TL-SG5428
24-Port Gigabit L2 Managed Switch with 4 SFP Slots
TL-SG5412F
12-Port Gigabit SFP L2 Managed Switch with 4 Combo
1000BASE-T Ports
Rev: 2.0.0
1910010630
COPYRIGHT & TRADEMARKS
Specifications are subject to change without notice. is a registered trademark of
TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or
registered trademarks of their respective holders.
No part of the specifications may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from TP-LINK
TECHNOLOGIES CO., LTD. Copyright © 2012 TP-LINK TECHNOLOGIES CO., LTD. All rights
reserved.
http://www.tp-link.com
I
CONTENTS
Preface .............................................................................................................. 1
Chapter 1 Using the CLI ....................................................................................... 4
1.1 Accessing the CLI..............................................................................................................4
1.1.1 Logon by a console port ..........................................................................................4
1.1.2 Logon by Telnet.......................................................................................................6
1.2 CLI Command Modes........................................................................................................8
1.3 Security Levels ................................................................................................................10
1.4 Conventions ....................................................................................................................10
1.4.1 Format Conventions ..............................................................................................10
1.4.2 Special Characters ................................................................................................11
1.4.3 Parameter Format............................................................................................... 11
Chapter 2 User Interface .................................................................................... 12
enable....................................................................................................................................
enable password ...................................................................................................................12
disable ...................................................................................................................................
configure................................................................................................................................1
exit.........................................................................................................................................
end ........................................................................................................................................
12
13
3
13
14
Chapter 3 IEEE 802.1Q VLAN Commands ........................................................ 15
vlan database ........................................................................................................................15
vlan........................................................................................................................................
interface vlan .........................................................................................................................16
description .............................................................................................................................16
switchport type ......................................................................................................................17
switchport allowed vlan..........................................................................................................17
switchport pvid.......................................................................................................................18
15
switchport general egress-rule ..............................................................................................18
show vlan ..............................................................................................................................19
show interface switchport ...................................................................................................... 19
Chapter 4 Protocol VLAN Commands............................................................... 20
protocol-vlan template ...........................................................................................................20
protocol-vlan vlan ..................................................................................................................20
protocol-vlan interface ...........................................................................................................21
II
show protocol-vlan template..................................................................................................22
show protocol-vlan vlan .........................................................................................................22
show protocol-vlan interface..................................................................................................22
Chapter 5 VLAN-VPN Commands...................................................................... 24
vlan-vpn enable .....................................................................................................................24
vlan-vpn tpid ..........................................................................................................................24
vlan-vpn interface ..................................................................................................................25
vlan-vpn uplink ......................................................................................................................25
show vlan-vpn global ............................................................................................................. 26
show vlan-vpn uplink ............................................................................................................. 26
show vlan-vpn interface.........................................................................................................27
Chapter 6 Voice VLAN Commands.................................................................... 28
voice-vlan enable ..................................................................................................................28
voice-vlan aging-time ............................................................................................................28
voice-vlan oui ........................................................................................................................29
switchport voice-vlan mode ................................................................................................... 30
switchport voice-vlan security................................................................................................30
show voice-vlan global ..........................................................................................................31
show voice-vlan oui ...............................................................................................................31
show voice-vlan switchport....................................................................................................31
Chapter 7 Private VLAN Commands ................................................................. 33
private-vlan............................................................................................................................33
switchport private-vlan...........................................................................................................33
show private-vlan ..................................................................................................................34
show private-vlan switchport .................................................................................................34
Chapter 8 GVRP Commands.............................................................................. 36
gvrp .......................................................................................................................................
36
gvrp (interface) ......................................................................................................................36
gvrp registration.....................................................................................................................37
gvrp timer ..............................................................................................................................37
show gvrp global ...................................................................................................................38
show gvrp interface ...............................................................................................................39
Chapter 9 LAG Commands ................................................................................ 40
interface link-aggregation ...................................................................................................... 40
III
interface range link-aggregation ............................................................................................40
link-aggregation.....................................................................................................................41
link-aggregation hash-algorithm ............................................................................................42
description .............................................................................................................................42
show interface link-aggregation.............................................................................................43
Chapter 10 LACP Commands .............................................................................. 44
lacp system-priority ...............................................................................................................44
lacp (interface).......................................................................................................................44
lacp admin-key ......................................................................................................................45
lacp port-priority.....................................................................................................................45
show lacp system-priority ......................................................................................................46
show lacp interface................................................................................................................46
Chapter 11 User Manage Commands.................................................................. 48
user add ................................................................................................................................4
user remove ..........................................................................................................................49
user modify status .................................................................................................................49
user modify type ....................................................................................................................50
user modify password............................................................................................................50
user access-control disable ................................................................................................... 51
user access-control ip-based.................................................................................................51
user access-control mac-based.............................................................................................52
user access-control port-based ............................................................................................. 52
user max-number ..................................................................................................................53
user idle-timeout....................................................................................................................53
show user account-list...........................................................................................................54
show user configuration.........................................................................................................54
8
Chapter 12 Binding Table Commands................................................................. 56
binding-table user-bind ..........................................................................................................56
binding-table remove .............................................................................................................57
dhcp-snooping.......................................................................................................................57
dhcp-snooping global ............................................................................................................58
dhcp-snooping information enable ........................................................................................59
dhcp-snooping information strategy ......................................................................................59
dhcp-snooping information user-defined ...............................................................................60
dhcp-snooping information remote-id .................................................................................... 60
dhcp-snooping information circuit-id......................................................................................61
IV
dhcp-snooping trusted ........................................................................................................... 61
dhcp-snooping mac-verify .....................................................................................................62
dhcp-snooping rate-limit ........................................................................................................ 62
dhcp-snooping decline...........................................................................................................63
show binding-table.................................................................................................................63
show dhcp-snooping global ...................................................................................................64
show dhcp-snooping information...........................................................................................64
show dhcp-snooping interface...............................................................................................65
Chapter 13 ARP Inspection Commands.............................................................. 66
arp detection (global)............................................................................................................. 66
arp detection trust-port ..........................................................................................................66
arp detection (interface).........................................................................................................67
arp detection limit-rate........................................................................................................... 67
arp detection recover............................................................................................................. 68
show arp detection global......................................................................................................69
show arp detection interface..................................................................................................69
show arp detection statistic ...................................................................................................69
show arp detection statistic reset ..........................................................................................70
Chapter 14 IP Source Guard Commands............................................................ 71
ip source guard......................................................................................................................71
show ip source guard ............................................................................................................72
Chapter 15 DoS Defend Command...................................................................... 73
dos-prevent ...........................................................................................................................73
dos-prevent type.................................................................................................................... 73
show dos-prevent ..................................................................................................................74
Chapter 16 IEEE 802.1X Commands ................................................................... 75
dot1x (global).........................................................................................................................75
dot1x auth-method ................................................................................................................75
dot1x guest-vlan ....................................................................................................................76
dot1x quiet-period.................................................................................................................. 77
dot1x timer.............................................................................................................................77
dot1x retry .............................................................................................................................78
dot1x (interface) ....................................................................................................................78
dot1x guest-vlan ....................................................................................................................79
dot1x port-control ..................................................................................................................79
V
dot1x port-method .................................................................................................................80
radius authentication primary-ip ............................................................................................81
radius authentication secondary-ip ........................................................................................ 81
radius authentication port ...................................................................................................... 82
radius authentication key.......................................................................................................83
radius accounting enable.......................................................................................................83
radius accounting primary-ip .................................................................................................84
radius accounting secondary-ip.............................................................................................84
radius accounting port ...........................................................................................................85
radius accounting key............................................................................................................ 85
radius response-timeout ........................................................................................................ 86
show dot1x global.................................................................................................................. 87
show dot1x interface .............................................................................................................87
show radius authentication .................................................................................................... 87
show radius accounting......................................................................................................... 88
Chapter 17 Log Commands ................................................................................. 89
logging local buffer ................................................................................................................89
logging local flash..................................................................................................................89
logging clear ..........................................................................................................................90
logging loghost ......................................................................................................................91
show logging local-config ......................................................................................................91
show logging loghost............................................................................................................. 92
show logging buffer ...............................................................................................................92
show logging flash.................................................................................................................93
Chapter 18 SSH Commands................................................................................. 94
ssh server enable ..................................................................................................................94
ssh version ............................................................................................................................ 94
ssh idle-timeout .....................................................................................................................95
ssh max-client .......................................................................................................................95
ssh download ........................................................................................................................96
show ssh ...............................................................................................................................96
Chapter 19 SSL Commands ................................................................................. 97
ssl enable .............................................................................................................................. 97
ssl download certificate .........................................................................................................97
ssl download key ...................................................................................................................98
show ssl.................................................................................................................................
VI
98
Chapter 20 Address Commands.........................................................................100
bridge address port-security ................................................................................................100
bridge address static ...........................................................................................................101
bridge aging-time................................................................................................................. 102
bridge address filtering ........................................................................................................ 102
show bridge port-security ....................................................................................................103
show bridge address ...........................................................................................................103
show bridge aging-time .......................................................................................................104
Chapter 21 System Commands ..........................................................................105
system-descript ...................................................................................................................105
system-time gmt ..................................................................................................................105
system-time manual ............................................................................................................106
system-time dst ...................................................................................................................106
ip address............................................................................................................................107
ip management-vlan ............................................................................................................ 108
ip dhcp-alloc ........................................................................................................................108
ip bootp-alloc .......................................................................................................................108
reset ....................................................................................................................................
reboot ..................................................................................................................................
user-config backup .............................................................................................................. 110
user-config load................................................................................................................... 110
user-config save .................................................................................................................. 111
firmware upgrade ................................................................................................................ 111
ping .....................................................................................................................................
tracert ..................................................................................................................................
loopback .............................................................................................................................. 113
show system-info................................................................................................................. 113
show ip address .................................................................................................................. 114
show system-time................................................................................................................ 114
109
109
111
112
show system-time dst.......................................................................................................... 114
show system-time source .................................................................................................... 115
show system-time mode...................................................................................................... 115
Chapter 22 Ethernet Configuration Commands ................................................116
interface ethernet ................................................................................................................ 116
interface range ethernet ...................................................................................................... 116
description ........................................................................................................................... 117
VII
shutdown ............................................................................................................................. 117
flow-control .......................................................................................................................... 118
negotiation........................................................................................................................... 118
storm-control ....................................................................................................................... 119
port rate-limit .......................................................................................................................120
port rate-limit disable ingress...............................................................................................120
port rate-limit disable egress ...............................................................................................121
show interface configuration................................................................................................121
show interface status........................................................................................................... 122
show interface counters.......................................................................................................122
show storm-control ethernet ................................................................................................123
show port rate-limit ..............................................................................................................123
Chapter 23 QoS Commands................................................................................124
qos ......................................................................................................................................
qos dot1p enable.................................................................................................................124
qos dot1p config ..................................................................................................................125
qos dscp enable ..................................................................................................................126
qos dscp config ...................................................................................................................126
qos scheduler ......................................................................................................................127
show qos port-based ...........................................................................................................128
show qos dot1p ...................................................................................................................129
show qos dscp.....................................................................................................................129
show qos scheduler............................................................................................................. 129
124
Chapter 24 Port Mirror Commands ....................................................................131
mirror add ............................................................................................................................131
mirror remove mirrored........................................................................................................132
mirror remove group............................................................................................................ 132
show mirror..........................................................................................................................133
Chapter 25 Port isolation Commands ................................................................134
port isolation ........................................................................................................................134
show port isolation............................................................................................................... 134
Chapter 26 ACL Commands................................................................................136
acl time-segment .................................................................................................................136
acl edit time-segment ..........................................................................................................137
acl holiday ...........................................................................................................................138
VIII
acl create.............................................................................................................................138
acl rule mac-acl ...................................................................................................................139
acl edit rule mac-acl ............................................................................................................140
acl rule std-acl .....................................................................................................................141
acl edit rule std-acl...............................................................................................................142
acl policy policy-add ............................................................................................................143
acl policy action-add............................................................................................................ 144
acl edit action ......................................................................................................................145
acl bind to-port..................................................................................................................... 145
acl bind to-vlan ....................................................................................................................146
show acl time-segment........................................................................................................146
show acl holiday ..................................................................................................................147
show acl config....................................................................................................................147
show acl bind.......................................................................................................................148
Chapter 27 MSTP Commands.............................................................................149
spanning-tree global............................................................................................................ 149
spanning-tree common-config .............................................................................................150
spanning-tree region............................................................................................................151
spanning-tree msti...............................................................................................................152
spanning-tree msti...............................................................................................................153
spanning-tree tc-defend.......................................................................................................154
spanning-tree security .........................................................................................................154
spanning-tree mcheck .........................................................................................................155
show spanning-tree global-info............................................................................................ 156
show spanning-tree global-config........................................................................................ 156
show spanning-tree port-config ...........................................................................................156
show spanning-tree region .................................................................................................. 157
show spanning-tree msti config ...........................................................................................157
show spanning-tree msti port ..............................................................................................158
show spanning-tree security tc-defend................................................................................ 158
show spanning-tree security port-defend.............................................................................159
Chapter 28 IGMP Commands..............................................................................160
igmp-snooping global ..........................................................................................................160
igmp-snooping config ..........................................................................................................160
igmp-snooping vlan-config-add ...........................................................................................161
igmp-snooping vlan-config...................................................................................................162
IX
igmp-snooping multi-vlan-config.......................................................................................... 163
igmp-snooping static-entry-add ...........................................................................................164
igmp-snooping filter-add ......................................................................................................165
igmp-snooping filter-config ..................................................................................................165
igmp-snooping filter ............................................................................................................. 166
show igmp-snooping global-config ......................................................................................167
show igmp-snooping port-config.......................................................................................... 167
show igmp-snooping vlan-config .........................................................................................168
show igmp-snooping multi-vlan ...........................................................................................168
show igmp-snooping multi-ip-list .........................................................................................169
show igmp-snooping filter-ip-addr .......................................................................................169
show igmp-snooping port-filter ............................................................................................169
show igmp-snooping packet-stat .........................................................................................170
show igmp-snooping packet-stat-clear ................................................................................ 170
Chapter 29 SNMP Commands.............................................................................171
snmp global .........................................................................................................................171
snmp view-add ....................................................................................................................172
snmp group-add ..................................................................................................................172
snmp user-add ....................................................................................................................174
snmp community-add .......................................................................................................... 175
snmp notify-add...................................................................................................................176
snmp-rmon history sample-cfg ............................................................................................177
snmp-rmon history owner ....................................................................................................178
snmp-rmon history enable ...................................................................................................178
snmp-rmon event user.........................................................................................................179
snmp-rmon event description ..............................................................................................179
snmp-rmon event type.........................................................................................................180
snmp-rmon event owner......................................................................................................181
snmp-rmon event enable.....................................................................................................181
snmp-rmon alarm config......................................................................................................182
snmp-rmon alarm owner......................................................................................................183
snmp-rmon alarm enable.....................................................................................................184
show snmp global-config ..................................................................................................... 184
show snmp view ..................................................................................................................185
show snmp group ................................................................................................................185
show snmp user ..................................................................................................................185
show snmp community........................................................................................................ 186
X
show snmp destination-host ................................................................................................ 186
show snmp-rmon history .....................................................................................................186
show snmp-rmon event ....................................................................................................... 187
show snmp-rmon alarm ....................................................................................................... 187
Chapter 30 Cluster Commands...........................................................................189
cluster ndp...........................................................................................................................189
cluster ntdp..........................................................................................................................190
cluster explore .....................................................................................................................191
cluster..................................................................................................................................
cluster create.......................................................................................................................192
cluster manage config .........................................................................................................192
cluster manage member......................................................................................................193
cluster manage role-change ................................................................................................193
show cluster ndp global ....................................................................................................... 194
show cluster ndp port-status................................................................................................194
show cluster neighbour........................................................................................................195
show cluster ntdp global ...................................................................................................... 195
show cluster ntdp port-status...............................................................................................196
show cluster ntdp device ..................................................................................................... 196
show cluster manage config ................................................................................................196
show cluster manage member ............................................................................................197
show cluster manage role....................................................................................................197
191
Chapter 31 LLDP Commands..............................................................................198
lldp enable ...........................................................................................................................198
lldp hold-multiplier................................................................................................................198
lldp timer..............................................................................................................................199
lldp admin-status .................................................................................................................200
lldp snmp-trap......................................................................................................................201
lldp tlv-select........................................................................................................................201
show lldp global...................................................................................................................202
show lldp interface............................................................................................................... 202
show lldp local-information .................................................................................................. 203
show lldp neighbor-information............................................................................................ 203
show lldp statistics............................................................................................................... 203
XI
Preface
This Guide is intended for network administrator to provide referenced information about CLI
(Command Line Interface). The device mentioned in this Guide stands for
TL-SG5428/TL-SG5412F JetStream L2 Managed Switch.
Overview of this Guide
Chapter 1: Using the CLI
Provide information about how to use the CLI, CLI Command Modes, Security Levels and some
Conventions.
Chapter 2: User Interface
Provide information about the commands used to switch between five CLI Command Modes.
Chapter 3: IEEE 802.1Q VLAN Commands
Provide information about the commands used for configuring IEEE 802.1Q VLAN.
Chapter 4: Protocol VLAN Commands
Provide information about the commands used for configuring Protocol VLAN.
Chapter 5: VLAN-VPN Commands
Provide information about the commands used for configuring VLAN-VPN (Virtual Private Network)
function.
Chapter 6: V
Provide information about the commands used for configuring Voice VLAN.
Chapter 7: Private VLAN Commands
Provide information about the commands used for configuring Private VLAN.
Chapter 8: GVRP Commands
Provide information about the commands used for configuring GVRP (GARP VLAN registration
protocol).
Chapter 9: L
oice VLAN Commands
AG Commands
Provide information about the commands used for configuring LAG (Link Aggregation Group).
Chapter 10
Provide information about the commands used for configuring LACP (Link Aggregation Control
Protocol).
Chapter 1
Provide information about the commands used for user management.
: LACP Commands
1: User Manage Commands
1
Chapter 12: Binding Table Commands
Provide information about the commands used for binding the IP address, MAC address, VLAN
and the conn
ected Port number of the Host together.
Chapter 13: ARP Inspection Commands
Provide information about the commands used for protecting the switch from the ARP
cheating or
ARP Attack.
Chapter 14: IP Source Guard Commands
Provide information about the commands used for guarding the IP Source by filtering the IP
packets based on the IP-MAC Binding entries.
Chapter 15: DoS Defend Command
Provide information about the commands used for DoS defend and detecting the DoS attack.
Chapter 16
: IEEE 802.1X Commands
Provide information about the commands used for configuring IEEE 802.1X function.
Chapter 17: Log Comma
nds
Provide information about the commands used for configuring system log.
Chapter 18: SSH Commands
Provide information about the commands used for configuring and managing SSH (Security
Shell).
Chapter 19: SSL Commands
Provide information about the commands used for configuring and managing SSL (Secure
Sockets Layer).
Chapter 20: Address Commands
Provide information about the commands used for Address configuration.
Chapter 21: System Commands
Provide information about the commands used for configuring the System information and System
IP, reboot and reset the switch, upgrade the switch system and other operations.
Chapter 22: Ethernet Configuration Commands
Provide information about the commands used for configuring the Bandwidth Control, Negotiation
Mode, and Storm Control for Ethernet ports.
Chapter 23: QoS Commands
Provide information about the commands used for configuring the QoS function.
Chapter 24: Port Mirror Commands
Provide information about the commands used for configuring the Port Mirror function.
Chapter 25: Port isolation Commands
Provide information about the commands used for configuring the Port isolation function.
2
Chapter 26: ACL Commands
Provide information about the commands used for configuring the ACL (Access Control List).
Chapter 27: MSTP Commands
Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree
Protocol).
Chapter 28: IGMP Commands
Provide information about the commands used for configuring the IGMP Snooping (Internet Group
Management Protocol Snooping).
Chapter 29: SNMP Commands
Provide information about the commands used for configuring the SNMP (Simple Network
Management Protocol) functions.
Chapter 30: Cluster Commands
Provide information about the commands used for configuring the Cluster Management function.
Chapter 31: LLDP Commands
Provide information about the commands used for configuring the LLDP function.
3
Chapter 1 Using the CLI
1.1 Accessing the CLI
You can log on to the switch and access the CLI by the following two methods:
1. Log on to the switch by the console port on the switch.
2. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port.
1.1.1 Logon by a console port
To log on to the switch by the console port on the switch, please take the following steps:
1. Connect the PCs or Terminals to the console port on the switch by a provided cable.
2. Click Start →
open the Hyper Terminal as the figure 1-1 shown.
All Programs → Accessories→ Communications → Hyper Terminal to
Figure 1-1 Open
3. The Connection Description Window will prompt as figure1-2. Enter a name into the
Name field and click OK.
Hyper Terminal
4
Figure 1-2 Connection Description
4. Select the port to connect in figure 1-3, and click OK.
Figure 1-3 Select the port to connect
5. Configure the port selected in the step above as the following figure1-4 shown. Configure Bits
per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None,
and then click OK.
5
Figure 1-4 Port Settings
6. Type the User name and Password in the Hyper Terminal window, the factory default value for
both of them is admin. The DOS prompt” TP-LINK>” will appear after pressing the Enter
button as figure1-5 shown. It indicates that you can use the CLI now.
Figure 1-5 Log in the Switch
1.1.2 Logon by Telnet
To log on to the switch by a Telnet connection, please take the following steps:
1. Make sure the switch and the PC are in the same LAN.
2. Click Start → Run to open the Run window.
6
Figure 1-6 Open the Run window
3. Type cmd in the prompt Run window as figure 1-7 and click OK.
Figure 1-7 Run Window
4. Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter
button.
Figure 1-8 Connecting to the Switch
7
5. Type the User name and Password (the factory default value for both of them is admin) and
press the Enter button, then you can use the CLI now, which is shown as figure1-9.
Figure 1-9 Log in the Switch
1.2 CLI Command Modes
The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode,
Global Configuration Mode, Interface Configuration Mode and VLAN Database (VLAN
Configuration Mode). Interface Configuration Mode can also be divided into Interface Ethernet,
Interface link-aggregation and some other modes, which is shown as the following diagram.
The following table gives detailed information about the Accessing path, Prompt of each mode and
how to exit the current mode and access the next mode.
8
Mode Accessing Path Prompt
Primary mode once
User EXEC
Mode
Privileged
EXEC Mode
Global
Configuration
it is connected with
the switch.
Use the enable
command to enter
this mode from User
EXEC mode.
Use the configure
command to enter
this mode from
Privileged EXEC
mode.
TP-LINK>
TP-LINK#
TP-LINK(config)#
Mode
Logout or Access the next
mode
Use the exit command to disconnect
the switch (except that the switch is
connected through the Console port).
Use the enable command to access
Privileged EXEC mode.
Use the exit command to disconnect
the switch (except that the switch is
connected through the Console port).
Enter the disable command to return
to User EXEC mode.
Enter configure command to access
Global Configuration mode.
Use the exit or the end command or
press Ctrl+Z to return to Privileged
EXEC mode.
Use the interface type number
command to access interface
Configuration mode.
Use the vlan database to access
VLAN Configuration mode.
Interface
Configuration
Mode
VLAN
Configuration
Mode
Use the interface
type number
command to enter
this mode from
Global Configuration
mode.
Use the vlan
database command
to enter this mode
from Global
Configuration mode.
TP-LINK(config-if)#
TP-LINK(config-vlan)#
Use the end command or press Ctrl+Z
to return to Privileged EXEC mode.
Enter exit command to return to
Global Configuration mode.
A port number must be specified in the
interface command.
Use the end command or press Ctrl+Z
to return to Privileged EXEC mode.
Enter the exit command to return to
Global configuration mode.
Note:
1. The user is automatically in User EXEC Mode after the connection between the PC and the
switch is established by a console port or by a telnet connection.
2. Each command mode has its own set of specific commands. To configure some commands,
you should access the corresponding command mode firstly.
Global Configuration Mode: In this mode, global commands are provided, such as the
Spanning Tree, Schedule Mode and so on.
Interface Configuration Mode: In this mode, users can configure one or several ports,
different ports corresponds to different commands
9
a). Interface Ethernet: Configure parameters for an Ethernet port, such as Duplex-mode,
flow control status.
b). Interface range Ethernet: The commands contained are the same as that of the
Interface Ethernet. Configure parameters for several Ethernet ports.
c). Interface link-aggregation: Configure parameters for a link-aggregation, such as
broadcast storm.
d). Interface range link-aggregation: Configure parameters for multi-trunks.
e). Interface vlan: Configure parameters for the vlan-port.
Vlan Configuration Mode: In this mode, users can create a VLAN and add a specified
port to the VLAN.
3. Some commands are global, that means they can be performed in all modes:
show: display all information of switch, for example: statistic information, port information,
VLAN information.
history: Display the commands history.
1.3 Security Levels
This switch’s security is divided into two levels: User level and Admin level.
User level only allows users to do some simple operations in User EXEC Mode; Admin level
allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global
Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.
Users get the privilege to the User level once connecting console port with the switch or logging in
by Telnet. However, Guest users are restricted to access the CLI.
Users can enter Privileged EXEC mode from User EXEC mode by using the enable command. In
default case, no password is needed. In Global Configuration Mode, you can configure password
for Admin level by enable password command. Once password is configured, you are required to
enter it to access Privileged EXEC mode.
1.4 Conventions
1.4.1 Format Conventions
The following conventions are used in this Guide:
Items in square brackets [ ] are optional
10
Items in braces { } are required
Alternative items are grouped in braces and separated by vertical bars. For example: speed
{10 | 100 | 1000 }
Bold indicates an unalterable keyword. For example: show logging
Normal Font indicates a constant (several options are enumerated and only one can be
selected). For example: switchport type { access | trunk | general }
Italic Font indicates a variable (an actual value must be assigned). For example: bridge
aging-time aging-time
1.4.2 Special Characters
You should pay attentions to the description below if the variable is a character string:
These six characters ” < > , \ & can not be input.
If a blank is contained in a character string, single or double quotation marks should be used,
for example ’hello world’, ”hello world”, and the words in the quotation marks will be identified
as a string. Otherwise, the words will be identified as several strings.
1.4.3 Parameter Format
Some parameters must be entered in special formats which are shown as follows:
MAC Address must be enter in the format of xx:xx:xx:xx:xx:xx
One or several values can be typed for a port-list or a vlan-list using comma to separate. Use
a hyphen to designate a range of values, for instance, 1,3-5,7 indicates choosing 1,3,4,5,and
7.
11
Chapter 2 User Interface
enable
Description
The enable command is used to access Privileged EXEC Mode from User
EXEC Mode.
Syntax
enable
Command Mode
User EXEC Mode
Example
If you have set the password to access Privileged EXEC Mode from User EXEC
Mode:
TP-LINK>enable
Enter password:
TP-LINK#
enable password
Description
The enable password command is used to set the password for users to
access Privileged EXEC Mode from User EXEC Mode. To return to the default
configuration, please use no enable password command.
Syntax
enable password password
no enable password
Parameter
password —— super password , which contains 16 characters at most,
composing digits, English letters and underdashes only. By default, it is empty.
Command Mode
Global Configuration Mode
Example
Set the super password as admin to access Privileged EXEC Mode from User
EXEC Mode:
TP-LINK(config)# enable password admin
12
disable
Description
Syntax
Command Mode
Example
The disable command is used to return to User EXEC Mode from Privileged
EXEC Mode.
disable
Privileged EXEC Mode
Return to User EXEC Mode from Privileged EXEC Mode:
TP-LINK# disable
TP-LINK>
configure
Description
Syntax
Command Mode
Example
The configure command is used to access Global Configuration Mode from
Privileged EXEC Mode.
configure
Privileged EXEC Mode
Access Global Configuration Mode from Privileged EXEC Mode:
TP-LINK# configure
TP-LINK(config)#
exit
Description
The exit command is used to return to the previous Mode from the current
Mode.
Syntax
exit
13
end
Command Mode
Any Configuration Mode
Example
Return to Global Configuration Mode from Interface Configuration Mode, and
then return to Privileged EXEC Mode:
TP-LINK(config-if)# exit
TP-LINK(config)#exit
TP-LINK#
Description
The end command is used to return to Privileged EXEC Mode.
Syntax
end
Command Mode
Any Configuration Mode
Example
Return to Privileged EXEC Mode from Interface Configuration Mode:
TP-LINK(config-if)#end
TP-LINK#
14
Chapter 3 IEEE 802.1Q VLAN Commands
VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into
multiple logical LANs flexibly. Hosts in the same VLAN can communicate with each other,
regardless of their physical locations. VLAN can enhance performance by conserving bandwidth,
and improve security by limiting traffic to specific domains.
vlan database
Description
The vlan database command is used to access VLAN Configuration Mode for
creating, deleting 802.1Q VLAN and other operations.
Syntax
vlan database
vlan
Command Mode
Global Configuration Mode
Example
Access VLAN Configuration Mode:
TP-LINK(config)# vlan database
TP-LINK(config-vlan)#
Description
The vlan command is used to create IEEE 802.1Q VLAN. To delete the IEEE
802.1Q VLAN, please use no vlan command.
Syntax
vlan vlan-id-list
no vlan vlan-id-list
Parameter
vlan-id-list ——VLAN ID, ranging from 2 to 4094.
Command Mode
VLAN Configuration Mode
15
Example
Create a VLAN, the vid of which is 12:
TP-LINK(config)# vlan database
TP-LINK(config-vlan)#vlan 12
interface vlan
Description
The interface vlan command is used to access VLAN Interface Mode to
configure the specified VLAN.
Syntax
interface vlan vlan-id
Parameter
vlan-id ——VLAN ID, ranging from 1 to 4094.
Command Mode
Global Configuration Mode
Example
Configure the VLAN2:
TP-LINK(config)# interface vlan 2
TP-LINK(config-if)#
description
Description
The description command is used to assign a description string to a VLAN. To
clear the description, please use no description command.
Syntax
description descript
no description
Parameter
descript ——String to describe the VLAN, which contains 16 characters at most.
Command Mode
Interface Configuration Mode(interface vlan)
16
Example
Specify the description string of the VLAN 2 as “vlan2”:
TP-LINK(config)# interface vlan 2
TP-LINK(config-if)#description vlan2
switchport type
Description
The switchport type command is used to configure the Link Types for the
ports.
Syntax
switchport type { access | trunk | general }
Parameter
access | trunk | general —— Link Types. There are three Link Types for the
ports.
Command Mode
Interface Configuration Mode ( interface ethernet / interface range ethernet )
Example
Specify the Link Type of port 5 as general:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)#switchport type general
switchport allowed vlan
Description
The switchport allowed vlan command is used to add the desired port to IEEE
802.1Q VLAN, or to remove a port from the corresponding VLAN.
Syntax
switchport allowed vlan add vlan-list
switchport allowed vlan remove vlan-list
Parameter
vlan-list —— VLAN ID list, it is multi-optional.
Command Mode
Interface Configuration Mode ( interface ethernet / interface range ethernet )
17
Example
Add port 2 to IEEE 802.1Q VLAN:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport allowed vlan add 2
switchport pvid
Description
The switchport pvid command is used to configure the PVID for the switch
ports.
Syntax
switchport pvid vlan-id
Parameter
vlan-id —— VLAN ID, ranging from 1 to 4094.
Command Mode
Interface Configuration Mode (interface ethernet / interface range ethernet )
Example
Specify the PVID of port 2 as 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport pvid 2
switchport general egress-rule
Description
The switchport general egress-rule command is used to configure the
egress-rule of the general port.
Syntax
switchport general egress-rule vlan-id { untagged | tagged }
Parameter
vlan-id —— VLAN ID, ranging from 1 to 4094.
untagged | tagged ——egress-rule,untagged or tagged
Command Mode
Interface Configuration Mode ( interface ethernet / interface range ethernet )
Example
18
show vlan
Description
Syntax
Parameter
Specify the egress-rule of port 2 in vlan 3 as tagged:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport general egress-rule 3 tagged
The show vlan command is used to display the information of IEEE 802.1Q
VLAN .
show vlan [vlan-id]
vlan-id —— VLAN ID, ranging from 1 to 4094. By default , display all the
information of IEEE 802.1Q VLAN.
Command Mode
Any Configuration Mode
Example
Display the information of vlan 5:
TP-LINK(config)# show vlan 5
show interface switchport
Description
The show interface switchport command is used to display the IEEE 802.1Q
VLAN configuration information of the specified port.
Syntax
show interface switchport [port-num]
Parameter
port-num —— The port number. By default, display the VLAN configuration
information of all ports.
Command Mode
Any Configuration Mode
Example
Display the VLAN configuration information of all ports:
TP-LINK(config)# show interface switchport
19
Chapter 4 Protocol VLAN Commands
Protocol VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A
Protocol is relative to a single VLAN ID. The untagged packets and the priority-tagged packets
matching the protocol template will be tagged with this VLAN ID.
protocol-vlan template
Description
The protocol-vlan template command is used to create or delete Protocol
VLAN template.
Syntax
protocol-vlan template add {protocol-name} {ether-type}
protocol-vlan template remove index
Parameter
protocol-name —— Give a name for the Protocol Template , which contains
8 characters at most.
ether-type ——Enter the Ethernet protocol type field in the protocol template,
composing 4 Hex integers.
index ——
corresponding to the number by the show protocol-vlan template command.
Command Mode
Global Configuration Mode
Example
Create a Protocol VLAN template named “arp” whose Ethernet protocol type is
0806 and delete the Protocol template whose number is 2:
TP-LINK(config)# protocol-vlan template add arp 0806
TP-LINK(config)# protocol-vlan template remove 2
The number of the Protocol template. You can get the template
protocol-vlan vlan
Description
The protocol-vlan vlan command is used to create a Protocol VLAN entry. To
delete a Protocol VLAN entry ,please use no protocol-vlan command.
Syntax
protocol-vlan vlan vid template index
20
no protocol-vlan entry-id
Parameter
vid ——VLAN ID,ranging from 1-4094.
index ——The number of the Protocol template. You can get the template
corresponding to the number by the show protocol-vlan template command.
entry-id ——The number of the Protocol VLAN . You can get the Protocol VLAN
entry corresponding to the number by the show protocol-vlan vlan command.
Command Mode
Global Configuration Mode
Example
Create a Protocol VLAN entry, whose index is 1 and vid is 2. And then delete the
Protocol VLAN entry whose number is 1:
TP-LINK(config)# protocol-vlan vlan 2 template 1
TP-LINK(config)# no protocol-vlan vlan 1
protocol-vlan interface
Description
The protocol-vlan interface command is used to enable the Protocol VLAN
feature for a specified port. To disable the Protocol VLAN feature of this port,
please use no protocol-vlan interface command. By default, the Protocol
VLAN feature of all port
Syntax
protocol-vlan interface port-list
no protocol-vlan interface [port-list]
Parameter
port-list ——The port numbers needed to be edited or canceled.
Command Mode
Global Configuration Mode
Example
s is disabled.
Enable the Protocol VLAN feature for the ports 1、4-6、9-11:
TP-LINK(config)# protocol-vlan interface 1,4-6,9-11
21
show protocol-vlan template
Description
The show protocol-vlan template command is used to display the information
of the Protocol VLAN templates.
Syntax
show protocol-vlan template
Command Mode
Any Configuration Mode
Example
Display the information of the Protocol VLAN templates:
TP-LINK(config)# show protocol-vlan template
show protocol-vlan vlan
Description
The show protocol-vlan vlan command is used to display the information
about Protocol VLAN entry.
Syntax
show protocol-vlan vlan
Command Mode
Any Configuration Mode
Example
Display information of the protocol-vlan entry:
TP-LINK(config)# show protocol-vlan vlan
show protocol-vlan interface
Description
The show protocol-vlan interface command is used to display port state of
Protocol VLAN.
Syntax
show protocol-vlan interface
Command Mode
Any Configuration Mode
22
Example
Display the configuration of the protocol-vlan interface:
TP-LINK(config)# show protocol-vlan interface
23
Chapter 5 VLAN-VPN Commands
VLAN-VPN (Virtual Private Network) function, the implement of a simple and flexible Layer 2 VPN
technology, allows the packets with VLAN tags of private networks to be encapsulated with VLAN
tags of public networks at the network access terminal of the Internet Service Provider. And these
packets will be transmitted with double-tag across the public networks.
vlan-vpn enable
Description
The vlan-vpn enable command is used to enable the VLAN-VPN function
globally. To disable the VLAN-VPN function, please use the no vlan-vpn
enable command.
Syntax
vlan-vpn enable
no vlan-vpn enable
Command Mode
Global Configuration Mode
Example
Enable the VLAN-VPN function globally:
TP-LINK(config)# vlan-vpn enable
vlan-vpn tpid
Description
The vlan-vpn tpid command is used to configure Global TPID of the
VLAN-VPN. To restore to the default value, please use the no vlan-vpn tpid
command.
Syntax
vlan-vpn tpid tpid
no vlan-vpn tpid
Parameter
tpid —— Global TPID. It must be 4 Hex integers. By default, it is 8100.
24
Command Mode
Global Configuration Mode
Example
Configure Global TPID of the VLAN-VPN as 8200:
TP-LINK(config)# vlan-vpn tpid 8200
vlan-vpn interface
Description
The vlan-vpn interface command is used to enable the VLAN VPN feature for
a specified port. To disable the VLAN VPN feature of this port, please use the
no vlan-vpn interface co
is disabled.
Syntax
vlan-vpn interface port-list
no vlan-vpn interface [port-list]
Parameter
port-list ——The port numbers needed to be edited or canceled.
Command Mode
Global Configuration Mode
Example
Enable the VLAN VPN feature for the ports 2-5,16-18:
TP-LINK(config)# vlan-vpn interface 2-5,16-18
mmand. By default, the VLAN VPN feature of all ports
vlan-vpn uplink
Description
The vlan-vpn uplink command is used to configure a specified port as the VPN
Up-link port. To cancel this VPN Up-link port, please use the no vlan-vpn
uplink command. By default, No port has been configured as the VPN Up-link
port.
Syntax
vlan-vpn uplink port-list
25
no vlan-vpn uplink [port-list]
Parameter
port-list ——The port numbers needed to be edited or canceled.
Command Mode
Global Configuration Mode
Example
Configure the ports 1, 3-5, and 8-10 as the VPN Up-link ports:
TP-LINK(config)# vlan-vpn uplink 1,3-5,8-10
show vlan-vpn global
Description
The show vlan-vpn global command is used to display the global configuration
information of the VLAN VPN.
Syntax
show vlan-vpn global
Command Mode
Any Configuration Mode
Example
Display the global configuration information of the VLAN VPN:
TP-LINK(config)# show vlan-vpn global
show vlan-vpn uplink
Description
The show vlan-vpn uplink command is used to display the configuration
information of the VLAN VPN Up-link ports.
Syntax
show vlan-vpn uplink
Command Mode
Any Configuration Mode
26
Example
Display the configuration information of the VLAN VPN Up-link ports:
TP-LINK(config)# show vlan-vpn uplink
show vlan-vpn interface
Description
The show vlan-vpn interface command is used to display the VLAN VPN port
enable state.
Syntax
show vlan-vpn interface
Command Mode
Any Configuration Mode
Example
Display the VLAN VPN port enable state:
TP-LINK(config)# show vlan-vpn interface
27
Chapter 6 Voice VLAN Commands
Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and
adding the ports with voice devices attached to voice VLANs, you can perform QoS-related
configuration for voice data, ensuring the transmission priority of voice data stream and voice
quality.
voice-vlan enable
Description
The voice-vlan enable command is used to enable Voice VLAN function. To
disable Voice VLAN function, please use no voice-vlan enable command.
Syntax
voice-vlan enable vlan-id
no voice-vlan enable
Parameter
vlan-id —— VLAN ID, ranging from 2 to 4094.
Command Mode
Global Configuration Mode
Example
Enable the Voice VLAN function for VLAN 2:
TP-LINK(config)# voice-vlan enable 2
voice-vlan aging-time
Description
The voice-vlan aging-time command is used to set the aging time for a voice
VLAN. To restore to the default aging time for the Voice VLAN, please use no
voice-vlan aging-time command.
Syntax
voice-vlan aging-time aging-time
no voice-vlan aging-time
28
Parameter
aging-time ——Aging time (in minutes) to be set for the Voice VLAN. It ranges
from 1 to 43200 and the default value is 1440.
Command Mode
Global Configuration Mode
Example
Set the aging time for the Voice VLAN as 2880 minutes:
TP-LINK(config)# voice-vlan aging-time 2880
voice-vlan oui
Description
The voice-vlan oui command is used to create or delete Voice VLAN OUI.
Syntax
voice-vlan oui add mac-addr mask mask-addr [description]
voice-vlan oui remove mac-addr
Parameter
mac-addr —— The OUI address of the voice device.
mask-addr —— The OUI address mask of the voice device.
description ——Give a description to the OUI for identification which contains 16
characters at most. By default, it is empty.
Command Mode
Global Configuration Mode
Example
Create a Voice VLAN OUI descripted as TP-LINK Phone with the MAC address
00:01:E3:00:00:01 and the mask address FF:FF:FF:00:00:00. And then delete
the Voice VLAN OUI with the MAC address 00:00:00:11:00:01:
TP-LINK(config)# voice-vlan oui add 00:01:E3:00:00:01 mask
FF:FF:FF:00:00:00 “TP-LINK Phone“
TP-LINK(config)# voice-vlan oui remove 00:00:00:11:00:01
29
switchport voice-vlan mode
Description
The switchport voice-vlan mode command is used to configure the Voice
VLAN mode for the Ethernet port.
Syntax
switchport voice-vlan mode { manual | auto }
Parameter
manual / auto —— Port mode.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure Ethernet port 2 to operate in the manual voice VLAN mode:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport voice-vlan mode manual
switchport voice-vlan security
Description
The switchport voice-vlan security command is used to configure the Voice
VLAN security mode.
Syntax
switchport voice-vlan security {disable | enable}
Parameter
disable / enable —— disable/enable the security mode for the specified port .
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable Ethernet port 2 for the Voice VLAN security mode:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport voice-vlan security enable
30
show voice-vlan global
Description
The show voice-vlan global command is used to display the global
configuration information of Voice VLAN.
Syntax
show voice-vlan global
Command Mode
Any Configuration Mode
Example
Display the configuration information of Voice VLAN globally:
TP-LINK(config)# show voice-vlan global
show voice-vlan oui
Description
The show voice-vlan oui command is used to display the configuration
information of Voice VLAN OUI.
Syntax
show voice-vlan oui
Command Mode
Any Configuration Mode
Example
Display the configuration information of Voice VLAN OUI:
TP-LINK(config)# show voice-vlan oui
show voice-vlan switchport
Description
The show voice-vlan switchport command is used to displays the
configuration information of the port in the Voice VLAN.
31
Syntax
show voice-vlan switchport [port]
Parameter
port —— Ethernet port. By default, it will display the configuration information of
all the ports in the Voice VLAN.
Command Mode
Any Configuration Mode
Example
Display the configuration information of all the ports in the Voice VLAN:
TP-LINK(config)# show voice-vlan switchport
32
Chapter 7 Private VLAN Commands
Private VLANs are configured specially for saving VLAN resource of uplink devices and decreasing
broadcast.
private-vlan
Description
The private-vlan command is used to create a Private VLAN entry. To delete a
Private VLAN entry, please use no private-vlan command.
Syntax
private-vlan primary vlan-id secondary vlan-id
no private-vlan secondary vlan-id
Parameter
vlan-id —— VLAN ID, ranging from 2 to 4094.
Command Mode
Global Configuration Mode
Example
Create the Private VLAN as VLAN15 for primary VLAN and VLAN150 for
secondary VLAN:
TP-LINK(config)# private-vlan primary 15 secondary 150
switchport private-vlan
Description
The switchport private-vlan command is used to configure the private VLAN
mode for the switchport. To remove the port from Private VLAN, please use no
switchport private-vlan command.
Syntax
switchport private-vlan { promiscuous | host } primary-vid secondary-vid
no switchport private-vlan
33
Parameter
promiscuous | host —— configure the private VLAN mode for the switchport.
primary-vid —— Primary VLAN ID, ranging from 2 to 4094.
secondary-vid —— Secondary VLAN ID, ranging from 2 to 4094.
Command Mode
Interface Configuration Mode (interface ethernet / interface range ethernet)
Example
Add promiscuous port10 in Private VLAN as VLAN15 for primary VLAN and
VLAN150 for secondary VLAN:
TP-LINK(config)# interface ethernet 10
TP-LINK(config-if)# switchport private-vlan promiscuous 15 150
show private-vlan
Description
The show private-vlan command is used to display the Private VLAN
configured on the switch.
Syntax
show private-vlan
Command Mode
Any Configuration Mode
Example
Display the configuration information of all Private VLAN:
TP-LINK(config)# show private-vlan
show private-vlan switchport
Description
The show private-vlan switchport command is used to displays the
configuration information of the port in the Private VLAN.
Syntax
show private-vlan switchport [port-num]
34
Command Mode
Any Configuration Mode
Example
Display the configuration information of all the ports in the Private VLAN:
TP-LINK(config)# show private-vlan switchport
35
Chapter 8 GVRP Commands
GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute
registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the
dynamic VLAN registration information and propagate the local VLAN registration information to
other switches, without having to individually configure each VLAN.
gvrp
Description
The gvrp command is used to enable the GVRP function globally. To disable the
GVRP function, please use no gvrp command.
Syntax
gvrp
no gvrp
Command Mode
Global Configuration Mode
Example
Enable the GVRP function globally:
TP-LINK(config)# gvrp
gvrp (interface)
Description
The gvrp (interface) command is used to enable the GVRP function for the
desired port. To disable the GVRP function of this port, please use no gvrp
command. The GVRP feature can only be enabled for the trunk-type ports.
Syntax
gvrp
no gvrp
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
36
Example
Enable the GVRP function for ports 2-6:
TP-LINK(config)# interface range ethernet 2-6
TP-LINK(config-if)# gvrp
gvrp registration
Description
The gvrp registration command is used to configure the GVRP registration
type on the desired port. To restore to the default value, please use no gvrp
registration command.
Syntax
gvrp registration { normal | fixed | forbidden }
no gvrp registration
Parameter
normal | fixed | forbidden —— Registration mode. By default, the registration
mode is normal.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the GVRP registration mode on the port 2-6 to fixed:
TP-LINK(config)# interface range ethernet 2-6
TP-LINK(config-if)# gvrp registration fixed
gvrp timer
Description
The gvrp timer command is used to set a GVRP timer for the desired port. To
restore to the default setting of a GARP timer, please use no gvrp timer
command.
Syntax
gvrp timer { leaveall | join | leave } {value}
no gvrp timer {leaveall | join | leave}
37
Parameter
leaveall | join | leave —— They are the three timers: leave All、join and leave.
Once the LeaveAll Timer is set, the port with GVRP enabled can send a
LeaveAll message af
re-register all the attribute information. After that, the LeaveAll timer will start to
begin a new cycle. To guarantee the transmission of the Join messages, a
GARP port sends each Join message two times. The Join Timer is used to
define the interval between the two sending operations of each Join message.
Once the Leave Timer is set, the GARP port receiving a Leave message will
start its Leave timer, and unregister the attribute information if it does not receive
a Join message again before the timer times out.
value ——The value of the timer. The LeaveAll Timer ranges from 1000 to
3000
0 centiseconds and the default value is 1000. The Join Timer ranges from
20 to 1000 centiseconds and the default value is 20. The Leave Timer ranges
from 60 to 3000 centiseconds and the default value is 60.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
ter the timer times out, so that other GARP ports can
Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the
join timer of it to the default value:
TP-LINK(config)# interface ethernet 6
TP-LINK(config-if)# gvrp timer leaveall 2000
TP-LINK(config-if)# no gvrp timer join
show gvrp global
Description
The show gvrp global command is used to display the global GVRP status.
Syntax
show gvrp global
Command Mode
Any Configuration Mode
Example
Display the global GVRP status:
38
TP-LINK(config)# show gvrp global
show gvrp interface
Description
The show gvrp interface command is used to display the GVRP configuration
information of the specified Ethernet ports.
Syntax
show gvrp interface [ethernet port-num]
Parameter
port-num ——The Ethernet port number. By default, the GVRP configuration
information of all the Ethernet ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the GVRP configuration information of all the Ethernet ports:
TP-LINK(config)# show gvrp interface
39
Chapter 9 LAG Commands
LAG (Link Aggregation Group) is to combine a number of ports together to make a single
high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is
the sum of bandwidth of its member port.
interface link-aggregation
Description
The interface link-aggregation command is used to access the Interface
Link-aggregation Mode. To delete the aggregation group, please use no
interface link-aggregation command.
Syntax
interface link-aggregation group-number
no interface link-aggregation group-number
Parameter
group-number ——The LAG number, ranging from1 to 14.
Command Mode
Global Configuration Mode
Example
Access the Interface Link-aggregation Mode and configure the aggregation
group 1:
TP-LINK(config)# interface link-aggregation 1
TP-LINK(config-if)#
interface range link-aggregation
Description
The interface range link-aggregation command is used to access the
Interface range Link-aggregation Mode, and you can configure some
aggregation groups at the same time. To delete the aggregation group, please
use no interface range link-aggregation command.
40
Syntax
interface range link-aggregation group-list
no interface range link-aggregation group-list
Command Mode
Global Configuration Mode
Parameter
group-list ——The aggregation group list. You can configure some aggregation
groups at the same time.
Example
Access the Interface range Link-aggregation Mode and configure the
aggregation group 1, 4-6:
TP-LINK(config)# interface range link-aggregation 1,4-6
TP-LINK(config-if)#
link-aggregation
Description
The link-aggregation command is used to add the current Ethernet port to an
aggregation group. To remove the current Ethernet port from the aggregation
group, please use no link-aggregation command.
Syntax
link-aggregation group-num
no link-aggregation
Parameter
group-num ——The LAG number, ranging from1 to 14.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Add the Ethernet port 2-4 to aggregation group 1:
TP-LINK(config)# interface range ethernet 2-4
TP-LINK(config-if)#link-aggregation 1
41
link-aggregation hash-algorithm
Description
The link-aggregation hash-algorithm command is used to configure the
Aggregate Arithmetic for LAG.
Syntax
link-aggregation hash-algorithm {src_dst_mac | src_dst_ip }
Parameter
src_dst_mac —— The source and destination MAC addresses.
src_dst_ip ——The source and destination IP addresses.
Command Mode
Global Configuration Mode
Example
Configure the Aggregate Arithmetic for LAG as src_dst_mac:
TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac
description
Description
The description command is used to set a description for an aggregation group.
To remove the description of an aggregation group, please use no description
command.
Syntax
description description
no description
Parameter
description——The description of LAG, which contains 16 characters at most.
Command Mode
Interface Configuration Mode(interface link-aggregation)
Example
Set the description "movie server" for aggregation group1:
42
TP-LINK(config)# interface link-aggregation 1
TP-LINK(config-if)# description “movie server”
show interface link-aggregation
Description
The show interface link-aggregation command is used to display the
configuration information of the Aggregate Arithmetic and the aggregation
s.
group
Syntax
show interface link-aggregation [group-num]
Parameter
group-num ——The LAG number, ranging from1 to 14. By default, the LAG
configuration information of all the Ethernet ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the LAG configuration information of all the Ethernet ports:
TP-LINK(config)#show interface link-aggregation
43
Chapter 10 LACP Commands
LACP (Link Aggregation Control Protocol) is defined in IEEE802.3ad and enables the dynamic link
aggregation and disaggregation by exchanging LACP packets with its partner. The switch can
dynamically group similarly configured ports into a single logical link, which will highly extend the
bandwidth and flexibly balance the load.
lacp system-priority
Description
The lacp system-priority command is used to set the system priority. To
restore to the default priority, please use no lacp system-priority command.
Syntax
lacp system-priority value
no lacp system-priority
Parameter
value —— System priority, ranging from 0 to 65535. By default, the value is
32768.
Command Mode
Global Configuration Mode
Example
Set the system priority as1024:
TP-LINK(config)# lacp system-priority 1024
lacp (interface)
Description
The lacp(interface) command is used to enable LACP protocol on the current
port. To disable LACP protocol, please use no lacp command.
Syntax
lacp
no lacp
44
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable LACP protocol on the port 1:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# lacp
lacp admin-key
Description
The lacp admin-key command is used to configure the admin key. To restore to
the default value, please use no lacp admin-key command.
Syntax
lacp admin-key value
no lacp admin-key
Parameter
value —— admin key, ranging from 0 to 65535. By default, the value is 1.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the admin key of port 1 as 1024:
TP-LINK(config)# interface Ethernet 1
TP-LINK(config-if)# lacp admin-key 1024
lacp port-priority
Description
The lacp port-priority command is used to set the priority of the current port. To
restore to the default priority, please use no lacp port-priority command.
Syntax
lacp port-priority value
no lacp port-priority
45
Parameter
value —— Port priority, ranging from 0 to 65535. By default, the value is 32768.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Set the port priority of port 1 to 1024:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# lacp port-priority 1024
show lacp system-priority
Description
The show lacp system-priority command is used to display the global system
priority value of LACP.
Syntax
show lacp system-priority
Command Mode
Any Configuration Mode
Example
Display the global system priority value of LACP:
TP-LINK(config)# show lacp system-priority
show lacp interface
Description
The show lacp interface command is used to display the port configuration
information of LACP.
Syntax
show lacp interface [ethernet port-num]
Parameter
port-num —— The Ethernet port number. By default, display the configuration
information of all the Ethernet ports.
46
Command Mode
Any Configuration Mode
Example
Display the configuration information of all the Ethernet ports:
TP-LINK(config)# show lacp interface
47
Chapter 11 User Manage Commands
User Manage Commands are used to configure the user name and password for users to log on to
the Web management page with a certain access level so as to protect the settings of the switch
from being randomly changed.
user add
Description
The user add command is used to add a new user.
Syntax
user add user-name password password confirm-password
confirm-password {guest | admin} {disable | enable}
Parameter
user-name ——Type a name for users' login, which contains 16 characters at
most, composing digits, English letters and underdashes only.
p
assword ——Type a password for users' login, which contains 16 characters at
most, composing digits, English letters and underdashes only.
confirm-p
guest | admin —— Access level.
Guest: only can view the settings without the right to
Admin: edit, modify and view all the settings of different functions.
disable | ena
assword ——Type the password again.
Command Mode
Global Configuration Mode
Example
edit and modify.
ble ——Enable/disable the user.
Add and enable a new admin user named tplink, and of which the password is
password:
TP-LINK(config)#user add tplink password password confirm-password
password admin enable
48
user remove
Description
The user remove command is used to delete an existing user. The current user
can't be deleted by itself.
Syntax
user remove user-name
Parameter
user-name —— An existing user name.
Command Mode
Global Configuration Mode
Example
Delete the user named tplink:
TP-LINK(config)# user remove tplink
user modify status
Description
The user modify status command is used to modify the status of the existing
user. The current user can't be modified by itself.
Syntax
user modify status user-name {disable | enable}
Parameter
user-name —— The existing user name.
disable | enable ——Disable/enable the user.
Command Mode
Global Configuration Mode
Example
Enable the status of user “tp-link”:
TP-LINK(config)# user modify status tplink enable
49
user modify type
Description
The user modify type command is used to modify the access level for the
existing user. The current user can't be modified by itself.
Syntax
user modify type user-name {guest | admin}
Parameter
user-name —— The existing user name.
guest | admin —— Access level. Guest: limited user; admin: manager.
Command Mode
Global Configuration Mode
Example
Change the access level of tplink to admin:
TP-LINK(config)# user modify type tplink admin
user modify password
Description
The user modify password command is used to modify the password for the
existing user.
Syntax
user modify password user-name old-password new-password
confirm-password
Parameter
user-name —— The existing user name.
old-password —— The old password.
new-password —— The new password, which contains 16 characters at most,
composing digits, English letters and underdashes only.
confirm-p
assword —— Type the new password again.
Command Mode
Global Configuration Mode
50
Example
Modify the password of tplink as newpwd:
TP-LINK(config)# user modify password tplink password newpwd newpwd
user access-control disable
Description
The user access-control disable command is used to cancel the user
access-control.
Syntax
user access-control disable
Command Mode
Global Configuration Mode
Example
Cancel the user access-control:
TP-LINK(config)# user access-control disable
user access-control ip-based
Description
The user access-control ip-based command is used to limit the IP-range of
the users for login. Only the users within the IP-range you set here are allowed
for login.
Syntax
user access-control ip-based ip-addr ip-mask
Parameter
ip-addr/ip-mask —— The source IP address. Only the users within the IP-range
you set here are allowed for login.
Command Mode
Global Configuration Mode
Example
Enable the access-control of the user whose Ip address is 192.168.0.148:
51
TP-LINK(config)# user access-control ip-based 192.168.0.148
255.255.255.255
user access-control mac-based
Description
The user access-control mac-based command is used to limit the MAC
Address of the users for login. Only the user with this MAC Address you set here
are allowed for login
Syntax
user access-control mac-based mac-addr
Parameter
mac-addr —— The source MAC address.
Command Mode
Global Configuration Mode
Example
Enable the access-control of the user whose MAC address is
00:00:13:0A:00:01:
TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01
user access-control port-based
Description
The user access-control port-based command is used to limit the ports for
login.
Only the users connected to these ports you set here are allowed for
login.
Syntax
user access-control port-based port-list
Parameter
port-list ——The Ethernet port numbers. You can appoint 5 ports at most.
Command Mode
Global Configuration Mode
52
Example
Enable the access-control of the ports 2, port4, port5, port6, and port10:
TP-LINK(config)# user access-control port-based 2,4-6,10
user max-number
Description
The user max-number command is used to configure the number of the users
logging on at the same time. To cancel the limit to the numbers of the users
logging in, please use no user max-number command.
Syntax
user max-number admin-num guest-num
no user max-number
Parameter
admin-num ——The maximum number of the users logging on as Admin,
ranging from 1 to 16. The total number of Admin and Guest should be less than
16.
guest-num ——The maximum number of the users logging on as Guest,
rangin
g from 0 to 15. The total number of Admin and Guest should be less than
16.
Command Mode
Global Configuration Mode
Example
Configure the number of the users as Admin and Guest logging on as 5 and 3:
TP-LINK(config)# user max-num 5 3
user idle-timeout
Description
The user idle-timeout command is used to configure the timeout time of the
switch. To restore to the default timeout time, please use no user idle-timeout
command.
53
Syntax
user idle-timeout minutes
no user idle-timeout
Parameter
minute ——The timeout time, ranging from 5 to 30 in minutes. By default, the
value is 10.
Command Mode
Global Configuration Mode
Example
Configure the timeout time of the switch as 15 minutes:
TP-LINK(config)# user idle-timeout 15
show user account-list
Description
The show user account-list command is used to display the information of the
current users.
Syntax
show user account-list
Command Mode
Any Configuration Mode
Example
Display the information of the current users:
TP-LINK(config)# show user account-list
show user configuration
Description
The user configuration command is used to display the security configuration
information of the users, including access-control, max-number and the
idle-timeout, etc.
54
Syntax
show user configuration
Command Mode
Any Configuration Mode
Example
Display the security configuration information of the users:
TP-LINK(config)# show user configuration
55
Chapter 12 Binding Table Commands
You can bind the IP address, MAC address, VLAN and the connected Port number of the Host
together, which can be the condition for the ARP Inspection and IP Source Guard to filter the
packets.
binding-table user-bind
Description
The binding-table user-bind command is used to bind the IP address, MAC
address, VLAN ID and the Port number together manually.
bind the IP address, MAC address, VLAN ID and the Port number together in
the condition that you have got the related information of the Hosts in the LAN.
Syntax
binding-table user-bind hostname ip-addr mac-addr vlan vid port port-num
{none | arp-detection | ip-source-guard | both}
Parameter
hostname ——The Host Name, which contains 20 characters at most.
ip-addr —— The IP Address of the Host.
mac-a
vid ——The
port-num —— The number of port connected to the Host.
{non
arp-
You can manually
ddr —— The MAC Address of the Host.
VLAN ID needed to be bound, ranging from 1 to 4094.
e | arp-detection | ip-source-guard | both}——The protect type for the entry.
detection indicates ARP detection; ip-source-guard indicates IP filter; none
indicates appling none; both indicates appling both.
Command Mode
Global Configuration Mode
Example
Bind an ACL entry with the IP is 192.168.0.1, MAC is 00:00:00:00:00:01, VLAN
ID is 2 and the Port number is 5 manually. And then enable the entry for the ARP
detection and IP filter function:
TP-LINK(config)# binding-table user-bind host1 192.168.0.1
00:00:00:00:00:01 vlan 2 port 5 both
56
binding-table remove
Description
The binding-table remove command is used to delete the IP-MAC –VID-PORT
entry from the binding table.
Syntax
binding-table remove index idx
Parameter
idx —— The entry number needed to be deleted. You can use the show
binding-table command to get the idx. Pay attention to that, the entry number is
the actual number in the binding table not arranged in an order.
Command Mode
Global Configuration Mode
Example
Delete the IP-MAC –VID-PORT entry with the index 5:
TP-LINK(config)# binding-table remove index 5
dhcp-snooping
Description
The dhcp-snooping command is used to enable the DHCP-snooping function
for the switch. To disable the DHCP-snooping function, please use no
dhcp-snooping command. DHCP Snooping functions to monitor the p
the Host obtaining the IP address from DHCP server, and record the IP address,
MAC address, VLAN and the connected Port number of the Host for automatic
binding.
Syntax
rocess of
dhcp-snooping
no dhcp-snooping
Command Mode
Global Configuration Mode
57
Example
Enable the DHCP-snooping function globally:
TP-LINK(config)# dhcp-snooping
dhcp-snooping global
Description
The dhcp-snooping global command is used to configure the DHCP snooping
globally. To restore to the default value, please use no dhcp-snooping global
command.
Syntax
dhcp-snooping global [global-rate global-rate] [dec-threshold dec-threshold]
[dec-rate dec-rate]
no dhcp-snooping global
Parameter
global-rate —— The value to specify the maximum amount of DHCP messages
that can be forwarded by the switch per second. The excessive massages will
be discarded. The options are 0/10/20/30/40/50 (packet/second).By default, it is
0 st
anding for disable.
dec-threshold ——The value to specify the minimum transmission rate
Decline packets to trigger the Decline protection for the specific port. The
options are 0/5/10/15/20/25/30 (packet/second).By default, it is 0 standing for
disable.
Dec-rate ——The value to specify the Decline Flow Control. The traffic flow of
the corresponding port will be limited to be this value if the transmission rate of
the Decline packets exceeds the Decline Threshold. The options are
5/10/15/20/25/30 (packet/second). By default, it is 5.
Command Mode
of the
Global Configuration Mode
Example
Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps,
and decline Flow Control as 20 pps for DHCP Snooping
TP-LINK(config)# dhcp-snooping global global-rate 30 dec-threshold 20
dec-rate 20
58
dhcp-snooping information enable
Description
The dhcp-snooping information enable command is used to enable the
Option 82 function of DHCP Snooping. To disable the Option 82 function, please
use no dhcp-snooping information enable command.
Syntax
dhcp-snooping information enable
no dhcp-snooping information enable
Command Mode
Global Configuration Mode
Example
Enable the Option 82 function of DHCP Snooping:
TP-LINK(config)# dhcp-snooping information enable
dhcp-snooping information strategy
Description
The dhcp-snooping information strategy command is used to select the
operation for the Option 82 field of the DHCP request packets from the Host. To
restore to the default option, please use no dhcp-snooping information
strategy command.
Syntax
dhcp-snooping information strategy {keep | replace | drop}
no dhcp-snooping information strategy
Parameter
keep ——Indicates to keep the Option 82 field of the packets. It is the default
option.
replace ——Indicates to replace the Option 82 field of
switch defined one.
drop ——Indicates to discard the packets including the Option 82 field
the packets with the
Command Mode
Global Configuration Mode
59
Example
Replace the Option 82 field of the packets with the switch defined one and then
send out:
TP-LINK(config)# dhcp-snooping information strategy replace
dhcp-snooping information user-defined
Description
The dhcp-snooping information user-defined command is used to permit
users to define the Option 82. To disable the function, please use
dhcp-snooping information user-defined comma
Syntax
dhcp-snooping information user-defined
no dhcp-snooping information user-defined
Command Mode
Global Configuration Mode
Example
Permit users to define the Option 82:
TP-LINK(config)# dhcp-snooping information user-defined
dhcp-snooping information remote-id
no
nd.
Description
The dhcp-snooping information remote-id command is used to configure the
sub-option Remote ID for the customized Option 82.
Syntax
dhcp-snooping information remote-id string
Parameter
string ——Enter the sub-option Remote ID, which contains 32 characters at
most.
Command Mode
Global Configuration Mode
60
Example
Configure the sub-option Remote ID for the customized Option 82 as tplink:
TP-LINK(config)# dhcp-snooping information remote-id tplink
dhcp-snooping information circuit-id
Description
The dhcp-snooping information circuit-id command is used to configure the
sub-option Circuit ID for the customized Option 82.
Syntax
dhcp-snooping information circuit-id string
Parameter
string ——Enter the sub-option Circuit ID, which contains 32 characters at most.
Command Mode
Global Configuration Mode
Example
Configure the sub-option Circuit ID for the customized Option 82 as tplink:
TP-LINK(config)# dhcp-snooping information circuit-id tplink
dhcp-snooping trusted
Description
The dhcp-snooping trusted command is used to configure a port to be a
Trusted Port. Only the Trusted Port can receive the DHCP packets from DHCP
servers. To turn the port back to a distrusted port, please use no
dhcp-snooping trusted command.
Syntax
dhcp-snooping trusted
no dhcp-snooping trusted
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
61
Example
Configure the port 2 to be a Trusted Port:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dhcp-snooping trusted
dhcp-snooping mac-verify
Description
The dhcp-snooping mac-verify command is used to enable the MAC Verify
feature. To disable the MAC Verify feature, please use no dhcp-snooping
mac-verify command. There are two fields of the DHCP packet containing the
MAC address of the Host. The MAC Verify feature is to compare the two fields
and discard the packet if the two fields are different.
Syntax
dhcp-snooping mac-verify
no dhcp-snooping mac-verify
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the MAC Verify feature for the port 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dhcp-snooping mac-verify
dhcp-snooping rate-limit
Description
The dhcp-snooping rate-limit command is used to enable the Flow Control
feature for the DHCP packets. The excessive DHCP packets will be discarded.
To restore to the default configuration, please use no dhcp-snooping rate-limit
command.
Syntax
dhcp-snooping rate-limit value
no dhcp-snooping rate-limit
62
Parameter
value ——The value of Flow Control. The options are 0/5/10/15/20/25/30
(packet/second). The default value is 0, which stands for disable.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Set the Flow Control of port 2 as 20 pps:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dhcp-snooping rate-limit 20
dhcp-snooping decline
Description
The dhcp-snooping decline command is used to enable the Decline Protect
feature. To disable the Decline Protect feature, please use no dhcp-snooping
decline command.
Syntax
dhcp-snooping decline
no dhcp-snooping decline
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the Decline Protect feature of port 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dhcp-snooping decline
show binding-table
Description
The show binding-table command is used to display the IP-MAC-VID-PORT
binding table.
63
Syntax
show binding-table
Command Mode
Any Configuration Mode
Example
Display the IP-MAC-VID-PORT binding table:
TP-LINK(config)# show binding-table
show dhcp-snooping global
Description
The show dhcp-snooping global command is used to display the global
configuration of DHCP Snooping.
Syntax
show dhcp-snooping global
Command Mode
Any Configuration Mode
Example
Display the configuration of DHCP Snooping globally:
TP-LINK(config)# show dhcp-snooping global
show dhcp-snooping information
Description
The show dhcp-snooping information command is used to display the Option
82 configuration of DHCP Snooping.
Syntax
show dhcp snooping information
Command Mode
Any Configuration Mode
64
Example
Display the Option 82 configuration of DHCP Snooping:
TP-LINK(config)# show dhcp-snooping information
show dhcp-snooping interface
Description
The show dhcp-snooping interface command is used to display the interface
configuration of DHCP Snooping.
Syntax
show dhcp snooping interface [ethernet port-num]
Parameter
port-num ——The number of the switch port. By default, it will display the
configuration of all the ports.
Command Mode
Any Configuration Mode
Example
Display the interface configuration of all the ports:
TP-LINK(config)# show dhcp-snooping interface
65
Chapter 13 ARP Inspection Commands
ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating,
such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.
arp detection (global)
Description
The arp detection (global) command is used to enable the ARP Detection
function globally. To disable the ARP Detection function, please use no arp
detection command.
Syntax
arp detection
no arp detection
Command Mode
Global Configuration Mode
Example
Enable the ARP Detection function globally:
TP-LINK(config)# arp detection
arp detection trust-port
Description
The arp detection trust-port command is used to configure the port for which
the ARP Detect function is unnecessary as the Trusted Port. To clear the
Trusted Port list, please use no arp detection trust-port command .The
specific ports, such as up-linked port, routing port and LAG port, should be set
as Trusted Port. To ensure the normal communication of the switch, please
configure the ARP Trusted Port before enabling the ARP Detect function.
Syntax
arp detection trust-port port-list
no arp detection trust-port
66
Parameter
port-list ——The specified Trusted Port list.
Command Mode
Global Configuration Mode
Example
Configure the ports 2-5, 11-15 as the Trusted Port:
TP-LINK(config)# arp detection trust-port 2-5,11-15
arp detection (interface)
Description
The arp detection (interface) command is used to enable the ARP Defend
function. To disable the arp detection function, please use no arp detection
command. ARP Attack flood produces lots of ARP Packets, which will occupy
the bandwidth and slow the network speed extremely. With the ARP Defend
enabled, the switch can terminate receiving the ARP packets for 300 seconds
when the transmission speed of the legal ARP packet on the port exceeds the
defined value so as to avoid ARP Attack flood.
Syntax
arp detection
no arp detection
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the arp defend function for the ports 2-6:
TP-LINK(config)# interface range ethernet 2-6
TP-LINK(config-if)# arp detection
arp detection limit-rate
Description
The arp detection limit-rate command is used to configure the speed. The
switch can terminate receiving the ARP packets for 300 seconds when the
67
transmission speed of the legal ARP packet on the port exceeds the defined
value. To restore to the default speed, please use no arp detection limit-rate
command.
Syntax
arp detection limit-rate value
no arp detection limit-rate
Parameter
value ——The value to specify the maximum amount of the received ARP
packets per second, ranging from 10 to 100 in pps(packet/second). By default,
the value is 15.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the maximum amount of the received ARP packets per second as 50
pps for the port 5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# arp detection limit-rate 50
arp detection recover
Description
The arp detection recover command is used to restore to the port to the ARP
transmit status from the ARP filter status.
Syntax
arp detection recover
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Restore the port 5 to the ARP transmit status:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# arp detection recover
68
show arp detection global
Description
The show arp detection global command is used to display the ARP detection
global configuration including the enable/disable status and the Trusted Port list.
Syntax
show arp detection global
Command Mode
Any Configuration Mode
Example
Display the ARP detection configuration globally:
TP-LINK(config)# show arp detection global
show arp detection interface
Description
The show arp detection interface command is used to display the interface
configuration of ARP detection.
Syntax
show arp detection interface [ethernet port-num]
Parameter
port-num ——The number of switch port. By default, display the configuration of
all the ports.
Command Mode
Any Configuration Mode
Example
Display the configuration of all the ports:
TP-LINK(config)# show arp detection interface
show arp detection statistic
Description
69
The show arp detection statistic command is used to display the number of
the illegal
ARP packets received.
Syntax
show arp detection statistic
Command Mode
Any Configuration Mode
Example
Display the number of the illegal ARP packets received:
TP-LINK(config)# show arp detection statistic
show arp detection statistic reset
Description
The show arp detection statistic reset command is used to clear the statistic
of the illegal ARP packets received.
Syntax
show arp detection statistic reset
Command Mode
Global Configuration Mode
Example
Clear the statistic of the illegal ARP packets received:
TP-LINK(config)# show arp detection statistic reset
70
Chapter 14 IP Source Guard Commands
IP Source Guard is to filter the IP packets based on the IP-MAC Binding entries. Only the packets
matched to the IP-MAC Binding rules can be processed, which can enhance the bandwidth utility.
ip source guard
Description
The ip source guard command is used to enable the IP Source Guard function
for the specified port. To disable the IP Source Guard function, please use no ip
source guard command.
Syntax
ip source guard {disable | sip | sip+mac}
no ip source guard
Parameter
disable | sip | sip+mac——Security type.
Disable indicates to disable the IP Source Guard feature for the port.
Sip indicates that only the packets with its source IP address and port number
matched to the IP-MAC binding rules
Sip_mac indicates that only the packets with it
address and port number matched to the IP-MAC binding rules can be
processed.
By default, the option is disabling.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
can be processed.
s source IP address, source MAC
Enable the IP Source Guard function for the ports 5-10. Configure that only the
packets with its source IP address, source MAC address and port number
matched to the IP-MAC binding rules can be processed:
TP-LINK(config)# interface range ethernet 5-10
TP-LINK(config-if)# ip source guard sip+mac
71
show ip source guard
Description
The show ip source guard command is used to display the IP Source Guard
configuration.
Syntax
show ip source guard [ethernet port]
Command Mode
Any Configuration Mode
Example
Display the IP Source Guard configuration:
TP-LINK(config)# show ip source guard
72
Chapter 15 DoS Defend Command
DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network
attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend
enabled, the switch can analyze the specific field of the received packets and provide the defend
measures to ensure the normal working of the local network.
dos-prevent
Description
The dos-prevent command is used to enable the DoS defend function globally.
To disable the DoS defend function, please use no dos-prevent command.
Syntax
dos-prevent
no dos-prevent
Command Mode
Global Configuration Mode
Example
Enable the DoS defend function globally:
TP-LINK(config)# dos-prevent
dos-prevent type
Description
The dos-prevent type command is used to select the DoS Defend Type. To
disable the corresponding Defend Type, please use no dos-prevent ty
command.
pe
Syntax
dos-prevent type [scan-synfin] [xma-scan] [null-scan] [port-less-1024]
[ping-flood] [syn-flood]
no dos-prevent type [scan-synfin] [xma-scan] [null-scan] [port-less-1024]
[ping-flood] [syn-flood]
73
Parameter
scan-synfin —— Scan SYNFIN attack.
xma-scan —— Xma Scan attack.
null-scan —— NULL Scan attack.
port-less-1024 —— The SYN packets whose Source Port less than 1024.
ping-flood —— Ping flooding attack.
syn-flood —— SYN/SYN-ACK flooding attack.
Command Mode
Global Configuration Mode
Example
Enable two DoS Defend Types named Xma Scan attack and Ping flooding
attack:
TP-LINK(config)# dos-prevent type xma-scan ping-flood
show dos-prevent
Description
The show dos-prevent command is used to display the DoS information of the
detected DoS attack, including enable/disable status, the DoS Defend Type,
count of the attack, etc.
Syntax
show dos-prevent
Command Mode
Any Configuration Mode
Example
the
Display the DoS information of the detected DoS attack globally:
TP-LINK(config)# show dos-prevent
74
Chapter 16 IEEE 802.1X Commands
IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the
supplicant passing the authentication can access the LAN.
dot1x (global)
Description
The dot1x command is used to enable the IEEE 802.1X function globally. To
disable the IEEE 802.1X function, please use no dot1x command.
Syntax
dot1x
no dot1x
Command Mode
Global Configuration Mode
Example
Enable the IEEE 802.1X function:
TP-LINK(config)# dot1x
dot1x auth-method
Description
The dot1x auth-method command is used to configure the Authentication
Method of IEEE 802.1X. To restore to the default 802.1x authe
please use no dot1x auth-method command.
Syntax
dot1x auth-method { pap | eap-md5 }
ntication method,
no dot1x auth-method
Parameter
pap | eap-md5 ——Authentication Methods.
PAP: IEEE 802.1X authentication system uses extensible authentication
protocol (EAP) to exchange information between the switch and the client. The
75
transmission of EAP packets is terminated at the switch and the EAP packets
are converted to the other protocol (such as RADIUS) packets for transmission
EAP-MD5: IEEE 802.1X authentication system uses extensible authentication
protocol (EAP) to exchange information between the switch and the client. The
EAP
protocol packets with authentication data can be encapsulated in the
advanced protocol (such as RADIUS) packets to be transmitted to the
authentication server.
Command Mode
Global Configuration Mode
Example
Configure the Authentication Method of IEEE 802.1X as pap:
TP-LINK(config)# dot1x auth-method pap
dot1x guest-vlan
Description
The dot1x guest-vlan command is used to enable the Guest VLAN function
globally. To disable the Guest VLAN function, please use no d
command.
Syntax
dot1x guest-vlan vid
no dot1x guest-vlan
Parameter
vid ——The VLAN ID needed to enable the Guest VLAN function, ranging from
2 to 4094. The supplicants in the Guest VLAN can access the
source.
Command Mode
ot1x guest-vlan
specified network
Global Configuration Mode
Example
Enable the Guest VLAN function for VLAN 5:
TP-LINK(config)# dot1x guest-vlan 5
76
dot1x quiet-period
Description
The dot1x quiet-period command is used to enable the quiet-period function.
To disable the function, please use no dot1x quiet-period command.
Syntax
dot1x quiet-period
no dot1x quiet-period
Command Mode
Global Configuration Mode
Example
Enable the quiet-period function:
TP-LINK(config)# dot1x quiet-period
dot1x timer
Description
The dot1x timer command is used to configure the Quiet Period and the
SupplicantTimeout. To restore to the default, please use no dot1x timer
command.
Syntax
dot1x timer quiet-period period supp-timeout timeout
no dot1x timer
Parameter
period ——The value for Quiet Period, ranging from 1 to 999 in seconds. By
default, it is 10. Once the supplicant failed to the 802.1X Authentication, then the
switch will not respond to the authentication request from the same supplicant
during the Quiet Period.
timeout ——The maximum time for the switch to wait for the response from
supplicant before resending a reques
second. By default, it is 3.
t to the supplicant., ranging from 1 to 9 in
Command Mode
Global Configuration Mode
77
Example
Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6
seconds:
TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6
dot1x retry
Description
The dot1x retry command is used to configure the maximum transfer times of
the repeated authentication request. To restore to the default value, please use
no dot1x retry command
Syntax
dot1x retry retry-time
no dot1x retry
Parameter
retry-time ——The maximum transfer times of the repeated authentication
request, ranging from 1 to 9 in times. By default, the value is 3.
Command Mode
Global Configuration Mode
Example
Configure the maximum transfer times of the repeated authentication request as
5:
TP-LINK(config)# dot1x retry 5
.
dot1x (interface)
Description
The dot1x command is used to enable the IEEE 802.1X function for a specified
port. To disable the IEEE 802.1X function for a specified port, please use no
dot1x command.
Syntax
dot1x
no dot1x
78
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the IEEE 802.1X function for the port 1:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# dot1x
dot1x guest-vlan
Description
The dot1x guest-vlan command is used to enable the Guest VLAN function for
a specified port. To disable the Guest VLAN function for a specified port, please
use no
corresponding port is port-based before enabling the Guest VLAN function for it.
Please refer to dot1x port-method
dot1x guest-vlan command. Please ensure that
Syntax
dot1x guest-vlan
no dot1x guest-vlan
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the Guest VLAN function for port 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dot1x guest-vlan
the Control Type of the
for details.
dot1x port-control
Description
The dot1x port-control command is used to configure the Control Mode of
IEEE 802.1X for the specified port. To restore to the default configuration,
please use no dot1x port-control command.
Syntax
dot1x port-control { auto | authorized-force | unauthorized-force }
79
no dot1x port-control
Parameter
auto | authorized-force | unauthorized-force —— The Control Mode for the port.
Auto:
In this mode, the port will normally work only after passing the 802.1X
Authentication.
Authorized-force: In this mode, the port can work normally without p
802.1X Authentication.
Unauthorized-force: In this mode, the port is forbidden working for its fixed
unauth
By default, the Control Mode is auto.
orized status.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the Control Mode for port 1 as authorized-force:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# dot1x port-control authorized-force
dot1x port-method
assing the
Description
The dot1x port-method command is used to configure the Control Type of
IEEE 802.1X for the specified port. To restore to the default configuration,
please use no dot1x port-method command.
Syntax
dot1x port-method { mac-based | port-based }
no dot1x port-method
Parameter
mac-based | port-based ——The Control Type for the port.
Mac-based: Any client connected to the port should p
Authentication for access.
Port-based: All the clients
condition that any one of the clients has passed the 802.1X Authentication.
By default, the Control Type is mas-based.
ass the 802.1X
connected to the port can access the network on the
80
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the Control Type for port 5 as port-based:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# dot1x port-method port-based
radius authentication primary-ip
Description
The radius authentication primary-ip command is used to configure the IP
address of the authentication server. Authentication server provides the
authentication service for
the user name, password, etc, with the purpose to control the authentication and
accounting status of the clients. The RADIUS(Remote Authentication Dial-In
User Service)server is used as the Authentication server generally.
Syntax
radius authentication primary-ip ip-addr
Parameter
ip-addr —— The IP address of the authentication server.
Command Mode
Global Configuration Mode
Example
Configure the IP of the authentication server as 10.20.1.100:
TP-LINK(config)# radius authentication primary-ip 10.20.1.100
the switch via the stored client information, such as
radius authentication secondary-ip
Description
The radius authentication secondary-ip command is used to configure the IP
address of the alternate authentication server. To restore to the default
configuration, please use no radius authentication secondary-ip command.
81
Syntax
radius authentication secondary-ip ip-addr
no radius authentication secondary-ip
Parameter
ip-addr ——The IP address of the alternate authentication server. By default, it
is 0.0.0.0.
Command Mode
Global Configuration Mode
Example
Configure the IP address of the alternate authentication server as 10.20.1.101:
TP-LINK(config)# radius authentication secondary-ip 10.20.1.101
radius authentication port
Description
The radius authentication port command is used to configure the
authentication port of the alternate authentication server. To restore to the
default value
Syntax
radius authentication port port-num
no radius authentication port
Parameter
port-num ——The UDP port of authentication server(s) raging from 1 to 65535
and the default port is 1812.
Command Mode
Global Configuration Mode
, please use no radius authentication port command.
Example
Configure the authentication port of the alternate authentication server as 1815:
TP-LINK(config)# radius authentication port 1815
82
radius authentication key
Description
The radius authentication key command is used to configure the shared
password for the switch and the authentication servers to exchange messages.
To clear the radius authentication key, please use no radius authentication
ke
y command.
Syntax
radius authentication key key-string
no radius authentication key
Parameter
key-string——The shared password for the switch and the authentication
servers to exchange messages which contains 15 characters at most.
Command Mode
Global Configuration Mode
Example
Configure the shared password for the switch and the authentication servers as
tplink:
TP-LINK(config)# radius authentication key tplink
radius accounting enable
Description
The radius accounting enable command is used to enable the accounting
feature. To disable the accounting feature, please use no radius accounting
enable command.
Syntax
radius accounting enable
no radius accounting enable
Command Mode
Global Configuration Mode
83
Example
Enable the accounting feature:
TP-LINK(config)# radius accounting enable
radius accounting primary-ip
Description
The radius accounting primary-ip command is used to configure the IP
address of the accounting server.
Syntax
radius accounting primary-ip ip-addr
Parameter
ip-addr —— The IP address of the accounting server.
Command Mode
Global Configuration Mode
Example
Configure the IP address of the accounting server as 10.20.1.100:
TP-LINK(config)# radius accounting primary-ip 10.20.1.100
radius accounting secondary-ip
Description
The radius accounting secondary-ip command is used to configure the IP
address of the alternate accounting server. To restore to the default
configuration, please use no radius accounting secondary-ip command.
Syntax
radius accounting secondary-ip ip-addr
no radius accounting secondary-ip
Parameter
ip-addr ——The IP address of the alternate accounting server. By default, it is
0.0.0.0.
84
Command Mode
Global Configuration Mode
Example
Configure the IP address of the alternate accounting server as 10.20.1.101:
TP-LINK(config)# radius accounting secondary-ip 10.20.1.101
radius accounting port
Description
The radius accounting port command is used to set the UDP port of
accounting server(s). To restore to the default value, please use no radius
accounting port.
Syntax
radius accounting port port-num
no radius accounting port
Parameter
port-num ——The UDP port of accounting server(s) ranging from 1 to 65535.
The default port is 1813.
Command Mode
Global Configuration Mode
Example
Set the UDP port of accounting server(s) as 1816:
TP-LINK(config)# radius accounting port 1816
radius accounting key
Description
The radius accounting key command is used to configure the shared
password for the switch and the accounting servers to exchange messages.To
clear the shared password for the switch and the accounting servers, please
use no radius accounting key command.
Syntax
radius accounting key key-string
85
no radius accounting key
Parameter
key-string ——The shared password for the switch and the accounting servers
to exchange messages which contains 15 characters at most.
Command Mode
Global Configuration Mode
Example
Configure the shared password for the switch and the accounting servers as
tplink:
TP-LINK(config)# radius accounting key tplink
radius response-timeout
Description
The radius response-timeout command is used to configure the maximum
time for the switch to wait for the response from the RADIUS authentication and
the accounting serve
response-timeout command.
Syntax
radius response-timeout time
no radius response-timeout
Parameter
time ——The maximum time for the switch to wait for the response before
resending a request to the supplicant., ranging from 1 to 9 in second. By default,
it is 3.
Command Mode
r. To restore to the default value, please use no radius
Global Configuration Mode
Example
Configure the maximum time for the switch to wait for the response from the
RADIUS authentication and the accounting server
TP-LINK(config)# radius response-timeout 5
86
as 5 seconds:
show dot1x global
Description
The show dot1x global command is used to display the global configuration of
801.X.
Syntax
show dot1x global
Command Mode
Any configuration Mode
Example
Display the configuration of 801.X globally:
TP-LINK(config)# show dot1x global
show dot1x interface
Description
The show dot1x interface command is used to display the port configuration of
801.X.
Syntax
show dot1x interface [ ethernet port-num ]
Parameter
port-num ——The number of the Ethernet port. Display the configuration of all
the ports by default.
Command Mode
Any configuration Mode
Example
Display the port configuration of 801.X:
TP-LINK(config)# show dot1x interface
show radius authentication
Description
87
The show radius authentication command is used to display the configuration
of the RADIUS authentication server.
Syntax
show radius authentication
Command Mode
Any configuration Mode
Example
Display the configuration of the RADIUS authentication server:
TP-LINK(config)# show radius authentication
show radius accounting
Description
The show radius accounting command is used to display the configuration of
the accounting server.
Syntax
show radius accounting
Command Mode
Any configuration Mode
Example
Display the configuration of the accounting server:
TP-LINK(config)# show radius accounting
88
Loading...