TL-SG5428
24-Port Gigabit L2 Managed Switch with 4 SFP Slots
TL-SG5412F
12-Port Gigabit SFP L2 Managed Switch with 4 Combo
1000BASE-T Ports
Rev: 2.0.0
1910010630
Download from Www.Somanuals.com. All Manuals Search And Download.
CONTENTS
Chapter 1 Using the CLI ....................................................................................... 4
1.1.1 Logon by a console port..........................................................................................4
1.1.2 Logon by Telnet.......................................................................................................6
1.3 Security Levels................................................................................................................10
1.4.1 Format Conventions..............................................................................................10
1.4.2 Special Characters ................................................................................................11
1.4.3 Parameter Format...............................................................................................11
Chapter 2 User Interface .................................................................................... 12
disable...................................................................................................................................13
vlan database........................................................................................................................15
interface vlan.........................................................................................................................16
description.............................................................................................................................16
protocol-vlan template...........................................................................................................20
protocol-vlan interface...........................................................................................................21
II
Download from Www.Somanuals.com. All Manuals Search And Download.
show protocol-vlan vlan.........................................................................................................22
Chapter 5 VLAN-VPN Commands...................................................................... 24
vlan-vpn enable.....................................................................................................................24
vlan-vpn tpid..........................................................................................................................24
vlan-vpn interface..................................................................................................................25
show vlan-vpn global.............................................................................................................26
Chapter 6 Voice VLAN Commands.................................................................... 28
Chapter 7 Private VLAN Commands ................................................................. 33
Chapter 8 GVRP Commands.............................................................................. 36
Chapter 9 LAG Commands ................................................................................ 40
III
Download from Www.Somanuals.com. All Manuals Search And Download.
interface range link-aggregation............................................................................................40
link-aggregation.....................................................................................................................41
description.............................................................................................................................42
show interface link-aggregation.............................................................................................43
Chapter 10 LACP Commands .............................................................................. 44
Chapter 11 User Manage Commands.................................................................. 48
user modify type....................................................................................................................50
user access-control disable...................................................................................................51
user idle-timeout....................................................................................................................53
show user account-list...........................................................................................................54
Chapter 12 Binding Table Commands................................................................. 56
binding-table user-bind..........................................................................................................56
binding-table remove.............................................................................................................57
dhcp-snooping.......................................................................................................................57
dhcp-snooping information circuit-id......................................................................................61
IV
Download from Www.Somanuals.com. All Manuals Search And Download.
dhcp-snooping trusted...........................................................................................................61
show dhcp-snooping global...................................................................................................64
arp detection limit-rate...........................................................................................................67
Chapter 15 DoS Defend Command...................................................................... 73
show dos-prevent..................................................................................................................74
Chapter 16 IEEE 802.1X Commands ................................................................... 75
dot1x guest-vlan....................................................................................................................76
dot1x guest-vlan....................................................................................................................79
V
Download from Www.Somanuals.com. All Manuals Search And Download.
radius authentication secondary-ip........................................................................................81
radius accounting secondary-ip.............................................................................................84
radius response-timeout........................................................................................................86
show radius authentication....................................................................................................87
show radius accounting.........................................................................................................88
Chapter 17 Log Commands ................................................................................. 89
logging local flash..................................................................................................................89
logging clear..........................................................................................................................90
show logging loghost.............................................................................................................92
Chapter 18 SSH Commands................................................................................. 94
ssh server enable..................................................................................................................94
Chapter 19 SSL Commands................................................................................. 97
ssl download key...................................................................................................................98
VI
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 20 Address Commands.........................................................................100
bridge address port-security................................................................................................100
Chapter 21 System Commands ..........................................................................105
system-time gmt..................................................................................................................105
ip management-vlan............................................................................................................108
ip bootp-alloc.......................................................................................................................108
user-config backup.............................................................................................................. 110
user-config load................................................................................................................... 110
user-config save.................................................................................................................. 111
loopback.............................................................................................................................. 113
show system-time dst.......................................................................................................... 114
show system-time source.................................................................................................... 115
description........................................................................................................................... 117
VII
Download from Www.Somanuals.com. All Manuals Search And Download.
shutdown............................................................................................................................. 117
flow-control.......................................................................................................................... 118
show storm-control ethernet................................................................................................123
show port rate-limit..............................................................................................................123
Chapter 23 QoS Commands................................................................................124
qos dot1p enable.................................................................................................................124
qos dot1p config..................................................................................................................125
qos scheduler......................................................................................................................127
show qos port-based...........................................................................................................128
Chapter 24 Port Mirror Commands ....................................................................131
mirror add............................................................................................................................131
mirror remove group............................................................................................................132
Chapter 25 Port isolation Commands................................................................134
port isolation........................................................................................................................134
Chapter 26 ACL Commands................................................................................136
acl time-segment.................................................................................................................136
VIII
Download from Www.Somanuals.com. All Manuals Search And Download.
acl policy action-add............................................................................................................144
show acl holiday..................................................................................................................147
Chapter 27 MSTP Commands.............................................................................149
spanning-tree global............................................................................................................149
spanning-tree common-config.............................................................................................150
spanning-tree msti...............................................................................................................152
spanning-tree msti...............................................................................................................153
show spanning-tree global-config........................................................................................156
show spanning-tree msti config...........................................................................................157
show spanning-tree security tc-defend................................................................................158
Chapter 28 IGMP Commands..............................................................................160
IX
Download from Www.Somanuals.com. All Manuals Search And Download.
igmp-snooping multi-vlan-config..........................................................................................163
igmp-snooping filter-add......................................................................................................165
igmp-snooping filter.............................................................................................................166
Chapter 29 SNMP Commands.............................................................................171
snmp global.........................................................................................................................171
snmp notify-add...................................................................................................................176
snmp-rmon history owner....................................................................................................178
snmp-rmon history enable...................................................................................................178
show snmp global-config.....................................................................................................184
show snmp view..................................................................................................................185
show snmp group................................................................................................................185
show snmp community........................................................................................................186
X
Download from Www.Somanuals.com. All Manuals Search And Download.
show snmp destination-host................................................................................................186
show snmp-rmon alarm.......................................................................................................187
Chapter 30 Cluster Commands...........................................................................189
cluster ntdp..........................................................................................................................190
cluster explore.....................................................................................................................191
cluster manage role-change................................................................................................193
show cluster ndp global.......................................................................................................194
show cluster ntdp global......................................................................................................195
show cluster manage config................................................................................................196
Chapter 31 LLDP Commands..............................................................................198
lldp enable...........................................................................................................................198
show lldp global...................................................................................................................202
XI
Download from Www.Somanuals.com. All Manuals Search And Download.
Preface
This Guide is intended for network administrator to provide referenced information about CLI
(Command Line Interface). The device mentioned in this Guide stands for
TL-SG5428/TL-SG5412F JetStream L2 Managed Switch.
Overview of this Guide
Chapter 1: Using the CLI
Provide information about how to use the CLI, CLI Command Modes, Security Levels and some
Conventions.
Chapter 2: User Interface
Provide information about the commands used to switch between five CLI Command Modes.
Chapter 3: IEEE 802.1Q VLAN Commands
Provide information about the commands used for configuring IEEE 802.1Q VLAN.
Chapter 4: Protocol VLAN Commands
Provide information about the commands used for configuring Protocol VLAN.
Chapter 5: VLAN-VPN Commands
Provide information about the commands used for configuring VLAN-VPN (Virtual Private Network)
function.
Chapter 6: Voice VLAN Commands
Provide information about the commands used for configuring Voice VLAN.
Chapter 7: Private VLAN Commands
Provide information about the commands used for configuring Private VLAN.
Chapter 8: GVRP Commands
Provide information about the commands used for configuring GVRP (GARP VLAN registration
protocol).
Chapter 9: LAG Commands
Provide information about the commands used for configuring LAG (Link Aggregation Group).
Chapter 10: LACP Commands
Provide information about the commands used for configuring LACP (Link Aggregation Control
Protocol).
Chapter 11: User Manage Commands
Provide information about the commands used for user management.
1
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 12: Binding Table Commands
Provide information about the commands used for binding the IP address, MAC address, VLAN
and the connected Port number of the Host together.
Chapter 13: ARP Inspection Commands
Provide information about the commands used for protecting the switch from the ARP cheating or
ARP Attack.
Chapter 14: IP Source Guard Commands
Provide information about the commands used for guarding the IP Source by filtering the IP
packets based on the IP-MAC Binding entries.
Chapter 15: DoS Defend Command
Provide information about the commands used for DoS defend and detecting the DoS attack.
Chapter 16: IEEE 802.1X Commands
Provide information about the commands used for configuring IEEE 802.1X function.
Chapter 17: Log Commands
Provide information about the commands used for configuring system log.
Chapter 18: SSH Commands
Provide information about the commands used for configuring and managing SSH (Security
Shell).
Chapter 19: SSL Commands
Provide information about the commands used for configuring and managing SSL (Secure
Sockets Layer).
Chapter 20: Address Commands
Provide information about the commands used for Address configuration.
Chapter 21: System Commands
Provide information about the commands used for configuring the System information and System
IP, reboot and reset the switch, upgrade the switch system and other operations.
Chapter 22: Ethernet Configuration Commands
Provide information about the commands used for configuring the Bandwidth Control, Negotiation
Mode, and Storm Control for Ethernet ports.
Chapter 23: QoS Commands
Provide information about the commands used for configuring the QoS function.
Chapter 24: Port Mirror Commands
Provide information about the commands used for configuring the Port Mirror function.
Chapter 25: Port isolation Commands
Provide information about the commands used for configuring the Port isolation function.
2
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 26: ACL Commands
Provide information about the commands used for configuring the ACL (Access Control List).
Chapter 27: MSTP Commands
Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree
Protocol).
Chapter 28: IGMP Commands
Provide information about the commands used for configuring the IGMP Snooping (Internet Group
Management Protocol Snooping).
Chapter 29: SNMP Commands
Provide information about the commands used for configuring the SNMP (Simple Network
Management Protocol) functions.
Chapter 30: Cluster Commands
Provide information about the commands used for configuring the Cluster Management function.
Chapter 31: LLDP Commands
Provide information about the commands used for configuring the LLDP function.
3
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1 Using the CLI
1.1 Accessing the CLI
You can log on to the switch and access the CLI by the following two methods:
1. Log on to the switch by the console port on the switch.
2. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port.
1.1.1 Logon by a console port
To log on to the switch by the console port on the switch, please take the following steps:
1. Connect the PCs or Terminals to the console port on the switch by a provided cable.
2. Click Start →All Programs →Accessories→Communications →Hyper Terminal to
open the Hyper Terminal as the figure 1-1 shown.
Figure 1-1 OpenHyper Terminal
3. The Connection Description Window will prompt as figure1-2. Enter a name into the
Name field and click OK.
4
Download from Www.Somanuals.com. All Manuals Search And Download.
Figure 1-2 Connection Description
4. Select the port to connect in figure 1-3, and click OK.
Figure 1-3 Select the port to connect
5. Configure the port selected in the step above as the following figure1-4 shown. Configure Bits
per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None,
and then click OK.
5
Download from Www.Somanuals.com. All Manuals Search And Download.
Figure 1-4 Port Settings
6. Type the User name and Password in the Hyper Terminal window, the factory default value for
both of them is admin. The DOS prompt” TP-LINK>” will appear after pressing the Enter
button as figure1-5 shown. It indicates that you can use the CLI now.
Figure 1-5 Log in the Switch
1.1.2 Logon by Telnet
To log on to the switch by a Telnet connection, please take the following steps:
1. Make sure the switch and the PC are in the same LAN.
2. Click Start → Run to open the Run window.
6
Download from Www.Somanuals.com. All Manuals Search And Download.
Figure 1-6 Open the Run window
3. Type cmd in the prompt Run window as figure 1-7 and click OK.
Figure 1-7 Run Window
4. Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter
button.
Figure 1-8 Connecting to the Switch
7
Download from Www.Somanuals.com. All Manuals Search And Download.
5. Type the User name and Password (the factory default value for both of them is admin) and
press the Enter button, then you can use the CLI now, which is shown as figure1-9.
Figure 1-9 Log in the Switch
1.2 CLI Command Modes
The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode,
Global Configuration Mode, Interface Configuration Mode and VLAN Database (VLAN
Configuration Mode). Interface Configuration Mode can also be divided into Interface Ethernet,
Interface link-aggregation and some other modes, which is shown as the following diagram.
The following table gives detailed information about the Accessing path, Prompt of each mode and
how to exit the current mode and access the next mode.
8
Download from Www.Somanuals.com. All Manuals Search And Download.
Logout or Access the next
mode
Mode
Accessing Path
Prompt
Primary mode once
it is connected with
the switch.
Use the exit command to disconnect
the switch (except that the switch is
connected through the Console port).
User EXEC
Mode
TP-LINK>
Use the enable command to access
Privileged EXEC mode.
Use the enable
command to enter
this mode from User
EXEC mode.
Use the exit command to disconnect
the switch (except that the switch is
connected through the Console port).
Privileged
EXEC Mode
Enter the disable command to return
to User EXEC mode.
TP-LINK#
Enter configure command to access
Global Configuration mode.
Use the configure
command to enter
Use the exit or the end command or
press Ctrl+Z to return to Privileged
EXEC mode.
this
mode
from
Global
Configuration
Mode
Privileged
mode.
EXEC
Use the interface type number
TP-LINK(config)#
command
to
access
interface
Configuration mode.
Use the vlan database to access
VLAN Configuration mode.
Use the interface
type number
command to enter
this mode from
Global Configuration
mode.
Use the end command or press Ctrl+Z
to return to Privileged EXEC mode.
Interface
Configuration
Mode
Enter exit command to return to
Global Configuration mode.
TP-LINK(config-if)#
A port number must be specified in the
interface command.
Use
the
vlan
Use the end command or press Ctrl+Z
VLAN
database command
to return to Privileged EXEC mode.
to enter this mode
Configuration
Mode
TP-LINK(config-vlan)#
Enter the exit command to return to
Global configuration mode.
from
Global
Configuration mode.
Note:
1. The user is automatically in User EXEC Mode after the connection between the PC and the
switch is established by a console port or by a telnet connection.
2. Each command mode has its own set of specific commands. To configure some commands,
you should access the corresponding command mode firstly.
Global Configuration Mode: In this mode, global commands are provided, such as the
Spanning Tree, Schedule Mode and so on.
Interface Configuration Mode: In this mode, users can configure one or several ports,
different ports corresponds to different commands
9
Download from Www.Somanuals.com. All Manuals Search And Download.
a). Interface Ethernet: Configure parameters for an Ethernet port, such as Duplex-mode,
flow control status.
b). Interface range Ethernet: The commands contained are the same as that of the
Interface Ethernet. Configure parameters for several Ethernet ports.
c). Interface link-aggregation: Configure parameters for a link-aggregation, such as
broadcast storm.
d). Interface range link-aggregation: Configure parameters for multi-trunks.
e). Interface vlan: Configure parameters for the vlan-port.
Vlan Configuration Mode: In this mode, users can create a VLAN and add a specified
port to the VLAN.
3. Some commands are global, that means they can be performed in all modes:
show: display all information of switch, for example: statistic information, port information,
VLAN information.
history: Display the commands history.
1.3 Security Levels
This switch’s security is divided into two levels: User level and Admin level.
User level only allows users to do some simple operations in User EXEC Mode; Admin level
allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global
Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode.
Users get the privilege to the User level once connecting console port with the switch or logging in
by Telnet. However, Guest users are restricted to access the CLI.
Users can enter Privileged EXEC mode from User EXEC mode by using the enable command. In
default case, no password is needed. In Global Configuration Mode, you can configure password
for Admin level by enable password command. Once password is configured, you are required to
enter it to access Privileged EXEC mode.
1.4 Conventions
1.4.1 Format Conventions
The following conventions are used in this Guide:
Items in square brackets [ ] are optional
10
Download from Www.Somanuals.com. All Manuals Search And Download.
Items in braces { } are required
Alternative items are grouped in braces and separated by vertical bars. For example: speed
{10 | 100 | 1000 }
Bold indicates an unalterable keyword. For example: show logging
Normal Font indicates a constant (several options are enumerated and only one can be
selected). For example: switchport type { access | trunk | general }
Italic Font indicates a variable (an actual value must be assigned). For example: bridge
aging-time aging-time
1.4.2 Special Characters
You should pay attentions to the description below if the variable is a character string:
These six characters ” < > , \ & can not be input.
If a blank is contained in a character string, single or double quotation marks should be used,
for example ’hello world’, ”hello world”, and the words in the quotation marks will be identified
as a string. Otherwise, the words will be identified as several strings.
1.4.3 Parameter Format
Some parameters must be entered in special formats which are shown as follows:
MAC Address must be enter in the format of xx:xx:xx:xx:xx:xx
One or several values can be typed for a port-list or a vlan-list using comma to separate. Use
a hyphen to designate a range of values, for instance, 1,3-5,7 indicates choosing 1,3,4,5,and
7.
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2 User Interface
enable
Description
The enable command is used to access Privileged EXEC Mode from User
EXEC Mode.
Syntax
enable
Command Mode
User EXEC Mode
Example
If you have set the password to access Privileged EXEC Mode from User EXEC
Mode:
TP-LINK>enable
Enter password:
TP-LINK#
enable password
Description
The enable password command is used to set the password for users to
access Privileged EXEC Mode from User EXEC Mode. To return to the default
configuration, please use no enable password command.
Syntax
enable password password
no enable password
Parameter
password —— super password , which contains 16 characters at most,
composing digits, English letters and underdashes only. By default, it is empty.
Command Mode
Global Configuration Mode
Example
Set the super password as admin to access Privileged EXEC Mode from User
EXEC Mode:
TP-LINK(config)# enable password admin
12
Download from Www.Somanuals.com. All Manuals Search And Download.
disable
Description
The disable command is used to return to User EXEC Mode from Privileged
EXEC Mode.
Syntax
disable
Command Mode
Privileged EXEC Mode
Example
Return to User EXEC Mode from Privileged EXEC Mode:
TP-LINK# disable
TP-LINK>
configure
Description
The configure command is used to access Global Configuration Mode from
Privileged EXEC Mode.
Syntax
configure
Command Mode
Privileged EXEC Mode
Example
Access Global Configuration Mode from Privileged EXEC Mode:
TP-LINK# configure
TP-LINK(config)#
exit
Description
The exit command is used to return to the previous Mode from the current
Mode.
Syntax
exit
13
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Any Configuration Mode
Example
Return to Global Configuration Mode from Interface Configuration Mode, and
then return to Privileged EXEC Mode:
TP-LINK(config-if)# exit
TP-LINK(config)#exit
TP-LINK#
end
Description
The end command is used to return to Privileged EXEC Mode.
Syntax
end
Command Mode
Any Configuration Mode
Example
Return to Privileged EXEC Mode from Interface Configuration Mode:
TP-LINK(config-if)#end
TP-LINK#
14
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3 IEEE 802.1Q VLAN Commands
VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into
multiple logical LANs flexibly. Hosts in the same VLAN can communicate with each other,
regardless of their physical locations. VLAN can enhance performance by conserving bandwidth,
and improve security by limiting traffic to specific domains.
vlan database
Description
The vlan database command is used to access VLAN Configuration Mode for
creating, deleting 802.1Q VLAN and other operations.
Syntax
vlan database
Command Mode
Global Configuration Mode
Example
Access VLAN Configuration Mode:
TP-LINK(config)# vlan database
TP-LINK(config-vlan)#
vlan
Description
The vlan command is used to create IEEE 802.1Q VLAN. To delete the IEEE
802.1Q VLAN, please use no vlan command.
Syntax
vlan vlan-id-list
no vlan vlan-id-list
Parameter
vlan-id-list ——VLAN ID, ranging from 2 to 4094.
Command Mode
VLAN Configuration Mode
15
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Create a VLAN, the vid of which is 12:
TP-LINK(config)# vlan database
TP-LINK(config-vlan)#vlan 12
interface vlan
Description
The interface vlan command is used to access VLAN Interface Mode to
configure the specified VLAN.
Syntax
interface vlan vlan-id
Parameter
vlan-id ——VLAN ID, ranging from 1 to 4094.
Command Mode
Global Configuration Mode
Example
Configure the VLAN2:
TP-LINK(config)# interface vlan 2
TP-LINK(config-if)#
description
Description
The description command is used to assign a description string to a VLAN. To
clear the description, please use no description command.
Syntax
description descript
no description
Parameter
descript ——String to describe the VLAN, which contains 16 characters at most.
Command Mode
Interface Configuration Mode(interface vlan)
16
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Specify the description string of the VLAN 2 as “vlan2”:
TP-LINK(config)# interface vlan 2
TP-LINK(config-if)#description vlan2
switchport type
Description
The switchport type command is used to configure the Link Types for the
ports.
Syntax
switchport type { access | trunk | general }
Parameter
access | trunk | general —— Link Types. There are three Link Types for the
ports.
Command Mode
Interface Configuration Mode ( interface ethernet / interface range ethernet )
Example
Specify the Link Type of port 5 as general:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)#switchport type general
switchport allowed vlan
Description
The switchport allowed vlan command is used to add the desired port to IEEE
802.1Q VLAN, or to remove a port from the corresponding VLAN.
Syntax
switchport allowed vlan add vlan-list
switchport allowed vlan remove vlan-list
Parameter
vlan-list —— VLAN ID list, it is multi-optional.
Command Mode
Interface Configuration Mode ( interface ethernet / interface range ethernet )
17
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Add port 2 to IEEE 802.1Q VLAN:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport allowed vlan add 2
switchport pvid
Description
The switchport pvid command is used to configure the PVID for the switch
ports.
Syntax
switchport pvid vlan-id
Parameter
vlan-id —— VLAN ID, ranging from 1 to 4094.
Command Mode
Interface Configuration Mode (interface ethernet / interface range ethernet )
Example
Specify the PVID of port 2 as 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport pvid 2
switchport general egress-rule
Description
The switchport general egress-rule command is used to configure the
egress-rule of the general port.
Syntax
switchport general egress-rule vlan-id { untagged | tagged }
Parameter
vlan-id —— VLAN ID, ranging from 1 to 4094.
untagged | tagged ——egress-rule,untagged or tagged
Command Mode
Interface Configuration Mode ( interface ethernet / interface range ethernet )
Example
18
Download from Www.Somanuals.com. All Manuals Search And Download.
Specify the egress-rule of port 2 in vlan 3 as tagged:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport general egress-rule 3 tagged
show vlan
Description
The show vlan command is used to display the information of IEEE 802.1Q
VLAN .
Syntax
show vlan [vlan-id]
Parameter
vlan-id —— VLAN ID, ranging from 1 to 4094. By default , display all the
information of IEEE 802.1Q VLAN.
Command Mode
Any Configuration Mode
Example
Display the information of vlan 5:
TP-LINK(config)# show vlan 5
show interface switchport
Description
The show interface switchport command is used to display the IEEE 802.1Q
VLAN configuration information of the specified port.
Syntax
show interface switchport [port-num]
Parameter
port-num —— The port number. By default, display the VLAN configuration
information of all ports.
Command Mode
Any Configuration Mode
Example
Display the VLAN configuration information of all ports:
TP-LINK(config)# show interface switchport
19
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 4 Protocol VLAN Commands
Protocol VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A
Protocol is relative to a single VLAN ID. The untagged packets and the priority-tagged packets
matching the protocol template will be tagged with this VLAN ID.
protocol-vlan template
Description
The protocol-vlan template command is used to create or delete Protocol
VLAN template.
Syntax
protocol-vlan template add {protocol-name} {ether-type}
protocol-vlan template remove index
Parameter
protocol-name —— Give a name for the Protocol Template , which contains
8 characters at most.
ether-type ——Enter the Ethernet protocol type field in the protocol template,
composing 4 Hex integers.
index —— The number of the Protocol template. You can get the template
corresponding to the number by the show protocol-vlan template command.
Command Mode
Global Configuration Mode
Example
Create a Protocol VLAN template named “arp” whose Ethernet protocol type is
0806 and delete the Protocol template whose number is 2:
TP-LINK(config)# protocol-vlan template add arp 0806
TP-LINK(config)# protocol-vlan template remove 2
protocol-vlan vlan
Description
The protocol-vlan vlan command is used to create a Protocol VLAN entry. To
delete a Protocol VLAN entry ,please use no protocol-vlan command.
Syntax
protocol-vlan vlan vid template index
20
Download from Www.Somanuals.com. All Manuals Search And Download.
no protocol-vlan entry-id
Parameter
vid ——VLAN ID,ranging from 1-4094.
index ——The number of the Protocol template. You can get the template
corresponding to the number by the show protocol-vlan template command.
entry-id ——The number of the Protocol VLAN . You can get the Protocol VLAN
entry corresponding to the number by the show protocol-vlan vlan command.
Command Mode
Global Configuration Mode
Example
Create a Protocol VLAN entry, whose index is 1 and vid is 2. And then delete the
Protocol VLAN entry whose number is 1:
TP-LINK(config)# protocol-vlan vlan 2 template 1
TP-LINK(config)# no protocol-vlan vlan 1
protocol-vlan interface
Description
The protocol-vlan interface command is used to enable the Protocol VLAN
feature for a specified port. To disable the Protocol VLAN feature of this port,
please use no protocol-vlan interface command. By default, the Protocol
VLAN feature of all ports is disabled.
Syntax
protocol-vlan interface port-list
no protocol-vlan interface [port-list]
Parameter
port-list ——The port numbers needed to be edited or canceled.
Command Mode
Global Configuration Mode
Example
Enable the Protocol VLAN feature for the ports 1、4-6、9-11:
TP-LINK(config)# protocol-vlan interface 1,4-6,9-11
21
Download from Www.Somanuals.com. All Manuals Search And Download.
show protocol-vlan template
Description
The show protocol-vlan template command is used to display the information
of the Protocol VLAN templates.
Syntax
show protocol-vlan template
Command Mode
Any Configuration Mode
Example
Display the information of the Protocol VLAN templates:
TP-LINK(config)# show protocol-vlan template
show protocol-vlan vlan
Description
The show protocol-vlan vlan command is used to display the information
about Protocol VLAN entry.
Syntax
show protocol-vlan vlan
Command Mode
Any Configuration Mode
Example
Display information of the protocol-vlan entry:
TP-LINK(config)# show protocol-vlan vlan
show protocol-vlan interface
Description
The show protocol-vlan interface command is used to display port state of
Protocol VLAN.
Syntax
show protocol-vlan interface
Command Mode
Any Configuration Mode
22
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Display the configuration of the protocol-vlan interface:
TP-LINK(config)# show protocol-vlan interface
23
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 5 VLAN-VPN Commands
VLAN-VPN (Virtual Private Network) function, the implement of a simple and flexible Layer 2 VPN
technology, allows the packets with VLAN tags of private networks to be encapsulated with VLAN
tags of public networks at the network access terminal of the Internet Service Provider. And these
packets will be transmitted with double-tag across the public networks.
vlan-vpn enable
Description
The vlan-vpn enable command is used to enable the VLAN-VPN function
globally. To disable the VLAN-VPN function, please use the no vlan-vpn
enable command.
Syntax
vlan-vpn enable
no vlan-vpn enable
Command Mode
Global Configuration Mode
Example
Enable the VLAN-VPN function globally:
TP-LINK(config)# vlan-vpn enable
vlan-vpn tpid
Description
The vlan-vpn tpid command is used to configure Global TPID of the
VLAN-VPN. To restore to the default value, please use the no vlan-vpn tpid
command.
Syntax
vlan-vpn tpid tpid
no vlan-vpn tpid
Parameter
tpid —— Global TPID. It must be 4 Hex integers. By default, it is 8100.
24
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Configure Global TPID of the VLAN-VPN as 8200:
TP-LINK(config)# vlan-vpn tpid 8200
vlan-vpn interface
Description
The vlan-vpn interface command is used to enable the VLAN VPN feature for
a specified port. To disable the VLAN VPN feature of this port, please use the
no vlan-vpn interface command. By default, the VLAN VPN feature of all ports
is disabled.
Syntax
vlan-vpn interface port-list
no vlan-vpn interface [port-list]
Parameter
port-list ——The port numbers needed to be edited or canceled.
Command Mode
Global Configuration Mode
Example
Enable the VLAN VPN feature for the ports 2-5,16-18:
TP-LINK(config)# vlan-vpn interface 2-5,16-18
vlan-vpn uplink
Description
The vlan-vpn uplink command is used to configure a specified port as the VPN
Up-link port. To cancel this VPN Up-link port, please use the no vlan-vpn
uplink command. By default, No port has been configured as the VPN Up-link
port.
Syntax
vlan-vpn uplink port-list
25
Download from Www.Somanuals.com. All Manuals Search And Download.
no vlan-vpn uplink [port-list]
Parameter
port-list ——The port numbers needed to be edited or canceled.
Command Mode
Global Configuration Mode
Example
Configure the ports 1, 3-5, and 8-10 as the VPN Up-link ports:
TP-LINK(config)# vlan-vpn uplink 1,3-5,8-10
show vlan-vpn global
Description
The show vlan-vpn global command is used to display the global configuration
information of the VLAN VPN.
Syntax
show vlan-vpn global
Command Mode
Any Configuration Mode
Example
Display the global configuration information of the VLAN VPN:
TP-LINK(config)# show vlan-vpn global
show vlan-vpn uplink
Description
The show vlan-vpn uplink command is used to display the configuration
information of the VLAN VPN Up-link ports.
Syntax
show vlan-vpn uplink
Command Mode
Any Configuration Mode
26
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Display the configuration information of the VLAN VPN Up-link ports:
TP-LINK(config)# show vlan-vpn uplink
show vlan-vpn interface
Description
The show vlan-vpn interface command is used to display the VLAN VPN port
enable state.
Syntax
show vlan-vpn interface
Command Mode
Any Configuration Mode
Example
Display the VLAN VPN port enable state:
TP-LINK(config)# show vlan-vpn interface
27
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 6 Voice VLAN Commands
Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and
adding the ports with voice devices attached to voice VLANs, you can perform QoS-related
configuration for voice data, ensuring the transmission priority of voice data stream and voice
quality.
voice-vlan enable
Description
The voice-vlan enable command is used to enable Voice VLAN function. To
disable Voice VLAN function, please use no voice-vlan enable command.
Syntax
voice-vlan enable vlan-id
no voice-vlan enable
Parameter
vlan-id —— VLAN ID, ranging from 2 to 4094.
Command Mode
Global Configuration Mode
Example
Enable the Voice VLAN function for VLAN 2:
TP-LINK(config)# voice-vlan enable 2
voice-vlan aging-time
Description
The voice-vlan aging-time command is used to set the aging time for a voice
VLAN. To restore to the default aging time for the Voice VLAN, please use no
voice-vlan aging-time command.
Syntax
voice-vlan aging-time aging-time
no voice-vlan aging-time
28
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
aging-time ——Aging time (in minutes) to be set for the Voice VLAN. It ranges
from 1 to 43200 and the default value is 1440.
Command Mode
Global Configuration Mode
Example
Set the aging time for the Voice VLAN as 2880 minutes:
TP-LINK(config)# voice-vlan aging-time 2880
voice-vlan oui
Description
The voice-vlan oui command is used to create or delete Voice VLAN OUI.
Syntax
voice-vlan oui add mac-addr mask mask-addr [description]
voice-vlan oui remove mac-addr
Parameter
mac-addr —— The OUI address of the voice device.
mask-addr —— The OUI address mask of the voice device.
description ——Give a description to the OUI for identification which contains 16
characters at most. By default, it is empty.
Command Mode
Global Configuration Mode
Example
Create a Voice VLAN OUI descripted as TP-LINK Phone with the MAC address
00:01:E3:00:00:01 and the mask address FF:FF:FF:00:00:00. And then delete
the Voice VLAN OUI with the MAC address 00:00:00:11:00:01:
TP-LINK(config)#
voice-vlan
oui
add
00:01:E3:00:00:01
mask
FF:FF:FF:00:00:00 “TP-LINK Phone“
TP-LINK(config)# voice-vlan oui remove 00:00:00:11:00:01
29
Download from Www.Somanuals.com. All Manuals Search And Download.
switchport voice-vlan mode
Description
The switchport voice-vlan mode command is used to configure the Voice
VLAN mode for the Ethernet port.
Syntax
switchport voice-vlan mode { manual | auto }
Parameter
manual / auto —— Port mode.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure Ethernet port 2 to operate in the manual voice VLAN mode:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport voice-vlan mode manual
switchport voice-vlan security
Description
The switchport voice-vlan security command is used to configure the Voice
VLAN security mode.
Syntax
switchport voice-vlan security {disable | enable}
Parameter
disable / enable —— disable/enable the security mode for the specified port .
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable Ethernet port 2 for the Voice VLAN security mode:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# switchport voice-vlan security enable
30
Download from Www.Somanuals.com. All Manuals Search And Download.
show voice-vlan global
Description
The show voice-vlan global command is used to display the global
configuration information of Voice VLAN.
Syntax
show voice-vlan global
Command Mode
Any Configuration Mode
Example
Display the configuration information of Voice VLAN globally:
TP-LINK(config)# show voice-vlan global
show voice-vlan oui
Description
The show voice-vlan oui command is used to display the configuration
information of Voice VLAN OUI.
Syntax
show voice-vlan oui
Command Mode
Any Configuration Mode
Example
Display the configuration information of Voice VLAN OUI:
TP-LINK(config)# show voice-vlan oui
show voice-vlan switchport
Description
The show voice-vlan switchport command is used to displays the
configuration information of the port in the Voice VLAN.
31
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
show voice-vlan switchport [port]
Parameter
port —— Ethernet port. By default, it will display the configuration information of
all the ports in the Voice VLAN.
Command Mode
Any Configuration Mode
Example
Display the configuration information of all the ports in the Voice VLAN:
TP-LINK(config)# show voice-vlan switchport
32
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 7 Private VLAN Commands
Private VLANs are configured specially for saving VLAN resource of uplink devices and decreasing
broadcast.
private-vlan
Description
The private-vlan command is used to create a Private VLAN entry. To delete a
Private VLAN entry, please use no private-vlan command.
Syntax
private-vlan primary vlan-id secondary vlan-id
no private-vlan secondary vlan-id
Parameter
vlan-id —— VLAN ID, ranging from 2 to 4094.
Command Mode
Global Configuration Mode
Example
Create the Private VLAN as VLAN15 for primary VLAN and VLAN150 for
secondary VLAN:
TP-LINK(config)# private-vlan primary 15 secondary 150
switchport private-vlan
Description
The switchport private-vlan command is used to configure the private VLAN
mode for the switchport. To remove the port from Private VLAN, please use no
switchport private-vlan command.
Syntax
switchport private-vlan { promiscuous | host } primary-vid secondary-vid
no switchport private-vlan
33
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
promiscuous | host —— configure the private VLAN mode for the switchport.
primary-vid —— Primary VLAN ID, ranging from 2 to 4094.
secondary-vid —— Secondary VLAN ID, ranging from 2 to 4094.
Command Mode
Interface Configuration Mode (interface ethernet / interface range ethernet)
Example
Add promiscuous port10 in Private VLAN as VLAN15 for primary VLAN and
VLAN150 for secondary VLAN:
TP-LINK(config)# interface ethernet 10
TP-LINK(config-if)# switchport private-vlan promiscuous 15 150
show private-vlan
Description
The show private-vlan command is used to display the Private VLAN
configured on the switch.
Syntax
show private-vlan
Command Mode
Any Configuration Mode
Example
Display the configuration information of all Private VLAN:
TP-LINK(config)# show private-vlan
show private-vlan switchport
Description
The show private-vlan switchport command is used to displays the
configuration information of the port in the Private VLAN.
Syntax
show private-vlan switchport [port-num]
34
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Any Configuration Mode
Example
Display the configuration information of all the ports in the Private VLAN:
TP-LINK(config)# show private-vlan switchport
35
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 8 GVRP Commands
GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute
registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the
dynamic VLAN registration information and propagate the local VLAN registration information to
other switches, without having to individually configure each VLAN.
gvrp
Description
The gvrp command is used to enable the GVRP function globally. To disable the
GVRP function, please use no gvrp command.
Syntax
gvrp
no gvrp
Command Mode
Global Configuration Mode
Example
Enable the GVRP function globally:
TP-LINK(config)# gvrp
gvrp (interface)
Description
The gvrp (interface) command is used to enable the GVRP function for the
desired port. To disable the GVRP function of this port, please use no gvrp
command. The GVRP feature can only be enabled for the trunk-type ports.
Syntax
gvrp
no gvrp
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
36
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Enable the GVRP function for ports 2-6:
TP-LINK(config)# interface range ethernet 2-6
TP-LINK(config-if)# gvrp
gvrp registration
Description
The gvrp registration command is used to configure the GVRP registration
type on the desired port. To restore to the default value, please use no gvrp
registration command.
Syntax
gvrp registration { normal | fixed | forbidden }
no gvrp registration
Parameter
normal | fixed | forbidden —— Registration mode. By default, the registration
mode is normal.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the GVRP registration mode on the port 2-6 to fixed:
TP-LINK(config)# interface range ethernet 2-6
TP-LINK(config-if)# gvrp registration fixed
gvrp timer
Description
The gvrp timer command is used to set a GVRP timer for the desired port. To
restore to the default setting of a GARP timer, please use no gvrp timer
command.
Syntax
gvrp timer { leaveall | join | leave } {value}
no gvrp timer {leaveall | join | leave}
37
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
leaveall | join | leave —— They are the three timers: leave All、join and leave.
Once the LeaveAll Timer is set, the port with GVRP enabled can send a
LeaveAll message after the timer times out, so that other GARP ports can
re-register all the attribute information. After that, the LeaveAll timer will start to
begin a new cycle. To guarantee the transmission of the Join messages, a
GARP port sends each Join message two times. The Join Timer is used to
define the interval between the two sending operations of each Join message.
Once the Leave Timer is set, the GARP port receiving a Leave message will
start its Leave timer, and unregister the attribute information if it does not receive
a Join message again before the timer times out.
value ——The value of the timer. The LeaveAll Timer ranges from 1000 to
30000 centiseconds and the default value is 1000. The Join Timer ranges from
20 to 1000 centiseconds and the default value is 20. The Leave Timer ranges
from 60 to 3000 centiseconds and the default value is 60.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the
join timer of it to the default value:
TP-LINK(config)# interface ethernet 6
TP-LINK(config-if)# gvrp timer leaveall 2000
TP-LINK(config-if)# no gvrp timer join
show gvrp global
Description
The show gvrp global command is used to display the global GVRP status.
Syntax
show gvrp global
Command Mode
Any Configuration Mode
Example
Display the global GVRP status:
38
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)# show gvrp global
show gvrp interface
Description
The show gvrp interface command is used to display the GVRP configuration
information of the specified Ethernet ports.
Syntax
show gvrp interface [ethernet port-num]
Parameter
port-num ——The Ethernet port number. By default, the GVRP configuration
information of all the Ethernet ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the GVRP configuration information of all the Ethernet ports:
TP-LINK(config)# show gvrp interface
39
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 9 LAG Commands
LAG (Link Aggregation Group) is to combine a number of ports together to make a single
high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is
the sum of bandwidth of its member port.
interface link-aggregation
Description
The interface link-aggregation command is used to access the Interface
Link-aggregation Mode. To delete the aggregation group, please use no
interface link-aggregation command.
Syntax
interface link-aggregation group-number
no interface link-aggregation group-number
Parameter
group-number ——The LAG number, ranging from1 to 14.
Command Mode
Global Configuration Mode
Example
Access the Interface Link-aggregation Mode and configure the aggregation
group 1:
TP-LINK(config)# interface link-aggregation 1
TP-LINK(config-if)#
interface range link-aggregation
Description
The interface range link-aggregation command is used to access the
Interface range Link-aggregation Mode, and you can configure some
aggregation groups at the same time. To delete the aggregation group, please
use no interface range link-aggregation command.
40
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
interface range link-aggregation group-list
no interface range link-aggregation group-list
Command Mode
Global Configuration Mode
Parameter
group-list ——The aggregation group list. You can configure some aggregation
groups at the same time.
Example
Access the Interface range Link-aggregation Mode and configure the
aggregation group 1, 4-6:
TP-LINK(config)# interface range link-aggregation 1,4-6
TP-LINK(config-if)#
link-aggregation
Description
The link-aggregation command is used to add the current Ethernet port to an
aggregation group. To remove the current Ethernet port from the aggregation
group, please use no link-aggregation command.
Syntax
link-aggregation group-num
no link-aggregation
Parameter
group-num ——The LAG number, ranging from1 to 14.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Add the Ethernet port 2-4 to aggregation group 1:
TP-LINK(config)# interface range ethernet 2-4
TP-LINK(config-if)#link-aggregation 1
41
Download from Www.Somanuals.com. All Manuals Search And Download.
link-aggregation hash-algorithm
Description
The link-aggregation hash-algorithm command is used to configure the
Aggregate Arithmetic for LAG.
Syntax
link-aggregation hash-algorithm {src_dst_mac | src_dst_ip }
Parameter
src_dst_mac —— The source and destination MAC addresses.
src_dst_ip ——The source and destination IP addresses.
Command Mode
Global Configuration Mode
Example
Configure the Aggregate Arithmetic for LAG as src_dst_mac:
TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac
description
Description
The description command is used to set a description for an aggregation group.
To remove the description of an aggregation group, please use no description
command.
Syntax
description description
no description
Parameter
description——The description of LAG, which contains 16 characters at most.
Command Mode
Interface Configuration Mode(interface link-aggregation)
Example
Set the description "movie server" for aggregation group1:
42
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)# interface link-aggregation 1
TP-LINK(config-if)# description “movie server”
show interface link-aggregation
Description
The show interface link-aggregation command is used to display the
configuration information of the Aggregate Arithmetic and the aggregation
groups.
Syntax
show interface link-aggregation [group-num]
Parameter
group-num ——The LAG number, ranging from1 to 14. By default, the LAG
configuration information of all the Ethernet ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the LAG configuration information of all the Ethernet ports:
TP-LINK(config)#show interface link-aggregation
43
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 10 LACP Commands
LACP (Link Aggregation Control Protocol) is defined in IEEE802.3ad and enables the dynamic link
aggregation and disaggregation by exchanging LACP packets with its partner. The switch can
dynamically group similarly configured ports into a single logical link, which will highly extend the
bandwidth and flexibly balance the load.
lacp system-priority
Description
The lacp system-priority command is used to set the system priority. To
restore to the default priority, please use no lacp system-priority command.
Syntax
lacp system-priority value
no lacp system-priority
Parameter
value —— System priority, ranging from 0 to 65535. By default, the value is
32768.
Command Mode
Global Configuration Mode
Example
Set the system priority as1024:
TP-LINK(config)# lacp system-priority 1024
lacp (interface)
Description
The lacp(interface) command is used to enable LACP protocol on the current
port. To disable LACP protocol, please use no lacp command.
Syntax
lacp
no lacp
44
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable LACP protocol on the port 1:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# lacp
lacp admin-key
Description
The lacp admin-key command is used to configure the admin key. To restore to
the default value, please use no lacp admin-key command.
Syntax
lacp admin-key value
no lacp admin-key
Parameter
value —— admin key, ranging from 0 to 65535. By default, the value is 1.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the admin key of port 1 as 1024:
TP-LINK(config)# interface Ethernet 1
TP-LINK(config-if)# lacp admin-key 1024
lacp port-priority
Description
The lacp port-priority command is used to set the priority of the current port. To
restore to the default priority, please use no lacp port-priority command.
Syntax
lacp port-priority value
no lacp port-priority
45
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
value —— Port priority, ranging from 0 to 65535. By default, the value is 32768.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Set the port priority of port 1 to 1024:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# lacp port-priority 1024
show lacp system-priority
Description
The show lacp system-priority command is used to display the global system
priority value of LACP.
Syntax
show lacp system-priority
Command Mode
Any Configuration Mode
Example
Display the global system priority value of LACP:
TP-LINK(config)# show lacp system-priority
show lacp interface
Description
The show lacp interface command is used to display the port configuration
information of LACP.
Syntax
show lacp interface [ethernet port-num]
Parameter
port-num —— The Ethernet port number. By default, display the configuration
information of all the Ethernet ports.
46
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Any Configuration Mode
Example
Display the configuration information of all the Ethernet ports:
TP-LINK(config)# show lacp interface
47
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 11 User Manage Commands
User Manage Commands are used to configure the user name and password for users to log on to
the Web management page with a certain access level so as to protect the settings of the switch
from being randomly changed.
user add
Description
The user add command is used to add a new user.
Syntax
user
add
user-name
password
password
confirm-password
confirm-password {guest | admin} {disable | enable}
Parameter
user-name ——Type a name for users' login, which contains 16 characters at
most, composing digits, English letters and underdashes only.
password ——Type a password for users' login, which contains 16 characters at
most, composing digits, English letters and underdashes only.
confirm-password ——Type the password again.
guest | admin —— Access level.
Guest: only can view the settings without the right to edit and modify.
Admin: edit, modify and view all the settings of different functions.
disable | enable ——Enable/disable the user.
Command Mode
Global Configuration Mode
Example
Add and enable a new admin user named tplink, and of which the password is
password:
TP-LINK(config)#user add tplink password password confirm-password
password admin enable
48
Download from Www.Somanuals.com. All Manuals Search And Download.
user remove
Description
The user remove command is used to delete an existing user. The current user
can't be deleted by itself.
Syntax
user remove user-name
Parameter
user-name —— An existing user name.
Command Mode
Global Configuration Mode
Example
Delete the user named tplink:
TP-LINK(config)# user remove tplink
user modify status
Description
The user modify status command is used to modify the status of the existing
user. The current user can't be modified by itself.
Syntax
user modify status user-name {disable | enable}
Parameter
user-name —— The existing user name.
disable | enable ——Disable/enable the user.
Command Mode
Global Configuration Mode
Example
Enable the status of user “tp-link”:
TP-LINK(config)# user modify status tplink enable
49
Download from Www.Somanuals.com. All Manuals Search And Download.
user modify type
Description
The user modify type command is used to modify the access level for the
existing user. The current user can't be modified by itself.
Syntax
user modify type user-name {guest | admin}
Parameter
user-name —— The existing user name.
guest | admin —— Access level. Guest: limited user; admin: manager.
Command Mode
Global Configuration Mode
Example
Change the access level of tplink to admin:
TP-LINK(config)# user modify type tplink admin
user modify password
Description
The user modify password command is used to modify the password for the
existing user.
Syntax
user
modify
password
user-name
old-password
new-password
confirm-password
Parameter
user-name —— The existing user name.
old-password —— The old password.
new-password —— The new password, which contains 16 characters at most,
composing digits, English letters and underdashes only.
confirm-password —— Type the new password again.
Command Mode
Global Configuration Mode
50
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Modify the password of tplink as newpwd:
TP-LINK(config)# user modify password tplink password newpwd newpwd
user access-control disable
Description
The user access-control disable command is used to cancel the user
access-control.
Syntax
user access-control disable
Command Mode
Global Configuration Mode
Example
Cancel the user access-control:
TP-LINK(config)# user access-control disable
user access-control ip-based
Description
The user access-control ip-based command is used to limit the IP-range of
the users for login. Only the users within the IP-range you set here are allowed
for login.
Syntax
user access-control ip-based ip-addr ip-mask
Parameter
ip-addr/ip-mask —— The source IP address. Only the users within the IP-range
you set here are allowed for login.
Command Mode
Global Configuration Mode
Example
Enable the access-control of the user whose Ip address is 192.168.0.148:
51
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)#
user
access-control
ip-based
192.168.0.148
255.255.255.255
user access-control mac-based
Description
The user access-control mac-based command is used to limit the MAC
Address of the users for login. Only the user with this MAC Address you set here
are allowed for login
Syntax
user access-control mac-based mac-addr
Parameter
mac-addr —— The source MAC address.
Command Mode
Global Configuration Mode
Example
Enable the access-control of the user whose MAC address is
00:00:13:0A:00:01:
TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01
user access-control port-based
Description
The user access-control port-based command is used to limit the ports for
login. Only the users connected to these ports you set here are allowed for
login.
Syntax
user access-control port-based port-list
Parameter
port-list ——The Ethernet port numbers. You can appoint 5 ports at most.
Command Mode
Global Configuration Mode
52
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Enable the access-control of the ports 2, port4, port5, port6, and port10:
TP-LINK(config)# user access-control port-based 2,4-6,10
user max-number
Description
The user max-number command is used to configure the number of the users
logging on at the same time. To cancel the limit to the numbers of the users
logging in, please use no user max-number command.
Syntax
user max-number admin-num guest-num
no user max-number
Parameter
admin-num ——The maximum number of the users logging on as Admin,
ranging from 1 to 16. The total number of Admin and Guest should be less than
16.
guest-num ——The maximum number of the users logging on as Guest,
ranging from 0 to 15. The total number of Admin and Guest should be less than
16.
Command Mode
Global Configuration Mode
Example
Configure the number of the users as Admin and Guest logging on as 5 and 3:
TP-LINK(config)# user max-num 5 3
user idle-timeout
Description
The user idle-timeout command is used to configure the timeout time of the
switch. To restore to the default timeout time, please use no user idle-timeout
command.
53
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
user idle-timeout minutes
no user idle-timeout
Parameter
minute ——The timeout time, ranging from 5 to 30 in minutes. By default, the
value is 10.
Command Mode
Global Configuration Mode
Example
Configure the timeout time of the switch as 15 minutes:
TP-LINK(config)# user idle-timeout 15
show user account-list
Description
The show user account-list command is used to display the information of the
current users.
Syntax
show user account-list
Command Mode
Any Configuration Mode
Example
Display the information of the current users:
TP-LINK(config)# show user account-list
show user configuration
Description
The user configuration command is used to display the security configuration
information of the users, including access-control, max-number and the
idle-timeout, etc.
54
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
show user configuration
Command Mode
Any Configuration Mode
Example
Display the security configuration information of the users:
TP-LINK(config)# show user configuration
55
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 12 Binding Table Commands
You can bind the IP address, MAC address, VLAN and the connected Port number of the Host
together, which can be the condition for the ARP Inspection and IP Source Guard to filter the
packets.
binding-table user-bind
Description
The binding-table user-bind command is used to bind the IP address, MAC
address, VLAN ID and the Port number together manually. You can manually
bind the IP address, MAC address, VLAN ID and the Port number together in
the condition that you have got the related information of the Hosts in the LAN.
Syntax
binding-table user-bind hostname ip-addr mac-addr vlan vid port port-num
{none | arp-detection | ip-source-guard | both}
Parameter
hostname ——The Host Name, which contains 20 characters at most.
ip-addr —— The IP Address of the Host.
mac-addr —— The MAC Address of the Host.
vid ——The VLAN ID needed to be bound, ranging from 1 to 4094.
port-num —— The number of port connected to the Host.
{none | arp-detection | ip-source-guard | both}——The protect type for the entry.
arp-detection indicates ARP detection; ip-source-guard indicates IP filter; none
indicates appling none; both indicates appling both.
Command Mode
Global Configuration Mode
Example
Bind an ACL entry with the IP is 192.168.0.1, MAC is 00:00:00:00:00:01, VLAN
ID is 2 and the Port number is 5 manually. And then enable the entry for the ARP
detection and IP filter function:
TP-LINK(config)#
binding-table
user-bind
host1
192.168.0.1
00:00:00:00:00:01 vlan 2 port 5 both
56
Download from Www.Somanuals.com. All Manuals Search And Download.
binding-table remove
Description
The binding-table remove command is used to delete the IP-MAC –VID-PORT
entry from the binding table.
Syntax
binding-table remove index idx
Parameter
idx —— The entry number needed to be deleted. You can use the show
binding-table command to get the idx. Pay attention to that, the entry number is
the actual number in the binding table not arranged in an order.
Command Mode
Global Configuration Mode
Example
Delete the IP-MAC –VID-PORT entry with the index 5:
TP-LINK(config)# binding-table remove index 5
dhcp-snooping
Description
The dhcp-snooping command is used to enable the DHCP-snooping function
for the switch. To disable the DHCP-snooping function, please use no
dhcp-snooping command. DHCP Snooping functions to monitor the process of
the Host obtaining the IP address from DHCP server, and record the IP address,
MAC address, VLAN and the connected Port number of the Host for automatic
binding.
Syntax
dhcp-snooping
no dhcp-snooping
Command Mode
Global Configuration Mode
57
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Enable the DHCP-snooping function globally:
TP-LINK(config)# dhcp-snooping
dhcp-snooping global
Description
The dhcp-snooping global command is used to configure the DHCP snooping
globally. To restore to the default value, please use no dhcp-snooping global
command.
Syntax
dhcp-snooping global [global-rate global-rate] [dec-threshold dec-threshold]
[dec-rate dec-rate]
no dhcp-snooping global
Parameter
global-rate —— The value to specify the maximum amount of DHCP messages
that can be forwarded by the switch per second. The excessive massages will
be discarded. The options are 0/10/20/30/40/50 (packet/second).By default, it is
0 standing for disable.
dec-threshold ——The value to specify the minimum transmission rate of the
Decline packets to trigger the Decline protection for the specific port. The
options are 0/5/10/15/20/25/30 (packet/second).By default, it is 0 standing for
disable.
Dec-rate ——The value to specify the Decline Flow Control. The traffic flow of
the corresponding port will be limited to be this value if the transmission rate of
the Decline packets exceeds the Decline Threshold. The options are
5/10/15/20/25/30 (packet/second). By default, it is 5.
Command Mode
Global Configuration Mode
Example
Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps,
and decline Flow Control as 20 pps for DHCP Snooping
TP-LINK(config)# dhcp-snooping global global-rate 30 dec-threshold 20
dec-rate 20
58
Download from Www.Somanuals.com. All Manuals Search And Download.
dhcp-snooping information enable
Description
The dhcp-snooping information enable command is used to enable the
Option 82 function of DHCP Snooping. To disable the Option 82 function, please
use no dhcp-snooping information enable command.
Syntax
dhcp-snooping information enable
no dhcp-snooping information enable
Command Mode
Global Configuration Mode
Example
Enable the Option 82 function of DHCP Snooping:
TP-LINK(config)# dhcp-snooping information enable
dhcp-snooping information strategy
Description
The dhcp-snooping information strategy command is used to select the
operation for the Option 82 field of the DHCP request packets from the Host. To
restore to the default option, please use no dhcp-snooping information
strategy command.
Syntax
dhcp-snooping information strategy {keep | replace | drop}
no dhcp-snooping information strategy
Parameter
keep ——Indicates to keep the Option 82 field of the packets. It is the default
option.
replace ——Indicates to replace the Option 82 field of the packets with the
switch defined one.
drop ——Indicates to discard the packets including the Option 82 field
Command Mode
Global Configuration Mode
59
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Replace the Option 82 field of the packets with the switch defined one and then
send out:
TP-LINK(config)# dhcp-snooping information strategy replace
dhcp-snooping information user-defined
Description
The dhcp-snooping information user-defined command is used to permit
users to define the Option 82. To disable the function, please use no
dhcp-snooping information user-defined command.
Syntax
dhcp-snooping information user-defined
no dhcp-snooping information user-defined
Command Mode
Global Configuration Mode
Example
Permit users to define the Option 82:
TP-LINK(config)# dhcp-snooping information user-defined
dhcp-snooping information remote-id
Description
The dhcp-snooping information remote-id command is used to configure the
sub-option Remote ID for the customized Option 82.
Syntax
dhcp-snooping information remote-id string
Parameter
string ——Enter the sub-option Remote ID, which contains 32 characters at
most.
Command Mode
Global Configuration Mode
60
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Configure the sub-option Remote ID for the customized Option 82 as tplink:
TP-LINK(config)# dhcp-snooping information remote-id tplink
dhcp-snooping information circuit-id
Description
The dhcp-snooping information circuit-id command is used to configure the
sub-option Circuit ID for the customized Option 82.
Syntax
dhcp-snooping information circuit-id string
Parameter
string ——Enter the sub-option Circuit ID, which contains 32 characters at most.
Command Mode
Global Configuration Mode
Example
Configure the sub-option Circuit ID for the customized Option 82 as tplink:
TP-LINK(config)# dhcp-snooping information circuit-id tplink
dhcp-snooping trusted
Description
The dhcp-snooping trusted command is used to configure a port to be a
Trusted Port. Only the Trusted Port can receive the DHCP packets from DHCP
servers. To turn the port back to a distrusted port, please use no
dhcp-snooping trusted command.
Syntax
dhcp-snooping trusted
no dhcp-snooping trusted
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
61
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Configure the port 2 to be a Trusted Port:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dhcp-snooping trusted
dhcp-snooping mac-verify
Description
The dhcp-snooping mac-verify command is used to enable the MAC Verify
feature. To disable the MAC Verify feature, please use no dhcp-snooping
mac-verify command. There are two fields of the DHCP packet containing the
MAC address of the Host. The MAC Verify feature is to compare the two fields
and discard the packet if the two fields are different.
Syntax
dhcp-snooping mac-verify
no dhcp-snooping mac-verify
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the MAC Verify feature for the port 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dhcp-snooping mac-verify
dhcp-snooping rate-limit
Description
The dhcp-snooping rate-limit command is used to enable the Flow Control
feature for the DHCP packets. The excessive DHCP packets will be discarded.
To restore to the default configuration, please use no dhcp-snooping rate-limit
command.
Syntax
dhcp-snooping rate-limit value
no dhcp-snooping rate-limit
62
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
value ——The value of Flow Control. The options are 0/5/10/15/20/25/30
(packet/second). The default value is 0, which stands for disable.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Set the Flow Control of port 2 as 20 pps:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dhcp-snooping rate-limit 20
dhcp-snooping decline
Description
The dhcp-snooping decline command is used to enable the Decline Protect
feature. To disable the Decline Protect feature, please use no dhcp-snooping
decline command.
Syntax
dhcp-snooping decline
no dhcp-snooping decline
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the Decline Protect feature of port 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dhcp-snooping decline
show binding-table
Description
The show binding-table command is used to display the IP-MAC-VID-PORT
binding table.
63
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
show binding-table
Command Mode
Any Configuration Mode
Example
Display the IP-MAC-VID-PORT binding table:
TP-LINK(config)# show binding-table
show dhcp-snooping global
Description
The show dhcp-snooping global command is used to display the global
configuration of DHCP Snooping.
Syntax
show dhcp-snooping global
Command Mode
Any Configuration Mode
Example
Display the configuration of DHCP Snooping globally:
TP-LINK(config)# show dhcp-snooping global
show dhcp-snooping information
Description
The show dhcp-snooping information command is used to display the Option
82 configuration of DHCP Snooping.
Syntax
show dhcp snooping information
Command Mode
Any Configuration Mode
64
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Display the Option 82 configuration of DHCP Snooping:
TP-LINK(config)# show dhcp-snooping information
show dhcp-snooping interface
Description
The show dhcp-snooping interface command is used to display the interface
configuration of DHCP Snooping.
Syntax
show dhcp snooping interface [ethernet port-num]
Parameter
port-num ——The number of the switch port. By default, it will display the
configuration of all the ports.
Command Mode
Any Configuration Mode
Example
Display the interface configuration of all the ports:
TP-LINK(config)# show dhcp-snooping interface
65
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 13 ARP Inspection Commands
ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating,
such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc.
arp detection (global)
Description
The arp detection (global) command is used to enable the ARP Detection
function globally. To disable the ARP Detection function, please use no arp
detection command.
Syntax
arp detection
no arp detection
Command Mode
Global Configuration Mode
Example
Enable the ARP Detection function globally:
TP-LINK(config)# arp detection
arp detection trust-port
Description
The arp detection trust-port command is used to configure the port for which
the ARP Detect function is unnecessary as the Trusted Port. To clear the
Trusted Port list, please use no arp detection trust-port command .The
specific ports, such as up-linked port, routing port and LAG port, should be set
as Trusted Port. To ensure the normal communication of the switch, please
configure the ARP Trusted Port before enabling the ARP Detect function.
Syntax
arp detection trust-port port-list
no arp detection trust-port
66
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
port-list ——The specified Trusted Port list.
Command Mode
Global Configuration Mode
Example
Configure the ports 2-5, 11-15 as the Trusted Port:
TP-LINK(config)# arp detection trust-port 2-5,11-15
arp detection (interface)
Description
The arp detection (interface) command is used to enable the ARP Defend
function. To disable the arp detection function, please use no arp detection
command. ARP Attack flood produces lots of ARP Packets, which will occupy
the bandwidth and slow the network speed extremely. With the ARP Defend
enabled, the switch can terminate receiving the ARP packets for 300 seconds
when the transmission speed of the legal ARP packet on the port exceeds the
defined value so as to avoid ARP Attack flood.
Syntax
arp detection
no arp detection
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the arp defend function for the ports 2-6:
TP-LINK(config)# interface range ethernet 2-6
TP-LINK(config-if)# arp detection
arp detection limit-rate
Description
The arp detection limit-rate command is used to configure the speed. The
switch can terminate receiving the ARP packets for 300 seconds when the
67
Download from Www.Somanuals.com. All Manuals Search And Download.
transmission speed of the legal ARP packet on the port exceeds the defined
value. To restore to the default speed, please use no arp detection limit-rate
command.
Syntax
arp detection limit-rate value
no arp detection limit-rate
Parameter
value ——The value to specify the maximum amount of the received ARP
packets per second, ranging from 10 to 100 in pps(packet/second). By default,
the value is 15.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the maximum amount of the received ARP packets per second as 50
pps for the port 5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# arp detection limit-rate 50
arp detection recover
Description
The arp detection recover command is used to restore to the port to the ARP
transmit status from the ARP filter status.
Syntax
arp detection recover
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Restore the port 5 to the ARP transmit status:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# arp detection recover
68
Download from Www.Somanuals.com. All Manuals Search And Download.
show arp detection global
Description
The show arp detection global command is used to display the ARP detection
global configuration including the enable/disable status and the Trusted Port list.
Syntax
show arp detection global
Command Mode
Any Configuration Mode
Example
Display the ARP detection configuration globally:
TP-LINK(config)# show arp detection global
show arp detection interface
Description
The show arp detection interface command is used to display the interface
configuration of ARP detection.
Syntax
show arp detection interface [ethernet port-num]
Parameter
port-num ——The number of switch port. By default, display the configuration of
all the ports.
Command Mode
Any Configuration Mode
Example
Display the configuration of all the ports:
TP-LINK(config)# show arp detection interface
show arp detection statistic
Description
69
Download from Www.Somanuals.com. All Manuals Search And Download.
The show arp detection statistic command is used to display the number of
the illegal ARP packets received.
Syntax
show arp detection statistic
Command Mode
Any Configuration Mode
Example
Display the number of the illegal ARP packets received:
TP-LINK(config)# show arp detection statistic
show arp detection statistic reset
Description
The show arp detection statistic reset command is used to clear the statistic
of the illegal ARP packets received.
Syntax
show arp detection statistic reset
Command Mode
Global Configuration Mode
Example
Clear the statistic of the illegal ARP packets received:
TP-LINK(config)# show arp detection statistic reset
70
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 14 IP Source Guard Commands
IP Source Guard is to filter the IP packets based on the IP-MAC Binding entries. Only the packets
matched to the IP-MAC Binding rules can be processed, which can enhance the bandwidth utility.
ip source guard
Description
The ip source guard command is used to enable the IP Source Guard function
for the specified port. To disable the IP Source Guard function, please use no ip
source guard command.
Syntax
ip source guard {disable | sip | sip+mac}
no ip source guard
Parameter
disable | sip | sip+mac——Security type.
Disable indicates to disable the IP Source Guard feature for the port.
Sip indicates that only the packets with its source IP address and port number
matched to the IP-MAC binding rules can be processed.
Sip_mac indicates that only the packets with its source IP address, source MAC
address and port number matched to the IP-MAC binding rules can be
processed.
By default, the option is disabling.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the IP Source Guard function for the ports 5-10. Configure that only the
packets with its source IP address, source MAC address and port number
matched to the IP-MAC binding rules can be processed:
TP-LINK(config)# interface range ethernet 5-10
TP-LINK(config-if)# ip source guard sip+mac
71
Download from Www.Somanuals.com. All Manuals Search And Download.
show ip source guard
Description
The show ip source guard command is used to display the IP Source Guard
configuration.
Syntax
show ip source guard [ethernet port]
Command Mode
Any Configuration Mode
Example
Display the IP Source Guard configuration:
TP-LINK(config)# show ip source guard
72
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 15 DoS Defend Command
DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network
attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend
enabled, the switch can analyze the specific field of the received packets and provide the defend
measures to ensure the normal working of the local network.
dos-prevent
Description
The dos-prevent command is used to enable the DoS defend function globally.
To disable the DoS defend function, please use no dos-prevent command.
Syntax
dos-prevent
no dos-prevent
Command Mode
Global Configuration Mode
Example
Enable the DoS defend function globally:
TP-LINK(config)# dos-prevent
dos-prevent type
Description
The dos-prevent type command is used to select the DoS Defend Type. To
disable the corresponding Defend Type, please use no dos-prevent type
command.
Syntax
dos-prevent type [scan-synfin] [xma-scan] [null-scan] [port-less-1024]
[ping-flood] [syn-flood]
no dos-prevent type [scan-synfin] [xma-scan] [null-scan] [port-less-1024]
[ping-flood] [syn-flood]
73
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
scan-synfin —— Scan SYNFIN attack.
xma-scan —— Xma Scan attack.
null-scan —— NULL Scan attack.
port-less-1024 —— The SYN packets whose Source Port less than 1024.
ping-flood —— Ping flooding attack.
syn-flood —— SYN/SYN-ACK flooding attack.
Command Mode
Global Configuration Mode
Example
Enable two DoS Defend Types named Xma Scan attack and Ping flooding
attack:
TP-LINK(config)# dos-prevent type xma-scan ping-flood
show dos-prevent
Description
The show dos-prevent command is used to display the DoS information of the
detected DoS attack, including enable/disable status, the DoS Defend Type, the
count of the attack, etc.
Syntax
show dos-prevent
Command Mode
Any Configuration Mode
Example
Display the DoS information of the detected DoS attack globally:
TP-LINK(config)# show dos-prevent
74
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 16 IEEE 802.1X Commands
IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the
supplicant passing the authentication can access the LAN.
dot1x (global)
Description
The dot1x command is used to enable the IEEE 802.1X function globally. To
disable the IEEE 802.1X function, please use no dot1x command.
Syntax
dot1x
no dot1x
Command Mode
Global Configuration Mode
Example
Enable the IEEE 802.1X function:
TP-LINK(config)# dot1x
dot1x auth-method
Description
The dot1x auth-method command is used to configure the Authentication
Method of IEEE 802.1X. To restore to the default 802.1x authentication method,
please use no dot1x auth-method command.
Syntax
dot1x auth-method { pap | eap-md5 }
no dot1x auth-method
Parameter
pap | eap-md5 ——Authentication Methods.
PAP: IEEE 802.1X authentication system uses extensible authentication
protocol (EAP) to exchange information between the switch and the client. The
75
Download from Www.Somanuals.com. All Manuals Search And Download.
transmission of EAP packets is terminated at the switch and the EAP packets
are converted to the other protocol (such as RADIUS) packets for transmission
EAP-MD5: IEEE 802.1X authentication system uses extensible authentication
protocol (EAP) to exchange information between the switch and the client. The
EAP protocol packets with authentication data can be encapsulated in the
advanced protocol (such as RADIUS) packets to be transmitted to the
authentication server.
Command Mode
Global Configuration Mode
Example
Configure the Authentication Method of IEEE 802.1X as pap:
TP-LINK(config)# dot1x auth-method pap
dot1x guest-vlan
Description
The dot1x guest-vlan command is used to enable the Guest VLAN function
globally. To disable the Guest VLAN function, please use no dot1x guest-vlan
command.
Syntax
dot1x guest-vlan vid
no dot1x guest-vlan
Parameter
vid ——The VLAN ID needed to enable the Guest VLAN function, ranging from
2 to 4094. The supplicants in the Guest VLAN can access the specified network
source.
Command Mode
Global Configuration Mode
Example
Enable the Guest VLAN function for VLAN 5:
TP-LINK(config)# dot1x guest-vlan 5
76
Download from Www.Somanuals.com. All Manuals Search And Download.
dot1x quiet-period
Description
The dot1x quiet-period command is used to enable the quiet-period function.
To disable the function, please use no dot1x quiet-period command.
Syntax
dot1x quiet-period
no dot1x quiet-period
Command Mode
Global Configuration Mode
Example
Enable the quiet-period function:
TP-LINK(config)# dot1x quiet-period
dot1x timer
Description
The dot1x timer command is used to configure the Quiet Period and the
SupplicantTimeout. To restore to the default, please use no dot1x timer
command.
Syntax
dot1x timer quiet-period period supp-timeout timeout
no dot1x timer
Parameter
period ——The value for Quiet Period, ranging from 1 to 999 in seconds. By
default, it is 10. Once the supplicant failed to the 802.1X Authentication, then the
switch will not respond to the authentication request from the same supplicant
during the Quiet Period.
timeout ——The maximum time for the switch to wait for the response from
supplicant before resending a request to the supplicant., ranging from 1 to 9 in
second. By default, it is 3.
Command Mode
Global Configuration Mode
77
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6
seconds:
TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6
dot1x retry
Description
The dot1x retry command is used to configure the maximum transfer times of
the repeated authentication request. To restore to the default value, please use
no dot1x retry command.
Syntax
dot1x retry retry-time
no dot1x retry
Parameter
retry-time ——The maximum transfer times of the repeated authentication
request, ranging from 1 to 9 in times. By default, the value is 3.
Command Mode
Global Configuration Mode
Example
Configure the maximum transfer times of the repeated authentication request as
5:
TP-LINK(config)# dot1x retry 5
dot1x (interface)
Description
The dot1x command is used to enable the IEEE 802.1X function for a specified
port. To disable the IEEE 802.1X function for a specified port, please use no
dot1x command.
Syntax
dot1x
no dot1x
78
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the IEEE 802.1X function for the port 1:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# dot1x
dot1x guest-vlan
Description
The dot1x guest-vlan command is used to enable the Guest VLAN function for
a specified port. To disable the Guest VLAN function for a specified port, please
use no dot1x guest-vlan command. Please ensure that the Control Type of the
corresponding port is port-based before enabling the Guest VLAN function for it.
Syntax
dot1x guest-vlan
no dot1x guest-vlan
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the Guest VLAN function for port 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# dot1x guest-vlan
dot1x port-control
Description
The dot1x port-control command is used to configure the Control Mode of
IEEE 802.1X for the specified port. To restore to the default configuration,
please use no dot1x port-control command.
Syntax
dot1x port-control { auto | authorized-force | unauthorized-force }
79
Download from Www.Somanuals.com. All Manuals Search And Download.
no dot1x port-control
Parameter
auto | authorized-force | unauthorized-force —— The Control Mode for the port.
Auto: In this mode, the port will normally work only after passing the 802.1X
Authentication.
Authorized-force: In this mode, the port can work normally without passing the
802.1X Authentication.
Unauthorized-force: In this mode, the port is forbidden working for its fixed
unauthorized status.
By default, the Control Mode is auto.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the Control Mode for port 1 as authorized-force:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# dot1x port-control authorized-force
dot1x port-method
Description
The dot1x port-method command is used to configure the Control Type of
IEEE 802.1X for the specified port. To restore to the default configuration,
please use no dot1x port-method command.
Syntax
dot1x port-method { mac-based | port-based }
no dot1x port-method
Parameter
mac-based | port-based ——The Control Type for the port.
Mac-based: Any client connected to the port should pass the 802.1X
Authentication for access.
Port-based: All the clients connected to the port can access the network on the
condition that any one of the clients has passed the 802.1X Authentication.
By default, the Control Type is mas-based.
80
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the Control Type for port 5 as port-based:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# dot1x port-method port-based
radius authentication primary-ip
Description
The radius authentication primary-ip command is used to configure the IP
address of the authentication server. Authentication server provides the
authentication service for the switch via the stored client information, such as
the user name, password, etc, with the purpose to control the authentication and
accounting status of the clients. The RADIUS(Remote Authentication Dial-In
User Service)server is used as the Authentication server generally.
Syntax
radius authentication primary-ip ip-addr
Parameter
ip-addr —— The IP address of the authentication server.
Command Mode
Global Configuration Mode
Example
Configure the IP of the authentication server as 10.20.1.100:
TP-LINK(config)# radius authentication primary-ip 10.20.1.100
radius authentication secondary-ip
Description
The radius authentication secondary-ip command is used to configure the IP
address of the alternate authentication server. To restore to the default
configuration, please use no radius authentication secondary-ip command.
81
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
radius authentication secondary-ip ip-addr
no radius authentication secondary-ip
Parameter
ip-addr ——The IP address of the alternate authentication server. By default, it
is 0.0.0.0.
Command Mode
Global Configuration Mode
Example
Configure the IP address of the alternate authentication server as 10.20.1.101:
TP-LINK(config)# radius authentication secondary-ip 10.20.1.101
radius authentication port
Description
The radius authentication port command is used to configure the
authentication port of the alternate authentication server. To restore to the
default value, please use no radius authentication port command.
Syntax
radius authentication port port-num
no radius authentication port
Parameter
port-num ——The UDP port of authentication server(s) raging from 1 to 65535
and the default port is 1812.
Command Mode
Global Configuration Mode
Example
Configure the authentication port of the alternate authentication server as 1815:
TP-LINK(config)# radius authentication port 1815
82
Download from Www.Somanuals.com. All Manuals Search And Download.
radius authentication key
Description
The radius authentication key command is used to configure the shared
password for the switch and the authentication servers to exchange messages.
To clear the radius authentication key, please use no radius authentication
key command.
Syntax
radius authentication key key-string
no radius authentication key
Parameter
key-string——The shared password for the switch and the authentication
servers to exchange messages which contains 15 characters at most.
Command Mode
Global Configuration Mode
Example
Configure the shared password for the switch and the authentication servers as
tplink:
TP-LINK(config)# radius authentication key tplink
radius accounting enable
Description
The radius accounting enable command is used to enable the accounting
feature. To disable the accounting feature, please use no radius accounting
enable command.
Syntax
radius accounting enable
no radius accounting enable
Command Mode
Global Configuration Mode
83
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Enable the accounting feature:
TP-LINK(config)# radius accounting enable
radius accounting primary-ip
Description
The radius accounting primary-ip command is used to configure the IP
address of the accounting server.
Syntax
radius accounting primary-ip ip-addr
Parameter
ip-addr —— The IP address of the accounting server.
Command Mode
Global Configuration Mode
Example
Configure the IP address of the accounting server as 10.20.1.100:
TP-LINK(config)# radius accounting primary-ip 10.20.1.100
radius accounting secondary-ip
Description
The radius accounting secondary-ip command is used to configure the IP
address of the alternate accounting server. To restore to the default
configuration, please use no radius accounting secondary-ip command.
Syntax
radius accounting secondary-ip ip-addr
no radius accounting secondary-ip
Parameter
ip-addr ——The IP address of the alternate accounting server. By default, it is
0.0.0.0.
84
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Configure the IP address of the alternate accounting server as 10.20.1.101:
TP-LINK(config)# radius accounting secondary-ip 10.20.1.101
radius accounting port
Description
The radius accounting port command is used to set the UDP port of
accounting server(s). To restore to the default value, please use no radius
accounting port.
Syntax
radius accounting port port-num
no radius accounting port
Parameter
port-num ——The UDP port of accounting server(s) ranging from 1 to 65535.
The default port is 1813.
Command Mode
Global Configuration Mode
Example
Set the UDP port of accounting server(s) as 1816:
TP-LINK(config)# radius accounting port 1816
radius accounting key
Description
The radius accounting key command is used to configure the shared
password for the switch and the accounting servers to exchange messages.To
clear the shared password for the switch and the accounting servers, please
use no radius accounting key command.
Syntax
radius accounting key key-string
85
Download from Www.Somanuals.com. All Manuals Search And Download.
no radius accounting key
Parameter
key-string ——The shared password for the switch and the accounting servers
to exchange messages which contains 15 characters at most.
Command Mode
Global Configuration Mode
Example
Configure the shared password for the switch and the accounting servers as
tplink:
TP-LINK(config)# radius accounting key tplink
radius response-timeout
Description
The radius response-timeout command is used to configure the maximum
time for the switch to wait for the response from the RADIUS authentication and
the accounting server. To restore to the default value, please use no radius
response-timeout command.
Syntax
radius response-timeout time
no radius response-timeout
Parameter
time ——The maximum time for the switch to wait for the response before
resending a request to the supplicant., ranging from 1 to 9 in second. By default,
it is 3.
Command Mode
Global Configuration Mode
Example
Configure the maximum time for the switch to wait for the response from the
RADIUS authentication and the accounting server as 5 seconds:
TP-LINK(config)# radius response-timeout 5
86
Download from Www.Somanuals.com. All Manuals Search And Download.
show dot1x global
Description
The show dot1x global command is used to display the global configuration of
801.X.
Syntax
show dot1x global
Command Mode
Any configuration Mode
Example
Display the configuration of 801.X globally:
TP-LINK(config)# show dot1x global
show dot1x interface
Description
The show dot1x interface command is used to display the port configuration of
801.X.
Syntax
show dot1x interface [ ethernet port-num ]
Parameter
port-num ——The number of the Ethernet port. Display the configuration of all
the ports by default.
Command Mode
Any configuration Mode
Example
Display the port configuration of 801.X:
TP-LINK(config)# show dot1x interface
show radius authentication
Description
87
Download from Www.Somanuals.com. All Manuals Search And Download.
The show radius authentication command is used to display the configuration
of the RADIUS authentication server.
Syntax
show radius authentication
Command Mode
Any configuration Mode
Example
Display the configuration of the RADIUS authentication server:
TP-LINK(config)# show radius authentication
show radius accounting
Description
The show radius accounting command is used to display the configuration of
the accounting server.
Syntax
show radius accounting
Command Mode
Any configuration Mode
Example
Display the configuration of the accounting server:
TP-LINK(config)# show radius accounting
88
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 17 Log Commands
The log information will record the settings and operation of the switch respectively for you to
monitor operation status and diagnose malfunction.
logging local buffer
Description
The logging local buffer command is used to configure the severity level and
the status of the configuration input to the log buffer. To restore to the default
configuration, please use no logging local buffer command. Local Log is the
log information saved in the switch. It has two output channels, that is, it can be
saved to two different positions, log buffer and log file. Indicates the RAM for
saving system log and the information in the log buffer can be got by show
logging buffer command. It will be lost when the switch is restarted.
Syntax
logging local buffer {level} [disable | enable]
no logging local buffer
Parameter
level ——Severity level of the log information output to each channel. There are
8 severity levels marked with values 0-7. The smaller value has the higher
priority. Only the log with the same or smaller severity level value will be output.
By default, it is 7 indicating that all the log information will be saved in the log
buffer.
disable | enable —— Disable or enable the log buffer. By default, it is enabled.
Command Mode
Global Configuration Mode
Example
Enable the log buffer function and set the severity as 6:
TP-LINK(config)# logging local buffer 6 enable
logging local flash
Description
89
Download from Www.Somanuals.com. All Manuals Search And Download.
The logging local flash command is used to configure the level and the status
of the log file input. To restore to the default configuration, please use no
logging local flash command. The log file indicates the flash sector for saving
system log. The information in the log file will not be lost after the switch is
Syntax
logging local flash {level} [ disable | enable ]
no logging local flash
Parameter
level ——Severity level of the log information output to each channel. There are
8 severity levels marked with values 0-7. The smaller value has the higher
priority. Only the log with the same or smaller severity level value will be output.
By default, it is 4 indicating that the log information marked with 0~4 will be
saved in the log file.
disable | enable ——Disable or enable the log file. By default, it is enabled.
Command Mode
Global Configuration Mode
Example
Enable the log file function and set the severity as 7:
TP-LINK(config)# logging local flash 7
logging clear
Description
The logging clear command is used to clear the information in the log buffer
and log file.
Syntax
logging clear [ buffer | flash ]
Parameter
buffer | flash —— The output channels: buffer and flash. Clear the information of
the two channels, by default.
Command Mode
Global Configuration Mode
90
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Clear the information in the log file:
TP-LINK(config)# logging clear buffer
logging loghost
Description
The logging loghost command is used to configure the Log Host. To clear the
configuration of the specified Log Host, please use no logging loghost
command. Log Host is to receive the system log from other devices. You can
remotely monitor the settings and operation status of other devices through the
log host.
Syntax
logging loghost index {idx} {host-ip} {level} {disable | enable}
no logging loghost index {idx}
Parameter
idx ——The index of the log host. The switch supports 4 log hosts.
host-ip —— The IP for the log host.
level ——The severity level of the log information sent to each log host. There
are 8 severity levels marked with values 0-7. The smaller value has the higher
priority. Only the log with the same or smaller severity level value will be sent to
the corresponding log host. By default, it is 6 indicating that the log information
marked with 0~6 will be sent to the log host.
disable | enable ——Disable or enable the log host. By default, it is disabled.
Command Mode
Global Configuration Mode
Example
Enable the log host 2 and set the IP address 192.168.0.148, the level 5:
TP-LINK(config)# logging loghost index 2 192.168.0.148 5 enable
show logging local-config
Description
The show logging local-config command is used to display the configuration
91
Download from Www.Somanuals.com. All Manuals Search And Download.
of the Local Log including the log buffer and the log file.
Syntax
show logging local-config
Command Mode
Any configuration Mode
Example
Display the configuration of the Local Log:
TP-LINK(config)# show logging local-config
show logging loghost
Description
The show logging loghost command is used to display the configuration of the
log host.
Syntax
show logging loghost [index]
Parameter
index ——The index of the log host whose configuration will be displayed.
Display the configuration of all the log hosts by default.
Command Mode
Any Configuration Mode
Example
Display the configuration of the log host 2:
TP-LINK(config)# show logging loghost 2
show logging buffer
Description
The show logging buffer level command is used to display the log information
in the log buffer according to the severity level.
Syntax
show logging buffer level [level]
92
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
level ——Severity level. There are 8 severity levels marked with values 0-7. The
information will be displayed only when the log with the same or smaller severity
level value. Display all the log information in the log buffer by default.
Command Mode
Any Configuration Mode
Example
Display the log information from level 0 to level 5 in the log buffer:
TP-LINK(config)# show logging buffer level 5
show logging flash
Description
The show logging flash level command is used to display the log information
in the log file according to the severity level.
Syntax
show logging flash level [level]
Parameter
level ——Severity level. There are 8 severity levels marked with values 0-7. The
information will be displayed only when the log with the same or smaller severity
level value. Display all the log information in the log file by default.
Command Mode
Any Configuration Mode
Example
Display the log information with the level marked 0~3 in the log file:
TP-LINK(config)# show logging flash level 3
93
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 18 SSH Commands
SSH (Security Shell) can provide the unsecured remote management with security and powerful
authentication to ensure the security of the management information.
ssh server enable
Description
The ssh server enable command is used to enable SSH function. To disable
the SSH function, please use no ssh server enable command.
Syntax
ssh server enable
no ssh server enable
Command Mode
Global Configuration Mode
Example
Enable the SSH function:
TP-LINK(config)# ssh server enable
ssh version
Description
The ssh version command is used to enable the SSH protocol version. To
disable the protocol version, please use no ssh version command.
Syntax
ssh version {v1 | v2 }
no ssh version {v1 | v2}
Parameter
v1 | v2 —— The SSH protocol version to be enabled. They represent SSH v1
and SSH v2 respectively.
Command Mode
Global Configuration Mode
Example
Enable SSH v2:
94
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)# ssh version v2
ssh idle-timeout
Description
The ssh idle-timeout command is used to specify the idle-timeout time of SSH.
To restore to the factory defaults, please use no ssh idle-timeout command.
Syntax
ssh idle-timeout value
no ssh idle-timeout
Parameter
value —— The Idle-timeout time. During this period, the system will
automatically release the connection if there is no operation from the client. It
ranges from 1 to 999 in seconds. By default, this value is 500.
Command Mode
Global Configuration Mode
Example
Specify the idle-timeout time of SSH as 300 seconds:
TP-LINK(config)# ssh idle-timeout 300
ssh max-client
Description
The ssh max-client command is used to specify the maximum number of the
connections to the SSH server. To return to the default configuration, please use
no ssh max-client command.
Syntax
ssh max-client number
no ssh max-client
Parameter
number —— The maximum number of the connections to the SSH server. It
ranges from 1 to 5. By default, this value is 5.
Command Mode
Global Configuration Mode
Example
95
Download from Www.Somanuals.com. All Manuals Search And Download.
Specify the maximum number of the connections to the SSH server as 3:
TP-LINK(config)# ssh max-client 3
ssh download
Description
The ssh download command is used to download the SSH key file from TFTP
server.
Syntax
ssh download {v1 | v2 } key-file ip-address ip-addr
Parameter
v1 | v2 —— Select the type of SSH key to download, v1 represents SSH-1, v2
represents SSH-2.
key-file —— The name of the key-file which is selected to download. The length
of the name ranges from 1 to 25 characters. The key length of the downloaded
file must be in the range of 256 to 3072 bits.
ip-addr —— The IP address of the TFTP server.
Command Mode
Global Configuration Mode
Example
Download a SSH-1 type key file named ssh-key from TFTP server with the IP
Address 192.168.0.148:
TP-LINK(config)# ssh download v1 ssh-key ip-address 192.168.0.148
show ssh
Description
The show ssh command is used to display the global configuration of SSH.
Syntax
show ssh
Command Mode
Any Configuration Mode
Example
Display the global configuration of SSH:
TP-LINK(config)# show ssh
96
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 19 SSL Commands
SSL(Secure Sockets Layer), a security protocol, is to provide a secure connection for the
application layer protocol(e.g. HTTP) based on TCP. Adopting asymmetrical encryption technology,
SSL uses key pair to encrypt/decrypt information. A key pair refers to a public key (contained in the
certificate) and its corresponding private key. By default the switch has a certificate (self-signed
certificate) and a corresponding private key. The Certificate/Key Download function enables the
user to replace the default key pair.
ssl enable
Description
The ssl enable command is used to enable the SSL function on the switch. To
disable the SSL function, please use no ssl enable command. Only the SSL
function is enabled, a secure HTTPS connection can be established.
Syntax
ssl enable
no ssl enable
Command Mode
Global Configuration Mode
Example
Enable the SSL function:
TP-LINK(config)# ssl enable
ssl download certificate
Description
The ssl download certificate command is used to download a certificate to the
switch from TFTP server.
Syntax
ssl download certificate ssl-cert ip-address ip-addr
Parameter
ssl-cert —— The name of the SSL certificate which is selected to download to
the switch . The length of the name ranges from 1 to 25 characters. The
Certificate must be BASE64 encoded.
97
Download from Www.Somanuals.com. All Manuals Search And Download.
ip-addr —— The IP address of the TFTP server.
Command Mode
Global Configuration Mode
Example
Download a SSL Certificate named ssl-cert from TFTP server with the IP
Address of 192.168.0.148:
TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148
ssl download key
Description
The ssl download key command is used to download a SSL key to the switch
from TFTP server.
Syntax
ssl download key ssl-key ip-address ip-addr
Parameter
ssl-key —— The name of the SSL key which is selected to download to the
switch . The length of the name ranges from 1 to 25 characters. The Key must
be BASE64 encoded.
ip-addr —— The IP address of the TFTP server.
Command Mode
Global Configuration Mode
Example
Download a SSL Key named ssl-key from TFTP server with the IP Address of
192.168.0.148:
TP-LINK(config)# ssl download key ssl-key ip-address 192.168.0.148
show ssl
Description
The show ssl command is used to display the global configuration of SSL.
Syntax
show ssl
Command Mode
Any Configuration Mode
98
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Display the global configuration of SSL:
TP-LINK(config)# show ssl
99
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 20 Address Commands
Address configuration can improve the network security by configuring the Port Security and
maintaining the address information by managing the Address Table.
bridge address port-security
Description
The bridge address port-security command is used to configure port security.
To return to the default configuration, please use no bridge address
port-security command. Port Security is to protect the switch from the
malicious MAC address attack by limiting the maximum number of the MAC
addresses that can be learned on the port. The port with Port Security feature
enabled will learned the MAC address dynamically. When the learned MAC
address number reaches the maximum, the port will stop learning. Therefore,
the other devices with the MAC address unlearned can not access to the
network via this port.
Syntax
bridge address port-security [max-number {num}] [ mode {dynamic | static |
permanent} ] [ status {disable | enable} ]
no bridge address port-security
Parameter
num —— The maximum number of MAC addresses that can be learned on the
port. It ranges from 0 to 1024. By default this value is 1024.
mode —— Learn mode for MAC addresses. There are three modes, including
Dynamic mode, Static mode and Permanent mode. When Dynamic mode is
selected, the learned MAC address will be deleted automatically after the aging
time. When Static mode is selected, the learned MAC address will be out of the
influence of the aging time and can only be deleted manually. The learned
entries will be cleared after the switch is rebooted. When permanent mode is
selected, the learned MAC address will be out of the influence of the aging time
and can only be deleted manually too. However, the learned entries will be
saved even the switch is rebooted.
status —— Enable or disable the Port Security function for a specified port. By
default, this function is disabled.
100
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable Port Security function for port1, select Static mode as the learn mode,
and specify the maximum number of MAC addresses that can be learned on
this port as 30:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# bridge address port-security max-number 30 mode
static status enable
bridge address static
Description
The bridge address static command is used to add the static MAC address
entry. To remove the corresponding entry, please use no bridge address static
command. The static address can be added or removed manually, independent
of the aging time. In the stable networks, the static MAC address entries can
facilitate the switch to reduce broadcast packets and enhance the efficiency of
packets forwarding remarkably.
Syntax
bridge address static {mac mac} {vid vid} {port port}
no bridge address static [mac] [vid] [port]
Parameter
mac ——The MAC address of the entry you desire to add.
vid —— The VLAN ID number of your desired entry. It ranges from 1 to 4094.
port —— The Port number of your desired entry. It ranges from 1 to 12.
Command Mode
Global Configuration Mode
Example
Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23,
VLAN1 and Port1 together:
TP-LINK(config)# bridge address static mac 00:02:58:4f:6c:23 vid 1 port 1
101
Download from Www.Somanuals.com. All Manuals Search And Download.
bridge aging-time
Description
The bridge aging-time command is used to configure aging time for the
dynamic address. To return to the default configuration, please use no bridge
aging-time command.
Syntax
bridge aging-time aging-time
no bridge aging-time
Parameter
aging-time —— The aging time for the dynamic address. The value of it can be
0 or ranges from 10 to 630 seconds. When 0 is entered, the Auto Aging function
is disabled. By default, this value is 300.
Command Mode
Global Configuration Mode
Example
Configure the aging time as 500 seconds:
TP-LINK(config)# bridge aging-time 500
bridge address filtering
Description
The bridge address filtering command is used to add the filtering address
entry. To delete the corresponding entry, please use no bridge address
filtering command. The filtering address function is to forbid the undesired
package to be forwarded. The filtering address can be added or removed
manually, independent of the aging time.
Syntax
bridge address filtering {mac} {vid}
no bridge address filtering [mac] [vid]
Parameter
mac —— The MAC address to be filtered.
vid —— The corresponding VLAN ID of the MAC address. It ranges from 1 to
4094.
102
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Add a filtering address entry whose VLAN ID is 1 and MAC address is
00:1e:4b:04:01:5d:
TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1
show bridge port-security
Description
The show bridge port-security command is used to configure the Port
Security for each port, such as configure the Max number of MAC addressed
that can be learned on the port and the Learn Mode.
Syntax
show bridge port-security [port-num]
Parameter
port-num —— The port number of the switch. It ranges from 1 to 12. By default,
the Port Security configuration of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the Port Security configuration of port 2:
TP-LINK(config)# show bridge port-security 2
show bridge address
Description
The show bridge address command is used to display the information of all
Address entries.
Syntax
show bridge address {dynamic | static | filter | all }
Parameter
dynamic | static | filter | all —— the type of your desired entry
Command Mode
Any Configuration Mode
103
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Display the information of all Address entries:
TP-LINK(config)# show bridge address all
show bridge aging-time
Description
The show bridge aging-time command is used to display the Aging Time of
the MAC address.
Syntax
show bridge aging-time
Command Mode
Any Configuration Mode
Example
Display the Aging Time of the MAC address:
TP-LINK(config)# show bridge aging-time
104
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 21 System Commands
System Commands can be used to configure the System information and System IP, reboot and
reset the switch, upgrade the switch system and other operations.
system-descript
Description
The system-descript command is used to configure the Device Name, Device
Location and System Contact. To clear all the information, please use no
system-descript command.
Syntax
system-descript {sysname {sysname} | location {location} | contact-info
{contact_info} }
no system-descript {sysname | location | contact_info}
Parameter
sysname —— System Name(Device Name). The length of the name ranges
from 1 to 32 characters. By default, it is empty.
location —— Device Location. It consists of 32 characters at most. By default, it
is empty.
contact_info —— Contact Information. It consists of 32 characters at most. By
default, it is empty.
Command Mode
Global Configuration Mode
Example
Configure the System Contact as www.tp-link.com:
TP-LINK(config)# system-descript contact-info www.tp-link.com
system-time gmt
Description
The system-time gmt command is used to configure the time zone and the IP
Address for the NTP Server.
Syntax
system-time gmt {time-zone} {ntp-server} {backup-ntp-server}
105
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
time-zone —— Your local time-zone, and it ranges from -12 to 13.
ntp-server —— The IP Address for the Primary NTP Server.
Backup-ntp-server —— The IP Address for the Secondary NTP Server.
Command Mode
Global Configuration Mode
Example
Configure the system time mode as gmt, the time zone is -12, the primary ntp
server is 133.100.9.2 and the secondary ntp server is 139.78.100.163:
TP-LINK(config)# system-time gmt -12 133.100.9.2 139.78.100.163
system-time manual
Description
The system-time manual command is used to configure the system time
manually.
Syntax
system-time manual {time}
Parameter
time —— Set the date and time manually, MM/DD/YYYY-HH:MM:SS
Command Mode
Global Configuration Mode
Example
Configure the system mode as manual, and the time is 12/20/2010 17:30:35
TP-LINK(config)# system-time manual 12/20/2010-17:30:35
system-time dst
Description
The system-time dst command is used to configure the DST (Daylight Saving
Time). To clear all the information, please use no system-time dst command.
Syntax
system-time dst {start-date} {start-time} {end-date} {end-time}
no system-time dst
106
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
start-date —— The start date of DST you set.
start-time —— The start time of DST you set.
end-date —— The end date of DST you set.
end-time —— The end time of DST you set.
Command Mode
Global Configuration Mode
Example
Configure the dst, dst is from April 1 00:00 to November 1 23:00.
TP-LINK(config)# system-time dst 04/01 00:00 11/01 23:00
ip address
Description
The ip address command is used to configure the IP Address, Subnet Mask
and Default Gateway. To restore to the factory defaults, please use no ip
address command.
Syntax
ip address {ip-addr} {ip-mask} [gateway]
no ip address
Parameter
ip-addr —— The system IP of the Switch. The default system IP is 192.168.0.1.
ip-mask —— The Subnet Mask of the Switch. The default Subnet Mask is
255.255.255.0.
gateway —— The Default Gateway of the Switch. By default, it is empty.
Command Mode
Global Configuration Mode
Example
Configure the system IP as 192.168.0.69 and the Subnet Mask as
255.255.255.0:
TP-LINK(config)# ip address 192.168.0.69 255.255.255.0
107
Download from Www.Somanuals.com. All Manuals Search And Download.
ip management-vlan
Description
The ip management-vlan command is used to configure the IP management
VLAN, through which you can log on to the switch.
Syntax
ip management-vlan {vlan-id}
Parameter
vlan-id —— VLAN ID, ranging from 1 to 4094.
Command Mode
Global Configuration Mode
Example
Set the VLAN6 as IP management VLAN:
TP-LINK(config)# ip management-vlan 6
ip dhcp-alloc
Description
The ip dhcp-alloc command is used to enable the DHCP Client function. When
this function is enabled, the switch will obtain IP from DHCP Client server.
Syntax
ip dhcp-alloc
Command Mode
Global Configuration Mode
Example
Enable the DHCP Client function:
TP-LINK(config)# ip dhcp-alloc
ip bootp-alloc
Description
The ip bootp-alloc command is used to obtain IP address from BOOTP Server.
Syntax
ip bootp-alloc
108
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Enable the BOOTP Protocol to obtain IP address from BOOTP Server:
TP-LINK(config)# ip bootp-alloc
reset
Description
The reset command is used to reset the switch’s software. After resetting, all
configuration of the switch will restore to the factory defaults and your current
settings will be lost.
Syntax
reset
Command Mode
Privileged EXEC Mode
Example
Reset the software of the Switch:
TP-LINK# reset
reboot
Description
The reboot command is used to reboot the Switch. To avoid damage, please
don’t turn off the device while rebooting.
Syntax
reboot
Command Mode
Privileged EXEC Mode
Example
Reboot the Switch:
TP-LINK# reboot
109
Download from Www.Somanuals.com. All Manuals Search And Download.
user-config backup
Description
The user-config backup command is used to backup the configuration file by
TFTP server.
Syntax
user-config backup filename name ip-address ip-addr
Parameter
name —— Specify the name for the configuration file which would be backuped.
ip-addr —— IP Address of the TFTP server.
Command Mode
Privileged EXEC Mode
Example
Backup the configuration files by TFTP server with the IP 192.168.0.148 and
name this file config.cfg:
TP-LINK# user-config backup filename config.cfg ip-address 192.168.0.148
user-config load
Description
The user-config load command is used to download the configuration file to
the switch by TFTP server.
Syntax
user-config load filename name ip-address ip-addr
Parameter
name —— Specify the name for the configuration file which would be
downloaded.
ip-addr —— IP Address of the TFTP server.
Command Mode
Privileged EXEC Mode
Example
Download the configuration file to the switch by TFTP server with the IP
192.168.0.148 and name this file config.cfg:
110
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148
user-config save
Description
The user-config save command is used to save current settings.
Syntax
user-config save
Command Mode
Privileged EXEC Mode
Example
Save current settings:
TP-LINK# user-config save
firmware upgrade
Description
The firmware upgrade command is used to upgrade the switch system via the
TFTP server.
Syntax
firmware upgrade filename name ip-address ip-addr
Parameter
name —— Specify the name for the Firmware File.
ip-addr —— IP Address of the TFTP server.
Command Mode
Privileged EXEC Mode
Example
Upgrade the switch system via the TFTP server with the IP 192.168.0.148:
TP-LINK# firmware upgrade filename firmware.bin ip-address 192.168.0.148
ping
Description
111
Download from Www.Somanuals.com. All Manuals Search And Download.
The ping command is used to test the connectivity between the switch and one
node of the network.
Syntax
ping {ip_addr} [-n {count}] [-l {count}] [-i {count}]
Parameter
ip_addr —— The IP address of the destination node for ping test.
count (-n) —— The amount of times to send test data during Ping testing. It
ranges from 1 to 10. By default, this value is 4.
count (-l) —— The size of the sending data during ping testing. It ranges from 1
to 1024 bytes. By default, this value is 64.
count (-i) —— The interval to send ICMP request packets. It ranges from 100
to 1000 milliseconds. By default, this value is 1000.
Command Mode
User EXEC Mode and Privileged EXEC Mode
Example
To test the connectivity between the switch and the network device with the IP
192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000
milliseconds. If there is not any response after 8 times’ Ping test, the connection
between the switch and the network device is failed to establish:
TP-LINK# ping 192.168.0.131 –n 8 –l 512
tracert
Description
The tracert command is used to test the connectivity of the gateways during its
journey from the source to destination of the test data.
Syntax
tracert {ip-address} [maxHops]
Parameter
ip-address —— The IP address of the destination device.
maxHops —— The maximum number of the route hops the test data can pass
though. It ranges from 1 to 30. By default, this value is 4.
Command Mode
User EXEC Mode and Privileged EXEC Mode
112
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Test the connectivity between the switch and the network device with the IP
192.168.0.131. If the destination device has not been found after 20 maxHops,
the connection between the switch and the destination device is failed to
establish:
TP-LINK# tracert 192.168.0.131 20
loopback
Description
The loopback command is used to test whether the port is available or not.
Syntax
loopback {port} { internal | external }
Parameter
port —— The number of the port which is selected for loopback test.
internal | external —— Loopback Type. There are two options, Internal and
External.
Command Mode
User EXEC Mode and Privileged EXEC Mode
Example
Do an Internal-type loopback test for port 4:
TP-LINK#loopback 4 internal
show system-info
Description
The show system-info command is used to display System Description,
Device Name, Device Location, System Contact, Hardware Version, Firmware
Version, System Time, Run Time and so on.
Syntax
show system-info
Command Mode
Any Configuration Mode
Example
113
Download from Www.Somanuals.com. All Manuals Search And Download.
Display the system information:
TP-LINK# show system-info
show ip address
Description
The show ip address command is used to display MAC Address, IP Address,
Subnet Mask and Default Gateway of the system, whether the DHCP Client
function is enabled or not and some other information.
Syntax
show ip address
Command Mode
Any Configuration Mode
Example
Display the IP Address of the system
TP-LINK# show ip address
show system-time
Description
The show system-time command is used to display the time information of the
switch.
Syntax
show system-time
Command Mode
Any Configuration Mode
Example
Display the time information of the switch
TP-LINK# show system-time
show system-time dst
Description
The show system-time dst command is used to display the DST time
114
Download from Www.Somanuals.com. All Manuals Search And Download.
information of the switch.
Syntax
show system-time dst
Command Mode
Any Configuration Mode
Example
Display the DST time information of the switch
TP-LINK# show system-time dst
show system-time source
Description
The show system-time source command is used to display the time source of
the switch.
Syntax
show system-time source
Command Mode
Any Configuration Mode
Example
Display the time source of the switch
TP-LINK# show system-time source
show system-time mode
Description
The show system-time mode command is used to display the time mode of
the switch.
Syntax
show system-time mode
Command Mode
Any Configuration Mode
Example
Display the time mode of the switch:
TP-LINK# show system-time mode
115
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 22 Ethernet Configuration Commands
Ethernet Configuration Commands can be used to configure the Bandwidth Control, Negotiation
Mode and Storm Control for Ethernet ports.
interface ethernet
Description
The interface ethernet command is used to enter the Interface Configuration
Mode and configure one Ethernet port.
Syntax
interface ethernet interface
Parameter
interface —— The Ethernet port to be configured.
Command Mode
Global Configuration Mode
Example
Enter the Interface Configuration Mode and configure Ethernet port2:
TP-LINK(config)# interface ethernet 2
interface range ethernet
Description
The interface range ethernet command is used to enter the Interface
Configuration Mode and configure multiple Ethernet ports at the same time.
Syntax
interface range ethernet port-list
Parameter
port-list —— The list of the Ethernet ports to be configured. Inconsecutive ports
or port-groups are separated by a comma with no space. Use a hyphen to
designate a range of ports, for instance 1-10 indicates from port 1 to port 10.
Command Mode
Global Configuration Mode
116
Download from Www.Somanuals.com. All Manuals Search And Download.
User Guidelines
Command in the Interface Range Ethernet Mode is executed independently on
all ports in the range. It does not effect the execution on the other ports at all if
the command results in an error on one port.
Example
Enter the Interface Configuration Mode, add ports 1-3, 6-9 to the port-list and
configure them:
TP-LINK(config)# interface range ethernet 1-3,6-9
description
Description
The description command is used to add a description to the Ethernet port. To
clear the description of the corresponding port, please use no description
command.
Syntax
description string
no description
Parameter
string —— Content of a port description, ranging from 1 to 16 characters.
Command Mode
Interface Configuration Mode(interface Ethernet)
Example
Add a description Port#5 to port5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# description Port#5
shutdown
Description
The shutdown command is used to disable an Ethernet port. To enable this port
again, please use no shutdown command.
Syntax
shutdown
no shutdown
117
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Disable Ethernet port3:
TP-LINK(config)# interface ethernet 3
TP-LINK(config-if)# shutdown
flow-control
Description
The flow-control command is used to enable the flow-control function for a port.
To disable the flow-control function for this corresponding port, please use no
flow-control command. With the flow-control function enabled, the Ingress
Rate and Egress Rate can be synchronized to avoid packets drop in the
network.
Syntax
flow-control
no flow-control
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the flow-control function for Ethernet port 5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# flow-control
negotiation
Description
The negotiation command is used to configure the Negotiation Mode for an
Ethernet port. To return to the default configuration, please use no negotiation
command.
Syntax
negotiation {auto | 10h |10f |100h |100f |1000f}
no negotiation
118
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
auto —— Auto negotiation (default).
10h —— 10M half-duplex.
10f —— 10M full-duplex.
100h —— 100M half-duplex.
100f —— 100M full-duplex.
1000f —— 1000M full-duplex.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the Negotiation Mode as 100M full-duplex for Ethernet port5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# negotiation 100f
storm-control
Description
The storm-control command is used to configure the Storm Control function.
To disable the Storm Control function, please use no storm-control command.
Storm Control function allows the switch to filter broadcast, multicast and UL
frame in the network. If the transmission rate of the three kind packets exceeds
the set bandwidth, the packets will be automatically discarded to avoid network
broadcast storm.
Syntax
storm-control [bc-status enable|disable] [mc-status enable|disable] [ul-status
enable|disable] [rate rate]
no storm-control
Parameter
status —— Enable/Disable the Broadcast packets control, Multicast packets
control, or the UL-Frame control.
rate —— The maximum ingress rate of these tree types of packets. The packet
traffic exceeding the bandwidth will be discarded. The value of it can be 128 |
256 | 512kbps or 1 | 2 | 4 | 5 | 10 | 20 | 40 | 50mbps.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
119
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Enable the Broadcast Control function for port5 and specify the rate as 128kbps:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# storm-control bc-status enable rate 128k
port rate-limit
Description
The port rate-limit command is used to configure the Rate Limit for an Ethernet
port. To disable the Rate Limit, please use no port rate-limit command.
Syntax
port rate-limit [ ingress ingress-rate ] [egress egress-rate ]
no port rate-limit
Parameter
ingress-rate —— Configure the bandwidth for receiving packets on the port, and
the system will automatically select integral multiple of 64Kbps that closest to
the rate you entered as the real Ingress rate.
egress-rate —— Configure the bandwidth for sending packets on the port, and
the system will automatically select integral multiple of 64Kbps that closest to
the rate you entered as the real Engress rate.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the ingress-rate as 1Mbps and egress-rate as 10Mbps for port5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# port rate-limit ingress 1024 egress 10240
port rate-limit disable ingress
Description
The port rate-limit disable ingress command is used to disable the
ingress-rate limit.
Syntax
port rate-limit disable ingress
120
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Disable the ingress-rate limit for port5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# port rate-limit disable ingress
port rate-limit disable egress
Description
The port rate-limit disable egress command is used to disable the egress-rate
limit.
Syntax
port rate-limit disable egress
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Disable the egress-rate limit for port5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# port rate-limit disable egress
show interface configuration
Description
The show interface configuration command is used to display the
configurations of an Ethernet port, including Port-status, Flow Control,
Negotiation Mode and Port-description.
Syntax
show interface configuration ethernet [interface]
Parameter
interface —— The port selected to display the configurations. By default, the
configuration information of all ports is displayed.
Command Mode
Any Configuration Mode
121
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Display the configurations of port5:
TP-LINK# show interface configuration ethernet 5
show interface status
Description
The show interface status command is used to display the connective-status
of an Ethernet port.
Syntax
show interface status ethernet [interface]
Parameter
Interface —— The port selected to display the connective-status. By default, the
connective-status of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the connective-status of all Ethernet ports:
TP-LINK(config)# show interface status ethernet
show interface counters
Description
The show interface counters command is used to display the statistic
information of an Ethernet port.
Syntax
show interface counters ethernet [interface]
Parameter
Interface ——The port selected to display the statistic information. By default,
the statistic information of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the statistic information of Ethernet port3:
TP-LINK(config)# show interface counters ethernet 3
122
Download from Www.Somanuals.com. All Manuals Search And Download.
show storm-control ethernet
Description
The show storm-control ethernet command is used to display the
storm-control information of an Ethernet port.
Syntax
show storm-control ethernet [port]
Parameter
port —— The port-number of the port selected to display the storm-control
information. By default, the storm-control information of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the storm-control information of all Ethernet ports:
TP-LINK(config)# show storm-control ethernet
show port rate-limit
Description
The show port rate-limit command is used to display the rate-limit information
of an Ethernet port.
Syntax
show port rate-limit [interface-num]
Parameter
port —— The port-number of the port selected to display the rate-limit
information. By default, the rate-limit information of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the rate-limit information of all Ethernet ports:
TP-LINK(config)# show port rate-limit
123
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 23 QoS Commands
QoS (Quality of Service) function is used to optimize the network performance. It provides you with
network service experience of a better quality.
qos
Description
The qos command is used to configure CoS (Class of Service) based on port.
To return to the default configuration, please use no qos command.
Syntax
qos cos-id
no qos
Parameter
cos-id —— The priority of port. It ranges from 0 to 7, which represent CoS0,
CoS1, CoS2, CoS3, CoS4, CoS5, CoS6, CoS7 respectively. By default, the
priority is 0.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
User Guidelines
Port priority is one property of the port. When the port priority is specified, the
data will be classified into the egress queue based on the CoS value of the
ingress port and the mapping relation between the CoS and TC in IEEE 802.1P.
Example
Configure the priority of port 5 as 3:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# qos 3
qos dot1p enable
Description
The qos dot1p enable command is used to enable the mapping relation
between IEEE 802.1P Priority and Egress Queue. To disable the mapping
relation, please use no qos dot1p enable command.
124
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
qos dot1p enable
no qos dot1p enable
Command Mode
Global Configuration Mode
Example
Enable the mapping relation between IEEE 802.1P Priority and Egress Queue:
TP-LINK(config)# qos dot1p enable
qos dot1p config
Description
The qos dot1p config command is used to configure the mapping relation
between IEEE 802.1P Priority and Egress Queue. To return to the default
configuration, please use no qos dot1p config command. IEEE 802.1P gives
the Pri field in IEEE 802.1Q tag a recommended definition. This field is used to
divide packets into 8 priorities. When IEEE 802.1P Priority is enabled, the
packets with IEEE 802.1Q tag are mapped to different priority levels based on
IEEE 802.1P priority mode. The untagged packets are mapped based on port
priority mode.
Syntax
qos dot1p config {tag} {tc-id}
no qos dot1p config
Parameter
tag —— The 8 priority levels defined by IEEE 802.1P, ranging from 0 to 7.
tc-id —— The egress queue the packets with tag are mapped to. It ranges from
0 to 3, which represent TC0, TC1, TC2, TC3 respectively.
Command Mode
Global Configuration Mode
User Guidelines
1. By default, the mapping relation between tag and the egress queue is:
0-TC1, 1-TC0, 2-TC0, 3-TC1, 4-TC2, 5-TC2, 6-TC3, 7-TC3
2. Among the priority levels TC0-TC3, the bigger the value, the
higher the priority.
125
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Map tag value 0 to TC3:
TP-LINK(config)# qos dot1p config 0 3
qos dscp enable
Description
The qos dscp enable command is used to enable the mapping relation
between DSCP Priority and Egress Queue. To disable the mapping relation,
please use no qos dscp enable command.
Syntax
qos dscp enable
no qos dscp enable
Command Mode
Global Configuration Mode
Example
Enable the mapping relation between DSCP Priority and Egress Queue:
TP-LINK(config)# qos dscp enable
qos dscp config
Description
The qos dscp config command is used to configure the mapping relation
between DSCP Priority and Egress Queue. To return to the default configuration,
please use no qos dscp config command. DSCP (DiffServ Code Point) is a
new definition to IP ToS field given by IEEE. This field is used to divide IP
datagram into 64 priorities. When DSCP Priority is enabled, IP datagram are
mapped to different priority levels based on DSCP priority mode; non-IP
datagram with IEEE 802.1Q tag are mapped to different priority levels based on
IEEE 802.1P priority mode if IEEE 802.1P Priority is enabled; the untagged
non-IP datagram are mapped based on port priority mode.
Syntax
qos dscp config {dscp-list} {tc-id}
no qos dscp config
126
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
dscp-list —— List of DSCP value. One or several DSCP values can be typed
using comma to separate. Use a hyphen to designate a range of values, for
instance, 1, 4-7, 11 indicates choosing 1, 4, 5, 6, 7 and 11. The DSCP value
ranges from 0 to 63.
tc-id —— The priority level the packets with tag are mapped to. It ranges from 0
to 3, which represent TC0, TC1, TC2, TC3 respectively.
Command Mode
Global Configuration Mode
User Guidelines
1. By default, DSCP values 0-15 are mapped to TC0, DSCP values 16-31 are
mapped to TC1, DSCP values 32-47 are mapped to TC2, and DSCP
values 48-63 are mapped to TC3.
2. Among the priority levels TC0-TC3, the bigger value, the higher
priority.
Example
Map DSCP values 10,11,15 to TC0:
TP-LINK(config)# qos dscp config 10,11,15 0
qos scheduler
Description
The qos scheduler command is used to configure the Schedule Mode. To
return to the default configuration, please use no qos scheduler command.
When the network is congested, the program that many packets complete for
resources must be solved, usually in the way of queue scheduling. The switch
will control the forwarding sequence of the packets according to the priority
queues and scheduling algorithms you set. On this switch, the priority levels are
labeled as TC0, TC1… TC3.
Syntax
qos scheduler {sp | wrr | sp+wrr | equ}
no qos scheduler
Parameter
sp —— Strict-Priority Mode. In this mode, the queue with higher priority will
occupy the whole bandwidth. Packets in the queue with lower priority are sent
only when the queue with higher priority is empty.
127
Download from Www.Somanuals.com. All Manuals Search And Download.
wrr —— Weight Round Robin Mode. In this mode, packets in all the queues are
sent in order based on the weight value for each queue. The weight value ratio
of TC0, TC1, TC2 and TC3 is 1:2:4:8.
sp+wrr —— Strict-Priority + Weight Round Robin Mode. In this mode, the switch
provides two scheduling groups, SP group and WRR group. Queues in SP
group and WRR group are scheduled strictly based on Strict-Priority mode while
the queues inside WRR group follow the WRR mode. In SP + WRR mode, TC3
is the SP group; TC0, TC1 and TC2 belong to the WRR group and the weight
value ratio of TC0, TC1 and TC2 is 1:2:4. In this way, when scheduling queues,
the switch allows TC3 to occupy the whole bandwidth following the SP mode
and the TC0, TC1 and TC2 in the WRR group will take up the bandwidth
according to their ratio 1:2:4.
equ —— Equal-Mode. In this mode, all the queues occupy the bandwidth
equally. The weight value ratio of all the queues is 1:1:1:1.
Command Mode
Global Configuration Mode
Example
Specify the Schedule Mode as Weight Round Robin Mode:
TP-LINK(config)# qos scheduler wrr
show qos port-based
Description
The show qos port-based command is used to display the configuration of
QoS based on port priority.
Syntax
show qos port-based [interface-num]
Parameter
interface-num —— The Ethernet port selected to display the configuration. By
default, information of all the ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the configuration of QoS for port 5:
TP-LINK# show qos port-based 5
128
Download from Www.Somanuals.com. All Manuals Search And Download.
show qos dot1p
Description
The show qos dot1p command is used to display the configuration of IEEE
802.1P Priority.
Syntax
show qos dot1p
Command Mode
Any Configuration Mode
Example
Display the configuration of IEEE 802.1P Priority:
TP-LINK# show qos dot1p
show qos dscp
Description
The show qos dscp command is used to display the configuration of DSCP
Priority.
Syntax
show qos dscp
Command Mode
Any Configuration Mode
Example
Display the configuration of DSCP Priority:
TP-LINK# show qos dscp
show qos scheduler
Description
The show qos scheduler command is used to display the schedule rule of the
egress queues.
Syntax
show qos scheduler
Command Mode
Any Configuration Mode
129
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Display the schedule rule of the egress queues:
TP-LINK# show qos scheduler
130
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 24 Port Mirror Commands
Port Mirror refers to the process of forwarding copies of packets from one port to a mirroring port.
Usually, the mirroring port is connected to data diagnose device, which is used to analyze the
mirrored packets for monitoring and troubleshooting the network.
mirror add
Description
The mirror add command is used to configure Port Mirror function, to create a
mirror group or add a mirrored port to a mirror group.
Syntax
mirror add mirrored-port mirroring-port {none|egress|ingress|both} group-num
Parameter
mirrored-port —— List of mirrored port.
mirroring-port —— Specify the mirroring port which obtain the packets of the
mirrored port.
ingress —— Ingress monitoring. Select this option, the incoming packets
received by the mirrored port will be copied to the mirroring port.
egress —— Egress monitoring. Select this option, the outgoing packets sent by
the mirrored port will be copied to the mirroring port.
both —— Ingress and Egress monitoring. Select this option, the incoming
packets received and the outgoing packets sent by the mirrored port will both be
copied to the mirroring port.
group-num —— Configure the mirror group number you want to configure.
Command Mode
Global Configuration Mode
User Guidelines
1. Mirrored ports number is not limited, but it can’t be the mirroring port at the
same time.
2. Whether the mirroring port and mirrored ports are in the same VLAN or not
is not demanded strictly.
3. The mirroring port and mirrored ports cannot be link-aggregation member.
Example
Configure the mirror group 1, port 2,5,6,7 and 9 as mirrored ports, port 10 as the
131
Download from Www.Somanuals.com. All Manuals Search And Download.
mirroring port, and enable ingress monitoring:
TP-LINK(config)# mirror add 2,5-7,9 10 ingress 1
mirror remove mirrored
Description
The mirror remove mirrored command is used to remove mirrored ports from
a mirror group.
Syntax
mirror remove mirrored port-list group-num
Parameter
port-list —— List of mirrored port.
group-num —— Configure the mirror group number you want to configure.
Command Mode
Global Configuration Mode
Example
Remove the mirrored port 2 from mirror group 1:
TP-LINK(config)# mirror remove mirrored 2 1
mirror remove group
Description
The mirror remove group command is used to remove a mirror group.
Syntax
mirror remove group group-num
Parameter
group-num —— Configure the group number you want to remove
Command Mode
Global Configuration Mode
Example
Remove the mirror group 1:
TP-LINK(config)# mirror remove group 1
132
Download from Www.Somanuals.com. All Manuals Search And Download.
show mirror
Description
The show mirror command is used to display the configuration of port
monitoring.
Syntax
show mirror [group-num]
Command Mode
Any Configuration Mode
Example
Display current port monitoring configuration:
TP-LINK# show mirror
133
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 25 Port isolation Commands
Port Isolation provides a method of restricting traffic flow to improve the network security by
forbidding the port to forward packets to the ports that are not on its forwarding port list.
port isolation
Description
The port isolation command is used to configure the forward portlist of a port,
so that this port can only communicate with the ports on its portlist. To delete the
corresponding configuration, please use no port isolation command.
Syntax
port isolation { forward-list }
no port isolation
Parameter
forward-list —— portlist of forward port. It is multi-optional.
Command Mode
Interface Configuration Mode
Example
Configure port 1 and port 2 can only forward packets to port 6 and port 13:
TP-LINK(config)# interface range ethernet 1-2
TP-LINK(config-if)# port isolation 6,13
show port isolation
Description
The show port isolation command is used to display the forward portlist of a
port.
Syntax
show port isolation [port]
Parameter
port —— The port-number you want to show its forward portlist.
Command Mode
Any Configuration Mode
134
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Display the forward-list of port 6:
TP-LINK# show port isolation 6
135
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 26 ACL Commands
ACL (Access Control List) is used to filter data packets by configuring a series of match conditions,
operations and time ranges. It provides a flexible and secured access control policy and facilitates
you to control the network security.
acl time-segment
Description
The acl time-segment command is used to add Time-Range. To delete the
corresponding Time-Range, please use no acl time-segment command. A
time-range based ACL enables you to implement ACL control over packets by
differentiating the time-ranges. A time-range can be specified in each rule in an
ACL. The rule takes effect only when the specified time-range is configured and
the system time is within the time-range.
Syntax
acl time-segment {name} [start-time start-time] [end-time end-time]
[week-day week-day] [start-date start-date] [end-date end-date] [holiday
{disable | enable }]
no acl time-segment {name}
Parameter
name —— The Time-Range name, ranging from 1 to 16 characters.
start-time —— The start time of the time-slice, in the format of HH:MM. By
default, it is 00:00.
end-time —— The end time of the time-slice, in the format of HH:MM. By default,
it is 24:00.
week-day —— Period Mode, in the format of 1-3,6 or daily, off-day, working-day.
1-3, 6 represent Monday, Tuesday, Wednesday and Saturday; daily represents
every day; off-day represents weekend and working-day represents working day.
By default, the period mode is disabled.
start-date —— The start date in Absoluteness Mode, in the format of
MM/DD/YYYY. By default, it is 01/01/2000.
end-date —— The end date in Absoluteness Mode, in the format of
MM/DD/YYYY. By default, it is 01/01/2000. The absoluteness mode will be
disabled if the start date and end date are both not configured.
holiday —— Enable/ Disable Holiday Mode. By default, it is disabled.
136
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Add a time-range named tSeg1, with time from 8:30 to 12:00 at working day:
TP-LINK(config)# acl time-segment tSeg1 start-time 08:30 end-time 12:00
week-day working-day
acl edit time-segment
Description
The acl edit time-segment command is used to edit Time-Range.
Syntax
acl edit time-segment {name} [start-time start-time] [end-time end-time]
[week-day week-day] [start-date start-date] [end-date end-date] [holiday
{disable | enable}]
Parameter
name —— The Time-Range name, ranging from 1 to 16 characters.
start-time —— The start time of the time-slice, in the format of HH:MM. By
default, it is 00:00.
end-time —— The end time of the time-slice, in the format of HH:MM. By default,
it is 24:00.
week-day —— Period Mode, in the format of 1-3,6 or daily, off-day, working-day.
1-3, 6 represent Monday, Tuesday, Wednesday and Saturday; daily represents
every day; off-day represents weekend and working-day represents working day.
By default, the period mode is disabled.
start-date —— The start date in Absoluteness Mode, in the format of
MM/DD/YYYY. By default, it is 01/01/2000.
end-date —— The end date in Absoluteness Mode, in the format of
MM/DD/YYYY. By default, it is 01/01/2000. The absoluteness mode will be
disabled if the start date and end date are both not configured.
holiday —— Enable/ Disable Holiday Mode. By default, it is disabled.
Command Mode
Global Configuration Mode
Example
Edit the time-range named tSeg1, with time from 8:30 to 12:00 at working day:
137
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)# acl edit time-segment tSeg1 start-time 08:30 end-time
12:00 week-day working-day
acl holiday
Description
The acl holiday command is used to create holiday in Holiday Mode in the acl
time-segment command. To delete the corresponding holiday, please use no
acl holiday command.
Syntax
acl holiday {name} {start-date} {end-date}
no acl holiday {name}
Parameter
name —— The holiday name, ranging from 1 to 16 characters.
start-date —— The start date of the holiday, in the format of MM/DD, for
instance, 05/01.
end-date —— The end date of the holiday, in the format of MM/DD, for instance,
05/03.
Command Mode
Global Configuration Mode
Example
Define National Day, configuring the start date as October 1st, and the end date
as October 3rd:
TP-LINK(config)# acl holiday NationalDay 10/01 10/03
acl create
Description
The acl create command is used to create ACL. To delete the corresponding
ACL, please use no acl create command.
Syntax
acl create id
no acl create id
Parameter
id —— ACL ID, ranging from 0 to 299. 0-99 must be MAC ACL, 100-199 must
138
Download from Www.Somanuals.com. All Manuals Search And Download.
be Standard-IP ACL, and 200-299 must be Extend-IP ACL.
Command Mode
Global Configuration Mode
Example
Create a MAC ACL whose ID is 20:
TP-LINK(config)# acl create 20
acl rule mac-acl
Description
The acl rule mac-acl command is used to add MAC ACL rule. To delete the
corresponding rule, please use no acl rule mac-acl command. MAC ACLs
analyze and process packets based on a series of match conditions, which can
be the source MAC addresses, destination MAC addresses, VLAN ID, and
EtherType carried in the packets.
Syntax
acl rule mac-acl {acl-id} {rule-id} [op {discard | permit }] [[smac source-mac]
{smask source-mac-mask}] [[dmac destination-mac] {dmask
destination-mac-mask}] [vid vlan-id] [type Ethernet-type] [pri user-pri] [tseg
time-segment]
no acl rule mac-acl {acl-id} {rule-id}
Parameter
acl-id —— The desired MAC ACL for configuration.
rule-id —— The rule ID.
op —— The operation for the switch to process packets which match the rules.
There are two options, discard and permit. Discard means discarding packets,
and permit means forwarding packets. By default, the option is permit.
source-mac —— The source MAC address contained in the rule.
source-mac-mask —— The source MAC address mask. It is required if you
typed the source MAC address.
destination-mac —— The destination MAC address contained in the rule.
destination-mac-mask —— The destination MAC address mask. It is required if
you typed the destination MAC address.
vlan-id —— The VLAN ID contained in the rule, ranging from 1 to 4094.
Ethernet-type —— EtherType contained in the rule, in the format of 4-hex
139
Download from Www.Somanuals.com. All Manuals Search And Download.
number.
user-pri —— The user priority contained in the rule, ranging from 0 to 7. By
default, it is not limited.
time-segment —— The time-range for the rule to take effect. By default, it is not
limited.
Command Mode
Global Configuration Mode
Example
Create a MAC ACL whose ID is 20, and add Rule 10 for it. In the rule, the source
MAC address is 00:01:3F:48:16:23, the source MAC address mask is
11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule
to take effect is tSeg1, and the packets match this rule will be forwarded by the
switch:
TP-LINK(config)# acl create 20
TP-LINK(config)# acl rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23
smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1
acl edit rule mac-acl
Description
The acl edit rule mac-acl command is used to edit MAC ACL rule.
Syntax
acl edit rule mac-acl {acl-id} {rule-id} [op {discard | permit}] [[smac source-mac]
{smask source-mac-mask}] [[dmac destination-mac] {dmask
destination-mac-mask}] [vid vlan-id] [type Ethernet-type] [pri user-pri] [tseg
time-segment] [index idx]
Parameter
acl-id —— The desired MAC ACL for configuration.
rule-id —— The rule ID.
op —— The operation for the switch to process packets which match the rules.
There are two options, discard and permit. Discard means discarding packets,
and permit means forwarding packets. By default, the option is permit.
source-mac —— The source MAC address contained in the rule.
source-mac-mask —— The source MAC address mask. It is required if you
typed the source MAC address.
140
Download from Www.Somanuals.com. All Manuals Search And Download.
destination-mac —— The destination MAC address contained in the rule.
destination-mac-mask —— The destination MAC address mask. It is required if
you typed the destination MAC address.
vlan-id —— The VLAN ID contained in the rule, ranging from 1 to 4094.
Ethernet-type —— EtherType contained in the rule, in the format of 4-hex
number.
user-pri —— The user priority contained in the rule, ranging from 0 to 7. By
default, it is not limited.
time-segment —— The time-range for the rule to take effect. By default, it is not
limited.
index —— Change the index number of the entry.
Command Mode
Global Configuration Mode
Example
Edit the MAC ACL whose ID is 20, and add Rule 10 for it. In the rule, the source
MAC address is 00:01:3F:48:16:23, the source MAC address mask is
11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule
to take effect is tSeg1, and the packets match this rule will be forwarded by the
switch:
TP-LINK(config)# acl edit rule mac-acl 20 10 op permit smac
00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1
acl rule std-acl
Description
The acl rule std-acl command is used to add Standard-IP ACL rule. To delete
the corresponding rule, please use no acl rule std-acl command. Standard-IP
ACLs analyze and process data packets based on a series of match conditions,
which can be the source IP addresses and destination IP addresses carried in
the packets.
Syntax
acl rule std-acl {acl-id} {rule-id} [op {discard | permit}] [[sip source-ip] {smask
source-ip-mask}] [[dip destination-ip] {dmask destination-ip-mask}] [tseg
time-segment]
no acl rule std-acl {acl-id} {rule-id}
141
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
acl-id —— The desired Standard-IP ACL for configuration.
rule-id —— The rule ID.
op —— The operation for the switch to process packets which match the rules.
There are two options, discard and permit. Discard means discarding packets,
and permit means forwarding packets. By default, the option is permit.
source-ip —— The source IP address contained in the rule.
source-ip-mask —— The source IP address mask. It is required if you typed the
source IP address.
destination-ip —— The destination IP address contained in the rule.
destination-ip-mask —— The destination IP address mask. It is required if you
typed the destination IP address.
time-segment —— The time-range for the rule to take effect. By default, it is not
limited.
Command Mode
Global Configuration Mode
Example
Create a Standard-IP ACL whose ID is 120, and add Rule 10 for it. In the rule,
the source IP address is 192.168.0.100, the source IP address mask is
255.255.255.0, the time-range for the rule to take effect is tSeg1, and the
packets match this rule will be forwarded by the switch:
TP-LINK(config)# acl create 120
TP-LINK(config)# acl rule std-acl 120 10 op permit dip 192.168.0.100 dmask
255.255.255.0 tseg tSeg1
acl edit rule std-acl
Description
The acl rule std-acl command is used to edit Standard-IP ACL rule.
Syntax
acl edit rule std-acl {acl-id} {rule-id} [op {discard | permit}] [[sip source-ip]
{smask source-ip-mask}] [[dip destination-ip] {dmask destination-ip-mask}]
[tseg time-segment] [index idx]
Parameter
acl-id —— The desired Standard-IP ACL for configuration.
142
Download from Www.Somanuals.com. All Manuals Search And Download.
rule-id —— The rule ID.
op —— The operation for the switch to process packets which match the rules.
There are two options, discard and permit. Discard means discarding packets,
and permit means forwarding packets. By default, the option is permit.
source-ip —— The source IP address contained in the rule.
source-ip-mask —— The source IP address mask. It is required if you typed the
source IP address.
destination-ip —— The destination IP address contained in the rule.
destination-ip-mask —— The destination IP address mask. It is required if you
typed the destination IP address.
time-segment —— The time-range for the rule to take effect. By default, it is not
limited.
index —— Change the index number of the entry.
Command Mode
Global Configuration Mode
Example
Edit the Standard-IP ACL whose ID is 120, and add Rule 10 for it. In the rule, the
source IP address is 192.168.0.100, the source IP address mask is
255.255.255.0, the time-range for the rule to take effect is tSeg1, and the
packets match this rule will be forwarded by the switch:
TP-LINK(config)# acl edit rule std-acl 120 10 op permit dip 192.168.0.100
dmask 255.255.255.0 tseg tSeg1
acl policy policy-add
Description
The acl policy policy-add command is used to add Policy. To delete the
corresponding Policy, please use no acl policy policy-add command. A Policy
is used to control the data packets matching the corresponding ACL rules by
configuring ACLs and actions together for effect. The operations here include
stream mirror, stream condition, QoS Remarking and redirect.
Syntax
acl policy policy-add name
no acl policy policy-add name
143
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
name —— The Policy Name, ranging from 1 to 16 characters.
Command Mode
Global Configuration Mode
Example
Add a Policy named policy1:
TP-LINK(config)# acl policy policy-add policy1
acl policy action-add
Description
The acl policy action-add command is used to add ACLs and create actions
for the policy. To delete the corresponding actions, please use no acl policy
action-add command.
Syntax
acl policy action-add {policy-name} {acl-id} [rate rate] [osd {none | discard}]
[e-port egress-port] [mirr mirror]
no acl policy action-add {policy-name} {acl-id}
Parameter
policy-name —— The Policy Name, ranging from 1 to 16 characters.
acl-id —— The ACL for configuration in the policy.
rate —— The rate of Stream Condition, ranging from 1 to 1000000 in kbps.
osd —— Out of Band disposal of Stream Condition. It is the disposal way of the
data packets those are transmitted beyond the rate. There are two options,
none and discard. By default, the option is none.
egress-port —— The Destination Port of Redirect. The data packets matching
the corresponding ACL will be forwarded to the specific port. By default, it is All
Ports.
mirror —— The Mirror Port of Stream Mirror. By default, it is 1.
Command Mode
Global Configuration Mode
Example
Create a Policy named policy1. For the data packets matching ACL 120 in the
policy, if the rate beyond 1000kbps, will be discarded by the switch:
144
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)# acl policy policy-add policy1
TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard
acl edit action
Description
The acl edit action command is used to edit actions for the policy.
Syntax
acl edit action {policy-name} {acl-id} [rate rate] [osd {none | discard}] [e-port
egress-port] [mirr mirror]
Parameter
policy-name —— The Policy Name, ranging from 1 to 16 characters.
acl-id —— The ACL for configuration in the policy.
rate —— The rate of Stream Condition, ranging from 1 to 1000000 in kbps.
osd —— Out of Band disposal of Stream Condition. It is the disposal way of the
data packets those are transmitted beyond the rate. There are two options,
none and discard. By default, the option is none.
egress-port —— The Destination Port of Redirect. The data packets matching
the corresponding ACL will be forwarded to the specific port. By default, it is All
Ports.
mirror —— The Mirror Port of Stream Mirror. By default, it is 1.
Command Mode
Global Configuration Mode
Example
Edit the actions for the policy1. For the data packets matching ACL 120 in the
policy, if the rate beyond 1000kbps, will be discarded by the switch:
TP-LINK(config)# acl edit action policy1 120 rate 1000 osd discard
acl bind to-port
Description
The acl bind to-port command is used to bind a policy to a port. To cancel the
bind relation, please use no acl bind to-port command.
Syntax
acl bind to-port {policy-name} {port}
145
Download from Www.Somanuals.com. All Manuals Search And Download.
no acl bind to-port {policy-name} {port}
Parameter
policy-name —— The name of the policy desired to bind.
port —— The number of the port desired to bind.
Command Mode
Global Configuration Mode
Example
Bind policy1 to Port 1:
TP-LINK(config)# acl bind to-port policy1 1
acl bind to-vlan
Description
The acl bind to-vlan command is used to bind a policy to a VLAN. To cancel
the bind relation, please use no policy to-vlan command.
Syntax
acl bind to-vlan {policy-name} {vlan-id}
no policy to-vlan {policy-name} {vlan-id}
Parameter
policy-name —— The name of the policy desired to bind.
vlan-id —— The ID of the VLAN desired to bind, ranging from 1 to 4094.
Command Mode
Global Configuration Mode
Example
Bind policy1 to VLAN 2:
TP-LINK(config)# acl bind to-vlan policy1 2
show acl time-segment
Description
The show acl time-segment command is used to display the configuration of
Time-Range.
Syntax
show acl time-segment
146
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Any Configuration Mode
Example
Display the configuration of Time-Range:
TP-LINK> show acl time-segment
show acl holiday
Description
The show acl holiday command is used to display the defined holiday.
Syntax
show acl holiday
Command Mode
Any Configuration Mode
Example
Display the defined holiday:
TP-LINK> show acl holiday
show acl config
Description
The show acl config command is used to display the configuration of ACL.
Syntax
show acl config acl-id
Parameter
acl-id —— The ID of the ACL selected to display the configuration.
Command Mode
Any Configuration Mode
Example
Display the configuration of the MAC ACL whose ID is 20:
TP-LINK> show acl config 20
147
Download from Www.Somanuals.com. All Manuals Search And Download.
show acl bind
Description
The show acl bind command is used to display the configuration of Policy bind.
Syntax
show acl bind
Command Mode
Any Configuration Mode
Example
Display the configuration of Policy bind:
TP-LINK> show acl bind
148
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 27 MSTP Commands
MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to
IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as
well as optimize paths.
spanning-tree global
Description
The spanning-tree global command is used to configure STP globally. To
return to the default configuration, please use no spanning-tree global
command.
Syntax
spanning-tree global [status {disable | enable}] [mode {stp | rstp | mstp}] [cist
cist] [htime hello-time] [mage max-age] [delay forward-delay] [hcount
hold-count] [mhop max-hops]
no spanning-tree global
Parameter
status —— Enable/ Disable STP function globally. By default, it is disabled.
mode —— STP Version. There are three options, including STP (Spanning Tree
Protocol), RSTP (Rapid Spanning Tree Protocol) and MSTP (Multiple Spanning
Tree Protocol). By default, the STP version is STP.
cist —— CIST Priority, which must be multiple of 4096 ranging from 0 to 61440.
By default, the CIST priority is 32768. CIST Priority is an important criterion on
determining the root bridge. In the same condition, the switch with the highest
priority will be chosen as the root bridge. The lower value has the higher priority.
hello-time —— Hello Time, which is the interval to send BPDU packets, and
used to test the links. Hello Time ranges from 1 to10 in seconds and it is 2 by
default. Otherwise, 2 * (Hello Time + 1) <= Max Age.
max-age —— Max Age, which is the maximum time the switch can wait without
receiving a BPDU before attempting to reconfigure. Max Age ranges from 6 to
40 in seconds. By default, it is 20.
forward-delay —— Forward Delay, which is the time for the port to transit its
state after the network topology is changed. Forward Delay ranges from 4 to 30
in seconds and it is 15 by default. Otherwise, 2 * (Forward Delay - 1) >= Max
Age.
149
Download from Www.Somanuals.com. All Manuals Search And Download.
hold-count —— TxHold Count, which is the maximum number of BPDU packets
transmitted per Hello Time interval. TxHold Count ranges from 1 to 20 in pps. By
default, it is 5.
max-hops —— Max Hops, which is the maximum number of hops that occur in a
specific region before the BPDU is discarded. Max Hops ranges from 1 to 40 in
hop. By default, it is 20.
Command Mode
Global Configuration Mode
Example
Enable the STP function, and configure the STP version as MSTP, CIST priority
as 4096, Hello Time as 4 seconds, Max Age as 10 seconds, Forward Delay as
10 seconds, TxHold Count as 8pps and Max Hops as 15 hops:
TP-LINK(config)# spanning-tree global status enable mode mstp cist 4096
htime 4 mage 10 delay 10 hcount 8 mhop 15
spanning-tree common-config
Description
The spanning-tree common-config command is used to configure the
parameters of the ports for comparison in the CIST and the common parameters
of all instances. To return to the default configuration, please use no
spanning-tree common-config command. CIST (Common and Internal
Spanning Tree) is the spanning tree in a switched network, connecting all
devices in the network.
Syntax
spanning-tree common-config [status {disable | enable}] [pri priority] [expath
expath-consum] [inpath inpath-consum] [edge {disable | enable}] [ptop {auto |
open | close}]
no spanning-tree common-config
Parameter
status —— Enable/ Disable STP function for the desired port. By default, it is
disabled.
priority —— Port Priority, which must be multiple of 16 ranging from 0 to 240. By
default, the port priority is 128. Port Priority is an important criterion on
determining if the port connected to this port will be chosen as the root port. In
the same condition, the port with the highest priority will be chosen as the root
150
Download from Www.Somanuals.com. All Manuals Search And Download.
port. The lower value has the higher priority.
expath-consum —— ExtPath Cost, which is used to choose the path and
calculate the path costs of ports in different MST regions. It is an important
criterion on determining the root port. The lower value has the higher priority. By
default, it is automatic.
inpath-consum —— IntPath Cost, which is used to choose the path and
calculate the path costs of ports in an MST region. It is an important criterion on
determining the root port. The lower value has the higher priority. By default, it is
automatic.
edge —— Enable/ Disable Edge Port. By default, it is disabled. The edge port
can transit its state from blocking to forwarding rapidly without waiting for
forward delay.
ptop —— The P2P link status, with auto, open and close options. By default, the
option is auto. If the two ports in the P2P link are root port or designated port,
they can transit their states to forwarding rapidly to reduce the unnecessary
forward delay.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath
Cost as 100, IntPath Cost as 100, and then enable Edge Port:
TP-LINK(config)# interface ethernet 1
TP-LINK(config-if)# spanning-tree common-config status enable pri 64
expath 100 inpath 100 edge enable
spanning-tree region
Description
The spanning-tree region command is used to configure the region of MSTP. A
switched network can be divided into many MST regions (Multiple Spanning
Tree Regions). An MST region comprises multiple switches which have the
same region configuration (including region name and region revision
configuration) and the same VLAN-to-spanning-tree mapping configuration.
Syntax
spanning-tree region {name} {revision}
151
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
name —— The region name, used to identify MST region. It ranges from 1 to 32
characters.
revision —— The revision for MST region identification, ranging from 0 to
65535.
Command Mode
Global Configuration Mode
Example
Configure the region name of MSTP as r1, and the revision level as 100:
TP-LINK(config)# spanning-tree region r1 100
spanning-tree msti
Description
The spanning-tree msti command is used to configure MSTP Instance. To
return to the default configuration of the corresponding Instance, please use no
spanning-tree msti command. Instance Configuration, a property of MST
region, is used to describe the VLAN-to-spanning-tree mapping configuration.
You can assign VLAN to different instances appropriate to your needs. Every
instance is a VLAN group independent of other instances and CST.
Syntax
spanning-tree msti {msti-id} [status {disable | enable}] [pri priority] [mapped
mapped]
no spanning-tree msti {msti-id}
Parameter
msti-id —— Instance ID, ranging from 1 to 8.
status —— Enable/ Disable the corresponding instance. By default, it is
disabled.
priority —— MSTI Priority, which must be multiple of 4096 ranging from 0 to
61440. By default, it is 32768. MSTI priority is an important criterion on
determining if the switch will be chosen as the root bridge in the specific
instance.
mapped —— VLAN-Instance mapping. Enter the VLAN ID which belongs to the
corresponding instance ID, in the format of 1,2-4.
Command Mode
Global Configuration Mode
152
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as
4096:
TP-LINK(config)# spanning-tree msti 1 status enable pri 4096 mapped 2-5,8
spanning-tree msti
Description
The spanning-tree msti command is used to configure MSTP Instance Port. To
return to the default configuration of the corresponding Instance Port, please
use no spanning-tree msti command. A port can play different roles in different
spanning tree instance. You can use this command to configure the parameters
of the ports in different instance IDs as well as view status of the ports in the
specified instance.
Syntax
spanning-tree msti {id} [pri pri] [path path]
no spanning-tree msti {id}
Parameter
id —— The desired instance ID for its port configuration, ranging from 1 to 8.
pri —— Port Priority, which must be multiple of 16 ranging from 0 to 240. By
default, it is 128. Port Priority is an important criterion on determining if the port
will be chosen as the root port by the device connected to this port.
path —— Path Cost, which is used to choose the path and calculate the path
costs of ports in an MST region. It is an important criterion on determining the
root port. The lower value has the higher priority.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the priority of port 5 in instance 1 as 64, and Path Cost as 100:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# spanning-tree msti 1 pri 64 path 100
153
Download from Www.Somanuals.com. All Manuals Search And Download.
spanning-tree tc-defend
Description
The spanning-tree tc-defend command is used to configure the TC Protect of
Spanning Tree globally. To return to the default configuration, please use no
spanning-tree tc-defend command. A switch removes MAC address entries
upon receiving TC-BPDUs. If a malicious user continuously sends TC-BPDUs to
a switch, the switch will be busy with removing MAC address entries, which may
decrease the performance and stability of the network.
Syntax
spanning-tree tc-defend [threshold threshold] [period period]
no spanning-tree tc-defend
Parameter
threshold —— TC Threshold, ranging from 1 to 100 packets. By default, it is 20.
TC Threshold is the maximum number of the TC-BPDUs received by the switch
in a TC Protect Cycle.
period —— TC Protect Cycle, ranging from 1 to 10 in seconds. By default, it is 5.
Command Mode
Global Configuration Mode
Example
Configure TC Threshold as 30 packets, and TC Protect Cycle as 10 seconds:
TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10
spanning-tree security
Description
The spanning-tree security command is used to configure MSTP Port Protect.
To return to the default configuration, please use no spanning-tree security
command. Port Protect function is to prevent the devices from any malicious
attack against STP features.
Syntax
spanning-tree security [loop { disable | enable }] [root { disable | enable }] [TC
{ disable | enable }] [defend { disable | enable }] [hold { disable | enable }]
no spanning-tree security
154
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
loop —— Enable/ Disable Loop Protect. By default, it is disabled. Loop Protect
is to prevent the loops in the network brought by recalculating STP because of
link failures and network congestions.
root —— Enable/ Disable Root Protect. By default, it is disabled. Root Protect is
to prevent wrong network topology change caused by the role change of the
current legal root bridge.
TC —— Enable/ Disable TC Protect. By default, it is disabled.
defend —— Enable/ Disable BPDU Protect. By default, it is disabled. BPDU
Protect is to prevent the edge port from being attacked by maliciously created
BPDUs.
hold —— Enable/ Disable BPDU Filter. By default, it is disabled. BPDU Filter is
to prevent BPDUs flood in the STP network.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable Loop Protect, Root Protect, TC Protect, BPDU Protect, and BPDU Filter
for port 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# spanning-tree security loop enable root enable TC
enable defend enable hold enable
spanning-tree mcheck
Description
The spanning-tree mcheck command is used to enable MCheck.
Syntax
spanning-tree mcheck
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable MCheck for port 2:
TP-LINK(config)# interface ethernet 2
TP-LINK(config-if)# spanning-tree mcheck
155
Download from Www.Somanuals.com. All Manuals Search And Download.
show spanning-tree global-info
Description
The show spanning-tree global-info command is used to display the current
status of Spanning Tree.
Syntax
show spanning-tree global-info
Command Mode
Any Configuration Mode
Example
Display the current status of Spanning Tree:
TP-LINK# show spanning-tree global-info
show spanning-tree global-config
Description
The show spanning-tree global-config command is used to display the global
configuration of Spanning Tree.
Syntax
show spanning-tree global-config
Command Mode
Any Configuration Mode
Example
Display the global configuration of Spanning Tree:
TP-LINK# show spanning-tree global-config
show spanning-tree port-config
Description
The show spanning-tree port-config command is used to display the Port
configuration of Spanning Tree.
Syntax
show spanning-tree port-config [port]
Parameter
port —— The port selected to display the configuration. By default, the
156
Download from Www.Somanuals.com. All Manuals Search And Download.
configuration of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the configuration of port 5:
TP-LINK(config)# show spanning-tree port-config 5
show spanning-tree region
Description
The show spanning-tree region command is used to display the Region
configuration of MSTP.
Syntax
show spanning-tree region
Command Mode
Any Configuration Mode
Example
Display the region configuration of MSTP:
TP-LINK(config)# show spanning-tree region
show spanning-tree msti config
Description
The show spanning-tree msti config command is used to display the Instance
configuration of Spanning Tree.
Syntax
show spanning-tree msti config {id}
Parameter
id —— The ID of the instance selected to display the configuration, ranging from
1 to 8.
Command Mode
Any Configuration Mode
Example
Display the configuration of instance 1:
157
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)# show spanning-tree msti config 1
show spanning-tree msti port
Description
The show spanning-tree msti port command is used to display the Instance
Port configuration of Spanning Tree.
Syntax
show spanning-tree msti port {id} [port]
Parameter
id —— Instance ID, ranging from 1 to 8.
port —— The port selected to display the configuration. By default, the
configuration of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the configuration of port 5 in Instance 1:
TP-LINK(config)# show spanning-tree msti port 1 5
show spanning-tree security tc-defend
Description
The show spanning-tree security tc-defend command is used to display TC
Threshold and TC Protect Cycle of Spanning Tree.
Syntax
show spanning-tree security tc-defend
Command Mode
Any Configuration Mode
Example
Display TC Threshold and TC Protect Cycle of Spanning Tree:
TP-LINK(config)# show spanning-tree security tc-defend
158
Download from Www.Somanuals.com. All Manuals Search And Download.
show spanning-tree security port-defend
Description
The show spanning-tree security port-defend command is used to display
the Port Protect configuration of Spanning Tree.
Syntax
show spanning-tree security port-defend [port]
Parameter
port —— The port selected to display the configuration. By default, the Port
Protect configuration of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the Port Protect configuration of port 2:
TP-LINK(config)# show spanning-tree security port-defend 2
159
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 28 IGMP Commands
IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control
mechanism running on Layer 2 switch. It can effectively prevent multicast groups being
broadcasted in the network.
igmp-snooping global
Description
The igmp-snooping global command is used to configure IGMP globally. To
return to the default configuration, please use no igmp global-snooping
command.
Syntax
igmp-snooping global [status {disable | enable}] [unknown-packet {pass |
discard}]
no igmp-snooping global
Parameter
status —— Enable/Disable IGMP Snooping function globally on the switch. By
default, it is disabled.
unknown-packet —— The operation for the switch to process unknown
multicast, with pass and discard options.
Command Mode
Global Configuration Mode
Example
Enable IGMP Snooping function, and specify the operation to process unknown
multicast as discard:
TP-LINK(config)# igmp-snooping global status enable unknown-packet
discard
igmp-snooping config
Description
The igmp-snooping config status command is used to configure IGMP
Snooping and Fast Leave function for port. To return to the default configuration,
please use no igmp-snooping config command.
160
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
igmp-snooping config status {disable | enable} fast-leave {disable | enable}
no igmp-snooping config
Parameter
status —— Enable/ Disable IGMP Snooping for the desired port.
fast-leave —— Enable/ Disable Fast Leave feature for the desired port. If Fast
Leave is enabled for a port, the switch will immediately remove this port from the
multicast group upon receiving IGMP leave messages.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable IGMP Snooping and Fast Leave function for port 5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# igmp-snooping config status enable fast-leave enable
igmp-snooping vlan-config-add
Description
The igmp-snooping vlan-config-add command is used to configure IGMP
Snooping parameters for individual VLANs. To delete the corresponding
configuration for the certain VLAN, please use no igmp-snooping
vlan-config-add command. Multicast groups established by IGMP Snooping
are based on VLANs. You can configure different IGMP parameters for different
VLANs.
Syntax
igmp-snooping vlan-config-add {vlan-id} [rtime router-time] [mtime
member-time] [ltime leave-time] [rport router-port]
no igmp-snooping vlan-config-add {vlan-id}
Parameter
vlan-id —— The ID of the VLAN desired to enable IGMP Snooping, ranging
from 1 to 4094.
router-time —— Router Port Time. Within this time, if the switch does not
receive IGMP query message from the router port, it will consider this port is not
a router port any more. Router Port Time ranges from 60 to 600 in seconds. By
default, it is 300.
161
Download from Www.Somanuals.com. All Manuals Search And Download.
member-time —— Member Port Time. Within this time, if the switch does not
receive IGMP report message from the member port, it will consider this port is
not a member port any more. Member Port Time ranges from 60 to 600 in
seconds. By default, it is 260.
leave-time —— Leave Time, which is the interval between the switch receiving
a leave message from a host and the switch removing the host from the
multicast groups. Leave Time ranges from 1 to 30 in seconds. By default, it is 1.
router-port —— Static Router Port, which is mainly used in the network with
stable topology.
Command Mode
Global Configuration Mode
Example
Enable IGMP Snooping for VLAN 1, and configure Router Port Time as 200
seconds, Member Port Time as 100 seconds, Leave time as 10 seconds and
Static Router Port as port 1:
TP-LINK(config)# igmp-snooping vlan-config-add 1 rtime 200 mtime 100
ltime 10 rport 1
igmp-snooping vlan-config
Description
The igmp-snooping vlan-config command is used to modify IGMP Snooping
parameters for individual VLANs. To return to the primary configuration of the
corresponding VLAN, please use no igmp-snooping vlan-config command.
Syntax
igmp-snooping vlan-config {vlan-id} [rtime router-time] [mtime member-time]
[ltime leave-time] [rport router-port]
no igmp-snooping vlan-config {vlan-id}
Parameter
vlan-id —— The ID of the VLAN desired to modify configuration, ranging from 1
to 4094.
router-time —— Router Port Time. Within this time, if the switch does not
receive IGMP query message from the router port, it will consider this port is not
a router port any more. Router Port Time ranges from 60 to 600 in seconds. By
default, it is 300.
member-time —— Member Port Time. Within this time, if the switch does not
162
Download from Www.Somanuals.com. All Manuals Search And Download.
receive IGMP report message from the member port, it will consider this port is
not a member port any more. Member Port Time ranges from 60 to 600 in
seconds. By default, it is 260.
leave-time —— Leave Time, which is the interval between the switch receiving
a leave message from a host and the switch removing the host from the
multicast groups. Leave Time ranges from 1 to 30 in seconds. By default, it is 1.
router-port —— Static Router Port, which is mainly used in the network with
stable topology.
Command Mode
Global Configuration Mode
Example
Modify Router Port Time as 300 seconds, Member Port Time as 200 seconds,
and Leave time as 15 seconds for VLAN 1:
TP-LINK(config)# igmp-snooping vlan-config 1 rtime 300 mtime 200 ltime 15
igmp-snooping multi-vlan-config
Description
The igmp-snooping multi-vlan-config command is used to create Multicast
VLAN. To delete the corresponding Multicast VLAN, please use no
igmp-snooping multi-vlan-config command.
Syntax
igmp-snooping multi-vlan-config {disable | enable} {vid} [rtime router-time]
[mtime member-time] [ltime leave-time] [rport router-port]
no igmp-snooping multi-vlan-config
Parameter
disable | enable —— Enable/ Disable Multicast VLAN.
vid —— The ID of the VLAN desired to modify configuration, ranging from 2 to
4094.
router-time —— Router Port Time. Within this time, if the switch does not
receive IGMP query message from the router port, it will consider this port is not
a router port any more. Router Port Time ranges from 60 to 600 in seconds. By
default, it is 300.
member-time —— Member Port Time. Within this time, if the switch does not
receive IGMP report message from the member port, it will consider this port is
not a member port any more. Member Port Time ranges from 60 to 600 in
163
Download from Www.Somanuals.com. All Manuals Search And Download.
seconds. By default, it is 260.
leave-time —— Leave Time, which is the interval between the switch receiving
a leave message from a host and the switch removing the host from the
multicast groups. Leave Time ranges from 1 to 30 in seconds. By default, it is 1.
router-port —— Static Router Port, which is mainly used in the network with
stable topology.
Command Mode
Global Configuration Mode
Example
Enable Multicast VLAN, and configure Router Port Time as 300 seconds,
Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 2:
TP-LINK(config)# igmp-snooping multi-vlan-config enable 2 rtime 300
mtime 200 ltime 15
igmp-snooping static-entry-add
Description
The igmp-snooping static-entry-add command is used to create static
multicast IP entry. To delete the corresponding entry, please use no
igmp-snooping static-entry-add command. The multicast groups configured
here are not learned by IGMP Snooping and independent of dynamic multicast
groups and multicast filter. Multicast IP addresses ranges from 224.0.0.0 to
239.255.255.255. The range for receivers to join is from 224.0.1.0 to
239.255.255.255.
Syntax
Igmp-snooping static-entry-add {ip} {vlan-id} {switch-port}
no igmp-snooping static-entry-add {ip} {vlan-id}
Parameter
ip —— The static multicast IP address.
vlan-id —— The VLAN ID of the multicast IP, ranging from 1 to 4094.
switch-port —— The forward port of the multicast group, in the format of
1-3,6,23.
Command Mode
Global Configuration Mode
164
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Add static multicast IP address 225.0.0.1, which correspond to VLAN 2, and
configure the forward port as port 1:
TP-LINK(config)# igmp-snooping static-entry-add 225.0.0.1 2 1
igmp-snooping filter-add
Description
The igmp-snooping filter-add command is used to configure the multicast
IP-range desired to filter. To delete the corresponding IP-range, please use no
igmp-snooping filter-add command. When IGMP Snooping is enabled, you
can specified the multicast IP-range the ports can join so as to restrict users
ordering multicast programs via configuring multicast filter rules. Multicast IP
addresses ranges from 224.0.0.0 to 239.255.255.255. The range for receivers
to join is from 224.0.1.0 to 239.255.255.255.
Syntax
Igmp-snooping filter-add {id} {start-ip} {end-ip}
no igmp-snooping filter-add {id}
Parameter
id —— IP-range ID, ranging from 1 to 30.
start-ip —— The start multicast IP of the IP-range.
end-ip —— The end multicast IP of the IP-range.
Command Mode
Global Configuration Mode
Example
Add multicast IP-range 225.0.0.1~225.0.0.4 to filter, and specify the IP-range ID
as 20:
TP-LINK(config)# igmp-snooping filter-add 20 225.0.0.1 225.0.0.4
igmp-snooping filter-config
Description
The igmp-snooping filter-config command is used to modify the multicast
filtering IP-range.
165
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
igmp-snooping filter-config {id} {start-ip} {end-ip}
Parameter
id —— IP-range ID, ranging from 1 to 30.
start-ip —— The start multicast IP of the IP-range.
end-ip —— The end multicast IP of the IP-range.
Command Mode
Global Configuration Mode
Example
Modify the multicast IP-range whose ID is 20 as 225.0.0.10~225.0.0.12:
TP-LINK(config)# igmp-snooping filter-config 20 225.0.0.10 225.0.0.12
igmp-snooping filter
Description
The igmp-snooping filter command is used to configure Port Filter. To return to
the default configuration, please use no igmp-snooping filter command. When
the switch receives IGMP report message, it examines the multicast filtering IP
ID configured on the access port to determine if the port can join the multicast
group. If the multicast IP is not filtered, the switch will add the port to the forward
port list of the multicast group. Otherwise, the switch will drop the IGMP report
message. In that way, you can control the multicast groups that users can
access.
Syntax
igmp-snooping filter [status [disable | enable] | mode [refuse | accept] |
addr-id [filter-addr-id] | maxgroup [max-group]]
no igmp-snooping filter
Parameter
status —— Enable/ Disable port multicast filtering function. By default, it is
disabled.
mode —— Action Mode, with refuse and accept options. Refuse indicates only
the multicast packets whose multicast IP is not in the IP-range will be processed,
while accept indicates only the multicast packets whose multicast IP is in the
IP-range will be processed. By default, the option is accept.
filter-addr-id —— The IP-range ID the port will be bound to, in the format of 1-3,
4, 6. Up to 15 IP-Ranges can be bound to one port.
166
Download from Www.Somanuals.com. All Manuals Search And Download.
max-group —— The maximum number of multicast groups for the port to join in.
It is used to prevent some ports taking up too much bandwidth.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable multicast filtering function for port 5, specify Action Mode as accept,
bound IP-range 2, 3, 4, and specify the maximum number of multicast groups
for port 5 to join in as 128:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# igmp-snooping filter status enable mode accept addr-id
2-4 maxgroup 128
show igmp-snooping global-config
Description
The show igmp-snooping global-config command is used to display the
global configuration of IGMP.
Syntax
show igmp-snooping global-config
Command Mode
Any Configuration Mode
Example
Display the global configuration of IGMP:
TP-LINK> show igmp-snooping global-config
show igmp-snooping port-config
Description
The show igmp-snooping port-config command is used to display the port
configuration of IGMP.
Syntax
show igmp-snooping port-config [port]
Parameter
port —— The port selected to display the configuration. By default, the
configuration of all ports is displayed.
167
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Any Configuration Mode
Example
Display the IGMP configuration of port 2:
TP-LINK> show igmp-snooping port-config 2
show igmp-snooping vlan-config
Description
The show igmp-snooping vlan-config command is used to display the VLAN
configuration of IGMP.
Syntax
show igmp-snooping vlan-config
Command Mode
Any Configuration Mode
Example
Display the VLAN configuration of IGMP:
TP-LINK> show igmp-snooping vlan-config
show igmp-snooping multi-vlan
Description
The show igmp-snooping multi-vlan command is used to display the
Multicast VLAN configuration.
Syntax
show igmp-snooping multi-vlan
Command Mode
Any Configuration Mode
Example
Display the Multicast VLAN configuration:
TP-LINK> show igmp-snooping multi-vlan
168
Download from Www.Somanuals.com. All Manuals Search And Download.
show igmp-snooping multi-ip-list
Description
The show igmp-snooping multi-ip-list command is used to display the
Multicast IP table.
Syntax
show igmp-snooping multi-ip-list
Command Mode
Any Configuration Mode
Example
Display the Multicast IP table:
TP-LINK> show igmp-snooping multi-ip-list
show igmp-snooping filter-ip-addr
Description
The show igmp-snooping filter-ip-addr command is used to display the
Multicast Filter IP-Range table.
Syntax
show igmp-snooping filter-ip-addr
Command Mode
Any Configuration Mode
Example
Display the Multicast Filter IP-Range table:
TP-LINK(config)# show igmp-snooping filter-ip-addr
show igmp-snooping port-filter
Description
The show igmp-snooping port-filter command is used to display the
configuration of Multicast Port Filter.
Syntax
show igmp-snooping port-filter [port-num]
Parameter
port-num —— The port selected to display the configuration of Multicast Filter.
169
Download from Www.Somanuals.com. All Manuals Search And Download.
By default, the configuration of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the Multicast Filter configuration of port 5:
TP-LINK> show igmp-snooping port-filter 5
show igmp-snooping packet-stat
Description
The show igmp-snooping packet-stat command is used to display the Packet
Statistics information of all ports.
Syntax
show igmp-snooping packet-stat
Command Mode
Any Configuration Mode
Example
Display the Packet Statistics information:
TP-LINK> show igmp-snooping packet-stat
show igmp-snooping packet-stat-clear
Description
The show igmp-snooping packet-stat-clear command is used to clear the
Packet Statistics information of all ports.
Syntax
show igmp-snooping packet-stat-clear
Command Mode
Any Configuration Mode
Example
Clear the Packet Statistics information:
TP-LINK> show igmp-snooping packet-stat-clear
170
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 29 SNMP Commands
SNMP (Simple Network Management Protocol) functions are used to manage the network devices
for a smooth communication, which can facilitate the network administrators to monitor the
network nodes and implement the proper operation.
snmp global
Description
The snmp global command is used to configure the SNMP function globally. To
return to the default configuration, please use no snmp global command.
Syntax
snmp global [status {disable | enable}] [engine-id engine-id] [remote-id
remote-id]
no snmp global
Parameter
status —— Enable/Disable the SNMP function. By default, it is disabled.
engine-id —— Local Engine ID for local clients. The Engine ID is a unique
alphanumeric string used to identify the SNMP engine on the switch. Its length
ranges from 10 to 64 hexadecimal characters, which must be even number
meanwhile.
remote-id —— Remote Engine ID for the switch. The Engine ID is a unique
alphanumeric string used to identify the SNMP engine on the remote device
which receives traps and informs from the switch. Its length ranges from 10 to
64 hexadecimal characters, which must be even number meanwhile.
Command Mode
Global Configuration Mode
Example
Enable the SNMP function, and specify the Local Engine ID as 1234567890, the
Remote Engine ID as 123456abcdef:
TP-LINK(config)# snmp global status enable engine-id 1234567890
remote-id 123456abcdef
171
Download from Www.Somanuals.com. All Manuals Search And Download.
snmp view-add
Description
The snmp view-add command is used to add View. To delete the
corresponding View, please use no snmp view-add command. The OID
(Object Identifier) of the SNMP packets is used to describe the managed objects
of the switch, and the MIB (Management Information Base) is the set of the
OIDs. The SNMP View is created for the SNMP management station to manage
MIB objects.
Syntax
snmp view-add {name} {mib-oid} {include | exclude}
no snmp view-add {name} {mib-oid}
Parameter
name —— The entry name of View, ranging from 1 to 16 characters. Each View
can include several entries with the same name.
mib-oid —— MIB Object ID. It is the Object Identifier (OID) for the entry of View,
ranging from 1 to 61 characters.
include | exclude —— View Type, with include and exclude options. They
represent the view entry can/cannot be managed by the SNMP management
station individually.
Command Mode
Global Configuration Mode
Example
Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID
can be managed by the SNMP management station:
TP-LINK(config)# snmp view-add view1 1.3.6.1.6.3.20 include
snmp group-add
Description
The snmp group-add command is used to manage and configure the SNMP
group. To delete the corresponding SNMP group, please use no snmp
group-add command. SNMP v3 provides the VACM (View-based Access
Control Model) and USM (User-Based Security Model) mechanisms for
authentication. The users in the SNMP Group can manage the device via the
Read View, Write View and Notify View. And the authentication mode and the
172
Download from Www.Somanuals.com. All Manuals Search And Download.
privacy mode guarantee the high security for the communication between the
management station and the managed device.
Syntax
snmp group-add {name} [smode { v1 | v2c | v3 }] [slev { noAuthNoPriv |
authNoPriv | authPriv }] [ro ro-view] [wo wo-view] [notify notify-view]
no snmp group-add {name} {smode { v1 | v2c | v3 }} {slev { noAuthNoPriv |
authNoPriv | authPriv }}
Parameter
name ——The SNMP Group name, ranging from 1 to 16 characters. The Group
Name, Security Model and Security Level compose the identifier of the SNMP
Group. These three items of the Users in one group should be the same.
smode —— Security Model, with v1、v2c and v3 options. They represent SNMP
v1, SNMP v2c and SNMP v3. SNMP v1 and SNMP v2c are both authenticated
information), SNMP v3 is authenticated by USM mechanism. By default, the
Security Model is v1.
slev —— The Security Level of SNMP v3 Group. There are three options,
including noAuthNoPriv(no authorization and no encryption)、authNoPriv
(authorization and no encryption)and authPriv(authorization and encryption).
By default, the Security Level is noAuthNoPriv. There is no need to configure
this in SNMP v1 Model and SNMP v2c Model.
ro-view —— Read-only view. The management access is restricted to read-only,
and changes cannot be made to the assigned SNMP View.
wo-view —— Write-only view. The management access is writing only and
changes can be made to the assigned SNMP View. The View defined both as
the Read View and the Write View can be read and modified.
notify-view —— Notify view. The management station software can receive trap
messages of the assigned SNMP view generated by the Switch's SNMP agent.
Command Mode
Global Configuration mode
Example
Add group 1, configure its Security Model as SNMP v2c, view1 can be read and
edited by group member, and the trap messages sent by view2 can be received
by Management station:
TP-LINK(config)# snmp group-add group1 smode v2c ro view1 wo view1
notify view2
173
Download from Www.Somanuals.com. All Manuals Search And Download.
snmp user-add
Description
The snmp user-add command is used to add User. To delete the
corresponding User, please use no snmp user-add command. The User in a
SNMP Group can manage the switch via the management station software. The
User and its Group have the same security level and access right.
Syntax
snmp user-add {name} { local | remote } {group-name} [smode { v1 | v2c | v3 }]
[slev { noAuthNoPriv | authNoPriv | authPriv }] [cmode { none | MD5 | SHA }]
[cpwd confirm-pwd] [emode { none | DES }] [epwd encrypt-pwd]
no snmp user-add {name}
Parameter
name —— User Name, ranging from 1 to 16 characters.
local | remote —— User Type, with local and remote options. Local indicates
that the user is connected to a local SNMP engine, while remote indicates that
the user is connected to a remote SNMP engine.
group-name —— The Group Name of the User. The User is classified to the
corresponding Group according to its Group Name, Security Model and Security
Level.
smode —— The Security Model of the User, with v1, v2c and v3 options. By
default, the option is v1. The Security Model of the User must be the same with
that of the Group which the User belongs to.
slev —— The Security Level of SNMP v3 Group. There are three options,
including noAuthNoPriv (no authorization and no encryption), authNoPriv
(authorization and no encryption) and authPriv (authorization and encryption).
By default, the option is noAuthNoPriv. The Security Level of the User must be
the same with that of the Group which the User belongs to.
cmode —— The Authentication Mode of the SNMP v3 User, with none, MD5
and SHA options. None indicates no authentication method is used, MD5
indicates the port authentication is performed via HMAC-MD5 algorithm and
SHA indicates the port authentication is performed via SHA (Secure Hash
Algorithm). SHA authentication mode has a higher security than MD5 mode. By
default, the Authentication Mode is none.
confirm-pwd —— Authentication Password, ranging from 1 to 16 characters.
emode —— The Privacy Mode of the SNMP v3 User, with none and DES
options. None indicates no privacy method is used, and DES indicates DES
174
Download from Www.Somanuals.com. All Manuals Search And Download.
encryption method is used. By default, the Privacy Mode is none.
encrypt-pwd —— Privacy Password, ranging from 1 to 16 characters.
Command Mode
Global Configuration Mode
Example
Add User admin to Group group2, and configure the Security Model of the user
as v3, the Security Level of the group as authPriv, the Authentication Mode of
the user as MD5, the Authentication Password as 11111, the Privacy Mode as
DES, and the Privacy Password as 22222:
TP-LINK(config)# snmp user-add admin local group2 smode v3 slev authPriv
cmode MD5 cpwd 11111 emode DES epwd 22222
snmp community-add
Description
The snmp community-add command is used to add Community. To delete the
corresponding Community, please use no snmp community-add command.
SNMP v1 and SNMP v2c adopt community name authentication. The
community name can limit access to the SNMP agent from SNMP network
management station, functioning as a password.
Syntax
snmp community-add {name} { read-only | read-write } {mib-view}
no snmp community-add {name}
Parameter
name —— Community Name, ranging from 1 to 16 characters.
read-only | read-write —— The access rights of the community, with read-only
and read-write options.
mib-view —— The MIB View for the community to access.
Command Mode
Global Configuration Mode
Example
Add Community community1, and the community has read-write management
right to View view1:
TP-LINK(config)# snmp community-add community1 read-write view1
175
Download from Www.Somanuals.com. All Manuals Search And Download.
snmp notify-add
Description
The snmp notify-add command is used to add Notification. To delete the
corresponding Notification, please use no snmp notify-add command. With the
Notification function enabled, the switch can initiatively report to the
management station about the important events that occur on the Views, which
allows the management station to monitor and process the events in time.
Syntax
snmp notify-add {ip} {udp-port} {user-name} [smode { v1 | v2c | v3 }] [slev
{ noAuthNoPriv | authNoPriv | authPriv }] [type { trap | inform }] [resend resend]
[timeout timeout]
no snmp notify-add {ip} {user-name}
Parameter
ip —— The IP Address of the management Host.
udp-port —— UDP port, which is used to send notifications. The UDP port
functions with the IP address for the notification sending. By default, it is 162.
user-name —— The User name of the management station.
smode —— The Security Model of the management station, with v1, v2c and v3
options. By default, the option is v1.
slev —— The Security Level of SNMP v3 Group. There are three options,
including noAuthNoPriv (no authorization and no encryption), authNoPriv
(authorization and no encryption) and authPriv (authorization and encryption).
By default, the option is noAuthNoPriv.
type —— The type of the notifications, with trap and inform options. Trap
indicates traps are sent, while inform indicates informs are sent. The inform type
has a higher security than the trap type and resend and timeout need to be
configured if you select this option. You can only select the trap type in Security
Model v1. By default, the type of the notifications is trap.
resend —— The amount of times the switch resends an inform request, ranging
from 1 to 255. The switch will resend the inform request if it doesn’t get the
response from the management station during the Timeout interval, and it will
terminate resending the inform request if the resending times reach the
specified Retry times.
timeout —— The maximum time for the switch to wait for the response from the
management station before resending a request, ranging from 1 to 3600 in
seconds.
176
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Add a Notification entry, and configure the IP Address of the management Host
as 192.168.0.1, the UDP port as 162, the User name of the management station
as admin, the Security Model of the management station as v2c, the type of the
notifications as inform, the maximum time for the switch to wait as 1000
seconds, and the resending time as 100:
TP-LINK(config)# snmp notify-add 192.168.0.1 162 admin smode v2c type
inform resend 100 timeout 1000
snmp-rmon history sample-cfg
Description
The snmp-rmon history sample-cfg command is used to configure the history
sample entry. To return to the default configuration, please use no snmp-rmon
history sample-cfg command. RMON (Remote Monitoring), basing on SNMP
architecture, functions to monitor the network. History Group is one of the
commonly used RMON Groups. After a history group is configured, the switch
collects network statistics information periodically, based on which the
management station can monitor network effectively.
Syntax
snmp-rmon history sample-cfg {index} {port} {interval}
no snmp-rmon history sample-cfg {index}
Parameter
index —— The index number of the entry, ranging from 1 to 12, in the format of
1-3,5.
port —— The port from which the history samples were taken.
interval —— The interval to take samplings from the port, ranging from 10 to
3600 in seconds. By default, it is 1800.
Command Mode
Global Configuration Mode
Example
Configure the sample port as 1, and the sample interval as 100 seconds for the
entries 1-3:
177
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100
snmp-rmon history owner
Description
The snmp-rmon history owner command is used to configure the owner of the
history sample entry. To return to the default configuration, please use no
snmp-rmon history owner command.
Syntax
snmp-rmon history owner {index} [owner]
no snmp-rmon history owner {index}
Parameter
index —— The index number of the sample entry, ranging from 1 to 12. You can
only select one entry for each command.
owner —— The owner of the history sample entry, ranging from 1 to 16
characters. By default, it is monitor.
Command Mode
Global Configuration Mode
Example
Configure the owner of entry 1 as owner1:
TP-LINK(config)# snmp-rmon history owner 1 owner1
snmp-rmon history enable
Description
The snmp-rmon history enable command is used to enable the history sample
entry. To disable the corresponding entry, please use no snmp-rmon history
enable command.
Syntax
snmp-rmon history enable {index}
no snmp-rmon history enable {index}
Parameter
index —— The index number of the entry desired to enable, ranging from 1 to
12, in the format of 1-3,5.
178
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Enable the history sample entries 1,2,3,4 and 8:
TP-LINK(config)# snmp-rmon history enable 1-4,8
snmp-rmon event user
Description
The snmp-rmon event user command is used to configure the user name of
SNMP-RMON Event. To return to the default configuration, please use no
snmp-rmon event user command. Event Group, as one of the commonly used
RMON Groups, is used to define RMON events. Alarms occur when an event is
detected.
Syntax
snmp-rmon event user {index} [user]
no snmp-rmon event user {index}
Parameter
index —— The index number of the event entry, ranging from 1 to 12. You can
only select one entry for each command.
user —— The name of the User to which the event belongs, ranging from 1 to
16 characters. By default, it is public.
Command Mode
Global Configuration Mode
Example
Configure the user name of entry 1 as user1:
TP-LINK(config)# snmp-rmon event user 1 user1
snmp-rmon event description
Description
The snmp-rmon event description command is used to configure the
description of SNMP-RMON Event. To return to the default configuration, please
use no snmp-rmon event description command.
179
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
snmp-rmon event description {index} {description}
no snmp-rmon event description {index}
Parameter
index —— The index number of the event entry, ranging from 1 to 12. You can
only select one entry for each command.
description —— The description of the event, ranging from 1 to 16 characters.
By default, it is empty.
Command Mode
Global Configuration Mode
Example
Configure the description of entry 1 as description1:
TP-LINK(config)# snmp-rmon event description 1 description1
snmp-rmon event type
Description
The snmp-rmon event type command is used to configure the type of
SNMP-RMON Event. To return to the default configuration, please use no
snmp-rmon event type command.
Syntax
snmp-rmon event type {index} { none | log | notify | both }
no snmp-rmon event type {index}
Parameter
index —— The index number of the entry, ranging from 1 to 12, in the format of
1-3,5.
none | log | notify | both —— The event type, with none, log, notify and both
options. None indicates no processing, log indicates logging the event, notify
indicates sending trap messages to the management station, and both indicates
logging the event and sending trap messages to the management station.
Command Mode
Global Configuration Mode
Example
Configure the event type of entries 1,2,3,4 and 8 as log:
TP-LINK(config)# snmp-rmon event type 1-4,8 log
180
Download from Www.Somanuals.com. All Manuals Search And Download.
snmp-rmon event owner
Description
The snmp-rmon event owner command is used to configure the owner of
SNMP-RMON Event. To return to the default configuration, please use no
snmp-rmon event owner command.
Syntax
snmp-rmon event owner {index} [owner]
no snmp-rmon event owner {index}
Parameter
index —— The index number of the event entry, ranging from 1 to 12. You can
only select one entry for each command.
owner —— The owner of the event entry, ranging from 1 to 16 characters. By
default, it is monitor.
Command Mode
Global Configuration Mode
Example
Configure the owner of entry 1 as owner1:
TP-LINK(config)# snmp-rmon event owner 1 owner1
snmp-rmon event enable
Description
The snmp-rmon event enable command is used to enable SNMP-RMON
Event entry. To disable the corresponding entry, please use no snmp-rmon
event enable command.
Syntax
snmp-rmon event enable {index}
no snmp-rmon event enable {index}
Parameter
index —— The index number of the entry desired to enable, ranging from 1 to
12, in the format of 1-3,5.
Command Mode
Global Configuration Mode
181
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Enable the SNMP-RMON Event entries 1,2,3,4 and 8:
TP-LINK(config)# snmp-rmon event enable 1-4,8
snmp-rmon alarm config
Description
The snmp-rmon alarm config command is used to configure SNMP-RMON
Alarm Management. To return to the default configuration, please use no
snmp-rmon alarm config command. Alarm Group is one of the commonly
used RMON Groups. RMON alarm management allows monitoring the specific
alarm variables. When the value of a monitored variable exceeds the threshold,
an alarm event is generated, which triggers the switch to act in the set way.
Syntax
snmp-rmon alarm config {index} [var { drop | revbyte | revpkt | bpkt | mpkt |
crc-align | undersize | oversize | fragment | jabber | collision | 64 | 65-127 |
128-255 | 256-511 | 512-1023 | 1024-10240 }] [port port] [s-type { absolute |
increment }] [r-hold r-hold] [r-event r-event] [f-hold f-hold] [f-event f-event]
[a-type { rise | fall | all }] [interval interval]
no snmp-rmon alarm config {index}
Parameter
index —— The index number of the Alarm Management entry, ranging from 1 to
12, in the format of 1-3,5.
var —— The alarm variable. By default, the option is drop.
port —— The port on which the Alarm entry acts.
s-type —— Sample Type, which is the sampling method for the selected
variable and comparing the value against the thresholds. There are two options,
absolute and increment. Absolute indicates comparing the values directly with
the thresholds at the end of the sampling interval. Increment indicates
subtracting the last sampled value from the current value, and then comparing
the difference in the values with the threshold. By default, the Sample Type is
absolute.
r-hold —— The rising counter value that triggers the Rising Threshold alarm,
ranging from 1 to 65535. By default, it is 100.
r-event —— Rise Event, which is the index of the corresponding event which will
be triggered if the sampled value is larger than the Rising Threshold. It ranges
182
Download from Www.Somanuals.com. All Manuals Search And Download.
from 1 to 12.
f-hold —— The falling counter value that triggers the Falling Threshold alarm,
ranging from 1 to 65535. By default, it is 100.
f-event —— Fall Event, which is the index of the corresponding event which will
be triggered if the sampled value is lower than the Falling Threshold. It ranges
from 1 to 12.
a-type —— Alarm Type, with rise, fall and all options. Rise indicates that the
alarm event will be triggered when the sampled value exceeds the Rising
Threshold, fall indicates that the alarm event will be triggered when the sampled
value is under the Falling Threshold, and all indicates that the alarm event will be
triggered either the sampled value exceeds the Rising Threshold or is under the
Falling Threshold. By default, the Alarm Type is all.
interval —— The alarm interval time, ranging from 10 to 3600 in seconds. By
default, it is 1800.
Command Mode
Global Configuration Mode
Example
Configure the alarm interval time of the entries 1, 2, 3 and 6 as 1000 seconds:
TP-LINK(config)# snmp-rmon alarm config 1-3,6 interval 1000
snmp-rmon alarm owner
Description
The snmp-rmon alarm owner command is used to configure the owner of the
Alarm Management entry. To return to the default configuration, please use no
snmp-rmon alarm owner command.
Syntax
snmp-rmon alarm owner {index} [owner]
no snmp-rmon alarm owner {index}
Parameter
index —— The index number of the entry, ranging from 1 to 12. You can only
select one entry for each command.
owner —— The owner of the entry, ranging from 1 to 16 characters. By default,
it is monitor.
Command Mode
Global Configuration Mode
183
Download from Www.Somanuals.com. All Manuals Search And Download.
Example
Configure the owner of entry 1 as owner1:
TP-LINK(config)# snmp-rmon alarm owner 1 owner1
snmp-rmon alarm enable
Description
The snmp-rmon alarm enable command is used to enable SNMP-RMON
Alarm Management entry. To disable the corresponding entry, please use no
snmp-rmon alarm enable command.
Syntax
snmp-rmon alarm enable {index}
no snmp-rmon alarm enable {index}
Parameter
index —— The index number of the entry desired to enable, ranging from 1 to
12, in the format of 1-3,5.
Command Mode
Global Configuration Mode
Example
Enable the Alarm Management entries 1,2,3,4 and 8:
TP-LINK(config)# snmp-rmon alarm enable 1-4,8
show snmp global-config
Description
The show snmp global-config command is used to display SNMP
configuration globally.
Syntax
show snmp global-config
Command Mode
Any Configuration Mode
Example
Display SNMP configuration globally:
TP-LINK> show snmp global-config
184
Download from Www.Somanuals.com. All Manuals Search And Download.
show snmp view
Description
The show snmp view command is used to display the View table.
Syntax
show snmp view
Command Mode
Any Configuration Mode
Example
Display the View table:
TP-LINK> show snmp view
show snmp group
Description
The show snmp group command is used to display the Group table.
Syntax
show snmp group
Command Mode
Any Configuration Mode
Example
Display the Group table:
TP-LINK> show snmp group
show snmp user
Description
The show snmp user command is used to display the User table.
Syntax
show snmp user
Command Mode
Any Configuration Mode
Example
Display the User table:
185
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK> show snmp user
show snmp community
Description
The show snmp community command is used to display the Community table.
Syntax
show snmp community
Command Mode
Any Configuration Mode
Example
Display the Community table:
TP-LINK> show snmp community
show snmp destination-host
Description
The show snmp destination-host command is used to display the Notification
table.
Syntax
show snmp destination-host
Command Mode
Any Configuration Mode
Example
Display the Notification table:
TP-LINK> show snmp destination-host
show snmp-rmon history
Description
The show snmp-rmon history command is used to display the configuration of
the history sample entry.
Syntax
show snmp-rmon history [index]
186
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
index —— The index number of the entry selected to display the configuration,
ranging from 1 to 12. You can only select one entry for each command. By
default, the configuration of all entries is displayed.
Command Mode
Any Configuration Mode
Example
Display the configuration of all history sample entries:
TP-LINK> show snmp-rmon history
show snmp-rmon event
Description
The show snmp-rmon event command is used to display the configuration of
SNMP-RMON Event.
Syntax
show snmp-rmon event [index]
Parameter
index —— The index number of the entry selected to display the configuration,
ranging from 1 to 12. You can only select one entry for each command. By
default, the configuration of all entries is displayed.
Command Mode
Any Configuration Mode
Example
Display the Event configuration of entry 2:
TP-LINK> show snmp-rmon event 2
show snmp-rmon alarm
Description
The show snmp-rmon alarm command is used to display the configuration of
the Alarm Management entry.
Syntax
show snmp-rmon alarm [index]
187
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
index —— The index number of the entry selected to display the configuration,
ranging from 1 to 12. You can only select one entry for each command. By
default, the configuration of all entries is displayed.
Command Mode
Any Configuration Mode
Example
Display the configuration of all Alarm Management entries:
TP-LINK> show snmp-rmon alarm
188
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 30 Cluster Commands
Cluster Management function enables a network administrator to manage the scattered devices in
the network via a management device. After a commander switch is configured, management and
maintenance operations intended for the member devices in a cluster is implemented by the
commander device.
cluster ndp
Description
The cluster ndp command is used to configure NDP globally. To return to the
default configuration, please use no cluster ndp command. NDP (Neighbor
Discovery Protocol) is used to discover the information of the directly connected
neighbor devices to support cluster establishing. An NDP-enabled device sends
NDP packets regularly to neighbor devices as well as receives NDP packets
from neighbor devices. An NDP packet carries the aging time, which indicates
the period of the receiving devices to keep the NDP packet.
Syntax
cluster ndp [status { disable | enable }] [aging-timer aging-timer] [hello-timer
hello-timer]
no cluster ndp
Parameter
status —— Enable/ Disable NDP function globally. By default, it is disabled.
aging-timer —— Aging Time, which is the period for the neighbor switch to keep
the NDP packets from this switch. Aging Time ranges from 5 to 255 in seconds.
By default, it is 180.
hello-timer —— Hello Time, which is the interval to send NDP packets. Hello
Time ranges from 5 to 254 in seconds. By default, it is 60.
Command Mode
Global Configuration Mode
Example
Enable NDP function globally, and configure Aging Time as 120 seconds, Hello
Time as 50 seconds:
TP-LINK(config)# cluster ndp status enable aging-timer 120 hello-timer 50
189
Download from Www.Somanuals.com. All Manuals Search And Download.
cluster ntdp
Description
The cluster ntdp command is used to configure NTDP globally. To return to the
default configuration, please use no cluster ntdp command. NTDP (Neighbor
Topology Discovery Protocol) is used to collect the NDP information and
neighboring connection information of each device in a specific network range.
It provides the commander switch with the information of devices which can join
the cluster and collects topology information of devices within the specified
hops.
Syntax
cluster ntdp [status { disable | enable }] [interval interval] [hop hop]
[hop-delay hop-delay] [port-delay port-delay]
no cluster ntdp
Parameter
status —— Enable/ Disable NTDP function globally. By default, it is disabled.
interval —— NTDP Interval Time, which is the interval to collect topology
information. NTDP Interval Time ranges from 1 to 60 in minutes. By default, it is
1.
hop —— NTDP Hops, which is the hop count the switch topology collects.
NTDP Hops ranges from 1 to 16. By default, it is 3.
hop-delay —— NTDP Hop Delay, which is the time between the switch
receiving NTDP request packets and the switch forwarding NTDP request
packets for the first time. NTDP Hop Delay ranges from 1 to 1000 in
milliseconds. By default, it is 200.
port-delay —— NTDP Port Delay, which is the time between the port forwarding
NTDP request packets and its adjacent port forwarding NTDP request packets
over. NTDP Port Delay ranges from 1 to 100 in milliseconds. By default, it is 20.
Command Mode
Global Configuration Mode
Example
Enable NTDP function globally, and specify NTDP Interval Time as 20 minutes,
NTDP Hops as 5, NTDP Hop Delay as 300 milliseconds, and NTDP Port Delay
as 50 milliseconds:
TP-LINK(config)# cluster ntdp status enable interval 20 hop 5 hop-delay
300 port-delay 50
190
Download from Www.Somanuals.com. All Manuals Search And Download.
cluster explore
Description
The cluster explore command is used to enable the topology information
collecting function manually.
Syntax
cluster explore
Command Mode
Global Configuration Mode
Example
Enable the topology information collecting function manually:
TP-LINK(config)# cluster explore
cluster
Description
The cluster command is used to configure Cluster Port. To return to the default
configuration, please use no cluster command.
Syntax
cluster [ndp { disable | enable }] [ntdp { disable | enable }]
no cluster
Parameter
ndp —— Enable/ Disable NDP function for the port. By default, it is enabled.
ntdp —— Enable/ Disable NTDP function for the port. By default, it is enabled.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable NDP and NTDP function for port 5:
TP-LINK(config)# interface ethernet 5
TP-LINK(config-if)# cluster ndp enable ntdp enable
191
Download from Www.Somanuals.com. All Manuals Search And Download.
cluster create
Description
The cluster create command is used to specify the current switch as
commander switch and create cluster. To implement the management and
maintenance operations intended for the member switches in a cluster through
the commander switch, the commander switch needs to dynamically assign an
IP address used in the cluster to each member switch for internal
communication.
Syntax
cluster create {name} {ip} {ip-mask}
Parameter
name —— The cluster name, ranging from 1 to 16 characters.
ip —— The cluster IP address pool.
ip-mask —— The cluster IP address mask.
Command Mode
Global Configuration Mode
Example
Specify the current switch as commander switch, create cluster c1, and
configure the cluster IP address pool as 10.90.90.1~10.90.90.254:
TP-LINK(config)# cluster create c1 10.90.90.10 255.255.255.0
cluster manage config
Description
The cluster manage config command is used to configure Cluster.
Syntax
cluster manage config {name} {keep-time} {interval}
Parameter
name —— The name of the cluster desired to configure.
keep-time —— Hold Time, which is the time for the switch to keep the cluster
information. Hold Time ranges from 1 to 255 in seconds. By default, it is 20.
interval —— Interval Time, which is the interval to send handshake packets.
Interval Time ranges from 1 to 255 in seconds. By default, it is 20.
192
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Specify the Hold Time and Interval Time of cluster c1 as 50 seconds:
TP-LINK(config)# cluster manage config c1 50 50
cluster manage member
Description
The cluster manage member command is used to add member switch. To
delete the corresponding member, please use no cluster manage member
command. The add/delete operations of member switches should be
implemented by the commander switch.
Syntax
cluster manage member {member-mac}
no cluster manage member {member-mac}
Parameter
member-mac —— The MAC address of the member switch desired to join in the
cluster.
Command Mode
Global Configuration Mode
Example
Add switch whose MAC address is 00:74:5D:61:67:48 to the cluster:
TP-LINK(config)# cluster manage member 00:74:5D:61:67:48
cluster manage role-change
Description
The cluster manage role-change command is used to change the role of the
current switch. According to their status and functions, switches in the cluster
play different roles. You can specify the role the switch plays appropriate to your
needs. A commander switch can recognize and manage the devices in the
cluster; a member switch is managed by the commander; a candidate switch
does not belong to any cluster through it can be added to a cluster; an individual
switch is with the cluster feature disabled.
193
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
cluster manage role-change { candidate | individual }
Parameter
candidate | individual —— The role you want the switch to play, with candidate
and individual options. The role of the switch you can change to is related with
the current role. The conversion among Commander Switch, Candidate Switch
and Individual Switch is: Commander Switch Candidate Switch Individual
Switch. To get the information about creating Commander Switch, please refer
Command Mode
Global Configuration Mode
Example
Change the role of the current switch to Commander Switch:
TP-LINK(config)# cluster manage role-change candidate
show cluster ndp global
Description
The show cluster ndp global command is used to display the global
configuration of NDP.
Syntax
show cluster ndp global
Command Mode
Any Configuration Mode
Example
Display the global configuration of NDP:
TP-LINK> show cluster ndp global
show cluster ndp port-status
Description
The show cluster ndp port-status command is used to display NDP
configuration of the certain port.
Syntax
show cluster ndp port-status [port]
194
Download from Www.Somanuals.com. All Manuals Search And Download.
Parameter
port —— The port selected to display the configuration of NDP. By default, the
configuration of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the NDP configuration of port 2:
TP-LINK> show cluster ndp port-status 2
show cluster neighbour
Description
The show cluster neighbour command is used to display the cluster neighbor
information.
Syntax
show cluster neighbour
Command Mode
Any Configuration Mode
Example
Display the cluster neighbor information:
TP-LINK> show cluster neighbour
show cluster ntdp global
Description
The show cluster ntdp global command is used to display the global
configuration of NTDP.
Syntax
show cluster ntdp global
Command Mode
Any Configuration Mode
Example
Display the global configuration of NTDP:
TP-LINK> show cluster ntdp global
195
Download from Www.Somanuals.com. All Manuals Search And Download.
show cluster ntdp port-status
Description
The show cluster ntdp port-status command is used to display NTDP
configuration of the certain port.
Syntax
show cluster ntdp port-status [port]
Parameter
port —— The port selected to display the configuration of NTDP. By default, the
configuration of all ports is displayed.
Command Mode
Any Configuration Mode
Example
Display the NTDP configuration of port 2:
TP-LINK> show cluster ntdp port-status 2
show cluster ntdp device
Description
The show cluster ntdp device command is used to display the device table of
NTDP.
Syntax
show cluster ntdp device
Command Mode
Any Configuration Mode
Example
Display the device table of NTDP:
TP-LINK> show cluster ntdp device
show cluster manage config
Description
When the current switch is Commander Switch, the show cluster manage
config command is used to display the global configuration of Cluster.
196
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
show cluster manage config
Command Mode
Any Configuration Mode
Example
Display the global configuration of Cluster:
TP-LINK> show cluster manage config
show cluster manage member
Description
The show cluster manage member command is used to display the member
information.
Syntax
show cluster manage member
Command Mode
Any Configuration Mode
Example
Display the member information:
TP-LINK> show cluster manage member
show cluster manage role
Description
The show cluster manage role command is used to display the role of the
current switch.
Syntax
show cluster manage role
Command Mode
Global Configuration Mode
Example
Display the role of the current switch:
TP-LINK(config)# show cluster manage role
197
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 31 LLDP Commands
LLDP function enables network devices to advertise their own device information periodically to
neighbors on the same LAN. The information of the LLDP devices in the LAN can be stored by its
neighbor in a standard MIB, so it is possible for the information to be accessed by a Network
Management System (NMS) using SNMP.
lldp enable
Description
The lldp enable command is used to enable LLDP function. To return to the
default configuration, please use no lldp enable command.
Syntax
lldp enable
no lldp enable
Command Mode
Global Configuration Mode
Example
Enable lldp function globally:
TP-LINK(config)# lldp enable
lldp hold-multiplier
Description
The lldp hold-multiplier command is used to configure the Hold Multiplier
parameter. The aging time of the local information in the neighbor device is
determined by the actual TTL value used in the sending LLDPDU. TTL = Hold
Multiplier * Transmit Interval. To return to the default configuration, please use
no lldp hold-multiplier command.
Syntax
lldp hold-multiplier multiplier
no lldp hold-multiplier
Parameter
multiplier —— Configure the Hold Multiplier parameter. It ranges from 2 to 10.
By default, it is 4.
198
Download from Www.Somanuals.com. All Manuals Search And Download.
Command Mode
Global Configuration Mode
Example
Specify Hold Multiplier as 5:
TP-LINK(config)# lldp hold-multiplier 5
lldp timer
Description
The lldp timer command is used to configure the parameters about
transmission. To return to the default configuration, please use no lldp timer
command.
Syntax
lldp timer tx-interval tx-interval
lldp timer tx-delay tx-delay
lldp timer reinit-delay reinit-delay
lldp timer notify-interval notify-interval
lldp timer fast-count fast-count
no lldp timer tx-interval
no lldp timer tx-delay
no lldp timer reinit-delay
no lldp timer notify-interval
no lldp timer fast-count
Parameter
tx-interval —— Configure the interval for the local device to transmit LLDPDU to
its neighbors. By default, it is 30 seconds.
tx-delay —— Configure a value from 1 to 8192 in seconds to specify the time for
the local device to transmit LLDPDU to its neighbors after changes occur so as
to prevent LLDPDU being sent frequently. By default, it is 2 seconds.
reinit-delay ——This parameter indicates the amount of delay from when LLDP
status becomes "disable" until re-initialization will be attempted. The default
value is 3.
notify-interval —— Specify the interval of Trap message which will be sent from
local device to network management system. By default, it is 5 seconds.
fast-count ——When the port's LLDP state transforms from Disable (or Rx_Only)
199
Download from Www.Somanuals.com. All Manuals Search And Download.
to Tx&Rx (or Tx_Only), the fast start mechanism will be enabled, that is, the
transmit interval will be shorten to a second, and several LLDPDUs will be sent
out (the number of LLDPDUs equals this parameter). The default value is 3.
Command Mode
Global Configuration Mode
Example
Specify the Transmit Interval of LLDPDU as 45 seconds and Trap message to
NMS as 120 seconds:
TP-LINK(config)# lldp timer tx-interval 45
TP-LINK(config)# lldp timer notify-interval 120
lldp admin-status
Description
The lldp admin-status command is used to configure the port’s LLDP operating
mode. To return to the default configuration, please use no lldp admin-status
command.
Syntax
lldp admin-status { disable | tx | rx | txrx }
no lldp admin-status
Parameter
disable —— Neither transmit nor receive LLDP frames.
tx —— Only transmit LLDP frames.
rx —— Only receive LLDP frames without sending.
txrx —— Transmit and receive LLDP frames. By default, the LLDP operating
mode of all ports is “txrx”.
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Configure the LLDP operating mode as “tx” for port 6:
TP-LINK(config)# interface ethernet 6
TP-LINK(config-if)# lldp admin-status tx
200
Download from Www.Somanuals.com. All Manuals Search And Download.
lldp snmp-trap
Description
The lldp snmp-trap command is used to enable the ports' SNMP notification. If
enabled, the port will notify the trap event to network management system. To
disable this function, please use no lldp snmp-trap command.
Syntax
lldp snmp-trap
no lldp snmp-trap
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Enable the ports' SNMP notification for port8:
TP-LINK(config)# interface ethernet 8
TP-LINK(config-if)# lldp snmp-trap
lldp tlv-select
Description
The lldp tlv-select command is used to configure TLVs to be included in
outgoing LLDPDU. To exclude TLVs, please use no lldp tlv-select command.
By default, All TLVs are included in outgoing LLDPDU.
Syntax
lldp tlv-select [port-description] [system-capability] [system-description]
[system-name] [management-address] [port-vlan-id] [protocol-vlan-id]
[vlan-name] [link-aggregation] [mac-phy] [max-frame-size] [power] [all]
no lldp tlv-select [port-description] [system-capability] [system-description]
[system-name] [management-address] [port-vlan-id] [protocol-vlan-id]
[vlan-name] [link-aggregation] [mac-phy] [max-frame-size] [power] [all]
Command Mode
Interface Configuration Mode(interface ethernet / interface range ethernet)
Example
Exclude “management-address” and “port-vlan-id” TLVs in LLDPDU outgoing
from port 8:
201
Download from Www.Somanuals.com. All Manuals Search And Download.
TP-LINK(config)# interface ethernet 8
TP-LINK(config-if)# no lldp tlv-select management-address port-vlan-id
show lldp global
Description
The show lldp global command is used to display the global configuration of
LLDP.
Syntax
show lldp global
Command Mode
Any Configuration Mode
Example
Display the global configuration of LLDP:
TP-LINK> show lldp global
show lldp interface
Description
The show lldp interface command is used to display LLDP configuration of the
certain port.
Syntax
show lldp interface [ethernet port]
Parameter
port —— The port selected to display the configuration of LLDP.
Command Mode
Any Configuration Mode
Example
Display the LLDP configuration of port 8:
TP-LINK> show lldp interface ethernet 8
202
Download from Www.Somanuals.com. All Manuals Search And Download.
show lldp local-information
Description
The show lldp local-information command is used to display the LLDP
information of the certain port.
Syntax
show lldp local-information [port]
Parameter
port —— The port selected to display the information of LLDP.
Command Mode
Any Configuration Mode
Example
Display the LLDP information of port 8:
TP-LINK> show lldp local-information 8
show lldp neighbor-information
Description
The show lldp neighbor-information command is used to display the neighbor
information of the certain port.
Syntax
show lldp neighbor-information [port]
Parameter
port —— The port selected to display the neighbor information.
Command Mode
Any Configuration Mode
Example
Display the neighbor information of port 8:
TP-LINK> show lldp neighbor-information 8
show lldp statistics
Description
The show lldp statistics command is used to display the LLDP statistic
information between the local device and neighbor device of the certain port.
203
Download from Www.Somanuals.com. All Manuals Search And Download.
Syntax
show lldp statistics [port]
Parameter
port —— The port selected to display the neighbor information.
Command Mode
Any Configuration Mode
Example
Display the LLDP statistic information of port 8:
TP-LINK> show lldp statistics 8
204
Download from Www.Somanuals.com. All Manuals Search And Download.
|