end command is used to return to Privileged EXEC Mode.
Command Mode Privileged EXEC Mode and any Configuration Mode Example Show the commands you have entered in the current mode: TL-SG2008(config)# history 1 history history clear Description The history clear command is used to clear the commands you have entered in the current mode, therefore these commands will not be shown next time you use the history command.
Example Create VLAN 2-10 and VLAN 100: TL-SG2008(config)# vlan 2-10,100 Delete VLAN 2: TL-SG2008(config)# no vlan 2 interface vlan Description The interface vlan command is used to create VLAN Interface and enter Interface VLAN Mode. To delete VLAN Interface, please use no interface vlan command.
—— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Create VLAN Interface 2: TL-SG2008(config)# interface vlan 2 name Description The name command is used to assign a description to a VLAN. To clear the description, please use no name command.
Example Add port 4 it to VLAN 2 and configure the type of port 4 as tagged: TL-SG2008(config)# interface gigabitEthernet 1/0/4 TL-SG2008(config-if)# switchport general allowed vlan 2 tagged switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the summarized information of IEEE 802.1Q VLAN: TL-SG2008(config)# show vlan summary show vlan brief Description The show vlan brief command is used to display the brief information of IEEE 802.1Q VLAN.
Example Display the information of vlan 5: TL-SG2008(config)# show vlan id 5 show interface switchport Description The show interface switchport command is used to display the IEEE 802.1Q VLAN configuration information of the specified port or all ports. Syntax show interface switchport [port] Parameter port ——...
Command Mode Global Configuration Mode Example Enable the Voice VLAN function for VLAN 10: TL-SG2008(config)# voice vlan 10 voice vlan aging time Description The voice vlan aging time command is used to set the aging time for a voice VLAN. To restore to the default aging time for the Voice VLAN, please use no voice vlan aging time command.
Command Mode Global Configuration Mode Example Set the aging time for the Voice VLAN as 1 minute: TL-SG2008(config)# voice vlan aging time 1 voice vlan priority Description The voice vlan priority command is used to configure the priority for the Voice VLAN.
——Give a description to the OUI for identification which contains 16 characters at most. Command Mode Global Configuration Mode Example Create a Voice VLAN OUI described as TP-Phone with the OUI address 00:11:11:11:11:11 and the mask address FF:FF:FF:00:00:00: TL-SG2008(config)#voice vlan mac-address 00:11:11:11:11:11 mask FF:FF:FF:00:00:00 description TP-Phone switchport voice vlan mode...
TL-SG2008(config)# interface gigabitEthernet 1/0/3 TL-SG2008(config-if)# switchport voice vlan mode auto switchport voice vlan security Description The switchport voice vlan security command is used to enable the Voice VLAN security feature. To disable the Voice VLAN security feature, please use no switchport voice vlan security command.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Voice VLAN configuration information of all ports: TL-SG2008(config)# show voice vlan switchport Display the Voice VLAN configuration information of port 2: TL-SG2008(config)# show voice vlan switchport gigabitEthernet 1/0/2...
—— Enable the passive LACP mode. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: TL-SG2008(config)# interface range gigabitEthernet 1/0/2-4 TL-SG2008(config-if-range)# channel-group 1 mode on...
Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as “src-dst-mac”: TL-SG2008(config)# port-channel load-balance src-dst-mac lacp system-priority Description The lacp system-priority command is used to configure the LACP system priority globally. To return to the default configurations, please use no lacp system-priority command.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the LACP port priority as 1024 for ports 1-3: TL-SG2008(config)# interface range gigabitEthernet 1/0/1-3 TL-SG2008(config-if-range)# lacp port-priority 1024 Configure the LACP port priority as 2048 for port 4: TL-SG2008(config)# interface gigabitEthernet 1/0/4...
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the detailed information of EtherChannel Group 1: TL-SG2008(config)# show etherchannel 1 detail show etherchannel load-balance Description The show etherchannel load-balance command is used to display the Aggregate Arithmetic of LAG.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the internal LACP information of EtherChannel Group 1: TL-SG2008(config)# show lacp 1 internal show lacp sys-id Description The show lacp sys-id command is used to display the LACP system priority globally.
Chapter 6 User Management Commands User Management Commands are used to configure the user name and password for users to log on to the Web management page with a certain access level so as to protect the settings of the switch from being randomly changed.
TL-SG2008(config)# user name tplink password password type admin status enable user access-control ip-based Description The user access-control ip-based command is used to limit the IP-range of the users for login. Only the users within the IP-range you set here are allowed to login.
——The list group of Ethernet ports, in the format of 1/0/1-4. You can appoint 5 ports at most. Command Mode Global Configuration Mode Example Configure that only the users connected to ports 2-6 are allowed to login: TL-SG2008(config)# user access-control port-based interface range gigabitEthernet 1/0/2-6...
Global Configuration Mode Example Configure the number of the users as Admin and Guest logging on as 5 and 3: TL-SG2008(config)# user max-num 5 3 user idle-timeout Description The user idle-timeout command is used to configure the timeout time of the switch.
10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minutes: TL-SG2008(config)# user idle-timeout 15 show user account-list Description The show user account-list command is used to display the information of the current users.
Page 48
Example Display the security configuration information of the users: TL-SG2008(config)# show user configuration...
Only the log with the same or smaller severity level value will be output. By default, it is 7 indicating that all the log information will be saved in the log buffer. Command Mode Global Configuration Mode Example Set the severity level as 6: TL-SG2008(config)# logging buffer 6...
Command Mode Global Configuration Mode Example Enable the log file flash function: TL-SG2008(config)#logging file flash logging file flash frequency Description The logging file flash frequency command is used to specify the frequency to synchronize the system log file in the log buffer to the flash. To resume the default synchronizing frequency, please use the no logging file flash frequency command.
Command Mode Global Configuration Mode Example Specify the log file synchronization frequency as 10 hours: TL-SG2008(config)#logging file flash frequency periodic10 logging file flash level Description The logging file flash level command is used to specify the system log message severity level. Messages will a severity level equal to or higher than this value will be stored to the flash.
Command Mode Global Configuration Mode Example Clear the information in the log file: TL-SG2008(config)# clear logging buffer logging host index Description The logging host index command is used to configure the Log Host. To clear the configuration of the specified Log Host, please use no logging host index command.
Example Enable log host 2 and set its IP address as 192.168.0.148, the level 5: TL-SG2008(config)# logging host index 2 192.168.0.148 5 show logging local-config Description The show logging local-config command is used to display the configuration of the Local Log including the log buffer and the log file.
Privileged EXEC Mode and Any Configuration Mode Example Display the log information from level 0 to level 5 in the log buffer: TL-SG2008(config)# show logging buffer level 5 show logging flash Description The show logging flash command is used to display the log information in the log file according to the severity level.
Page 55
TL-SG2008(config)# show logging flash level 3...
Command Mode Global Configuration Mode Example Enable the SSH function: TL-SG2008(config)# ip ssh server ip ssh version Description The ip ssh version command is used to enable the SSH protocol version. To disable the protocol version, please use no ip ssh version command.
Example Enable SSH v2: TL-SG2008(config)# ip ssh version v2 ip ssh timeout Description The ip ssh timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use ip ssh timeout command. Syntax...
Example Download an SSH-1 type key file named ssh-key from TFTP server with the IP address 192.168.0.148: TL-SG2008(config)# ip ssh download v1 ssh-key ip-address 192.168.0.148 show ip ssh Description The show ip ssh command is used to display the global configuration of SSH.
Page 59
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the global configuration of SSH: TL-SG2008(config)# show ip ssh...
Command Mode Global Configuration Mode Example Enable the SSL function: TL-SG2008(config)# ip http secure-server ip http secure-server download certificate Description The ip http secure-server download certificate command is used to download a certificate to the switch from TFTP server.
BASE64 encoded. ip-addr —— The IP address of the TFTP server. Command Mode Global Configuration Mode Example Download an SSL Key named ssl-key from TFTP server with the IP address of 192.168.0.146: TL-SG2008(config)# ip http secure-server download key ssl-key ip-address 192.168.0.146...
The show ip http secure-server command is used to display the global configuration of SSL. Syntax show ip http secure-server Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the global configuration of SSL: TL-SG2008(config)# show ip http secure-server...
—— The Ethernet port number of your desired entry. Command Mode Global Configuration Mode Example Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, VLAN1 and port 1 together: TL-SG2008(config)# mac address-table static mac 00:02:58:4f:6c:23 vid 1 interface gigabitEthernet 1/0/1...
Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TL-SG2008(config)# mac address-table aging-time 500 mac address-table filtering Description The mac address-table filtering command is used to add the filtering address entry. To delete the corresponding entry, please use no mac address-table filtering command.
Global Configuration Mode Example Add a filtering address entry of which VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TL-SG2008(config)# mac address-table filtering mac 00:1e:4b:04:01:5d vid mac address-table max-mac-count Description The mac address-table max-mac-count command is used to configure the Port Security.
Enable Port Security function for port 1, select Static mode as the learn mode, and specify the maximum number of MAC addresses that can be learned on this port as 30: TL-SG2008(config)# interface gigabitEthernet 1/0/1 TL-SG2008(config-if)# mac address-table max-mac-count max-number 30 mode static status enable show mac address-table address Description The show mac address-table address command is used to display the information of all address entries.
The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the security configuration of all ports: TL-SG2008(config)# show mac address-table max-mac-count interface gigabitEthernet Display the security configuration of port 1/0/1: TL-SG2008(config)# show mac address-table max-mac-count interface gigabitEthernet 1/0/1...
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the address configuration of port 1/0/1: TL-SG2008(config)# show mac address-table interface gigabitEthernet 1/0/1 show mac address-table mac-num Description The show mac address-table mac-num command is used to display the total amount of MAC address table.
Syntax show mac address-table vlan vid Parameter vid —— The specified VLAN id. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the MAC address configuration of vlan 1: TL-SG2008(config)# show mac address-table vlan 1...
Command Mode Global Configuration Mode Example Configure the system mode as manual, and the time is 12/20/2010 17:30:35 TL-SG2008(config)# system-time manual 12/20/2010-17:30:35 system-time ntp Description The system-time ntp command is used to configure the time zone and the IP address for the NTP Server. The switch will get UTC automatically if it has connected to an NTP Server.
Page 71
UTC-09:00 —— TimeZone for Alaska. UTC-08:00 —— TimeZone for Pacific Time(US Canada). UTC-07:00 —— TimeZone for Mountain Time(US Canada). UTC-06:00 —— TimeZone for Central Time(US Canada). UTC-05:00 —— TimeZone for Eastern Time(US Canada). UTC-04:30 —— TimeZone for Caracas. UTC-04:00 —— TimeZone for Atlantic Time(Canada). UTC-03:30 ——...
Configure the system time mode as NTP, the time zone is UTC-12:00, the primary NTP server is 133.100.9.2 and the secondary NTP server is 139.78.100.163, the fetching-rate is 11 hours: TL-SG2008(config)# system-time ntp UTC-12:00 133.100.9.2 139.79.100.163 system-time dst predefined Description The system-time dst predefined command is used to select a daylight saving time configuration from the predefined mode.
Command Mode Global Configuration Mode Example Configure the daylight saving time from zero clock, Apr 1st to zero clock Oct 1st and the offset is 30 minutes: TL-SG2008(config)# system-time dst date Apr 1 00:00 Oct 1 00:00 30...
system-time dst recurring Description The system-time dst recurring command is used to configure the recurring daylight saving time. It can be configured spanning years. To disable DST function, please use no system-time dst command. Syntax system-time dst recurring {sweek} {sday} {smonth} {stime} {eweek} {eday} {emonth} {etime} [offset] no system-time dst Parameter...
Parameter hostname —— System Name. The length of the name ranges from 1 to 32 characters. By default, it is the device name, for example “TL-SG2008”. Command Mode Global Configuration Mode Example Configure the system name as TPLINK:...
Example Configure the system location as SHENZHEN: TL-SG2008(config)# location SHENSHEN contact-info Description The contact-info command is used to configure the system contact information. To clear the system contact information, please use no contact-info command. Syntax contact-info contact_info no contact-info Parameter contact_info ——...
Configure the system IP as 192.168.0.69 and the Subnet Mask as 255.255.255.0 when the management VLAN of the switch is VLAN1: TL-SG2008(config)# interface vlan 1 TL-SG2008(config-if)# ip address 192.168.0.69 255.255.255.0 ip address-alloc dhcp Description The ip address-alloc dhcp command is used to enable the DHCP Client function.
Interface Configuration Mode (interface vlan) Example Enable the DHCP Client function when the management VLAN of the switch is VLAN1: TL-SG2008(config)# interface vlan 1 TL-SG2008(config-if)# ip address-alloc dhcp ip address-alloc bootp Description The ip address-alloc bootp command is used to enable the BOOTP Protocol.
Privileged EXEC Mode Example Reboot the Switch: TL-SG2008# reboot copy running-config startup-config Description The copy running-config startup-config command is used to save the current settings. Syntax copy running-config startup-config Command Mode Privileged EXEC Mode Example Save current settings: TL-SG2008# copy running-config startup-config...
Privileged EXEC Mode Example Backup the configuration files to TFTP server with the IP 192.168.0.148 and name this file config.cfg: TL-SG2008# copy startup-config tftp ip-address 192.168.0.148 filename config copy tftp startup-config Description The copy tftp startup-config command is used to download the configuration file to the switch from TFTP server.
TL-SG2008# copy tftp startup-config ip-address 192.168.0.148 filename config firmware upgrade Description The firmware upgrade command is used to upgrade the switch system file via the TFTP server. Syntax firmware upgrade ip-address ip-addr filename name Parameter ip-addr —— IP address of the TFTP server.
192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 milliseconds. If there is not any response after 8 times’ Ping test, the connection between the switch and the network device is failed to establish: TL-SG2008# ping 192.168.0.131 –n 8 –l 512 tracert Description The tracert command is used to test the connectivity of the gateways during its journey from the source to destination of the test data.
Command Mode User EXEC Mode and Privileged EXEC Mode Example Do an internal-type loopback test for port 1/0/5: TL-SG2008# loopback interface gigabitEthernet 1/0/5 internal Do an external-type loopback test for port 1/0/5: TL-SG2008# loopback interface gigabitEthernet 1/0/5 external show system-info...
—— The Gigabit Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the system current operating configuration: TL-SG2008# show running-config show system-time Description The show system-time command is used to display the time information of the switch.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the DST time information of the switch TL-SG2008# show system-time dst show system-time ntp Description The show system-time ntp command is used to display the NTP mode configuration information.
Page 86
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Show the cable-diagnostics of port 3: TL-SG2008# show cable-diagnostics interface gigabitEthernet 1/0/3...
Global Configuration Mode Example To enter the Interface gigabitEthernet Configuration Mode and configure port 1/0/2: TL-SG2008(config)# interface gigabitEthernet 1/0/2 interface range gigabitEthernet Description The interface range gigabitEthernet command is used to enter the interface range gigabitEthernet Configuration Mode and configure multiple Gigabit Ethernet ports at the same time.
Example To enter the Interface range gigabitEthernet Configuration Mode, and configure ports 1/0/1-3,1/0/6-7 and 1/0/9 at the same time by adding them to one port-list: TL-SG2008(config)# interface range gigabitEthernet 1/0/1-3,1/0/6-7,1/0/9 description Description The description command is used to add a description to the Ethernet port. To clear the description of the corresponding port, please use no description command.
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Disable port 1/0/3: TL-SG2008(config)# interface gigabitEthernet 1/0/3 TL-SG2008(config-if)# shutdown flow-control Description The flow-control command is used to enable the flow-control function for a port. To disable the flow-control function for this corresponding port, please use no flow-control command.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the Duplex Mode as full-duplex for port 3: TL-SG2008(config)# interface gigabitEthernet 1/0/3 TL-SG2008(config-if)# duplex full speed Description The speed command is used to configure the Speed Mode for an Ethernet port.
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the broadcast control function for port 5: TL-SG2008(config)# interface gigabitEthernet 1/0/5 TL-SG2008(config-if)# storm-control broadcast storm-control multicast Description The storm-control multicast command is used to enable the multicast control function.
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the multicast control function for port 5: TL-SG2008(config)# interface gigabitEthernet 1/0/5 TL-SG2008(config-if)# storm-control multicast storm-control unicast Description The storm-control unicast command is used to enable the unicast control function.
Example Configure the ingress-rate as 5120Kbps and egress-rate as 1024Kbps for port TL-SG2008(config)# interface gigabitEthernet 1/0/5 TL-SG2008(config-if)# bandwidth ingress 5120 egress 1024 clear counters Description The clear counters command is used to clear the statistic information of all the Ethernet ports.
Example Display the connective-status of all ports: TL-SG2008(config)# show interface status Display the connective-status of port 1/0/1: TL-SG2008(config)# show interface gigabitEthernet 1/0/1 status show interface counters Description The show interface counters command is used to display the statistic information of all ports or an Ethernet port.
Example Display the description of all Ethernet ports: TL-SG2008(config)# show interface description Display the description of port 1/0/2: TL-SG2008(config)# show interface gigabitEthernet 1/0/2 description show interface flowcontrol Description The show interface flowcontrol command is used to display the flow-control information of an Ethernet port.
Example Display the configurations of all Ethernet ports: TL-SG2008(config)# show interface configuration Display the configurations of port 1/0/2: TL-SG2008(config)# show interface gigabitEthernet 1/0/2 configuration show storm-control Description The show storm-control command is used to display the storm-control information of Ethernet ports.
TL-SG2008(config)# show storm-control interface range gigabitEthernet 1/0/4-7 show bandwidth Description The show bandwidth command is used to display the bandwidth-limit information of Ethernet ports. Syntax show bandwidth [interface { gigabitEthernet port | range gigabitEthernet port-list }] Parameter port —— The Ethernet port number.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the priority of port 5 as TC3: TL-SG2008(config)# interface gigabitEthernet 1/0/5 TL-SG2008(config-if)# qos 3 qos dscp Description The qos dscp command is used to enable the mapping relation between DSCP Priority and CoS value.
DSCP priority and CoS value. Example Enable the mapping relation between DSCP Priority and CoS value: TL-SG2008(config)# qos dscp qos queue cos-map Description The qos queue cos-map command is used to configure the mapping relation between IEEE 802.1P priority tag/IEEE 802.1Q tag, CoS value and the TC...
Example Map 802.1Q tag 5 to TC 2.: TL-SG2008(config)# qos queue cos-map 5 2 qos queue dscp-map Description The qos queue dscp-map command is used to configure the mapping relation between DSCP Priority and the CoS value. To return to the default configuration, please use no qos queue dscp-map command.
—— Equal-Mode. In this mode, all the queues occupy the bandwidth equally. The weight value ratio of all the queues is 1:1:1:1. Command Mode Global Configuration Mode Example Specify the Schedule Mode as Weight Round Robin Mode: TL-SG2008(config)# qos queue mode wrr...
Display the configuration of QoS for port 1/0/5: TL-SG2008# show qos interface gigabitEthernet 1/0/5 Display the configuration of QoS for ports 1/0/1-4: TL-SG2008# show qos interface range gigabitEthernet 1/0/1-4 show qos cos-map Description The show qos cos-map command is used to display the configuration of IEEE 802.1P Priority and the mapping relation between cos-id and tc-id.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the schedule rule of the egress queues: TL-SG2008# show qos queue mode show qos status Description The show qos status command is used to display the status of IEEE 802.1P priority and DSCP priority.
Page 104
Example Display the status of IEEE 802.1P priority and DSCP priority: TL-SG2008# show qos status...
—— The Ethernet port number. Command Mode Global Configuration Mode Example Create monitor session 1 and configure port 1/0/1 as the monitoring port: TL-SG2008(config)# monitor session destination interface gigabitEthernet 1/0/1 Delete the monitor session 1: TL-SG2008(config)# no monitor session 1...
monitor session source interface Description The monitor session source interface command is used to configure the monitored port. To delete the corresponding monitored port, please use no monitor session source interface command. Syntax monitor session session_num source interface gigabitEthernet port-list mode no monitor session session_num source interface gigabitEthernet port-list mode...
TL-SG2008(config)# monitor session 1 source interface gigabitEthernet 1/0/4-5,1/0/7 rx Delete port 4 in monitor session 1 and its configuration: TL-SG2008(config)# monitor session source interface gigabitEthernet 1/0/4 rx show monitor session Description The show monitor session command is used to display the configuration of port monitoring.
Set port 1/0/1, 1/0/2, and 1/0/4 to the forward port list of port 1/0/5: TL-SG2008(config)# interface gigabitEthernet 1/0/5 TL-SG2008(config-if)# port isolation gi-forward-list 1/0/1-2,1/0/4 Set all Ethernet ports to forward port list of port 1/0/2, namely restore to the default setting:...
Page 109
—— The number of Ethernet port you want to show its forward port list, in the format of 1/0/2. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the forward-list of port 1/0/2: TL-SG2008# show port isolation interface gigabitEthernet 1/0/2 Display the forward-list of all Ethernet ports: TL-SG2008# show port isolation interface...
Command Mode Global Configuration Mode Example Enable the loopback detection function globally: TL-SG2008(config)# loopback-detection loopback-detection interval Description The loopback-detection interval command is used to define the interval of sending loopback detection packets from switch ports to network, aiming at detecting network loops periodically.
Example Specify the interval-time as 50 seconds: TL-SG2008(config)# loopback-detection interval 50 loopback-detection recovery-time Description The loopback-detection recovery-time command is used to configure the time after which the blocked port would automatically recover to normal status. Syntax loopback-detection recovery-time recovery-time Parameter recovery-time ——...
TL-SG2008(config)# interface range gigabitEthernet 1/0/1-3 TL-SG2008(Config-if-range)# loopback-detection loopback-detection config Description The loopback-detection config command is used to configure the process-mode and recovery-mode for the ports by which the switch copes with the detected loops. Syntax loopback-detection config [ process-mode { alert | port-based }]...
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Recover the blocked port 2 to normal status: TL-SG2008(config)# interface gigabitEthernet 1/0/2 TL-SG2008(config-if)# loopback-detection recover show loopback-detection global Description The show loopback-detection global command is used to display the global configuration of loopback detection function such as loopback detection global status, loopback detection interval and loopback detection recovery time.
Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of loopback detection function and the status of all ports: TL-SG2008# show loopback-detection interface Display the configuration of loopback detection function and the status of port 5: TL-SG2008# show loopback-detection interface gigabitEthernet 1/0/5...
Command Mode Global Configuration Mode Example Create a standard-IP ACL whose ID is 123: TL-SG2008(config)# access-list create 123 mac access-list Description The mac access-list command is used to create MAC ACL. To set the detailed configurations for a specified MAC ACL, please use mac access-list command to access Mac Access-list Configuration Mode.
TL-SG2008(config)# mac access-list 23 access-list standard Description The access-list standard command is used to add Standard-IP ACL rule. To delete the corresponding rule, please use no access-list standard command. Standard-IP ACLs analyze and process data packets based on a series of match conditions, which can be the source IP addresses and destination IP addresses carried in the packets.
Create an Extended-IP ACL whose ID is 220, and add Rule 10 for it. In the rule, the source IP address is 192.168.0.100, the source IP address mask is 255.255.255.0, and the packets match this rule will be forwarded by the switch: TL-SG2008(config)# access-list create 220 TL-SG2008(config)# access-list...
MAC address is 00:01:3F:48:16:23, the source MAC address mask is 11:11:11:11:11:00, and the packets match this rule will be forwarded by the switch: TL-SG2008(config)# mac access-list 20 TL-SG2008(config-mac-acl)# rule 10 permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 access-list policy name Description The access-list policy name command is used to add Policy. To delete the...
—— The ID of the ACL to which the above policy is applied. Command Mode Global Configuration Mode Example Add ACL whose ID is 120 to policy1 and create an action for them: TL-SG2008(config)# access-list policy action policy1 120...
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Bind policy1 to port 1/0/2: TL-SG2008(config)# interface gigabitEthernet 1/0/2 TL-SG2008(config-if)# access-list bind policy1 access-list bind(vlan) Description The access-list bind command is used to bind a policy to a VLAN. To cancel the bind relation, please use no access-list bind command.
The show access-list policy command is used to display the information of a specified policy. Syntax show access-list policy name Parameter name —— The Policy Name desired to show. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of a policy named policy1: TL-SG2008(config)# show access-list policy policy1...
Description The show access-list bind command is used to display the configuration of Policy bind. Syntax show access-list bind Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of Policy bind: TL-SG2008(config)# show access-list bind...
Command Mode Global Configuration Mode Example Enable the DHCP Filtering: TL-SG2008(config)# ip dhcp filtering ip dhcp filtering trust Description The ip dhcp filtering trust command is used to configure a port to be a Trusted Port. Only the trusted ports can receive DHCP packets from DHCP servers. To turn the port back to a distrusted port, please use no ip dhcp filtering trust command.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the DHCP Filtering configuration information of all Ethernet ports: TL-SG2008#show ip dhcp filtering interface Display the DHCP Filtering configuration information of port 1/0/5: TL-SG2008#show ip dhcp filtering interface gigabitEthernet 1/0/5...
The spanning-tree command is used to enable STP function for a port. To disable the STP function, please use no spanning-tree command. Syntax spanning-tree no spanning-tree Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the STP function for port 1/0/2: TL-SG2008(config)# interface gigabitEthernet 1/0/2...
TL-SG2008(config-if)# spanning-tree spanning-tree common-config Description The spanning-tree common-config command is used to configure the parameters of the ports for comparison in the CIST and the common parameters of all instances. To return to the default configuration, please use no spanning-tree common-config command. CIST (Common and Internal Spanning Tree) is the spanning tree in a switched network, connecting all devices in the network.
Enable the STP function of port 1/0/1, and configure the Port Priority as 64, ExtPath Cost as 100, IntPath Cost as 100, and then enable Edge Port: TL-SG2008(config)# interface gigabitEthernet 1/0/1 TL-SG2008(config-if)# spanning-tree common-config port-priority 64 ext-cost 100 int-cost 100 portfast enable point-to-point open spanning-tree mode...
Remove VLANs 1-50 in mapping VLANs 1-100 for Instance 1: TL-SG2008(config)# spanning-tree mst configuration TL-SG2008(config-mst)# no instance 1 vlan 1-50 name Description The name command is used to configure the region name of MST instance. Syntax name name Parameters name —— The region name, used to identify MST region. It ranges from 1 to 32 characters.
Command Mode Global Configuration Mode Example Enable the MST Instance 1 and configure its priority as 4096: TL-SG2008(config)# spanning-tree mst instance 1 priority 4096 spanning-tree mst Description The spanning-tree mst command is used to configure MST Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning-tree mst command.
Example Configure the priority of port 1 in MST Instance 1 as 64, and path cost as 2000: TL-SG2008(config)# interface gigabitEthernet 1/0/1 TL-SG2008(config-if)# spanning-tree mst instance 1 port-priority 64 cost 2000 spanning-tree priority Description The spanning-tree priority command is used to configure the bridge priority. To return to the default value of bridge priority, please use no spanning-tree priority command.
Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets and TC Protect Cycle as 10 seconds: TL-SG2008(config)# spanning-tree tc-defend threshold 30 period 10 spanning-tree timer Description The spanning-tree timer command is used to configure forward-time, hello-time and max-age of Spanning Tree. To return to the default configurations, please use no spanning-tree timer command.
Global Configuration Mode Example Configure forward-time, hello-time and max-age for Spanning Tree as 16 seconds, 3 seconds and 22 seconds respectively: TL-SG2008(config)# spanning-tree timer forward-time 16 hello-time 3 max-age 22 spanning-tree hold-count Description The spanning-tree hold-count command is used to configure the maximum number of BPDU packets transmitted per Hello Time interval.
Command Mode Global Configuration Mode Example Configure the max-hops of STP as 30: TL-SG2008(config)# spanning-tree max-hops 30 spanning-tree bpdufilter Description The spanning-tree bpdufilter command is used to enable the BPDU filter function for a port. With the function enabled, the port can be prevented from receiving and sending any BPDU packets.
TL-SG2008(config)# interface gigabitEthernet 1/0/2 TL-SG2008(config-if)# spanning-tree bpdufilter spanning-tree bpduguard Description The spanning-tree bpduguard command is used to enable the BPDU protect function for a port. With the BPDU protect function enabled, the port will set itself automatically as ERROR-PORT when it receives BPDU packets, and the port will disable the forwarding function for a while.
Example Enable the Loop Protect function for port 1/0/2: TL-SG2008(config)# interface gigabitEthernet 1/0/2 TL-SG2008(config-if)# spanning-tree guard loop spanning-tree guard root Description The spanning-tree guard root command is used to enable the Root Protect function for a port. With the Root Protect function enabled, the root bridge will set itself automatically as ERROR-PORT when receiving BPDU packets with higher priority, in order to maintain the role of root ridge.
Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the TC Protect of Spanning Tree for port 2: TL-SG2008(config)# interface gigabitEthernet 1/0/2 TL-SG2008(config-if)# spanning-tree guard tc spanning-tree mcheck Description The spanning-tree mcheck command is used to enable mcheck.
Example Display the active information of spanning-tree: TL-SG2008(config)# show spanning-tree active show spanning-tree bridge Description The show spanning-tree bridge command is used to display the bridge parameters. Syntax show spanning-tree bridge [ forward-time | hello-time | hold-count | max-age |...
TL-SG2008(config)# show spanning-tree interface gigabitEthernet 1/0/2 Display the spanning-tree mode information of port 2: TL-SG2008(config)# show spanning-tree interface gigabitEthernet 1/0/2 mode show spanning-tree interface-security Description The show spanning-tree interface-security command is used to display the protect information of all ports or a specified port.
Page 140
Display the region information and mapping information of VLAN and MST Instance: TL-SG2008(config)#show spanning-tree mst configuration Display the related information of MST Instance 1: TL-SG2008(config)#show spanning-tree mst instance 1 Display all the ports information of MST Instance 1: TL-SG2008(config)#show spanning-tree mst instance 1 interface...
Command Mode Global Configuration Mode Example Enable IGMP Snooping function: TL-SG2008(config)# ip igmp snooping ip igmp snooping(interface) Description The ip igmp snooping command is used to enable the IGMP Snooping function for the desired port. To disable the IGMP Snooping function, please use no ip igmp snooping command.
Example Enable the Fast Leave function for port 1/0/3: TL-SG2008(config)# interface gigabitEthernet 1/0/3 TL-SG2008(config-if)# ip igmp snooping immediate-leave ip igmp snooping drop-unknown Description The ip igmp snooping drop-unknown command is used to process the unknown multicast as discard. To disable the operation of processing the unknown multicast as discard, please use no ip igmp snooping drop-unknown command.
ip igmp snooping vlan-config Description The ip igmp snooping vlan-config command is used to enable VLAN IGMP Snooping function or to modify IGMP Snooping parameters, and to create static multicast IP entry. To disable the VLAN IGMP Snooping function, please use no ip igmp snooping vlan-config command.
Member Port Time as 200 seconds for VLAN 1-3, and set the Leave time as 15 seconds for VLAN 1-2: TL-SG2008(config)# ip igmp snooping vlan-config 1-3 rtime 300 TL-SG2008(config)# ip igmp snooping vlan-config 1-3 mtime 200 TL-SG2008(config)# ip igmp snooping vlan-config 1-2 ltime 15 Add static multicast IP address 225.0.0.1, which corresponds to VLAN 2, and...
Enable Multicast VLAN 3, and configure Router Port Time as 100 seconds, Member Port Time 100 seconds, Leave Time 3 seconds, and Static Router Port port 3: TL-SG2008(config)# ip igmp snooping multi-vlan-config 3 rtime 100 TL-SG2008(config)# ip igmp snooping multi-vlan-config 3 mtime 100 TL-SG2008(config)# ip igmp snooping multi-vlan-config 3 ltime 3...
Global Configuration Mode Example Modify the multicast IP-range whose ID is 3 as 225.1.1.1~226.3.2.1: TL-SG2008(config)# ip igmp snooping filter 3 225.1.1.1 226.3.2.1 ip igmp snooping filter(interface) Description The ip igmp snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp snooping filter command.
Example Specify the maximum number of multicast groups for ports 2-5 to join in as 10: TL-SG2008(config)# interface range gigabitEthernet 1/0/2-5 TL-SG2008(config-if-range)# ip igmp snooping filter maxgroup 10 ip igmp snooping filter mode Description The ip igmp snooping filter mode command is used to configure the Action...
Example Specify the Action Mode as accept for port 1/0/3: TL-SG2008(config)# interface gigabitEthernet 1/0/3 TL-SG2008(config-if)# ip igmp snooping filter mode accept show ip igmp snooping Description The show ip igmp snooping command is used to display the global configuration of IGMP snooping.
Privileged EXEC Mode and Any Configuration Mode Example Display the IGMP filter configuration of all ports: TL-SG2008# show ip igmp snooping interface gigabitEthernet filter Display the IGMP basic configuration of port 1/0/2: TL-SG2008# show ip igmp snooping interface gigabitEthernet 1/0/2...
TL-SG2008# show ip igmp snooping vlan 2 show ip igmp snooping multi-vlan Description The show ip igmp snooping multi-vlan command is used to display the Multicast VLAN configuration. Syntax show ip igmp snooping multi-vlan Command Mode Privileged EXEC Mode and Any Configuration Mode...
TL-SG2008(config)#show ip igmp snooping groups vlan 5 static Display the count of dynamic multicast entries of VLAN 5 TL-SG2008(config)#show ip igmp snooping groups vlan 5 dynamic count Display the count of static multicast entries of VLAN 5 TL-SG2008(config)#show ip igmp snooping groups vlan 5 static count...
Command Mode Global Configuration Mode Example Enable the SNMP function: TL-SG2008(config)# snmp-server snmp-server view Description The snmp-server view command is used to add View. To delete the corresponding View, please use no snmp-server view command. The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs.
Example Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID can be managed by the SNMP management station: TL-SG2008(config)# snmp-server view view1 1.3.6.1.6.3.20 include snmp-server group Description The snmp-server group command is used to manage and configure the SNMP group.
View viewDefault as read-write, besides the notification messages sent by View viewDefault can be received by Management station: TL-SG2008(config)# snmp-server group group1 smode v3 slev authNoPriv read viewDefault write viewDefault notify viewDefault Delete group 1:...
Page 155
Security Level of the group as authPriv, the Authentication Mode of the user as MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TL-SG2008(config)# snmp-server user admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222...
Global Configuration Mode Example Add community public, and the community has read-write management right to View viewDefault: TL-SG2008(config)# snmp-server community public read-write viewDefault snmp-server host Description The snmp-server host command is used to add Notification. To delete the corresponding Notification, please use no snmp-server host command.
Page 157
Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the retries time as 100: TL-SG2008(config)# snmp-server host 192.168.0.146 162 admin smode v2c type inform retries 100 timeout 1000...
Command Mode Global Configuration Mode Example Specify the local engineID as 1234567890, and the remote engineID as abcdef123456: TL-SG2008(config)# snmp-server engineID local 1234567890 remote abcdef123456 snmp-server traps snmp Description The snmp-server traps snmp command is used to enable SNMP standard traps which include four types: linkup, linkdown, warmstart and coldstart.
Command Mode Global Configuration Mode Example Enable SNMP standard linkup trap for the switch: TL-SG2008(config)# snmp-server traps snmp linkup snmp-server traps link-status Description The snmp-server traps link-status command is used to enable SNMP link status trap for the specified port. To disable the sending of SNMP link status trap, please use no snmp-server traps link-status command.
—— Enable spanning-tree trap. It is sent when the port forwarding status changes or the port receives TCN packet or packet with TC flag. Command Mode Global Configuration Mode Example Enable SNMP extended bandwidth-control trap for the switch: TL-SG2008(config)# snmp-server traps bandwidth-control...
Enable all SNMP extended MAC address-related traps for the switch: TL-SG2008(config)# snmp-server traps mac Enable new MAC address trap only for the switch: TL-SG2008(config)# snmp-server traps mac new snmp-server traps vlan Description The snmp-server traps vlan command is used to enable SNMP extended VLAN-related traps which include two types: create and delete.
Enable all SNMP extended VLAN-related traps for the switch: TL-SG2008(config)# snmp-server traps vlan Enable VLAN-created trap only for the switch: TL-SG2008(config)# snmp-server traps vlan create rmon history Description The rmon history command is used to configure the history sample entry. To return to the default configuration, please use no rmon history command.
Global Configuration Mode Example Configure the sample port as 1/0/2 and the sample interval as 100 seconds for the entry 1-3: TL-SG2008(config)# rmon history 1-3 interface gigabitEthernet 1/0/2 interval 100 owner owner1 rmon event Description The rmon event command is used to configure the entries of SNMP-RMON Event.
Configure the user name of entry 1, 2, 3 and 4 as user1, the description of the event as description1, the type of event as log and the owner of the event as owner1: TL-SG2008(config)# rmon event 1-4 user user1 description description1 type log owner owner1 rmon alarm...
Global Configuration Mode Example Configure the port of entries of 1,2 and 3 as port 2, the owners as owner1 and the alarm intervals as 100 seconds TL-SG2008(config)# rmon alarm 1-3 interface gigabitEthernet 1/0/2 owner owner1 interval 100 show snmp-server Description The show snmp-server command is used to display SNMP configuration globally.
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the View table: TL-SG2008# show snmp-server view show snmp-server group Description The show snmp-server group command is used to display the Group table. Syntax show snmp-server group...
Syntax show snmp-server user Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the User table: TL-SG2008# show snmp-server user show snmp-server community Description The show snmp-server community command is used to display the Community table. Syntax show snmp-server community...
TL-SG2008# show snmp-server host show snmp-server engineID Description The show snmp-server engineID command is used to display the engineID of the SNMP. Syntax show snmp-server engineID Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the engineID: TL-SG2008# show snmp-server engineID...
Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Event configuration of entry 1-4: TL-SG2008# show rmon event 1-4 show rmon alarm Description The show rmon alarm command is used to display the configuration of the Alarm Management entry.