TP-Link T1600-28TS, T1600G-52TS, T1600G-28PS, T1600G-52PS Cli Reference Manual

Download

REV2.0.0

1910011957

CLI Reference Guide

T1600G Series Switches

Specifications are subject to change without notice. is a registered trademark of

TP-Link Technologies CO., LTD. Other brands and product names are trademarks or registered

trademarks of their respective holders.

No part of the specifications may be reproduced in any form or by any means or used to make

any derivative such as translation, transformation, or adaptation without permission from

http://www.tp-link.com

CONTENTS

Preface ............................................................................................................................ 1

Chapter 1 Using the CLI ................................................................................................... 4

1.1 Accessing the CLI ..................................................................................................................................... 4

1.1.1 Logon by Telnet ...................................................................................................................... 4

1.1.2 Logon by SSH .......................................................................................................................... 5

1.2 CLI Command Modes ............................................................................................................................ 10

1.3 Privilege Restrictions ............................................................................................................................. 13

1.4 Conventions .............................................................................................................................................. 14

1.4.1 Format Conventions ........................................................................................................... 14

1.4.2 Special Characters .............................................................................................................. 14

1.4.3 Parameter Format ................................................................................................................ 14

Chapter 2 User Interface .............................................................................................. 15

2.1 enable ............................................................................................................................................... 15

2.2 service password-encryption .................................................................................................. 15

2.3 enable password ........................................................................................................................... 16

2.4 enable secret ................................................................................................................................. 17

2.5 configure .......................................................................................................................................... 18

2.6 exit...................................................................................................................................................... 19

2.7 end ..................................................................................................................................................... 19

2.8 history ............................................................................................................................................... 20

2.9 history clear .................................................................................................................................... 20

Chapter 3 IEEE 802.1Q VLAN Commands ................................................................ 22

3.1 vlan ..................................................................................................................................................... 22

3.2 interface vlan .................................................................................................................................. 23

3.3 name .................................................................................................................................................. 23

3.4 switchport general allowed vlan .............................................................................................. 24

3.5 switchport pvid .............................................................................................................................. 25

3.6 show vlan summary...................................................................................................................... 25

3.7 show vlan brief ............................................................................................................................... 26

3.8 show vlan ......................................................................................................................................... 26

3.9 show interface switchport ......................................................................................................... 27

Chapter 4 MAC-based VLAN Commands ................................................................. 28

4.1 mac-vlan mac-address ............................................................................................................... 28

4.2 mac-vlan .......................................................................................................................................... 29

4.3 show mac-vlan ............................................................................................................................... 29

4.4 show mac-vlan interface ............................................................................................................ 30

Chapter 5 Protocol VLAN Commands ....................................................................... 31

5.1 protocol-vlan template ............................................................................................................... 31

5.2 protocol-vlan vlan ......................................................................................................................... 32

5.3 protocol-vlan group ..................................................................................................................... 33

5.4 show protocol-vlan template .................................................................................................... 33

5.5 show protocol-vlan vlan ............................................................................................................. 34

Chapter 6 Voice VLAN Commands ............................................................................ 35

6.1 voice vlan ......................................................................................................................................... 35

6.2 voice vlan aging ............................................................................................................................. 35

6.3 voice vlan priority .......................................................................................................................... 36

6.4 voice vlan mac-address ............................................................................................................. 37

6.5 switchport voice vlan mode ...................................................................................................... 38

6.6 switchport voice vlan security ................................................................................................. 38

6.7 show voice vlan ............................................................................................................................. 39

6.8 show voice vlan oui ...................................................................................................................... 39

6.9 show voice vlan switchport ....................................................................................................... 40

Chapter 7 Etherchannel Commands ......................................................................... 42

7.1 channel-group ............................................................................................................................... 42

7.2 port-channel load-balance ........................................................................................................ 43

7.3 lacp system-priority ..................................................................................................................... 44

7.4 lacp port-priority ........................................................................................................................... 45

7.5 show etherchannel ....................................................................................................................... 45

7.6 show etherchannel load-balance ............................................................................................ 46

7.7 show lacp ......................................................................................................................................... 47

7.8 show lacp sys-id ............................................................................................................................ 47

Chapter 8 User Management Commands ................................................................ 49

8.1 user name (password) ................................................................................................................. 49

8.2 user name (secret) ........................................................................................................................ 50

8.3 user access-control ip-based .................................................................................................. 51

8.4 user access-control mac-based ............................................................................................. 52

8.5 user access-control port-based ............................................................................................. 53

8.6 telnet ................................................................................................................................................. 54

8.7 show user account-list................................................................................................................ 54

8.8 show user configuration ............................................................................................................. 55

8.9 show telnet-status........................................................................................................................ 55

Chapter 9 HTTP and HTTPS Commands .................................................................. 57

9.1 ip http server .................................................................................................................................. 57

9.2 ip http max-users .......................................................................................................................... 58

9.3 ip http session timeout ............................................................................................................... 58

9.4 ip http secure-server ................................................................................................................... 59

9.5 ip http secure-protocol............................................................................................................... 60

9.6 ip http secure-ciphersuite ......................................................................................................... 60

9.7 ip http secure-max-users .......................................................................................................... 61

9.8 ip http secure-session timeout ................................................................................................ 62

9.9 ip http secure-server download certificate ......................................................................... 63

9.10 ip http secure-server download key ...................................................................................... 64

9.11 show ip http configuration ......................................................................................................... 65

9.12 show ip http secure-server ....................................................................................................... 65

Chapter 10 Binding Table Commands ......................................................................... 66

10.1 ip source binding .......................................................................................................................... 66

10.2 ip dhcp snooping .......................................................................................................................... 67

10.3 ip dhcp snooping vlan ................................................................................................................. 68

10.4 ip dhcp snooping information option ..................................................................................... 69

10.5 ip dhcp snooping information strategy ................................................................................. 69

10.6 ip dhcp snooping information remote-id .............................................................................. 70

10.7 ip dhcp snooping information circuit-id ................................................................................ 71

10.8 ip dhcp snooping trust ................................................................................................................ 72

10.9 ip dhcp snooping mac-verify .................................................................................................... 72

10.10 ip dhcp snooping limit rate ........................................................................................................ 73

10.11 ip dhcp snooping decline rate .................................................................................................. 74

10.12 show ip source binding ............................................................................................................... 75

10.13 show ip dhcp snooping ............................................................................................................... 75

10.14 show ip dhcp snooping interface ............................................................................................ 76

10.15 show ip dhcp snooping information interface .................................................................... 76

Chapter 11 ARP Inspection Commands ...................................................................... 78

11.1 ip arp inspection(global) ............................................................................................................. 78

11.2 ip arp inspection trust ................................................................................................................. 78

11.3 ip arp inspection(interface)........................................................................................................ 79

11.4 ip arp inspection limit-rate ......................................................................................................... 80

11.5 ip arp inspection recover ........................................................................................................... 81

III

11.6 show ip arp inspection ................................................................................................................ 81

11.7 show ip arp inspection interface ............................................................................................. 82

11.8 show ip arp inspection statistics ............................................................................................. 82

11.9 clear ip arp inspection statistics .............................................................................................. 83

Chapter 12 DoS Defend Commands ............................................................................ 84

12.1 ip dos-prevent ............................................................................................................................... 84

12.2 ip dos-prevent type...................................................................................................................... 84

12.3 show ip dos-prevent .................................................................................................................... 86

Chapter 13 System Log Commands ............................................................................ 87

13.1 logging buffer ................................................................................................................................. 87

13.2 logging buffer level ....................................................................................................................... 87

13.3 logging file flash ............................................................................................................................ 88

13.4 logging file flash frequency ....................................................................................................... 89

13.5 logging file flash level .................................................................................................................. 90

13.6 logging host index ........................................................................................................................ 90

13.7 logging monitor ............................................................................................................................. 91

13.8 logging monitor level ................................................................................................................... 92

13.9 clear logging ................................................................................................................................... 93

13.10 show logging local-config.......................................................................................................... 93

13.11 show logging loghost .................................................................................................................. 94

13.12 show logging buffer ..................................................................................................................... 94

13.13 show logging flash ........................................................................................................................ 95

Chapter 14 SSH Commands ........................................................................................... 96

14.1 ip ssh server ................................................................................................................................... 96

14.2 ip ssh version ................................................................................................................................. 96

14.3 ip ssh algorithm ............................................................................................................................. 97

14.4 ip ssh timeout ................................................................................................................................. 98

14.5 ip ssh max-client ........................................................................................................................... 98

14.6 ip ssh download ............................................................................................................................. 99

14.7 remove public-key ..................................................................................................................... 100

14.8 show ip ssh................................................................................................................................... 100

Chapter 15 IEEE 802.1X Commands .......................................................................... 101

15.1 dot1x system-auth-control .................................................................................................... 101

15.2 dot1x handshake ....................................................................................................................... 102

15.3 dot1x auth-method ................................................................................................................... 102

15.4 dot1x accounting ....................................................................................................................... 103

15.5 dot1x guest-vlan(global) .......................................................................................................... 104

15.6 dot1x quiet-period..................................................................................................................... 105

15.7 dot1x timeout .............................................................................................................................. 105

15.8 dot1x max-reauth-req .............................................................................................................. 106

15.9 dot1x .............................................................................................................................................. 107

15.10 dot1x guest-vlan(interface) .................................................................................................... 107

15.11 dot1x port-control ..................................................................................................................... 108

15.12 dot1x port-method .................................................................................................................... 109

15.13 show dot1x global ..................................................................................................................... 110

15.14 show dot1x interface ................................................................................................................ 110

Chapter 16 MAC Address Commands ....................................................................... 112

16.1 mac address-table static ........................................................................................................ 112

16.2 mac address-table aging-time .............................................................................................. 113

16.3 mac address-table filtering .................................................................................................... 113

16.4 mac address-table notification ............................................................................................. 114

16.5 mac address-table notification (interface) ........................................................................ 115

16.6 mac address-table max-mac-count ................................................................................... 116

16.7 mac address-table security ................................................................................................... 118

16.8 show mac address-table ......................................................................................................... 119

16.9 clear mac address-table ......................................................................................................... 119

16.10 show mac address-table aging-time .................................................................................. 120

16.11 show mac address-table max-mac-count ........................................................................ 120

16.12 show mac address-table interface ...................................................................................... 121

16.13 show mac address-table count ............................................................................................ 121

16.14 show mac address-table address ....................................................................................... 122

16.15 show mac address-table vlan ................................................................................................ 123

16.16 show mac address-table notification ................................................................................. 123

16.17 show mac address-table security ........................................................................................ 124

Chapter 17 System Configuration Commands ....................................................... 125

17.1 system-time manual ................................................................................................................. 125

17.2 system-time ntp ......................................................................................................................... 125

17.3 system-time dst predefined .................................................................................................. 127

17.4 system-time dst date ............................................................................................................... 128

17.5 system-time dst recurring ...................................................................................................... 129

17.6 hostname ...................................................................................................................................... 130

17.7 location .......................................................................................................................................... 131

17.8 contact-info ................................................................................................................................. 131

17.9 ip address ..................................................................................................................................... 132

17.10 ip address-alloc .......................................................................................................................... 133

17.11 reset ............................................................................................................................................... 134

17.12 reboot ............................................................................................................................................ 134

17.13 reboot-schedule ........................................................................................................................ 135

17.14 copy running-config startup-config .................................................................................... 136

17.15 copy startup-config tftp .......................................................................................................... 136

17.16 copy tftp startup-config .......................................................................................................... 137

17.17 boot application ......................................................................................................................... 138

17.18 remove backup-image ............................................................................................................. 138

17.19 firmware upgrade ....................................................................................................................... 139

17.20 ping ................................................................................................................................................. 140

17.21 tracert ............................................................................................................................................ 141

17.22 show system-info ...................................................................................................................... 142

17.23 show image-info ......................................................................................................................... 142

17.24 show boot ..................................................................................................................................... 143

17.25 show running-config ................................................................................................................. 143

17.26 show startup-config ................................................................................................................. 144

17.27 show system-time ..................................................................................................................... 144

17.28 show system-time dst .............................................................................................................. 145

17.29 show system-time ntp ............................................................................................................. 145

17.30 show cable-diagnostics interface gigabitEthernet ........................................................ 146

17.31 show cpu-utilization .................................................................................................................. 146

17.32 show memory-utilization ......................................................................................................... 147

Chapter 18 IPv6 Address Configuration Commands ............................................ 148

18.1 ipv6 enable ................................................................................................................................... 148

18.2 ipv6 address autoconfig.......................................................................................................... 148

18.3 ipv6 address link-local ............................................................................................................. 149

18.4 ipv6 address dhcp ..................................................................................................................... 150

18.5 ipv6 address ra ........................................................................................................................... 150

18.6 ipv6 address eui-64 .................................................................................................................. 151

18.7 ipv6 address ................................................................................................................................ 152

18.8 show ipv6 interface ................................................................................................................... 152

Chapter 19 Ethernet Configuration Commands ..................................................... 154

19.1 interface gigabitEthernet ........................................................................................................ 154

19.2 interface range gigabitEthernet............................................................................................ 154

19.3 description ................................................................................................................................... 155

19.4 shutdown ...................................................................................................................................... 156

19.5 flow-control ................................................................................................................................. 156

19.6 duplex ............................................................................................................................................ 157

19.7 jumbo ............................................................................................................................................. 158

19.8 speed ............................................................................................................................................. 158

19.9 storm-control pps ..................................................................................................................... 159

19.10 storm-control .............................................................................................................................. 160

19.11 bandwidth ..................................................................................................................................... 161

19.12 clear counters ............................................................................................................................. 161

19.13 show interface status ............................................................................................................... 162

19.14 show interface counters ......................................................................................................... 163

19.15 show interface configuration ................................................................................................. 163

19.16 show storm-control .................................................................................................................. 164

19.17 show bandwidth ......................................................................................................................... 164

Chapter 20 QoS Commands ......................................................................................... 166

20.1 qos .................................................................................................................................................. 166

20.2 qos dscp ....................................................................................................................................... 167

20.3 qos queue cos-map .................................................................................................................. 167

20.4 qos queue dscp-map ............................................................................................................... 168

20.5 qos queue mode ........................................................................................................................ 169

20.6 qos queue weight ...................................................................................................................... 170

20.7 show qos interface .................................................................................................................... 172

20.8 show qos cos-map .................................................................................................................... 172

20.9 show qos dscp-map ................................................................................................................. 173

20.10 show qos queue mode ............................................................................................................. 173

20.11 show qos status ......................................................................................................................... 174

Chapter 21 Port Mirror Commands ............................................................................ 175

21.1 monitor session destination interface................................................................................ 175

21.2 monitor session source interface ........................................................................................ 176

21.3 show monitor session .............................................................................................................. 177

Chapter 22 Port Isolation Commands ....................................................................... 178

22.1 port isolation................................................................................................................................ 178

22.2 show port isolation interface ................................................................................................. 179

Chapter 23 Loopback Detection Commands .......................................................... 180

23.1 loopback-detection(global) .................................................................................................... 180

23.2 loopback-detection interval ................................................................................................... 180

VII

23.3 loopback-detection recovery-time ..................................................................................... 181

23.4 loopback-detection(interface) .............................................................................................. 182

23.5 loopback-detection config ..................................................................................................... 182

23.6 loopback-detection recover .................................................................................................. 183

23.7 show loopback-detection global.......................................................................................... 184

23.8 show loopback-detection interface .................................................................................... 184

Chapter 24 ACL Commands ......................................................................................... 186

24.1 access-list create ...................................................................................................................... 186

24.2 mac access-list .......................................................................................................................... 186

24.3 access-list standard ................................................................................................................. 187

24.4 access-list extended ................................................................................................................ 188

24.5 access-list ipv6 .......................................................................................................................... 189

24.6 rule .................................................................................................................................................. 190

24.7 access-list policy name ........................................................................................................... 191

24.8 access-list policy action .......................................................................................................... 192

24.9 access-list bind acl(interface) ............................................................................................... 193

24.10 access-list bind acl(vlan) ......................................................................................................... 193

24.11 access-list bind(interface) ...................................................................................................... 194

24.12 access-list bind(vlan) ................................................................................................................ 195

24.13 show access-list ........................................................................................................................ 195

24.14 show access-list policy ........................................................................................................... 196

24.15 show access-list bind ............................................................................................................... 196

Chapter 25 PoE Commands ......................................................................................... 197

25.1 power inline consumption (global) ....................................................................................... 197

25.2 power profile ............................................................................................................................... 197

25.3 power time-range ...................................................................................................................... 198

25.4 absolute ........................................................................................................................................ 199

25.5 periodic ......................................................................................................................................... 200

25.6 power holiday .............................................................................................................................. 201

25.7 holiday ........................................................................................................................................... 202

25.8 power inline consumption (interface) ................................................................................. 202

25.9 power inline priority ................................................................................................................... 203

25.10 power inline supply .................................................................................................................... 204

25.11 power inline profile .................................................................................................................... 204

25.12 power inline time-range ........................................................................................................... 205

25.13 show power inline ...................................................................................................................... 205

25.14 show power inline configuration interface ........................................................................ 206

VIII

25.15 show power inline information interface ........................................................................... 206

25.16 show power profile .................................................................................................................... 207

25.17 show power holiday .................................................................................................................. 207

25.18 show power time-range ........................................................................................................... 207

Chapter 26 MSTP Commands ...................................................................................... 209

26.1 debug spanning-tree ................................................................................................................ 209

26.2 spanning-tree(global) ............................................................................................................... 210

26.3 spanning-tree(interface) ......................................................................................................... 210

26.4 spanning-tree common-config ............................................................................................. 211

26.5 spanning-tree mode ................................................................................................................. 212

26.6 spanning-tree mst configuration ......................................................................................... 213

26.7 instance ......................................................................................................................................... 213

26.8 name ............................................................................................................................................... 214

26.9 revision .......................................................................................................................................... 215

26.10 spanning-tree mst instance ................................................................................................... 216

26.11 spanning-tree mst ..................................................................................................................... 216

26.12 spanning-tree priority .............................................................................................................. 217

26.13 spanning-tree tc-defend ......................................................................................................... 218

26.14 spanning-tree timer .................................................................................................................. 219

26.15 spanning-tree hold-count ....................................................................................................... 220

26.16 spanning-tree max-hops ......................................................................................................... 220

26.17 spanning-tree bpdufilter ......................................................................................................... 221

26.18 spanning-tree bpduguard ....................................................................................................... 221

26.19 spanning-tree guard loop ....................................................................................................... 222

26.20 spanning-tree guard root ........................................................................................................ 223

26.21 spanning-tree guard tc ............................................................................................................ 223

26.22 spanning-tree mcheck ............................................................................................................. 224

26.23 show spanning-tree active ..................................................................................................... 225

26.24 show spanning-tree bridge .................................................................................................... 225

26.25 show spanning-tree interface ............................................................................................... 226

26.26 show spanning-tree interface-security ............................................................................. 226

26.27 show spanning-tree mst ......................................................................................................... 227

Chapter 27 IGMP Snooping Commands.................................................................... 229

27.1 ip igmp snooping(global) ......................................................................................................... 229

27.2 ip igmp snooping(interface) ................................................................................................... 229

27.3 ip igmp snooping rtime ............................................................................................................ 230

27.4 ip igmp snooping mtime .......................................................................................................... 231

27.5 ip igmp snooping report-suppression ................................................................................ 231

27.6 ip igmp snooping immediate-leave ..................................................................................... 232

27.7 ip igmp snooping drop-unknown ......................................................................................... 232

27.8 ip igmp snooping last-listener query-inteval .................................................................... 233

27.9 ip igmp snooping last-listener query-count ..................................................................... 234

27.10 ip igmp snooping vlan-config ................................................................................................ 234

27.11 ip igmp snooping vlan-config (router-ports-forbidden) ............................................... 236

27.12 ip igmp snooping multi-vlan-config ..................................................................................... 237

27.13 ip igmp snooping multi-vlan-config (router-ports-forbidden).................................... 238

27.14 ip igmp snooping multi-vlan-config (source-ip-replace) ............................................. 239

27.15 ip igmp snooping querier vlan ............................................................................................... 239

27.16 ip igmp snooping querier vlan (general query) ................................................................ 240

27.17 ip igmp snooping max-groups .............................................................................................. 241

27.18 ip igmp snooping authentication .......................................................................................... 242

27.19 ip igmp snooping accounting ................................................................................................ 243

27.20 ip igmp profile ............................................................................................................................. 244

27.21 deny ................................................................................................................................................ 244

27.22 permit ............................................................................................................................................. 245

27.23 range .............................................................................................................................................. 245

27.24 ip igmp filter ................................................................................................................................. 246

27.25 clear ip igmp snooping statistics ......................................................................................... 247

27.26 show ip igmp snooping ............................................................................................................ 247

27.27 show ip igmp snooping interface ......................................................................................... 248

27.28 show ip igmp snooping vlan ................................................................................................... 249

27.29 show ip igmp snooping multi-vlan ....................................................................................... 249

27.30 show ip igmp snooping groups ............................................................................................. 250

27.31 show ip igmp snooping querier ............................................................................................. 251

27.32 show ip igmp profile .................................................................................................................. 252

Chapter 28 MLD Snooping Commands ..................................................................... 253

28.1 ipv6 mld snooping(global) ....................................................................................................... 253

28.2 ipv6 mld snooping(interface) ................................................................................................. 253

28.3 ipv6 mld snooping rtime .......................................................................................................... 254

28.4 ipv6 mld snooping mtime ........................................................................................................ 254

28.5 ipv6 mld snooping report-suppression ............................................................................. 255

28.6 ipv6 mld snooping immediate-leave ................................................................................... 256

28.7 ipv6 mld snooping drop-unknown ....................................................................................... 256

28.8 ipv6 mld snooping last-listener query-inteval ................................................................. 257

28.9 ipv6 mld snooping last-listener query-count ................................................................... 257

28.10 ipv6 mld snooping vlan-config .............................................................................................. 258

28.11 ipv6 mld snooping vlan-config (router-ports-forbidden) ............................................. 259

28.12 ipv6 mld snooping multi-vlan-config .................................................................................. 260

28.13 ipv6 mld snooping multi-vlan-config (router-ports-forbidden) ................................. 261

28.14 ipv6 mld snooping multi-vlan-config (source-ip-replace) ........................................... 262

28.15 ipv6 mld snooping querier vlan ............................................................................................. 263

28.16 ipv6 mld snooping querier vlan (general query) .............................................................. 263

28.17 ipv6 mld snooping max-groups ............................................................................................ 264

28.18 ipv6 mld profile ........................................................................................................................... 266

28.19 deny ................................................................................................................................................ 266

28.20 permit ............................................................................................................................................. 267

28.21 range .............................................................................................................................................. 267

28.22 ipv6 mld filter ............................................................................................................................... 268

28.23 clear ipv6 mld snooping statistics ....................................................................................... 269

28.24 show ipv6 mld snooping .......................................................................................................... 269

28.25 show ipv6 mld snooping interface ....................................................................................... 270

28.26 show ipv6 mld snooping vlan ................................................................................................. 270

28.27 show ipv6 mld snooping multi-vlan ..................................................................................... 271

28.28 show ipv6 mld snooping groups .......................................................................................... 271

28.29 show ipv6 mld snooping querier .......................................................................................... 273

28.30 show ipv6 mld profile ................................................................................................................ 274

Chapter 29 SNMP Commands ..................................................................................... 275

29.1 snmp-server ................................................................................................................................ 275

29.2 snmp-server view ...................................................................................................................... 275

29.3 snmp-server group ................................................................................................................... 276

29.4 snmp-server user ...................................................................................................................... 278

29.5 snmp-server community ......................................................................................................... 279

29.6 snmp-server host ...................................................................................................................... 280

29.7 snmp-server engineID ............................................................................................................. 282

29.8 snmp-server traps snmp ......................................................................................................... 282

29.9 snmp-server traps link-status ............................................................................................... 283

29.10 snmp-server traps ..................................................................................................................... 284

29.11 snmp-server traps vlan ............................................................................................................ 285

29.12 rmon history ................................................................................................................................ 286

29.13 rmon event ................................................................................................................................... 287

29.14 rmon alarm ................................................................................................................................... 288

29.15 rmon statistics ............................................................................................................................ 289

29.16 show snmp-server..................................................................................................................... 290

29.17 show snmp-server view ........................................................................................................... 291

29.18 show snmp-server group ........................................................................................................ 291

29.19 show snmp-server user ........................................................................................................... 292

29.20 show snmp-server community ............................................................................................. 292

29.21 show snmp-server host ........................................................................................................... 292

29.22 show snmp-server engineID .................................................................................................. 293

29.23 show rmon history ..................................................................................................................... 293

29.24 show rmon event ....................................................................................................................... 294

29.25 show rmon alarm ........................................................................................................................ 295

29.26 show rmon statistics ................................................................................................................ 295

Chapter 30 LLDP Commands ....................................................................................... 297

30.1 lldp................................................................................................................................................... 297

30.2 lldp hold-multiplier ..................................................................................................................... 297

30.3 lldp timer ....................................................................................................................................... 298

30.4 lldp receive ................................................................................................................................... 299

30.5 lldp transmit ................................................................................................................................. 300

30.6 lldp snmp-trap ............................................................................................................................. 300

30.7 lldp tlv-select ............................................................................................................................... 301

30.8 lldp med-fast-count .................................................................................................................. 302

30.9 lldp med-status ........................................................................................................................... 302

30.10 lldp med-tlv-select .................................................................................................................... 303

30.11 lldp med-location ....................................................................................................................... 304

30.12 show lldp ....................................................................................................................................... 305

30.13 show lldp interface .................................................................................................................... 305

30.14 show lldp local-information interface ................................................................................. 306

30.15 show lldp neighbor-information interface ......................................................................... 306

30.16 show lldp traffic interface ....................................................................................................... 307

Chapter 31 ARP Commands ......................................................................................... 308

31.1 arp ................................................................................................................................................... 308

31.2 clear arp-cache .......................................................................................................................... 309

31.3 arp timeout ................................................................................................................................... 309

31.4 show arp ........................................................................................................................................ 310

31.5 show ip arp (interface) .............................................................................................................. 310

31.6 show ip arp summary................................................................................................................ 311

Chapter 32 Static Routes Commands ....................................................................... 312

32.1 interface vlan ............................................................................................................................... 312

32.2 interface loopback .................................................................................................................... 312

XII

32.3 switchport .................................................................................................................................... 313

32.4 interface range port-channel ................................................................................................. 314

32.5 description ................................................................................................................................... 314

32.6 shutdown ...................................................................................................................................... 315

32.7 interface port-channel ............................................................................................................. 316

32.8 ip route .......................................................................................................................................... 316

32.9 ipv6 routing .................................................................................................................................. 317

32.10 ipv6 route ...................................................................................................................................... 318

32.11 show interface vlan ................................................................................................................... 318

32.12 show ip interface ........................................................................................................................ 319

32.13 show ip interface brief .............................................................................................................. 320

32.14 show ip route ............................................................................................................................... 320

32.15 show ip route specify ............................................................................................................... 321

32.16 show ip route summary ........................................................................................................... 322

32.17 show ipv6 interface ................................................................................................................... 322

32.18 show ipv6 route .......................................................................................................................... 323

32.19 show ipv6 route summary ...................................................................................................... 323

Chapter 33 SDM Template Commands ..................................................................... 325

33.1 sdm prefer .................................................................................................................................... 325

33.2 show sdm prefer ........................................................................................................................ 326

Chapter 34 AAA Commands ........................................................................................ 327

34.1 aaa enable .................................................................................................................................... 327

34.2 tacacas-server host .................................................................................................................. 328

34.3 show tacacs-server .................................................................................................................. 329

34.4 radius-server host ..................................................................................................................... 329

34.5 show radius-server ................................................................................................................... 331

34.6 aaa group ...................................................................................................................................... 331

34.7 server ............................................................................................................................................. 332

34.8 show aaa group .......................................................................................................................... 333

34.9 aaa authentication login .......................................................................................................... 333

34.10 aaa authentication enable....................................................................................................... 334

34.11 aaa authentication dot1x default .......................................................................................... 335

34.12 aaa accounting dot1x default ................................................................................................ 336

34.13 show aaa authentication ......................................................................................................... 337

34.14 show aaa accounting ................................................................................................................ 337

34.15 line telnet ...................................................................................................................................... 338

34.16 login authentication(telnet)..................................................................................................... 338

XIII

34.17 line ssh ........................................................................................................................................... 339

34.18 login authentication(ssh) ......................................................................................................... 339

34.19 enable authentication(telnet) ................................................................................................. 340

34.20 enable authentication(ssh) ..................................................................................................... 341

34.21 ip http login authentication ..................................................................................................... 342

34.22 ip http enable authentication ................................................................................................. 342

34.23 show aaa global .......................................................................................................................... 343

Chapter 35 DHCP Relay Commands .......................................................................... 344

35.1 service dhcp relay ..................................................................................................................... 344

35.2 ip helper-address....................................................................................................................... 344

35.3 ip dhcp relay information ........................................................................................................ 345

35.4 ip dhcp relay information policy ........................................................................................... 346

35.5 ip dhcp relay information custom ........................................................................................ 346

35.6 ip dhcp relay information circuit-id ...................................................................................... 347

35.7 ip dhcp relay information remote-id .................................................................................... 348

35.8 show ip dhcp relay ..................................................................................................................... 348

XIV

Preface

This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for T1600-28TS/T1600G-52TS/T1600G-28PS/T1600G-52PS JetStream Gigabit Smart Switch without any explanation. The commands in this guilde apply to these models if not specially noted, and T1600G-52TS is taken as an example model in the example commands.

Overview of this Guide

Chapter 1: Using the CLI

Provide information about how to use the CLI, CLI Command Modes, Security Levels and some

Conventions.

Chapter 2: User Interface

Provide information about the commands used to switch between five CLI Command Modes.

Chapter 3: IEEE 802.1Q VLAN Commands

Provide information about the commands used for configuring IEEE 802.1Q VLAN.

Chapter 4: MAC-based VLAN Commands

Provide information about the commands used for configuring MAC-based VLAN

Chapter 5: Protocol VLAN Commands

Provide information about the commands used for configuring Protocol VLAN.

Chapter 6: Voice VLAN Commands

Provide information about the commands used for configuring Voice VLAN.

Chapter 7: Etherchannel Commands

Provide information about the commands used for configuring LAG (Link Aggregation Group)

and LACP (Link Aggregation Control Protocol).

Chapter 8: User Management Commands

Provide information about the commands used for user management.

Chapter 9: HTTP and HTTPS Commands

Provide information about the commands used for configuring the HTTP and HTTPS logon.

Chapter 10: Binding Table Commands

Provide information about the commands used for binding the IP address, MAC address, VLAN

and the connected Port number of the Host together.

Chapter 11: ARP Inspection Commands

Provide information about the commands used for protecting the switch from the ARP

cheating or ARP Attack.

Chapter 12: DoS Defend Command

Provide information about the commands used for DoS defend and detecting the DoS attack.

Chapter 13: System Log Commands

Provide information about the commands used for configuring system log.

Chapter 14: SSH Commands

Provide information about the commands used for configuring and managing SSH (Security

Shell).

Chapter 15: IEEE 802.1X Commands

Provide information about the commands used for configuring IEEE 802.1X function.

Chapter 16: MAC Address Commands

Provide information about the commands used for Address configuration.

Chapter 17: System Configuration Commands

Provide information about the commands used for configuring the System information and

System IP, reboot and reset the switch, upgrade the switch system and commands used for

cable test.

Chapter 18: IPv6 Address Configuration Commands

Provide information about the commands used for configuring the System IPv6 addresses.

Chapter 19: Ethernet Configuration Commands

Provide information about the commands used for configuring the Bandwidth Control,

Negotiation Mode, and Storm Control for enthernet ports.

Chapter 20: QoS Commands

Provide information about the commands used for configuring the QoS function.

Chapter 21: Port Mirror Commands

Provide information about the commands used for configuring the Port Mirror function.

Chapter 22: Port Isolation Commands

Provide information about the commands used for configuring Port Isolation function.

Chapter 23: Loopback Detection Commands

Provide information about the commands used for configuring the Loopback Detection

function.

Chapter 24: ACL Commands

Provide information about the commands used for configuring the ACL (Access Control List).

Chapter 25: PoE Commands

Provide information about the commands used for configuring PoE function.

Chapter 26: MSTP Commands

Provide information about the commands used for configuring the MSTP (Multiple Spanning

Tree Protocol).

Chapter 27: IGMP Snooping Commands

Provide information about the commands used for configuring the IGMP Snooping (Internet

Group Management Protocol Snooping).

Chapter 28: MLD Snooping Commands

Provide information about the commands used for configuring the MLD Snooping (Multicast

Listener Discovery Snooping).

Chapter 29: SNMP Commands

Provide information about the commands used for configuring the SNMP (Simple Network

Management Protocol) functions.

Chapter 30: LLDP Commands

Provide information about the commands used for configuring LLDP function.

Chapter 31: ARP Commands

Provide information about the commands used for configuring the ARP (Address Resolution

Protocol) functions.

Chapter 32: Static Routes Commands

Provide information about the commands used for configuring the Static Route function.

Chapter 33: SDM Template Commands

Provide information about the commands used for configuring the SDM templates.

Chapter 34: AAA Commands

Provide information about the commands used for configuring AAA (authentication,

authorization and accounting).

Chapter 35: DHCP Relay Commands

Provide information about the commands used for configuring the DHCP Relay function.

Chapter 1 Using the CLI

1.1 Accessing the CLI

You can log on to the switch and access the CLI by logging on to the switch remotely by a

Telnet or SSH connection through an Ethernet port.

1.1.1 Logon by Telnet

To log on to the switch by a Telnet connection, please take the following steps:

1. Click Start and type in cmd in the Search programs and files window and press the Enter

button.

Figure 1-1 Run Window

2. Telnet the switch_IP (factory setting is 192.168.0.1) in the prompt cmd window and press

Enter.

Figure 1-2 Type in the telnet command

3. Type in the User name and Password (the factory default value for both of them are admin)

and press the Enter button to enter User EXEC Mode , which is shown as Figure 1-2.

Figure 1-2 Log in the Switch

4. Type in enable command to enter Privileged EXEC Mode.

Figure 1-3 Enter into Priviledged EXEC Mode

1.1.2 Logon by SSH

To log on by SSH, a Putty client software is recommended. There are two authentication modes

to set up an SSH connection:

Password Authentication Mode: It requires username and password, which are both admin by default.

Key Authentication Mode: It requires a public key for the switch and a private key for the SSH client software. You can generate the public key and the private key through Putty Key Generator.

Note:

Before SSH login, please follow the steps shown in Figure 1-4 to enable the SSH function through Telnet connection.

Figure 1-4 Enable SSH function

 Password Authentication Mode

1. Open the software to log on to the interface of PuTTY. Enter the IP address of the switch

into Host Name field; keep the default value 22 in the Port field; select SSH as the

Connection type.

Figure 1-5 SSH Connection Config

2. Click the Open button in the above figure to log on to the switch. Enter the login user name

and password to log on the switch, and then enter enable to enter Privileged EXEC Mode,

so you can continue to configure the switch.

Figure 1-6 Log on the Switch

 Key Authentication Mode

1. Select the key type and key length, and generate SSH key.

Figure 1-7 Generate SSH Key

Note:

1. The key length is in the range of 512 to 3072 bits.

2. During the key generation, randomly moving the mouse quickly can accelerate the key generation.

2. After the key is successfully generated, please save the public key and private key to a

TFTP server.

Figure 1-8 Save the Generated Key

3. Log on to the switch by Telnet and download the public key file from the TFTP server to the

switch, as the following figure shows:

Figure 1-9 Download the Public Key

Note:

1. The key type should accord with the type of the key file.

2. The SSH key downloading can not be interrupted.

4. After the public key is downloaded, please log on to the interface of PuTTY and enter the IP

address for login.

Figure 1-10 SSH Connection Config

5. Click Browse to download the private key file to SSH client software and click Open.

Figure 1-11 Download the Private Key

6. After successful authentication, please enter the login user name. If you log on to the

switch without entering password, it indicates that the key has been successfully

downloaded.

Figure 1-12 Log on the Switch

1.2 CLI Command Modes

The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode,

Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.

access Privileged EXEC mode.

mode.

VLAN Configuration mode.

User EXEC Mode

……

VLAN Configuration Mode

Interface Configuration Mode can also be divided into Interface Ethernet, Interface

link-aggregation and some other modes, which is shown as the following diagram.

Interface Configuration Mode

Interface gigabitEthernet

Interface link-aggregation

Interface range gigabitEthernet

Interface range link-aggregation

Interface vlan

Privileged EXEC

Mode

Global Configuration

Mode

The following table gives detailed information about the Accessing path, Prompt of each mode and how to exit the current mode and access the next mode.

Logout or Access the next

Mode Accessing Path Prompt

mode

User EXEC

Mode

Privileged

EXEC Mode

Primary mode once it

is connected with the

switch.

Use the enable

command to enter

this mode from User

EXEC mode.

T1600G-52TS>

T1600G-52TS#

Use the exit command to

disconnect the switch.

Use the enable command to

Enter the exit command to return

to User EXEC mode.

Enter configure command to

access Global Configuration

Global

Configuration

Mode

Use the configure

command to enter

this mode from

Privileged EXEC

mode.

T1600G-52TS (config)#

Use the exit or the end command

or press Ctrl+Z to return to

Privileged EXEC mode.

Use the interface

port

gigabitEthernet

interface range gigabitEthernet

port-list

interface Configuration mode.

Use the vlan

command to access

vlan-list

to access

mode.

Configuration mode.

configuration mode.

Mode Accessing Path Prompt

Layer 2 Interface:

Use the interface

Interface

Configuration

Mode

Interface

Configuration

Mode

gigabitEthernet

port,

interface

port-channel

interface range

gigabitEthernet

port-list

enter this mode from

Global Configuration

Layer 3 Interface:

Use the no

switchport

command to enter Routed Port mode from Interface Configuration mode.

Use the interface

vlan-id

vlan command to enter VLAN Interface mode from Global Configuration mode.

Use the interface

loopback

command to enter

Loopback Interface

mode from Global

lagid

command to

T1600G-52TS (config-if)#

T1600G-52TS(config-if-rang

T1600G-52TS (config-if)#

T1600G-52TS(config-if-rang

e)#

Logout or Access the next

mode

Use the end command or press Ctrl+Z to return to Privileged

EXEC mode.

Enter the exit or the # command to return to Global Configuration mode.

A port number must be specified

in the interface command.

Use the switchport command to switch to the Layer 2 interface mode.

Use the end command or press Ctrl+Z to return to Privileged EXEC mode.

Enter the exit or the # command

to return to Global Configuration

mode.

VLAN

Configuration

Mode

1. The user is automatically in User EXEC Mode after the connection between the PC and the

2. Each command mode has its own set of specific commands. To configure some

Use the vlan

command to enter

this mode from

Global Configuration

mode.

vlan-list

T1600G-52TS (config-vlan)#

Use the end command or press

Ctrl+Z to return to Privileged

EXEC mode.

Enter the exit command or the #

command to return to Global

Note:

switch is established by a Telnet/SSH connection.

commands, you should access the corresponding command mode firstly.

 Global Configuration Mode: In this mode, global commands are provided, such as the

Spanning Tree, Schedule Mode and so on.

 Interface Configuration Mode: In this mode, users can configure one or several ports,

different ports corresponds to different commands

a). Interface gigabitEthernet: Configure parameters for an Ethernet port, such as

Duplex-mode, flow control status.

b). Interface range gigabitEthernet: Configure parameters for several Ethernet ports.

c). Interface link-aggregation: Configure parameters for a link-aggregation, such as

broadcast storm.

d). Interface range link-aggregation: Configure parameters for multi-trunks.

e). Interface vlan: Configure parameters for the vlan-port.

 VLAN Configuration Mode: In this mode, users can create a VLAN and add a specified

port to the VLAN.

3. Some commands are global, that means they can be performed in all modes:

 show: display all information of switch, for example: statistic information, port

information, VLAN information.

 history: Display the commands history.

1.3 Privilege Restrictions

This switch’s security is divided into four privilege levels: User level, Power User level, Operator

level and Admin level. You can define username and password pairs, and assign a specific

privilege level to each pair. Different privilege levels have access to specified commands,

which is illustrated in the Privilege Requirement in each command. For details about how to

configure usename and password pairs, please refer to user name (password) and

(secret).

Users can enter Privileged EXEC mode from User EXEC mode by using the enable command. In

default case, no password is needed. In Global Configuration Mode, you can configure

user name

password for Admin level by enable password command. Once password is configured, you

are required to enter it to access Privileged EXEC mode.

1.4 Conventions

1.4.1 Format Conventions

The following conventions are used in this Guide:

 Items in square brackets [ ] are optional

 Items in braces { } are required

 Alternative items are grouped in braces and separated by vertical bars. For example:

speed {10 | 100 | 1000 }

 Bold indicates an unalterable keyword. For example: show logging

 Normal Font indicates a constant (several options are enumerated and only one can be

selected). For example: mode {dynamic | static | permanent}

 Italic Font indicates a variable (an actual value must be assigned). For example: bridge

aging-time

1.4.2 Special Characters

You should pay attentions to the description below if the variable is a character string:

 These six characters ” < > , \ & can not be input.

 If a blank is contained in a character string, single or double quotation marks should be

used, for example ’hello world’, ”hello world”, and the words in the quotation marks will be

identified as a string. Otherwise, the words will be identified as several strings.

1.4.3 Parameter Format

Some parameters must be entered in special formats which are shown as follows:

 MAC address must be enter in the format of xx:xx:xx:xx:xx:xx.

 One or several values can be typed for a port-list or a vlan-list using comma to separate.

Use a hyphen to designate a range of values, for instance,1/0/1,1/0/3-5,1/0/7 indicates

choosing port 1/0/1,1/0/3,1/0/4,1/0/5,1/0/7.

Chapter 2 User Interface

2.1 enable

Description

The enable command is used to access Privileged EXEC Mode from User EXEC Mode.

Syntax

enable

Command Mode

User EXEC Mode

Privilege Requirement

None.

Example

If you have set the password to access Privileged EXEC Mode from User EXEC Mode:

T1600G-52TS>enable

Enter password：

T1600G-52TS#

2.2 service password-encryption

Description

The service password-encryption command is used to encrypt the

password when the password is defined or when the configuration is written,

using the symmetric encryption algorithm. Encryption prevents the password

from being readable in the configuration file. To disable the global encryption

Syntax

function, please use no service password-encryption command.

service password-encryption

no service password-encryption

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin level users have access to these commands.

Example

Enable the global encryption function:

T1600G-52TS(config)# service password-encryption

2.3 enable password

Description

The enable password command is used to set or change the password for

users to access Privileged EXEC Mode from User EXEC Mode. To remove the

password, please use no enable password command. This command uses

the symmetric encryption.

Syntax

enable password { [ 0 ]

no enable password

Parameter

0 —— Specify the encryption type. 0 indicates that an unencrypted password

will follow. By default, the encryption type is 0.

password

characters or symbols. The password is case sensitive, allows digits, English

letters (case sensitive), underlines and sixteen special characters

( !$%'()*,-./[]{|} ). By default, it is empty.

7 —— Indicates a symmetric encrypted password with fixed length will follow.

encrypted-password

password

—— Super password, a string from 1 to 31 alphanumeric

—— A symmetric encrypted password with fixed length,

| 7

encrypted-password

}

which you can copy from another switch’s configuration file. After the

encrypted password is configured, you should use the corresponding

unencrypted password if you re-enter this mode.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin level users have access to these commands.

User Guidelines

If the password you configured here is unencrypted and the global

encryption function is enabled in service password-encryption

password in the configuration file will be displayed in the symmetric

encrypted form.

Example

Set the super password as “admin” and unencrypted to access Privileged

EXEC Mode from User EXEC Mode:

T1600G-52TS(config)#enable password 0 admin

2.4 enable secret

Description

The enable secret command is used to set a secret password, which is using

an MD5 encryption algorithm, for users to access Privileged EXEC Mode from

User EXEC Mode. To return to the default configuration, please use no enable

, the

secret command. This command uses the MD5 encryption.

Syntax

enable secret { [ 0 ]

no enable secret

Parameter

0 —— Specify the encryption type. 0 indicates that an unencrypted password

will follow. By default, the encryption type is 0.

password

characters or symbols. The password is case sensitive, allows digits, English

letters (case sensitive), underlines and sixteen special characters

( !$%'()*,-./[]{|} ). By default, it is empty. The password in the configuration file

will be displayed in the MD5 encrypted form.

5 —— Indicates an MD5 encrypted password with fixed length will follow.

encrypted-password

password

—— Super password, a string from 1 to 31 alphanumeric

—— An MD5 encrypted password with fixed length,

| 5

encrypted-password

}

which you can copy from another switch’s configuration file. After the

encrypted password is configured, you should use the corresponding

unencrypted password if you re-enter this mode.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin level users have access to these commands.

User Guidelines

If both the enable password and enable secret are defined, you must enter

the password set in enable secret.

Example

Set the secret password as “admin” and unencrypted to access Privileged

EXEC Mode from User EXEC Mode. The password will be displayed in the

encrypted form.

T1600G-52TS(config)#enable secret 0 admin

2.5 configure

Description

The configure command is used to access Global Configuration Mode from Privileged EXEC Mode.

Syntax

configure

Command Mode

Privileged EXEC Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

Access Global Configuration Mode from Privileged EXEC Mode:

T1600G-52TS# configure

T1600G-52TS(config)#

2.6 exit

Description

Syntax

Command Mode

Privilege Requirement

Example

The exit command is used to return to the previous Mode from the current Mode.

exit

Privileged EXEC Mode and Any Configuration Mode

None.

2.7 end

Description

Syntax

Command Mode

Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode:

T1600G-52TS(config-if)# exit

T1600G-52TS(config)#exit

T1600G-52TS#

The end command is used to return to Privileged EXEC Mode.

end

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

Only Admin level users have access to these commands.

Example

Return to Privileged EXEC Mode from Interface Configuration Mode:

T1600G-52TS(config-if)#end

T1600G-52TS#

2.8 history

Description

The history command is used to show the latest 20 commands you entered

in the current mode since the switch is powered.

Syntax

history

Command Mode

Privileged EXEC Mode and any Configuration Mode

Privilege Requirement

None.

Example

Show the commands you have entered in the current mode:

T1600G-52TS (config)# history

1 history

2.9 history clear

Description

The history clear command is used to clear the commands you have entered

in the current mode, therefore these commands will not be shown next time

you use the history command.

Syntax

history clear

Command Mode

Privileged EXEC Mode and any Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Clear the commands you have entered in the current mode:

T1600G-52TS(config)#history clear

Chapter 3 IEEE 802.1Q VLAN Commands

VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN

into multiple logical LANs flexibly. Hosts in the same VLAN can communicate with each other,

regardless of their physical locations. VLAN can enhance performance by conserving

bandwidth, and improve security by limiting traffic to specific domains.

3.1 vlan

Description

The vlan command is used to create IEEE 802.1Q VLAN and enter VLAN Configuration Mode. To delete the IEEE 802.1Q VLAN, please use no vlan command.

Syntax

vlan

vlan-list

no vlan

vlan-list

Parameter

vlan-list

format of 2-3, 5. It is multi-optional.

—— Specify IEEE 802.1Q VLAN ID list, ranging from 2 to 4094, in the

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

Create VLAN 2-10 and VLAN 100:

T1600G-52TS(config)# vlan 2-10,100

Delete VLAN 2:

T1600G-52TS(config)# no vlan 2

3.2 interface vlan

Description

The interface vlan command is used to create VLAN Interface and enter Interface VLAN Mode. To delete VLAN Interface, please use no interface

vlan command.

Syntax

interface vlan

no interface vlan

vlan-id

Parameter

vlan-id

—— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

Create VLAN Interface 2:

T1600G-52TS(config)# interface vlan 2

vlan-id

3.3 name

Description

Syntax

Parameter

Command Mode

The name command is used to assign a description to a VLAN. To clear the description, please use no name command.

name

no name

descript

most.

VLAN Configuration Mode(VLAN)

descript

——String to describe the VLAN, which contains 16 characters at

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

Specify the name of VLAN 2 as “group1”:

T1600G-52TS(config)# vlan 2

T1600G-52TS(config-vlan)# name group1

3.4 switchport general allowed vlan

Description

The switchport general allowed vlan command is used to add the desired General port to IEEE 802.1Q VLAN and specify the port’s type. To delete the corresponding VLAN(s), please use no switchport general allowed vlan command.

Syntax

switchport general allowed vlan

no switchport general allowed vlan

Parameter

vlan-list

format of 2-3, 5. It is multi-optional.

tagged | untagged —— Egress rule，untagged or tagged. Tagged: All packets forwarded by the port are tagged. The packets contain VLAN information. Untagged: Packets forwarded by the port are untagged.

—— Specify IEEE 802.1Q VLAN ID list, ranging from 2 to 4094, in the

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

vlan-list

{ tagged | untagged }

commands.

Example

Add port 4 it to VLAN 2 and configure the type of port 1/0/4 as tagged:

T1600G-52TS(config)# interface gigabitEthernet 1/0/4

T1600G-52TS(config-if)# switchport general allowed vlan 2 tagged

3.5 switchport pvid

Description

The switchport pvid command is used to configure the PVID for the switch ports.

Syntax

switchport pvid

Parameter

vlan-id

—— VLAN ID, ranging from 1 to 4094.

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Specify the PVID of port 1/0/2 as 2:

T1600G-52TS(config)# interface gigabitEthernet 1/0/2

T1600G-52TS(config-if)# switchport pvid 2

vlan-id

3.6 show vlan summary

Description

The show vlan summary command is used to display the summarized information of IEEE 802.1Q VLAN.

Syntax

show vlan summary

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the summarized information of IEEE 802.1Q VLAN:

T1600G-52TS(config)# show vlan summary

3.7 show vlan brief

Description

The show vlan brief command is used to display the brief information of IEEE

802.1Q VLAN.

Syntax

show vlan brief

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the brief information of IEEE 802.1Q VLAN:

T1600G-52TS(config)# show vlan brief

3.8 show vlan

Description

The show vlan command is used to display the information of IEEE 802.1Q VLAN.

Syntax

show vlan [ id

Parameter

vlan-id

]

vlan-id

multi-optional. Using the show vlan command without parameter displays the detailed information of all VLANs.

—— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. It is

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the information of vlan 5:

T1600G-52TS(config)# show vlan id 5

3.9 show interface switchport

Description

The show interface switchport command is used to display the IEEE 802.1Q VLAN configuration information of the specified port/LAG.

Syntax

show interface switchport [ gigabitEthernet

Parameter

port

—— The port number.

lagid

—— The ID of the LAG.

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the VLAN configuration information of all ports and LAGs:

T1600G-52TS(config)# show interface switchport

port

| port-channel

lagid

]

Chapter 4 MAC-based VLAN Commands

MAC VLAN (Virtual Local Area Network) is the way to classify the VLANs based on MAC

Address. A MAC address is relative to a single VLAN ID. The untagged packets and the

priority-tagged packets coming from the MAC address will be tagged with this VLAN ID.

4.1 mac-vlan mac-address

Description

The mac-vlan mac-address command is used to create a MAC-based VLAN

entry. To delete a MAC-based VLAN entry, please use the no mac-vlan

mac-address command.

Syntax

mac-vlan mac-address

no mac-vlan mac-address

Parameter

mac-addr

vlan-id

descript

contains 8 characters at most.

—— MAC address, in the format of XX:XX:XX:XX:XX:XX.

—— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.

—— Give a description to the MAC address for identification, which

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

mac-addr

vlan

vlan-id

[description

descript

]

Create VLAN 2 with the MAC address 00:11:11:01:01:12 and the name “TP”:

T1600G-52TS(config)#mac-vlan mac-address 00:11:11:01:01:12 vlan 2

description TP

4.2 mac-vlan

Description

The mac-vlan command is used to enable a port for the MAC-based VLAN

feature. Only the port is enabled can the configured MAC-based VLAN take

effect. To disable the MAC-based VLAN function, please use no mac-vlan

command. All the ports are disabled by default.

Syntax

mac-vlan

no mac-vlan

Command Mode

Interface Configuration Mode (interface fastEthernet / interface range

fastEthernet / interface gigabitEthernet / interface range gigabitEthernet/

interface ten-gigabitEthernet / interface range ten-gigabitEthernet)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable the Gigabit Ethernet port 1/0/3 for the MAC-based VLAN feature:

T1600G-52TS(config)#interface gigabitEthernet 1/0/3

T1600G-52TS(config-if)#mac-vlan

4.3 show mac-vlan

Description

The show mac-vlan command is used to display the information of the

MAC-based VLAN entry. MAC address and VLAN ID can be used to filter the

displayed information.

Syntax

show mac-vlan { all | mac-address

Command Mode

Privileged EXEC Mode and Any Configuration Mode

mac-addr

| vlan

vlan-id

}

Privilege Requirement

None.

Parameter

mac-addr

vlan-id

—— MAC address, in the format of XX:XX:XX:XX:XX:XX.

—— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.

Example

Display the information of all the MAC-based VLAN entry:

T1600G-52TS(config)#show mac-vlan all

4.4 show mac-vlan interface

Description

The show mac-vlan interface command is used to display the port state of

MAC-based VLAN.

Syntax

show mac-vlan interface

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the enable state of all the ports:

T1600G-52TS(config)#show mac-vlan interface

Chapter 5 Protocol VLAN Commands

Protocol-based VLAN (Virtual Local Area Network) is the way to classify VLANs based on

Protocols. A Protocol corresponds to a VLAN ID. The untagged packets and the priority-tagged

packets matching the protocol template will be tagged with this VLAN ID.

5.1 protocol-vlan template

Description

The protocol-vlan template command is used to create Protocol-based

VLAN template. To delete Protocol-based VLAN template, please use no

protocol-vlan template command.

Syntax

protocol-vlan template name

type

| snap ether-type

no protocol-vlan template

Parameter

protocol-name

which contains 8 characters at most.

ether_2 ether-type

snap ether-type

llc dsap

SSAP type.

template-idx

can get the template corresponding to the number by the show

protocol-vlan template command.

Command Mode

protocol-name

type

| llc dsap

template-idx

—— Give a name for the Protocol-based VLAN Template ,

type

—— Specify the Ethernet type.

type

—— Specify the Ethernet type.

dsap_type

ssap

ssap_type

dsap_type

—— Specify the DSAP type and the

frame { ether_2 ether-type

ssap

ssap_type

}

—— The number of the Protocol-based VLAN Template. You

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Create a Protocol-based VLAN template named “TP” whose Ethernet

protocol type is 0x2024:

T1600G-52TS(config)#protocol-vlan template name TP frame ether_2

ether-type 2024

5.2 protocol-vlan vlan

Description

The protocol-vlan vlan command is used to create a Protocol-based VLAN. To delete a Protocol-based VLAN, please use no protocol-vlan command.

Syntax

protocol-vlan vlan

no protocol-vlan vlan

Parameter

vlan-vid

template-idx

get the template corresponding to the number by the

template command.

group-idx

the Protocol-based VLAN entry corresponding to the number by the

protocol-vlan vlan command.

—— Specify IEEE 802.1Q VLAN ID, ranging from 1-4094.

——The number of the Protocol-based VLAN Template. You can

——The number of the Protocol-based VLAN entry. You can get

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

vlan-id

group-idx

{ template

template-idx

}

show protocol-vlan

show

Example

Create Protocol-based VLAN 2 and bind it with Protocol-based VLAN Template 3:

T1600G-52TS(config)# protocol-vlan vlan 2 template 3

5.3 protocol-vlan group

Description

The protocol-vlan command is used to add the port to a specified protocol

group. To remove the port from this protocol group, please use no

protocol-vlan group command.

Syntax

protocol-vlan group

no protocol-vlan group

Parameter

index

—— Specify the protocol group ID.

Command Mode

Interface Configuration Mode (interface fastEthernet / interface range

fastEthernet / interface gigabitEthernet / interface range gigabitEthernet/

interface ten-gigabitEthernet / interface range ten-gigabitEthernet)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Add Gigabit Ethernet port 1/0/20 to protocol group 1:

index

T1600G-52TS(config)#interface gigabitEthernet 1/0/20

T1600G-52TS(config-if)#protocol-vlan group 1

5.4 show protocol-vlan template

Description

The show protocol-vlan template command is used to display the information of the Protocol-based VLAN templates.

Syntax

show protocol-vlan template

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the information of the Protocol-based VLAN templates:

T1600G-52TS(config)# show protocol-vlan template

5.5 show protocol-vlan vlan

Description

The show protocol-vlan vlan command is used to display the information about Protocol-based VLAN entry.

Syntax

show protocol-vlan vlan

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display information of the Protocol-based VLAN entry:

T1600G-52TS(config)# show protocol-vlan vlan

Chapter 6 Voice VLAN Commands

Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and

adding the ports with voice devices attached to voice VLANs, you can perform QoS-related

configuration for voice data, ensuring the transmission priority of voice data stream and voice

quality.

6.1 voice vlan

Description

The voice vlan command is used to enable Voice VLAN function. To disable

Voice VLAN function, please use no voice vlan command.

Syntax

voice vlan

no voice vlan

vlan-id

Parameter

vlan-id

—— Specify IEEE 802.1Q VLAN ID, ranging from 2 to 4094.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable the Voice VLAN function for VLAN 10:

T1600G-52TS(config)# voice vlan 10

6.2 voice vlan aging

Description

The voice vlan aging command is used to set the aging time for a voice

VLAN. To restore to the default aging time for the Voice VLAN, please use no

voice vlan aging command.

Syntax

voice vlan aging

no voice vlan aging

Parameter

time

—— Aging time (in minutes) to be set for the Voice VLAN. It ranges from

1 to 43200 minutes and the default value is 1440 minutes.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Set the aging time for the Voice VLAN as 1 minute:

time

T1600G-52TS(config)# voice vlan aging 1

6.3 voice vlan priority

Description

The voice vlan priority command is used to configure the priority for the

Voice VLAN. To restore to the default priority, please use no voice vlan

priority command.

Syntax

voice vlan priority

no voice vlan priority

Parameter

pri

—— Priority, ranging from 0 to 7, and the default value is 6.

pri

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the priority of the Voice VLAN as 5:

T1600G-52TS(config)# voice vlan priority 5

6.4 voice vlan mac-address

Description

The voice vlan mac-address command is used to create Voice VLAN OUI. To

delete the specified Voice VLAN OUI, please use no voice vlan mac-address

command.

Syntax

voice vlan mac-address

no voice vlan mac-address

Parameter

mac-addr

XX:XX:XX:XX:XX:XX.

mask

XX:XX:XX:XX:XX:XX.

descript

characters at most.

—— The OUI address of the voice device, in the format of

—— The OUI address mask of the voice device, in the format of

——Give a description to the OUI for identification which contains 16

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

mac-addr

mask

[ description

descript

]

commands.

Example

Create a Voice VLAN OUI described as TP-Phone with the OUI address

00:11:11:11:11:11 and the mask address FF:FF:FF:00:00:00:

T1600G-52TS(config)#voice vlan mac-address 00:11:11:11:11:11 mask

FF:FF:FF:00:00:00 description TP-Phone

6.5 switchport voice vlan mode

Description

The switchport voice vlan mode command is used to configure the Voice

VLAN mode for the Ethernet port.

Syntax

switchport voice vlan mode { manual | auto }

Parameter

manual | auto —— Port mode.

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the port 1/0/3 to operate in the auto voice VLAN mode:

T1600G-52TS(config)# interface gigabitEthernet 1/0/3

T1600G-52TS(config-if)# switchport voice vlan mode auto

6.6 switchport voice vlan security

Description

The switchport voice vlan security command is used to enable the Voice

VLAN security feature. To disable the Voice VLAN security feature, please

use no switchport voice vlan security command.

Syntax

switchport voice vlan security

no switchport voice vlan security

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable port 1/0/3 for the Voice VLAN security feature:

T1600G-52TS(config)# interface gigabitEthernet 1/0/3

T1600G-52TS(config-if)# switchport voice vlan security

6.7 show voice vlan

Description

The show voice vlan command is used to display the global configuration

information of Voice VLAN.

Syntax

show voice vlan

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Display the configuration information of Voice VLAN globally:

T1600G-52TS(config)# show voice vlan

6.8 show voice vlan oui

Description

The show voice vlan oui command is used to display the configuration

information of Voice VLAN OUI.

Syntax

show voice vlan oui

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Display the configuration information of Voice VLAN OUI:

T1600G-52TS(config)# show voice vlan oui

6.9 show voice vlan switchport

Description

The show voice vlan switchport command is used to display the Voice VLAN

configuration information of a specified port/LAG.

Syntax

show voice vlan switchport [ gigabitEthernet

Parameter

port

—— The Ethernet port number.

lagid

—— The ID of the LAG.

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

port

| port-channel

lagid

]

commands.

Example

Display the Voice VLAN configuration information of all ports and LAGs:

T1600G-52TS(config)# show voice vlan switchport

Display the Voice VLAN configuration information of port 1/0/2:

T1600G-52TS(config)# show voice vlan switchport gigabitEthernet 1/0/2

Chapter 7 Etherchannel Commands

Etherchannel Commands are used to configure LAG and LACP function.

LAG (Link Aggregation Group) is to combine a number of ports together to make a single

high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is

the sum of bandwidth of its member port.

LACP (Link Aggregation Control Protocol) is defined in IEEE802.3ad and enables the dynamic

link aggregation and disaggregation by exchanging LACP packets with its partner. The switch

can dynamically group similarly configured ports into a single logical link, which will highly

extend the bandwidth and flexibly balance the load.

7.1 channel-group

Description

The channel-group command is used to add a port to the EtherChannel

Group and configure its mode. To delete the port from the EtherChannel

Group, please use no channel-group command.

Syntax

channel-group

no channel-group

Parameter

num

—— The number of the EtherChannel Group, ranging from 1 to 6.

on —— Enable the static LAG.

active —— Enable the active LACP mode.

passive —— Enable the passive LACP mode.

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

num

mode { on | active | passive }

gigabitEthernet)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Add ports 2-4 to EtherChannel Group 1 and enable the static LAG:

T1600G-52TS(config)# interface range gigabitEthernet 1/0/2-4

T1600G-52TS(config-if-range)# channel-group 1 mode on

7.2 port-channel load-balance

Description

The port-channel load-balance command is used to configure the

Aggregate Arithmetic for LAG. To return to the default configurations, please

use no port-channel load-balance command.

Syntax

port-channel load-balance { src-mac | dst-mac | src-dst-mac | src-ip | dst-ip |

src-dst-ip }

no port-channel load-balance

Parameter

src-mac —— The source MAC address. When this option is selected, the

Aggregate Arithmetic will be based on the source MAC address of the

packets.

dst-mac —— The destination MAC address. When this option is selected, the

Aggregate Arithmetic will be based on the destination MAC address of the

packets.

src-dst-mac —— The source and destination MAC address. When this option

is selected, the Aggregate Arithmetic will be based on the source and

destination MAC addresses of the packets. The Aggregate Arithmetic for

LAG is “src-dst-mac” by default.

src-ip —— The source IP address. When this option is selected, the

Aggregate Arithmetic will be based on the source IP address of the packets.

dst-ip —— The destination IP address. When this option is selected, the

Aggregate Arithmetic will be based on the destination IP address of the

packets.

src-dst-ip —— The source and destination IP address. When this option is

selected, the Aggregate Arithmetic will be based on the source and

destination IP addresses of the packets.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the Aggregate Arithmetic for LAG as “src-dst-ip”:

T1600G-52TS(config)# port-channel load-balance src-dst-ip

7.3 lacp system-priority

Description

The lacp system-priority command is used to configure the LACP system

priority globally. To return to the default configurations, please use no lacp

system-priority command.

Syntax

lacp system-priority

no lacp system-priority

Parameter

pri

—— The system priority, ranging from 0 to 65535. It is 32768 by default.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

pri

Configure the LACP system priority as 1024 globally:

T1600G-52TS(config)# lacp system-priority 1024

7.4 lacp port-priority

Description

The lacp port-priority command is used to configure the LACP port priority

for specified ports. To return to the default configurations, please use no lacp

port-priority command.

Syntax

lacp port-priority

no lacp port-priority

Parameter

pri

—— The port priority, ranging from 0 to 65535. It is 32768 by default.

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the LACP port priority as 1024 for ports 1-3:

pri

T1600G-52TS(config)# interface range gigabitEthernet 1/0/1-3

T1600G-52TS(config-if-range)# lacp port-priority 1024

Configure the LACP port priority as 2048 for port 4:

T1600G-52TS(config)# interface gigabitEthernet 1/0/4

T1600G-52TS(config-if)# lacp port-priority 2048

7.5 show etherchannel

Description

The show etherchannel command is used to display the EtherChannel

information.

Syntax

show etherchannel [

Parameter

channel-group-num

6. By default, it is empty, and will display the information of all EtherChannel

Groups.

detail —— The detailed information of EtherChannel.

summary —— The EtherChannel information in summary.

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the detailed information of EtherChannel Group 1:

channel-group-num

—— The EtherChannel Group number, ranging from 1 to

] { detail | summary }

T1600G-52TS(config)# show etherchannel 1 detail

7.6 show etherchannel load-balance

Description

The show etherchannel load-balance command is used to display the

Aggregate Arithmetic of LAG.

Syntax

show etherchannel load-balance

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the Aggregate Arithmetic of LAG:

T1600G-52TS(config)# show etherchannel load-balance

7.7 show lacp

Description

The show lacp command is used to display the LACP information for a

specified EtherChannel Group.

Syntax

show lacp [

channel-group-num

Parameter

channel-group-num

6. By default, it is empty, and will display the information of all LACP groups.

internal —— The internal LACP information.

neighbor —— The neighbor LACP information.

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the internal LACP information of EtherChannel Group 1:

T1600G-52TS(config)# show lacp 1 internal

] { internal

—— The EtherChannel Group number, ranging from 1 to

neighbor }

7.8 show lacp sys-id

Description

The show lacp sys-id command is used to display the LACP system priority

globally.

Syntax

show lacp sys-id

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the LACP system priority:

T1600G-52TS(config)# show lacp sys-id

Chapter 8 User Management Commands

User Manage Commands are used to manage the user’s logging information by Web, Telnet or

SSH, so as to protect the settings of the switch from being randomly changed.

8.1 user name (password)

Description

The user name command is used to add a new user or modify the existed

users’ information. To delete the existed users, please use no user name

command. This command uses the symmetric encryption.

Syntax

user name

{ [ 0 ]

no user name

Parameter

name

composed of digits, English letters and under dashes only.

admin | operator | power_user | user —— Access level. “admin” means that

you can edit, modify and view all the settings of different functions. “operator”

means that you can edit, modify and view most of the settings of different

functions. “power-user” means that you can edit, modify and view some of

the settings of different functions. “user” means that you can only view some

of the settings of different functions without the right to edit or modify. It is

“admin” by default. For more details about privilege restrictions, please refer

to the Privilege Requirement part in each command.

0 —— Specify the encryption type. 0 indicates that an unencrypted password

name

[ privilege admin | operator | power_user | user ] password

password

| 7

encrypted-password

}

name

——Type a name for users' login, which contains 16 characters at most,

will follow. By default, the encryption type is 0.

password

characters or symbols. The password is case sensitive, allows digits, English

letters (case sensitive), underlines and sixteen special characters

( !$%'()*,-./[]{|} ).

7 —— Indicates a symmetric encrypted password with fixed length will follow.

encrypted-password

which you can copy from another switch’s configuration file. After the

—— Users’ login password, a string from 1 to 31 alphanumeric

—— A symmetric encrypted password with fixed length,

encrypted password is configured, you should use the corresponding

unencrypted password if you re-enter this mode.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin level users have access to these commands.

User Guidelines

If the password you configured here is unencrypted and the global

encryption function is enabled in service password-encryption

password in the configuration file will be displayed in the symmetric

encrypted form.

Example

Add and enable a new admin user named “tplink”, of which the password is

“admin” and unencrypted:

, the

T1600G-52TS(config)#user name tplink privilege admin password 0 admin

8.2 user name (secret)

Description

The user name command is used to add a new user or modify the existed

users’ information. To delete the existed users, please use no user name

command. This command uses the MD5 encryption.

Syntax

user name

password

no user name

Parameter

name

[ privilege admin | operator | power_user | user ] secret { [ 0 ]

| 5

encrypted-password

name

——Type a name for users' login, which contains 16 characters at most,

}

composed of digits, English letters and under dashes only.

admin | operator | power_user | user —— Access level. “admin” means that

you can edit, modify and view all the settings of different functions. “operator”

means that you can edit, modify and view most of the the settings of different

functions. “power-user” means that you can edit, modify and view some of

the the settings of different functions. “user” means that you can only view

some of the the settings of different functions without the right to edit or

modify. It is “admin” by default.

0 —— Specify the encryption type. 0 indicates that an unencrypted password

will follow. By default, the encryption type is 0.

password

characters or symbols. The password is case sensitive, allows digits, English

letters (case sensitive), underlines and sixteen special characters

( !$%'()*,-./[]{|} ). The password will be saved to the configuration file using the

MD5 encrypted algorithm.

5 —— Indicates an MD5 encrypted password with fixed length will follow.

——Users’ login password, a string from 1 to 31 alphanumeric

encrypted-password

which you can copy from another switch’s configuration file.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin level users have access to these commands.

User Guidelines

If both the user name (password) and user name (secret) are defined, only

—— An MD5 encrypted password with fixed length,

the latest configured password will take effect.

Example

Add and enable a new admin user named “tplink”, of which the password is

“admin”. The password will be displayed in the encrypted form.

T1600G-52TS(config)#user name tplink privilege admin secret 0 admin

8.3 user access-control ip-based

Description

The user access-control ip-based command is used to limit the IP-range of

the users’ access. Only the users within the IP-range you set here are allowed

to access the switch. To cancel the user access limit, please use no user

access-control command.

Syntax

user access-control ip-based {

[ http ] [ https ] [ ping ] [ all ]

no user access-control [ ip-based index

Parameter

ip-addr

set here are allowed to access the switch.

ip-mask

[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] —— Specify the access

interface. These interfaces are enabled by default.

—— The source IP address. Only the users within the IP-range you

——The subnet mask of the IP address.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin and Operator level users have access to these commands.

ip-addr ip-mask }

id ]

[ snmp ] [ telnet ] [ ssh ]

Example

Enable the access-control of the user whose IP address is 192.168.0.148:

T1600G-52TS(config)# user access-control ip-based 192.168.0.148

255.255.255.255

8.4 user access-control mac-based

Description

The user access-control mac-based command is used to limit the MAC

address of the users’ access. Only the user with this MAC address you set

here is allowed to access the switch. To cancel the user access limit, please

use no user access-control command.

Syntax

user access-control mac-based {

mac-addr }

[ snmp ] [ telnet ] [ ssh ] [ http ]

[ https ] [ ping ] [ all ]

no user access-control

Parameter

mac-addr

address is allowed to access the switch.

[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] —— Specify the access

interface. These interfaces are enabled by default.

—— The source MAC address. Only the user with this MAC

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin and Operator level users have access to these commands.

Example

Configure that only the user whose MAC address is 00:00:13:0A:00:01 is

allowed to access the switch:

T1600G-52TS(config)# user access-control mac-based 00:00:13:0A:00:01

8.5 user access-control port-based

Description

The user access-control port-based command is used to limit the ports for

accessing. Only the users connected to these ports you set here are allowed

to login. To cancel the user access limit, please use no user access-control

command.

Syntax

user access-control port-based interface { gigabitEthernet

[ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]

no user access-control

Parameter

port-list

appoint 5 ports at most.

——The list group of Ethernet ports, in the format of 1/0/1-4. You can

port-list

} [ snmp ]

[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] —— Specify the access

interface. These interfaces are enabled by default.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin and Operator level users have access to these commands.

Example

Configure that only the users connected to ports 2-6 are allowed to access the

switch:

T1600G-52TS(config)# user access-control port-based interface

gigabitEthernet 1/0/2-6

8.6 telnet

Description

The telnet enable command is used to enable the Telnet function. To disable

the Telnet function, please use the telnet disable command. This function is

enabled by default.

Syntax

telnet enable

telnet disable

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin and Operator level users have access to these commands.

Example

Disable the Telnet function:

T1600G-52TS(config)# telnet disable

8.7 show user account-list

Description

The show user account-list command is used to display the information of

the current users.

Syntax

show user account-list

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

Only Admin level users have access to these commands.

Example

Display the information of the current users:

T1600G-52TS(config)# show user account-list

8.8 show user configuration

Description

The show user configuration command is used to display the security

configuration information of the user authentication information and the

access interface.

Syntax

show user configuration

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the security configuration information of the users:

T1600G-52TS(config)# show user configuration

8.9 show telnet-status

Description

The show telnet-status command is used to display the configuration

information of the Telnet function.

Syntax

show telnet-status

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display whether the Telnet function is enabled:

T1600G-52TS(config)# show telnet-status

Chapter 9 HTTP and HTTPS Commands

With the help of HTTP (HyperText Transfer Protocol) or HTTPS (Hyper Text Transfer Protocol

over Secure Socket Layer), you can manage the switch through a standard browser.

HTTP is the protocol to exchange or transfer hypertext.

SSL (Secure Sockets Layer), a security protocol, is to provide a secure connection for the

application layer protocol (e.g. HTTP) based on TCP. Adopting asymmetrical encryption

technology, SSL uses key pair to encrypt/decrypt information. A key pair refers to a public key

(contained in the certificate) and its corresponding private key. By default, the switch has a

certificate (self-signed certificate) and a corresponding private key. The Certificate/Key

Download function enables the user to replace the default key pair.

9.1 ip http server

Description

The ip http server command is used to enable the HTTP server within the

switch. To disable the HTTP function, please use no ip http server command.

This function is enabled by default. The HTTP and HTTPS server function

cannot be disabled at the same time.

Syntax

ip http server

no ip http server

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin and Operator level users have access to these commands.

Example

Disable the HTTP function:

T1600G-52TS(config)# no ip http server

9.2 ip http max-users

Description

The ip http max-users command is used to configure the maximum number

of users that are allowed to connect to the HTTP server. To cancel this

limitation, please use no ip http max-users command.

Syntax

ip http max-users

no ip http max-users

Parameter

admin-num

server as Admin, ranging from 1 to 16. The total number of Admin and Guest

should be less than 16.

guest-num

server as Guest, ranging from 0 to 15.The total number of Admin and Guest

should be less than 16.

—— The maximum number of the users logging on to the HTTP

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin and Operator level users have access to these commands.

admin-num guest-num

Example

Configure the maximum number of the Admin and Guest users logging on to

the HTTP server as 5 and 3:

T1600G-52TS(config)# ip http max-users 5 3

9.3 ip http session timeout

Description

The ip http session timeout command is used to configure the connection

timeout of the HTTP server. To restore to the default timeout time, please use

no ip http session timeout command.

Syntax

ip http session timeout

minutes

no ip http session timeout

Parameter

minutes

value is 10.

——The timeout time, ranging from 5 to 30 in minutes. By default, the

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin and Operator level users have access to these commands.

Example

Configure the timeout time of the HTTP server connection as 15 minutes:

T1600G-52TS(config)# ip http session timeout 15

9.4 ip http secure-server

Description

The ip http secure-server command is used to enable the HTTPS server

within the switch. To disable the HTTPS function, please use no ip http

secure-server command. This function is enabled by default. The HTTP and

HTTPS server function cannot be disabled at the same time.

Syntax

ip http secure-server

no ip http secure-server

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Disable the HTTPS function:

T1600G-52TS(config)# no ip http secure-server

9.5 ip http secure-protocol

Description

The ip http secure-protocol command is used to configure the SSL protocol

version. To restore to the default SSL version, please use no ip http

secure-protocol command. By default, the switch supports SSLv3 and

TLSv1.

Syntax

ip http secure-protocol { [ ssl3 ] [ tls1 ] }

no ip http secure-protocol

Parameter

ssl3 —— The SSL 3.0 protocol.

tls1

—— The TLS 1.0 protocol

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the protocol of SSL connection as SSL 3.0:

T1600G-52TS(config)# ip http secure-protocol ssl3

9.6 ip http secure-ciphersuite

Description

The ip http secure-ciphersuite command is used to configure the

cipherSuites over the SSL connection supported by the switch. To restore to

Syntax

the default ciphersuite types, please use no ip http secure-ciphersuite

command.

ip http secure-ciphersuite { [ 3des-ede-cbc-sha ] [ rc4-128-md5 ]

[ rc4-128-sha ] [ des-cbc-sha ] }

no ip http secure-ciphersuite

Parameter

[ 3des-ede-cbc-sha ] [ rc4-128-md5 ] [ rc4-128-sha ] [ des-cbc-sha ] ——

Specify the encryption algorithm and the digest algorithm to use on an SSL

connection. By default, the switch supports all these ciphersuites.

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the ciphersuite to be used for encryption over the SSL connection

as 3des-ede-cbc-sha:

T1600G-52TS(config)# ip http secure-ciphersuite 3des-ede-cbc-sha

9.7 ip http secure-max-users

Description

The ip http secure-max-users command is used to configure the maximum

number of users that are allowed to connect to the HTTPS server. To cancel

this limitation, please use no ip http secure-max-users command.

Syntax

ip http secure-max-users

no ip http secure-max-users

Parameter

admin-num

—— The maximum number of the users logging on to the HTTPS

admin-num guest-num

server as Admin, ranging from 1 to 16. The total number of Admin and Guest

should be no more than 16.

guest-num

server as Guest, ranging from 0 to 15.The total number of Admin and Guest

should be no more than 16.

—— The maximum number of the users logging on to the HTTPS

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the maximum number of the Admin and Guest users logging on to

the HTTPS server as 5 and 3:

T1600G-52TS(config)# ip http secure-max-users 5 3

9.8 ip http secure-session timeout

Description

The ip http secure-session timeout command is used to configure the

connection timeout of the HTTPS server. To restore to the default timeout

time, please use no ip http secure-session timeout command.

Syntax

ip http secure-session timeout

no ip http secure-session timeout

Parameter

minutes

the value is 10.

—— The timeout time, ranging from 5 to 30 in minutes. By default,

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

minutes

commands.

Example

Configure the timeout time of the HTTPS server connection as 15 minutes:

T1600G-52TS(config)# ip http secure-session timeout 15

9.9 ip http secure-server download certificate

Description

The ip http secure-server download certificate command is used to

download a certificate to the switch from TFTP server.

Syntax

ip http secure-server download certificate

Parameter

ssl-cert

to the switch. The length of the name ranges from 1 to 25 characters. The

Certificate must be BASE64 encoded.

ip-addr

are supported, for example 192.168.0.1 or fe80::1234.

—— The name of the SSL certificate which is selected to download

—— The IP address of the TFTP server. Both IPv4 and IPv6 addresses

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

ssl-cert

ip-address

ip-addr

Download an SSL Certificate named ssl-cert from TFTP server with the IP

address of 192.168.0.146:

T1600G-52TS(config)# ip http secure-server download certificate ssl-cert

ip-address 192.168.0.146

Download an SSL Certificate named ssl-cert from TFTP server with the IP

address of fe80::1234

T1600G-52TS(config)# ip http secure-server download certificate ssl-cert

ip-address fe80::1234

9.10 ip http secure-server download key

Description

The ip http secure-server download key command is used to download an

SSL key to the switch from TFTP server.

Syntax

ip http secure-server download key

Parameter

ssl-key

switch. The length of the name ranges from 1 to 25 characters. The Key must

be BASE64 encoded.

ip-addr

are supported, for example 192.168.0.1 or fe80::1234.

—— The name of the SSL key which is selected to download to the

—— The IP address of the TFTP server. Both IPv4 and IPv6 addresses

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

ssl-key

ip-address

ip-addr

Download an SSL key named ssl-key from TFTP server with the IP address of

192.168.0.146:

T1600G-52TS(config)# ip http secure-server download key ssl-key

ip-address 192.168.0.146

Download an SSL key named ssl-key from TFTP server with the IP address of

fe80::1234

T1600G-52TS(config)# ip http secure-server download key ssl-key

ip-address fe80::1234

9.11 show ip http configuration

Description

The show ip http configuration command is used to display the

configuration information of the HTTP server, including status, session

timeout, access-control, max-user number and the idle-timeout, etc.

Syntax

show ip http configuration

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the configuration information of the HTTP server:

T1600G-52TS(config)# show ip http configuration

9.12 show ip http secure-server

Description

The show ip http secure-server command is used to display the global

configuration of SSL.

Syntax

show ip http secure-server

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the global configuration of SSL:

T1600G-52TS(config)# show ip http secure-server

Chapter 10 Binding Table Commands

You can bind the IP address, MAC address, VLAN and the connected Port number of the Host

together, which can be the condition for the ARP Inspection to filter the packets.

10.1 ip source binding

Description

The ip source binding command is used to bind the IP address, MAC address,

VLAN ID and the Port number together manually.

IP address, MAC address, VLAN ID and the Port number together in the

condition that you have got the related information of the Hosts in the LAN.

To delete the IP-MAC–VID-PORT entry from the binding table, please use no

ip source binding index command.

Syntax

ip source binding

gigabitEthernet

dhcp-snooping} ]

no ip source binding index

Parameter

hostname

ip-addr

mac-addr

You can manually bind the

hostname ip-addr mac-addr

port

{ none | arp-detection } [ forced-source {arp-scanning |

idx

——The Host Name, which contains 20 characters at most.

—— The IP address of the Host.

—— The MAC address of the Host.

vlan

vlan-id

interface

vlan-id

port

none | arp-detection ——The protect type for the entry. “none” indicates

applying none; “arp-detection” indicates ARP detection.

forced-source —— The source of the binding entry can be specified as

“arp-scanning” or “dhcp-snooping”. It is multi-optional.

idx

source binding command to get the idx. Pay attention that the entry number

is the actual number in the binding table which is not display in an arranged

order.

——The VLAN ID needed to be bound, ranging from 1 to 4094.

—— The number of port connected to the Host.

—— The entry number needed to be deleted. You can use the show ip

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Bind an ACL entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2

and the Port number 5 manually. And then enable the entry for the ARP

detection:

T1600G-52TS(config)#ip source binding host1 192.168.0.1

00:00:00:00:00:01 vlan 2 interface gigabitEthernet 1/0/5 arp-detection

Delete the IP-MAC–VID-PORT entry with the index 5:

T1600G-52TS(config)#no ip source binding index 5

10.2 ip dhcp snooping

Description

The ip dhcp snooping command is used to enable DHCP Snooping function

globally. To disable DHCP Snooping function globally, please use no ip dhcp

snooping command. DHCP Snooping functions to monitor the process of the

Host obtaining the IP address from DHCP server, and record the IP address,

MAC address, VLAN and the connected Port number of the Host for

automatic binding. The switch can also propagate the control information and

the network parameters via the Option 82 field to provide more information

for the Host.

Syntax

ip dhcp snooping

no ip dhcp snooping

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable the DHCP Snooping function globally:

T1600G-52TS(config)#ip dhcp snooping

10.3 ip dhcp snooping vlan

Description

The ip dhcp snooping vlan command is used to enable DHCP Snooping

function on a specified VLAN. To disable DHCP Snooping function on this

VLAN, please use no ip dhcp snooping vlan command.

Syntax

ip dhcp snooping vlan

no ip dhcp snooping vlan

Parameter

vlan-range

the format of 1-3, 5.

—— Specify the VLANs to enable the DHCP snooping function, in

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

vlan-range

Enable the DHCP Snooping function on VLAN 1,4,6-7:

T1600G-52TS(config)#ip dhcp snooping vlan 1,4,6-7

10.4 ip dhcp snooping information option

Description

The ip dhcp snooping information option command is used to enable the

Option 82 function of DHCP Snooping. To disable the Option 82 function,

please use no ip dhcp snooping information option command.

Syntax

ip dhcp snooping information option

no ip dhcp snooping information option

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

Enable the Option 82 function of DHCP Snooping on port 1/0/1:

T1600G-52TS(config)#interface gigabitEthernet 1/0/1

T1600G-52TS(config-if)#ip dhcp snooping information option

10.5 ip dhcp snooping information strategy

Description

The ip dhcp snooping information strategy command is used to select the

operation for the Option 82 field of the DHCP request packets from the Host.

To restore to the default option, please use no ip dhcp snooping information

Syntax

strategy command.

ip dhcp snooping information strategy

no ip dhcp snooping information strategy

strategy

Parameter

strategy

from the Host, including three types:

keep: Indicates to keep the Option 82 field of the packets. It is the default

option;

replace: Indicates to replace the Option 82 field of the packets with the

switch defined one;

drop: Indicates to discard the packets including the Option 82 field

—— The operations for Option 82 field of the DHCP request packets

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

Replace the Option 82 field of the packets with the switch defined one and

then send out on port 1/0/1:

T1600G-52TS(config)#interface gigabitEthernet 1/0/1

T1600G-52TS(config-if)#ip dhcp snooping information strategy replace

10.6 ip dhcp snooping information remote-id

Description

The ip dhcp snooping information remote-id command is used to configure

the customized sub-option Remote ID for the Option 82. To return to default

Remote ID for the Option 82, please use no ip dhcp snooping information

remote-id command.

Syntax

ip dhcp snooping information remote-id

string

no ip dhcp snooping information remote-id

Parameter

string

most.

—— Enter the sub-option Remote ID, which contains 64 characters at

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

Configure the customized sub-option Remote ID for the Option 82 as tplink

on port 1/0/1:

T1600G-52TS(config)#interface gigabitEthernet 1/0/1

T1600G-52TS(config-if)#ip dhcp snooping information remote-id tplink

10.7 ip dhcp snooping information circuit-id

Description

The ip dhcp snooping information circuit-id command is used to enable and

configure the customized sub-option Circuit ID for the Option 82 on a

specified port/port channel. To return to the default Circuit ID for the Option

82, please use no ip dhcp snooping information circuit-id command.

Syntax

ip dhcp snooping information circuit-id

no ip dhcp snooping information circuit-id

Parameter

string

most.

—— Enter the sub-option Circuit ID, which contains 64 characters at

Command Mode

string

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these commands.

Example

Enable and configure the customized sub-option Circuit ID for the Option 82

as “tplink” on port 1/0/1:

T1600G-52TS(config)#interface gigabitEthernet 1/0/1

T1600G-52TS(config-if)#ip dhcp snooping information circuit-id tplink

10.8 ip dhcp snooping trust

Description

The ip dhcp snooping trust command is used to configure a port to be a

Trusted Port. Only the Trusted Port can receive the DHCP packets from

DHCP servers. To turn the port back to a distrusted port, please use no ip

dhcp snooping trust command.

Syntax

ip dhcp snooping trust

no ip dhcp snooping trust

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the Gigabit Ethernet port 1/0/2 to be a Trusted Port:

T1600G-52TS(config)#interface gigabitEthernet 1/0/2

T1600G-52TS(config-if)#ip dhcp snooping trust

10.9 ip dhcp snooping mac-verify

Description

The ip dhcp snooping mac-verify command is used to enable the MAC

Verify feature. To disable the MAC Verify feature, please use no ip dhcp

snooping mac-verify command. There are two fields of the DHCP packet

containing the MAC address of the Host. The MAC Verify feature is to

compare the two fields and discard the packet if the two fields are different.

Syntax

ip dhcp snooping mac-verify

no ip dhcp snooping mac-verify

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable the MAC Verify feature for the Gigabit Ethernet port 10/2:

T1600G-52TS(config)#interface gigabitEthernet 1/0/2

T1600G-52TS(config-if)#ip dhcp snooping mac-verify

10.10 ip dhcp snooping limit rate

Description

The ip dhcp snooping limit rate command is used to enable the Flow Control

feature for the DHCP packets. The excessive DHCP packets will be discarded.

To restore to the default configuration, please use no ip dhcp snooping limit

rate command.

Syntax

ip dhcp snooping limit rate

no ip dhcp snooping limit rate

value

Parameter

value

(packet/second). The default value is 0, which stands for “disable”.

—— The value of Flow Control. The options are 5/10/15/20/25/30

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Set the Flow Control of GigabitEthernet port 2 as 20 pps:

T1600G-52TS(config)#interface gigabitEthernet 1/0/2

T1600G-52TS(config-if)#ip dhcp snooping limit rate 20

10.11 ip dhcp snooping decline rate

Description

The ip dhcp snooping decline rate command is used to enable the Decline

Protect feature and configure the rate limit on DHCP Decine packets. The

excessive DHCP Decline packets will be discarded. To disable the Decline

Protect feature, please use no ip dhcp snooping decline rate command.

Syntax

ip dhcp snooping decline rate

no ip dhcp snooping decline rate

Parameter

value

—— Specify the rate limit of DHCP Decline packets, and the optional

values are 0, 5, 10, 15, 20, 25 and 30 (units:packet/second). It default value is

0, which stands for “disable”.

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet / interface port-channel / interface range port-channel)

Privilege Requirement

value

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the rate limit of DHCP Decline packets as 20 packets per second

on Gigabit Ethernet port 1/0/2:

T1600G-52TS(config)#interface gigabitEthernet 1/0/2

T1600G-52TS(config-if)#ip dhcp snooping decline rate 20

10.12 show ip source binding

Description

The show ip source binding command is used to display the IP-MAC-VID-

PORT binding table.

Syntax

show ip source binding

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the IP-MAC-VID-PORT binding table:

T1600G-52TS(config)#show ip source binding

10.13 show ip dhcp snooping

Description

The show ip dhcp snooping command is used to display the running status

of DHCP Snooping.

Syntax

show ip dhcp snooping

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the running status of DHCP Snooping:

T1600G-52TS#show ip dhcp snooping

10.14 show ip dhcp snooping interface

Description

The show ip dhcp snooping interface command is used to display the DHCP

Snooping configuration of a desired Gigabit Ethernet port/LAG or of all

Ethernet ports/LAGs.

Syntax

show ip dhcp snooping interface [ gigabitEthernet

lagid

]

Parameters

port

—— The Ethernet port number.

lagid

—— The ID of the LAG.

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the DHCP Snooping configuration of all Ethernet ports and LAGs:

T1600G-52TS#show ip dhcp snooping interface

port

| port-channel

Display the DHCP Snooping configuration of Gigabit Ethernet port 1/0/5:

T1600G-52TS#show ip dhcp snooping interface gigabitEthernet 1/0/5

10.15 show ip dhcp snooping information

interface

Description

The show ip dhcp snooping information interface command is used to

display the DHCP snooping option 82 configuration of a desired Gigabit

Ethernet port/port channel or of all Ethernet ports/port channels.

Syntax

show ip dhcp snooping information interface [ gigabitEthernet

port-channel

port-channel-id

Parameters

port

—— The Ethernet port number.

port-channel-id

—— The ID of the port channel.

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the DHCP snooping option 82 configuration of all Ethernet ports and

port channels:

port

]

T1600G-52TS#show ip dhcp snooping information interface

Chapter 11 ARP Inspection Commands

ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP

cheating, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.

11.1 ip arp inspection(global)

Description

The ip arp inspection command is used to enable the ARP Detection

function globally. To disable the ARP Detection function, please use no ip arp

detection command.

Syntax

ip arp inspection

no ip arp inspection

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable the ARP Detection function globally:

T1600G-52TS(config)#ip arp inspection

11.2 ip arp inspection trust

Description

The ip arp inspection trust command is used to configure the port for which

the ARP Detect function is unnecessary as the Trusted Port. To clear the

Trusted Port list, please use no ip arp detection trust command .The specific

ports, such as up-linked port and routing port and LAG port, should be set as

Trusted Port. To ensure the normal communication of the switch, please

configure the ARP Trusted Port before enabling the ARP Detect function.

Syntax

ip arp inspection trust

no ip arp inspection trust

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Configure the Gigabit Ethernet ports 1/0/2-5 as the Trusted Port:

T1600G-52TS(config)#interface range gigabitEthernet 1/0/2-5

T1600G-52TS(config-if-range)#ip arp inspection trust

11.3 ip arp inspection(interface)

Description

The ip arp inspection command is used to enable the ARP Defend function.

To disable the ARP detection function, please use no ip arp inspection

command. ARP Attack flood produces lots of ARP Packets, which will occupy

the bandwidth and slow the network speed extremely. With the ARP Defend

enabled, the switch can terminate receiving the ARP packets for 300 seconds

when the transmission speed of the legal ARP packet on the port exceeds the

defined value so as to avoid ARP Attack flood.

Syntax

ip arp inspection

no ip arp inspection

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable the arp defend function for the Gigabit Ethernet ports 1/0/2-6:

T1600G-52TS(config)#interface range gigabitEthernet 1/0/2-6

T1600G-52TS(config-if-range)#ip arp inspection

11.4 ip arp inspection limit-rate

Description

The ip arp inspection limit-rate command is used to configure the ARP

speed of a specified port. To restore to the default speed, please use no ip

arp inspection limit-rate command.

Syntax

ip arp inspection limit-rate

no ip arp inspection limit-rate

Parameter

value

——The value to specify the maximum amount of the received ARP

packets per second, ranging from 10 to 100 in pps(packet/second). By

default, the value is 15.

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

value

commands.

Example

Configure the maximum amount of the received ARP packets per second as

50 pps for Gigabit Ethernet port 5:

T1600G-52TS(config)#interface gigabitEthernet 1/0/5

T1600G-52TS(config-if)#ip arp inspection limit-rate 50

11.5 ip arp inspection recover

Description

The ip arp inspection recover command is used to restore a port to the ARP

transmit status from the ARP filter status.

Syntax

ip arp inspection recover

Command Mode

Interface Configuration Mode (interface gigabitEthernet / interface range

gigabitEthernet)

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Restore Gigabit Ethernet port 1/0/5 to the ARP transmit status:

T1600G-52TS(config)#interface gigabitEthernet 1/0/5

T1600G-52TS(config-if)#ip arp inspection recover

11.6 show ip arp inspection

Description

The show ip arp inspection command is used to display the ARP detection

global configuration including the enable/disable status and the Trusted Port

list.

Syntax

show ip arp inspection

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the ARP detection configuration globally:

T1600G-52TS(config)#show ip arp inspection

11.7 show ip arp inspection interface

Description

The show ip arp inspection interface command is used to display the

interface configuration of ARP detection.

Syntax

show ip arp inspection interface [ gigabitEthernet

Parameter

port

——The Ethernet port number.

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the configuration of Gigabit Ethernet port 1/0/1:

T1600G-52TS(config)#show ip arp inspection interface gigabitEthernet

1/0/1

Display the configuration of all Ethernet ports:

port

]

T1600G-52TS(config)#show ip arp inspection interface

11.8 show ip arp inspection statistics

Description

The show ip arp inspection statistics command is used to display the

number of the illegal ARP packets received.

Syntax

show ip arp inspection statistics

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

None.

Example

Display the number of the illegal ARP packets received:

T1600G-52TS(config)#show ip arp inspection statistics

11.9 clear ip arp inspection statistics

Description

The clear ip arp inspection statistics command is used to clear the statistic

of the illegal ARP packets received.

Syntax

clear ip arp inspection statistics

Command Mode

Privileged EXEC Mode and Any Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Clear the statistic of the illegal ARP packets received:

T1600G-52TS(config)#clear ip arp inspection statistics

Chapter 12 DoS Defend Commands

DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network

attackers or the evil programs sending a lot of service requests to the Host. With the DoS

Defend enabled, the switch can analyze the specific field of the received packets and provide

the defend measures to ensure the normal working of the local network.

12.1 ip dos-prevent

Description

The ip dos-prevent command is used to enable the DoS defend function

globally. To disable the DoS defend function, please use no ip dos-prevent

command.

Syntax

ip dos-prevent

no ip dos-prevent

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable the DoS defend function globally:

T1600G-52TS(config)#ip dos-prevent

12.2 ip dos-prevent type

Description

The ip dos-prevent type command is used to select the DoS Defend Type.

To disable the corresponding Defend Type, please use no ip dos-prevent

type command.

TP-Link T1600-28TS, T1600G-52TS, T1600G-28PS, T1600G-52PS Cli Reference Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Chapter 1 Using the CLI

1.1 Accessing the CLI

1.1.1 Logon by Telnet

1.1.2 Logon by SSH

1.2 CLI Command Modes

1.3 Privilege Restrictions

1.4 Conventions

1.4.1 Format Conventions

1.4.2 Special Characters

1.4.3 Parameter Format

Chapter 2 User Interface

2.1 enable

2.2 service password-encryption

2.3 enable password

2.4 enable secret

2.5 configure

2.6 exit

2.7 end

2.8 history

2.9 history clear

Chapter 3 IEEE 802.1Q VLAN Commands

3.1 vlan

3.2 interface vlan

3.3 name

3.4 switchport general allowed vlan

3.5 switchport pvid

3.6 show vlan summary

3.7 show vlan brief

3.8 show vlan

3.9 show interface switchport

Chapter 4 MAC-based VLAN Commands

4.1 mac-vlan mac-address

4.2 mac-vlan

4.3 show mac-vlan

4.4 show mac-vlan interface

Chapter 5 Protocol VLAN Commands

5.1 protocol-vlan template

5.2 protocol-vlan vlan

5.3 protocol-vlan group

5.4 show protocol-vlan template

5.5 show protocol-vlan vlan

Chapter 6 Voice VLAN Commands

6.1 voice vlan

6.2 voice vlan aging

6.3 voice vlan priority

6.4 voice vlan mac-address

6.5 switchport voice vlan mode

6.6 switchport voice vlan security

6.7 show voice vlan

6.8 show voice vlan oui

6.9 show voice vlan switchport

Chapter 7 Etherchannel Commands

7.1 channel-group

7.2 port-channel load-balance

7.3 lacp system-priority

7.4 lacp port-priority

7.5 show etherchannel

7.6 show etherchannel load-balance

7.7 show lacp

7.8 show lacp sys-id

Chapter 8 User Management Commands

8.1 user name (password)

8.2 user name (secret)

8.3 user access-control ip-based

8.4 user access-control mac-based

8.5 user access-control port-based

8.6 telnet

8.7 show user account-list

8.8 show user configuration

8.9 show telnet-status

Chapter 9 HTTP and HTTPS Commands

9.1 ip http server

9.2 ip http max-users

9.3 ip http session timeout

9.4 ip http secure-server

9.5 ip http secure-protocol