TP-Link TL-SG3424P manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation TP-Link TL-SG3424P. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel TP-Link TL-SG3424P ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation TP-Link TL-SG3424P décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation TP-Link TL-SG3424P devrait contenir:
- informations sur les caractéristiques techniques du dispositif TP-Link TL-SG3424P
- nom du fabricant et année de fabrication TP-Link TL-SG3424P
- instructions d'utilisation, de réglage et d’entretien de l'équipement TP-Link TL-SG3424P
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage TP-Link TL-SG3424P ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles TP-Link TL-SG3424P et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service TP-Link en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées TP-Link TL-SG3424P, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif TP-Link TL-SG3424P, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation TP-Link TL-SG3424P. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    TL-SG3424P JetS tream L2 Managed PoE Switch Rev: 1.0.0 1910010613[...]

  • Page 2

    I COPYRIGHT & TRADEMARKS S pecifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks or registered trademarks of t heir respective holders. No part of the specificatio ns ma y be reproduced in any form or by any means or used to make any derivat[...]

  • Page 3

    II CONTENTS Preface .............................................................................................................. 1 Chapter 1 Using the CLI ....................................................................................... 4 1.1 Accessi ng the CLI ................................................................................[...]

  • Page 4

    III show ma c-vlan .................................................................................................................. .... 21 Chapter 5 Protocol VLAN Commands ............................................................... 22 protocol-vla n template ....................................................................................[...]

  • Page 5

    IV show lacp interface ............................................................................................................ .... 39 show lacp syst em-prior ity ...................................................................................................... 40 Chapter 10 User Manage Comma nds ...........................................[...]

  • Page 6

    V arp detection trust- port ....................................................................................................... ... 59 arp detection (interfa ce)...................................................................................................... ... 60 arp detection limit-rate ..................................................[...]

  • Page 7

    VI show radius account ing ......................................................................................................... 79 Chapter 15 Log Comma nds ................................................................................. 80 logging loca l buffe r .................................................................................[...]

  • Page 8

    VII system-tim e dst ................................................................................................................ ..... 97 ip addr ess ..................................................................................................................... ......... 98 ip management -vlan ............................................[...]

  • Page 9

    VIII Chapter 21 QoS Comma nds................................................................................ 1 17 qos ............................................................................................................................ .......... 1 17 qos dot1p config .........................................................................[...]

  • Page 10

    IX Chapter 25 ACL Comma nds ................................................................................137 acl time-s egm ent ............................................................................................................... .. 137 acl edit ti me-segm ent ............................................................................[...]

  • Page 11

    X igmp-snooping global .......................................................................................................... 1 61 igmp-snooping config .......................................................................................................... 1 61 igmp-snooping vlan -config-a dd ..................................................[...]

  • Page 12

    XI show snmp view ................................................................................................................. . 186 show snmp group ................................................................................................................ 186 show snmp user ................................................................[...]

  • Page 13

    XII show cluste r neighb our........................................................................................................ 2 05 show cluster ntd p gl obal ...................................................................................................... 2 05 show cluster ntd p port-st atus .............................................[...]

  • Page 14

    1 Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SG3424P JetS tream L2 Managed PoE Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels a[...]

  • Page 15

    2 Provide information about the co mmands used for protecting the swit ch from the ARP cheating or ARP Att ack. Chapter 13: DoS Defend Command Provide information about the commands used for DoS defend and detecting the DoS attack. Chapter 14: IEEE 802.1X Commands Provide information about the commands us ed for configuring I EEE 802.1X function. C[...]

  • Page 16

    3 Protocol). Chapter 27: IGMP Commands Provide information about the commands used for configuring the IGMP Snooping (Internet Group Management Protocol Snooping). Chapter 28: SNMP Commands Provide information about the commands used for configuri ng the SNMP (Simple Network Management Protocol) functions. Chapter 29: LLDP Commands Provide informat[...]

  • Page 17

    4 Chapter 1 Using the CLI 1.1 Accessing the CLI Y ou can log on to the switch and access the CLI by the following two methods: 1. Log on to the switch by the console port on the switch. 2. Log on to the switch remotely by a T e lnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port T o log on to the switch by the console por[...]

  • Page 18

    5 Figure 1-2 Connection Description 4. Select the port to connect in figure 1-3, and click OK . Figure 1-3 Select the port to connect 5. Configure the port selected in the step abov e as the following figure1-4 sho wn. Configure Bit s per second as 38400, Dat a bit s as 8, Parity as None, S top bit s as 1, Flo w control as None, and then click OK .[...]

  • Page 19

    6 Figure 1-4 Port Settings 6. T ype the User name an d Password in the Hyper T erminal window , the factory default value for both of them is admin. The DOS pr ompt ” TP-LINK>” will appear after pressing the Enter button as figure1-5 shown. It indi cates that you can use the CLI now . Figure 1-5 Log in the Switch 1.1.2 Logon by Telnet T o lo[...]

  • Page 20

    7 Figure 1-6 Open the Run window 3. T ype cmd in the prompt R un window a s figure 1-7 and click OK . Figure 1-7 Run Window 4. T ype telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter button. Figure 1-8 Connecting to the Switch[...]

  • Page 21

    8 5. T ype the User name and Passwo rd (the factory default value fo r both of them is admin) and press the Enter button, then you can use the CLI now , which is shown as figure1-9. Figure 1-9 Log in the Switch 1.2 CLI Command Modes The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Int[...]

  • Page 22

    9 User EXEC Mode Primary mode once it is connected with the swi tch. TP-LINK> Use the exit command to disconnect the switch (except that the switch is connected through the Consol e port). Use the enable command to access Privileged EXEC mode. Privileged EXEC Mode Use the enable command to enter this mode from User EXEC mode. TP-LINK# Use the ex[...]

  • Page 23

    10 you should access the corres ponding command mode firstly. z Global Configuration Mode : In this mode, global commands are provided, such as the Spanning Tree, Schedule Mode and so on. z Interface Configuration Mode : In this mode, users can c onfigure one or several ports, different ports corresponds to dif ferent commands a). Interface Etherne[...]

  • Page 24

    11 1.4 Conventions 1.4.1 Format Conventions The following conventions are used in this Guide: ¾ Items in square brackets [ ] are optional ¾ Items in braces { } are required ¾ Alternative items are grouped in braces and se parated by vertical bars. For example: speed {10 | 100 | 1000 } ¾ Bold indicates an unalterable keyword. For example: show l[...]

  • Page 25

    12 Chapter 2 User Interface enable Description The enable command is used to access Privileged EXEC Mode from User EXEC Mode. Synt ax enable Command Mode User EXEC Mode Example If you have set the password to access Privileged EXEC Mode from User EXEC Mode: TP-LINK>enable Enter p assw ord : TP-LINK# enable password Description The enable p ass[...]

  • Page 26

    13 disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Synt ax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TP-LINK# disable TP-LINK> configure Description The configure command is used to access Global Configuration Mode fr om Privileged [...]

  • Page 27

    14 Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode,an d then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# end Description The end command is used to return to Privileged EXEC Mode. Synt ax end Command Mode Any Configuration Mode Example Retur[...]

  • Page 28

    15 Chapter 3 IEEE 802.1Q VLAN Commands VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logical LANs flexibly . Host s in the same VLAN can communicate with each other , regardless of their physical locations. VLAN can enhance performance b y conserving bandwidth, and improve security by limit[...]

  • Page 29

    16 Create a VLAN, the vid of which is 12: TP-LINK(config)# vlan dat abase TP-LINK(config-vlan)#vlan 12 interface vlan Description The interface vlan command is used to access VLAN Interface Mode to configure the specified VLAN. Synt ax interface vlan vlan-id Parameter vlan-id ——VLAN ID,ranging from 1 to 4094. Command Mode Global Configuration M[...]

  • Page 30

    17 TP-LINK(config-if)#description vlan2 switchport type Description The switchport type command is used to configur e the Link T ypes for the ports. Synt ax switchport type { access | trunk | general } Parameter access | trunk | general —— Link T ypes. There are three Link T ypes for the ports. Command Mode Interface Configuration Mode ( interf[...]

  • Page 31

    18 TP-LINK(config-if)# switchport allowed vlan add 2 switchport pvid Description The switchport pvid command is used to configur e the PVID for the switch ports. Synt ax switchport pvid vlan-id Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. Command Mode Interface Configuration Mode (interface ethernet / interface ran ge ethernet ) Exampl[...]

  • Page 32

    19 show vlan Description The show vlan command is used to display t he information of IEEE 802.1Q VLAN . Synt ax show vlan [ vlan-id ] Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. By default , display all the information of IEEE 802.1Q VLAN. Command Mode Any Configuration Mode Example Display the information of vlan 5: TP-LINK(config)#[...]

  • Page 33

    20 Chapter 4 MAC VLAN Commands MAC VLAN (Virtual Local Area Network) is the way to classify the VLANs based on MAC Address. A MAC address is relative to a single VLAN ID. The untagged packets and the priority-tagged packet s coming from the MAC address will be tagged with this VLAN ID. mac-vlan add Description The mac-vlan add command is used to cr[...]

  • Page 34

    21 Example Delete the existing MAC-Based VLAN entry with the MAC address of 00:00:00:00:00:02: TP-LINK(config)# mac-vlan remove 00:00:00:00:00:02 mac-vlan modify Description The mac-vlan modify command is used to modify the settings of t he subsistent MAC VLAN entry . Synt ax mac-vlan modify { vlan-id } { mac-addr } [ description ] Parameter vlan-i[...]

  • Page 35

    22 Chapter 5 Protocol VLAN Commands Protocol VLAN (V irtual Local Area Network) is the way to classify VLANs based on Protocols. A Protocol is relative to a single VLAN ID. The untagged p ackets and the priority-tagged pa ckets matching the protocol template w ill be tagged with this VLAN ID. protocol-vlan template Description The protocol-vlan tem[...]

  • Page 36

    23 protocol-vlan vlan vid template index member-list no protocol-vlan entry-id Parameter vid ——VLAN ID , ranging from 1-4094. index ——The number of the Protocol template.Y ou can get the template corresponding to the number by the show protocol-vlan template command. entry-id ——The number of the Protocol VL AN . Y ou can get the Proto[...]

  • Page 37

    24 show protocol-vlan vlan Command Mode Any Configuration Mode Example Display information of the protocol-vlan entry: TP-LINK(config)# show protocol-vlan vlan[...]

  • Page 38

    25 Chapter 6 Voice VLAN Commands V oice VLANs are configured spec iall y for voice data stream. By configuring V oice VLANs and adding the ports with voice devic es attached to voice VLANs, you can perform QoS-related configuration for voice data, ens uring the transmission priority of voice data stream and voice quality . voice-vlan enable Descrip[...]

  • Page 39

    26 Parameter aging-time ——Aging time (in minutes) to be set for the V oice VLAN. It ranges from 1 to 43200 and the default value is 1440. Command Mode Global Configuration Mode Example Set the aging time for the V oice VLAN as 2880 minutes: TP-LINK(config)# voice-vlan aging-time 2880 voice-vlan priority Description The voice-vlan priority comma[...]

  • Page 40

    27 voice-vlan oui remove mac-addr Parameter mac-addr —— The OUI address of the voice device. mask-addr —— The OUI address ma sk of the voice device. description ——Give a description to the OU I for identification which contains 16 characters at most. By default, it is empty . Command Mode Global Configuration Mode Example Create a V oic[...]

  • Page 41

    28 switchport voice-vlan security Description The switchport voice-vl an security command is used to configure the V oice VLAN security mode. Synt ax switchport voice-vlan securit y {disable | enable} Parameter disable | enable —— disable/enable the security mode for the specified port . Command Mode Interface Configuration Mode ( interface e[...]

  • Page 42

    29 The show voice-vlan oui command is used to display the configuration information of V oice VLAN OUI. Synt ax show voice-vlan oui Command Mode Any Configuration Mode Example Display the configuration info rmation of V oice VLAN OUI: TP-LINK(config)# show voice-vlan oui show voice-vlan switchport Description The show voice-vlan switchport command [...]

  • Page 43

    30 Chapter 7 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allo ws the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagat e the lo cal VLAN registration information to other switches, without having to individu[...]

  • Page 44

    31 Example Enable the GVRP function for ports 2-6: TP-LINK(config)# interface range ethernet 2-6 TP-LINK(config-if)# gvrp gvrp registration Description The gvrp registration command is used to confi gure the GVRP registration type on the desired port. T o restore to the default value, ple ase use no gvrp registration command. Synt ax gvrp registrat[...]

  • Page 45

    32 Parameter leaveall | join | leave —— They are the three timers: leave All 、 join and leave. Once the LeaveAll T imer is set, the port with GVRP enabled can send a LeaveAll message after the timer times ou t, so that other GARP ports can re-register all the attribute information. After that, the LeaveAll timer will start to begin a new cycl[...]

  • Page 46

    33 TP-LINK(config)# show gvrp global show gvrp interface Description The show gvrp interface command is used to displa y the GVRP configuration information of the s pecified Ethernet ports. Synt ax show gvrp interface [ ethernet port-num ] Parameter port-num ——The Ethernet port number . By default, the GVRP configuration information of all the [...]

  • Page 47

    34 Chapter 8 LAG Commands LAG (Link Aggregation Group) is to combine a number of ports together to make a single high-bandwidth data path, which can highly exte nd the bandwi dth. The bandwid th of the LAG is the sum of bandwidth of it s member port. interface link-aggregation Description The interface link-aggregation command is used to access the[...]

  • Page 48

    35 interface range link-aggregation group-list no interface range link-aggregation group-list Command Mode Global Configuration Mode Parameter group-list ——The aggregation group list. Y ou can configure some aggregation groups at the same time. Example Access the Interface range Link -aggregation Mode and configure the aggregation group 1,4-6: [...]

  • Page 49

    36 link-aggregation hash-algorithm Description The link-ag gregation hash-algorithm command is used to configure the Aggregate Arithmetic for LAG . Synt ax link-aggregation hash-algorithm { src_dst_mac | src_dst_ip } Parameter src_dst_mac —— The so urce and des tination MAC addresses. src_dst_ip ——The source and destination IP addresses. Co[...]

  • Page 50

    37 TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# description movie server show interfaces link-aggregation Description The show interfaces link-aggrega tion command is used to display the configuration information of the A ggregate Arithmetic and the aggregation groups. Synt ax show interface link-aggregation [ group- num ] Para[...]

  • Page 51

    38 Chapter 9 LACP Commands LACP (Link Aggregation Control Prot ocol) is defined in IEEE802.3ad and en ables the dynamic link aggregation and disaggregation by ex changing LACP packet s with its pa rtner . The switch can dynamically group similarly configured ports into a single logical link, which will highly extend the bandwidth and flexibly balan[...]

  • Page 52

    39 Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Configure the admin key of port 1 as 1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp admin-key 1024 lacp port-priority Description The lacp port-priority command is used to set the port priority for a port. T o restore to [...]

  • Page 53

    40 Parameter port-num —— The Ethernet port number . By default, display the configuration information of all the Ethernet ports. Command Mode Any Configuration Mode Example Display the configuration inform ation of all the Ethernet ports: TP-LINK(config)# show lacp interface show lacp system-priority Description The show lacp system-priority co[...]

  • Page 54

    41 Chapter 10 User Manage Commands User Manage Commands are used to configure the user name and password for users to log on to the Web management p age with a certain access level so as to protect the settings of the switch from being randomly changed. user add Description The user add command is used to add a new user . Synt ax user add user-name[...]

  • Page 55

    42 user remove Description The user remove command is us ed to delete an existing user . The curr ent user can't be deleted by itself. Synt ax user remove user -name Parameter user-name —— An existing user name. Command Mode Global Configuration Mode Example Delete the user named tplink: TP-LINK(config)# user remove tplink user modify stat[...]

  • Page 56

    43 user modify type Description The user modify type command is used to modify the acce ss level for the existing user . The current user can't be modified by itself. Synt ax user modify ty pe user-name {guest | admin} Parameter user-name —— The existing user name. guest | admin —— Access level. Guest: limited user; admin: manager . Co[...]

  • Page 57

    44 Example Modify the password of tplink as newpwd: TP-LINK(config)# user modify p assword tplink p assword newpwd newpw d user access-control disable Description The user access-control disable command is used to cancel the user access-control. Synt ax user access-control disable Command Mode Global Configuration Mode Example Cancel the user acces[...]

  • Page 58

    45 TP-LINK(config)# user access-control ip-based 192.168.0.148 255.255.255.255 user access-control mac-based Description The user access-contro l mac-based command is used to limit the MAC Address of the users for login. Only the user with this MAC Address you set here is allowed for login Synt ax user access-control mac-based mac-addr Parameter ma[...]

  • Page 59

    46 Example Enable the access-control of the ports 2, port4, port5, port6,and port8: TP-LINK(config)# user access-control port-based 2,4-6,8 user max-number Description The user max-number command is used to configur e the number of the users logging on at the same time. T o cancel the limit to the num bers of the users loging in, please use no user[...]

  • Page 60

    47 user idle-timeout minutes no user idle-timeout Parameter minute ——The timeout time, ranging from 5 to 30 in minites. By default, the value is 10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minites: TP-LINK(config)# user idle-timeout 15 show user account-list Description The show user account[...]

  • Page 61

    48 Command Mode Any Configuration Mode Example Display the security configurat ion information of the users: TP-LINK(config)# show user configuration[...]

  • Page 62

    49 Chapter 11 Binding Table Commands Y ou can bind the IP address, MAC address, VLAN and the connected Port number of the Host together , whic h can be the condition for the ARP Inspection to filter the pa ckets. binding-table user-bind Description The binding-t able user-bind command is used to bind the IP address, MAC address, VLAN ID and the Por[...]

  • Page 63

    50 binding-table remove Description The binding-t able remove command is used to delete the IP-MAC –VID-POR T entry from the binding table. Synt ax binding-t able remove index idx Parameter idx —— The entry number needed to be deleted. Y ou can use the show binding-t able command to get the idx. Pay attent ion to that, the entry number is the[...]

  • Page 64

    51 Enable the DHCP-snoopi ng function globally: TP-LINK(config)# dhcp-snooping dhcp-snooping global Description The dhcp-snooping global command is used to conf igure the DHCP snooping globally . T o restore to the default value, please us e no dhcp-snooping global command. Synt ax dhcp-snooping global [ global-rate global-rate ] [ dec-threshold de[...]

  • Page 65

    52 dhcp-snooping information enable Description The dhcp-snooping information enable command is used to enable the Option 82 function of DHCP Snooping. T o di sable the Option 82 function, please use no dhcp-snooping information enable command. Synt ax dhcp-snooping information enable no dhcp-snooping information enable Command Mode Global Configur[...]

  • Page 66

    53 Example Replace the Option 82 field of the pa ck ets with the switch defined one and then send out: TP-LINK(config)# dhcp-snooping information strategy replace dhcp-snooping information user-defined Description The dhcp-snooping information user-defined command is used to permit users to define the Option 82. T o disable the func tion, please us[...]

  • Page 67

    54 Example Configure the sub-option Remote ID fo r the customized Option 82 as tplink: TP-LINK(config)# dhcp-snooping information remote-id tplink dhcp-snooping information circuit-id Description The dhcp-snooping information circuit-id command is used to configure the sub-option Circuit ID for the customized Option 82. Synt ax dhcp-snooping inform[...]

  • Page 68

    55 Configure the port 2 to be a T rusted Port: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping trusted dhcp-snooping mac-verify Description The dhcp-snooping mac-verify command is used to enable the MAC V erify feature. T o disable the MAC V erify feature, plea se use no dhcp-snooping mac-verify command. There are two fields[...]

  • Page 69

    56 value ——The value of Flow Control. T he options are 0/ 5/10/15/20/25/30 (packet/second). The default value is 0, which stands for disable. Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Set the Flow Control of port 2 as 20 pps: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# [...]

  • Page 70

    57 Command Mode Any Configuration Mode Example Display the IP-MAC-VID-PORT binding table: TP-LINK(config)# show binding-t able show dhcp-snooping global Description The show dhcp-snooping global command is used to display the global configuration of DHCP Snooping. Synt ax show dhcp-snooping global Command Mode Any Configuration Mode Example Display[...]

  • Page 71

    58 show dhcp-snooping interface Description The show dhcp-snooping interface command is used to display the interface configuration of DHCP Snooping. Synt ax show dhcp snooping interface [ eth ernet port-num ] Parameter port-num ——The number of the switch port. By default, it will display the configuration of all the ports. Command Mode Any Con[...]

  • Page 72

    59 Chapter 12 ARP Inspection Commands ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, such as the Network Gateway S poofi ng and Man-In-The-Middle Attack, etc. arp detection (global) Description The arp detection (global) command is used to enable the ARP Detection function globally . T o disable th[...]

  • Page 73

    60 port-list ——The specified Trusted Po rt list. Command Mode Global Configuration Mode Example Configure the ports 2-4,5-8 as the T rusted Port: TP-LINK(config)# arp detection trust-port 2-4,5-8 arp detection (interface) Description The arp detection (interface) command is us ed to enable the ARP Defend function. T o disable the arp detection [...]

  • Page 74

    61 value. T o restore to t he default speed, please use no arp detection limit-rate command. Synt ax arp detection limit-rate value no arp detection limit-rate Parameter value ——The value to specify the maxi mum amount of the received ARP packet s per second, ranging from 10 to 100 in pps(packet/second). By default, the value is 15. Command Mod[...]

  • Page 75

    62 show arp detection global Description The show arp detection global command is used to display the ARP detection global configuration including the enable/disable status and the T rusted Port list. Synt ax show arp detection global Command Mode Any Confiuration Mode Example Display the ARP detection configuration globally: TP-LINK(config)# show [...]

  • Page 76

    63 The show arp detection st atistic command is used to display the number of the illegal ARP packet s received. Synt ax show arp detection st atistic Command Mode Any Configuration Mode Example Display the number of the illegal ARP packet s received: TP-LINK(config)# show arp detection statistic show arp detection statistic reset Description The s[...]

  • Page 77

    64 Chapter 13 DoS Defend Command DoS (Denial of Service) Attack is to occupy t he network bandwid th maliciously by the network attackers or the evil programs sending a lot of se rvice requests to the Ho st. With the DoS Defend enabled, the switch can analyze the specific field of the received packet s and provide the defend measures to ensure the [...]

  • Page 78

    65 Parameter land —— Land attack. scan-synfin —— Scan SYNFIN attack. xma-scan —— Xma Scan attack. null-scan —— NULL Scan attack. port-less-than-1024 ——The SYN packet s whose Source Port less than 1024. blat —— Blat attack. ping-flood —— Ping flooding attack, If Pi ng-flood att ack is enabled, the switch will automaticall[...]

  • Page 79

    66 Chapter 14 IEEE 802.1X Commands IEEE 802.1X function is to provid e an access control for LAN ports via the authenticat ion. Only the supplicant passing the authenticat ion can access the LAN. dot1x Description The dot1x command is used to enable the IEEE 802.1X function globally . T o disable the IEEE 802.1X function, please use no dot1x comman[...]

  • Page 80

    67 transmission of EAP packets is termi nated at the switch and the EAP packets are converted to the other protocol (s uch as RADIUS) packe ts for transmission EAP-MD5: IEEE 802.1X authentication system uses extensib le authentication protocol (EAP) to exchange information between the switch and the client. The EAP protocol p ackets with authentica[...]

  • Page 81

    68 dot1x quiet-period Description The dot1x quiet-period command is used to enable t he quiet-perio d function. T o disable the f unction, please use no dot1x quiet-period command. Synt ax dot1x quiet-period no dot1x quiet-period Command Mode Global Configuration Mode Example Enable the quiet-period function: TP-LINK(config)# dot1x quiet-period dot[...]

  • Page 82

    69 Example Configure the Quiet Period and the SupplicantTi meout as 12 seconds and 6 seconds: TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 dot1x retry Description The dot1x retry command is used to configure t he maximum transfer times of the repeated authentication request. T o restore to the default value, please use no dot1x retry[...]

  • Page 83

    70 Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Enable the IEEE 802.1X f unction for the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x dot1x guest-vlan Description The dot1x guest-vlan command is used to enabl e the Guest VLAN function for a specified port. T o dis[...]

  • Page 84

    71 no dot1x port-control Parameter auto | authorized-force | unauthorized-forc e —— The Control Mode for the port. Auto: In this mode, the port will normally work only after passing the 802.1X Authentication. Authorized-force: In this mode, the port can work normally without passing the 802.1X Authentication. Unauthorized-force: In this mode, t[...]

  • Page 85

    72 Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Configure the Control T ype for port 5 as port-based: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# dot1x port-method port-based radius authentication primary-ip Description The radius authentication primary-ip command is used to c[...]

  • Page 86

    73 radius authentication secondary-ip ip-addr no radius authentication secondary-ip Parameter ip-addr ——The IP address of the alternate aut hentication server . By default, it is 0.0.0.0. Command Mode Global Configuration Mode Example Configure the IP address of the alter nate authentication serv er as 10.20.1.101: TP-LINK(config)# radius authe[...]

  • Page 87

    74 The radius authentication key command is used to configure the shared password for the switch and the authen tication servers to exchange messages. T o clear the radius authent ication key , please use no radius authentication key command. Synt ax radius authentication key key-string no radius authentication key Parameter key-string ——The sh[...]

  • Page 88

    75 radius accounting primary-ip Description The radius accounting primary-ip command is used to configure the IP address of the accounting server . Synt ax radius accounting primary-ip ip-addr Parameter ip-addr —— The IP address of the accounting server . Command Mode Global Configuration Mode Example Configure the IP address of the accounting [...]

  • Page 89

    76 TP-LINK(config)# radius accounting secondary-ip 10.20.1.101 radius accounting port Description The radius accounting port command is used to set the UDP port of accounting server(s). T o restore to the default value, please use no radius accounting port . Synt ax radius accounting port port-num no radius accounting port Parameter port-num ——[...]

  • Page 90

    77 Command Mode Global Configuration Mode Example Configure the shared password for the switch and the accounting servers as tplink: TP-LINK(config)# radius accounting key tplink radius response-timeout Description The radius response-timeout command is used to configure the maximum time for the switch to wait for the re sponse from the RADI US aut[...]

  • Page 91

    78 Synt ax show dot1x global Command Mode Any configuration Mode Example Display the configuration of 801.X globally: TP-LINK(config)# show dot1x global show dot1x interface Description The show dot1x interface command is used to display the port configuration of 801.X. Synt ax show dot1x interface [ ethernet port-num ] Parameter port-num ——The[...]

  • Page 92

    79 Any configuration Mode Example Display the configuration of the RADIUS authentic ation server: TP-LINK(config)# show radius authentication show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server . Synt ax show radius accounting Command Mode Any configuration Mode Example[...]

  • Page 93

    80 Chapter 15 Log C ommands The log information will record the settings and oper ation of the switch re spectively for you to monitor operation status and diagnose malfunction. logging local buffer Description The logging local buffer command is used to configure the severity level and the status of theconf iguration input to the log buffer . T o [...]

  • Page 94

    81 The logging local flash command is used to configur e the l evel and the status of the log file input.T o restore to the default configur ation, please use no logging local flash command. The log file indica tes the flash sector for saving system log. The inforamtion in the log f ile will not be lost after the switch is restarted and can be got [...]

  • Page 95

    82 Example Clear the information in the log file: TP-LINK(config)# logging clear buffer logging loghost Description The logging loghost command is used to configure the Log Host. T o clear the configuration of the specified Log Host, please use no logging loghost command. Log Host is to receive the system log from other devices. Y ou can remotely m[...]

  • Page 96

    83 of the Local Log including t he log buffer and the log file. Synt ax show logging local-config Command Mode Any configuration Mode Example Display the configurat ion of the Local Log: TP-LINK(config)# show logging local-config show logging loghost Description The show logging loghost command is used to display the configuration of the log host. [...]

  • Page 97

    84 Parameter leve l ——Severity level. There are 8 severity levels marked with values 0-7. The information will be displayed only when the log with the same or smaller severity level value. Display all the log information in the log buffer by default. Command Mode Any Configuration Mode Example Display the log information from level 0 to level 5[...]

  • Page 98

    85 Chapter 16 SSH Commands SSH (Security Shell) can prov ide the unsecured remote management with security and powerful authentication to ensure the security of the management information. ssh server enable Description The ssh server enable command is used to en able SSH function. T o disable the SSH function, please use no ssh server enable comman[...]

  • Page 99

    86 TP-LINK(config)# ssh version v2 ssh idle-timeout Description The ssh idle-timeout command is used to specify the idle-timeout time of SSH. T o restore to the fact ory defaults, please use no ssh idle-timeout command. Synt ax ssh idle-timeout value no ssh idle-timeout Parameter value —— The Idle-timeout time. During this period, the system wi[...]

  • Page 100

    87 S pecify the maximum number of the c onnections to the SSH server as 3: TP-LINK(config)# ssh max-client 3 ssh download Description The ssh max-client command is used to download the SSH key file from TFTP server . Synt ax ssh download { v1 | v2 } key-file ip-address ip-addr Parameter v1 | v2 —— Select the type of SSH key to download, v1 repr[...]

  • Page 101

    88 Chapter 17 SSL Commands SSL ( Secure Sockets Layer ) , a security protocol, is to pr ovide a secure connection for the application layer protocol(e.g. H TTP) based on TCP . Adopting asymmetrical encryption tecnology , SSL uses key p air to encrypt/decrypt information. A key pair refers to a public key (cont ained in the certificate) and its [...]

  • Page 102

    89 Command Mode Global Configuration Mode Example Download a SSL Certificate named ssl-cert from TFTP ser ver with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description The ssl download key command is used to download a SSL key to the switch from TFTP server . Synt [...]

  • Page 103

    90 Display the global configuration of SSL: TP-LINK(config)# show ssl[...]

  • Page 104

    91 Chapter 18 Address Commands Address configuration can improv e the network security by conf iguring the Port Security and maintaining the address information by managing the Address T able. bridge address port-security Description The bridge address port-security command is used to configure port security . T o return to the default configuratio[...]

  • Page 105

    92 Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Enable Port Security function for port1, select S tatic mode as the learn mode, and specify the maximum number of MA C addresses that can be learned o n this port as 30: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# bridge address port-security[...]

  • Page 106

    93 The bridge aging-time command is used to configure aging time for the dynamic address. T o return to the default configuration, please use no bridge aging-time command. Synt ax bridge aging-time aging-time no bridge aging-time Parameter aging-time —— The aging time for the dynamic addr ess. The value of it can be 0 or ranges from 10 to 630 s[...]

  • Page 107

    94 00:1e:4b:04:01:5d: TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 show bridge port-security Description The show bridge port-security command is used to configure the Port Security for each port, such as conf igure the Max number of MAC addressed that can be learned on the port and the Learn Mod e. Synt ax show bridge port-secur i[...]

  • Page 108

    95 show bridge aging-time Description The show bridge aging-time command is used to display the Aging T ime of the MAC address. Synt ax show bridge aging-time Command Mode Any Configuration Mode Example Display the Aging T ime of the MAC address: TP-LINK(config)# show bridge aging-time[...]

  • Page 109

    96 Chapter 19 System Commands System Commands can be used to configure the System informat ion and System IP , reboot and reset the switch, upgrade the swit ch system and other operations. system-descript Description The system-descript command is used to configure the Device Name, De vice Location and System Contact. T o clear all the information,[...]

  • Page 110

    97 system-time gmt { time-zone } { ntp-server } { backup-ntp-server } no system-time gmt { time-zone } { ntp-server } { backup-ntp-server } Parameter time-zone —— Y our local time-zone, and it ranges from -12 to 13. ntp-server —— The IP Address for the Primary NTP Server . Backup-ntp-server —— The IP Address for the Secondary NTP Server[...]

  • Page 111

    98 Synt ax system-time dst { start-date } { st art-time } {end -date } { end-time } no system-time dst Parameter start-date —— The start date of DST you set. start-time —— The start time of DST you set. end-date —— The end date of DST you set. end-time —— The end time of DST you set. Command Mode Global Configuration Mode Example Co[...]

  • Page 112

    99 TP-LINK(config)# ip address 192.168.0.69 255.255.255.0 ip management-vlan Description The ip management-vlan command is used to conf igure the management VLAN, through which you can log on to the switch. Synt ax ip management-vlan { vlan-id } Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example[...]

  • Page 113

    100 Synt ax ip bootp-alloc Command Mode Global Configuration Mode Example Enable the BOOTP Protocol to obt ain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch’s sof tware. After resetting, all configuration of the switch (except the IP Address) will restore to the facto[...]

  • Page 114

    101 user-config backup Description The user-config backup command is used to backup t he configuration file by TFTP server . Synt ax user-config backup filename name ip-address ip-addr Parameter name —— S pecify the name for the config uration file which would be backuped. ip-addr —— IP Address of the TFTP server . Command Mode Privileged E[...]

  • Page 115

    102 192.168.0.148 and name this file config.cfg: TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 user-config save Description The user-config save command is used to save current settings. Synt ax user-config save Command Mode Privileged EXEC Mode Example Save current settings: TP-LINK# user-config save firmware upgrade Descr[...]

  • Page 116

    103 ping Description The ping command is used to test the connecti vity between the switch and one node of the network. Synt ax ping { ip_addr } [ -n { count }] [ -l { count }] [ -i { count }] Parameter ip_addr —— The IP address of the destination node for ping test. count (-n) —— The amount of times to send te st data during Ping testing. [...]

  • Page 117

    104 Command Mode User EXEC Mode and Privileged EXEC Mode Example T est the connectivity between the switch and the network device with the IP 192.168.0.131. If t he destination device has not been found after 20 maxHops , the connection between the switch and the destination device is failed to establish: TP-LINK# tracert 192.168.0.131 20 loopback [...]

  • Page 118

    105 Any Configuration Mode Example Display the system information: TP-LINK# show system-info show ip address Description The show ip address command is used to displa y MAC Address, IP Address, Subnet Mask and Default Gateway of t he system, whether the DHCP Client function is enabled or not and some other information. Synt ax show ip address Comma[...]

  • Page 119

    106 show system-time dst Description The show system-time dst command is used to display the DST time information of the switch. Synt ax show system-time dst Command Mode Any Configuration Mode Example Display the DST time information of the switch TP-LINK# show system-time dst[...]

  • Page 120

    107 Chapter 20 Ethernet Configuration Commands Ethernet Configuration Commands can be used to configure the B andwidth Control, Negotiation Mode and S torm Control for Ethernet ports. interface ethernet Description The interfac e ethernet command is used to enter t he Interface Configuration Mode and configure one Ethernet port. Synt ax interface e[...]

  • Page 121

    108 Command in the Interface Range Ether net Mode is executed independently on all ports in the range. It does not effect the execution on the other ports at all if the command results in an error on one port. Example Enter the Interface Configuration Mode, add ports 1-3, 6-8 to the port-list and configure them: TP-LINK(config)# interface range eth[...]

  • Page 122

    109 Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Disable Ethernet port3: TP-LINK(config)# interface ethernet 3 TP-LINK(config-if)# shut dow n flow-control Description The flow-control command is used to enable the flow -control function for a port. T o disable the flow-control function for this correspo[...]

  • Page 123

    11 0 10h —— 10 M half-duplex. 10f —— 10M full-duplex. 100h —— 1 00M half-duplex. 100f —— 100M full-dupl ex. 1000f —— 1000M full-d uplex. Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Configure the Negotiation Mode as 100M full-duplex for Ethern et port5: TP-LINK(config)# [...]

  • Page 124

    111 Example Enable the S t orm Control func tion for port5 and specify the bc-rate as 128kbps, mc-rate as 512kbps and ul-rate as 2Mbp s: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control bc-rate 128k mc-rate 512k ul-rate 2m storm-control disable bc-rate Description The storm-control disable bc-rate command is used to disable t[...]

  • Page 125

    11 2 TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control disable mc-rate storm-control disable ul-rate Description The storm-control disable ul-rate command is used to disable the UL-Frame control. Synt ax storm-control disable ul-rate Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ?[...]

  • Page 126

    11 3 TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit ingress 5120 egress 1024 port rate-limit disable ingress Description The port rate-limit disable ingress command is used to disable the ingress-rate limit. Synt ax port rate-limit disable ingress Command Mode Interface Configuration Mode ( interface ethernet / interfac[...]

  • Page 127

    11 4 The show interface configuration command is used to display the configurations of an Ethernet port, in cluding Port-status, Flow Control, Negotiation Mode and Port-description. Synt ax show interface configuration { ethernet [ interface ] } Parameter interface —— The port selected to display the configurations. By default, the configuratio[...]

  • Page 128

    11 5 Synt ax show interface counter s { ethernet [ interface ] } Parameter Interface —— The port selected to display the st atistic information. By default, the statistic information of all ports is displayed. Command Mode Any Configuration Mode Example Display the statistic information of Ethernet port3: TP-LINK(config)# show interface counter[...]

  • Page 129

    11 6 port —— The port-number of the port selected to display the rate -limit information. By default, the rate-limit in formation of all port s is displayed. Command Mode Any Configuration Mode Example Display the rate-limit information of all Ethernet ports: TP-LINK(config)# show port rate-limit[...]

  • Page 130

    11 7 Chapter 21 QoS Commands QoS (Quality of Service) f unction is used to optimiz e the netw ork performanc e. It provides yo u with network servi ce experienc e of a bett er quality . qos Description The qos command is used to configure CoS (Class of Service) based on port. T o return to the default configuration, please use no qos command. Synt [...]

  • Page 131

    11 8 divide packet s into 8 priorities. W hen IEEE 802.1P Priority is enabled, the packet s with IEEE 802.1Q tag are mapped to different priority levels based on IEEE 802.1P priority mode. The untagged p ackets are mapped based on port priority mode. Synt ax qos dot1p config { tag } { pri } no qos dot1p config Parameter tag —— The 8 priority le[...]

  • Page 132

    11 9 TP-LINK(config)# qos dscp enable qos dscp config Description The qos dscp config command is used to con figure the mapping relation between DSCP Priority and 802.1P Priority . T o return to the default configuration, please use no qos dscp config command. DSCP (Dif fServ Code Point) is a new definition to IP T oS field given by IEEE. This fiel[...]

  • Page 133

    120 qos scheduler Description The qos scheduler command is used to configure the Schedule Mode. T o return to the default c onfiguration, please use no qos scheduler command. When the network is congested, the program that many packets complete for resources must be solved, usually in t he way of queue scheduling. The switch will control the forwar[...]

  • Page 134

    121 show qos port-based Description The show qos port-based command is used to display the configuration of QoS based on port priority . Synt ax show qos port-based [ interface-nu m ] Parameter interface-num —— The Ethernet port selected to di splay the configuration. By default, information of all the ports is displayed. Command Mode Any Confi[...]

  • Page 135

    122 show qos dscp Command Mode Any Configuration Mode Example Display the configuration of DSCP Priority: TP-LINK# show qos dscp show qos scheduler Description The show qos schedule r command is used to displa y the schedule rule of the egress queues. Synt ax show qos scheduler Command Mode Any Configuration Mode Example Display the schedule rule o[...]

  • Page 136

    123 Chapter 22 Port Mirror Commands Port Mirror refers to the process of forwarding copies of packe ts from one port to a mirroring port. Usually , the mirroring port is connected to data diagnose device, which is used to analyze the mirrored packets for monitoring and troubleshooting the network. mirror add Description The mirror add command is us[...]

  • Page 137

    124 same time. 3. Whether the mirroring port and mirrored ports are in the same VLAN or not is not demanded strictly . 4. The mirroring port and mirrored ports cannot be link-aggregation member . mirror remove group Description The mirror remove group command is used to remove mirror group. Synt ax mirror remove group [group- num ] Parameter group-[...]

  • Page 138

    125 show mirror Description The show mirror command is used to display the configuration of mirror group. Synt ax show mirror [group- num ] Parameter group-num —— The group numb er of mirrior group. Command Mode Any Configuration Mode Example Display configuration fo mirror group 1: TP-LINK# show mirror 1[...]

  • Page 139

    126 Chapter 23 Port isolation Commands Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding the port to forward packets to the por ts that are not on its forwarding port list. port isolation Description The port isolation command is used to configure the forward portlist of a port, so that this [...]

  • Page 140

    127 Example Display the forward-list of port 6: TP-LINK# show port isolation 6[...]

  • Page 141

    128 Chapter 24 PoE Commands PoE (Power over Ethernet) technology describes a system to transmit electrical power along with data to remote devices over standard twisted-p air cable in an Ethernet network. It is especially useful for supplying power to IP telephones, wi reless LAN access points, cameras and so on. power inline consumption (global co[...]

  • Page 142

    129 Command Mode Global Configuration Mode Example Configure the power disconnect method as deny-next-port: TP-LINK(config)# power inline disconnect-method deny-next-port power inline supply status Description The pow er inline supply status command is used to enable or diable the PoE feature for the corresponding port Synt ax power inline supply s[...]

  • Page 143

    130 Interface Configuration Mode Example Enable the PoE priority as low for port 2.: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# power inline priority low power inline consumption (interface configuration) Description The power inline consumption (interface configurati on) command is used to configure the power limit the port can spup[...]

  • Page 144

    131 name —— the time-range you ha ve configured. Command Mode Interface Configuration Mode Example Select the Seg2 as the time range for port 2.: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# power inline time-segment Seg2 power inline profile Description The pow er inline profile command is used to choose the the PoE profile you wa[...]

  • Page 145

    132 {low|middle|high} [ consumption { power limit }] no power profile {p rofile name } Parameter profile name —— the name of the profile. supply -status —— the PoE status of the port in the profile. priority —— the PoE priority of the port in the profile. consumption —— the max power the port in the profile can supply . Command Mode[...]

  • Page 146

    133 working day . By default, the period mode is disabled. start-date —— The start date in Absoluteness Mode, in the format of MM/DD/YYYY . By default, it is 01/01/2000. end-date —— The end date in Absoluteness Mode, in the format of MM/DD/YYYY . By default, it is 01/ 01/2000. The absoluteness mode will be disabled if the start date and end[...]

  • Page 147

    134 Define National Day , configuring the st art date as October 1st, and the end date as October 3rd: TP-LINK(config)# power holiday NationalDay 10/01 10/03 show power inline Description The show power inline command is used to display the PoE information of the system. Synt ax show power inline Command Mode Any Configuration Mode Example Display [...]

  • Page 148

    135 show power inline information Description The show pow er inline information command is used to display the PoE information of the certain port. Synt ax show power inline information [ ethernet port ] Parameter port —— The port selected to display the PoE information, ranging from 1 to 24. Command Mode Any Configuration Mode Example Display[...]

  • Page 149

    136 Command Mode Any Configuration Mode Example Display the defined holiday: TP-LINK> show power holiday show power profile Description The show pow er profile command is used to display the defined PoE profile. Synt ax show power profile Command Mode Any Configuration Mode Example Display the defined PoE profile: TP-LINK> show power profile[...]

  • Page 150

    137 Chapter 25 ACL Commands ACL (Access Control List) is used to filter data p ackets by configur ing a series of match conditions, operations and time ranges. It prov ides a flexible and secured acce ss control policy and facilitates you to control the network security . acl time-segment Description The acl time-segment command is used to add T im[...]

  • Page 151

    138 Example Add a time-range named tSeg1, with time-s lice1 from 8:30 to 12:00 at working day: TP-LINK(config)# acl time-segment tSeg1 wee k- da y working-day time-slice1 08:30-12:00 acl edit time-segment Description The acl edit time-segment command is used to edit T ime-Range. Synt ax acl edit time-segment { na me } [ week-da y week-day ] [ st ar[...]

  • Page 152

    139 acl holiday Description The acl holiday command is used to create holiday in Holiday Mode in the acl time-segment command. T o delete the corresponding holiday , please use no acl holiday command. Synt ax acl holiday { name } { start-date } { end-date } no acl holiday { name } Parameter name —— The holiday name, ranging from 1 to 16 charact[...]

  • Page 153

    140 Example Create a MAC ACL whose ID is 20: TP-LINK(config)# acl create 20 acl rule mac-acl Description The acl rule mac-acl command is used to add MAC ACL rule. T o delete the corresponding rule, please use no acl rule mac-acl command. MAC ACLs analyze and process packet s based on a se ries of match conditions, which can be the source MAC addres[...]

  • Page 154

    141 not limited. Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20, and add Rule 10 for it. In the rule, the source MAC address is 00:01:3F:48:16:23, the source MAC address mask is 1 1:1 1:1 1:1 1:1 1:00, VLAN ID is 2, the user priority is 5, the time-range for the rule to take ef fect is tSeg1, and the packet s match t[...]

  • Page 155

    142 ethernet-type —— EtherT yp e contained in the ru le, in the format of 4-hex number . user-pri —— The user priority contained in th e rule, ranging from 0 to 7. By default, it is not limited. time-segmen t —— The time-range for the rule to take ef fect. By default, it is not limited. index —— Change the index n umber of the entry[...]

  • Page 156

    143 and permit means forwarding packets. By default, th e option is permit. source-ip —— The source IP address contained in the rule. source-ip-mask —— The source IP address mask. It is required if you typed the source IP address. destination-ip —— The destination IP address contained in the rule. destination-ip-mask —— The destinat[...]

  • Page 157

    144 source-ip-mask —— The source IP address mask. It is required if you typed the source IP address. destination-ip —— The destination IP address contained in the rule. destination-ip-mask —— The destination IP address mask. It is required if you typed the destination IP address. time-segmen t —— The time-range for the rule to take [...]

  • Page 158

    145 TP-LINK(config)# acl policy policy -add policy1 acl policy action-add Description The acl policy action-add command is used to add ACLs and create actions for the policy . T o delete the co rresponding actions, please use no acl policy action-add command. Synt ax acl policy action-add { policy-name } { acl-id } [ rate rate ] [ osd { none | disc[...]

  • Page 159

    146 TP-LINK(config)# acl policy policy -add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl edit action Description The acl edit action command is used to edit actions for the policy . Synt ax acl edit action { policy-name } { acl-id } [ rate rate ] [ osd {none | discard}] [ e-port egress-port ] [ vid vlan-id ] [...]

  • Page 160

    147 bind relation, please use no acl bind to-port command. Synt ax acl bind to-port { policy-name } { port } no acl bind to-port { policy-name } { por t } Parameter policy-name —— The name of the policy desired to bind. port —— The numbe r of the port desired to bind. Command Mode Global Configuration Mode Example Bind policy1 to Port 1,3-5[...]

  • Page 161

    148 T ime-Range. Synt ax show acl time-segmen t Command Mode Any Configuration Mode Example Display the configuration of T ime-Range: TP-LINK> show acl time-segment show acl holiday Description The show acl holiday command is used to display the defined holiday . Synt ax show acl holiday Command Mode Any Configuration Mode Example Display the de[...]

  • Page 162

    149 show acl bind Description The sho w acl bind command is used to display the configuration of Policy bind. Synt ax show acl bind Command Mode Any Configuration Mode Example Display the configuration of Policy bind: TP-LINK> show acl bind[...]

  • Page 163

    150 Chapter 26 MSTP Commands MSTP (Multiple S panning T ree Protocol), comp at ible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ri ng network. STP is to block redundant links and backup links as well as optimize paths. spanning-tree global Description The sp anning-tree global command is used to configure STP globally . T o r[...]

  • Page 164

    151 hold-count —— TxHold Count, which is the maximum number of BP DU packet s transmitted per Hello T ime interv al. TxHold Count ranges from 1 to 2 0 in pps. By default, it is 5. max-hops —— Max Hop s, which is the maximum number of hops that occur in a specific region before t he BPDU is discarded. Max Hops ranges from 1 to 40 in hop. By [...]

  • Page 165

    152 port. The lower value has the higher priority . expath-consum —— ExtPath Cost, which is us ed to choose the p ath and calculate the path cost s of ports in different MST regions. It is an important criterion on determining the root port. The lower value has the higher priority . By default, it is automatic. inpaht-consum —— IntPath Cost[...]

  • Page 166

    153 name —— The region name, used to identify MST region. It ranges from 1 to 32 characters. revision —— The revision for MST region identification, ranging from 0 to 65535. Command Mode Global Configuration Mode Example Configure the region name of MSTP as r1, and the revision level as 100: TP-LINK(config)# spanning-tree region r1 100 span[...]

  • Page 167

    154 Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as 4096: TP-LINK(config)# spanning-tree msti 1 st atus enable pri 4096 mapped 2-5,8 spanning-tree msti Description The sp anning-tree msti command is used to configure MSTP Instance Port. T o return to the default conf iguration of the corresponding Instance Port, ple[...]

  • Page 168

    155 S panning T ree globally . T o return to t he default configurat ion, please use no sp anning-tree tc-defen d command. A switch removes MAC address entries upon receiving TC-BPDUs. If a malicious user continuously sends TC-BPDUs to a switch, the switch will be busy with removing MAC address entries, which may decrease the performance and stabil[...]

  • Page 169

    156 is to prevent wrong network topology change caused by the role change of the current legal root bridge. TC —— Enable/ Disable TC Protect. By default, it is disabled. defend —— Enable/ Disable BPDU Protect. By default, it is disabled. BPDU Protect is to prevent the edge port fr om being attacked by maliciously created BPDUs. hold —— [...]

  • Page 170

    157 Synt ax show spanning-tree global-info Command Mode Any Configuration Mode Example Display the current st atus of S panning T ree: TP-LINK# show spanning-tree global-info show spanning-tree global-config Description The show spanning-tree global-config command is used to display the global configuration of S panning T ree. Synt ax show spanning[...]

  • Page 171

    158 Display the configuration of port 5: TP-LINK(config)# show spanning-tree port-config 5 show spanning-tree region Description The show spanning-tree region command is used to display the Region configuration of MSTP . Synt ax show spanning-tree region Command Mode Any Configuration Mode Example Display the region configuration of MSTP: TP-LINK(c[...]

  • Page 172

    159 The show spanning-tree msti port command is used to display the Instance Port configuration of S pan ning T ree. Synt ax show spanning-tree msti port { id } [ port ] Parameter id —— Instance ID, ranging from 1 to 8. port —— The port selected to display t he configuration. By default, the configuration of all ports is displayed. Command [...]

  • Page 173

    160 port —— The port selected to display the configuration. By default, the Port Protect configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Protect configuration of port 2: TP-LINK(config)# show spanning-tree security port-defend 2[...]

  • Page 174

    161 Chapter 27 IGMP Commands IGMP Snooping (Internet Group Management Prot ocol Snooping) is a multicast control mechanism running on Layer 2 switch. It can effectively prevent multicast groups being broadcasted in the network. igmp-snooping global Description The igmp-snooping global command is used to configure IGMP globally . T o return to the d[...]

  • Page 175

    162 Synt ax igmp-snooping config st atus {disable | enable} fast-leave {di sable | enable} no igmp-snooping config Parameter status —— Enable/ Disable IGMP Snooping for the desired port. fast-leave —— Enable/ Disable Fast Leave feat u re for the desired port. If Fast Leave is enabled for a port, the switch will immediately remove this port [...]

  • Page 176

    163 member-time —— Member Port T ime. Within this time, if the switch does not receive IGMP report message from the member port, it will consider this port is not a member port any more. Member Port Time ranges from 60 to 600 in seconds. By default, it is 260. leave-time —— Leave Time, which is the interval between the switch reveiving a le[...]

  • Page 177

    164 receive IGMP report message from the member port, it will consider this port is not a member port any more. Member Port Time ranges from 60 to 600 in seconds. By default, it is 260. leave-time —— Leave Time, which is the interval between the switch reveiving a leave message from a host and the switch removing the host from the multicast gro[...]

  • Page 178

    165 seconds. By default, it is 260. leave-time —— Leave Time, which is the interval between the switch reveiving a leave message from a host and the switch removing the host from the multicast groups. Leave T ime ranges from 1 to 30 in seconds. By default, it is 1. router-port —— S tatic Router Port, which is mainly used in the netwo rk wit[...]

  • Page 179

    166 configure the forward port as port 1: TP-LINK(config)# igmp-snooping st atic-entry-add 225.0.0.1 2 1 igmp-snooping filter-add Description The igmp-snooping filter-add command is used to c onfigure the multicast IP-range desired to filter . T o delete th e corresponding IP-range, please use no igmp-snooping filter-add command. When IGMP Snooping[...]

  • Page 180

    167 id —— IP-range ID, ranging from 1 to 30. start-ip —— The start multicast IP of the IP-range. end-ip —— The end multicast IP of the IP-range. Command Mode Global Configuration Mode Example Modify the multicast IP-range whose ID is 20 as 225.0. 0.10~225.0.0.12: TP-LINK(config)# igmp-snooping filter-config 20 225.0.0.10 225.0.0.12 igmp[...]

  • Page 181

    168 Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Enable multicast filtering function for port 5, specif y Action Mode as accept, bound IP-range 2, 3, 4, and specify the maximum number of multicast groups for port 5 to join in as 128: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snoopin[...]

  • Page 182

    169 Example Display the IGMP configuration of port 2: TP-LINK> show igmp-snooping port-config 2 show igmp-snooping vlan-config Description The show igmp-snooping vlan-config command is used to display the VLAN configuration of IGMP . Synt ax show igmp-snooping vlan-config Command Mode Any Configuration Mode Example Display the VLAN configuration[...]

  • Page 183

    170 Synt ax show igmp-snooping multi-ip-list Command Mode Any Configuration Mode Example Display the Multicast IP t able: TP-LINK> show igmp-snooping multi-ip-list show igmp-snooping filter-ip-addr Description The show igmp-snooping filter-ip-addr command is used to display the Multicast Filter IP-Range table. Synt ax show igmp-snooping filter-i[...]

  • Page 184

    171 TP-LINK> show igmp-snooping port-filter 5 show igmp-snooping packet-stat Description The show igmp-snooping packet-st at command is used to display the Packet S tatistics information of all ports. Synt ax show igmp-snooping p acket-st at Command Mode Any Configuration Mode Example Display the Packet S tatistics information: TP-LINK> show [...]

  • Page 185

    172 Chapter 28 SNMP Commands SNMP (Simple Network Management Protocol) func tions are used to manage the network devices for a smooth communication, whic h can facilitate the network administrators to monitor the network nodes and implement the proper operation. snmp global Description The snmp global command is used to configure the SNMP function [...]

  • Page 186

    173 snmp view-add Description The snmp view-add command is used to add View . T o delete the corresponding View , please use no snmp view -add command. The OID (Object Identifier) of the SNMP p ackets is used to describe the managed objects of the switch, and the MIB (Management In formation Base) is the set of the OIDs. The SNMP V iew is created f[...]

  • Page 187

    174 privacy mode guarantee the high securi ty for the communication between the management station and the managed device. Synt ax snmp group-add { name } [ smode { v1 | v2c | v3 }] [ slev { noAuthNoPriv | authNoPriv | authPriv }] [ ro ro-view ] [ wo wo-view ] [ notify notify-view ] no snmp group-add { name } { smode { v1 | v2c | v3 }} { slev { noA[...]

  • Page 188

    175 snmp user-add Description The snmp user-add command is used to add User . T o delete the corresponding User , plea se use no snmp user-add command. The User in a SNMP Group can manage the switch via the management station sof tware. The User and its Group have the same security level and access right. Synt ax snmp user-add { name } { local | re[...]

  • Page 189

    176 encryption method is used. By def ault, the Privacy Mode is none. encrypt-pwd —— Privacy Password, rangin g from 1 to 16 characters. Command Mode Global Configuration Mode Example Add User admin to Group group2, and configure the Security Model of the user as v3, the Security Level of the group as authPriv , the Authentication Mode of the u[...]

  • Page 190

    177 snmp notify-add Description The snmp notify -add command is used to add Notification. T o delete the corresponding Notification, please use no snmp notify-add command. With the Notification function enabled, the switch can initiatively report to the management station about the importa nt ev ents that occur on the Views, which allows the manage[...]

  • Page 191

    178 Command Mode Global Configuration Mode Example Add a Notification entry , and configure t he IP Address o f the management Host as 192.168.0.1, the UDP port as 162, the User name of the management st ation as admin, the Security Model of the manag ement station as v2c, the type of the notifications as inform, the maximum ti me for the switch to[...]

  • Page 192

    179 TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100 snmp-rmon history owner Description The snmp-rmon history o wner command is used to conf igure the owner of the history sample entry . T o return to the default configur ation, please use no snmp-rmon history owner command. Synt ax snmp-rmon history owner { index } [ owner ] no snmp-rmon h[...]

  • Page 193

    180 Global Configuration Mode Example Enable the history sample entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon history enable 1-4,8 snmp-rmon event user Description The snmp-rmon event user command is used to conf igure the user name of SNMP-RMON Event. T o return to t he default configurat ion, please use no snmp-rmon event user command. Event [...]

  • Page 194

    181 no snmp-rmon event description { index } Parameter index —— The index number of the event e n try , ranging from 1 to 12. Y ou can only select one entry for each command. description —— The description of the eve nt, ranging from 1 to 16 characters. By default, it is empty . Command Mode Global Configuration Mode Example Configure the d[...]

  • Page 195

    182 snmp-rmon event owner Description The snmp-rmon event owner command is used to configure the owner of SNMP-RMON Event. T o return to t he default configurat ion, please use no snmp-rmon event owner command. Synt ax snmp-rmon event owner { index } [ owner ] no snmp-rmon event owner { index } Parameter index —— The index number of the event e[...]

  • Page 196

    183 Enable the SNMP-RMON Event entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. T o return to the default configuration, please use no snmp-rmon alarm config command. Alarm Group is one of the commonly used RMON[...]

  • Page 197

    184 f-hold —— The falling counter value that tr iggers the Falling Threshold alarm, ranging from 1 to 65535. By default, it is 100. f-event —— Fall Event, which is the index of the corresponding event which will be triggered if the sampled value is lower than the Falling Threshold. It ranges from 1 to 12. a-type —— Alarm T ype, with ris[...]

  • Page 198

    185 Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon alarm owner 1 owner1 snmp-rmon alarm enable Description The snmp-rmon alarm enable command is used to enable SNMP-RMON Alarm Management entry . T o disable the corresponding ent ry , please use no snmp-rmon alarm enable command. Synt ax snmp-rmon alarm enable { index } no snmp[...]

  • Page 199

    186 show snmp view Description The show snmp view command is used to display the View ta ble. Synt ax show snmp view Command Mode Any Configuration Mode Example Display the View table: TP-LINK> show snmp view show snmp group Description The show snmp group command is used to display the Group table. Synt ax show snmp group Command Mode Any Confi[...]

  • Page 200

    187 TP-LINK> show snmp user show snmp community Description The sho w snmp community command is used to displa y the Community table. Synt ax show snmp community Command Mode Any Configuration Mode Example Display the Community table: TP-LINK> show snmp community show snmp destination-host Description The show snmp destination-host command is[...]

  • Page 201

    188 index —— The index nu mber of the entry sele cted to display the configuration, ranging from 1 to 12. Y ou can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all history sample entries: TP-LINK> show snmp-rmon hist[...]

  • Page 202

    189 ranging from 1 to 12. Y ou can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all Alarm Management entries: TP-LINK> show snmp-rmon alarm[...]

  • Page 203

    190 Chapter 29 LLDP Commands LLDP function enables network devic es to advertise their own device information periodically to neighbors on the same LAN. The information of the LLDP devices in the LAN can be stored by its neighbor in a standard MIB, so it is possible fo r the information to be accessed by a Network Management System (NMS) using SNMP[...]

  • Page 204

    191 Command Mode Global Configuration Mode Example S pecify Hold Multiplier as 5: TP-LINK(config)# lld p hold-multiplier 5 lldp timer Description The lldp timer command is used to confi gure the parameters about transmission. T o return to the default configurat ion, please use no lldp timer command. Synt ax lld p timer tx-interval tx-interval lld [...]

  • Page 205

    192 Rx_Only) to Tx&Rx (or Tx_Only), the fa st start mechanism will be enabled, that is, the transmit interval will be short en to a second, and several LLDPDUs will be sent out (the number of LLDPDUs equal s this parameter). The default value is 3. Command Mode Global Configuration Mode Example S pecify the T ransmit Interval of LLD PDU as 45 s[...]

  • Page 206

    193 The lld p admin-st atus command is used to configur e the port’s LLDP operat ing mode. T o return to the defaul t configurati on, please use no lldp admin-status command. Synt ax lld p admin-st atus {disa ble | tx | rx | txrx } no lld p admin-st atus Parameter disable —— Neither transmit nor receive LLDP frames. tx —— Only transmit LL[...]

  • Page 207

    194 lldp tlv-select Description The lld p tlv-select command is used to configure TL Vs to be included in outgoing LLDPDU. T o ex clude TL Vs, please use no lld p tlv-select command. By default, All TL Vs are included in outgoing LLDPDU. Synt ax lld p tlv-select [port-description] [system-cap ability] [system-description] [system-name] [management-[...]

  • Page 208

    195 Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Enable the LLDP-MED status for port 6: TP-LINK(config)# interface ethernet 6 TP-LINK(config-if)# lldp med-status enable lldp med-tlv-select Description The lldp med-tlv-select command is used to configure TL Vs to be included in outgoing LLDPDU. T o ex cl[...]

  • Page 209

    196 Parameter emergency-number —— Emergency number is Emergency Call Service ELIN identifier, which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. civic-address —— The Civic address is defined to reuse the relevant sub-fields of the DHCP option for Civic Address bas ed Location Config uration Information[...]

  • Page 210

    197 Synt ax show lldp interface [ ethernet port ] Parameter port —— The port selected to displa y the c onfiguration of LLDP , ranging from 1 to 24. Command Mode Any Configuration Mode Example Display the LLDP conf iguration of port 8: TP-LINK> show lldp int erface ethernet 8 show lldp local-information Description The show lldp local-inform[...]

  • Page 211

    198 port —— The port selected to display the neighbor information, ranging from 1 to 24. Command Mode Any Configuration Mode Example Display the neighbor information of port 8: TP-LINK> show lldp neighbor-information 8 show lldp statistics Description The show lldp st atistics command is used to display the LLDP statistic information between[...]

  • Page 212

    199 TP-LINK> show lldp med fast-count show lldp med interface Description The show lldp med interface command is used to display LLDP-MED configuration of the certain port. Synt ax show lldp med interface [ ethernet port ] Parameter port —— The port selected to displa y the c onfiguration of LLDP , ranging from 1 to 24. Command Mode Any Conf[...]

  • Page 213

    200 show lldp med neighbor-information Description The show lld p med neighbor-information command is used to display the neighbor ’s LLDP-MED information of the certain port. Synt ax show lldp med neighbor-information [ port ] Parameter port —— The port selected to display the neighbor information, ranging from 1 to 24. Command Mode Any Conf[...]

  • Page 214

    201 Chapter 30 Cluster Commands Cluster Management function enables a network administrator to manage the scattered devices in the network via a manag ement device. After a co mm ander switc h is configured, management and maintenance operations intended fo r the member devices in a cl uster is implemented by the commander device. cluster ndp Descr[...]

  • Page 215

    202 cluster ntdp Description The cluster ntd p command is used to configure NTDP globally . T o return to the default configuration, please use no cluster nt dp command. NTDP (Neighbor T opology Discovery Protocol) is used to collect the NDP information and neighboring connection information of each device in a specif ic network range. It provides [...]

  • Page 216

    203 TP-LINK(config)# cluster ntd p status enable interval 20 hop 5 hop-delay 300 port-delay 50 cluster explore Description The cluster explore command is used to enable the topology information collecting function manually . Synt ax cluster explore Command Mode Global Configuration Mode Example Enable the topology informati on collecting function m[...]

  • Page 217

    204 cluster manage role-change Description The cluster manage role-change command is used to change the role of the current switch. According to their status and functions, switc hes in the cluster play different roles. Y ou c an specify the role the switch plays appropriate to your needs. A commander s witch can recogni ze and manage the devices i[...]

  • Page 218

    205 show cluster ndp port-status Description The show cluster nd p port-st atus command is used to display NDP configuration of the certain port. Synt ax show cluster ndp port-st atus [ port ] Parameter port —— The port selected to display the c onfiguration of NDP . By default, the configuration of all ports is displayed. Command Mode Any Conf[...]

  • Page 219

    206 show cluster nt dp global Command Mode Any Configuration Mode Example Display the global configuration of NTDP: TP-LINK> show cluster nt dp global show cluster ntdp port-status Description The show cluster nt dp port-st atus command is used to display NTDP configuration of the certain port. Synt ax show cluster ntd p port-status [ port ] Par[...]

  • Page 220

    207 TP-LINK> show cluster nt dp device show cluster manage role Description The show cluster manage role command is used to display the role of the current switch. Synt ax show cluster manage role Command Mode Any Configuration Mode Example Display the role of the current switch: TP-LINK> show cluster manage role[...]