Page 2 - COPYRIGHT & TRADEMARKS
I COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any for...
Page 3 - CONTENTS; Chapter 1
II CONTENTS Preface .............................................................................................................. 1 Chapter 1 Using the CLI ....................................................................................... 4 1.1 Accessing the CLI ..................................
Page 4 - Chapter 5
III show protocol-vlan template .................................................................................................. 22 show protocol-vlan vlan ......................................................................................................... 22 show protocol-vlan interface .......
Page 13 - Preface; Overview of this Guide
1 Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The device mentioned in this Guide stands for TL-SG5428/TL-SG5412F JetStream L2 Managed Switch. Overview of this Guide Chapter 1: Using the CLI Provide information about h...
Page 16 - Chapter 1 Using the CLI; Accessing the CLI
4 Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: 1. Log on to the switch by the console port on the switch. 2. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console p...
Page 20 - CLI Command Modes
8 5. Type the User name and Password (the factory default value for both of them is admin) and press the Enter button, then you can use the CLI now, which is shown as figure1-9. Figure 1-9 Log in the Switch 1.2 CLI Command Modes The CLI is divided into different command modes: User EXEC Mode, Privil...
Page 26 - end
14 Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# end Description The end command is used to return to Privileged EXEC Mode. Syntax end ...
Page 29 - switchport allowed vlan
17 Example Specify the description string of the VLAN 2 as “vlan2”: TP-LINK(config)# interface vlan 2 TP-LINK(config-if)#description vlan2 switchport type Description The switchport type command is used to configure the Link Types for the ports. Syntax switchport type { access | trunk | general } Pa...
Page 30 - switchport general egress-rule
18 Example Add port 2 to IEEE 802.1Q VLAN: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport allowed vlan add 2 switchport pvid Description The switchport pvid command is used to configure the PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id —— VLAN ID, ...
Page 31 - show interface switchport
19 Specify the egress-rule of port 2 in vlan 3 as tagged: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport general egress-rule 3 tagged show vlan Description The show vlan command is used to display the information of IEEE 802.1Q VLAN . Syntax show vlan [ vlan-id ] Parameter vlan...
Page 33 - protocol-vlan interface
21 no protocol-vlan entry-id Parameter vid ——VLAN ID , ranging from 1-4094. index ——The number of the Protocol template. You can get the template corresponding to the number by the show protocol-vlan template command. entry-id ——The number of the Protocol VLAN . You can get the Protocol VLAN entry c...
Page 35 - Example
23 Example Display the configuration of the protocol-vlan interface: TP-LINK(config)# show protocol-vlan interface
Page 36 - Chapter 5 VLAN-VPN Commands
24 Chapter 5 VLAN-VPN Commands VLAN-VPN (Virtual Private Network) function, the implement of a simple and flexible Layer 2 VPN technology, allows the packets with VLAN tags of private networks to be encapsulated with VLAN tags of public networks at the network access terminal of the Internet Service...
Page 38 - show vlan-vpn uplink
26 no vlan-vpn uplink [ port-list ] Parameter port-list ——The port numbers needed to be edited or canceled. Command Mode Global Configuration Mode Example Configure the ports 1, 3-5, and 8-10 as the VPN Up-link ports: TP-LINK(config)# vlan-vpn uplink 1,3-5,8-10 show vlan-vpn global Description The s...
Page 39 - Description; Syntax; Command Mode
27 Example Display the configuration information of the VLAN VPN Up-link ports: TP-LINK(config)# show vlan-vpn uplink show vlan-vpn interface Description The show vlan-vpn interface command is used to display the VLAN VPN port enable state. Syntax show vlan-vpn interface Command Mode Any Configurati...
Page 40 - Chapter 6 Voice VLAN Commands
28 Chapter 6 Voice VLAN Commands Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with voice devices attached to voice VLANs, you can perform QoS-related configuration for voice data, ensuring the transmission priority of voice data stream a...
Page 42 - switchport voice-vlan security
30 switchport voice-vlan mode Description The switchport voice-vlan mode command is used to configure the Voice VLAN mode for the Ethernet port. Syntax switchport voice-vlan mode { manual | auto } Parameter manual / auto —— Port mode. Command Mode Interface Configuration Mode ( interface ethernet / ...
Page 43 - show voice-vlan switchport
31 show voice-vlan global Description The show voice-vlan global command is used to display the global configuration information of Voice VLAN. Syntax show voice-vlan global Command Mode Any Configuration Mode Example Display the configuration information of Voice VLAN globally: TP-LINK(config)# sho...
Page 44 - Parameter
32 Syntax show voice-vlan switchport [ port ] Parameter port —— Ethernet port. By default, it will display the configuration information of all the ports in the Voice VLAN. Command Mode Any Configuration Mode Example Display the configuration information of all the ports in the Voice VLAN: TP-LINK(c...
Page 58 - show lacp interface
46 Parameter value —— Port priority, ranging from 0 to 65535. By default, the value is 32768. Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Set the port priority of port 1 to 1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp po...
Page 61 - user modify status
49 user remove Description The user remove command is used to delete an existing user. The current user can't be deleted by itself. Syntax user remove user-name Parameter user-name —— An existing user name. Command Mode Global Configuration Mode Example Delete the user named tplink: TP-LINK(config)#...
Page 62 - user modify password
50 user modify type Description The user modify type command is used to modify the access level for the existing user. The current user can't be modified by itself. Syntax user modify type user-name {guest | admin} Parameter user-name —— The existing user name. guest | admin —— Access level. Guest: ...
Page 66 - show user configuration
54 Syntax user idle-timeout minutes no user idle-timeout Parameter minute ——The timeout time, ranging from 5 to 30 in minutes. By default, the value is 10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minutes: TP-LINK(config)# user idle-timeout 15 sho...
Page 68 - Chapter 12 Binding Table Commands
56 Chapter 12 Binding Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be the condition for the ARP Inspection and IP Source Guard to filter the packets. binding-table user-bind Description The binding-table user-bind command...
Page 69 - binding-table remove
57 binding-table remove Description The binding-table remove command is used to delete the IP-MAC –VID-PORT entry from the binding table. Syntax binding-table remove index idx Parameter idx —— The entry number needed to be deleted. You can use the show binding-table command to get the idx. Pay atten...
Page 70 - dhcp-snooping global
58 Example Enable the DHCP-snooping function globally: TP-LINK(config)# dhcp-snooping dhcp-snooping global Description The dhcp-snooping global command is used to configure the DHCP snooping globally. To restore to the default value, please use no dhcp-snooping global command. Syntax dhcp-snooping g...
Page 76 - show dhcp-snooping information
64 Syntax show binding-table Command Mode Any Configuration Mode Example Display the IP-MAC-VID-PORT binding table: TP-LINK(config)# show binding-table show dhcp-snooping global Description The show dhcp-snooping global command is used to display the global configuration of DHCP Snooping. Syntax sho...
Page 81 - show arp detection interface; show arp detection statistic
69 show arp detection global Description The show arp detection global command is used to display the ARP detection global configuration including the enable/disable status and the Trusted Port list. Syntax show arp detection global Command Mode Any Configuration Mode Example Display the ARP detecti...
Page 85 - Chapter 15 DoS Defend Command
73 Chapter 15 DoS Defend Command DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend enabled, the switch can analyze the specific field of the received packets a...
Page 89 - dot1x timer
77 dot1x quiet-period Description The dot1x quiet-period command is used to enable the quiet-period function. To disable the function, please use no dot1x quiet-period command. Syntax dot1x quiet-period no dot1x quiet-period Command Mode Global Configuration Mode Example Enable the quiet-period func...
Page 90 - dot1x retry
78 Example Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6 seconds: TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 dot1x retry Description The dot1x retry command is used to configure the maximum transfer times of the repeated authentication request. To restore ...
Page 93 - radius authentication secondary-ip
81 Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Configure the Control Type for port 5 as port-based: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# dot1x port-method port-based radius authentication primary-ip Description The radius a...
Page 94 - radius authentication port
82 Syntax radius authentication secondary-ip ip-addr no radius authentication secondary-ip Parameter ip-addr ——The IP address of the alternate authentication server. By default, it is 0.0.0.0. Command Mode Global Configuration Mode Example Configure the IP address of the alternate authentication ser...
Page 99 - show dot1x interface; show radius authentication
87 show dot1x global Description The show dot1x global command is used to display the global configuration of 801.X. Syntax show dot1x global Command Mode Any configuration Mode Example Display the configuration of 801.X globally: TP-LINK(config)# show dot1x global show dot1x interface Description T...
Page 101 - logging local flash
89 Chapter 17 Log Commands The log information will record the settings and operation of the switch respectively for you to monitor operation status and diagnose malfunction. logging local buffer Description The logging local buffer command is used to configure the severity level and the status of t...
Page 102 - logging clear
90 The logging local flash command is used to configure the level and the status of the log file input. To restore to the default configuration, please use no logging local flash command. The log file indicates the flash sector for saving system log. The information in the log file will not be lost ...
Page 103 - show logging local-config
91 Example Clear the information in the log file: TP-LINK(config)# logging clear buffer logging loghost Description The logging loghost command is used to configure the Log Host. To clear the configuration of the specified Log Host, please use no logging loghost command. Log Host is to receive the s...
Page 104 - show logging loghost; show logging buffer
92 of the Local Log including the log buffer and the log file. Syntax show logging local-config Command Mode Any configuration Mode Example Display the configuration of the Local Log: TP-LINK(config)# show logging local-config show logging loghost Description The show logging loghost command is used...
Page 108 - show ssh
96 Specify the maximum number of the connections to the SSH server as 3: TP-LINK(config)# ssh max-client 3 ssh download Description The ssh download command is used to download the SSH key file from TFTP server. Syntax ssh download {v1 | v2 } key-file ip-address ip-addr Parameter v1 | v2 —— Select t...
Page 110 - show ssl
98 ip-addr —— The IP address of the TFTP server. Command Mode Global Configuration Mode Example Download a SSL Certificate named ssl-cert from TFTP server with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description Th...
Page 113 - bridge address static
101 Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Enable Port Security function for port1, select Static mode as the learn mode, and specify the maximum number of MAC addresses that can be learned on this port as 30: TP-LINK(config)# interface et...
Page 114 - bridge address filtering
102 bridge aging-time Description The bridge aging-time command is used to configure aging time for the dynamic address. To return to the default configuration, please use no bridge aging-time command. Syntax bridge aging-time aging-time no bridge aging-time Parameter aging-time —— The aging time fo...
Page 115 - show bridge address
103 Command Mode Global Configuration Mode Example Add a filtering address entry whose VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 show bridge port-security Description The show bridge port-security command is used to configure the...
Page 117 - Chapter 21 System Commands
105 Chapter 21 System Commands System Commands can be used to configure the System information and System IP, reboot and reset the switch, upgrade the switch system and other operations. system-descript Description The system-descript command is used to configure the Device Name, Device Location and...
Page 121 - reboot
109 Command Mode Global Configuration Mode Example Enable the BOOTP Protocol to obtain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch will restore to the factor...
Page 123 - ping
111 TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 user-config save Description The user-config save command is used to save current settings. Syntax user-config save Command Mode Privileged EXEC Mode Example Save current settings: TP-LINK# user-config save firmware upgrade D...
Page 126 - show system-time dst
114 Display the system information: TP-LINK# show system-info show ip address Description The show ip address command is used to display MAC Address, IP Address, Subnet Mask and Default Gateway of the system, whether the DHCP Client function is enabled or not and some other information. Syntax show ...
Page 128 - interface range ethernet
116 Chapter 22 Ethernet Configuration Commands Ethernet Configuration Commands can be used to configure the Bandwidth Control, Negotiation Mode and Storm Control for Ethernet ports. interface ethernet Description The interface ethernet command is used to enter the Interface Configuration Mode and co...
Page 129 - shutdown
117 User Guidelines Command in the Interface Range Ethernet Mode is executed independently on all ports in the range. It does not effect the execution on the other ports at all if the command results in an error on one port. Example Enter the Interface Configuration Mode, add ports 1-3, 6-9 to the p...
Page 130 - negotiation
118 Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Disable Ethernet port3: TP-LINK(config)# interface ethernet 3 TP-LINK(config-if)# shutdown flow-control Description The flow-control command is used to enable the flow-control function for a port....
Page 132 - port rate-limit disable ingress
120 Example Enable the Broadcast Control function for port5 and specify the rate as 128kbps: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control bc-status enable rate 128k port rate-limit Description The port rate-limit command is used to configure the Rate Limit for an Ethernet ...
Page 133 - show interface configuration
121 Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Disable the ingress-rate limit for port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit disable ingress port rate-limit disable egress Description The port rate-limit d...
Page 134 - show interface status; show interface counters
122 Example Display the configurations of port5: TP-LINK# show interface configuration ethernet 5 show interface status Description The show interface status command is used to display the connective-status of an Ethernet port. Syntax show interface status ethernet [ interface ] Parameter Interface ...
Page 135 - show storm-control ethernet; show port rate-limit
123 show storm-control ethernet Description The show storm-control ethernet command is used to display the storm-control information of an Ethernet port. Syntax show storm-control ethernet [ port ] Parameter port —— The port-number of the port selected to display the storm-control information. By de...
Page 137 - qos dot1p config
125 Syntax qos dot1p enable no qos dot1p enable Command Mode Global Configuration Mode Example Enable the mapping relation between IEEE 802.1P Priority and Egress Queue: TP-LINK(config)# qos dot1p enable qos dot1p config Description The qos dot1p config command is used to configure the mapping relat...
Page 148 - Chapter 26 ACL Commands
136 Chapter 26 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security. acl time-segment Description The...
Page 150 - acl holiday; acl create
138 TP-LINK(config)# acl edit time-segment tSeg1 start-time 08:30 end-time 12:00 week-day working-day acl holiday Description The acl holiday command is used to create holiday in Holiday Mode in the acl time-segment command. To delete the corresponding holiday, please use no acl holiday command. Syn...
Page 152 - acl edit rule mac-acl
140 number. user-pri —— The user priority contained in the rule, ranging from 0 to 7. By default, it is not limited. time-segment —— The time-range for the rule to take effect. By default, it is not limited. Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20, and add Rule...
Page 154 - acl edit rule std-acl
142 Parameter acl-id —— The desired Standard-IP ACL for configuration. rule-id —— The rule ID. op —— The operation for the switch to process packets which match the rules. There are two options, discard and permit. Discard means discarding packets, and permit means forwarding packets. By default, th...
Page 155 - acl policy policy-add
143 rule-id —— The rule ID. op —— The operation for the switch to process packets which match the rules. There are two options, discard and permit. Discard means discarding packets, and permit means forwarding packets. By default, the option is permit. source-ip —— The source IP address contained in...
Page 156 - acl policy action-add
144 Parameter name —— The Policy Name, ranging from 1 to 16 characters. Command Mode Global Configuration Mode Example Add a Policy named policy1: TP-LINK(config)# acl policy policy-add policy1 acl policy action-add Description The acl policy action-add command is used to add ACLs and create actions...
Page 157 - acl edit action
145 TP-LINK(config)# acl policy policy-add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl edit action Description The acl edit action command is used to edit actions for the policy. Syntax acl edit action { policy-name } { acl-id } [ rate rate ] [ osd {none | di...
Page 159 - show acl config
147 Command Mode Any Configuration Mode Example Display the configuration of Time-Range: TP-LINK> show acl time-segment show acl holiday Description The show acl holiday command is used to display the defined holiday. Syntax show acl holiday Command Mode Any Configuration Mode Example Display the...
Page 163 - spanning-tree region
151 port. The lower value has the higher priority. expath-consum —— ExtPath Cost, which is used to choose the path and calculate the path costs of ports in different MST regions. It is an important criterion on determining the root port. The lower value has the higher priority. By default, it is aut...
Page 166 - spanning-tree security
154 spanning-tree tc-defend Description The spanning-tree tc-defend command is used to configure the TC Protect of Spanning Tree globally. To return to the default configuration, please use no spanning-tree tc-defend command. A switch removes MAC address entries upon receiving TC-BPDUs. If a malicio...
Page 167 - spanning-tree mcheck
155 Parameter loop —— Enable/ Disable Loop Protect. By default, it is disabled. Loop Protect is to prevent the loops in the network brought by recalculating STP because of link failures and network congestions. root —— Enable/ Disable Root Protect. By default, it is disabled. Root Protect is to prev...
Page 169 - show spanning-tree msti config
157 configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of port 5: TP-LINK(config)# show spanning-tree port-config 5 show spanning-tree region Description The show spanning-tree region command is used to display the Region configuration of M...
Page 178 - igmp-snooping filter
166 Syntax igmp-snooping filter-config { id } { start-ip } { end-ip } Parameter id —— IP-range ID, ranging from 1 to 30. start-ip —— The start multicast IP of the IP-range. end-ip —— The end multicast IP of the IP-range. Command Mode Global Configuration Mode Example Modify the multicast IP-range wh...
Page 191 - snmp-rmon event user
179 Command Mode Global Configuration Mode Example Enable the history sample entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon history enable 1-4,8 snmp-rmon event user Description The snmp-rmon event user command is used to configure the user name of SNMP-RMON Event. To return to the default config...
Page 192 - snmp-rmon event type
180 Syntax snmp-rmon event description { index } { description } no snmp-rmon event description { index } Parameter index —— The index number of the event entry, ranging from 1 to 12. You can only select one entry for each command. description —— The description of the event, ranging from 1 to 16 ch...
Page 194 - snmp-rmon alarm config
182 Example Enable the SNMP-RMON Event entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. To return to the default configuration, please use no snmp-rmon alarm con...
Page 195 - snmp-rmon alarm owner
183 from 1 to 12. f-hold —— The falling counter value that triggers the Falling Threshold alarm, ranging from 1 to 65535. By default, it is 100. f-event —— Fall Event, which is the index of the corresponding event which will be triggered if the sampled value is lower than the Falling Threshold . It ...
Page 196 - snmp-rmon alarm enable; show snmp global-config
184 Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon alarm owner 1 owner1 snmp-rmon alarm enable Description The snmp-rmon alarm enable command is used to enable SNMP-RMON Alarm Management entry. To disable the corresponding entry, please use no snmp-rmon alarm enable com...
Page 199 - show snmp-rmon alarm
187 Parameter index —— The index number of the entry selected to display the configuration, ranging from 1 to 12. You can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all hi...
Page 202 - cluster ntdp
190 cluster ntdp Description The cluster ntdp command is used to configure NTDP globally. To return to the default configuration, please use no cluster ntdp command. NTDP (Neighbor Topology Discovery Protocol) is used to collect the NDP information and neighboring connection information of each devi...
Page 204 - cluster manage config
192 cluster create Description The cluster create command is used to specify the current switch as commander switch and create cluster. To implement the management and maintenance operations intended for the member switches in a cluster through the commander switch, the commander switch needs to dyn...
Page 205 - cluster manage role-change
193 Command Mode Global Configuration Mode Example Specify the Hold Time and Interval Time of cluster c1 as 50 seconds: TP-LINK(config)# cluster manage config c1 50 50 cluster manage member Description The cluster manage member command is used to add member switch. To delete the corresponding member...
Page 207 - show cluster neighbour
195 Parameter port —— The port selected to display the configuration of NDP. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NDP configuration of port 2: TP-LINK> show cluster ndp port-status 2 show cluster neighbour Description The...
Page 208 - show cluster ntdp port-status; show cluster ntdp device
196 show cluster ntdp port-status Description The show cluster ntdp port-status command is used to display NTDP configuration of the certain port. Syntax show cluster ntdp port-status [ port ] Parameter port —— The port selected to display the configuration of NTDP. By default, the configuration of ...
Page 211 - lldp timer
199 Command Mode Global Configuration Mode Example Specify Hold Multiplier as 5: TP-LINK(config)# lldp hold-multiplier 5 lldp timer Description The lldp timer command is used to configure the parameters about transmission. To return to the default configuration, please use no lldp timer command. Syn...
Page 215 - show lldp local-information; show lldp neighbor-information; show lldp statistics
203 show lldp local-information Description The show lldp local-information command is used to display the LLDP information of the certain port. Syntax show lldp local-information [ port ] Parameter port —— The port selected to display the information of LLDP. Command Mode Any Configuration Mode Exa...
