user manual

ManualsBrandsTP-Link ManualsSwitchSwitch TL-SL3452

TL-SL3428/TL-SL3452

JetStream L2 Managed Switch

REV1.2.1

1910010930

Summary of content (232 pages)

PAGE 1
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch REV1.2.
PAGE 2
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2013 TP-LINK TECHNOLOGIES CO., LTD.
PAGE 3
CONTENTS Preface ………………………………………………………………………………….1 Chapter 1 Using the CLI ....................................................................................... 4 1.1 Accessing the CLI ...........................................................................................................4 1.1.1 Logon by a console port .......................................................................................4 1.1.2 Logon by Telnet ...................................................................
PAGE 4
protocol-vlan..........................................................................................................................25 show protocol-vlan template..................................................................................................26 show protocol-vlan vlan .........................................................................................................26 show protocol-vlan interface......................................................................................
PAGE 5
line.........................................................................................................................................46 password ...............................................................................................................................47 login.......................................................................................................................................47 login local ..........................................................................
PAGE 6
Chapter 12 IEEE 802.1X Commands ................................................................... 67 dot1x system-auth-control .....................................................................................................67 dot1x auth-method ................................................................................................................67 dot1x guest-vlan(global) ........................................................................................................
PAGE 7
ip http secure-server download certificate .............................................................................87 ip http secure-server download key .......................................................................................88 show ip http secure-server ....................................................................................................89 Chapter 16 MAC Address Commands................................................................. 90 mac address-table static.........
PAGE 8
loopback interface ............................................................................................................... 110 show system-time................................................................................................................ 110 show system-time dst .......................................................................................................... 111 show system-time ntp............................................................................................
PAGE 9
qos queue dscp-map ...........................................................................................................129 qos queue mode..................................................................................................................130 show qos interface ..............................................................................................................131 show qos cos-map ....................................................................................................
PAGE 10
access-list policy action .......................................................................................................152 redirect interface..................................................................................................................153 s-condition ...........................................................................................................................153 s-mirror ...............................................................................................
PAGE 11
show spanning-tree mst ......................................................................................................175 Chapter 25 IGMP Commands..............................................................................176 ip igmp snooping(global) .....................................................................................................176 ip igmp snooping(interface) .................................................................................................
PAGE 12
show snmp-server view .......................................................................................................201 show snmp-server group .....................................................................................................202 show snmp-server user .......................................................................................................202 show snmp-server community.............................................................................................
PAGE 13
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SL3428/TL-SL3452 JetStream L2 Managed Switch. The two devices of TL-SL3428 and TL-SL3452 are sharing this User Guide. For simplicity, we will take TL-SL3428 for example throughout the configuration chapters.
PAGE 14
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide server, and record the IP address, MAC address, VLAN and the connected Port number of the Host for automatic binding. Chapter 10: ARP Inspection Commands Provide information about the commands used for protecting the switch from the ARP cheating or ARP Attack. Chapter 11: DoS Defend Command Provide information about the commands used for DoS defend and detecting the DoS attack. Chapter 12: IEEE 802.
PAGE 15
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 23: ACL Commands Provide information about the commands used for configuring the ACL (Access Control List). Chapter 24: MSTP Commands Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree Protocol). Chapter 25: IGMP Commands Provide information about the commands used for configuring the IGMP Snooping (Internet Group Management Protocol Snooping).
PAGE 16
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 1 1.1 Using the CLI Accessing the CLI You can log on to the switch and access the CLI by the following two methods: 1. Log on to the switch by the console port on the switch. 2. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port To log on to the switch by the console port on the switch, please take the following steps: 1.
PAGE 17
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Figure 1-2 Connection Description 4. Select the port to connect in Figure 1-3, and click OK. Figure 1-3 Select the port to connect 5. Configure the port selected in the step above as the following Figure 1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.
PAGE 18
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide 6. The DOS prompt” TL-SL3428>” will appear after pressing the Enter button as Figure 1-5 shown. It indicates that you can use the CLI now. Figure 1-5 Log in the Switch 1.1.2 Logon by Telnet To successfully create Telnet connection, firstly CLI commands about configuring Telnet login mode, login authentication information and Privileged EXEC Mode password should be configured through Console connection.
PAGE 19
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Now, you can logon by Telnet in login local mode. 1. Make sure the switch and the PC are in the same LAN. Click Start → Run to open the Run window and type cmd in the prompt Run window as Figure 1-7 and click OK. Figure 1-7 Run Window 2. Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-8, and press the Enter button. Figure 1-8 Connecting to the Switch 3.
PAGE 20
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide 4. Type enable command to enter Privileged EXEC Mode. A password that you have set through Console port connection is required. Here the password is set as 123. Figure 1-10 Enter to the Privileged EXEC Mode  Login Mode: Firstly configure the Telnet login mode as “login”, and both the connection password and the Privileged EXEC Mode password as 123 in the prompted DOS screen shown in Figure 1-11.
PAGE 21
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Figure 1-12 Connecting to the Switch 2. You are prompted to enter the connection password 123 you have set through Console port connection, and then you are in User EXEC Mode. Figure 1-13 Enter into the User EXEC Mode 3. When entering enable command to access Privileged EXEC Mode, you are required to give the password 123 you have set through Console port connection.
PAGE 22
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide 1.2 CLI Command Modes The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode. Interface Configuration Mode can also be divided into Interface fastEthernet, Interface gigabitEthernet, Interface link-aggregation and some other modes, which is shown as the following diagram.
PAGE 23
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Use the vlan vlan-list VLAN command to enter this Configuration mode from Global Mode Configuration mode. TL-SL3428(configvlan)# Use the end command or press Ctrl+Z to return to Privileged EXEC mode. Enter the exit or # command to return to Global configuration mode. Note: 1. The user is automatically in User EXEC Mode after the connection between the PC and the switch is established by a console port or by a telnet connection. 2.
PAGE 24
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode. Users get the privilege to the User level once connecting console port with the switch or logging in by Telnet. However, Guest users are restricted to access the CLI. Users can enter Privileged EXEC mode from User EXEC mode by using the enable command.
PAGE 25
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide  MAC Address must be enter in the format of xx:xx:xx:xx:xx:xx  One or several values can be typed for a port-list or a vlan-list using comma to separate. Use a hyphen to designate a range of values, for instance, 1,3-5,7 indicates choosing 1,3,4,5,and 7.  The port number must enter in the format of 1/0/3, meaning unit/slot/port.
PAGE 26
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 2 User Interface enable Description The enable command is used to access Privileged EXEC Mode from User EXEC Mode. Syntax enable Command Mode User EXEC Mode Example If you have set the password to access Privileged EXEC Mode from User EXEC Mode: TL-SL3428>enable Enter password： TL-SL3428# enable password Description The enable password command is used to set the password for users to access Privileged EXEC Mode from User EXEC Mode.
PAGE 27
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Syntax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privileged EXEC Mode: TL-SL3428#disable TL-SL3428> configure Description The configure command is used to access Global Configuration Mode from Privileged EXEC Mode.
PAGE 28
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax exit Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: TL-SL3428(config-if)#exit TL-SL3428(config)#exit TL-SL3428# end Description The end command is used to return to Privileged EXEC Mode.
PAGE 29
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 3 IEEE 802.1Q VLAN Commands VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logical LANs flexibly. Hosts in the same VLAN can communicate with each other, regardless of their physical locations. VLAN can enhance performance by conserving bandwidth, and improve security by limiting traffic to specific domains. vlan Description The vlan command is used to create IEEE 802.
PAGE 30
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax interface vlan vlan-id no interface vlan vlan-id Parameter vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Create VLAN Interface 2: TL-SL3428(config)#interface vlan 2 name Description The name command is used to assign a description string to a VLAN. To clear the description, please use no name command.
PAGE 31
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide switchport mode Description The switchport mode command is used to configure the Link Types for the ports. Syntax switchport mode { access | trunk | general } Parameter access | trunk | general —— Link Types. There are three Link Types for the ports.
PAGE 32
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Configure Fast Ethernet port 3 whose link type is “access” to VLAN 2: TL-SL3428(config)#interface fastEthernet 1/0/3 TL-SL3428(config-if)#switchport access vlan 2 switchport trunk allowed vlan Description The switchport trunk allowed vlan command is used to add the desired Trunk port to IEEE 802.1Q VLAN, or to remove a port from the corresponding VLAN.
PAGE 33
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax switchport general allowed vlan vlan-list { tagged | untagged } no switchport general allowed vlan vlan-list Parameter vlan-list —— VLAN ID list, ranging from 2 to 4094, in the format of 2-3, 5. It is multi-optional. tagged | untagged —— egress-rule.
PAGE 34
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Specify the PVID of Fast Ethernet port 3 as 1: TL-SL3428(config)#interface fastEthernet 1/0/3 TL-SL3428(config-if)#switchport pvid 1 show vlan summary Description The show vlan summary command is used to display the summarized information of IEEE 802.1Q VLAN. Syntax show vlan summary Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the summarized information of IEEE 802.
PAGE 35
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show vlan Description The show vlan command is used to display the detailed information of IEEE 802.1Q VLAN. Syntax show vlan [id vlan-list] Parameter vlan-list —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Using the show vlan command without parameter displays the detailed information of all VLANs.
PAGE 36
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 4 Protocol-based VLAN Commands Protocol VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A Protocol is relative to a single VLAN ID. The untagged packets and the priority-tagged packets matching the protocol template will be tagged with this VLAN ID. protocol-vlan template Description The protocol-vlan template command is used to create Protocol-based VLAN template.
PAGE 37
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol-based VLAN entry. To delete a Protocol-based VLAN entry, please use no protocol-vlan vlan command. Syntax protocol-vlan vlan vlan-id template template-idx no protocol-vlan vlan group-idx Parameter vlan-vid —— Specify IEEE 802.1Q VLAN ID, ranging from 1-4094. template-idx ——The number of the Protocol-based VLAN Template.
PAGE 38
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax protocol-vlan no protocol-vlan Command Mode Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Example Enable the Protocol-based VLAN feature for the Gigabit Ethernet port 25: TL-SL3428(config)#interface gigabitEthernet 1/0/25 TL-SL3428(config-if)#protocol-vlan show protocol-vlan template Description The show protocol-vlan template command is us
PAGE 39
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax show protocol-vlan vlan Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display information of the Protocol-based VLAN entry: TL-SL3428(config)#show protocol-vlan vlan show protocol-vlan interface Description The show protocol-vlan interface command is used to display port state and of Protocol-based VLAN interface.
PAGE 40
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 5 Voice VLAN Commands Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with voice devices attached to voice VLANs, you can perform QoS-related configuration for voice data, ensuring the transmission priority of voice data stream and voice quality. voice vlan Description The voice vlan command is used to enable Voice VLAN function.
PAGE 41
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide no voice vlan aging time Parameter time —— Aging time (in minutes) to be set for the Voice VLAN. It ranges from 1 to 43200. Command Mode Global Configuration Mode Example Set the aging time for the Voice VLAN as 1 minute: TL-SL3428(config)#voice vlan aging time 1 voice vlan mac-address Description The voice vlan mac-address command is used to create Voice VLAN OUI.
PAGE 42
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config)#voice vlan mac-address 00:11:11:11:11:11 mask FF:FF:FF:00:00:00 description TP- Phone switchport voice vlan mode Description The switchport voice vlan mode command is used to configure the Voice VLAN mode for the Ethernet port. Syntax switchport voice vlan mode { manual | auto } Parameter manual | auto —— Port mode.
PAGE 43
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Display the configuration information of Voice VLAN globally: TL-SL3428(config)#show voice vlan show voice vlan oui Description The show voice vlan oui command is used to display the configuration information of Voice VLAN OUI.
PAGE 44
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Display the configuration information of Fast Ethernet port 1 in the Voice VLAN: TL-SL3428(config)#show voice vlan switchport fastEthernet 1/0/1 Display the configuration information of all the ports in the Voice VLAN: TL-SL3428(config)#show voice vlan switchport 32
PAGE 45
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 6 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagate the local VLAN registration information to other switches, without having to individually configure each VLAN.
PAGE 46
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEhternet) Example Enable the GVRP function for Fast Ethernet ports 2-6: TL-SL3428(config)#interface range fastEthernet 1/0/2-6 TL-SL3428(config-if-range)#gvrp gvrp registration Description The gvrp registration command is used to configure the GVRP registration type for the desired port.
PAGE 47
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide restore to the default setting of a GARP timer, please use no gvrp timer command. Syntax gvrp timer { leaveall | join | leave } value no gvrp timer { leaveall | join | leave } Parameter leaveall | join | leave —— They are the three timers: leave All、join and leave. Once the LeaveAll Timer is set, the port with GVRP enabled can send a LeaveAll message after the timer times out, so that other GARP ports can re-register all the attribute information.
PAGE 48
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show gvrp global Description The show gvrp global command is used to display the global GVRP status. Syntax show gvrp global Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the global GVRP status: TL-SL3428(config)#show gvrp global show gvrp interface Description The show gvrp interface command is used to display the GVRP configuration information of a specified Ethernet port or of all Ethernet ports.
PAGE 49
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 7 Etherchannel Commands Etherchannel Commands are used to configure LAG and LACP function. LAG (Link Aggregation Group) is to combine a number of ports together to make a single high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is the sum of bandwidth of its member port. LACP (Link Aggregation Control Protocol) is defined in IEEE802.
PAGE 50
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide port-channel load-balance Description The port-channel load-balance command is used to configure the Aggregate Arithmetic for LAG. To return to the default configurations, please use no port-channel load-balance command. Syntax port-channel load-balance {src-dst-mac | src-dst-ip} no port-channel load-balance Parameter src-dst-mac —— The source and destination MAC address.
PAGE 51
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Configure the LACP system priority as 1024 globally: TL-SL3428(config)#lacp system-priority 1024 lacp port-priority Description The lacp port-priority command is used to configure the LACP system priority globally. To return to the default configurations, please use no lacp port-priority command.
PAGE 52
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide 14. By default, it is empty, and will display the information of all EtherChannel Groups. detail —— The detailed information of EtherChannel. summary —— The EtherChannel information in summary.
PAGE 53
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide neighbor —— The neighbor LACP information. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the internal LACP information of EtherChannel Group 1: TL-SL3428(config)#show lacp 1 internal show lacp sys-id Description The show lacp sys-id command is used to display the LACP system priority globally.
PAGE 54
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 8 User Manage Commands User Manage Commands are used to manage the user’s logging information by Web, CLI or SSH, so as to protect the settings of the switch from being randomly changed. user name Description The user name command is used to add a new user or modify the existed users’ information. To delete the existed users, please use no user name command.
PAGE 55
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config)#user name tplink password password type admin status enable user access-control ip-based Description The user access-control ip-based command is used to limit the IP-range of the users for login. Only the users within the IP-range you set here are allowed to login. To cancel the user access limit, please use no user access-control command.
PAGE 56
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide no user access-control Parameter mac-addr —— The source MAC address. Only the user with this MAC address is allowed to login.
PAGE 57
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide user max-number Description The user max-number command is used to configure the maximum login user number at the same time. To cancel the limit on login number, please use no user max-number command. Syntax user max-number admin-num guest-num no user max-number Parameter admin-num —— The maximum number of the users allowed to log on as Admin, ranging from 1 to 16. The total number of Admin and Guest should be less than 16.
PAGE 58
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minutes: TL-SL3428(config)#user idle-timeout 15 line Description The line command is used to enter the Line Configuration Mode and make related configurations for the desired user(s), including the login mode and password configurations.
PAGE 59
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide password Description The password command is used to configure the connection password. To clear the password, please use no password command. Syntax password password no password Parameter password —— Configure the connection password, which contains 16 characters at most, composing digits, English letters and underlines only.
PAGE 60
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Configure the login of Console port connection 0 as login mode: TL-SL3428(config)#line console 0 TL-SL3428(config-line)#login Configure the login of virtual terminal connection 0-5 as login mode: TL-SL3428(config)#line vty 0 5 TL-SL3428(config-line)#login login local Description The login local command is used to configure the login of a switch with the user name and password.
PAGE 61
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax show user account-list Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the current users: TL-SL3428(config)#show user account-list show user configuration Description The user configuration command is used to display the security configuration information of the users, including access-control, max-number and the idle-timeout, etc.
PAGE 62
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 9 Binding Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be the condition for the ARP Inspection and IP verify source to filter the packets. ip source binding Description The ip source binding command is used to bind the IP address, MAC address, VLAN ID and the Port number together manually.
PAGE 63
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Bind an ACL entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and the Port number 5 manually. And then enable the entry for the ARP detection: TL-SL3428(config)#ip source binding host1 192.168.0.
PAGE 64
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide ip dhcp snooping global Description The ip dhcp snooping global command is configure DHCP-Snooping globally. To restore to the default value, please use no dhcp-snooping global command.
PAGE 65
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide ip dhcp snooping information option Description The ip dhcp snooping information option command is used to enable the Option 82 function of DHCP Snooping. To disable the Option 82 function, please use no ip dhcp snooping information option command.
PAGE 66
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Replace the Option 82 field of the packets with the switch defined one and then send out: TL-SL3428(config)#ip dhcp snooping information strategy replace ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is used to enable and configure the customized sub-option Remote ID for the Option 82.
PAGE 67
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide default Circuit ID for the Option 82, please use no ip dhcp snooping information circuit-id command. Syntax ip dhcp snooping information circuit-id string no ip dhcp snooping information circuit-id Parameter string —— Enter the sub-option Circuit ID, which contains 32 characters at most.
PAGE 68
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config-if)#ip dhcp snooping trust ip dhcp snooping mac-verify Description The ip dhcp snooping mac-verify command is used to enable the MAC Verify feature. To disable the MAC Verify feature, please use no ip dhcp snooping mac-verify command. There are two fields of the DHCP packet containing the MAC address of the Host. The MAC Verify feature is to compare the two fields and discard the packet if the two fields are different.
PAGE 69
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter value —— The value of Flow Control. The options are 0/5/10/15/20/25/30 (packet/second). The default value is 0, which stands for “disable”.
PAGE 70
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax show ip source binding Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the IP-MAC-VID-PORT binding table: TL-SL3428(config)#show ip source binding show ip dhcp snooping Description The show ip dhcp snooping command is used to display the running status of DHCP-Snooping.
PAGE 71
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Display the Option 82 configuration status of DHCP-Snooping: TL-SL3428#show ip dhcp snooping information show ip dhcp snooping interface Description The show ip dhcp snooping interface command is used to display the DHCP-Snooping configuration of a desired Fast/Gigabit Ethernet ports or of all Ethernet ports.
PAGE 72
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 10 ARP Inspection Commands ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc. ip arp inspection(global) Description The ip arp inspection command is used to enable the ARP Detection function globally. To disable the ARP Detection function, please use no ip arp detection command.
PAGE 73
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEhternet) Example Configure the Fast Ethernet ports 2-5 as the Trusted Port: TL-SL3428(config)#interface range fastEthernet 1/0/2-5 TL-SL3428(config-if-range)#ip arp inspection trust ip arp inspection(interface) Description The ip arp inspection command is used to enable the ARP Defend function.
PAGE 74
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide of a specified port. To restore to the default speed, please use no ip arp inspection limit-rate command. Syntax ip arp inspection limit-rate value no ip arp inspection limit-rate Parameter value ——The value to specify the maximum amount of the received ARP packets per second, ranging from 10 to 100 in pps(packet/second). By default, the value is 15.
PAGE 75
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config-if)#ip arp inspection recover show ip arp inspection Description The show ip arp inspection command is used to display the ARP detection global configuration including the enable/disable status and the Trusted Port list.
PAGE 76
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Display the configuration of all Ethernet ports: TL-SL3428(config)#show ip arp inspection interface show ip arp inspection statistics Description The show ip arp inspection statistics command is used to display the number of the illegal ARP packets received.
PAGE 77
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 11 DoS Defend Command DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend enabled, the switch can analyze the specific field of the received packets and provide the defend measures to ensure the normal working of the local network.
PAGE 78
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter scan-synfin —— Scan SYNFIN attack. xma-scan —— Xma Scan attack. null-scan —— NULL Scan attack. port-less-1024 ——The SYN packets whose Source Port less than 1024. ping-flood —— Ping flooding attack. With the ping flood attack enabled, the switch will limit automatically the forwarding speed of ping packets to 512 Kbps when attacked by ping flood. syn-flood —— SYN/SYN-ACK flooding attack.
PAGE 79
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 12 IEEE 802.1X Commands IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the supplicant passing the authentication can access the LAN. dot1x system-auth-control Description The dot1x system-auth-control command is used to enable the IEEE 802.1X function globally. To disable the IEEE 802.1X function, please use no dot1x system-auth-control command.
PAGE 80
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide pap: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client. The transmission of EAP packets is terminated at the switch and the EAP packets are converted to the other protocol (such as RADIUS) packets for transmission eap-md5: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client.
PAGE 81
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Enable the Guest VLAN function for VLAN 5: TL-SL3428(config)#dot1x guest-vlan 5 dot1x quiet-period Description The dot1x quiet-period command is used to enable the quiet-period function. To disable the function, please use no dot1x quiet-period command.
PAGE 82
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide reauth-period time ——The maximum time for the switch to wait for the response from supplicant before resending a request to the supplicant., ranging from 1 to 9 in second. By default, it is 3.
PAGE 83
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide dot1x Description The dot1x command is used to enable the IEEE 802.1X function for a specified port. To disable the IEEE 802.1X function for a specified port, please use no dot1x command. Syntax dot1x no dot1x Command Mode Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Example Enable the IEEE 802.
PAGE 84
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Enable the Guest VLAN function for Fast Ethernet port 2: TL-SL3428(config)#interface fastEthernet 1/0/2 TL-SL3428(config-if)#dot1x guest-vlan dot1x port-control Description The dot1x port-control command is used to configure the Control Mode of IEEE 802.1X for the specified port. By default, the control mode is “auto”. To restore to the default configuration, please use no dot1x port-control command.
PAGE 85
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide dot1x port-method Description The dot1x port-method command is used to configure the control type of IEEE 802.1X for the specified port. By default, the control type is “mac-based”. To restore to the default configuration, please use no dot1x port-method command. Syntax dot1x port-method { mac-based | port-based } no dot1x port-method Parameter mac-based | port-based ——The control type for the port.
PAGE 86
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter auth-pri ip —— The IP address of the authentication server. auth-sec ip —— The IP address of the alternative authentication server. auth-port port ——The UDP port of authentication server(s) ranging from 1 to 65535. The default value is 1812. auth-key keyvalue ——The shared password for the switch and the authentication servers to exchange messages which contains 15 characters at most. acct-pri ip —— The IP address of the accounting server.
PAGE 87
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Enable the accounting feature: TL-SL3428(config)#radius server-account show dot1x global Description The show dot1x global command is used to display the global configuration of 801.X. Syntax show dot1x global Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of 801.
PAGE 88
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Display the configuration information of 801.X for Gigabit Ethernet port 25: TL-SL3428(config)#show dot1x interface gigabitEthernet 1/0/25 Display the configuration information of 801.X for all Ethernet ports: TL-SL3428(config)#show dot1x interface show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server.
PAGE 89
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 13 System Log Commands The log information will record the settings and operation of the switch respectively for you to monitor operation status and diagnose malfunction. logging buffer Description The logging buffer command is used to configure the severity level and the status of the configuration input to the log buffer. To disable the logging buffer function, please use no logging buffer command.
PAGE 90
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide logging file flash Description The logging file flash command is used to configure the level and the status of the log file input. To disable the logging file flash funtion, please use no logging file flash command. The log file indicates the flash sector for saving system log. The information in the log file will not be lost after the switch is restarted and can be got by the show logging flash command.
PAGE 91
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter buffer | flash —The output channels: buffer and flash. Clear the information of the two channels, by default. Command Mode Global Configuration Mode Example Clear the information in the log file: TL-SL3428(config)#clear logging buffer logging host index Description The logging host index command is used to configure the Log Host. To clear the configuration of the specified Log Host, please use no logging host index command.
PAGE 92
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Set the IP address as 192.168.0.148, the level 5: TL-SL3428(config)#logging host index 2 192.168.0.148 5 show logging local-config Description The show logging local-config command is used to display the configuration of the Local Log including the log buffer and the log file.
PAGE 93
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Display the configuration of the log host 2: TL-SL3428(config)#show logging loghost 2 show logging buffer Description The show logging buffer command is used to display the log information in the log buffer according to the severity level. Syntax show logging buffer [level level] Parameter level —— Severity level. There are 8 severity levels marked with values 0-7.
PAGE 94
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the log information with the level marked 0~3 in the log file: TL-SL3428(config)#show logging flash level 3 82
PAGE 95
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 14 SSH Commands SSH (Security Shell) can provide the unsecured remote management with security and powerful authentication to ensure the security of the management information. ip ssh server Description The ip ssh server command is used to enable SSH function. To disable the SSH function, please use no ip ssh server command.
PAGE 96
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Enable SSH v2: TL-SL3428(config)#ip ssh version v2 ip ssh timeout Description The ip ssh timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use ip ssh timeout command. Syntax ip ssh timeout value no ip ssh timeout Parameter value — — The Idle-timeout time. During this period, the system will automatically release the connection if there is no operation from the client.
PAGE 97
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Specify the maximum number of the connections to the SSH server as 3: TL-SL3428(config)#ip ssh max-client 3 ip ssh download Description The ip ssh download command is used to download the SSH key file from TFTP server. Syntax ip ssh download {v1 | v2 } key-file ip-address ip-addr Parameter v1 | v2 —— Select the type of SSH key to download, v1 represents SSH-1, v2 represents SSH-2.
PAGE 98
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the global configuration of SSH: TL-SL3428(config)#show ip ssh 86
PAGE 99
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 15 SSL Commands SSL（Secure Sockets Layer）, a security protocol, is to provide a secure connection for the application layer protocol(e.g. HTTP) based on TCP. Adopting asymmetrical encryption technology, SSL uses key pair to encrypt/decrypt information. A key pair refers to a public key (contained in the certificate) and its corresponding private key.
PAGE 100
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter ssl-cert —— The name of the SSL certificate which is selected to download to the switch. The length of the name ranges from 1 to 25 characters. The Certificate must be BASE64 encoded. ip-addr —— The IP address of the TFTP server. Command Mode Global Configuration Mode Example Download an SSL Certificate named ssl-cert from TFTP server with the IP address of 192.168.0.
PAGE 101
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show ip http secure-server Description The show ip http secure-server command is used to display the global configuration of SSL.
PAGE 102
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 16 MAC Address Commands MAC address configuration can improve the network security by configuring the Port Security and maintaining the address information by managing the address Table. mac address-table static Description The mac address-table static command is used to add the static MAC address entry. To remove the corresponding entry, please use no mac address-table static command.
PAGE 103
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Delete the static address entry whose MAC address is 00:02:58:4f:6c:23: TL-SL3428(config)#no mac address-table static 00:02:58:4f:6c:23 mac address-table aging-time Description The mac address-table aging-time command is used to configure aging time for the dynamic address. To return to the default configuration, please use no mac address-table aging-time command.
PAGE 104
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter mac-addr —— The MAC address to be filtered. vid —— The corresponding VLAN ID of the MAC address. It ranges from 1 to 4094.
PAGE 105
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide deleted manually. The learned entries will be cleared after the switch is rebooted. When permanent mode is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually too. However, the learned entries will be saved even the switch is rebooted. status —— Enable or disable the Port Security function for a specified port. By default, this function is disabled.
PAGE 106
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show mac address-table aging-time Description The show mac address-table aging-time command is used to display the Aging Time of the MAC address.
PAGE 107
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show mac address-table interface Description The show mac address-table interface command is used to display the address configuration of an Ethernet port. Syntax show mac address-table interface { fastEthernet port | gigabitEthernet port } Parameter port —— The Fast/Gigabit Ethernet port number.
PAGE 108
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax show mac address-table mac mac-addr Parameter mac-addr —— The specified MAC address. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the MAC address 00:00:00:00:23:00 TL-SL3428(config)#show mac address-table 00:00:00:00:23:00 show mac address-table vlan Description The show mac address-table vlan command is used to display the MAC address configuration of the specified vlan.
PAGE 109
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 17 System Configuration Commands System Configuration Commands can be used to configure the system information and system IP of the switch, and to reboot and reset the switch, upgrade the switch system and commands used for device diagnose, including loopback test and cable test. system-time manual Description The system-time manual command is used to configure the system time manually.
PAGE 110
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide UTC-12:00 —— TimeZone for International Date Line West. UTC-11:00 —— TimeZone for Coordinated Universal Time-11. UTC-10:00 —— TimeZone for Hawaii. UTC-09:00 —— TimeZone for Alaska. UTC-08:00 —— TimeZone for Pacific Time(US Canada). UTC-07:00 —— TimeZone for Mountain Time(US Canada). UTC-06:00 —— TimeZone for Central Time(US Canada). UTC-05:00 —— TimeZone for Eastern Time(US Canada). UTC-04:30 —— TimeZone for Caracas.
PAGE 111
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide backup-ntp-server —— The IP address for the Secondary NTP Server. fetching-rate —— Specify the rate fetching time from NTP server. Command Mode Global Configuration Mode Example Configure the system time mode as NTP, the time zone is UTC-12:00, the primary NTP server is 133.100.9.2 and the secondary NTP server is 139.78.100.163, the fetching-rate is 11 hours: TL-SL3428(config)#system-time ntp UTC-12:00 133.100.9.2 139.79.100.
PAGE 112
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide system-time dst date Description The system-time dst date command is used to specify the DST configuration in Date mode. This configuration is recurring in use. By default, the current year is used as the starting time. DST time periods should be within 12 months over one/two year.
PAGE 113
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide configuration in recurring mode. This configuration is recurring in use. The time period is not restricted to be within one year. Syntax system-time dst recurring {sweek} {sday} {smonth} {stime} {eweek} {eday} {emonth} {etime} [offset] Parameter sweek —— Week to start, with the options: first, second, third, fourth, last. sday —— Day to start, with the options: Sun, Mon, Tue, Wed, Thu, Fri, Sat.
PAGE 114
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax hostname hostname no hostname Parameter hostname —— System Name, ranging from 1 to 32 characters. It is the product name by default. Here it is TL-SL3428. Command Mode Global Configuration Mode Example Configure the system name as TPLINK: TL-SL3428(config)#hostname TPLINK location Description The location command is used to configure the system location. To clear the system location information, please use no location command.
PAGE 115
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide contact-info Description The contact-info command is used to configure the system contact information. To clear the system contact information, please use no contact-info command. Syntax contact-info contact_info no contact-info Parameter contact_info —— Contact Information. It consists of 32 characters at most. It is www.tp-link.com by default. Command Mode Global Configuration Mode Example Configure the system contact information as www.
PAGE 116
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide ip address Description The ip address command is used to configure the system IP address, Subnet Mask and Default Gateway. To restore to the factory defaults, please use no ip address command. This command should be configured in the Interface Configuration Mode of the management VLAN. Syntax ip address {ip-addr} {ip-mask} [gateway] no ip address Parameter ip-addr —— The system IP of the switch. The default system IP is 192.168.0.1.
PAGE 117
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Enable the DHCP Client function when the management VLAN of the switch is VLAN1: TL-SL3428(config)# interface vlan 1 TL-SL3428(config-if)# ip address-alloc dhcp ip address-alloc bootp Description The ip address-alloc bootp command is used to enable the BOOTP Protocol. When the BOOTP Protocol is enabled, the switch will obtain IP address from BOOTP Server.
PAGE 118
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Reset the software of the switch: TL-SL3428#reset reboot Description The reboot command is used to reboot the Switch. To avoid damage, please don’t turn off the device while rebooting. Syntax reboot Command Mode Privileged EXEC Mode Example Reboot the switch: TL-SL3428#reboot copy running-config startup-config Description The copy running-config startup-config command is used to save the current settings.
PAGE 119
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide The copy startup-config tftp command is used to backup the configuration file to TFTP server. Syntax copy startup-config tftp ip-address ip-addr filename name Parameter ip-addr —— IP address of the TFTP server. name — — Specify the name for the configuration file which would be backuped. Command Mode Privileged EXEC Mode Example Backup the configuration files to TFTP server with the IP 192.168.0.148 and name this file config.
PAGE 120
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Download the configuration file named as config.cfg to the switch from TFTP server with the IP 192.168.0.148: TL-SL3428#copy tftp startup-config ip-address 192.168.0.148 filename config firmware upgrade Description The firmware upgrade command is used to upgrade the switch system file via the TFTP server. Syntax firmware upgrade ip-address ip-addr filename name Parameter ip-addr —— IP address of the TFTP server.
PAGE 121
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide ranges from 1 to 10. By default, this value is 4. -l count —— The size of the sending data during ping testing. It ranges from 1 to 1024 bytes. By default, this value is 64. -i count —— The interval to send ICMP request packets. It ranges from 100 to 1000 milliseconds. By default, this value is 1000. Command Mode User EXEC Mode and Privileged EXEC Mode Example To test the connectivity between the switch and the network device with the IP 192.168.
PAGE 122
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide the connection between the switch and the destination device is failed to establish: TL-SL3428#tracert 192.168.0.131 –h 20 loopback interface Description The loopback interface command is used to test whether the port is available or not. Syntax loopback interface { fastEthernet port | gigabitEthernet port } { internal | external } Parameter port —— The Fast/Gigabit Ethernet port number. internal | external —— Loopback Type.
PAGE 123
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the time information of the switch: TL-SL3428#show system-time show system-time dst Description The show system-time dst command is used to display the DST time information of the switch.
PAGE 124
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show system-info Description The show system-info command is used to display system description, system name, device location, system contact, hardware version, firmware version, system time, run time and so on.
PAGE 125
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide connection status of the cable connected to the Switch, locate and diagnose the trouble spot of the network. Syntax show cable-diagnostics interface { fastEthernet port | gigabitEthernet port } Parameter port —— The number of the port which is selected for Cable test.
PAGE 126
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 18 Ethernet Configuration Commands Ethernet Configuration Commands can be used to configure the Bandwidth Control, Negotiation Mode and Storm Control for Ethernet ports. interface fastEthernet Description The interface fastEthernet command is used to enter the interface fastEthernet Configuration Mode and configure the corresponding Fast Ethernet port.
PAGE 127
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide User Guidelines Command in the Interface Range fastEthernet Mode is executed independently on all ports in the range. It does not effect the execution on the other ports at all if the command results in an error on one port.
PAGE 128
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter port-list —— The list of Gigabit Ethernet ports. Command Mode Global Configuration Mode User Guidelines Command in the Interface Range gigabitEthernet Mode is executed independently on all ports in the range. It does not affect the execution on the other ports at all if the command results in an error on one port.
PAGE 129
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide shutdown Description The shutdown command is used to disable an Ethernet port. To enable this port again, please use no shutdown command.
PAGE 130
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide media-type Description The media-type command is used to configure the media type of Combo port. For a Combo port, the media type should be configured before you set its speed and mode. This command does not apply to TL-SL3452 since TL-SL3452 has no Combo port. Syntax media-type { rj45 | sfp } Parameter rj45 | sfp —— Media type.
PAGE 131
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Configure the Duplex Mode as full-duplex for Gigabit Ethernet port 25: TL-SL3428(config)#interface gigabitEthernet 1/0/25 TL-SL3428(config-if)#duplex full speed Description The speed command is used to configure the Speed Mode for an Ethernet port. To return to the default configuration, please use no speed command. Syntax speed { 10 | 100 | 1000 | auto } no speed Parameter 10 | 100 | 1000 | auto —— The speed mode of the Ethernet port.
PAGE 132
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide storm-control broadcast no storm-control broadcast Command Mode Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Example Enable the broadcast control function for Fast Ethernet port 5: TL-SL3428(config)#interface fastEthernet 1/0/5 TL-SL3428(config-if)#storm-control broadcast storm-control multicast Description The storm-control multicast command is u
PAGE 133
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide unicast command. Unicast control function allows the switch to filter UL frame in the network. If the transmission rate of the UL frames exceeds the set bandwidth in the storm-contorl rate, the packets will be automatically discarded to avoid network broadcast storm.
PAGE 134
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Specify the storm control rate as 2Mbps for port5: TL-SL3428(config)# interface fastEthernet 1/0/5 TL-SL3428(config-if)# storm-control rate 2m bandwidth Description The bandwidth command is used to configure the bandwidth limit for an Ethernet port. To disable the bandwidth limit, please use no bandwidth command.
PAGE 135
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax clear counters Command Mode Global Configuration Mode Example Clear the statistic information of all Ethernet ports TL-SL3428(config)#clear counters show interface status Description The show interface status command is used to display the connective-status of an Ethernet port. Syntax show interface [fastEthernet port | gigabitEthernet port] status Parameter port ——The Fast/Gigabit Ethernet port number.
PAGE 136
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter port —— The Fast/Gigabit Ethernet port number. By default, the statistic information of all ports is displayed.
PAGE 137
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter port —— The Fast/Gigabit Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the flow-control information of all Ethernet ports: TL-SL3428#show interface flowcontrol show interface configuration Description The show interface configuration command is used to display the configurations of an Ethernet port, including Port-status, Flow Control, Negotiation Mode and Port-description.
PAGE 138
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide port-list —— The list of Fast/Gigabit Ethernet ports.
PAGE 139
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 19 QoS Commands QoS (Quality of Service) function is used to optimize the network performance. It provides you with network service experience of a better quality. qos Description The qos command is used to configure CoS (Class of Service) based on port. To return to the default configuration, please use no qos command. Syntax qos cos-id no qos Parameter cos-id —— The priority of port.
PAGE 140
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax qos cos no qos cos Command Mode Global Configuration Mode User Guidelines IEEE 802.1P gives the Pri field in IEEE 802.1Q tag a recommended definition. When the mapping relation between IEEE 802.1P Priority and TC egress queue is enabled, the data will be classified into the egress queue based on this mapping relation. Example Enable the mapping relation between IEEE 802.
PAGE 141
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide qos queue cos-map Description The qos queue cos-map command is used to configure the mapping relation between IEEE 802.1P priority tag/IEEE 802.1Q tag, CoS value and the TC egress queue. To return to the default configuration, please use no qos queue cos-map command. When 802.1P Priority is enabled, the packets with 802.1Q tag are mapped to different priority levels based on 802.1P priority mode.
PAGE 142
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide divide IP datagram into 64 priorities. When DSCP Priority is enabled, IP datagram are mapped to different priority levels based on DSCP priority mode; non-IP datagram with IEEE 802.1Q tag are mapped to different priority levels based on IEEE 802.1P priority mode if IEEE 802.1P Priority is enabled; the untagged non-IP datagram are mapped based on port priority mode.
PAGE 143
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide queues and scheduling algorithms you set. On this switch, the priority levels are labeled as TC0, TC1… TC3. Syntax qos queue mode { sp | wrr | sp+wrr | equ } no qos queue mode Parameter sp —— Strict-Priority Mode. In this mode, the queue with higher priority will occupy the whole bandwidth. Packets in the queue with lower priority are sent only when the queue with higher priority is empty. wrr —— Weight Round Robin Mode.
PAGE 144
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax show qos interface [ fastEthernet port | gigabitEthernet port | range fastEthernet port-list | range gigabitEthernet port-list ] Parameter port —— The Fast/Gigabit Ethernet port number. port-list —— The list of Ethernet ports.
PAGE 145
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax show qos dscp-map Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of DSCP Priority: TL-SL3428#show qos dscp-map show qos queue mode Description The show qos queue mode command is used to display the schedule rule of the egress queues.
PAGE 146
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 20 Port Mirror Commands Port Mirror refers to the process of forwarding copies of packets from one port to a monitoring port. Usually, the monitoring port is connected to data diagnose device, which is used to analyze the monitored packets for monitoring and troubleshooting the network. monitor session destination interface Description The monitor session destination interface command is used to configure the monitoring port.
PAGE 147
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide monitor session source interface Description The monitor session source interface command is used to configure the monitored port. To delete the corresponding monitored port, please use no monitor session source interface command.
PAGE 148
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config)#monitor session 1 source interface fastEthernet 1/0/4-5,1/0/7 rx Delete the Fast Ethernet port 4 in monitor session 1 and its configuration: TL-SL3428(config)#no monitor session 1 source interface fastEthernet 1/0/4 rx show monitor session Description The show monitor session command is used to display the configuration of port monitoring.
PAGE 149
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 21 Port isolation Commands Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding the port to forward packets to the ports that are not on its forwarding port list. port isolation Description The port isolation command is used to configure the forward port list of a port, so that this port can only communicate with the ports on its port list.
PAGE 150
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show port isolation Description The show port isolation command is used to display the forward port list of a port. Syntax show port isolation interface [ fastEthernet port | gigabitEthernet port ] Parameter port —— The number of Ethernet port you want to show its forward port list, in the format of 1/0/2.
PAGE 151
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 22 Loopback Detection Commands With loopback detection feature enabled, the switch can detect loops using loopback detection packets. When a loop is detected, the switch will display an alert or further block the corresponding port according to the configuration. loopback-detection(global) Description The loopback-detection command is used to enable the loopback detection function globally.
PAGE 152
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Specify the interval-time as 50 seconds: TL-SL3428(config)#loopback-detection interval 50 loopback-detection recovery-time Description The loopback-detection recovery-time command is used to configure the time after which the blocked port would automatically recover to normal status.
PAGE 153
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Enable the loopback detection function of Gigabit Ethernet ports 25-27: TL-SL3428(config)#interface range gigabitEthernet 1/0/25-27 TL-SL3428(config-if-range)#loopback-detection loopback-detection config Description The loopback-detection config command is used to configure the process-mode and recovery-mode for the ports by which the switch copes with the detected loops.
PAGE 154
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide loopback-detection recover Description The loopback-detection recover command is used to remove the block status of selected ports, recovering the blocked ports to normal status, Syntax loopback-detection recover Command Mode Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Example Recover the blocked Gigabit Ethernet port 25 to normal status: TL-SL3
PAGE 155
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide configuration of loopback detection function and the status of all ports or of a specified Fast/Gigabit Ethernet port. Syntax show loopback-detection interface [ fastEthernet port | gigabitEthernet port] Parameter port —— The Fast/Gigabit Ethernet port number.
PAGE 156
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 23 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security. time-range Description The time-range command is used to add Time-Range. To delete the corresponding Time-Range, please use no time-range command.
PAGE 157
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax absolute start start-date end end-date no absolute Parameter start-date — — The start date in Absoluteness Mode, in the format of MM/DD/YYYY. By default, it is 01/01/2000. end-date — — The end date in Absoluteness Mode, in the format of MM/DD/YYYY. By default, it is 01/01/2000. The Absoluteness Mode will be disabled if the start date and end date are both in default value.
PAGE 158
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Configure the time-range tSeg1 with time from 8:30 to 12:00 at weekend: TL-SL3428(config)#time-range tSeg1 TL-SL3428(config-time-range)#periodic week-date off-day time-slice1 08:30-12:00 holiday Description The holiday command is used to configure the time-range into Holiday Mode under Time-range Create Configuration Mode. To delete the corresponding Holiday Mode time-range, please use no holiday command.
PAGE 159
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide end-date —— The end date of the holiday, in the format of MM/DD, for instance, 05/03. Command Mode Global Configuration Mode Example Define National Day, configuring the start date as October 1st, and the end date as October 3rd: TL-SL3428(config)#holiday nationalday start-date 10/01 end-date 10/03 access-list create Description The access-list create command is used to create standard-IP ACL and extend-IP ACL.
PAGE 160
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax mac access-list access-list-num no mac access-list access-list-num Parameter access-list-num —— ACL ID, ranging from 0 to 99. Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 23: TL-SL3428(config)#mac access-list 23 access-list standard Description The access-list standard command is used to add Standard-IP ACL rule. To delete the corresponding rule, please use no access-list standard command.
PAGE 161
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide destination-ip-mask —— The destination IP address mask. It is required if you typed the destination IP address. time-segment —— The time-range for the rule to take effect. By default, it is not limited. frag —— Enable/Disable Fragment. By default, it is disabled. If Fragment is enabled, this rule will process all the fragments and the last piece of fragment will be always forwarded.
PAGE 162
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide source-ip —— The source IP address contained in the rule. source-ip-mask —— The source IP address mask. It is required if you typed the source IP address. destination-ip —— The destination IP address contained in the rule. destination-ip-mask —— The destination IP address mask. It is required if you typed the destination IP address. time-segment —— The time-range for the rule to take effect. By default, it is not limited.
PAGE 163
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide rule Description The rule command is used to configure MAC ACL rule. To delete the corresponding rule, please use no rule command. Syntax rule rule-id [deny | permit] [ [smac source-mac] smask source-mac-mask ] [ [dmac destination-mac] dmask destination-mac-mask ] [vid vlan-id] [type ethernet-type] [pri user-pri] [tseg time-segment] no rule rule-id Parameter rule-id —— The rule ID. deny —— The operation to discard packets.
PAGE 164
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config)#mac access-list 20 TL-SL3428(config-mac-acl)#rule 10 permit smac 00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 access-list policy name Description The access-list policy name command is used to add Policy. To delete the corresponding Policy, please use no access-list policy name command.
PAGE 165
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter policy-name —— The Policy Name, ranging from 1 to 16 characters. acl-id —— The ID of the ACL to which the above policy is applied. Command Mode Global Configuration Mode Example Add ACL whose ID is 120 to policy1 and create an action for them: TL-SL3428(config)#access-list policy action policy1 120 redirect interface Description The redirect interface command is used to configure Direction function of policy action for specified ports.
PAGE 166
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax s-condition rate rate osd {none | discard} Parameter rate —— The rate of Stream Condition, ranging from 0 to 100000kbps. osd —— Out of Band disposal of Stream Condition. It is the disposal way of the data packets those are transmitted beyond the rate. There are two options, “none” and “discard”. By default, the option is “none”. Command Mode Action Configuration Mode Example Edit the actions for policy1.
PAGE 167
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide access-list bind(interface) Description The access-list bind command is used to bind a policy to a specified port. To cancel the bind relation, please use no access-list bind command. Syntax access-list bind policy-name no access-list bind policy-name Parameter policy-name —— The name of the policy desired to bind.
PAGE 168
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config-if)#access-list bind policy1 show time-range Description The show time-range command is used to display the configuration of time-range. Syntax show time-range Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of Time-Range: TL-SL3428#show time-range show holiday Description The show holiday command is used to display the defined holidays.
PAGE 169
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter acl-id —— The ID of the ACL selected to display the configuration. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of the MAC ACL whose ID is 20: TL-SL3428#show access-list 20 show access-list policy Description The show access-list policy command is used to display the information of a specified policy.
PAGE 170
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Display the configuration of Policy bind: TL-SL3428#show access-list bind 158
PAGE 171
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 24 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as well as optimize paths. spanning-tree(global) Description The spanning-tree command is used to enable STP function globally. To disable the STP function, please use no spanning-tree command.
PAGE 172
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config)#interface fastEthernet 1/0/2 TL-SL3428(config-if)#spanning-tree spanning-tree common-config Description The spanning-tree common-config command is used to configure the parameters of the ports for comparison in the CIST and the common parameters of all instances. To return to the default configuration, please use no spanning-tree common-config command.
PAGE 173
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide designated port, they can transit their states to forwarding rapidly to reduce the unnecessary forward delay.
PAGE 174
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide spanning-tree mst configuration Description The spanning-tree mst configuration command is used to access MST Configuration Mode from Global Configuration Mode, as to configure the VLAN-Instance mapping, region name and revision level. To return to the default configuration of the corresponding Instance, please use no spanning-tree mst configuration command.
PAGE 175
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Map the VLANs 1-100 to Instance 1: TL-SL3428(config)#spanning-tree mst configuration TL-SL3428(config-mst)#instance 1 vlan 1-100 Disable Instance 1, namely remove all the mapping VLANs 1-100: TL-SL3428(config)#spanning-tree mst configuration TL-SL3428(config-mst)#no instance 1 Remove VLANs 1-50 in mapping VLANs 1-100 for Instance 1: TL-SL3428(config)#spanning-tree mst configuration TL-SL3428(config-mst)#no instance 1 vlan 1-50 name Descript
PAGE 176
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameters revision —— The revision level for MST region identification, ranging from 0 to 65535. Command Mode MST Configuration Mode Example Configure the revision level of MST as 100: TL-SL3428(config)#spanning-tree mst configuration TL-SL3428(config-mst)#revision 100 spanning-tree mst instance Description The spanning-tree mst instance command is used to configure the priority of MST instance.
PAGE 177
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide return to the default configuration of the corresponding Instance Port, please use no spanning-tree mst command. A port can play different roles in different spanning tree instance.
PAGE 178
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter pri —— Bridge priority, ranging from 0 to 61440. It is 32768 by default. Command Mode Global Configuration Mode Example Configure the bridge priority as 4096: TL-SL3428(config)#spanning-tree priority 4096 spanning-tree tc-defend Description The spanning-tree tc-defend command is used to configure the TC Protect of Spanning Tree globally. To return to the default configuration, please use no spanning-tree tc-defend command.
PAGE 179
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide spanning-tree timer Description The spanning-tree timer command is used to configure forward-time, hello-time and max-age of Spanning Tree. To return to the default configurations, please use no spanning-tree timer command.
PAGE 180
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax spanning-tree hold-count value no spanning-tree hold-count Parameter value —— The maximum number of BPDU packets transmitted per Hello Time interval, ranging from 1 to 20 in pps. By default, it is 5.
PAGE 181
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide spanning-tree bpdufilter Description The spanning-tree bpdufilter command is used to enable the BPDU filter function for a port. With the function enabled, the port can be prevented from receiving and sending any BPDU packets. To disable the BPDU filter function, please use no spanning-tree bpdufilter command.
PAGE 182
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config)#interface fastEthernet 1/0/2 TL-SL3428(config-if)#spanning-tree bpduguard spanning-tree guard loop Description The spanning-tree guard loop command is used to enable the Loop Protect function for a port. Loop Protect is to prevent the loops in the network brought by recalculating STP because of link failures and network congestions. To disable the Loop Protect function, please use no spanning-tree guard loop command.
PAGE 183
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Example Enable the Root Protect function for Fast Ethernet port 2: TL-SL3428(config)#interface fastEthernet 1/0/2 TL-SL3428(config-if)#spanning-tree guard root 171
PAGE 184
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide spanning-tree guard tc Description The spanning-tree guard tc command is used to enable the TC Protect of Spanning Tree function for a port. To disable the TC Protect of Spanning Tree function, please use no spanning-tree guard tc command. A switch removes MAC address entries upon receiving TC-BPDUs.
PAGE 185
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config)#interface fastEthernet 1/0/2 TL-SL3428(config-if)#spanning-tree mcheck show spanning-tree active Description The show spanning-tree active command is used to display the active information of spanning-tree.
PAGE 186
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide spanning-tree information of all ports or a specified port. Syntax show spanning-tree interface [ fastEthernet port | gigabitEthernet port ] [edge | ext-cost | int-cost | mode | p2p | priority | role | state | status] Parameter port —— The Fast/Gigabit Ethernet port number.
PAGE 187
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428(config)#show spanning-tree interface-security gigabitEthernet 1/0/25 Display the interface security bpdufilter information: TL-SL3428(config)# show spanning-tree interface-security bpdufilter show spanning-tree mst Description The show spanning-tree mst command is used to display the related information of MST Instance.
PAGE 188
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 25 IGMP Commands IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on Layer 2 switch. It can effectively prevent multicast groups being broadcasted in the network. ip igmp snooping(global) Description The ip igmp snooping command is used to configure IGMP Snooping globally. To disable the IGMP Snooping function, please use no ip igmp snooping command.
PAGE 189
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Enable IGMP Snooping function of Gigabit Ethernet port 25: TL-SL3428(config)#interface gigabitEthernet 1/0/25 TL-SL3428(config-if)#ip igmp snooping ip igmp snooping immediate-leave Description The ip igmp snooping immediate-leave command is used to configure the Fast Leave function for port. To disable the Fast Leave function, please use no ip igmp snooping immediate-leave command.
PAGE 190
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Specify the operation of processing unknown multicast as “discard”: TL-SL3428(config)#ip igmp snooping drop-unknown ip igmp snooping vlan-config Description The ip igmp snooping vlan-config command is used to enable VLAN IGMP Snooping function or to modify IGMP Snooping parameters, and to create static multicast IP entry. To disable the VLAN IGMP Snooping function, please use no ip igmp snooping vlan-config command.
PAGE 191
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide the format of 1/0/2; Gigabit Ethernet port, ranging from 1-4, in the format of 1/0/2. vlan-id —— The VLAN ID of the multicast IP, ranging from 1 to 4094. ip —— The static multicast IP address. port-list —— The forward port list of the multicast group.
PAGE 192
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide a leave message from a host and the switch removing the host from the multicast groups. Leave Time ranges from 1 to 30 in seconds. By default, it is 1. port —— Static Router Port, which is mainly used in the network with stable topology. There are two types of port: Fast Ethernet port, ranging from 1 to 24, in the format of 1/0/2; Gigabit Ethernet port, ranging from 25 to 28, in the format of 1/0/25.
PAGE 193
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide ip igmp snooping filter(global) Description The ip igmp snooping filter command is used to add or modify the multicast filtering IP-range. To delete the multicast filtering IP-range, please use no ip igmp snooping filter command. Syntax ip igmp snooping filter id start-ip end-ip no ip igmp snooping filter id Parameter id —— IP-range ID, ranging from 1 to 30. start-ip —— The start multicast IP of the IP-range.
PAGE 194
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Example Enable IGMP Snooping filter function for Gigabit Ethernet port 26: TL-SL3428(config)#interface gigabitEthernet 1/0/26 TL-SL3428(config-if)#ip igmp snooping filter ip igmp snooping filter maxgroup Description The ip igmp snooping filter maxgroup command is used to specify the maximum number of multicast groups for a port to join in.
PAGE 195
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide only the multicast packets whose multicast IP is not in the IP-range will be processed, while “accept” indicates only the multicast packets whose multicast IP is in the IP-range will be processed. By default, the option is “accept”.
PAGE 196
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter port —— The Fast/Gigabit Ethernet port number. By default, the configuration of all ports is displayed. basic-config | filter | packet-stat —— The related configuration information selected to display. port-list —— The list group of Ethernet ports.
PAGE 197
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax show ip igmp snooping multi-vlan Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Multicast VLAN configuration: TL-SL3428#show ip igmp snooping multi-vlan show ip igmp snooping groups Description The show ip igmp snooping groups command is used to display the information of all IGMP snooping groups.
PAGE 198
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Display the count of multicast entries in VLAN 5: TL-SL3428(config)#show ip igmp snooping groups vlan 5 count show ip igmp snooping filter Description The show ip igmp snooping filter command is used to display the Multicast Filter address table. Syntax show ip igmp snooping filter [filter-addr-id-list] Parameter filter-addr-id-list ——The multicast ID selected to display the multicast filter address information. It is optional.
PAGE 199
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 26 SNMP Commands SNMP (Simple Network Management Protocol) functions are used to manage the network devices for a smooth communication, which can facilitate the network administrators to monitor the network nodes and implement the proper operation. snmp-server Description The snmp-server command is used to enable the SNMP function. By default, it is disabled. To return to the default configuration, please use no snmp-server command.
PAGE 200
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter name —— The entry name of View, ranging from 1 to 16 characters. Each View can include several entries with the same name. mib-oid —— MIB Object ID. It is the Object Identifier (OID) for the entry of View, ranging from 1 to 61 characters. include | exclude —— View Type, with “include” and “exclude” options. They represent the view entry can/cannot be managed by the SNMP management station individually.
PAGE 201
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide smode —— Security Model, with v1、v2c and v3 options. They represent SNMP v1, SNMP v2c and SNMP v3. slev —— The Security Level of SNMP v3 Group. There are three options, including noAuthNoPriv （no authorization and no encryption）、authNoPriv （authorization and no encryption） and authPriv（authorization and encryption）. By default, the Security Level is noAuthNoPriv. There is no need to configure this in SNMP v1 Model and SNMP v2c Model.
PAGE 202
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide no snmp-server user name Parameter name —— User Name, ranging from 1 to 16 characters. local | remote —— User Type, with local and remote options. Local indicates that the user is connected to a local SNMP engine, while remote indicates that the user is connected to a remote SNMP engine. group-name —— The Group Name of the User. The User is classified to the corresponding Group according to its Group Name, Security Model and Security Level.
PAGE 203
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Add Local User admin to Group group2, and configure the Security Model of the user as v3, the Security Level of the group as authPriv, the Authentication Mode of the user as MD5, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TL-SL3428(config)#snmp-server user admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES epwd 22222 snmp-server community Description The snmp-serve
PAGE 204
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide corresponding Notification, please use no snmp-server host command. With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views, which allows the management station to monitor and process the events in time.
PAGE 205
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Add a Notification entry, and configure the IP address of the management Host as 192.168.0.146, the UDP port as 162, the User name of the management station as admin, the Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the retries time as 100: TL-SL3428(config)#snmp-server host 192.168.0.
PAGE 206
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide snmp-server traps snmp Description The snmp-server traps snmp command is used to enable SNMP standard traps which include four types: linkup, linkdown, warmstart and coldstart. To disable the sending of SNMP standard traps, please use no snmp-server traps snmp command.
PAGE 207
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable SNMP link status trap for port 3: TL-SL3428(config)# interface gigabitEthernet 1/0/3 TL- SG3424P(config-if)# snmp-server traps link-status snmp-server traps Description The snmp-server traps command is used to enable SNMP extended traps. To disable the sending of SNMP extended traps, please use no snmp-server traps command.
PAGE 208
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide spanning-tree —— Enable spanning-tree trap. It is sent when the port forwarding status changes or the port receives TCN packet or packet with TC flag. memory —— Enable memory trap. It is sent when CPU usage exceeds 80%.
PAGE 209
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Enable all SNMP extended MAC address-related traps for the switch: TL-SL3428(config)# snmp-server traps mac Enable new MAC address trap only for the switch: TL-SL3428(config)# snmp-server traps mac new snmp-server traps vlan Description The snmp-server traps vlan command is used to enable SNMP extended VLAN-related traps which include two types: create and delete. To disable this function, please use no snmp-server traps vlan command.
PAGE 210
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide the network. History Group is one of the commonly used RMON Groups. After a history group is configured, the switch collects network statistics information periodically, based on which the management station can monitor network effectively.
PAGE 211
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter index —— The index number of the event entry, ranging from 1 to 12. You can only select one entry for each command. user-name —— The name of the User to which the event belongs, ranging from 1 to 16 characters. By default, it is “public”. descript —— The description of the event, ranging from 1 to 16 characters. By default, it is empty. type —— The event type, with “none”, “log”, “notify” and “both” options.
PAGE 212
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide 1024-10240 }] [ s-type { absolute | delta} ] [ rising-threshold r-hold ] [ rising-event-index r-event] [ falling-threshold f-hold] [ falling-event-index f-event] [ a-type {rise | fall | all} ] [ owner owner-name ] [ interval interval] no rmon alarm index Parameter index —— The index number of the Alarm Management entry, ranging from 1 to 12, in the format of 1-3,5.
PAGE 213
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Global Configuration Mode Example Configure the ports of entries of 1-3 as Gi1/0/2, the owners as owner1 and the alarm intervals as 100 seconds: TL-SL3428(config)#rmon alarm 1-3 interface fastEthernet 1/0/2 owner owner1 interval 100 show snmp-server Description The show snmp-server command is used to display SNMP configuration globally.
PAGE 214
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show snmp-server group Description The show snmp-server group command is used to display the Group table. Syntax show snmp-server group Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Group table: TL-SL3428#show snmp-server group show snmp-server user Description The show snmp-server user command is used to display the User table.
PAGE 215
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Display the Community table: TL-SL3428#show snmp-server community show snmp-server host Description The show snmp-server host command is used to display the Host table.
PAGE 216
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax show rmon history [index] Parameter index —— The index number of the entry selected to display the configuration, ranging from 1 to 12, in the format of 1-3, 5. You can select more than one entry for each command. By default, the configuration of all history sample entries is displayed.
PAGE 217
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show rmon alarm Description The show rmon alarm command is used to display the configuration of the Alarm Management entry. Syntax show rmon alarm [index] Parameter index —— The index number of the entry selected to display the configuration, ranging from 1 to 12, in the format of 1-3, 5. You can select more than one entry for each command. By default, the configuration of all Alarm Management entries is displayed.
PAGE 218
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 27 LLDP Commands LLDP function enables network devices to advertise their own device information periodically to neighbors on the same LAN. The information of the LLDP devices in the LAN can be stored by its neighbor in a standard MIB, so it is possible for the information to be accessed by a Network Management System (NMS) using SNMP. lldp Description The lldp command is used to enable LLDP function.
PAGE 219
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Parameter multiplier —— Configure the Hold Multiplier parameter. It ranges from 2 to 10. By default, it is 4. Command Mode Global Configuration Mode Example Specify Hold Multiplier as 5: TL-SL3428(config)#lldp hold-multiplier 5 lldp timer Description The lldp timer command is used to configure the parameters about transmission. To return to the default configuration, please use no lldp timer command.
PAGE 220
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide is, the transmit interval will be shorten to a second, and several LLDPDUs will be sent out (the number of LLDPDUs equals this parameter). The value ranges from 1 to 10 and the default value is 3.
PAGE 221
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Syntax lldp transmit no lldp transmit Command Mode Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Example Enable Fast Ethernet port 1 to transmit LLDPDU: TL-SL3428(config)# interface fastEthernet 1/0/1 TL-SL3428(config-if)#lldp transmit lldp snmp-trap Description The lldp snmp-trap command is used to enable the port’s SNMP notification.
PAGE 222
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide outgoing LLDPDU. To exclude TLVs, please use no lldp tlv-select command. By default, All TLVs are included in outgoing LLDPDU.
PAGE 223
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show lldp interface Description The show lldp interface command is used to display LLDP configuration of the corresponding port. By default, the LLDP configuration of all the ports will be displayed. Syntax show lldp interface [ fastEthernet port | gigabitEthernet port] Parameter port —— The Fast/Gigabit Ethernet port number.
PAGE 224
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide TL-SL3428#show lldp local-information interface fastEthernet 1/0/1 show lldp neighbor-information interface Description The show lldp neighbor-information interface command is used to display the neighbor information of the corresponding port. By default, the neighbor information of all the ports will be displayed.
PAGE 225
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Display the LLDP statistic information of Fast Ethernet port 1: TL-SL3428#show lldp traffic interface fastEthernet 1/0/1 213
PAGE 226
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Chapter 28 Cluster Commands Cluster Management function enables a network administrator to manage the scattered devices in the network via a management device. After a commander switch is configured, management and maintenance operations intended for the member devices in a cluster is implemented by the commander device. cluster ndp Description The cluster ndp command is used to configure NDP globally.
PAGE 227
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TL-SL3428(config)#cluster ndp TL-SL3428(config)#cluster ndp timer hello 50 aging 120 cluster ntdp Description The cluster ntdp command is used to configure NTDP globally. To return to the default configuration, please use no cluster ntdp command.
PAGE 228
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide collects. NTDP Hops ranges from 1 to 16. By default, it is 3.
PAGE 229
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide Command Mode Interface Configuration Mode (interface fastEthernet / interface range fastEthernet / interface gigabitEthernet / interface range gigabitEthernet) Example Enable NDP and NTDP function for Fast Ethernet port 5: TL-SL3428(config)#interface fastEthernet 1/0/5 TL-SL3428(config-if)#cluster ndp enable ntdp enable cluster candidate Description The cluster candidate command is used to specify the current switch as candidate switch.
PAGE 230
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show cluster ndp Description The show cluster ndp command is used to display NDP configuration of certain ports. Syntax show cluster ndp [ interface [ fastEthernet port | gigabitEthernet port] ] Parameter port —— The Fast/Gigabit Ethernet port number. By default, the configuration of all Fast / Gigabit Ethernet ports is displayed.
PAGE 231
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show cluster ntdp Description The show cluster ntdp command is used to display NTDP configuration information. Syntax show cluster ntdp [ interface [fastEthernet port | gigabitEthernet port ] | device-list ] Parameter port —— The Fast/Gigabit Ethernet port number. By default, the configuration of all Fast / Gigabit Ethernet ports is displayed.
PAGE 232
TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide show cluster manage role Description The show cluster manage role command is used to display the role of the current switch.