TP-Link TL-SG3424P инструкция обслуживания

TL-SG3424P JetS tream L2 Managed PoE Switch Rev: 1.0.0 1910010613[...]

I COPYRIGHT & TRADEMARKS S pecifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks or registered trademarks of t heir respective holders. No part of the specificatio ns ma y be reproduced in any form or by any means or used to make any derivat[...]

II CONTENTS Preface .............................................................................................................. 1 Chapter 1 Using the CLI ....................................................................................... 4 1.1 Accessi ng the CLI ................................................................................[...]

III show ma c-vlan .................................................................................................................. .... 21 Chapter 5 Protocol VLAN Commands ............................................................... 22 protocol-vla n template ....................................................................................[...]

IV show lacp interface ............................................................................................................ .... 39 show lacp syst em-prior ity ...................................................................................................... 40 Chapter 10 User Manage Comma nds ...........................................[...]

V arp detection trust- port ....................................................................................................... ... 59 arp detection (interfa ce)...................................................................................................... ... 60 arp detection limit-rate ..................................................[...]

VI show radius account ing ......................................................................................................... 79 Chapter 15 Log Comma nds ................................................................................. 80 logging loca l buffe r .................................................................................[...]

VII system-tim e dst ................................................................................................................ ..... 97 ip addr ess ..................................................................................................................... ......... 98 ip management -vlan ............................................[...]

VIII Chapter 21 QoS Comma nds................................................................................ 1 17 qos ............................................................................................................................ .......... 1 17 qos dot1p config .........................................................................[...]

IX Chapter 25 ACL Comma nds ................................................................................137 acl time-s egm ent ............................................................................................................... .. 137 acl edit ti me-segm ent ............................................................................[...]

X igmp-snooping global .......................................................................................................... 1 61 igmp-snooping config .......................................................................................................... 1 61 igmp-snooping vlan -config-a dd ..................................................[...]

XI show snmp view ................................................................................................................. . 186 show snmp group ................................................................................................................ 186 show snmp user ................................................................[...]

XII show cluste r neighb our........................................................................................................ 2 05 show cluster ntd p gl obal ...................................................................................................... 2 05 show cluster ntd p port-st atus .............................................[...]

1 Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SG3424P JetS tream L2 Managed PoE Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels a[...]

2 Provide information about the co mmands used for protecting the swit ch from the ARP cheating or ARP Att ack. Chapter 13: DoS Defend Command Provide information about the commands used for DoS defend and detecting the DoS attack. Chapter 14: IEEE 802.1X Commands Provide information about the commands us ed for configuring I EEE 802.1X function. C[...]

3 Protocol). Chapter 27: IGMP Commands Provide information about the commands used for configuring the IGMP Snooping (Internet Group Management Protocol Snooping). Chapter 28: SNMP Commands Provide information about the commands used for configuri ng the SNMP (Simple Network Management Protocol) functions. Chapter 29: LLDP Commands Provide informat[...]

4 Chapter 1 Using the CLI 1.1 Accessing the CLI Y ou can log on to the switch and access the CLI by the following two methods: 1. Log on to the switch by the console port on the switch. 2. Log on to the switch remotely by a T e lnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port T o log on to the switch by the console por[...]

5 Figure 1-2 Connection Description 4. Select the port to connect in figure 1-3, and click OK . Figure 1-3 Select the port to connect 5. Configure the port selected in the step abov e as the following figure1-4 sho wn. Configure Bit s per second as 38400, Dat a bit s as 8, Parity as None, S top bit s as 1, Flo w control as None, and then click OK .[...]

6 Figure 1-4 Port Settings 6. T ype the User name an d Password in the Hyper T erminal window , the factory default value for both of them is admin. The DOS pr ompt ” TP-LINK>” will appear after pressing the Enter button as figure1-5 shown. It indi cates that you can use the CLI now . Figure 1-5 Log in the Switch 1.1.2 Logon by Telnet T o lo[...]

7 Figure 1-6 Open the Run window 3. T ype cmd in the prompt R un window a s figure 1-7 and click OK . Figure 1-7 Run Window 4. T ype telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter button. Figure 1-8 Connecting to the Switch[...]

8 5. T ype the User name and Passwo rd (the factory default value fo r both of them is admin) and press the Enter button, then you can use the CLI now , which is shown as figure1-9. Figure 1-9 Log in the Switch 1.2 CLI Command Modes The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Int[...]

9 User EXEC Mode Primary mode once it is connected with the swi tch. TP-LINK> Use the exit command to disconnect the switch (except that the switch is connected through the Consol e port). Use the enable command to access Privileged EXEC mode. Privileged EXEC Mode Use the enable command to enter this mode from User EXEC mode. TP-LINK# Use the ex[...]

10 you should access the corres ponding command mode firstly. z Global Configuration Mode : In this mode, global commands are provided, such as the Spanning Tree, Schedule Mode and so on. z Interface Configuration Mode : In this mode, users can c onfigure one or several ports, different ports corresponds to dif ferent commands a). Interface Etherne[...]

11 1.4 Conventions 1.4.1 Format Conventions The following conventions are used in this Guide: ¾ Items in square brackets [ ] are optional ¾ Items in braces { } are required ¾ Alternative items are grouped in braces and se parated by vertical bars. For example: speed {10 | 100 | 1000 } ¾ Bold indicates an unalterable keyword. For example: show l[...]

12 Chapter 2 User Interface enable Description The enable command is used to access Privileged EXEC Mode from User EXEC Mode. Synt ax enable Command Mode User EXEC Mode Example If you have set the password to access Privileged EXEC Mode from User EXEC Mode: TP-LINK>enable Enter p assw ord ： TP-LINK# enable password Description The enable p ass[...]

13 disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Synt ax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TP-LINK# disable TP-LINK> configure Description The configure command is used to access Global Configuration Mode fr om Privileged [...]

14 Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode,an d then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# end Description The end command is used to return to Privileged EXEC Mode. Synt ax end Command Mode Any Configuration Mode Example Retur[...]

15 Chapter 3 IEEE 802.1Q VLAN Commands VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logical LANs flexibly . Host s in the same VLAN can communicate with each other , regardless of their physical locations. VLAN can enhance performance b y conserving bandwidth, and improve security by limit[...]

16 Create a VLAN, the vid of which is 12: TP-LINK(config)# vlan dat abase TP-LINK(config-vlan)#vlan 12 interface vlan Description The interface vlan command is used to access VLAN Interface Mode to configure the specified VLAN. Synt ax interface vlan vlan-id Parameter vlan-id ——VLAN ID,ranging from 1 to 4094. Command Mode Global Configuration M[...]

17 TP-LINK(config-if)#description vlan2 switchport type Description The switchport type command is used to configur e the Link T ypes for the ports. Synt ax switchport type { access | trunk | general } Parameter access | trunk | general —— Link T ypes. There are three Link T ypes for the ports. Command Mode Interface Configuration Mode ( interf[...]

18 TP-LINK(config-if)# switchport allowed vlan add 2 switchport pvid Description The switchport pvid command is used to configur e the PVID for the switch ports. Synt ax switchport pvid vlan-id Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. Command Mode Interface Configuration Mode (interface ethernet / interface ran ge ethernet ) Exampl[...]

19 show vlan Description The show vlan command is used to display t he information of IEEE 802.1Q VLAN . Synt ax show vlan [ vlan-id ] Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. By default , display all the information of IEEE 802.1Q VLAN. Command Mode Any Configuration Mode Example Display the information of vlan 5: TP-LINK(config)#[...]

20 Chapter 4 MAC VLAN Commands MAC VLAN (Virtual Local Area Network) is the way to classify the VLANs based on MAC Address. A MAC address is relative to a single VLAN ID. The untagged packets and the priority-tagged packet s coming from the MAC address will be tagged with this VLAN ID. mac-vlan add Description The mac-vlan add command is used to cr[...]

21 Example Delete the existing MAC-Based VLAN entry with the MAC address of 00:00:00:00:00:02: TP-LINK(config)# mac-vlan remove 00:00:00:00:00:02 mac-vlan modify Description The mac-vlan modify command is used to modify the settings of t he subsistent MAC VLAN entry . Synt ax mac-vlan modify { vlan-id } { mac-addr } [ description ] Parameter vlan-i[...]

22 Chapter 5 Protocol VLAN Commands Protocol VLAN (V irtual Local Area Network) is the way to classify VLANs based on Protocols. A Protocol is relative to a single VLAN ID. The untagged p ackets and the priority-tagged pa ckets matching the protocol template w ill be tagged with this VLAN ID. protocol-vlan template Description The protocol-vlan tem[...]

23 protocol-vlan vlan vid template index member-list no protocol-vlan entry-id Parameter vid ——VLAN ID ， ranging from 1-4094. index ——The number of the Protocol template.Y ou can get the template corresponding to the number by the show protocol-vlan template command. entry-id ——The number of the Protocol VL AN . Y ou can get the Proto[...]

24 show protocol-vlan vlan Command Mode Any Configuration Mode Example Display information of the protocol-vlan entry: TP-LINK(config)# show protocol-vlan vlan[...]

25 Chapter 6 Voice VLAN Commands V oice VLANs are configured spec iall y for voice data stream. By configuring V oice VLANs and adding the ports with voice devic es attached to voice VLANs, you can perform QoS-related configuration for voice data, ens uring the transmission priority of voice data stream and voice quality . voice-vlan enable Descrip[...]

26 Parameter aging-time ——Aging time (in minutes) to be set for the V oice VLAN. It ranges from 1 to 43200 and the default value is 1440. Command Mode Global Configuration Mode Example Set the aging time for the V oice VLAN as 2880 minutes: TP-LINK(config)# voice-vlan aging-time 2880 voice-vlan priority Description The voice-vlan priority comma[...]

27 voice-vlan oui remove mac-addr Parameter mac-addr —— The OUI address of the voice device. mask-addr —— The OUI address ma sk of the voice device. description ——Give a description to the OU I for identification which contains 16 characters at most. By default, it is empty . Command Mode Global Configuration Mode Example Create a V oic[...]

28 switchport voice-vlan security Description The switchport voice-vl an security command is used to configure the V oice VLAN security mode. Synt ax switchport voice-vlan securit y {disable | enable} Parameter disable | enable —— disable/enable the security mode for the specified port . Command Mode Interface Configuration Mode （ interface e[...]

29 The show voice-vlan oui command is used to display the configuration information of V oice VLAN OUI. Synt ax show voice-vlan oui Command Mode Any Configuration Mode Example Display the configuration info rmation of V oice VLAN OUI: TP-LINK(config)# show voice-vlan oui show voice-vlan switchport Description The show voice-vlan switchport command [...]

30 Chapter 7 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allo ws the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagat e the lo cal VLAN registration information to other switches, without having to individu[...]

31 Example Enable the GVRP function for ports 2-6: TP-LINK(config)# interface range ethernet 2-6 TP-LINK(config-if)# gvrp gvrp registration Description The gvrp registration command is used to confi gure the GVRP registration type on the desired port. T o restore to the default value, ple ase use no gvrp registration command. Synt ax gvrp registrat[...]

32 Parameter leaveall | join | leave —— They are the three timers: leave All 、 join and leave. Once the LeaveAll T imer is set, the port with GVRP enabled can send a LeaveAll message after the timer times ou t, so that other GARP ports can re-register all the attribute information. After that, the LeaveAll timer will start to begin a new cycl[...]

33 TP-LINK(config)# show gvrp global show gvrp interface Description The show gvrp interface command is used to displa y the GVRP configuration information of the s pecified Ethernet ports. Synt ax show gvrp interface [ ethernet port-num ] Parameter port-num ——The Ethernet port number . By default, the GVRP configuration information of all the [...]

34 Chapter 8 LAG Commands LAG (Link Aggregation Group) is to combine a number of ports together to make a single high-bandwidth data path, which can highly exte nd the bandwi dth. The bandwid th of the LAG is the sum of bandwidth of it s member port. interface link-aggregation Description The interface link-aggregation command is used to access the[...]

35 interface range link-aggregation group-list no interface range link-aggregation group-list Command Mode Global Configuration Mode Parameter group-list ——The aggregation group list. Y ou can configure some aggregation groups at the same time. Example Access the Interface range Link -aggregation Mode and configure the aggregation group 1,4-6: [...]

36 link-aggregation hash-algorithm Description The link-ag gregation hash-algorithm command is used to configure the Aggregate Arithmetic for LAG . Synt ax link-aggregation hash-algorithm { src_dst_mac | src_dst_ip } Parameter src_dst_mac —— The so urce and des tination MAC addresses. src_dst_ip ——The source and destination IP addresses. Co[...]

37 TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# description movie server show interfaces link-aggregation Description The show interfaces link-aggrega tion command is used to display the configuration information of the A ggregate Arithmetic and the aggregation groups. Synt ax show interface link-aggregation [ group- num ] Para[...]

38 Chapter 9 LACP Commands LACP (Link Aggregation Control Prot ocol) is defined in IEEE802.3ad and en ables the dynamic link aggregation and disaggregation by ex changing LACP packet s with its pa rtner . The switch can dynamically group similarly configured ports into a single logical link, which will highly extend the bandwidth and flexibly balan[...]

39 Command Mode Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Configure the admin key of port 1 as 1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp admin-key 1024 lacp port-priority Description The lacp port-priority command is used to set the port priority for a port. T o restore to [...]

40 Parameter port-num —— The Ethernet port number . By default, display the configuration information of all the Ethernet ports. Command Mode Any Configuration Mode Example Display the configuration inform ation of all the Ethernet ports: TP-LINK(config)# show lacp interface show lacp system-priority Description The show lacp system-priority co[...]

41 Chapter 10 User Manage Commands User Manage Commands are used to configure the user name and password for users to log on to the Web management p age with a certain access level so as to protect the settings of the switch from being randomly changed. user add Description The user add command is used to add a new user . Synt ax user add user-name[...]

42 user remove Description The user remove command is us ed to delete an existing user . The curr ent user can't be deleted by itself. Synt ax user remove user -name Parameter user-name —— An existing user name. Command Mode Global Configuration Mode Example Delete the user named tplink: TP-LINK(config)# user remove tplink user modify stat[...]

43 user modify type Description The user modify type command is used to modify the acce ss level for the existing user . The current user can't be modified by itself. Synt ax user modify ty pe user-name {guest | admin} Parameter user-name —— The existing user name. guest | admin —— Access level. Guest: limited user; admin: manager . Co[...]

44 Example Modify the password of tplink as newpwd: TP-LINK(config)# user modify p assword tplink p assword newpwd newpw d user access-control disable Description The user access-control disable command is used to cancel the user access-control. Synt ax user access-control disable Command Mode Global Configuration Mode Example Cancel the user acces[...]

45 TP-LINK(config)# user access-control ip-based 192.168.0.148 255.255.255.255 user access-control mac-based Description The user access-contro l mac-based command is used to limit the MAC Address of the users for login. Only the user with this MAC Address you set here is allowed for login Synt ax user access-control mac-based mac-addr Parameter ma[...]

46 Example Enable the access-control of the ports 2, port4, port5, port6,and port8: TP-LINK(config)# user access-control port-based 2,4-6,8 user max-number Description The user max-number command is used to configur e the number of the users logging on at the same time. T o cancel the limit to the num bers of the users loging in, please use no user[...]

47 user idle-timeout minutes no user idle-timeout Parameter minute ——The timeout time, ranging from 5 to 30 in minites. By default, the value is 10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minites: TP-LINK(config)# user idle-timeout 15 show user account-list Description The show user account[...]

48 Command Mode Any Configuration Mode Example Display the security configurat ion information of the users: TP-LINK(config)# show user configuration[...]

49 Chapter 11 Binding Table Commands Y ou can bind the IP address, MAC address, VLAN and the connected Port number of the Host together , whic h can be the condition for the ARP Inspection to filter the pa ckets. binding-table user-bind Description The binding-t able user-bind command is used to bind the IP address, MAC address, VLAN ID and the Por[...]

50 binding-table remove Description The binding-t able remove command is used to delete the IP-MAC –VID-POR T entry from the binding table. Synt ax binding-t able remove index idx Parameter idx —— The entry number needed to be deleted. Y ou can use the show binding-t able command to get the idx. Pay attent ion to that, the entry number is the[...]

51 Enable the DHCP-snoopi ng function globally: TP-LINK(config)# dhcp-snooping dhcp-snooping global Description The dhcp-snooping global command is used to conf igure the DHCP snooping globally . T o restore to the default value, please us e no dhcp-snooping global command. Synt ax dhcp-snooping global [ global-rate global-rate ] [ dec-threshold de[...]

52 dhcp-snooping information enable Description The dhcp-snooping information enable command is used to enable the Option 82 function of DHCP Snooping. T o di sable the Option 82 function, please use no dhcp-snooping information enable command. Synt ax dhcp-snooping information enable no dhcp-snooping information enable Command Mode Global Configur[...]

53 Example Replace the Option 82 field of the pa ck ets with the switch defined one and then send out: TP-LINK(config)# dhcp-snooping information strategy replace dhcp-snooping information user-defined Description The dhcp-snooping information user-defined command is used to permit users to define the Option 82. T o disable the func tion, please us[...]

54 Example Configure the sub-option Remote ID fo r the customized Option 82 as tplink: TP-LINK(config)# dhcp-snooping information remote-id tplink dhcp-snooping information circuit-id Description The dhcp-snooping information circuit-id command is used to configure the sub-option Circuit ID for the customized Option 82. Synt ax dhcp-snooping inform[...]

55 Configure the port 2 to be a T rusted Port: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping trusted dhcp-snooping mac-verify Description The dhcp-snooping mac-verify command is used to enable the MAC V erify feature. T o disable the MAC V erify feature, plea se use no dhcp-snooping mac-verify command. There are two fields[...]

56 value ——The value of Flow Control. T he options are 0/ 5/10/15/20/25/30 (packet/second). The default value is 0, which stands for disable. Command Mode Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Set the Flow Control of port 2 as 20 pps: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# [...]

57 Command Mode Any Configuration Mode Example Display the IP-MAC-VID-PORT binding table: TP-LINK(config)# show binding-t able show dhcp-snooping global Description The show dhcp-snooping global command is used to display the global configuration of DHCP Snooping. Synt ax show dhcp-snooping global Command Mode Any Configuration Mode Example Display[...]

58 show dhcp-snooping interface Description The show dhcp-snooping interface command is used to display the interface configuration of DHCP Snooping. Synt ax show dhcp snooping interface [ eth ernet port-num ] Parameter port-num ——The number of the switch port. By default, it will display the configuration of all the ports. Command Mode Any Con[...]

59 Chapter 12 ARP Inspection Commands ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, such as the Network Gateway S poofi ng and Man-In-The-Middle Attack, etc. arp detection (global) Description The arp detection (global) command is used to enable the ARP Detection function globally . T o disable th[...]

60 port-list ——The specified Trusted Po rt list. Command Mode Global Configuration Mode Example Configure the ports 2-4,5-8 as the T rusted Port: TP-LINK(config)# arp detection trust-port 2-4,5-8 arp detection (interface) Description The arp detection (interface) command is us ed to enable the ARP Defend function. T o disable the arp detection [...]

61 value. T o restore to t he default speed, please use no arp detection limit-rate command. Synt ax arp detection limit-rate value no arp detection limit-rate Parameter value ——The value to specify the maxi mum amount of the received ARP packet s per second, ranging from 10 to 100 in pps(packet/second). By default, the value is 15. Command Mod[...]

62 show arp detection global Description The show arp detection global command is used to display the ARP detection global configuration including the enable/disable status and the T rusted Port list. Synt ax show arp detection global Command Mode Any Confiuration Mode Example Display the ARP detection configuration globally: TP-LINK(config)# show [...]

63 The show arp detection st atistic command is used to display the number of the illegal ARP packet s received. Synt ax show arp detection st atistic Command Mode Any Configuration Mode Example Display the number of the illegal ARP packet s received: TP-LINK(config)# show arp detection statistic show arp detection statistic reset Description The s[...]

64 Chapter 13 DoS Defend Command DoS (Denial of Service) Attack is to occupy t he network bandwid th maliciously by the network attackers or the evil programs sending a lot of se rvice requests to the Ho st. With the DoS Defend enabled, the switch can analyze the specific field of the received packet s and provide the defend measures to ensure the [...]

65 Parameter land —— Land attack. scan-synfin —— Scan SYNFIN attack. xma-scan —— Xma Scan attack. null-scan —— NULL Scan attack. port-less-than-1024 ——The SYN packet s whose Source Port less than 1024. blat —— Blat attack. ping-flood —— Ping flooding attack, If Pi ng-flood att ack is enabled, the switch will automaticall[...]

66 Chapter 14 IEEE 802.1X Commands IEEE 802.1X function is to provid e an access control for LAN ports via the authenticat ion. Only the supplicant passing the authenticat ion can access the LAN. dot1x Description The dot1x command is used to enable the IEEE 802.1X function globally . T o disable the IEEE 802.1X function, please use no dot1x comman[...]

67 transmission of EAP packets is termi nated at the switch and the EAP packets are converted to the other protocol (s uch as RADIUS) packe ts for transmission EAP-MD5: IEEE 802.1X authentication system uses extensib le authentication protocol (EAP) to exchange information between the switch and the client. The EAP protocol p ackets with authentica[...]

68 dot1x quiet-period Description The dot1x quiet-period command is used to enable t he quiet-perio d function. T o disable the f unction, please use no dot1x quiet-period command. Synt ax dot1x quiet-period no dot1x quiet-period Command Mode Global Configuration Mode Example Enable the quiet-period function: TP-LINK(config)# dot1x quiet-period dot[...]

69 Example Configure the Quiet Period and the SupplicantTi meout as 12 seconds and 6 seconds: TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 dot1x retry Description The dot1x retry command is used to configure t he maximum transfer times of the repeated authentication request. T o restore to the default value, please use no dot1x retry[...]

70 Command Mode Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Enable the IEEE 802.1X f unction for the port 1: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x dot1x guest-vlan Description The dot1x guest-vlan command is used to enabl e the Guest VLAN function for a specified port. T o dis[...]

71 no dot1x port-control Parameter auto | authorized-force | unauthorized-forc e —— The Control Mode for the port. Auto: In this mode, the port will normally work only after passing the 802.1X Authentication. Authorized-force: In this mode, the port can work normally without passing the 802.1X Authentication. Unauthorized-force: In this mode, t[...]

72 Command Mode Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Configure the Control T ype for port 5 as port-based: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# dot1x port-method port-based radius authentication primary-ip Description The radius authentication primary-ip command is used to c[...]

73 radius authentication secondary-ip ip-addr no radius authentication secondary-ip Parameter ip-addr ——The IP address of the alternate aut hentication server . By default, it is 0.0.0.0. Command Mode Global Configuration Mode Example Configure the IP address of the alter nate authentication serv er as 10.20.1.101: TP-LINK(config)# radius authe[...]

74 The radius authentication key command is used to configure the shared password for the switch and the authen tication servers to exchange messages. T o clear the radius authent ication key , please use no radius authentication key command. Synt ax radius authentication key key-string no radius authentication key Parameter key-string ——The sh[...]

75 radius accounting primary-ip Description The radius accounting primary-ip command is used to configure the IP address of the accounting server . Synt ax radius accounting primary-ip ip-addr Parameter ip-addr —— The IP address of the accounting server . Command Mode Global Configuration Mode Example Configure the IP address of the accounting [...]

76 TP-LINK(config)# radius accounting secondary-ip 10.20.1.101 radius accounting port Description The radius accounting port command is used to set the UDP port of accounting server(s). T o restore to the default value, please use no radius accounting port . Synt ax radius accounting port port-num no radius accounting port Parameter port-num ——[...]

77 Command Mode Global Configuration Mode Example Configure the shared password for the switch and the accounting servers as tplink: TP-LINK(config)# radius accounting key tplink radius response-timeout Description The radius response-timeout command is used to configure the maximum time for the switch to wait for the re sponse from the RADI US aut[...]

78 Synt ax show dot1x global Command Mode Any configuration Mode Example Display the configuration of 801.X globally: TP-LINK(config)# show dot1x global show dot1x interface Description The show dot1x interface command is used to display the port configuration of 801.X. Synt ax show dot1x interface [ ethernet port-num ] Parameter port-num ——The[...]

79 Any configuration Mode Example Display the configuration of the RADIUS authentic ation server: TP-LINK(config)# show radius authentication show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server . Synt ax show radius accounting Command Mode Any configuration Mode Example[...]

80 Chapter 15 Log C ommands The log information will record the settings and oper ation of the switch re spectively for you to monitor operation status and diagnose malfunction. logging local buffer Description The logging local buffer command is used to configure the severity level and the status of theconf iguration input to the log buffer . T o [...]

81 The logging local flash command is used to configur e the l evel and the status of the log file input.T o restore to the default configur ation, please use no logging local flash command. The log file indica tes the flash sector for saving system log. The inforamtion in the log f ile will not be lost after the switch is restarted and can be got [...]

82 Example Clear the information in the log file: TP-LINK(config)# logging clear buffer logging loghost Description The logging loghost command is used to configure the Log Host. T o clear the configuration of the specified Log Host, please use no logging loghost command. Log Host is to receive the system log from other devices. Y ou can remotely m[...]

83 of the Local Log including t he log buffer and the log file. Synt ax show logging local-config Command Mode Any configuration Mode Example Display the configurat ion of the Local Log: TP-LINK(config)# show logging local-config show logging loghost Description The show logging loghost command is used to display the configuration of the log host. [...]

84 Parameter leve l ——Severity level. There are 8 severity levels marked with values 0-7. The information will be displayed only when the log with the same or smaller severity level value. Display all the log information in the log buffer by default. Command Mode Any Configuration Mode Example Display the log information from level 0 to level 5[...]

85 Chapter 16 SSH Commands SSH (Security Shell) can prov ide the unsecured remote management with security and powerful authentication to ensure the security of the management information. ssh server enable Description The ssh server enable command is used to en able SSH function. T o disable the SSH function, please use no ssh server enable comman[...]

86 TP-LINK(config)# ssh version v2 ssh idle-timeout Description The ssh idle-timeout command is used to specify the idle-timeout time of SSH. T o restore to the fact ory defaults, please use no ssh idle-timeout command. Synt ax ssh idle-timeout value no ssh idle-timeout Parameter value —— The Idle-timeout time. During this period, the system wi[...]

87 S pecify the maximum number of the c onnections to the SSH server as 3: TP-LINK(config)# ssh max-client 3 ssh download Description The ssh max-client command is used to download the SSH key file from TFTP server . Synt ax ssh download { v1 | v2 } key-file ip-address ip-addr Parameter v1 | v2 —— Select the type of SSH key to download, v1 repr[...]

88 Chapter 17 SSL Commands SSL （ Secure Sockets Layer ） , a security protocol, is to pr ovide a secure connection for the application layer protocol(e.g. H TTP) based on TCP . Adopting asymmetrical encryption tecnology , SSL uses key p air to encrypt/decrypt information. A key pair refers to a public key (cont ained in the certificate) and its [...]

89 Command Mode Global Configuration Mode Example Download a SSL Certificate named ssl-cert from TFTP ser ver with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description The ssl download key command is used to download a SSL key to the switch from TFTP server . Synt [...]

90 Display the global configuration of SSL: TP-LINK(config)# show ssl[...]

91 Chapter 18 Address Commands Address configuration can improv e the network security by conf iguring the Port Security and maintaining the address information by managing the Address T able. bridge address port-security Description The bridge address port-security command is used to configure port security . T o return to the default configuratio[...]

92 Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Enable Port Security function for port1, select S tatic mode as the learn mode, and specify the maximum number of MA C addresses that can be learned o n this port as 30: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# bridge address port-security[...]

93 The bridge aging-time command is used to configure aging time for the dynamic address. T o return to the default configuration, please use no bridge aging-time command. Synt ax bridge aging-time aging-time no bridge aging-time Parameter aging-time —— The aging time for the dynamic addr ess. The value of it can be 0 or ranges from 10 to 630 s[...]

94 00:1e:4b:04:01:5d: TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 show bridge port-security Description The show bridge port-security command is used to configure the Port Security for each port, such as conf igure the Max number of MAC addressed that can be learned on the port and the Learn Mod e. Synt ax show bridge port-secur i[...]

95 show bridge aging-time Description The show bridge aging-time command is used to display the Aging T ime of the MAC address. Synt ax show bridge aging-time Command Mode Any Configuration Mode Example Display the Aging T ime of the MAC address: TP-LINK(config)# show bridge aging-time[...]

96 Chapter 19 System Commands System Commands can be used to configure the System informat ion and System IP , reboot and reset the switch, upgrade the swit ch system and other operations. system-descript Description The system-descript command is used to configure the Device Name, De vice Location and System Contact. T o clear all the information,[...]

97 system-time gmt { time-zone } { ntp-server } { backup-ntp-server } no system-time gmt { time-zone } { ntp-server } { backup-ntp-server } Parameter time-zone —— Y our local time-zone, and it ranges from -12 to 13. ntp-server —— The IP Address for the Primary NTP Server . Backup-ntp-server —— The IP Address for the Secondary NTP Server[...]

98 Synt ax system-time dst { start-date } { st art-time } {end -date } { end-time } no system-time dst Parameter start-date —— The start date of DST you set. start-time —— The start time of DST you set. end-date —— The end date of DST you set. end-time —— The end time of DST you set. Command Mode Global Configuration Mode Example Co[...]

99 TP-LINK(config)# ip address 192.168.0.69 255.255.255.0 ip management-vlan Description The ip management-vlan command is used to conf igure the management VLAN, through which you can log on to the switch. Synt ax ip management-vlan { vlan-id } Parameter vlan-id —— VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example[...]

100 Synt ax ip bootp-alloc Command Mode Global Configuration Mode Example Enable the BOOTP Protocol to obt ain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch’s sof tware. After resetting, all configuration of the switch (except the IP Address) will restore to the facto[...]

101 user-config backup Description The user-config backup command is used to backup t he configuration file by TFTP server . Synt ax user-config backup filename name ip-address ip-addr Parameter name —— S pecify the name for the config uration file which would be backuped. ip-addr —— IP Address of the TFTP server . Command Mode Privileged E[...]

102 192.168.0.148 and name this file config.cfg: TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 user-config save Description The user-config save command is used to save current settings. Synt ax user-config save Command Mode Privileged EXEC Mode Example Save current settings: TP-LINK# user-config save firmware upgrade Descr[...]

103 ping Description The ping command is used to test the connecti vity between the switch and one node of the network. Synt ax ping { ip_addr } [ -n { count }] [ -l { count }] [ -i { count }] Parameter ip_addr —— The IP address of the destination node for ping test. count (-n) —— The amount of times to send te st data during Ping testing. [...]

104 Command Mode User EXEC Mode and Privileged EXEC Mode Example T est the connectivity between the switch and the network device with the IP 192.168.0.131. If t he destination device has not been found after 20 maxHops , the connection between the switch and the destination device is failed to establish: TP-LINK# tracert 192.168.0.131 20 loopback [...]

105 Any Configuration Mode Example Display the system information: TP-LINK# show system-info show ip address Description The show ip address command is used to displa y MAC Address, IP Address, Subnet Mask and Default Gateway of t he system, whether the DHCP Client function is enabled or not and some other information. Synt ax show ip address Comma[...]

106 show system-time dst Description The show system-time dst command is used to display the DST time information of the switch. Synt ax show system-time dst Command Mode Any Configuration Mode Example Display the DST time information of the switch TP-LINK# show system-time dst[...]

107 Chapter 20 Ethernet Configuration Commands Ethernet Configuration Commands can be used to configure the B andwidth Control, Negotiation Mode and S torm Control for Ethernet ports. interface ethernet Description The interfac e ethernet command is used to enter t he Interface Configuration Mode and configure one Ethernet port. Synt ax interface e[...]

108 Command in the Interface Range Ether net Mode is executed independently on all ports in the range. It does not effect the execution on the other ports at all if the command results in an error on one port. Example Enter the Interface Configuration Mode, add ports 1-3, 6-8 to the port-list and configure them: TP-LINK(config)# interface range eth[...]

109 Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Disable Ethernet port3: TP-LINK(config)# interface ethernet 3 TP-LINK(config-if)# shut dow n flow-control Description The flow-control command is used to enable the flow -control function for a port. T o disable the flow-control function for this correspo[...]

11 0 10h —— 10 M half-duplex. 10f —— 10M full-duplex. 100h —— 1 00M half-duplex. 100f —— 100M full-dupl ex. 1000f —— 1000M full-d uplex. Command Mode Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Configure the Negotiation Mode as 100M full-duplex for Ethern et port5: TP-LINK(config)# [...]

111 Example Enable the S t orm Control func tion for port5 and specify the bc-rate as 128kbps, mc-rate as 512kbps and ul-rate as 2Mbp s: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control bc-rate 128k mc-rate 512k ul-rate 2m storm-control disable bc-rate Description The storm-control disable bc-rate command is used to disable t[...]

11 2 TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control disable mc-rate storm-control disable ul-rate Description The storm-control disable ul-rate command is used to disable the UL-Frame control. Synt ax storm-control disable ul-rate Command Mode Interface Configuration Mode （ interface ethernet / interface range ethernet ?[...]

11 3 TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit ingress 5120 egress 1024 port rate-limit disable ingress Description The port rate-limit disable ingress command is used to disable the ingress-rate limit. Synt ax port rate-limit disable ingress Command Mode Interface Configuration Mode （ interface ethernet / interfac[...]

11 4 The show interface configuration command is used to display the configurations of an Ethernet port, in cluding Port-status, Flow Control, Negotiation Mode and Port-description. Synt ax show interface configuration { ethernet [ interface ] } Parameter interface —— The port selected to display the configurations. By default, the configuratio[...]

11 5 Synt ax show interface counter s { ethernet [ interface ] } Parameter Interface —— The port selected to display the st atistic information. By default, the statistic information of all ports is displayed. Command Mode Any Configuration Mode Example Display the statistic information of Ethernet port3: TP-LINK(config)# show interface counter[...]

11 6 port —— The port-number of the port selected to display the rate -limit information. By default, the rate-limit in formation of all port s is displayed. Command Mode Any Configuration Mode Example Display the rate-limit information of all Ethernet ports: TP-LINK(config)# show port rate-limit[...]

11 7 Chapter 21 QoS Commands QoS (Quality of Service) f unction is used to optimiz e the netw ork performanc e. It provides yo u with network servi ce experienc e of a bett er quality . qos Description The qos command is used to configure CoS (Class of Service) based on port. T o return to the default configuration, please use no qos command. Synt [...]

11 8 divide packet s into 8 priorities. W hen IEEE 802.1P Priority is enabled, the packet s with IEEE 802.1Q tag are mapped to different priority levels based on IEEE 802.1P priority mode. The untagged p ackets are mapped based on port priority mode. Synt ax qos dot1p config { tag } { pri } no qos dot1p config Parameter tag —— The 8 priority le[...]

11 9 TP-LINK(config)# qos dscp enable qos dscp config Description The qos dscp config command is used to con figure the mapping relation between DSCP Priority and 802.1P Priority . T o return to the default configuration, please use no qos dscp config command. DSCP (Dif fServ Code Point) is a new definition to IP T oS field given by IEEE. This fiel[...]

120 qos scheduler Description The qos scheduler command is used to configure the Schedule Mode. T o return to the default c onfiguration, please use no qos scheduler command. When the network is congested, the program that many packets complete for resources must be solved, usually in t he way of queue scheduling. The switch will control the forwar[...]

121 show qos port-based Description The show qos port-based command is used to display the configuration of QoS based on port priority . Synt ax show qos port-based [ interface-nu m ] Parameter interface-num —— The Ethernet port selected to di splay the configuration. By default, information of all the ports is displayed. Command Mode Any Confi[...]

122 show qos dscp Command Mode Any Configuration Mode Example Display the configuration of DSCP Priority: TP-LINK# show qos dscp show qos scheduler Description The show qos schedule r command is used to displa y the schedule rule of the egress queues. Synt ax show qos scheduler Command Mode Any Configuration Mode Example Display the schedule rule o[...]

123 Chapter 22 Port Mirror Commands Port Mirror refers to the process of forwarding copies of packe ts from one port to a mirroring port. Usually , the mirroring port is connected to data diagnose device, which is used to analyze the mirrored packets for monitoring and troubleshooting the network. mirror add Description The mirror add command is us[...]

124 same time. 3. Whether the mirroring port and mirrored ports are in the same VLAN or not is not demanded strictly . 4. The mirroring port and mirrored ports cannot be link-aggregation member . mirror remove group Description The mirror remove group command is used to remove mirror group. Synt ax mirror remove group [group- num ] Parameter group-[...]

125 show mirror Description The show mirror command is used to display the configuration of mirror group. Synt ax show mirror [group- num ] Parameter group-num —— The group numb er of mirrior group. Command Mode Any Configuration Mode Example Display configuration fo mirror group 1: TP-LINK# show mirror 1[...]

126 Chapter 23 Port isolation Commands Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding the port to forward packets to the por ts that are not on its forwarding port list. port isolation Description The port isolation command is used to configure the forward portlist of a port, so that this [...]

127 Example Display the forward-list of port 6: TP-LINK# show port isolation 6[...]

128 Chapter 24 PoE Commands PoE (Power over Ethernet) technology describes a system to transmit electrical power along with data to remote devices over standard twisted-p air cable in an Ethernet network. It is especially useful for supplying power to IP telephones, wi reless LAN access points, cameras and so on. power inline consumption (global co[...]

129 Command Mode Global Configuration Mode Example Configure the power disconnect method as deny-next-port: TP-LINK(config)# power inline disconnect-method deny-next-port power inline supply status Description The pow er inline supply status command is used to enable or diable the PoE feature for the corresponding port Synt ax power inline supply s[...]

130 Interface Configuration Mode Example Enable the PoE priority as low for port 2.: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# power inline priority low power inline consumption (interface configuration) Description The power inline consumption (interface configurati on) command is used to configure the power limit the port can spup[...]

131 name —— the time-range you ha ve configured. Command Mode Interface Configuration Mode Example Select the Seg2 as the time range for port 2.: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# power inline time-segment Seg2 power inline profile Description The pow er inline profile command is used to choose the the PoE profile you wa[...]

132 {low|middle|high} [ consumption { power limit }] no power profile {p rofile name } Parameter profile name —— the name of the profile. supply -status —— the PoE status of the port in the profile. priority —— the PoE priority of the port in the profile. consumption —— the max power the port in the profile can supply . Command Mode[...]

133 working day . By default, the period mode is disabled. start-date —— The start date in Absoluteness Mode, in the format of MM/DD/YYYY . By default, it is 01/01/2000. end-date —— The end date in Absoluteness Mode, in the format of MM/DD/YYYY . By default, it is 01/ 01/2000. The absoluteness mode will be disabled if the start date and end[...]

134 Define National Day , configuring the st art date as October 1st, and the end date as October 3rd: TP-LINK(config)# power holiday NationalDay 10/01 10/03 show power inline Description The show power inline command is used to display the PoE information of the system. Synt ax show power inline Command Mode Any Configuration Mode Example Display [...]

135 show power inline information Description The show pow er inline information command is used to display the PoE information of the certain port. Synt ax show power inline information [ ethernet port ] Parameter port —— The port selected to display the PoE information, ranging from 1 to 24. Command Mode Any Configuration Mode Example Display[...]

136 Command Mode Any Configuration Mode Example Display the defined holiday: TP-LINK> show power holiday show power profile Description The show pow er profile command is used to display the defined PoE profile. Synt ax show power profile Command Mode Any Configuration Mode Example Display the defined PoE profile: TP-LINK> show power profile[...]

137 Chapter 25 ACL Commands ACL (Access Control List) is used to filter data p ackets by configur ing a series of match conditions, operations and time ranges. It prov ides a flexible and secured acce ss control policy and facilitates you to control the network security . acl time-segment Description The acl time-segment command is used to add T im[...]

138 Example Add a time-range named tSeg1, with time-s lice1 from 8:30 to 12:00 at working day: TP-LINK(config)# acl time-segment tSeg1 wee k- da y working-day time-slice1 08:30-12:00 acl edit time-segment Description The acl edit time-segment command is used to edit T ime-Range. Synt ax acl edit time-segment { na me } [ week-da y week-day ] [ st ar[...]

139 acl holiday Description The acl holiday command is used to create holiday in Holiday Mode in the acl time-segment command. T o delete the corresponding holiday , please use no acl holiday command. Synt ax acl holiday { name } { start-date } { end-date } no acl holiday { name } Parameter name —— The holiday name, ranging from 1 to 16 charact[...]

140 Example Create a MAC ACL whose ID is 20: TP-LINK(config)# acl create 20 acl rule mac-acl Description The acl rule mac-acl command is used to add MAC ACL rule. T o delete the corresponding rule, please use no acl rule mac-acl command. MAC ACLs analyze and process packet s based on a se ries of match conditions, which can be the source MAC addres[...]

141 not limited. Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20, and add Rule 10 for it. In the rule, the source MAC address is 00:01:3F:48:16:23, the source MAC address mask is 1 1:1 1:1 1:1 1:1 1:00, VLAN ID is 2, the user priority is 5, the time-range for the rule to take ef fect is tSeg1, and the packet s match t[...]

142 ethernet-type —— EtherT yp e contained in the ru le, in the format of 4-hex number . user-pri —— The user priority contained in th e rule, ranging from 0 to 7. By default, it is not limited. time-segmen t —— The time-range for the rule to take ef fect. By default, it is not limited. index —— Change the index n umber of the entry[...]

143 and permit means forwarding packets. By default, th e option is permit. source-ip —— The source IP address contained in the rule. source-ip-mask —— The source IP address mask. It is required if you typed the source IP address. destination-ip —— The destination IP address contained in the rule. destination-ip-mask —— The destinat[...]

144 source-ip-mask —— The source IP address mask. It is required if you typed the source IP address. destination-ip —— The destination IP address contained in the rule. destination-ip-mask —— The destination IP address mask. It is required if you typed the destination IP address. time-segmen t —— The time-range for the rule to take [...]

145 TP-LINK(config)# acl policy policy -add policy1 acl policy action-add Description The acl policy action-add command is used to add ACLs and create actions for the policy . T o delete the co rresponding actions, please use no acl policy action-add command. Synt ax acl policy action-add { policy-name } { acl-id } [ rate rate ] [ osd { none | disc[...]

146 TP-LINK(config)# acl policy policy -add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl edit action Description The acl edit action command is used to edit actions for the policy . Synt ax acl edit action { policy-name } { acl-id } [ rate rate ] [ osd {none | discard}] [ e-port egress-port ] [ vid vlan-id ] [...]

147 bind relation, please use no acl bind to-port command. Synt ax acl bind to-port { policy-name } { port } no acl bind to-port { policy-name } { por t } Parameter policy-name —— The name of the policy desired to bind. port —— The numbe r of the port desired to bind. Command Mode Global Configuration Mode Example Bind policy1 to Port 1,3-5[...]

148 T ime-Range. Synt ax show acl time-segmen t Command Mode Any Configuration Mode Example Display the configuration of T ime-Range: TP-LINK> show acl time-segment show acl holiday Description The show acl holiday command is used to display the defined holiday . Synt ax show acl holiday Command Mode Any Configuration Mode Example Display the de[...]

149 show acl bind Description The sho w acl bind command is used to display the configuration of Policy bind. Synt ax show acl bind Command Mode Any Configuration Mode Example Display the configuration of Policy bind: TP-LINK> show acl bind[...]

150 Chapter 26 MSTP Commands MSTP (Multiple S panning T ree Protocol), comp at ible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ri ng network. STP is to block redundant links and backup links as well as optimize paths. spanning-tree global Description The sp anning-tree global command is used to configure STP globally . T o r[...]

151 hold-count —— TxHold Count, which is the maximum number of BP DU packet s transmitted per Hello T ime interv al. TxHold Count ranges from 1 to 2 0 in pps. By default, it is 5. max-hops —— Max Hop s, which is the maximum number of hops that occur in a specific region before t he BPDU is discarded. Max Hops ranges from 1 to 40 in hop. By [...]

152 port. The lower value has the higher priority . expath-consum —— ExtPath Cost, which is us ed to choose the p ath and calculate the path cost s of ports in different MST regions. It is an important criterion on determining the root port. The lower value has the higher priority . By default, it is automatic. inpaht-consum —— IntPath Cost[...]

153 name —— The region name, used to identify MST region. It ranges from 1 to 32 characters. revision —— The revision for MST region identification, ranging from 0 to 65535. Command Mode Global Configuration Mode Example Configure the region name of MSTP as r1, and the revision level as 100: TP-LINK(config)# spanning-tree region r1 100 span[...]

154 Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as 4096: TP-LINK(config)# spanning-tree msti 1 st atus enable pri 4096 mapped 2-5,8 spanning-tree msti Description The sp anning-tree msti command is used to configure MSTP Instance Port. T o return to the default conf iguration of the corresponding Instance Port, ple[...]

155 S panning T ree globally . T o return to t he default configurat ion, please use no sp anning-tree tc-defen d command. A switch removes MAC address entries upon receiving TC-BPDUs. If a malicious user continuously sends TC-BPDUs to a switch, the switch will be busy with removing MAC address entries, which may decrease the performance and stabil[...]

156 is to prevent wrong network topology change caused by the role change of the current legal root bridge. TC —— Enable/ Disable TC Protect. By default, it is disabled. defend —— Enable/ Disable BPDU Protect. By default, it is disabled. BPDU Protect is to prevent the edge port fr om being attacked by maliciously created BPDUs. hold —— [...]

157 Synt ax show spanning-tree global-info Command Mode Any Configuration Mode Example Display the current st atus of S panning T ree: TP-LINK# show spanning-tree global-info show spanning-tree global-config Description The show spanning-tree global-config command is used to display the global configuration of S panning T ree. Synt ax show spanning[...]

158 Display the configuration of port 5: TP-LINK(config)# show spanning-tree port-config 5 show spanning-tree region Description The show spanning-tree region command is used to display the Region configuration of MSTP . Synt ax show spanning-tree region Command Mode Any Configuration Mode Example Display the region configuration of MSTP: TP-LINK(c[...]

159 The show spanning-tree msti port command is used to display the Instance Port configuration of S pan ning T ree. Synt ax show spanning-tree msti port { id } [ port ] Parameter id —— Instance ID, ranging from 1 to 8. port —— The port selected to display t he configuration. By default, the configuration of all ports is displayed. Command [...]

160 port —— The port selected to display the configuration. By default, the Port Protect configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Protect configuration of port 2: TP-LINK(config)# show spanning-tree security port-defend 2[...]

161 Chapter 27 IGMP Commands IGMP Snooping (Internet Group Management Prot ocol Snooping) is a multicast control mechanism running on Layer 2 switch. It can effectively prevent multicast groups being broadcasted in the network. igmp-snooping global Description The igmp-snooping global command is used to configure IGMP globally . T o return to the d[...]

162 Synt ax igmp-snooping config st atus {disable | enable} fast-leave {di sable | enable} no igmp-snooping config Parameter status —— Enable/ Disable IGMP Snooping for the desired port. fast-leave —— Enable/ Disable Fast Leave feat u re for the desired port. If Fast Leave is enabled for a port, the switch will immediately remove this port [...]

163 member-time —— Member Port T ime. Within this time, if the switch does not receive IGMP report message from the member port, it will consider this port is not a member port any more. Member Port Time ranges from 60 to 600 in seconds. By default, it is 260. leave-time —— Leave Time, which is the interval between the switch reveiving a le[...]

164 receive IGMP report message from the member port, it will consider this port is not a member port any more. Member Port Time ranges from 60 to 600 in seconds. By default, it is 260. leave-time —— Leave Time, which is the interval between the switch reveiving a leave message from a host and the switch removing the host from the multicast gro[...]

165 seconds. By default, it is 260. leave-time —— Leave Time, which is the interval between the switch reveiving a leave message from a host and the switch removing the host from the multicast groups. Leave T ime ranges from 1 to 30 in seconds. By default, it is 1. router-port —— S tatic Router Port, which is mainly used in the netwo rk wit[...]

166 configure the forward port as port 1: TP-LINK(config)# igmp-snooping st atic-entry-add 225.0.0.1 2 1 igmp-snooping filter-add Description The igmp-snooping filter-add command is used to c onfigure the multicast IP-range desired to filter . T o delete th e corresponding IP-range, please use no igmp-snooping filter-add command. When IGMP Snooping[...]

167 id —— IP-range ID, ranging from 1 to 30. start-ip —— The start multicast IP of the IP-range. end-ip —— The end multicast IP of the IP-range. Command Mode Global Configuration Mode Example Modify the multicast IP-range whose ID is 20 as 225.0. 0.10~225.0.0.12: TP-LINK(config)# igmp-snooping filter-config 20 225.0.0.10 225.0.0.12 igmp[...]

168 Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Enable multicast filtering function for port 5, specif y Action Mode as accept, bound IP-range 2, 3, 4, and specify the maximum number of multicast groups for port 5 to join in as 128: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snoopin[...]

169 Example Display the IGMP configuration of port 2: TP-LINK> show igmp-snooping port-config 2 show igmp-snooping vlan-config Description The show igmp-snooping vlan-config command is used to display the VLAN configuration of IGMP . Synt ax show igmp-snooping vlan-config Command Mode Any Configuration Mode Example Display the VLAN configuration[...]

170 Synt ax show igmp-snooping multi-ip-list Command Mode Any Configuration Mode Example Display the Multicast IP t able: TP-LINK> show igmp-snooping multi-ip-list show igmp-snooping filter-ip-addr Description The show igmp-snooping filter-ip-addr command is used to display the Multicast Filter IP-Range table. Synt ax show igmp-snooping filter-i[...]

171 TP-LINK> show igmp-snooping port-filter 5 show igmp-snooping packet-stat Description The show igmp-snooping packet-st at command is used to display the Packet S tatistics information of all ports. Synt ax show igmp-snooping p acket-st at Command Mode Any Configuration Mode Example Display the Packet S tatistics information: TP-LINK> show [...]

172 Chapter 28 SNMP Commands SNMP (Simple Network Management Protocol) func tions are used to manage the network devices for a smooth communication, whic h can facilitate the network administrators to monitor the network nodes and implement the proper operation. snmp global Description The snmp global command is used to configure the SNMP function [...]

173 snmp view-add Description The snmp view-add command is used to add View . T o delete the corresponding View , please use no snmp view -add command. The OID (Object Identifier) of the SNMP p ackets is used to describe the managed objects of the switch, and the MIB (Management In formation Base) is the set of the OIDs. The SNMP V iew is created f[...]

174 privacy mode guarantee the high securi ty for the communication between the management station and the managed device. Synt ax snmp group-add { name } [ smode { v1 | v2c | v3 }] [ slev { noAuthNoPriv | authNoPriv | authPriv }] [ ro ro-view ] [ wo wo-view ] [ notify notify-view ] no snmp group-add { name } { smode { v1 | v2c | v3 }} { slev { noA[...]

175 snmp user-add Description The snmp user-add command is used to add User . T o delete the corresponding User , plea se use no snmp user-add command. The User in a SNMP Group can manage the switch via the management station sof tware. The User and its Group have the same security level and access right. Synt ax snmp user-add { name } { local | re[...]

176 encryption method is used. By def ault, the Privacy Mode is none. encrypt-pwd —— Privacy Password, rangin g from 1 to 16 characters. Command Mode Global Configuration Mode Example Add User admin to Group group2, and configure the Security Model of the user as v3, the Security Level of the group as authPriv , the Authentication Mode of the u[...]

177 snmp notify-add Description The snmp notify -add command is used to add Notification. T o delete the corresponding Notification, please use no snmp notify-add command. With the Notification function enabled, the switch can initiatively report to the management station about the importa nt ev ents that occur on the Views, which allows the manage[...]

178 Command Mode Global Configuration Mode Example Add a Notification entry , and configure t he IP Address o f the management Host as 192.168.0.1, the UDP port as 162, the User name of the management st ation as admin, the Security Model of the manag ement station as v2c, the type of the notifications as inform, the maximum ti me for the switch to[...]

179 TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100 snmp-rmon history owner Description The snmp-rmon history o wner command is used to conf igure the owner of the history sample entry . T o return to the default configur ation, please use no snmp-rmon history owner command. Synt ax snmp-rmon history owner { index } [ owner ] no snmp-rmon h[...]

180 Global Configuration Mode Example Enable the history sample entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon history enable 1-4,8 snmp-rmon event user Description The snmp-rmon event user command is used to conf igure the user name of SNMP-RMON Event. T o return to t he default configurat ion, please use no snmp-rmon event user command. Event [...]

181 no snmp-rmon event description { index } Parameter index —— The index number of the event e n try , ranging from 1 to 12. Y ou can only select one entry for each command. description —— The description of the eve nt, ranging from 1 to 16 characters. By default, it is empty . Command Mode Global Configuration Mode Example Configure the d[...]

182 snmp-rmon event owner Description The snmp-rmon event owner command is used to configure the owner of SNMP-RMON Event. T o return to t he default configurat ion, please use no snmp-rmon event owner command. Synt ax snmp-rmon event owner { index } [ owner ] no snmp-rmon event owner { index } Parameter index —— The index number of the event e[...]

183 Enable the SNMP-RMON Event entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. T o return to the default configuration, please use no snmp-rmon alarm config command. Alarm Group is one of the commonly used RMON[...]

184 f-hold —— The falling counter value that tr iggers the Falling Threshold alarm, ranging from 1 to 65535. By default, it is 100. f-event —— Fall Event, which is the index of the corresponding event which will be triggered if the sampled value is lower than the Falling Threshold. It ranges from 1 to 12. a-type —— Alarm T ype, with ris[...]

185 Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon alarm owner 1 owner1 snmp-rmon alarm enable Description The snmp-rmon alarm enable command is used to enable SNMP-RMON Alarm Management entry . T o disable the corresponding ent ry , please use no snmp-rmon alarm enable command. Synt ax snmp-rmon alarm enable { index } no snmp[...]

186 show snmp view Description The show snmp view command is used to display the View ta ble. Synt ax show snmp view Command Mode Any Configuration Mode Example Display the View table: TP-LINK> show snmp view show snmp group Description The show snmp group command is used to display the Group table. Synt ax show snmp group Command Mode Any Confi[...]

187 TP-LINK> show snmp user show snmp community Description The sho w snmp community command is used to displa y the Community table. Synt ax show snmp community Command Mode Any Configuration Mode Example Display the Community table: TP-LINK> show snmp community show snmp destination-host Description The show snmp destination-host command is[...]

188 index —— The index nu mber of the entry sele cted to display the configuration, ranging from 1 to 12. Y ou can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all history sample entries: TP-LINK> show snmp-rmon hist[...]

189 ranging from 1 to 12. Y ou can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all Alarm Management entries: TP-LINK> show snmp-rmon alarm[...]

190 Chapter 29 LLDP Commands LLDP function enables network devic es to advertise their own device information periodically to neighbors on the same LAN. The information of the LLDP devices in the LAN can be stored by its neighbor in a standard MIB, so it is possible fo r the information to be accessed by a Network Management System (NMS) using SNMP[...]

191 Command Mode Global Configuration Mode Example S pecify Hold Multiplier as 5: TP-LINK(config)# lld p hold-multiplier 5 lldp timer Description The lldp timer command is used to confi gure the parameters about transmission. T o return to the default configurat ion, please use no lldp timer command. Synt ax lld p timer tx-interval tx-interval lld [...]

192 Rx_Only) to Tx&Rx (or Tx_Only), the fa st start mechanism will be enabled, that is, the transmit interval will be short en to a second, and several LLDPDUs will be sent out (the number of LLDPDUs equal s this parameter). The default value is 3. Command Mode Global Configuration Mode Example S pecify the T ransmit Interval of LLD PDU as 45 s[...]

193 The lld p admin-st atus command is used to configur e the port’s LLDP operat ing mode. T o return to the defaul t configurati on, please use no lldp admin-status command. Synt ax lld p admin-st atus {disa ble | tx | rx | txrx } no lld p admin-st atus Parameter disable —— Neither transmit nor receive LLDP frames. tx —— Only transmit LL[...]

194 lldp tlv-select Description The lld p tlv-select command is used to configure TL Vs to be included in outgoing LLDPDU. T o ex clude TL Vs, please use no lld p tlv-select command. By default, All TL Vs are included in outgoing LLDPDU. Synt ax lld p tlv-select [port-description] [system-cap ability] [system-description] [system-name] [management-[...]

195 Interface Configuration Mode （ interface ethernet / interface range ethernet ） Example Enable the LLDP-MED status for port 6: TP-LINK(config)# interface ethernet 6 TP-LINK(config-if)# lldp med-status enable lldp med-tlv-select Description The lldp med-tlv-select command is used to configure TL Vs to be included in outgoing LLDPDU. T o ex cl[...]

196 Parameter emergency-number —— Emergency number is Emergency Call Service ELIN identifier, which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. civic-address —— The Civic address is defined to reuse the relevant sub-fields of the DHCP option for Civic Address bas ed Location Config uration Information[...]

197 Synt ax show lldp interface [ ethernet port ] Parameter port —— The port selected to displa y the c onfiguration of LLDP , ranging from 1 to 24. Command Mode Any Configuration Mode Example Display the LLDP conf iguration of port 8: TP-LINK> show lldp int erface ethernet 8 show lldp local-information Description The show lldp local-inform[...]

198 port —— The port selected to display the neighbor information, ranging from 1 to 24. Command Mode Any Configuration Mode Example Display the neighbor information of port 8: TP-LINK> show lldp neighbor-information 8 show lldp statistics Description The show lldp st atistics command is used to display the LLDP statistic information between[...]

199 TP-LINK> show lldp med fast-count show lldp med interface Description The show lldp med interface command is used to display LLDP-MED configuration of the certain port. Synt ax show lldp med interface [ ethernet port ] Parameter port —— The port selected to displa y the c onfiguration of LLDP , ranging from 1 to 24. Command Mode Any Conf[...]

200 show lldp med neighbor-information Description The show lld p med neighbor-information command is used to display the neighbor ’s LLDP-MED information of the certain port. Synt ax show lldp med neighbor-information [ port ] Parameter port —— The port selected to display the neighbor information, ranging from 1 to 24. Command Mode Any Conf[...]

201 Chapter 30 Cluster Commands Cluster Management function enables a network administrator to manage the scattered devices in the network via a manag ement device. After a co mm ander switc h is configured, management and maintenance operations intended fo r the member devices in a cl uster is implemented by the commander device. cluster ndp Descr[...]

202 cluster ntdp Description The cluster ntd p command is used to configure NTDP globally . T o return to the default configuration, please use no cluster nt dp command. NTDP (Neighbor T opology Discovery Protocol) is used to collect the NDP information and neighboring connection information of each device in a specif ic network range. It provides [...]

203 TP-LINK(config)# cluster ntd p status enable interval 20 hop 5 hop-delay 300 port-delay 50 cluster explore Description The cluster explore command is used to enable the topology information collecting function manually . Synt ax cluster explore Command Mode Global Configuration Mode Example Enable the topology informati on collecting function m[...]

204 cluster manage role-change Description The cluster manage role-change command is used to change the role of the current switch. According to their status and functions, switc hes in the cluster play different roles. Y ou c an specify the role the switch plays appropriate to your needs. A commander s witch can recogni ze and manage the devices i[...]

205 show cluster ndp port-status Description The show cluster nd p port-st atus command is used to display NDP configuration of the certain port. Synt ax show cluster ndp port-st atus [ port ] Parameter port —— The port selected to display the c onfiguration of NDP . By default, the configuration of all ports is displayed. Command Mode Any Conf[...]

206 show cluster nt dp global Command Mode Any Configuration Mode Example Display the global configuration of NTDP: TP-LINK> show cluster nt dp global show cluster ntdp port-status Description The show cluster nt dp port-st atus command is used to display NTDP configuration of the certain port. Synt ax show cluster ntd p port-status [ port ] Par[...]

207 TP-LINK> show cluster nt dp device show cluster manage role Description The show cluster manage role command is used to display the role of the current switch. Synt ax show cluster manage role Command Mode Any Configuration Mode Example Display the role of the current switch: TP-LINK> show cluster manage role[...]