TP-LINK TL-SG5428 Betriebsanweisung

TL-SG5428 24-Port Gigabit L2 Managed Switch with 4 SFP Slots TL-SG5412F 12-Port Gigabit SFP L2 Managed Switch with 4 Combo 1000BASE-T Ports

IX loopback-detection(interface) ...148 loopback-detection

87 Command Mode Privileged EXEC Mode and Any Configuration Modes Example Display the configuration of the accounting server: TL-SG5428(config)# show

88 Chapter 16 System Log Commands The log information will record the settings and operation of the switch respectively for you to monitor operation

89 logging file flash Description The logging file flash command is used to configure the level and the status of the log file input. To disable the

90 Command Mode Global Configuration Mode Example Clear the information in the log file: TL-SG5428(config)# clear logging buffer logging host index D

91 show logging local-config Description The show logging local-config command is used to display the configuration of the Local Log including the lo

92 The show logging buffer command is used to display the log information in the log buffer according to the severity level. Syntax show logging bu

93 Chapter 17 SSH Commands SSH (Security Shell) can provide the unsecured remote management with security and powerful authentication to ensure the

94 Example Enable SSH v2: TL-SG5428(config)# ip ssh version v2 ip ssh timeout Description The ip ssh timeout command is used to specify the idle-time

95 Command Mode Global Configuration Mode Example Specify the maximum number of the connections to the SSH server as 3: TL-SG5428(config)# ip ssh m

96 Example Display the global configuration of SSH: TL-SG5428(config)# show ip ssh

X revision...170 spannin

97 Chapter 18 SSL Commands SSL (Secure Sockets Layer), a security protocol, is to provide a secure connection for the application layer protocol(e

98 Parameter ssl-cert —— The name of the SSL certificate which is selected to download to the switch. The length of the name ranges from 1 to 25 ch

99 show ip http secure-server Description The show ip http secure-server command is used to display the global configuration of SSL. Syntax show i

100 Chapter 19 MAC Address Commands MAC Address configuration can improve the network security by configuring the Port Security and maintaining th

101 mac address-table aging-time Description The mac address-table aging-time command is used to configure aging time for the dynamic address. To ret

102 Command Mode Global Configuration Mode Example Add a filtering address entry of which VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TL-SG542

103 status —— Enable or disable the Port Security function for a specified port. By default, this function is disabled. Command Mode Interface Conf

104 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Aging Time of the MAC address: TL-SG5428(config)# show mac addre

105 Syntax show mac address-table interface gigabitEthernet port Parameter port —— The Ethernet port number. Command Mode Privileged EXEC Mode

106 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the MAC address 00:00:00:00:23:00:00: TL-SG5428(c

XI Chapter 29 SNMP Commands...193 snmp-server ...

107 Chapter 20 System Configuration Commands System Configuration Commands can be used to configure the system information and system IP of the swit

108 UTC-11:00 —— TimeZone for Coordinated Universal Time-11. UTC-10:00 —— TimeZone for Hawaii. UTC-09:00 —— TimeZone for Alaska. UTC-08:00 ——

109 Command Mode Global Configuration Mode Example Configure the system time mode as NTP, the time zone is UTC-12:00, the primary NTP server is 133.1

110 Description The system-time dst date command is used to specify the DST configuration in Date mode. This configuration is one-off in use. By defa

111 Syntax system-time dst recurring { sweek } { sday } { smonth } { stime } { eweek } { eday } { emonth } { etime } [ offset ] Parameter sweek ——

112 hostname —— System Name. The length of the name ranges from 1 to 32 characters. By default, it is the device name, for example “TL-SG5428”. Comm

113 contact_info —— Contact Information. It consists of 32 characters at most. It is “www.tp-link.com” by default. Command Mode Global Configuratio

114 Parameter ip-addr —— The system IP of the switch. The default system IP is 192.168.0.1. ip-mask —— The Subnet Mask of the switch. The default

115 BOOTP Server. This command should be configured in the Interface Configuration Mode of the management VLAN. Syntax ip address-alloc bootp Command

116 Privileged EXEC Mode Example Reboot the switch: TL-SG5428# reboot copy running-config startup-config Description The copy running-config startup-

XII show lldp neighbor-information interface ...216 show lldp traffic inter

117 TL-SG5428# copy startup-config tftp ip-address 192.168.0.148 filename config.cfg copy tftp startup-config Description The copy tftp startup-conf

118 Example Upgrade the switch system file named as firmware.bin via the TFTP server with the IP address 192.168.0.148: TL-SG5428# firmware upgrade i

119 ping Description The ping command is used to test the connectivity between the switch and one node of the network. Syntax ping { ip_addr } [ -n c

120 maxHops —— The maximum number of the route hops the test data can pass though. It ranges from 1 to 30. By default, this value is 4. Command M

121 The show system-time command is used to display the current time system and its source. Syntax show system-time Command Mode Privileged EXEC Mod

122 Example Display the NTP mode configuration information of the switch: TL-SG5428# show system-time ntp show system-info Description The show sys

123 Chapter 21 Ethernet Configuration Commands Ethernet Configuration Commands can be used to configure the Bandwidth Control, Negotiation Mode and

124 User Guidelines Command in the Interface Range gigabitEthernet Mode is executed independently on all ports in the range. It does not affect the

125 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Disable port 3: TL-SG5428(config)

126 Parameter rj45 | sfp —— Media type. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Ex

1 Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned

127 Syntax speed { 10 | 100 | 1000 | auto } no speed Parameter 10 | 100 | 1000 | auto —— The speed mode of the Ethernet port. There are four options

128 storm-control multicast Description The storm-control multicast command is used to enable the multicast control function. To disable the multicas

129 Enable the unicast control function for port 5: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# storm-control unicast

130 no bandwidth { all | ingress | egress } Parameter ingress-rate —— Specify the bandwidth for receiving packets. Range: 1-1024000 for the gigapor

131 Parameter port —— The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the connective-stat

132 Parameter port —— The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the description of

133 Parameter port —— The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configurations

134 show bandwidth [interface { gigabitEthernet port | range gigabitEthernet port-list }] Parameter port —— The Ethernet port number. port-list

135 Chapter 22 QoS Commands QoS (Quality of Service) function is used to optimize the network performance. It provides you with network service expe

136 Syntax qos cos no qos cos Command Mode Global Configuration Mode User Guidelines IEEE 802.1P gives the Pri field in IEEE 802.1Q tag a recommended

2 Chapter 12: ARP Inspection Commands Provide information about the commands used for protecting the switch from the ARP cheating or ARP Attack. Chap

137 Description The qos queue cos-map command is used to configure the mapping relation between IEEE 802.1P priority tag/IEEE 802.1Q tag, CoS value a

138 IEEE 802.1P priority mode if IEEE 802.1P Priority is enabled; the untagged non-IP datagram are mapped based on port priority mode. Syntax qos que

139 sp —— Strict-Priority Mode. In this mode, the queue with higher priority will occupy the whole bandwidth. Packets in the queue with lower priori

140 Display the configuration of QoS for port 5: TL-SG5428# show qos interface gigabitEthernet 1/0/5 Display the configuration of QoS for ports 1-4:

141 Description The show qos queue mode command is used to display the schedule rule of the egress queues. Syntax show qos queue mode Command Mode Pr

142 Chapter 23 Port Mirror Commands Port Mirror refers to the process of forwarding copies of packets from one port to a monitoring port. Usually, t

143 monitor session source interface Description The monitor session source interface command is used to configure the monitored port. To delete t

144 TL-SG5428(config)# monitor session 1 source interface gigabitEthernet 1/0/4-5,1/0/7 rx Delete port 4 in monitor session 1 and its configuration:

145 Chapter 24 Port Isolation Commands Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding th

146 Syntax show port isolation interface [ gigabitEthernet port ] Parameter port —— The number of Ethernet port you want to show its forward port

3 Chapter 26: ACL Commands Provide information about the commands used for configuring the ACL (Access Control List). Chapter 27: MSTP Commands Provi

147 Chapter 25 Loopback Detection Commands With loopback detection feature enabled, the switch can detect loops using loopback detection packets. Wh

148 Example Specify the interval-time as 50 seconds: TL-SG5428(config)# loopback-detection interval 50 loopback-detection recovery-time Description T

149 TL-SG5428(config)# interface range gigabitEthernet 1/0/1-3 TL-SG5428(Config-if-range)# loopback-detection loopback-detection config Description T

150 Syntax loopback-detection recover Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example

151 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of loopback detection function and the status of a

152 Chapter 26 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and tim

153 Parameter start-date —— The start date in Absoluteness Mode, in the format of MM/DD/ YYYY. By default, it is 01/01/2000. end-date —— The end d

154 TL-SG5428(config-time-range)# periodic week-date off-day time-slice1 08:30-12:00 holiday Description The holiday command is used to configure the

155 Example Define National Day, configuring the start date as October 1st, and the end date as October 3rd: TL-SG5428(config)# holiday nationalday s

156 Example Create a MAC ACL whose ID is 23: TL-SG5428(config)# mac access-list 23 access-list standard Description The access-list standard command

4 Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: 1. Log on to the sw

157 255.255.255.0, the time-range for the rule to take effect is “tRange1”, and the packets match this rule will be forwarded by the switch: TL-SG542

158 Command Mode Global Configuration Mode Example Create an Extended-IP ACL whose ID is 220, and add Rule 10 for it. In the rule, the source IP addr

159 user-pri —— The user priority contained in the rule, ranging from 0 to 7. By default, it is not limited. time-segment —— The time-range for the

160 access-list policy action Description The access-list policy action command is used to add ACLs and create actions for the policy. To set the det

161 TL-SG5428(config-action)# redirect interface gigabitEthernet 1/0/2 s-condition Description The s-condition command is used to configure Stream Co

162 ACL 120 as port 2: TL-SG5428(config)# access-list policy action policy1 120 TL-SG5428(config-action)# s-mirror interface gigabitEthernet 1/0/2 a

163 Example Bind policy1 to VLAN 2: TL-SG5428(config)# interface vlan 2 TL-SG5428(config-if)# access-list bind policy1 show time-range Description Th

164 Syntax show access-list acl-id Parameter acl-id —— The ID of the ACL selected to display the configuration. Command Mode Privileged EXEC Mode a

165 Example Display the configuration of Policy bind: TL-SG5428(config)# show access-list bind

166 Chapter 27 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a r

5 Figure 1-2 Connection Description 4. Select the port to connect in Figure 1-3, and click OK. Figure 1-3 Select the port to connect 5. Configure

167 TL-SG5428(config-if)# spanning-tree spanning-tree common-config Description The spanning-tree common-config command is used to configure the par

168 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the STP function of port 1

169 default configuration of the corresponding Instance, please use no spanning-tree mst configuration command. Syntax spanning-tree mst configuratio

170 TL- SG5428(config-mst)# no instance 1 Remove VLANs 1-50 in mapping VLANs 1-100 for Instance 1: TL-SG5428(config)# spanning-tree mst configurati

171 TL-SG5428(config)# spanning-tree mst configuration TL-SG5428(config-mst)# revision 100 spanning-tree mst instance Description The spanning-tree m

172 Parameter instance-id —— Instance ID, ranging from 1 to 8. pri —— Port Priority, which must be multiple of 16 ranging from 0 to 240. By defau

173 spanning-tree tc-defend Description The spanning-tree tc-defend command is used to configure the TC Protect of Spanning Tree globally. To return

174 Parameter forward-time —— Forward Delay, which is the time for the port to transit its state after the network topology is changed. Forward Dela

175 TL-SG5428(config)# spanning-tree hold-count 8 spanning-tree max-hops Description The spanning-tree max-hops command is used to configure the max

176 Example Enable the BPDU filter function for port 2: TL-SG5428(config)# interface gigabitEthernet 1/0/2 TL-SG5428(config-if)# spanning-tree bpdufi

6 Figure 1-4 Port Settings 6. The DOS prompt ”TL-SG5428>” will appear after pressing the Enter button as Figure 1-5 shown. It indicates that you

177 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the Loop Protect function

178 removing MAC address entries, which may decrease the performance and stability of the network. With the Protect of Spanning Tree function enabled

179 Syntax show spanning-tree active Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the active information of spanning-

180 Example Display the spanning-tree information of all ports: TL-SG5428(config)# show spanning-tree interface Display the spanning-tree information

181 show spanning-tree mst Description The show spanning-tree mst command is used to display the related information of MST Instance. Syntax show sp

182 Chapter 28 IGMP Commands IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on Layer 2 switch.

183 TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# ip igmp snooping ip igmp snooping immediate-leave Description The ip igm

184 ip igmp snooping vlan-config Description The ip igmp snooping vlan-config command is used to enable VLAN IGMP Snooping function or to modify IGMP

185 Example Enable the IGMP Snooping function and modify Router Port Time as 300 seconds, Member Port Time as 200 seconds for VLAN 1-3, and set the L

186 leave-time —— Leave Time, which is the interval between the switch receiving a leave message from a host and the switch removing the host from th

I COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Othe

7 Login local Mode: It requires username and password, which are both admin by default. Login Mode: It requires no username and password, but a conne

187 Example Bind the filtering address ID 2-6 to port 3: TL-SG5428(config)# interface gigabitEthernet 1/0/3 TL-SG5428(config-if)# ip igmp snooping fi

188 Syntax ip igmp snooping filter no ip igmp snooping filter Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range

189 Syntax ip igmp snooping filter mode mode Parameter mode —— Action Mode, with refuse and accept options. Refuse indicates only the multicast pac

190 Syntax show ip igmp snooping interface gigabitEthernet [ port | port-list ] { basic-config | filter | packet-stat } Parameter port —— The Eth

191 TL-SG5428# show ip igmp snooping vlan 2 show ip igmp snooping multi-vlan Description The show ip igmp snooping multi-vlan command is used to dis

192 Example Display the information of all IGMP snooping groups: TL-SG5428#show ip igmp snooping groups Display all the multicast entries in VLAN 5:

193 Chapter 29 SNMP Commands SNMP (Simple Network Management Protocol) functions are used to manage the network devices for a smooth communication,

194 mib-oid —— MIB Object ID. It is the Object Identifier (OID) for the entry of View, ranging from 1 to 61 characters. include | exclude —— View T

195 By default, the Security Level is noAuthNoPriv. There is no need to configure this in SNMP v1 Mode and SNMP v2c Mode. read-view —— Select the

196 Parameter name —— User Name, ranging from 1 to 16 characters. local | remote —— User Type, with local and remote options. Local indicates tha

8 2. Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-8, and press the Enter button. Figure 1-8 Connecting to the

197 snmp-server community Description The snmp-server community command is used to add Community. To delete the corresponding Community, please use n

198 udp-port —— UDP port, which is used to send notifications. The UDP port functions with the IP address for the notification sending. It ranges fr

199 snmp-server engineID Description The snmp-server engineID command is used to configure the local and remote engineID of the switch. To restore to

200 Syntax snmp-server traps snmp [ linkup | linkdown | warmstart | coldstart ] no snmp-server traps snmp [ linkup | linkdown | warmstart | coldstart

201 snmp-server traps Description The snmp-server traps command is used to enable SNMP extended traps. To disable the sending of SNMP extended traps,

202 snmp-server traps mac Description The snmp-server traps mac command is used to enable SNMP extended MAC address-related traps which include four

203 Syntax snmp-server traps vlan [ create | delete ] no snmp-server traps vlan [create | delete ] Parameter create —— Enable VLAN-created trap. It i

204 seconds —— The interval to take samplings from the port, ranging from 10 to 3600 in seconds. By default, it is 1800. owner-name —— The owner

205 Command Mode Global Configuration Mode Example Configure the user name of entry 1, 2, 3 and 4 as user1, the description of the event as descripti

206 last sampled value from the current value, and then comparing the difference in the values with the threshold. By default, the Sample Type is “ab

9 Figure 1-10 Enter into the Privileged EXEC Mode  Login Mode Firstly configure the Telnet login mode as “login”, and both the connection password

207 show snmp-server Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display SNMP configuration globally: TL-SG5428# show snmp-s

208 Syntax show snmp-server user Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the User table: TL-SG5428# show snmp-se

209 Description The show snmp-server engineID command is used to display the engineID of the SNMP. Syntax show snmp-server engineID Command Mode Priv

210 show rmon event [ index ] Parameter index —— The index number of the entry selected to display the configuration, ranging from 1 to 12, in the

211 Chapter 30 LLDP Commands LLDP function enables network devices to advertise their own device information periodically to neighbors on the same L

212 Parameter multiplier —— Configure the Hold Multiplier parameter. It ranges from 2 to 10. By default, it is 4. Command Mode Global Configuration M

213 be sent out (the number of LLDPDUs equals this parameter). The value ranges from 1 to 10 and the default value is 3. Command Mode Global Configur

214 no lldp transmit Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable port 1 to

215 lldp tlv-select [ port-description | system-capability | system-description | system-name | management-address | port-vlan | protocol-vlan | vlan

216 ports will be displayed. Syntax show lldp interface [ gigabitEthernet port ] Parameter port —— The Ethernet port number. Command Mode Privileged

10 Figure 1-12 Connecting to the Switch 2. You are prompted to enter the connection password 123 you have set through Console port connection, and

217 default, the neighbor information of all the ports will be displayed. Syntax show lldp neighbor-information interface [ gigabitEthernet port ] Pa

218 Chapter 31 Cluster Commands Cluster Management function enables a network administrator to manage the scattered devices in the network via a man

219 TL-SG5428(config)# cluster ndp timer hello 50 aging 120 Change Aging Time to 80 seconds: TL-SG5428(config)# cluster ndp timer aging 80 Change Hel

220 request packets over. NTDP Port Delay ranges from 1 to 100 in milliseconds. By default, it is 20. hop-value —— NTDP Hops, which is the hop count

221 Parameter ndp —— Enable/ Disable NDP function for the port. By default, it is enabled. ntdp —— Enable/ Disable NTDP function for the port. By

222 Syntax cluster commander name no cluster commander Parameter name —— The cluster name, ranging from 1 to 16 characters. Command Mode Global Con

223 Description The cluster member command is used to add member switch. To delete the corresponding member, please use no cluster member command. Th

224 Syntax cluster individual Command Mode Global Configuration Mode Example Specify the current switch as individual switch: TL-SG5428(config)# clus

225 Parameter port —— The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the NTDP configurati

226 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the global configuration of Cluster: TL-SG5428#show cluster show c

11 Now you can manage your switch with CLI commands through Telnet connection. Note: You can refer to Chapter 10 User Manage Commands for detailed co

12 Mode Accessing Path Prompt Logout or Access the next modeInterface Configuration Mode Use the interface gigabitEthernet port or interface ra

13 1.3 Security Levels This switch’s security is divided into two levels: User level and Admin level. User level only allows users to do some simple

14 1.4.3 Parameter Format Some parameters must be entered in special formats which are shown as follows:  MAC Address must be entered in the f

15 Chapter 2 User Interface enable Description The enable command is used to access Privileged EXEC Mode from User EXEC Mode. Syntax enable Command

16 disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Syntax disable Command Mode Privileged EXE

II CONTENTS Preface ………………………………………………………………………………….1 Chapter 1 Using the CLI...

17 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and th

18 Chapter 3 IEEE 802.1Q VLAN Commands VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logi

19 Parameter vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Create VLAN Interface 2:

20 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Specify the Link Type of port 3 as

21 no switchport trunk allowed vlan vlan-list Parameter vlan-list —— Specify IEEE 802.1Q VLAN ID list, ranging from 2 to 4094, in the format of 2-3,

22 TL-SG5428(config-if)# switchport general allowed vlan 2 tagged switchport pvid Description The switchport pvid command is used to configure the P

23 show vlan brief Description The show vlan brief command is used to display the brief information of IEEE 802.1Q VLAN. Syntax show vlan brief Comma

24 Chapter 4 Protocol VLAN Commands Protocol-based VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A Protocol cor

25 no protocol-vlan vlan group-idx Parameter vlan-vid —— Specify IEEE 802.1Q VLAN ID, ranging from 1-4094. template-idx ——The number of the Protocol-

26 show protocol-vlan template Description The show protocol-vlan template command is used to display the information of the Protocol-based VLAN temp

III protocol-vlan...25 show pr

27 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the port state and of Protocol-based VLAN interface: TL-SG5428(config

28 Chapter 5 VLAN-VPN Commands VLAN-VPN (Virtual Private Network) function, the implement of a simple and flexible Layer 2 VPN technology, allows th

29 8100. Command Mode Global Configuration Mode Example Configure Global TPID of the VLAN-VPN as 0x9100: TL-SG5428(config)#dot1q-tunnel tpid 9100 swi

30 port has been configured as the VPN Up-link port. Syntax switchport dot1q-tunnel mode uplink no switchport dot1q-tunnel mode uplink Command Mode I

31 show dot1q-tunnel interface Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration information of of the V

32 Chapter 6 Voice VLAN Commands Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with vo

33 Parameter time ——Aging time (in minutes) to be set for the Voice VLAN. It ranges from 1 to 43200. Command Mode Global Configuration Mode Example

34 switchport voice vlan mode Description The switchport voice vlan mode command is used to configure the Voice VLAN mode for the Ethernet port. S

35 show voice vlan Description The show voice vlan command is used to display the global configuration information of Voice VLAN. Syntax show vo

36 show voice vlan switchport [ gigabitEthernet port ] Parameter port —— The Ethernet port number. Command Mode Privileged EXEC Mode and Any Config

IV show gvrp interface ...45 Chapter 9 E

37 Chapter 7 Private VLAN Commands Private VLANs are configured specially for saving VLAN resource of uplink devices and decreasing broadcast. priv

38 Command Mode VLAN Configuration Mode (VLAN) Example Configure the VLAN 4 as the sencondary VLAN of the private VLAN: TL-SG5428(config)#vlan 4 TL-S

39 Syntax switchport private-vlan { promiscuous | host } no switchport private-vlan { promiscuous | host } Parameter promiscuous | host —— Configur

40 secondary VLAN 4: TL-SG5428(config)#interface gigabitEthernet 1/0/3 TL-SG5428(config-if)#switchport private-vlan host-association 3 4 switchport p

41 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration information of all Private VLAN: TL-SG5428(config

42 Chapter 8 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allow

43 Example Enable the GVRP function for ports 2-6: TL-SG5428(config)# interface range gigabitEthernet 1/0/2-6 TL-SG5428(config-if-range)# gvrp gvrp

44 no gvrp timer [ leaveall | join | leave ] Parameter leaveall | join | leave —— They are the three timers: leave All、join and leave. Once the Leave

45 Example Display the global GVRP status: TL-SG5428(config)# show gvrp global show gvrp interface Description The show gvrp interface command is use

46 Chapter 9 Etherchannel Commands Etherchannel Commands are used to configure LAG and LACP function. LAG (Link Aggregation Group) is to combine a

V show ip dhcp snooping ...67 show ip dhcp sno

47 port-channel load-balance Description The port-channel load-balance command is used to configure the Aggregate Arithmetic for LAG. To return to th

48 Command Mode Global Configuration Mode Example Configure the LACP system priority as 1024 globally: TL-SG5428(config)# lacp system-priority 1024 l

49 Syntax show etherchannel [ channel-group-num ] { detail | summary } Parameter channel-group-num —— The EtherChannel Group number, ranging from 1

50 Parameter channel-group-num —— The EtherChannel Group number, ranging from 1 to 14. By default, it is empty, and will display the information of

51 Chapter 10 User Manage Commands User Manage Commands are used to manage the user’s logging information by Web, CLI or SSH, so as to protect the s

52 user access-control ip-based Description The user access-control ip-based command is used to limit the IP-range of the users for login. Only the u

53 Parameter mac-addr —— The source MAC address. Only the user with this MAC Address is allowed to login. Command Mode Global Configuration Mode Exam

54 user max-number Description The user max-number command is used to configure the maximum login user numbers at the same time. To cancel the limit

55 Parameter minutes ——The timeout time, ranging from 5 to 30 in minutes. The value is 10 by default. Command Mode Global Configuration Mode Exam

56 TL-SG5428(config)# line vty 0 5 password Description The password command is used to configure the connection password. To clear the password, ple

VI show radius accounting...86 show radius auth

57 Command Mode Line Configuration Mode Example Configure the login of Console port connection 0 as login mode: TL-SG5428(config)# line console 0 T

58 Syntax show user account-list Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the current users: T

59 Chapter 11 Binding Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be

60 Command Mode Global Configuration Mode Example Bind an entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and Port number 5 manually.

61 ip dhcp snooping global Description The ip dhcp snooping global command is configure DHCP-Snooping globally. To restore to the default value, plea

62 ip dhcp snooping information option Description The ip dhcp snooping information option command is used to enable the Option 82 function of DHCP

63 Command Mode Global Configuration Mode Example Replace the Option 82 field of the packets with the switch defined one and then send out: TL-SG5428

64 default Circuit ID for the Option 82, please use no ip dhcp snooping information circuit-id command. Syntax ip dhcp snooping information circui

65 ip dhcp snooping mac-verify Description The ip dhcp snooping mac-verify command is used to enable the MAC Verify feature. To disable the MAC Verif

66 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Set the Flow Control of port 2 as

VII Chapter 20 System Configuration Commands...107 system-time manual ...

67 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the IP-MAC-VID-PORT binding table: TL-SG5428(config)# show ip source

68 show ip dhcp snooping interface gigabitEthernet Description The show ip dhcp snooping interface gigabitEthernet command is used to display the DHC

69 Chapter 12 ARP Inspection Commands ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, such as the

70 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the ports 2-5 as the Tru

71 ip arp inspection limit-rate Description The ip arp inspection limit-rate command is used to configure the ARP speed of a specified port. To resto

72 Example Restore port 5 to the ARP transmit status: TL-SG5428(config)# interface gigabitEthernet 1/0/5 TL-SG5428(config-if)# ip arp inspection reco

73 TL-SG5428(config)# show ip arp inspection interface Display the configuration of port 2: TL-SG5428(config)# show ip arp inspection interface gigab

74 Chapter 13 IP Verify Source Commands IP Verify Source is to filter the IP packets based on the IP-MAC Binding entries. Only the packets matched t

75 configuration information. Syntax show ip verify source Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the IP Veri

76 Chapter 14 DoS Defend Command DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil

VIII storm-control multicast ...128 storm-contro

77 Parameter scan-synfin —— Scan SYNFIN attack. xma-scan —— Xma Scan attack. null-scan —— NULL Scan attack. port-less-1024 ——The SYN packets whose So

78 Chapter 15 IEEE 802.1X Commands IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the supplicant pa

79 pap: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client. Th

80 dot1x quiet-period Description The dot1x quiet-period command is used to enable the quiet-period function. To disable the function, please use no

81 Example Configure the quiet period as 100 seconds: TL-SG5428(config)# dot1x timeout quiet-period 100 dot1x max-reauth-req Description The dot1x m

82 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the IEEE 802.1X function fo

83 Syntax dot1x port-control { auto | authorized-force | unauthorized-force } no dot1x port-control Parameter auto | authorized-force | unauthorized-

84 port-based: All the clients connected to the port can access the network on the condition that any one of the clients has passed the 802.1X Authen

85 value ——The maximum time for the switch to wait for the response before resending a request to the supplicant., ranging from 1 to 9 in second. By

86 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of 801.X globally: TL-SG5428(config)# show dot1x gl