TL-SG3210/TL-SG3216/TL-SG3424
JetStream L2 Managed Switch
REV1.1.0
1910010717
COPYRIGHT & TRADEMARKS
Specifications are subject to change without notice. is a registered trademark of
TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or
registered trademarks of their respective holders.
No part of the specifications may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from TP-LINK
TECHNOLOGIES CO., LTD. Copyright © 2013 TP-LINK TECHNOLOGIES CO., LTD. All rights
reserved.
http://www.tp-link.com
I
CONTENTS
Preface ....................................................................................................................... 1
Chapter 1 Using the CLI......................................................................................... 4
1.1 Accessing the CLI ...........................................................................................................4
1.1.1 Logon by a console port .......................................................................................4
1.1.2 Logon by Telnet ....................................................................................................6
1.2 CLI Command Modes ................................................................................................... 11
1.3 Security Levels .............................................................................................................12
1.4 Conventions..................................................................................................................13
1.4.1 Format Conventions ...........................................................................................13
1.4.2 Special Characters .............................................................................................13
1.4.3 Parameter Format ..............................................................................................13
Chapter 2 User Interface...................................................................................... 15
enable....................................................................................................................................15
enable password ...................................................................................................................15
disable ...................................................................................................................................16
configure................................................................................................................................16
exit.........................................................................................................................................16
end ........................................................................................................................................17
Chapter 3 IEEE 802.1Q VLAN Commands.......................................................... 18
vlan........................................................................................................................................18
interface vlan .........................................................................................................................18
name .....................................................................................................................................19
switchport mode ....................................................................................................................19
switchport access vlan...........................................................................................................20
switchport trunk allowed vlan.................................................................................................20
switchport general allowed vlan.............................................................................................21
switchport pvid.......................................................................................................................22
show vlan summary............................................................................................................... 22
show vlan brief ......................................................................................................................23
show vlan ..............................................................................................................................23
Chapter 4 MAC-based VLAN Commands............................................................ 24
mac-vlan mac-address .......................................................................................................... 24
show mac-vlan ......................................................................................................................24
II
Chapter 5 Protocol-based VLAN Commands....................................................... 26
protocol-vlan template ........................................................................................................... 26
protocol-vlan vlan ..................................................................................................................27
protocol-vlan group................................................................................................................27
show protocol-vlan template..................................................................................................28
show protocol-vlan vlan .........................................................................................................28
Chapter 6 Voice VLAN Commands ...................................................................... 29
voice vlan ..............................................................................................................................29
voice vlan aging time.............................................................................................................29
voice vlan priority................................................................................................................... 30
voice vlan mac-address.........................................................................................................30
switchport voice vlan mode ...................................................................................................31
switchport voice vlan security ................................................................................................32
show voice vlan .....................................................................................................................32
show voice vlan oui ...............................................................................................................33
show voice vlan switchport ....................................................................................................33
Chapter 7 GVRP Commands............................................................................... 34
gvrp(global) ...........................................................................................................................34
gvrp(interface) .......................................................................................................................34
gvrp registration.....................................................................................................................35
gvrp timer ..............................................................................................................................35
show gvrp global ...................................................................................................................36
show gvrp interface ...............................................................................................................37
Chapter 8 Etherchannel Commands .................................................................... 38
channel-group .......................................................................................................................38
port-channel load-balance .....................................................................................................39
lacp system-priority ...............................................................................................................39
lacp port-priority.....................................................................................................................40
show etherchannel ................................................................................................................40
show etherchannel load-balance...........................................................................................41
show lacp ..............................................................................................................................41
show lacp sys-id ....................................................................................................................42
Chapter 9 User Manage Commands.................................................................... 43
user .......................................................................................................................................43
user access-control ip-based.................................................................................................44
III
user access-control mac-based.............................................................................................44
user access-control port-based .............................................................................................45
user max-number ..................................................................................................................46
user idle-timeout....................................................................................................................46
line.........................................................................................................................................47
password ...............................................................................................................................48
login.......................................................................................................................................48
login local ..............................................................................................................................49
show user account-list...........................................................................................................49
show user configuration.........................................................................................................50
Chapter 10 Binding Table Commands.................................................................... 51
ip source binding ...................................................................................................................51
ip dhcp snooping ...................................................................................................................52
ip dhcp snooping global.........................................................................................................52
ip dhcp snooping information option......................................................................................53
ip dhcp snooping information strategy ...................................................................................54
ip dhcp snooping information remote-id.................................................................................55
ip dhcp snooping information circuit-id ..................................................................................55
ip dhcp snooping trust ...........................................................................................................56
ip dhcp snooping mac-verify..................................................................................................56
ip dhcp snooping limit rate.....................................................................................................57
ip dhcp snooping decline .......................................................................................................58
show ip source binding..........................................................................................................58
show ip dhcp snooping ..........................................................................................................59
show ip dhcp snooping information .......................................................................................59
show ip dhcp snooping interface gigabitEthernet ..................................................................59
Chapter 11 ARP Inspection Commands................................................................. 61
ip arp inspection(global) ........................................................................................................61
ip arp inspection trust ............................................................................................................61
ip arp inspection(interface) .................................................................................................... 62
ip arp inspection limit-rate......................................................................................................63
ip arp inspection recover .......................................................................................................63
show ip arp inspection...........................................................................................................64
show ip arp inspection interface ............................................................................................64
show ip arp inspection statistics ............................................................................................65
clear ip arp inspection statistics.............................................................................................65
IV
Chapter 12 DoS Defend Command ....................................................................... 66
ip dos-prevent........................................................................................................................ 66
ip dos-prevent type................................................................................................................66
show ip dos-prevent ..............................................................................................................67
Chapter 13 IEEE 802.1X Commands..................................................................... 68
dot1x system-auth-control ..................................................................................................... 68
dot1x auth-method ................................................................................................................68
dot1x guest-vlan(global) ........................................................................................................69
dot1x quiet-period.................................................................................................................. 70
dot1x timeout.........................................................................................................................70
dot1x max-reauth-req ............................................................................................................ 71
dot1x......................................................................................................................................71
dot1x guest-vlan(interface) ....................................................................................................72
dot1x port-control ..................................................................................................................72
dot1x port-method .................................................................................................................73
radius.....................................................................................................................................74
radius server-account ............................................................................................................75
show dot1x global.................................................................................................................. 75
show dot1x interface .............................................................................................................76
show radius accounting.........................................................................................................76
show radius authentication ....................................................................................................77
Chapter 14 System Log Commands ...................................................................... 78
logging buffer.........................................................................................................................78
logging file flash.....................................................................................................................79
clear logging ..........................................................................................................................79
logging host index .................................................................................................................80
show logging local-config ......................................................................................................81
show logging loghost.............................................................................................................81
show logging buffer ...............................................................................................................81
show logging flash.................................................................................................................82
Chapter 15 SSH Commands.................................................................................. 83
ip ssh server ..........................................................................................................................83
ip ssh version ........................................................................................................................83
ip ssh timeout ........................................................................................................................84
ip ssh max-client....................................................................................................................84
V
ip ssh download.....................................................................................................................85
show ip ssh............................................................................................................................85
Chapter 16 SSL Commands .................................................................................. 87
ip http secure-server..............................................................................................................87
ip http secure-server download certificate ............................................................................. 87
ip http secure-server download key.......................................................................................88
show ip http secure-server ....................................................................................................89
Chapter 17 MAC Address Commands ................................................................... 90
mac address-table static........................................................................................................90
mac address-table aging-time ...............................................................................................91
mac address-table filtering ....................................................................................................91
mac address-table max-mac-count .......................................................................................92
show mac address-table address..........................................................................................93
show mac address-table aging-time......................................................................................93
show mac address-table max-mac-count interface gigabitEthernet ......................................94
show mac address-table interface gigabitEthernet................................................................94
show mac address-table mac-num........................................................................................ 95
show mac address-table mac................................................................................................95
show mac address-table vlan ................................................................................................96
Chapter 18 System Configuration Commands ....................................................... 97
system-time manual ..............................................................................................................97
system-time ntp .....................................................................................................................97
system-time dst predefined ...................................................................................................99
system-time dst date .............................................................................................................99
system-time dst recurring .................................................................................................... 100
hostname.............................................................................................................................101
location ................................................................................................................................102
contact-info..........................................................................................................................102
reset ....................................................................................................................................103
reboot ..................................................................................................................................103
copy running-config startup-config ......................................................................................103
copy startup-config tftp ........................................................................................................ 104
copy tftp startup-config ........................................................................................................ 104
firmware upgrade ................................................................................................................105
ping .....................................................................................................................................105
tracert ..................................................................................................................................106
VI
loopback interface ...............................................................................................................107
show system-time................................................................................................................107
show system-time dst..........................................................................................................108
show system-time ntp.......................................................................................................... 108
show system-info................................................................................................................. 109
show cable-diagnostics interface.........................................................................................109
Chapter 19 Ethernet Configuration Commands ....................................................110
interface gigabitEthernet...................................................................................................... 110
interface range gigabitEthernet ........................................................................................... 110
description ........................................................................................................................... 111
shutdown ............................................................................................................................. 111
flow-control .......................................................................................................................... 112
duplex.................................................................................................................................. 112
speed................................................................................................................................... 113
storm-control broadcast.......................................................................................................114
storm-control multicast ........................................................................................................114
storm-control unicast ........................................................................................................... 115
bandwidth ............................................................................................................................ 116
clear counters......................................................................................................................116
show interface status........................................................................................................... 117
show interface counters....................................................................................................... 117
show interface description ................................................................................................... 118
show interface flowcontrol ................................................................................................... 118
show interface configuration................................................................................................119
show storm-control .............................................................................................................. 119
show bandwidth................................................................................................................... 120
Chapter 20 QoS Commands .................................................................................121
qos ......................................................................................................................................121
qos dscp..............................................................................................................................121
qos queue cos-map.............................................................................................................122
qos queue dscp-map...........................................................................................................123
qos queue mode.................................................................................................................. 124
show qos interface ..............................................................................................................125
show qos cos-map ..............................................................................................................125
show qos dscp-map ............................................................................................................126
show qos queue mode ........................................................................................................126
VII
show qos status...................................................................................................................127
Chapter 21 Port Mirror Commands .......................................................................128
monitor session destination interface ..................................................................................128
monitor session source interface.........................................................................................129
show monitor session..........................................................................................................130
Chapter 22 Port isolation Commands ...................................................................131
port isolation ........................................................................................................................131
show port isolation interface ................................................................................................131
Chapter 23 Loopback Detection Commands ........................................................133
loopback-detection(global) ..................................................................................................133
loopback-detection interval..................................................................................................133
loopback-detection recovery-time........................................................................................ 134
loopback-detection(interface) ..............................................................................................134
loopback-detection config....................................................................................................135
loopback-detection recover .................................................................................................135
show loopback-detection global ..........................................................................................136
show loopback-detection interface ......................................................................................136
Chapter 24 ACL Commands .................................................................................138
time-range ...........................................................................................................................138
absolute...............................................................................................................................138
periodic................................................................................................................................139
holiday.................................................................................................................................140
holiday(global) .....................................................................................................................140
access-list create.................................................................................................................141
mac access-list....................................................................................................................141
access-list standard............................................................................................................. 142
access-list extended............................................................................................................143
rule ......................................................................................................................................144
access-list policy name........................................................................................................145
access-list policy action.......................................................................................................146
redirect interface..................................................................................................................146
redirect vlan.........................................................................................................................147
s-condition ...........................................................................................................................147
s-mirror ................................................................................................................................148
qos-remark ..........................................................................................................................148
VIII
access-list bind(interface)....................................................................................................149
access-list bind(vlan) ...........................................................................................................150
show time-range..................................................................................................................150
show holiday........................................................................................................................150
show access-list ..................................................................................................................151
show access-list policy ........................................................................................................151
show access-list bind ..........................................................................................................152
Chapter 25 MSTP Commands ..............................................................................153
spanning-tree(global)...........................................................................................................153
spanning-tree(interface) ......................................................................................................153
spanning-tree common-config .............................................................................................154
spanning-tree mode.............................................................................................................155
spanning-tree mst configuration ..........................................................................................155
instantce..............................................................................................................................156
name ...................................................................................................................................157
revision ................................................................................................................................157
spanning-tree mst instance .................................................................................................158
spanning-tree mst................................................................................................................ 158
spanning-tree priority........................................................................................................... 159
spanning-tree tc-defend.......................................................................................................160
spanning-tree timer..............................................................................................................160
spanning-tree hold-count.....................................................................................................161
spanning-tree max-hops......................................................................................................162
spanning-tree bpdufilter.......................................................................................................162
spanning-tree bpduguard ....................................................................................................163
spanning-tree guard loop.....................................................................................................163
spanning-tree guard root .....................................................................................................164
spanning-tree guard tc.........................................................................................................164
spanning-tree mcheck ......................................................................................................... 165
show spanning-tree active...................................................................................................165
show spanning-tree bridge ..................................................................................................166
show spanning-tree interface ..............................................................................................166
show spanning-tree interface-security.................................................................................167
show spanning-tree mst ......................................................................................................168
Chapter 26 IGMP Commands ...............................................................................169
ip igmp snooping(global) .....................................................................................................169
IX
ip igmp snooping(interface) ................................................................................................. 169
ip igmp snooping immediate-leave ......................................................................................170
ip igmp snooping drop-unknown.......................................................................................... 170
ip igmp snooping vlan-config ...............................................................................................171
ip igmp snooping multi-vlan-config ......................................................................................172
ip igmp snooping filter add-id...............................................................................................173
ip igmp snooping filter(global)..............................................................................................174
ip igmp snooping filter(interface) .........................................................................................174
ip igmp snooping filter maxgroup......................................................................................... 175
ip igmp snooping filter mode................................................................................................175
show ip igmp snooping........................................................................................................176
show ip igmp snooping interface .........................................................................................176
show ip igmp snooping vlan ................................................................................................177
show ip igmp snooping multi-vlan........................................................................................ 178
show ip igmp snooping groups ............................................................................................178
show ip igmp snooping filter ................................................................................................ 179
Chapter 27 SNMP Commands..............................................................................180
snmp-server ........................................................................................................................180
snmp-server view ................................................................................................................180
snmp-server group ..............................................................................................................181
snmp-server user ................................................................................................................182
snmp-server community ...................................................................................................... 184
snmp-server host................................................................................................................. 184
snmp-server engineID ......................................................................................................... 186
rmon history.........................................................................................................................186
rmon event ..........................................................................................................................187
rmon alarm ..........................................................................................................................188
show snmp-server ...............................................................................................................190
show snmp-server view .......................................................................................................190
show snmp-server group .....................................................................................................190
show snmp-server user ....................................................................................................... 191
show snmp-server community.............................................................................................191
show snmp-server host .......................................................................................................192
show snmp-server engineID................................................................................................192
show rmon history ...............................................................................................................192
show rmon event .................................................................................................................193
show rmon alarm.................................................................................................................193
X
Chapter 28 Cluster Commands.............................................................................195
cluster ndp...........................................................................................................................195
cluster ntdp..........................................................................................................................196
cluster explore .....................................................................................................................197
cluster..................................................................................................................................197
cluster candidate .................................................................................................................198
cluster individual..................................................................................................................198
show cluster ndp..................................................................................................................199
show cluster ntdp.................................................................................................................199
show cluster neighbour........................................................................................................200
show cluster manage role....................................................................................................200
XI
Preface
This Guide is intended for network administrator to provide referenced information about CLI
(Command Line Interface). The switch or TL-SG3210/TL-SG3216/TL-SG3424 mentioned in this
Guide stands for TL-SG3210/TL-SG3216/TL-SG3424 JetStream L2 Managed Switch without any
explanation.
The three devices of TL-SG3210, TL-SG3216 and TL-SG3424 are sharing this Guide. For
simplicity, we will take TL-SG3424 for example throughout this Guide. TL-SG3210, TL-SG3216
and TL-SG3424 just differ in the number of LED indicators and ports and all figures in this guide
are of TL-SG3424.
Overview of this Guide
Chapter 1: Using the CLI
Provide information about how to use the CLI, CLI Command Modes, Security Levels and some
Conventions.
Chapter 2: User Interface
Provide information about the commands used to switch between five CLI Command Modes.
Chapter 3: IEEE 802.1Q VLAN Commands
Provide information about the commands used for configuring IEEE 802.1Q VLAN.
Chapter 4: MAC-Based VLAN Commands
Provide information about the commands used for configuring MAC-Based VLAN.
Chapter 5: Protocol-Based VLAN Commands
Provide information about the commands used for configuring Protocol-Based VLAN.
Chapter 6: Voice VLAN Commands
Provide information about the commands used for configuring Voice VLAN.
Chapter 7: GVRP Commands
Provide information about the commands used for configuring GVRP (GARP VLAN registration
protocol).
Chapter 8: Etherchannel Commands
Provide information about the commands used for configuring LAG (Link Aggregation Group) and
LACP (Link Aggregation Control Protocol).
Chapter 9: User Manage Commands
Provide information about the commands used for user management.
Chapter 10: Binding Table Commands
Provide information about the commands used for binding the IP address, MAC address, VLAN
and the connected Port number of the Host together. Besides it also provide information about the
1
commands used for monitoring the process of the Host obtaining the IP address from DHCP
server, and record the IP address, MAC address, VLAN and the connected Port number of the
Host for automatic binding.
Chapter 11: ARP Inspection Commands
Provide information about the commands used for protecting the switch from the ARP cheating or
ARP Attack.
Chapter 12: DoS Defend Command
Provide information about the commands used for DoS defend and detecting the DoS attack.
Chapter 13: IEEE 802.1X Commands
Provide information about the commands used for configuring IEEE 802.1X function.
Chapter 14: System Log Commands
Provide information about the commands used for configuring system log.
Chapter 15: SSH Commands
Provide information about the commands used for configuring and managing SSH (Security
Shell).
Chapter 16: SSL Commands
Provide information about the commands used for configuring and managing SSL (Secure
Sockets Layer).
Chapter 17: MAC Address Commands
Provide information about the commands used for Address configuration.
Chapter 18: System Configuration Commands
Provide information about the commands used for configuring the System information and System
IP, reboot and reset the switch, upgrade the switch system and commands used for device
diagnose, including loopback test and cable test.
Chapter 19: Ethernet Configuration Commands
Provide information about the commands used for configuring the Bandwidth Control, Negotiation
Mode, and Storm Control for Ethernet ports.
Chapter 20: QoS Commands
Provide information about the commands used for configuring the QoS function.
Chapter 21: Port Mirror Commands
Provide information about the commands used for configuring the Port Mirror function.
Chapter 22: Port Isolation Commands
Provide information about the commands used for configuring the Port Isolation function.
Chapter 23: Loopback Detection Commands
2
Provide information about the commands used for configuring the Loopback Detection function.
Chapter 24: ACL Commands
Provide information about the commands used for configuring the ACL (Access Control List).
Chapter 25: MSTP Commands
Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree
Protocol).
Chapter 26: IGMP Commands
Provide information about the commands used for configuring the IGMP Snooping (Internet Group
Management Protocol Snooping).
Chapter 27: SNMP Commands
Provide information about the commands used for configuring the SNMP (Simple Network
Management Protocol) functions.
Chapter 28: Cluster Commands
Provide information about the commands used for configuring the Cluster Management function.
3
Chapter 1 Using the CLI
1.1 Accessing the CLI
You can log on to the switch and access the CLI by the following two methods:
1. Log on to the switch by the console port on the switch.
2. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port.
1.1.1 Logon by a console port
To log on to the switch by the console port on the switch, please take the following steps:
1. Connect the PCs or Terminals to the console port on the switch by a provided cable.
2. Click Start →
open the Hyper Terminal as the Figure 1-1 shown.
All Programs → Accessories→ Communications → Hyper Terminal to
Figure 1-1 Open
3. The Connection Description Window will prompt as Figure 1-2 shown. Enter a name into
the Name field and click OK.
Hyper Terminal
4
Figure 1-2 Connection Description
4. Select the port to connect in Figure 1-3, and click OK.
Figure 1-3 Select the port to connect
5. Configure the port selected in the step above as the following Figure 1-4 shown.
Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1,
Flow control as None, and then click OK.
5
Figure 1-4 Port Settings
6. The DOS prompt” TL-SG3424>” will appear after pressing the Enter button as Figure 1-5
shown. It indicates that you can use the CLI now.
Figure 1-5 Log in the Switch
1.1.2 Logon by Telnet
To successfully create Telnet connection, firstly CLI commands about configuring Telnet login
mode, login authentication information and Privileged EXEC Mode password should be configured
through Console connection.
Telnet login has the following two modes, you can choose one according to your needs:
Login local Mode: It requires username and password, which are both admin by default.
Login Mode: It requires no username and password, but a connection password is required.
6
Note:
1. Before Telnet login, you are required to configure Telnet login mode and login
authentication information through Console connection. The relevant CLI commands
should be entered in the prompted DOS screen shown in Figure 1-5 Log in the Switch
.
2. You will enter to User EXEC Mode after Telnet connection is successfully created, but for
switch security concerns, you are required to set a password which functions to further
access to Privileged EXEC Mode when you configure the login mode.
¾ Login Local Mode
Firstly, configure the Telnet login mode as “login local” and set the password for entering into the
Privileged EXEC Mode as 123 in the prompted DOS screen shown in Figure 1-6.
Figure 1-6 Configure login local mode
Now, you can logon by Telnet in login local mode.
1. Make sure the switch and the PC are in the same LAN. Click Start → Run to open the Run
window, and type cmd in the prompt Run window as Figure 1-7 and click OK.
Figure 1-7 Run Window
7
2. Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-8, and
press the Enter button.
Figure 1-8 Connecting to the Switch
3. Type the default user name and password admin/admin, then press the Enter button so as to
enter User EXEC Mode.
Figure 1-9 Enter into the User EXEC Mode
Now you can manage your switch with CLI commands through Telnet connection.
4. Type enable command to enter Privileged EXEC Mode. A password that you have set
through Console port connection is required. Here the password is set as 123.
8
Figure 1-10 Enter into the Privileged EXEC Mode
¾ Login Mode
Firstly configure the Telnet login mode as “login”, and both the connection password and the
Privileged EXEC Mode password as 123 in the prompted DOS screen shown in Figure 1-11.
Figure 1-11 Configure login mode
Now, you can logon by Telnet in login mode:
1. Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-12, and
press the Enter button.
9
Figure 1-12 Connecting to the Switch
2. You are prompted to enter the connection password 123 you have set through Console port
connection, and then you are in User EXEC Mode.
Figure 1-13 Enter into the User EXEC Mode
3. When entering enable command to access Privileged EXEC Mode, you are required to give
the password 123 you have set through Console port connection.
Figure 1-14 Enter into the Privileged EXEC Mode
10
Now you can manage your switch with CLI commands through Telnet connection.
Note:
You can refer to Chapter 9 User Manage Commands for detailed commands information of the
Telnet connection configuration.
1.2 CLI Command Modes
The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode,
Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.
Interface Configuration Mode can also be divided into Interface gigabitEthernet, Interface
link-aggregation and some other modes, which is shown as the following diagram.
The following table gives detailed information about the Accessing path, Prompt of each mode and
how to exit the current mode and access the next mode.
Mode Accessing Path Prompt Logout or Access the next mode
Use the exit command to disconnect the
User EXEC
Mode
Privileged
EXEC Mode
Global
Configuration
Mode
Primary mode once it
is connected with the
switch.
Use the enable
command to enter this
mode from User EXEC
mode.
Use the configure
command to enter this
mode from Privileged
EXEC mode.
TL-SG3424>
TL-SG3424#
TL-SG3424(config)#
switch (except that the switch is
connected through the Console port).
Use the enable command to access
Privileged EXEC mode.
Use the exit command to disconnect the
switch (except that the switch is
connected through the Console port).
Enter the disable command to return to
User EXEC mode.
Enter configure command to access
Global Configuration mode.
Use the exit or the end command or
press Ctrl+Z to return to Privileged
EXEC mode.
Use the interface gigabitEthernet port
or interface range gigabitEthernet
port-list command to access interface
Configuration mode.
Use the vlan vlan-list to access VLAN
Configuration mode.
Interface
Configuration
Mode
Use the interface
gigabitEthernet port
or interface range
gigabitEthernet
port-list command to
enter this mode from
Global Configuration
mode.
TL-SG3424(config-if)
# or
TL-SG3424(config-if-
range)#
11
Use the end command or press Ctrl+Z
to return to Privileged EXEC mode.
Enter the exit or the # command to
return to Global Configuration mode.
A port number must be specified in the
interface command.
VLAN
Configuration
Mode
Use the vlan vlan-list
command to enter this
mode from Global
Configuration mode.
TL-SG3424(config-
vlan)#
Use the end command or press Ctrl+Z
to return to Privileged EXEC mode.
Enter the exit or the # command to
return to Global configuration mode.
Note:
1. The user is automatically in User EXEC Mode after the connection between the PC and
the switch is established by a console port or by a telnet connection.
2. Each command mode has its own set of specific commands. To configure some
commands, you should access the corresponding command mode firstly.
z Global Configuration Mode: In this mode, global commands are provided, such as
the Spanning Tree, Schedule Mode and so on.
z Interface Configuration Mode: In this mode, users can configure one or several
ports, different ports corresponds to different commands
a). Interface gigabitEthernet: Configure parameters for an Ethernet port, such as
Duplex-mode, flow control status.
b). Interface range gigabitEthernet: The commands contained are the same as that
of the Interface Ethernet. Configure parameters for several Ethernet ports.
c). Interface link-aggregation: Configure parameters for a link-aggregation, such as
broadcast storm.
d). Interface range link-aggregation: Configure parameters for multi-trunks.
e). Interface vlan: Configure parameters for the vlan-port.
z Vlan Configuration Mode: In this mode, users can create a VLAN and add a
specified port to the VLAN.
3. Some commands are global, that means they can be performed in all modes:
z show: Displays all information of switch, for example: statistic information, port
information, VLAN information.
z history: Displays the commands history.
1.3 Security Levels
This switch’s security is divided into two levels: User level and Admin level.
User level only allows users to do some simple operations in User EXEC Mode; Admin level
allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global
Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.
12
Users get the privilege to the User level once connecting console port with the switch or logging in
by Telnet. However, Guest users are restricted to access the CLI.
Users can enter Privileged EXEC mode from User EXEC mode by using the enable command. In
default case, no password is needed. In Global Configuration Mode, you can configure password
for Admin level by enable password command. Once password is configured, you are required to
enter it to access Privileged EXEC mode.
1.4 Conventions
1.4.1 Format Conventions
The following conventions are used in this Guide:
¾ Items in square brackets [ ] are optional
¾ Items in braces { } are required
¾ Alternative items are grouped in braces and separated by vertical bars. For example: speed
{10 | 100 | 1000 }
¾ Bold indicates an unalterable keyword. For example: show logging
¾ Normal Font indicates a constant (several options are enumerated and only one can be
selected). For example: switchport type { access | trunk | general }
¾ Italic Font indicates a variable (an actual value must be assigned). For example: bridge
aging-time aging-time
1.4.2 Special Characters
You should pay attentions to the description below if the variable is a character string:
¾ These six characters ” < > , \ & can not be input.
¾ If a blank is contained in a character string, single or double quotation marks should be used,
for example ’hello world’, ”hello world”, and the words in the quotation marks will be identified
as a string. Otherwise, the words will be identified as several strings.
1.4.3 Parameter Format
Some parameters must be entered in special formats which are shown as follows:
¾ MAC Address must be entered in the format of xx:xx:xx:xx:xx:xx
¾ One or several values can be typed for a port-list or a vlan-list using comma to separate. Use
a hyphen to designate a range of values, for instance 1, 3-5,7 indicates choosing 1,3,4,5,7.
13
¾ The port number should format as 1/0/3, meaning unit/slot/port. The unit number is always 1,
and slot number is always 0 and the port number is a variable (an actual value must be
assigned).
14
Chapter 2 User Interface
enable
Description
The enable command is used to access Privileged EXEC Mode from User
EXEC Mode.
Syntax
enable
Command Mode
User EXEC Mode
Example
If you have set the password to access Privileged EXEC Mode from User EXEC
Mode:
TL-SG3424> enable
Enter password:
TL-SG3424#
enable password
Description
The enable password command is used to set the password for users to
access Privileged EXEC Mode from User EXEC Mode. To return to the default
configuration, please use no enable password command.
Syntax
enable password password
no enable password
Parameter
password —— super password , which contains 16 characters at most,
composing digits, English letters and underdashes only. By default, it is empty.
Command Mode
Global Configuration Mode
Example
Set the super password as admin to access Privileged EXEC Mode from User
EXEC Mode:
TL-SG3424(config)# enable password admin
15
disable
Description
Syntax
Command Mode
Example
The disable command is used to return to User EXEC Mode from Privileged
EXEC Mode.
disable
Privileged EXEC Mode
Return to User EXEC Mode from Privileged EXEC Mode:
TL-SG3424# disable
TL-SG3424>
configure
Description
Syntax
Command Mode
Example
The configure command is used to access Global Configuration Mode from
Privileged EXEC Mode.
configure
Privileged EXEC Mode
Access Global Configuration Mode from Privileged EXEC Mode:
TL-SG3424# configure
TL-SG3424(config)#
exit
Description
The exit command is used to return to the previous Mode from the current
Mode.
Syntax
exit
16
end
Command Mode
Any Configuration Mode
Example
Return to Global Configuration Mode from Interface Configuration Mode, and
then return to Privileged EXEC Mode:
TL-SG3424(config-if)# exit
TL-SG3424(config)# exit
TL-SG3424#
Description
The end command is used to return to Privileged EXEC Mode.
Syntax
end
Command Mode
Any Configuration Mode
Example
Return to Privileged EXEC Mode from Interface Configuration Mode:
TL-SG3424(config-if)# end
TL-SG3424#
17
Chapter 3 IEEE 802.1Q VLAN Commands
VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into
multiple logical LANs flexibly. Hosts in the same VLAN can communicate with each other,
regardless of their physical locations. VLAN can enhance performance by conserving bandwidth,
and improve security by limiting traffic to specific domains.
vlan
Description
The vlan command is used to create IEEE 802.1Q VLAN and enter VLAN
Configuration Mode. To delete the IEEE 802.1Q VLAN, please use no vlan
command.
Syntax
vlan vlan-list
no vlan vlan-list
Parameter
vlan-list —— Specify IEEE 802.1Q VLAN ID list, ranging from 2 to 4094, in the
format of 2-3, 5. It is multi-optional.
Command Mode
Global Configuration Mode
Example
Create VLAN 2-10 and VLAN 100:
TL-SG3424(config)# vlan 2-10,100
Delete VLAN 2:
TL-SG3424(config)# no vlan 2
interface vlan
Description
The interface vlan command is used to create VLAN Interface and enter
Interface VLAN Mode. To delete VLAN Interface, please use no interface vlan
command.
Syntax
interface vlan vlan-id
no interface vlan vlan-id
18
Parameter
Command Mode
Example
name
Description
Syntax
vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.
Global Configuration Mode
Create VLAN Interface 2:
TL-SG3424(config)# interface vlan 2
The name command is used to assign a description to a VLAN. To clear the
description, please use no name command.
name descript
no name
Parameter
descript ——String to describe the VLAN, which contains 16 characters at most.
Command Mode
VLAN Configuration Mode(VLAN)
Example
Specify the name of VLAN 2 as “group1”:
TL-SG3424(config)# vlan 2
TL-SG3424(config-vlan)# name group1
switchport mode
Description
The switchport mode command is used to configure the Link Type for the
ports.
Syntax
switchport mode { access | trunk | general }
Parameter
access | trunk | general —— Link Types. There are three Link Types for the
ports.
19
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Specify the Link Type of port 3 as trunk:
TL-SG3424(config)# interface gigabitEthernet 1/0/3
TL-SG3424(config-if)# switchport mode trunk
switchport access vlan
Description
The switchport access vlan command is used to add the desired Access port
to IEEE 802.1Q VLAN. To remove the specified port/ports from the
corresponding VLAN, please use no switchport access vlan command.
Syntax
switchport access vlan vlan-id
no switchport access vlan
Parameter
vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 2 to 4094.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Specify the Link Type of port 3 as access and add it to VLAN 2:
TL-SG3424(config)# interface gigabitEthernet 1/0/3
TL-SG3424(config-if)# switchport mode access
TL-SG3424(config-if)# switchport access vlan 2
switchport trunk allowed vlan
Description
The switchport trunk allowed vlan command is used to add the desired Trunk
port to IEEE 802.1Q VLAN. To delete the corresponding VLAN/VLANs, please
use no switchport trunk allowed vlan command.
Syntax
switchport trunk allowed vlan vlan-list
20
no switchport trunk allowed vlan vlan-list
Parameter
vlan-list —— Specify IEEE 802.1Q VLAN ID list, ranging from 2 to 4094, in the
format of 2-3, 5. It is multi-optional.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Specify the Link Type of port 2 as trunk and add it to VLAN 2:
TL-SG3424(config)# interface gigabitEthernet 1/0/2
TL-SG3424(config-if)# switchport mode trunk
TL-SG3424(config-if)# switchport trunk allowed vlan 2
switchport general allowed vlan
Description
The switchport general allowed vlan command is used to add the desired
General port to IEEE 802.1Q VLAN and specify the egress rule. To delete the
corresponding VLAN/VLANs, please use no switchport general allowed vlan
command.
Syntax
switchport general allowed vlan vlan-list { tagged | untagged }
no switchport general allowed vlan vlan-list
Parameter
vlan-list —— Specify IEEE 802.1Q VLAN ID list, ranging from 2 to 4094, in the
format of 2-3, 5. It is multi-optional.
tagged | untagged —— Egress rule,untagged or tagged. Tagged: All packets
forwarded by the port are tagged. The packets contain VLAN information.
Untagged: Packets forwarded by the port are untagged.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Specify the Link Type of port 4 as general, then add it to VLAN 2 and configure
the egress rule of port 4 as tagged:
TL-SG3424(config)# interface gigabitEthernet 1/0/4
TL-SG3424(config-if)# switchport mode general
21
TL-SG3424(config-if)# switchport general allowed vlan 2 tagged
switchport pvid
Description
The switchport pvid command is used to configure the PVID for the switch
ports.
Syntax
switchport pvid vlan-id
Parameter
vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Specify the PVID of port 3 as 1:
TL-SG3424(config)# interface gigabitEthernet 1/0/3
TL-SG3424(config-if)# switchport pvid 1
show vlan summary
Description
The show vlan summary command is used to display the summarized
information of IEEE 802.1Q VLAN.
Syntax
show vlan summary
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the summarized information of IEEE 802.1Q VLAN:
TL-SG3424(config)# show vlan summary
22
show vlan brief
Description
The show vlan brief command is used to display the brief information of IEEE
802.1Q VLAN.
Syntax
show vlan brief
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the brief information of IEEE 802.1Q VLAN:
TL-SG3424(config)# show vlan brief
show vlan
Description
Syntax
Parameter
Command Mode
Example
The show vlan command is used to display the detailed information of the
specified IEEE 802.1Q VLAN. By default, the detailed information of all vlans
will be displayed.
show vlan [ id vlan-id ]
vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. It is
multi-optional.
Privileged EXEC Mode and Any Configuration Mode
Display the detailed information of all VLANs:
TL-SG3424(config)# show vlan
Display the detailed information of VLAN 2:
TL-SG3424(config)# show vlan id 2
Display the detailed information of VLAN 3-10:
TL-SG3424(config)# show vlan id 3-10
23
Chapter 4 MAC-based VLAN Commands
MAC-based VLAN (Virtual Local Area Network) is the way to classify the VLANs based on MAC
Address. A MAC address corresponds to a VLAN ID. The untagged packets and the
priority-tagged packets sourced from the MAC address will be tagged with this VLAN ID.
mac-vlan mac-address
Description
The mac-vlan mac-address command is used to create a MAC-based VLAN
entry. To delete MAC-based VLAN entry, please use the no mac-vlan
mac-address command.
Syntax
mac-vlan mac-address mac-addr vlan vlan-id [ description descript ]
no mac-vlan mac-address mac-addr
Parameter
mac-addr —— MAC address, in the format of XX:XX:XX:XX:XX:XX.
vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.
descript —— Give a description of the MAC-based VLAN entry for identification,
which contains 8 characters at most.
Command Mode
Global Configuration Mode
Example
Add an entry whose MAC address is 00:11:11:01:01:12 to VLAN 2, then name
the MAC-base entry as “TP”:
TL-SG3424(config)# mac-vlan mac-address 00:11:11:01:01:12 vlan 2
description TP
show mac-vlan
Description
The show mac-vlan command is used to display the information of the
MAC-based VLAN. MAC address and VLAN ID can be used to filter the
displayed information.
Syntax
show mac-vlan { all | mac-address mac-addr | vlan vlan-id }
24
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Parameter
mac-addr —— MAC address, in the format of XX:XX:XX:XX:XX:XX.
vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094.
Example
Display the MAC-based VLAN table:
TL-SG3424(config)# show mac-vlan all
Display the MAC-based VLAN information of the entry whose MAC address is
00:11:11:01:01:12:
TL-SG3424(config)# show mac-vlan mac-address 00:11:11:01:01:12
Display the MAC-based VLAN information of the entry whose VLAN ID is 4:
TL-SG3424(config)# show mac-vlan vlan 4
25
Chapter 5 Protocol-based VLAN Commands
Protocol-based VLAN (Virtual Local Area Network) is the way to classify VLANs based on
Protocols. A Protocol corresponds to a VLAN ID. The untagged packets and the priority-tagged
packets matching the protocol template will be tagged with this VLAN ID.
protocol-vlan template
Description
The protocol-vlan template command is used to create Protocol-based VLAN
template. To delete Protocol-based VLAN template, please use no
protocol-vlan template command.
Syntax
protocol-vlan template name protocol-name ether-type type frame { 802_3 |
ether_2 | snap | llc }
no protocol-vlan template template-idx
Parameter
protocol-name —— Give a name to the Protocol-based VLAN Template,
which contains 8 characters at most.
type —— The Ethernet protocol type in the protocol template, composing of 4
Hex integers.
802_3 | ether_2 | snap | llc —— The frame type with 802_3, ether_2, snap, and
llc options.
template-idx —— The number of the Protocol-based VLAN Template. You can
get the template corresponding to the number by the show protocol-vlan
template command.
Command Mode
Global Configuration Mode
Example
Create a Protocol-based VLAN template named “TP” whose Ethernet protocol
type is 0x2024 and frame type is EthernetII:
TL-SG3424(config)# protocol-vlan template name TP ether-type 2024
frame ether_2
26
protocol-vlan vlan
Description
The protocol-vlan vlan command is used to create a Protocol-based VLAN. To
delete a Protocol-based VLAN, please use no protocol-vlan command.
Syntax
protocol-vlan vlan vlan-id { template template-idx }
no protocol-vlan vlan group-idx
Parameter
vlan-vid —— Specify IEEE 802.1Q VLAN ID, ranging from 1-4094.
template-idx ——The number of the Protocol-based VLAN Template. You can
get the template corresponding to the number by the show protocol-vlan
template command.
group-idx ——The number of the Protocol-based VLAN entry. You can get the
Protocol-based VLAN entry corresponding to the number by the show
protocol-vlan vlan command.
Command Mode
Global Configuration Mode
Example
Create Protocol-based VLAN 2 and bind it with Protocol-based VLAN Template
3:
TL-SG3424(config)# protocol-vlan vlan 2 template 3
protocol-vlan group
Description
The protocol-vlan group command is used to create a Protocol-based VLAN
group. To delete a Protocol-based VLAN group, please use no protocol-vlan
group command.
Syntax
protocol-vlan group group-id
no protocol-vlan group group-id
Parameter
group-id ——The number of the Protocol-based VLAN entry. You can get the
Protocol-based VLAN entry corresponding to the number by the show
protocol-vlan vlan command.
27
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Create Protocol-based VLAN group 2 which is binding with port 3:
TL-SG3424(config)# interface gigabitEthernet 1/0/3
TL-SG3424(config-if)# protocol-vlan group 2
show protocol-vlan template
Description
The show protocol-vlan template command is used to display the information
of the Protocol-based VLAN templates.
Syntax
show protocol-vlan template
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the information of the Protocol-based VLAN templates:
TL-SG3424(config)# show protocol-vlan template
show protocol-vlan vlan
Description
The show protocol-vlan vlan command is used to display the information
about Protocol-based VLAN entry.
Syntax
show protocol-vlan vlan
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display information of the Protocol-based VLAN entry:
TL-SG3424(config)# show protocol-vlan vlan
28
Chapter 6 Voice VLAN Commands
Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and
adding the ports with voice devices attached to voice VLANs, you can perform QoS-related
configuration for voice data, ensuring the transmission priority of voice data stream and voice
quality.
voice vlan
Description
The voice vlan command is used to enable Voice VLAN function. To disable
Voice VLAN function, please use no voice vlan command.
Syntax
voice vlan vlan-id
no voice vlan
Parameter
vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 2 to 4094.
Command Mode
Global Configuration Mode
Example
Enable the Voice VLAN function for VLAN 10:
TL-SG3424(config)# voice vlan 10
voice vlan aging time
Description
Syntax
The voice vlan aging time command is used to set the aging time for a voice
VLAN. To restore to the default aging time for the Voice VLAN, please use no
voice vlan aging time command.
voice vlan aging time time
no voice vlan aging time
29
Parameter
time ——Aging time (in minutes) to be set for the Voice VLAN. It ranges from 1
to 43200 and the default value is 1440.
Command Mode
Global Configuration Mode
Example
Set the aging time for the Voice VLAN as 1 minute:
TL-SG3424(config)# voice vlan aging time 1
voice vlan priority
Description
The voice vlan priority command is used to configure the priority for the Voice
VLAN. To restore to the default priority, please use no voice vlan priority
command.
Syntax
voice vlan priority pri
no voice vlan priority
Parameter
pri —— Priority, ranging from 0 to 7, and the default value is 6.
Command Mode
Global Configuration Mode
Example
Configure the priority of the Voice VLAN as 5:
TL-SG3424(config)# voice vlan priority 5
voice vlan mac-address
Description
The voice vlan mac-address command is used to create Voice VLAN OUI. To
delete the specified Voice VLAN OUI, please use no voice vlan mac-address
command.
30
Syntax
voice vlan mac-address mac-addr mask mask [ description descript ]
no voice vlan mac-address mac-addr
Parameter
mac-addr —— The OUI address of the voice device, in the format of
XX:XX:XX:XX:XX:XX.
mask —— The OUI address mask of the voice device, in the format of
XX:XX:XX:XX:XX:XX.
descript ——Give a description to the OUI for identification which contains 16
characters at most.
Command Mode
Global Configuration Mode
Example
Create a Voice VLAN OUI described as TP-Phone with the OUI address
00:11:11:11:11:11 and the mask address FF:FF:FF:00:00:00:
TL-SG3424(config)# voice vlan mac-address 00:11:11:11:11:11 mask
FF:FF:FF:00:00:00 description TP-Phone
switchport voice vlan mode
Description
The switchport voice vlan mode command is used to configure the Voice
VLAN mode for the Ethernet port.
Syntax
switchport voice vlan mode { manual | auto }
Parameter
manual | auto —— Port mode.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Configure the port 3 to operate in the auto voice VLAN mode:
31
TL-SG3424(config)# interface gigabitEthernet 1/0/3
TL-SG3424(config-if)# switchport voice vlan mode auto
switchport voice vlan security
Description
The switchport voice vlan security command is used to enable the Voice
VLAN security feature. To disable the Voice VLAN security feature, please use
no switchport voice vlan security command.
Syntax
switchport voice vlan security
no switchport voice vlan security
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Enable port 3 for the Voice VLAN security feature:
TL-SG3424(config)# interface gigabitEthernet 1/0/3
TL-SG3424(config-if)# switchport voice vlan security
show voice vlan
Description
The show voice vlan command is used to display the global configuration
information of Voice VLAN.
Syntax
show voice vlan
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the configuration information of Voice VLAN globally:
TL-SG3424(config)# show voice vlan
32
show voice vlan oui
Description
The show voice vlan oui command is used to display the configuration
information of Voice VLAN OUI.
Syntax
show voice vlan oui
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the configuration information of Voice VLAN OUI:
TL-SG3424(config)# show voice vlan oui
show voice vlan switchport
Description
The show voice vlan switchport command is used to display the Voice VLAN
configuration information of all ports or a specified port.
Syntax
show voice vlan switchport [ gigabitEthernet port ]
Parameter
port —— The Ethernet port number.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the Voice VLAN configuration information of all ports:
TL-SG3424(config)# show voice vlan switchport
Display the Voice VLAN configuration information of port 2:
TL-SG3424(config)# show voice vlan switchport gigabitEthernet 1/0/2
33
Chapter 7 GVRP Commands
GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute
registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the
dynamic VLAN registration information and propagate the local VLAN registration information to
other switches, without having to individually configure each VLAN.
gvrp(global)
Description
The gvrp command is used to enable the GVRP function globally. To disable the
GVRP function, please use no gvrp command.
Syntax
gvrp
no gvrp
Command Mode
Global Configuration Mode
Example
Enable the GVRP function globally:
TL-SG3424(config)# gvrp
gvrp(interface)
Description
The gvrp command is used to enable the GVRP function for the desired port. To
disable the GVRP function of this port, please use no gvrp command. The
GVRP feature can only be enabled for the trunk-type ports.
Syntax
gvrp
no gvrp
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
34
Example
Enable the GVRP function for ports 2-6:
TL-SG3424(config)# interface range gigabitEthernet 1/0/2-6
TL-SG3424(config-if-range)# gvrp
gvrp registration
Description
The gvrp registration command is used to configure the GVRP registration
type on the desired port. To restore to the default value, please use no gvrp
registration command.
Syntax
gvrp registration { normal | fixed | forbidden }
no gvrp registration
Parameter
normal | fixed | forbidden —— Registration mode. By default, the registration
mode is “normal”.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Configure the GVRP registration mode on ports 2-6 to fixed:
TL-SG3424(config)# interface range gigabitEthernet 1/0/2-6
TL-SG3424(config-if-range)# gvrp registration fixed
gvrp timer
Description
The gvrp timer command is used to set a GVRP timer for the desired port. To
restore to the default setting of a GARP timer, please use no gvrp timer
command.
Syntax
gvrp timer { leaveall | join | leave } value
35
no gvrp timer [ leaveall | join | leave ]
Parameter
leaveall | join | leave —— They are the three timers: leave All、join and leave.
Once the LeaveAll Timer is set, the port with GVRP enabled can send a
LeaveAll message after the timer times out, so that other GARP ports can
re-register all the attribute information. After that, the LeaveAll timer will start to
begin a new cycle. To guarantee the transmission of the Join messages, a
GARP port sends each Join message two times. The Join Timer is used to
define the interval between the two sending operations of each Join message.
Once the Leave Timer is set, the GARP port receiving a Leave message will
start its Leave timer, and unregister the attribute information if it does not receive
a Join message again before the timer times out.
value ——The value of the timer. The LeaveAll Timer ranges from 1000 to
30000 centiseconds and the default value is 1000. The Join Timer ranges from
20 to 1000 centiseconds and the default value is 20. The Leave Timer ranges
from 60 to 3000 centiseconds and the default value is 60.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the
join timer of it to the default value:
TL-SG3424(config)# interface gigabitEthernet 1/0/6
TL-SG3424(config-if)# gvrp timer leaveall 2000
TL-SG3424(config-if)# no gvrp timer join
show gvrp global
Description
The show gvrp global command is used to display the global GVRP status.
Syntax
show gvrp global
Command Mode
Privileged EXEC Mode and Any Configuration Mode
36
Example
Display the global GVRP status:
TL-SG3424(config)# show gvrp global
show gvrp interface
Description
The show gvrp interface command is used to display the GVRP configuration
information of all ports or a specified Ethernet port.
Syntax
show gvrp interface [ gigabitEthernet port ]
Parameter
port ——The Ethernet port number.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the GVRP configuration information of all Ethernet ports:
TL-SG3424(config)# show gvrp interface
Display the GVRP configuration information of port 2:
TL-SG3424(config)# show gvrp interface gigabitEthernet 1/0/2
37
Chapter 8 Etherchannel Commands
Etherchannel Commands are used to configure LAG and LACP function.
LAG (Link Aggregation Group) is to combine a number of ports together to make a single
high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is
the sum of bandwidth of its member port.
LACP (Link Aggregation Control Protocol) is defined in IEEE802.3ad and enables the dynamic link
aggregation and disaggregation by exchanging LACP packets with its partner. The switch can
dynamically group similarly configured ports into a single logical link, which will highly extend the
bandwidth and flexibly balance the load.
channel-group
Description
The channel-group command is used to add a port to the EtherChannel Group
and configure its mode. To delete the port from the EtherChannel Group, please
use no channel-group command.
Syntax
channel-group num mode { on | active | passive }
no channel-group
Parameter
num —— The number of the EtherChannel Group, ranging from 1 to 8.
on —— Enable the static LAG.
active —— Enable the active LACP mode.
passive —— Enable the passive LACP mode.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Add ports 2-4 to EtherChannel Group 1 and enable the static LAG:
TL-SG3424(config)# interface range gigabitEthernet 1/0/2-4
TL-SG3424(config-if-range)# channel-group 1 mode on
38
port-channel load-balance
Description
The port-channel load-balance command is used to configure the Aggregate
Arithmetic for LAG. To return to the default configurations, please use no
port-channel load-balance command.
Syntax
port-channel load-balance { src-dst-mac | src-dst-ip }
no port-channel load-balance
Parameter
src-dst-mac —— The source and destination MAC address. When this option
is selected, the Aggregate Arithmetic will be based on the source and
destination MAC addresses of the packets. The Aggregate Arithmetic for LAG is
“src-dst-mac” by default.
src-dst-ip—— The source and destination IP address. When this option is
selected, the Aggregate Arithmetic will be based on the source and destination
IP addresses of the packets.
Command Mode
Global Configuration Mode
Example
Configure the Aggregate Arithmetic for LAG as “src-dst-mac”:
TL-SG3424(config)# port-channel load-balance src-dst-mac
lacp system-priority
Description
The lacp system-priority command is used to configure the LACP system
priority globally. To return to the default configurations, please use no lacp
system-priority command.
Syntax
lacp system-priority pri
no lacp system-priority
Parameter
pri —— The system priority, ranging from 0 to 65535. It is 32768 by default.
39
Command Mode
Global Configuration Mode
Example
Configure the LACP system priority as 1024 globally:
TL-SG3424(config)# lacp system-priority 1024
lacp port-priority
Description
The lacp port-priority command is used to configure the LACP port priority for
specified ports. To return to the default configurations, please use no lacp
port-priority command.
Syntax
lacp port-priority pri
no lacp port-priority
Parameter
pri —— The port priority, ranging from 0 to 65535. It is 32768 by default.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Configure the LACP port priority as 1024 for ports 1-3:
TL-SG3424(config)# interface range gigabitEthernet 1/0/1-3
TL-SG3424(config-if-range)# lacp port-priority 1024
Configure the LACP port priority as 2048 for port 4:
TL-SG3424(config)# interface gigabitEthernet 1/0/4
TL-SG3424(config-if)# lacp port-priority 2048
show etherchannel
Description
The show etherchannel command is used to display the EtherChannel
information.
40
Syntax
show etherchannel [ channel-group-num ] { detail | summary }
Parameter
channel-group-num —— The EtherChannel Group number, ranging from 1 to
14. By default, it is empty, and will display the information of all EtherChannel
Groups.
detail —— The detailed information of EtherChannel.
summary —— The EtherChannel information in summary.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the detailed information of EtherChannel Group 1:
TL-SG3424(config)# show etherchannel 1 detail
show etherchannel load-balance
Description
The show etherchannel load-balance command is used to display the
Aggregate Arithmetic of LAG.
Syntax
show etherchannel load-balance
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the Aggregate Arithmetic of LAG:
TL-SG3424(config)# show etherchannel load-balance
show lacp
Description
The show lacp command is used to display the LACP information for a
specified EtherChannel Group.
Syntax
show lacp [ channel-group-num ] { internal | neighbor }
41
Parameter
channel-group-num —— The EtherChannel Group number, ranging from 1 to
14. By default, it is empty, and will display the information of all LACP groups.
internal —— The internal LACP information.
neighbor —— The neighbor LACP information.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the internal LACP information of EtherChannel Group 1:
TL-SG3424(config)# show lacp 1 internal
show lacp sys-id
Description
The show lacp sys-id command is used to display the LACP system priority
globally.
Syntax
show lacp sys-id
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the LACP system priority:
TL-SG3424(config)# show lacp sys-id
42
Chapter 9 User Manage Commands
User Manage Commands are used to manage the user’s logging information by Web, CLI or SSH,
so as to protect the settings of the switch from being randomly changed.
user
Description
The user command is used to add a new user or modify the existed user’s
information. To delete the existed users, please use no user command.
Syntax
user user-name password password [ type { guest | admin }] [ status { disable
| enable} ]
no user user-name
Parameter
user-name ——Type a name for users' login, which contains 16 characters at
most, composing digits, English letters and under dashes only.
password ——Type a password for users' login, which contains 16 characters at
most, composing digits, English letters and under dashes only.
guest | admin —— Access level. Guest means that you can only view the
settings without the right to edit and modify. Admin means that you can edit,
modify and view all the settings of different functions. It is “admin” by default.
disable | enable ——Enable/disable the user. The new added user is enabled by
default.
Command Mode
Global Configuration Mode
Example
Add and enable a new admin user named tplink, of which the password is
password:
TL-SG3424(config)# user tplink password password type admin status
enable
43
user access-control ip-based
Description
The user access-control ip-based command is used to limit the IP-range of
the users for login. Only the users within the IP-range you set here are allowed
to login. To cancel the user access limit, please use no user access-control
command.
Syntax
user access-control ip-based ip-addr ip-mask
no user access-control
Parameter
ip-addr —— The source IP address. Only the users within the IP-range you set
here are allowed for login.
ip-mask ——The subnet mask of the IP address.
Command Mode
Global Configuration Mode
Example
Enable the access-control of the user whose IP address is 192.168.0.148:
TL-SG3424(config)# user access-control ip-based 192.168.0.148
255.255.255.255
user access-control mac-based
Description
The user access-control mac-based command is used to limit the MAC
Address of the users for login. Only the user with this MAC Address you set here
is allowed to login. To cancel the user access limit, please use no user
Syntax
access-control command.
user access-control mac-based mac-addr
no user access-control
44
Parameter
mac-addr —— The source MAC address. Only the user with this MAC Address
is allowed to login.
Command Mode
Global Configuration Mode
Example
Configure that only the user whose MAC address is 00:00:13:0A:00:01 is
allowed to login:
TL-SG3424(config)# user access-control mac-based 00:00:13:0A:00:01
user access-control port-based
Description
The user access-control port-based command is used to limit the ports for
login.
Only the users connected to these ports you set here are allowed to login.
To cancel the user access limit, please use no user access-control command.
Syntax
user access-control port-based interface { gigabitEthernet port | range
gigabitEthernet port-list }
no user access-control
Parameter
port —— The Ethernet port number.
port-list ——The list group of Ethernet ports, in the format of 1/0/1-4. You can
appoint 5 ports at most.
Command Mode
Global Configuration Mode
Example
Configure that only the users connected to ports 2-6 are allowed to login:
TL-SG3424(config)# user access-control port-based interface range
gigabitEthernet 1/0/2-6
45
user max-number
Description
The user max-number command is used to configure the maximum login user
numbers at the same time. To cancel the limit on login numbers, please use no
user max-number command.
Syntax
user max-number admin-num guest-num
no user max-number
Parameter
admin-num ——The maximum number of the users allowed to log on as Admin,
ranging from 1 to 16. The total number of Admin and Guest should be less than
16.
guest-num ——The maximum number of the users allowed to log on as Guest,
ranging from 0 to 15. The total number of Admin and Guest should be less than
16.
Command Mode
Global Configuration Mode
Example
Configure the maximum number of users’ login as Admin and Guest as 5 and 3:
TL-SG3424(config)# user max-num 5 3
user idle-timeout
Description
The user idle-timeout command is used to configure the timeout time of the
switch. To restore to the default timeout time, please use no user idle-timeout
Syntax
command.
user idle-timeout minutes
no user idle-timeout
46
line
Parameter
minutes ——The timeout time, ranging from 5 to 30 in minutes. The value is 10
by default.
Command Mode
Global Configuration Mode
Example
Configure the timeout time of the switch as 15 minutes:
TL-SG3424(config)# user idle-timeout 15
Description
The line command is used to enter the Line Configuration Mode and configure
the allowed login user number of the switch.
Syntax
line [ console linenum | vty startlinenum endlinenum ]
Parameter
linenum —— The number of users allowed to login through console port. Its
value is 0 in general as there is only one console port on a switch.
startlinenum ——The start serial number of the login user selected to configure
the login mode and password, ranging from 0 to 15. 0 means the first login user
number, 1 means the second, and the rest can be done in the same manner.
endlinenum ——The end serial number of the login user selected to conifigure
the login mode and password, ranging from 0 to 15. 0 means the first login user
number, 1 means the second, and the rest can be done in the same manner.
Command Mode
Global Configuration Mode
Example
Enter the Console port configuration mode and configure the console port 0:
TL-SG3424(config)# line console 0
Enter the Virtual Terminal configuration mode so as to prepare further
configurations such as password and login mode for virtual terminal 0 to 5:
47
password
Description
Syntax
Parameter
TL-SG3424(config)# line vty 0 5
The password command is used to configure the connection password. To
clear the password, please use no password command.
password password
no password
password —— Configure the connection password, which contains 16
characters at most, composing digits, English letters and under dashes only.
login
Command Mode
Line Configuration Mode
Example
Configure the connection password of Console port connection 0 as tplink:
TL-SG3424(config)# line console 0
TL-SG3424(config-line)# password tplink
Configure the connection password of virtual terminal connection 0-5 as tplink:
TL-SG3424(config)# line vty 0 5
TL-SG3424(config-line)# password tplink
Description
Syntax
The login command is used to configure the login of a switch not to use the
default user name and password. At this situation, a connection password must
be set for virtual terminal connection.
login
48
Command Mode
Line Configuration Mode
Example
Configure the login of Console port connection 0 as login mode:
TL-SG3424(config)# line console 0
TL-SG3424(config-line)# login
Configure the login of virtual terminal connection 0-5 as login mode:
TL-SG3424(config)# line vty 0 5
TL-SG3424(config-line)# login
login local
Description
The login local command is used to configure the login of a switch with the
default user name and password admin/admin.
Syntax
login local
Command Mode
Line Configuration Mode
Example
Configure the login of virtual terminal connection 0-5 as login local mode:
TL-SG3424(config)# line vty 0 5
TL-SG3424(config-line)# login local
Configure the login of Console port connection 0 as login local mode:
TL-SG3424(config)# line console 0
TL-SG3424(config-line)# login local
show user account-list
Description
The show user account-list command is used to display the information of the
current users.
49
Syntax
show user account-list
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the information of the current users:
TL-SG3424(config)# show user account-list
show user configuration
Description
The user configuration command is used to display the security configuration
information of the users, including access-control, max-number and the
idle-timeout, etc.
Syntax
show user configuration
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the security configuration information of the users:
TL-SG3424(config)# show user configuration
50
Chapter 10 Binding Table Commands
You can bind the IP address, MAC address, VLAN and the connected Port number of the Host
together, which can be the condition for the ARP Inspection to filter the packets.
ip source binding
Description
The ip source binding command is used to bind the IP address, MAC address,
VLAN ID and the Port number together manually.
address, MAC address, VLAN ID and the Port number together in the condition
that you have got the related information of the Hosts in the LAN. To delete the
IP-MAC –VID-PORT entry from the binding table, please use no ip source
binding index command.
Syntax
ip source binding hostname ip-addr mac-addr vlan vid interface
gigabitEthernet port { none | arp-detection } [ forced-source { arp-scanning |
dhcp-snooping }]
no ip source binding index idx
Parameter
hostname ——The Host Name, which contains 20 characters at most.
ip-addr —— The IP Address of the Host.
mac-addr —— The MAC Address of the Host.
You can manually bind the IP
vid ——The VLAN ID needed to be bound, ranging from 1 to 4094.
port ——The number of Ethernet port connected to the Host.
none | arp-detection——The protect type for the entry. arp-detection indicates
ARP detection; none indicates applying none.
forced-source —— The source of the binding entry can be specified as
arp-scanning or dhcp-snooping. It is multi-optional.
idx —— The entry number needed to be deleted, ranging from 1 to 200. You can
use the show ip source binding
the entry number is the actual number in the binding table not arranged in an
order.
command to get the idx. Pay attention to that,
51
Command Mode
Global Configuration Mode
Example
Bind an entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and
Port number 5 manually. And then enable the entry for the ARP detection:
TL-SG3424(config)# ip source binding host1 192.168.0.1 00:00:00:00:00:01
vlan 2 interface gigabitEthernet 1/0/5 arp-detection
Delete the IP-MAC –VID-PORT entry with the index 5:
TL-SG3424(config)# no ip source binding index 5
ip dhcp snooping
Description
The ip dhcp snooping command is used to enable DHCP-Snooping function
globally. To disable DHCP-Snooping function globally, please use no ip dhcp
snooping command. DHCP Snooping functions to monitor the process of the
Host obtaining the IP address from DHCP server, and record the IP address,
MAC address, VLAN and the connected Port number of the Host for automatic
binding. The switch can also propagate the control information and the network
parameters via the Option 82 field to provide more information for the Host.
Syntax
ip dhcp snooping
no ip dhcp snooping
Command Mode
Global Configuration Mode
Example
Enable the DHCP-Snooping function globally:
TL-SG3424(config)# ip dhcp snooping
ip dhcp snooping global
Description
The ip dhcp snooping global command is configure DHCP-Snooping globally.
52
To restore to the default value, please use no dhcp-snooping global
command.
Syntax
ip dhcp snooping global [ global-rate global-rate ] [ dec-threshold
dec-threshold ] [ dec-rate dec-rate ]
no ip dhcp snooping global
Parameter
global-rate —— The value to specify the maximum amount of DHCP messages
that can be forwarded by the switch per second. The excessive messages will
be discarded. The options are 0/10/20/30/40/50 (packet/second).By default, it is
0 standing for disable.
dec-threshold ——The value to specify the minimum transmission rate of the
Decline packets to trigger the Decline protection for the specific port. The
options are 0/5/10/15/20/25/30 (packet/second).By default, it is 0 standing for
disable.
dec-rate ——The value to specify the Decline Flow Control. The traffic flow of
the corresponding port will be limited to be this value if the transmission rate of
the Decline packets exceeds the Decline Threshold. The options are
5/10/15/20/25/30 (packet/second). By default, it is 5.
Command Mode
Global Configuration Mode
Example
Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps,
and decline Flow Control as 20 pps for DHCP Snooping:
TL-SG3424(config)# ip dhcp snooping global global-rate 30 dec-threshold 20
dec-rate 20
ip dhcp snooping information option
Description
The ip dhcp snooping information option command is used to enable the
Option 82 function of DHCP Snooping. To disable the Option 82 function, please
use no ip dhcp snooping information option command.
53
Syntax
ip dhcp snooping information option
no ip dhcp snooping information option
Command Mode
Global Configuration Mode
Example
Enable the Option 82 function of DHCP Snooping:
TL-SG3424(config)# ip dhcp snooping information option
ip dhcp snooping information strategy
Description
The ip dhcp snooping information strategy command is used to select the
operation for the Option 82 field of the DHCP request packets from the Host. To
restore to the default option, please use no ip dhcp snooping information
strategy command.
Syntax
ip dhcp snooping information strategy strategy
no ip dhcp snooping information strategy
Parameter
strategy —— The operations for Option 82 field of the DHCP request packets
from the Host, including threes types:
keep: Indicates to keep the Option 82 field of the packets. It is the default option;
replace: Indicates to replace the Option 82 field of the packets with the switch
defined one;
drop: Indicates to discard the packets including the Option 82 field
Command Mode
Global Configuration Mode
Example
Replace the Option 82 field of the packets with the switch defined one and then
send out:
TL-SG3424(config)# ip dhcp snooping information strategy replace
54
ip dhcp snooping information remote-id
Description
The ip dhcp snooping information remote-id command is used to enable and
configure the customized sub-option Remote ID for the Option 82. To return to
default Remote ID for the Option 82, please use no ip dhcp snooping
information remote-id command.
Syntax
ip dhcp snooping information remote-id string
no ip dhcp snooping information remote-id
Parameter
string ——Enter the sub-option Remote ID, which contains 32 characters at
most.
Command Mode
Global Configuration Mode
Example
Enable and configure the customized sub-option Remote ID for the Option 82 as
tplink:
TL-SG3424(config)# ip dhcp snooping information remote-id tplink
ip dhcp snooping information circuit-id
Description
The ip dhcp snooping information circuit-id command is used to enable and
configure the customized sub-option Circuit ID for the Option 82. To return to the
default Circuit ID for the Option 82, please use no ip dhcp snooping
information circuit-id command.
Syntax
ip dhcp snooping information circuit-id string
no ip dhcp snooping information circuit-id
Parameter
string ——Enter the sub-option Circuit ID, which contains 32 characters at most.
55
Command Mode
Global Configuration Mode
Example
Enable and configure the customized sub-option Circuit ID for the Option 82 as
tplink:
TL-SG3424(config)# ip dhcp snooping information circuit-id tplink
ip dhcp snooping trust
Description
The ip dhcp snooping trust command is used to configure a port to be a
Trusted Port. Only the Trusted Port can receive the DHCP packets from DHCP
servers. To turn the port back to a distrusted port, please use no ip dhcp
snooping trust command.
Syntax
ip dhcp snooping trust
no ip dhcp snooping trust
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Configure port 2 to be a Trusted Port:
TL-SG3424(config)# interface gigabitEthernet 1/0/2
TL-SG3424(config-if)# ip dhcp snooping trust
ip dhcp snooping mac-verify
Description
The ip dhcp snooping mac-verify command is used to enable the MAC Verify
feature. To disable the MAC Verify feature, please use no ip dhcp snooping
mac-verify command. There are two fields of the DHCP packet containing the
MAC address of the Host. The MAC Verify feature is to compare the two fields
and discard the packet if the two fields are different.
56
Syntax
ip dhcp snooping mac-verify
no ip dhcp snooping mac-verify
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Enable the MAC Verify feature for port 2:
TL-SG3424(config)# interface gigabitEthernet 1/0/2
TL-SG3424(config-if)# ip dhcp snooping mac-verify
ip dhcp snooping limit rate
Description
The ip dhcp snooping limit rate command is used to enable the Flow Control
feature for the DHCP packets. The excessive DHCP packets will be discarded.
To restore to the default configuration, please use no ip dhcp snooping limit
rate command.
Syntax
ip dhcp snooping limit rate value
no ip dhcp snooping limit rate
Parameter
value —— The value of Flow Control. The options are
0/5/10/15/20/25/30(packet/second). The default value is 0, which stands for
disable.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Set the Flow Control of port 2 as 20 pps:
TL-SG3424(config)# interface gigabitEthernet 1/0/2
TL-SG3424(config-if)# ip dhcp snooping limit rate 20
57
ip dhcp snooping decline
Description
The ip dhcp snooping decline command is used to enable the Decline Protect
feature. To disable the Decline Protect feature, please use no ip dhcp
snooping decline command.
Syntax
ip dhcp snooping decline
no ip dhcp snooping decline
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Enable the Decline Protect feature of port 2:
TL-SG3424(config)# interface gigabitEthernet 1/0/2
TL-SG3424(config-if)# ip dhcp snooping decline
show ip source binding
Description
The show ip source binding command is used to display the
IP-MAC-VID-PORT binding table.
Syntax
show ip source binding
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the IP-MAC-VID-PORT binding table:
TL-SG3424(config)# show ip source binding
58
show ip dhcp snooping
Description
The show ip dhcp snooping command is used to display the running status of
DHCP-Snooping.
Syntax
show ip dhcp snooping
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the running status of DHCP-Snooping:
TL-SG3424# show ip dhcp snooping
show ip dhcp snooping information
Description
The show ip dhcp snooping information command is used to display the
Option 82 configuration status of DHCP-Snooping.
Syntax
show ip dhcp snooping information
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the Option 82 configuration status of DHCP-Snooping:
TL-SG3424# show ip dhcp snooping information
show ip dhcp snooping interface gigabitEthernet
Description
The show ip dhcp snooping interface gigabitEthernet command is used to
display the DHCP-Snooping configuration of desired Gigabit Ethernet ports.
59
Syntax
show ip dhcp snooping interface gigabitEthernet [ port ]
Parameters
port ——The Ethernet port number.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the DHCP-Snooping configuration of port 2:
TL-SG3424# show ip dhcp snooping interface gigabitEthernet 1/0/2
60
Chapter 11 ARP Inspection Commands
ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating,
such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.
ip arp inspection(global)
Description
The ip arp inspection command is used to enable the ARP Detection function
globally. To disable the ARP Detection function, please use no ip arp detection
command.
Syntax
ip arp inspection
no ip arp inspection
Command Mode
Global Configuration Mode
Example
Enable the ARP Detection function globally:
TL-SG3424(config)# ip arp inspection
ip arp inspection trust
Description
The ip arp inspection trust command is used to configure the port for which
the ARP Detect function is unnecessary as the Trusted Port. To clear the
Trusted Port list, please use no ip arp detection trust command. The specific
ports, such as up-linked port, routing port and LAG port, should be set as
Syntax
Trusted Port. To ensure the normal communication of the switch, please
configure the ARP Trusted Port before enabling the ARP Detect function.
ip arp inspection trust
no ip arp inspection trust
61
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Configure the ports 2-5 as the Trusted Port:
TL-SG3424(config)# interface range gigabitEthernet 1/0/2-5
TL-SG3424(config-if-range)# ip arp inspection trust
ip arp inspection(interface)
Description
The ip arp inspection command is used to enable the ARP Defend function. To
disable the ARP detection function, please use no ip arp inspection command.
ARP Attack flood produces lots of ARP Packets, which will occupy the
bandwidth and slow the network speed extremely. With the ARP Defend
enabled, the switch can terminate receiving the ARP packets for 300 seconds
when the transmission speed of the legal ARP packet on the port exceeds the
defined value so as to avoid ARP Attack flood.
Syntax
ip arp inspection
no ip arp inspection
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Enable the arp defend function for ports 2-6:
TL-SG3424(config)# interface range gigabitEthernet 1/0/2-6
TL-SG3424(config-if-range)# ip arp inspection
62
ip arp inspection limit-rate
Description
The ip arp inspection limit-rate command is used to configure the ARP speed
of a specified port. To restore to the default speed, please use no ip arp
inspection limit-rate command.
Syntax
ip arp inspection limit-rate value
no ip arp inspection limit-rate
Parameter
value ——The value to specify the maximum amount of the received ARP
packets per second, ranging from 10 to 100 in pps(packet/second). By default,
the value is 15.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Configure the maximum amount of the received ARP packets per second as 50
pps for port 5:
TL-SG3424(config)# interface gigabitEthernet 1/0/5
TL-SG3424(config-if)# ip arp inspection limit-rate 50
ip arp inspection recover
Description
The ip arp inspection recover command is used to restore to the port to the
ARP transmit status from the ARP filter status.
Syntax
ip arp inspection recover
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
63
Example
Restore port 5 to the ARP transmit status:
TL-SG3424(config)# interface gigabitEthernet 1/0/5
TL-SG3424(config-if)# ip arp inspection recover
show ip arp inspection
Description
The show ip arp inspection command is used to display the ARP detection
global configuration including the enable/disable status and the Trusted Port list.
Syntax
show ip arp inspection
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the ARP detection configuration globally:
TL-SG3424(config)# show ip arp inspection
show ip arp inspection interface
Description
The show ip arp inspection interface command is used to display the
interface configuration of ARP detection.
Syntax
show ip arp inspection interface [ gigabitEthernet port ]
Parameter
port ——The Ethernet port number.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the configuration of all the ports:
64
TL-SG3424(config)# show ip arp inspection interface
Display the configuration of port 2:
TL-SG3424(config)# show ip arp inspection interface gigabitEthernet 1/0/2
show ip arp inspection statistics
Description
The show ip arp inspection statistics command is used to display the number
of the illegal ARP packets received.
Syntax
show ip arp inspection statistics
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the number of the illegal ARP packets received:
TL-SG3424(config)# show ip arp inspection statistics
clear ip arp inspection statistics
Description
The clear ip arp inspection statistics command is used to clear the statistic of
the illegal ARP packets received.
Syntax
clear ip arp inspection statistics
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Clear the statistic of the illegal ARP packets received:
TL-SG3424(config)# clear ip arp inspection statistics
65
Chapter 12 DoS Defend Command
DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network
attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend
enabled, the switch can analyze the specific field of the received packets and provide the defend
measures to ensure the normal working of the local network.
ip dos-prevent
Description
The ip dos-prevent command is used to enable the DoS defend function
globally. To disable the DoS defend function, please use no ip dos-prevent
command.
Syntax
ip dos-prevent
no ip dos-prevent
Command Mode
Global Configuration Mode
Example
Enable the DoS defend function globally:
TL-SG3424(config)# ip dos-prevent
ip dos-prevent type
Description
The ip dos-prevent type command is used to select the DoS Defend Type. To
Syntax
disable the corresponding Defend Type, please use no ip dos-prevent type
command.
ip dos-prevent type [ land ] [ scan-synfin ] [ xma-scan ] [ null-scan ]
[ port-less-than-1024 ] [ blat ] [ ping-flood ] [ syn-flood ]
no ip dos-prevent type [ land ] [ scan-synfin ] [ xma-scan ] [ null-scan ]
[ port-less-tan-1024 ] [ blat ] [ ping-flood ] [ syn-flood ]
66
Parameter
land —— Land attack.
scan-synfin —— Scan SYNFIN attack.
xma-scan —— Xma Scan attack.
null-scan —— NULL Scan attack.
port-less-than-1024 ——The SYN packets whose Source Port less than 1024.
blat —— Blat attack.
ping-flood —— Ping flooding attack. With the ping flood attack enabled, the
switch will limit automatically the forwarding speed pf ping packets to 512K
when attacked by ping flood.
syn-flood —— SYN/SYN-ACK flooding attack. With the syn-flood attack enabled,
the switch will limit automatically the forwarding speed pf ping packets to 512K
when attacked by syn-flood.
Command Mode
Global Configuration Mode
Example
Enable four DoS Defend Types named Land attack:
TL-SG3424(config)# ip dos-prevent type land
show ip dos-prevent
Description
The show ip dos-prevent command is used to display the DoS information of
the detected DoS attack, including enable/disable status, the DoS Defend Type.
Syntax
show ip dos-prevent
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the DoS information of the detected DoS attack globally:
TL-SG3424(config)# show ip dos-prevent
67
Chapter 13 IEEE 802.1X Commands
IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the
supplicant passing the authentication can access the LAN.
dot1x system-auth-control
Description
The dot1x system-auth-control command is used to enable the IEEE 802.1X
function globally. To disable the IEEE 802.1X function, please use no dot1x
system-auth-control command.
Syntax
dot1x system-auth-control
no dot1x system-auth-control
Command Mode
Global Configuration Mode
Example
Enable the IEEE 802.1X function:
TL-SG3424(config)# dot1x system-auth-control
dot1x auth-method
Description
The dot1x auth-method command is used to configure the Authentication
Method of IEEE 802.1X and the default 802.1x authentication method is
“eap-md5”. To restore to the default 802.1x authentication method, please use
no dot1x auth-method command.
Syntax
dot1x auth-method { pap | eap-md5 }
no dot1x auth-method
Parameter
pap | eap-md5 ——Authentication Methods.
68
pap: IEEE 802.1X authentication system uses extensible authentication protocol
(EAP) to exchange information between the switch and the client. The
transmission of EAP packets is terminated at the switch and the EAP packets
are converted to the other protocol (such as RADIUS) packets for transmission
eap-md5: IEEE 802.1X authentication system uses extensible authentication
protocol (EAP) to exchange information between the switch and the client. The
EAP protocol packets with authentication data can be encapsulated in the
advanced protocol (such as RADIUS) packets to be transmitted to the
authentication server.
Command Mode
Global Configuration Mode
Example
Configure the Authentication Method of IEEE 802.1X as pap:
TL-SG3424(config)# dot1x auth-method pap
dot1x guest-vlan(global)
Description
The dot1x guest-vlan command is used to enable the Guest VLAN function
globally. To disable the Guest VLAN function, please use no dot1x guest-vlan
command.
Syntax
dot1x guest-vlan vid
no dot1x guest-vlan
Parameter
vid ——The VLAN ID needed to enable the Guest VLAN function, ranging from
2 to 4094.
The supplicants in the Guest VLAN can access the specified network
source.
Command Mode
Global Configuration Mode
Example
Enable the Guest VLAN function for VLAN 5:
TL-SG3424(config)# dot1x guest-vlan 5
69
dot1x quiet-period
Description
The dot1x quiet-period command is used to enable the quiet-period function.
To disable the function, please use no dot1x quiet-period command.
Syntax
dot1x quiet-period
no dot1x quiet-period
Command Mode
Global Configuration Mode
Example
Enable the quiet-period function:
TL-SG3424(config)# dot1x quiet-period
dot1x timeout
Description
The dot1x timeout command is used to configure the quiet period and the
supplicant timeout. To restore to the default, please use no dot1x timeout
command.
Syntax
dot1x timeout { quiet-period time | reauth-period time }
no dot1x timeout { quiet-period | reauth-period }
Parameter
quiet-period time ——The value for Quiet Period, ranging from 1 to 999 in
seconds. By default, it is 10. Once the supplicant failed to the 802.1X
Authentication, then the switch will not respond to the authentication request
from the same supplicant during the Quiet Period.
reauth-period time ——The maximum time for the switch to wait for the
response from supplicant before resending a request to the supplicant., ranging
from 1 to 9 in second. By default, it is 3.
Command Mode
Global Configuration Mode
70
Example
Configure the quiet period as 100 seconds:
TL-SG3424(config)# dot1x timeout quiet-period 100
dot1x max-reauth-req
Description
The dot1x max-reauth-req command is used to configure the maximum
transfer times of the repeated authentication request when the server cannot be
connected. To restore to the default value, please use no dot1x
max-reauth-req command.
Syntax
dot1x max-reauth-req times
Parameter
Command Mode
Example
dot1x
no dot1x max-reauth-req
times ——The maximum transfer times of the repeated authentication request,
ranging from 1 to 9 in times. By default, the value is 3.
Global Configuration Mode
Configure the maximum transfer times of the repeated authentication request as
5:
TL-SG3424(config)# dot1x max-reauth-req 5
Description
The dot1x command is used to enable the IEEE 802.1X function for a specified
port. To disable the IEEE 802.1X function for a specified port, please use no
dot1x command.
Syntax
dot1x
no dot1x
71
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Enable the IEEE 802.1X function for port 1:
TL-SG3424(config)# interface gigabitEthernet 1/0/1
TL-SG3424(config-if)# dot1x
dot1x guest-vlan(interface)
Description
The dot1x guest-vlan command is used to enable the guest VLAN function for
a specified port. To disable the Guest VLAN function for a specified port, please
use no dot1x guest-vlan command. Please ensure that the Control Type of the
corresponding port is port-based before enabling the guest VLAN function for it.
Syntax
dot1x guest-vlan
no dot1x guest-vlan
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Enable the Guest VLAN function for port 2:
TL-SG3424(config)# interface gigabitEthernet 1/0/2
TL-SG3424(config-if)# dot1x guest-vlan
dot1x port-control
Description
The dot1x port-control command is used to configure the control mode of
IEEE 802.1X for the specified port. By default, the control mode is “auto”. To
restore to the default configuration, please use no dot1x port-control
command.
72
Syntax
dot1x port-control { auto | authorized-force | unauthorized-force }
no dot1x port-control
Parameter
auto | authorized-force | unauthorized-force —— The Control Mode for the port.
auto:
In this mode, the port will normally work only after passing the 802.1X
Authentication.
authorized-force: In this mode, the port can work normally without passing the
802.1X Authentication.
unauthorized-force: In this mode, the port is forbidden working for its fixed
unauthorized status.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Example
Configure the Control Mode for port 1 as authorized-force:
TL-SG3424(config)# interface gigabitEthernet 1/0/1
TL-SG3424(config-if)# dot1x port-control authorized-force
dot1x port-method
Description
The dot1x port-method command is used to configure the control type of IEEE
802.1X for the specified port. By default, the control type is “mac-based”. To
restore to the default configuration, please use no dot1x port-method
command.
Syntax
dot1x port-method { mac-based | port-based }
no dot1x port-method
Parameter
mac-based | port-based ——The control type for the port.
Mac-based: Any client connected to the port should pass the 802.1X
authentication for access.
73
Command Mode
Example
radius
Description
port-based: All the clients connected to the port can access the network on the
condition that any one of the clients has passed the 802.1X Authentication.
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Configure the Control Type for port 1 as port-based:
TL-SG3424(config)# interface gigabitEthernet 1/0/1
TL-SG3424(config-if)# dot1x port-method port-based
The radius command is used to configure the parameters of radius.
Syntax
radius {[ auth-pri ip ] [ auth-sec ip ] [ auth-port port ] [ auth-key keyvalue ]
[ acct-pri ip ] [ acct-sec ip ] [ acct-port port ] [ acct-key keyvalue ] [ timeout
value ]}
no radius { auth-port | auth-key | acct-port | acct-key | timeout }
Parameter
auth-pri ip —— The IP address of the authentication server.
auth-sec ip —— The IP address of the alternative authentication server.
auth-port port —— The UDP port of authentication server(s) ranging from 1 to
65535. The default port is 1812.
auth-key keyvalue —— The shared password for the switch and the
authentication servers to exchange messages which contains 15 characters at
most.
acct-pri ip —— The IP address of the accounting server.
acct-sec ip —— The IP address of the alternative accounting server.
acct-port port —— The UDP port of accounting server(s) ranging from 1 to
65535. The default port is 1813.
acct-key keyvalue—— The shared password for the switch and the accounting
servers to exchange messages which contains 15 characters at most.
74
value ——The maximum time for the switch to wait for the response before
resending a request to the supplicant., ranging from 1 to 9 in second. By default,
it is 3.
Command Mode
Global Configuration Mode
Example
Configure the IP address of the accounting server as 10.20.1.100 and password
as tplink:
TL-SG3424(config)# radius auth-pri 10.20.1.100 auth-key tplink
radius server-account
Description
The radius server-account command is used to enable the accounting feature.
To disable the accounting feature, please use no radius server-account
command.
Syntax
radius server-account
no radius server-account
Command Mode
Global Configuration Mode
Example
Enable the accounting feature:
TL-SG3424(config)# radius server-account
show dot1x global
Description
The show dot1x global command is used to display the global configuration of
801.X.
Syntax
show dot1x global
75
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the configuration of 801.X globally:
TL-SG3424(config)# show dot1x global
show dot1x interface
Description
The show dot1x interface command is used to display all ports’ or the
specified port’s configuration information of 801.X.
Syntax
show dot1x interface [ gigabitEthernet port ]
Parameter
port ——The number of the Ethernet port. Display the configuration of all the
ports by default.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the configuration information of 801.X for all ports:
TL-SG3424(config)# show dot1x interface
Display the configuration information of 801.X for port 1:
TL-SG3424(config)# show dot1x interface gigabitEthernet 1/0/1
show radius accounting
Description
The show radius accounting command is used to display the configuration of
the accounting server.
Syntax
show radius accounting
76
Command Mode
Privileged EXEC Mode and Any Configuration Modes
Example
Display the configuration of the accounting server:
TL-SG3424(config)# show radius accounting
show radius authentication
Description
The show radius authentication command is used to display the configuration
of the RADIUS authentication server.
Syntax
show radius authentication
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the configuration of the RADIUS authentication server:
TL-SG3424(config)# show radius authentication
77
Chapter 14 System Log Commands
The log information will record the settings and operation of the switch respectively for you to
monitor operation status and diagnose malfunction.
logging buffer
Description
The logging buffer command is used to configure the severity level and the
status of the configuration input to the log buffer. To return to the default
configuration, please use no logging buffer command.
information saved in the switch. It has two output channels, that is, it can be
saved to two different positions, log buffer and log file. The log buffer indicates
the RAM for saving system log and the information in the log buffer can be got
by show logging buffer
Syntax
logging buffer level
no logging buffer
Parameter
level —— Severity level of the log information output to each channel. There
are 8 severity levels marked with values 0-7. The smaller value has the higher
priority. Only the log with the same or smaller severity level value will be output.
By default, it is 7 indicating that all the log information will be saved in the log
buffer.
Local Log is the log
command. It will be lost when the switch is restarted.
Command Mode
Global Configuration Mode
Example
Set the severity level as 6:
TL-SG3424(config)# logging buffer 6
78
logging file flash
Description
The logging file flash command is used to configure the level and the status of
the log file input. To restore to the default configuration, please use no logging
file flash command. The log file indicates the flash sector for saving system log.
The information in the log file will not be lost after the switch is restarted and can
be got by the show logging flash
Syntax
logging file flash level
no logging file flash
Parameter
level —— Severity level of the log information output to each channel. There
are 8 severity levels marked with values 0-7. The smaller value has the higher
priority. Only the log with the same or smaller severity level value will be output.
By default, it is 4 indicating that the log information marked with 0~4 will be
saved in the log buffer.
Command Mode
Global Configuration Mode
Example
command.
Enable the log file function and set the severity as 7:
TL-SG3424(config)# logging file flash 7
clear logging
Description
The clear logging command is used to clear the information in the log buffer
and log file.
Syntax
clear logging [ buffer | flash ]
Parameter
buffer | flash —The output channels: buffer and flash. Clear the information of
the two channels, by default.
79
Command Mode
Global Configuration Mode
Example
Clear the information in the log file:
TL-SG3424(config)# clear logging buffer
logging host index
Description
The logging host index command is used to configure the Log Host. To clear
the configuration of the specified Log Host, please use no logging host index
command. Log Host is to receive the system log from other devices. You can
remotely monitor the settings and operation status of other devices through the
log host.
Syntax
logging host index idx host-ip level
no logging host index idx
Parameter
idx —— The index of the log host. The switch supports 4 log hosts at most.
host-ip —— The IP for the log host.
level —— The severity level of the log information sent to each log host. There
are 8 severity levels marked with values 0-7. The smaller value has the higher
priority. Only the log with the same or smaller severity level value will be sent to
the corresponding log host. By default, it is 6 indicating that the log information
marked with 0~6 will be sent to the log host.
Command Mode
Global Configuration Mode
Example
Set the IP address as 192.168.0.148, the level 5:
TL-SG3424(config)# logging host index 2 192.168.0.148 5
80
show logging local-config
Description
The show logging local-config command is used to display the configuration
of the Local Log including the log buffer and the log file.
Syntax
show logging local-config
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the configuration of the Local Log:
TL-SG3424(config)# show logging local-config
show logging loghost
Description
The show logging loghost command is used to display the configuration of the
log host.
Syntax
show logging loghost [ index ]
Parameter
index ——The index of the log host whose configuration will be displayed,
ranging from 1 to 4. Display the configuration of all the log hosts by default.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the configuration of the log host 2:
TL-SG3424(config)# show logging loghost 2
show logging buffer
Description
81
The show logging buffer command is used to display the log information in the
log buffer according to the severity level.
Syntax
show logging buffer [ level level ]
Parameter
level —— Severity level. There are 8 severity levels marked with values 0-7.
The information of levels with priority not lower than the select level will display.
Display all the log information in the log buffer by default.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the log information from level 0 to level 5 in the log buffer:
TL-SG3424(config)# show logging buffer level 5
show logging flash
Description
The show logging flash command is used to display the log information in the
log file according to the severity level.
Syntax
show logging flash [ level level ]
Parameter
level —— Severity level. There are 8 severity levels marked with values 0-7.
The information of levels with priority not lower than the select level will display.
Display all the log information in the log file by default.
Command Mode
Privileged EXEC Mode and Any Configuration Mode
Example
Display the log information with the level marked 0~3 in the log file:
TL-SG3424(config)# show logging flash level 3
82
Chapter 15 SSH Commands
SSH (Security Shell) can provide the unsecured remote management with security and powerful
authentication to ensure the security of the management information.
ip ssh server
Description
The ip ssh server command is used to enable SSH function. To disable the
SSH function, please use no ip ssh server command.
Syntax
ip ssh server
no ip ssh server
Command Mode
Global Configuration Mode
Example
Enable the SSH function:
TL-SG3424(config)# ip ssh server
ip ssh version
Description
The ip ssh version command is used to enable the SSH protocol version. To
disable the protocol version, please use no ip ssh version command.
Syntax
ip ssh version { v1 | v2 }
no ip ssh version { v1 | v2 }
Parameter
v1 | v2 —— The SSH protocol version to be enabled. They represent SSH v1
and SSH v2 respectively.
Command Mode
Global Configuration Mode
83
Example
Enable SSH v2:
TL-SG3424(config)# ip ssh version v2
ip ssh timeout
Description
The ip ssh timeout command is used to specify the idle-timeout time of SSH.
To restore to the factory defaults, please use ip ssh timeout command.
Syntax
ip ssh timeout value
no ip ssh timeout
Parameter
value —— The Idle-timeout time. During this period, the system will automatically
release the connection if there is no operation from the client. It ranges from 1 to
999 in seconds. By default, this value is 500.
Command Mode
Global Configuration Mode
Example
Specify the idle-timeout time of SSH as 300 seconds:
TL-SG3424(config)# ip ssh timeout 300
ip ssh max-client
Description
The ip ssh max-client command is used to specify the maximum number of the
connections to the SSH server. To return to the default configuration, please use
no ip ssh max-client command.
Syntax
ip ssh max-client num
no ip ssh max-client
Parameter
num —— The maximum number of the connections to the SSH server. It
ranges from 1 to 5. By default, this value is 5.
84
Command Mode
Global Configuration Mode
Example
Specify the maximum number of the connections to the SSH server as 3:
TL-SG3424(config)# ip ssh max-client 3
ip ssh download
Description
The ip ssh download command is used to download the SSH key file from
TFTP server.
Syntax
ip ssh download { v1 | v2 } key-file ip-address ip-addr
Parameter
v1 | v2 —— Select the type of SSH key to download, v1 represents SSH-1, v2
represents SSH-2.
key-file —— The name of the key-file which is selected to download. The
length of the name ranges from 1 to 25 characters. The key length of the
downloaded file must be in the range of 256 to 3072 bits.
ip-addr —— The IP address of the TFTP server.
Command Mode
Global Configuration Mode
Example
Download a SSH-1 type key file named ssh-key from TFTP server with the IP
Address 192.168.0.148:
TL-SG3424(config)# ip ssh download v1 ssh-key ip-address 192.168.0.148
show ip ssh
Description
The show ip ssh command is used to display the global configuration of SSH.
Syntax
show ip ssh
Command Mode
Privileged EXEC Mode and Any Configuration Mode
85
Example
Display the global configuration of SSH:
TL-SG3424(config)# show ip ssh
86
Chapter 16 SSL Commands
SSL(Secure Sockets Layer), a security protocol, is to provide a secure connection for the
application layer protocol(e.g. HTTP) based on TCP. Adopting asymmetrical encryption technology,
SSL uses key pair to encrypt/decrypt information. A key pair refers to a public key (contained in the
certificate) and its corresponding private key. By default the switch has a certificate (self-signed
certificate) and a corresponding private key. The Certificate/Key Download function enables the
user to replace the default key pair.
ip http secure-server
Description
The ip http secure-server command is used to enable the SSL function
globally on the switch. To disable the SSL function, please use no ip http
secure-server command. Only the SSL function is enabled, a secure HTTPS
connection can be established.
Syntax
ip http secure-server
no ip http secure-server
Command Mode
Global Configuration Mode
Example
Enable the SSL function:
TL-SG3424(config)# ip http secure-server
ip http secure-server download certificate
Description
Syntax
The ip http secure-server download certificate command is used to
download a certificate to the switch from TFTP server.
ip http secure-server download certificate ssl-cert ip-address ip-addr
87
Parameter
ssl-cert —— The name of the SSL certificate which is selected to download to
the switch. The length of the name ranges from 1 to 25 characters. The
Certificate must be BASE64 encoded.
ip-addr —— The IP address of the TFTP server.
Command Mode
Global Configuration Mode
Example
Download a SSL Certificate named ssl-cert from TFTP server with the IP
Address of 192.168.0.146:
TL-SG3424(config)# ip http secure-server download certificate ssl-cert
ip-address 192.168.0.146
ip http secure-server download key
Description
The ip http secure-server download key command is used to download a
SSL key to the switch from TFTP server.
Syntax
ip http secure-server download key ssl-key ip-address ip-addr
Parameter
ssl-key —— The name of the SSL key which is selected to download to the
switch. The length of the name ranges from 1 to 25 characters. The Key must
be BASE64 encoded.
ip-addr —— The IP address of the TFTP server.
Command Mode
Global Configuration Mode
Example
Download a SSL Key named ssl-key from TFTP server with the IP Address of
192.168.0.146:
TL-SG3424(config)# ip http secure-server download key ssl-key ip-address
192.168.0.146
88
Loading...