Instruction/ maintenance manual of the product TL-SG3216 TP-Link
Go to page of 212
TL-SG3210/TL-SG3216/TL-SG3424 JetS tream L2 Managed Switch Rev: 1.1.0 1910010717.
I COPYRIGHT & TRADEMARKS S pecifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., L TD. Other brands and product names are trademarks or registered trademarks of t heir respective holders.
II CONTENTS Preface ...................................................................................................................... 1 Chapter 1 Using the CLI ......................................................................................
III Chapter 5 Protocol-based VLAN Commands ....................................................... 26 protocol-vlan template ........................................................................................................... 26 protocol-vlan vlan .
IV user access-control mac-based ............................................................................................. 44 user access-control port-based ..........................................................................................
V Chapter 12 DoS Defend Command ....................................................................... 66 ip dos-prevent ........................................................................................................................ 66 ip dos-prevent type .
VI ip ssh download ..................................................................................................................... 85 show ip ssh ...................................................................................................
VII loopback interface ............................................................................................................... 107 show system-time ...............................................................................................
VIII show qos status ................................................................................................................... 127 Chapter 21 Port Mirror Commands .......................................................................128 monitor session destination interface .
IX access-list bind(interface) .................................................................................................... 149 access-list bind(vlan) ............................................................................................
X ip igmp snooping(interface) ................................................................................................. 169 ip igmp snooping immediate-leave ......................................................................................
XI Chapter 28 Cluster Commands .............................................................................195 cluster ndp ........................................................................................................................... 195 cluster ntd p .
1 Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The switch or TL-SG3210/TL-SG3216/TL-SG3424 mentio ned in this Guide stands for TL-SG3210/TL-SG3216/TL-SG3424 JetS tream L2 Managed Switch without any explanation.
2 commands used for monitoring the process of the Host obtaining the IP address from DHCP server , and record the IP address, MAC address, VLAN and the connected Port numb er of the Host for automatic binding.
3 Provide information about the commands used for configuring the Loopback Detection function. Chapter 24: ACL Commands Provide information about the commands used for configurin g the ACL (Access Control List). Chapter 25: MSTP Commands Provide information about the commands used for configuring the MSTP (Multiple S panning T ree Protocol).
4 Chapter 1 Using the CLI 1.1 Accessing the CLI Y ou can log on to the switch and acce ss the CLI by the following two methods: 1. Log on to the switch by the console port on the switch. 2. Log on to the switch remotely by a T e lnet or SSH connection through an Ethernet port.
5 Figure 1-2 Connection Description 4. Select the port to connect in Figure 1-3 , and click OK . Figure 1-3 Select the port to connect 5. Configure the port selected in the step above as the following Figure 1 -4 shown. Configure Bits per second as 38400, Dat a bit s as 8, Parity as None, Stop bi ts as 1, Flow control as None, and then click OK .
6 Figure 1-4 Port Settings 6. The DOS prompt” TL-SG3424>” will appear after pressing the Enter button as Figure 1-5 shown. It indicates that you can use th e CLI now .
7 Note : 1. Before T elnet login, you are requir ed to configure T elnet login mode and login authentication information through Console connection . The relevant CLI commands should be entered in the pr ompted DOS screen shown in Figure 1-5 Log in the Switch .
8 2. Open T elnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-8 , and press the Enter button. Figure 1-8 Connecting to the Switch 3. T ype the default user name and password admin/admin, then press the Enter button so as to enter User EXEC Mode.
9 Figure 1-10 Enter into the Privileged EXEC Mode Login Mode Firstly configure the T e lnet login mode as “ login” , and both the connection password and the Privileged EXEC Mode password as 123 in the prompted DOS screen shown in Figure 1-1 1 .
10 Figure 1-12 Connecting to the Switch 2. Y ou are prompted to ent er the connection password 123 you have set through Console port connection, and then you are in User EXEC Mode.
11 Now you can manage your switch with CLI commands through T elnet connection. Note: Y ou can refer to Chapter 9 User Manage Commands for detailed commands information of the T elnet connection configuration.
12 VLAN Configuration Mode Use the vl an vlan-list command to enter this mode from Global Configuration mode. TL-SG3424(config- vla n) # Use the end command or press Ctrl+Z to return to Privileged EXEC mode. Enter the exit or the # command to return to Global configuration mode.
13 Users get the privilege to the User level once connecting console port with the switch or logging in by T elnet. However , Guest users ar e restricted to access the CLI. Users can enter Privileged EXEC mode from User EXEC mode by using the enable command.
14 The port number should format as 1/0/3, meaning unit/slot/port. T he unit number is always 1, and slot number is always 0 and the port number is a variable (an actual value must be assigned).
15 Chapter 2 User Interface enable Description The enable command is used to access Privileged EXEC Mode from User EXEC Mode. Synt ax enable Command Mode User EXEC Mode Example If you have set the pas.
16 disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Synt ax disable Command Mode Privileged EXEC Mode Example Return to User EXEC Mode from Privil.
17 Command Mode Any Configuration Mode Example Return to Global Configuration Mode fr om Interface Configuration Mode, and then return to Privileged EXEC Mode: TL-SG3424(config-if)# exit TL-SG3424(config)# exit TL-SG3424# end Description The end command is used to return to Privileged EXEC Mode.
18 Chapter 3 IEEE 802.1Q VLAN Commands VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logical LANs flexibly . Host s in the same VLAN can communicate with each other , regardless of their physical locations.
19 Parameter vlan-id —— S pecify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Create VLAN Interface 2: TL-SG3424(config)# interface vlan 2 name Description The name command is used to assign a description to a VLAN.
20 Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example S pecify the Link T ype of port 3 as trunk: TL-SG3424(config)# interface gigabitEthe.
21 no switchport trunk allowed vlan vlan-list Parameter vlan-list —— S pecify IEEE 802.1Q VLAN ID list, ranging from 2 to 4094, in the format of 2-3, 5.
22 TL-SG3424(config-if)# switchport general allowed vlan 2 tagged switchport pvid Description The sw itchport pvid command is used to configur e the PVID for the switch ports. Synt ax switchport pvid vlan-id Parameter vlan-id —— S pecify IEEE 802.
23 show vlan brief Description The show vlan brief command is used to display the brief information of IEEE 802.1Q VLAN. Synt ax show vlan brief Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the brief information of IEEE 802.
24 Chapter 4 MAC-based VLAN Commands MAC-based VLAN (Virtual Local Area Network) is the way to classify the VLANs based on MAC Address. A MAC address corresponds to a VLAN ID. The untagged packets and the priority-tagged pa ckets sourced from the MAC address will be tagged with this VLAN ID.
25 Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Parameter mac-addr —— MAC address, in the fo rmat of XX:XX:XX:XX:XX:XX. vlan-id —— S pecify IEEE 802.
26 Chapter 5 Protocol-based VLAN Commands Protocol-based VLAN (Virtual Local Area Netw ork) is the way to classify VLANs based on Protocols. A Protocol corres ponds to a VLAN ID. The untagged packet s and the priority-tagged packet s matching the protocol templa te will be tagged with this VLAN ID.
27 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol-b ased VLAN. T o delete a Protocol-bas ed VLAN, please use no protocol-vlan command. Synt ax protocol-vlan vlan vlan-id { template template-idx } no protocol-vlan vlan group-idx Parameter vlan-vid —— S pecify IEEE 802.
28 Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Create Protocol-based VLAN group 2 which is binding with port 3: TL-SG3424(config)# .
29 Chapter 6 Voice VLAN Commands V oice VLANs are configured spec iall y for voice data stream. By configuring V oice VLANs and adding the ports with voice devic es attached to voice VLANs, you can perform QoS-related configuration for voice data, ens uring the transmission priority of voice data stream and voice quality .
30 Parameter time ——Aging time (in minutes) to be set for the V oice VLAN. It ranges from 1 to 43200 and the default value is 1440. Command Mode Global Configuration Mode Example Set the aging tim.
31 Synt ax voice vlan mac-address mac-addr mask mask [ description descript ] no voice vlan mac-address mac-addr Parameter mac-addr —— The OUI address of the voic e device, in the format of XX:XX:XX:XX:XX :XX. mask —— The OUI address mask of the voice device, in the format of XX:XX:XX:XX:XX :XX.
32 TL-SG3424(config)# interface gigabitEthernet 1/0/3 TL-SG3424(config-if)# switchport voice vlan mode auto switchport voice vlan security Description The switchport voice vlan security command is used to enable the V oice VLAN security feature. T o disable the V oice VLAN security feature, please use no switchport voice vlan security command.
33 show voice vlan oui Description The show voice vlan oui command is used to display the configuration information of V oice VLAN OUI. Synt ax show voice vlan oui Command Mode Privileged EXEC Mode an.
34 Chapter 7 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allo ws the switch to automatically add or remove the VLA.
35 Example Enable the GVRP function for ports 2-6: TL-SG3424(config)# interface range gigabitEthernet 1/0/2-6 TL-SG3424(config-if-range)# gvrp gvrp registration Description The gvrp registration command is used to confi gure the GVRP registration type on the desired port.
36 no gvrp timer [ leaveall | join | leave ] Parameter leaveall | join | leave —— They are the three timers: leave All 、 join and leave. Once the LeaveAll T imer is set, the port with GVRP enabled can send a LeaveAll message after the timer times ou t, so that other GARP ports can re-register all the attribute information.
37 Example Display the global GVRP statu s: TL-SG3424(config)# show gvrp global show gvrp interface Description The show gvrp interface command is used to displa y the GVRP configuration information of all ports or a specified Ethernet port. Synt ax show gvrp interface [ gigabitEthernet port ] Parameter port ——The Ethernet port number .
38 Chapter 8 Etherchannel Commands Etherchannel Commands are used to c onfigure LAG and LACP function. LAG (Link Aggregation Group) is to combine a number of ports together to make a single high-bandwidth data path, which can highly exte nd the bandwi dth.
39 port-channel load-balance Description The port-channel load-balance command is used to c onfigure the Aggregate Arithmetic for LAG . T o return to the default configur ations, please use no port-channel load-balance command.
40 Command Mode Global Configuration Mode Example Configure the LACP system priority as 1024 globally: TL-SG3424(config)# lacp system-priority 1024 lacp port-priority Description The lacp port-priority command is used to configure the LACP port priority for specified ports.
41 Synt ax show etherchannel [ channel-group-n um ] { detail | summary } Parameter channel-group-num —— The EtherCh annel Group number , ran ging from 1 to 14. By default, it is empty , and will disp lay the information of all EtherChannel Groups.
42 Parameter channel-group-num —— The EtherCh annel Group number , ran ging from 1 to 14. By default, it is empty , and will displa y the information of all LACP group s. internal —— The internal LACP information. neighbor —— The neighbor LACP information.
43 Chapter 9 User Manage Commands User Manage Commands are used to manage the user ’s logging info rmation by Web, CLI or SSH, so as to protect the settings of t he switch from being randomly changed. user Description The user command is used to add a new user or modify th e existed user ’s information.
44 user access-control ip-based Description The user access-control ip-based command is used to limit the IP-range of the users for login. Only the users wi thin the IP-range you set here are allowed to login. T o cancel the us er access limit, please use no user access-con trol command.
45 Parameter mac-addr —— The source MAC addr ess. Only the user with this MAC Address is allowed to login. Command Mode Global Configuration Mode Example Configure that only the user whose MAC add.
46 user max-number Description The user max-number command is used to configur e the maximum login user numbers at the same time. T o cancel the limit on login numbers, please use no user max-number command.
47 Parameter minutes ——The timeout time, ranging from 5 to 30 in minutes. The value is 10 by default. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 .
48 TL-SG3424(config)# line vty 0 5 password Description The p assw ord command is used to configur e the connection password. T o clear the password, please use no p ass w ord command.
49 Command Mode Line Configuration Mode Example Configure the login of Console port connection 0 as login mode: TL-SG3424(config)# line console 0 TL-SG3424(config-line)# login Configure the login of v.
50 Synt ax show user account-list Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the information of the current users: TL-SG3424(config)# show user account-list show use.
51 Chapter 10 Binding Table Commands Y ou can bind the IP address, MAC address, VLAN and the connected Port number of the Host together , whic h can be the condition for the ARP Inspection and IP Source Guard to filter the packet s.
52 Command Mode Global Configuration Mode Example Bind an entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and Port number 5 manually . And then en abl e the entry for the ARP detection: TL-SG3424(config)# ip source binding host1 192.168.
53 ip dhcp snooping global Description The ip dhcp snooping global command is configure DHCP-Snooping glob ally . T o restore to the def ault value, please use no dhcp-snooping global command.
54 ip dhcp snooping information option Description The ip dhcp snooping information option command is used to enable the Option 82 function of DHCP Snooping. T o di sable the Option 82 function, please use no ip dhcp snooping information option command.
55 Command Mode Global Configuration Mode Example Replace the Option 82 field of the pa ck ets with the switch defined one and then send out: TL-SG3424(config)# ip dhcp snooping information strategy r.
56 default Circuit ID for t he Option 82, please use no ip dhcp snooping information circuit-id command. Synt ax ip dhcp snooping information circuit-id string ip dhcp snooping information circuit-id Parameter string ——Enter the sub-option Circuit ID, whic h co ntains 32 characters at most.
57 ip dhcp snooping mac-verify Description The ip dhcp snooping mac-verify command is used to enable the MAC V erify feature. T o disable the MAC V erify feature, please use no ip dhcp snooping mac-verify command. There are two fields of the DHCP packet cont aining the MAC address of the Host.
58 Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Set the Flow Control of port 2 as 20 pps: TL-SG3424(config)# interface gigabitEthern.
59 Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the IP-MAC-VID-PORT binding table: TL-SG3424(config)# show ip source binding show ip dhcp snooping Description The show ip dhcp snooping command is used to displa y the running st atus of DHCP-Snooping.
60 show ip dhcp snooping interface gigabitEthernet Description The show ip dhcp snooping interface gigabitEthernet command is used to display the DHCP-Snooping configurat i on of desired Gigabit Ethernet ports. Synt ax show ip dhcp snooping interface gigabitEthernet [ port ] Parameters port ——The Ethernet port number .
61 Chapter 11 ARP Inspection Commands ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, such as the Network Gateway S poofi ng and Man-In-The-Middle Attack, etc. ip arp inspection(global) Description The ip arp inspection command is used to enable t he ARP Detection function globally .
62 Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Configure the ports 2-5 as the Trusted Port: TL-SG3424(config)# interface range giga.
63 ip arp inspection limit-rate Description The ip arp inspection limit-rate command is used to configure the ARP speed of a specified port. T o restore to the default speed, please use no ip arp inspection limit-rate command.
64 Example Restore port 5 to the ARP transmit status: TL-SG3424(config)# interface gigabitEthernet 1/0/5 TL-SG3424(config-if)# ip arp inspection recover show ip arp inspection Description The show ip arp inspection command is used to display the ARP detection global configuration including the enable/disable status and the T rusted Port list.
65 TL-SG3424(config)# show ip arp inspection interface Display the configuration of port 2: TL-SG3424(config)# show ip arp inspection interface gigabitEthernet 1/0/2 show ip arp inspection statistics Description The show ip arp inspection statistics command is used to display the number of the illegal ARP packet s received.
66 Chapter 12 DoS Defend Command DoS (Denial of Service) Attack is to occupy t he network bandwid th maliciously by the network attackers or the evil programs sending a lot of se rvice requests to the Ho st.
67 Parameter land —— Land attack. scan-synfin —— Scan SYNFIN attack. xma-scan —— Xma Scan attack. null-scan —— NULL Scan attack. port-less-than-1024 ——The SYN packet s whose Source Port less than 1024. blat —— Blat attack. ping-flood —— Ping flooding attack.
68 Chapter 13 IEEE 802.1X Commands IEEE 802.1X function is to provid e an access control for LAN ports via the authenticat ion. Only the supplicant passing the authenticat ion can access the LAN. dot1x system-auth-control Description The dot1x system-auth-control command is used to enable the IEEE 802.
69 pap: IEEE 802.1X authentication system uses extensib le authentication protocol (EAP) to exchange information betw een the switch and the client. The transmission of EAP packets is termi nated at the switch and the EAP packets are converted to the other protocol (s uch as RADIUS) packe ts for transmission eap-md5: IEEE 802.
70 dot1x quiet-period Description The dot1x quiet-period command is used to enable t he quiet-perio d function. T o disable the f unction, please use no dot1x quiet-period command.
71 Example Configure the quiet period as 100 seconds: TL-SG3424(config)# dot1x timeout quiet-period 100 dot1x max-reauth-req Description The dot1x max-reauth -req command is used to configure the maximum transfer times of the repeat ed authentication request w hen the server cannot be connected.
72 Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Enable the IEEE 802.1X function for port 1: TL-SG3424(config)# interface gigabitEthe.
73 Synt ax dot1x port-control { auto | authorized-forc e | unauthorized-force } no dot1x port-control Parameter auto | authorized-force | unauthorized-forc e —— The Control Mode for the port. auto: In this mode, the port will normally work only after pa ssing the 802.
74 port-based: All the clients connected to the port can access the network on the condition that any one of the clients has p assed t he 802.1X Authentication.
75 value ——The maximum time for the switch to wait for the response before resending a request to the s upplicant., ranging from 1 to 9 in second. By default, it is 3. Command Mode Global Configuration Mode Example Configure the IP address of the acc ounting server as 10.
76 Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the configuration of 801.X globally: TL-SG3424(config)# show dot1x global show dot1x interface Description The show dot1x interface command is used to display all ports’ or the specified port’s configurat ion information of 801.
77 Command Mode Privileged EXEC Mode and Any Co nfiguration Modes Example Display the configuration of the accounting server: TL-SG3424(config)# show radius accounting show radius authentication Description The show radius authentication command is used to disp lay the configuration of the RADIUS aut hentication server .
78 Chapter 14 System Log Commands The log information will record the settings and oper ation of the switch re spectively for you to monitor operation status and diagnose malfunction. logging buffer Description The logging buffer command is used to configure the severity level and the status of the configuration input to t he log buf fer .
79 logging file flash Description The logging file flash command is used to configu re the level and the status of the log file input. T o restore to the default configur ation, please use no logging file flash command. The log file indicates the fl ash sector for saving system log.
80 Command Mode Global Configuration Mode Example Clear the information in the log file: TL-SG3424(config)# clear logging buffer logging host index Description The logging host index command is used to configur e the Log Host. T o clear the configuration of the s pecified Log Host, please use no log ging host index command.
81 show logging local-config Description The show logging local-config command is used to display the configuration of the Local Log including t he log buffer and the log file.
82 The show logging buffer command is used to display the log information in the log buffer according to the severity level. Synt ax show logging buffer [ level level ] Parameter leve l —— Severity level. There are 8 severi ty levels marked with values 0-7.
83 Chapter 15 SSH Commands SSH (Security Shell) can prov ide the unsecured remote management with security and powerful authentication to ensure the security of the management information. ip ssh server Description The ip ssh server command is used to enable SSH function.
84 Example Enable SSH v2: TL-SG3424(config)# ip ssh version v2 ip ssh timeout Description The ip ssh timeout command is used to specify the idle-timeout time of SSH. T o restore to the fact ory defaults, please use ip ssh timeout command. Synt ax ip ssh timeout value no ip ssh timeout Parameter value —— The Idle-timeout time.
85 Command Mode Global Configuration Mode Example S pecify the maximum number of the c onnections to the SSH server as 3: TL-SG3424(config)# ip ssh max-client 3 ip ssh download Description The ip ssh download command is used to download the SSH key file from TFTP server .
86 Example Display the global conf iguration of SSH: TL-SG3424(config)# show ip ssh.
87 Chapter 16 SSL Commands SSL ( Secure Sockets Layer ) , a security protocol, is to pr ovide a secure connection for the application layer protocol(e.g. H TTP) based on TCP . Adopting asymme trical encryption technology , SSL uses key p air to encrypt/decrypt information.
88 Parameter ssl-cert —— The name of the SSL certificate wh ich is selected to download to the switch. The length of the name ranges from 1 to 25 characters. The Certificate must be BASE64 encoded. ip-addr —— The IP address of the TFTP server .
89 show ip http secure-server Description The show ip http secure-server command is used to display the gl obal configuration of SSL. Synt ax show ip http secure-server Command Mode Privileged EXEC Mo.
90 Chapter 17 MAC Address Commands MAC Address configuration can improve the network security by conf iguring the Port Security and maintaining the address information by managing the Address T able. mac address-table static Description The mac address-table st atic command is used to add the static MAC address entry .
91 mac address-table aging-time Description The mac address-t able aging-time command is used to configure aging time for the dynamic address. T o return to the default configur ation, please use no mac address-t able aging-time command.
92 Command Mode Global Configuration Mode Example Add a filtering address entry of which VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TL-SG3424(config)# mac address-table filtering mac 00:1e:4b:04:01:5d vid 1 mac address-table max-mac-count Description The mac address-t able max-mac-count command is used to configure the Port Security .
93 status —— Enable or di sable the Port Securi ty function for a specified port. By default, this function is disabled. Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / int.
94 Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the Aging T ime of the MAC address: TL-SG3424(config)# show mac address-table aging-time show mac address-table max-mac.
95 Synt ax show mac address-t able interface gigabitEthernet port Parameter port —— The Ethernet port number . Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the add.
96 Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the information of t he MAC address 00:00:00:00:23:00:00: TL-SG3424(config)#show mac address-t able mac 00:00:00:00:23:.
97 Chapter 18 System Configuration Commands System Configuration Commands c an be used to configure the syst em information and system IP of the switch, and to reboot and reset the switch, upgrade the switch system a nd commands used for device diagnose, including loopback test and cable test.
98 GMT -1 1 —— T imeZone for Midway Island,Samoa. GMT -10 —— TimeZon e for Hawaii. GMT -09 —— T imeZone for Alaska. GMT -08 —— TimeZon e for Pacific T ime. GMT -07 —— TimeZon e for Mountain T ime(US Canada). GMT -06 —— TimeZon e for Central T ime(US Canada).
99 system-time dst predefined Description The system-time dst predefined command is used to select a predefined DS T configuration and the confi guration can be recycled.
100 Parameter smonth —— Month to start, with the options: J an, Feb, Mar , Apr , May , Jun, Jul, Aug, Sep, Oct, Nov , Dec sday —— Day to start, ranging from 1 to 31. Please mind that the number of days depends on the month. stime —— T ime to start, in the format of hh:mm.
101 stime —— T ime to start, in the format of: hh:mm . eweek —— Week to end, with options: firs t, second, third, fourth, last. eday —— Day to end, with options: Sun, M on, T ue, Wed, Thu, Fri, Sat. emonth —— Month to end, with options: Jan, Feb, Mar , Apr , May , Jun, Jul, Aug, Sep, Oct, Nov , Dec .
102 location Description The location command is used to configure the system location. T o clear the system location information, please use no location command. Synt ax location location no location location Parameter location —— Device Location.
103 reset Description The reset command is used to reset the switch’ s software. Af ter resetting, all configuration of the switch will restore to the factory defaults and your current settings will be lost.
104 Command Mode Privileged EXEC Mode Example Save current settings: TL-SG3424# copy running-config st art-up config copy startup-config tftp Description The copy startup-config t f tp command is used to backup the configuration file from TFTP server .
105 name —— S pecify the name for the configuration file which would be downloaded. Command Mode Privileged EXEC Mode Example Download the configuration f ile named as config.cfg to the switch from TFTP server with the IP 192.168.0.148: TL-SG3424# copy st artup-config tf tp ip-address 192.
106 Synt ax ping { ip_addr } [ -n count ] [ -l count ] [ -i count ] Parameter ip_addr —— The IP address of the destination node for ping test. -n count —— The amount of times to send te st data during Ping testing. It ranges from 1 to 10. By default, this value is 4.
107 Example T est the connectivity between the switch and the network device with the IP 192.168.0.131. If t he destination device has not been found after 20 maxHops , the connection between the switch and the destination device is failed to establish: TL-SG3424# tracert 192.
108 Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the time information of the switch: TL-SG3424# sho w system-time show system-time dst Description The show system-time dst command is used to display the DST time information of the switch.
109 show system-info Description The show system-info command is used to display system description, system name, device location, system contact, hardware version, firmware version, system time, run time and so on.
11 0 Chapter 19 Ethernet Configuration Commands Ethernet Configuration Commands can be used to configure the B andwidth Control, Negotiation Mode and S torm Control for Ethernet ports.
111 User Guidelines Command in the Interface Range gigabitEthernet Mode is executed independently on all ports in the range. It does not effect the execution on the other ports at all if the command results in an error on one port.
11 2 Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Disable port 3: TL-SG3424(config)# interface gigabitEthernet 1/0/3 TL-SG3424(config-if)# shutdo w n flow-control Description The flow-control command is used to enable the flow -control function for a port.
11 3 Parameter full | half —— The duplex mode of the Ethernet port. There are two options: full-duplex mode (default) and half-duplex mode. Command Mode Interface Configuration Mode (interfa ce gi.
11 4 storm-control broadcast Description The storm-control broadcast command is used to enable the broadcast control function. T o disable the broadcast contro l function, please use no storm-control broadcast command. Broadcast control function allows the switch to filter broadcast in the network .
11 5 Parameter rate —— Select the bandwidth for receiving multicast packet s on the port. The packet traf fic exceeding the bandwidth w ill be discarded.
11 6 bandwidth Description The bandwid th command is used to configure the bandwidth limit for an Ethernet port. T o disable t he bandwidth limit, please use no bandwidth command.
11 7 show interface status Description The show interface status command is used to display the connective-st atus of an Ethernet port. Synt ax show interface [ gigabitEthernet port ] status Parameter port —— The Ethernet port number .
11 8 show interface description Description The show interface description command is used to display the description of all ports or an Ethernet port. Synt ax show interface [ gigabitEthernet port ] description Parameter port —— The Ethernet port number .
11 9 show interface configuration Description The show interface configuration command is used to display the configurations of all ports or an Ethernet port, including Port-status, Flow Control, Negotiation Mode and Port-description. Synt ax show interface [ gigabitEthernet port ] configuration Parameter port —— The Ethernet port number .
120 TL-SG3424(config)# show storm-control interface range gigabitEthernet 1/0/4-7 show bandwidth Description The show bandw id th command is used to display the bandwidth-limit information of Ethernet ports.
121 Chapter 20 QoS Commands QoS (Quality of Service) function is used to optimiz e the network performance. It provides you with network service experience of a better quality . qos Description The qos command is used to configure CoS (Class of Service) based on port.
122 Synt ax qos dscp no qos dscp Command Mode Global Configuration Mode User Guidelines DSCP (Dif fServ Code Po int) is a new definition to IP T oS field given by IEEE.
123 User Guidelines 1. By default, the mapping relation bet ween tag/cos and the egress queue is: 0-TC1, 1-TC0, 2-TC0 , 3-TC1, 4-TC2, 5-TC2, 6-TC3, 7-TC3 2 . Among the priority levels TC0-TC3, the bigger value, the higher priority . Example Map CoS 5 to TC 2.
124 User Guidelines By default, the mapping relation between tag and the egress queue is: (0-7)-CoS 0, (8-15)-C oS 1, (16-23)-CoS 2, (24-31)-CoS 3, (32-39)- CoS 4, (40-47)-CoS 5, (48-55)-CoS 6, (56-63)-CoS 7.
125 equ —— Equal-Mode. In this mode, all the queues occupy the bandwidth equally . The weight value ratio of all the queues is 1:1:1:1. Command Mode Global Configuration Mode Example S pecify the .
126 Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the configuratio n of IEEE 802.1P Priority and the mapping relation between cos-id and tc-id: TL-SG3424# show qos cos-map show qos dscp-map Description The show qos dscp-map command is used to disp lay the configuration of DSCP Priority .
127 show qos status Description The show qos status command is used to display the status of IEEE 802.1P priority and DSCP priority . Synt ax show qos status Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the status of IEEE 802.
128 Chapter 21 Port Mirror Commands Port Mirror refers to the process of forwarding copies of packets from one port to a monitoring port. Usually , the monitoring port is connected to data diagnose device , which is used to analyze the monitored packet s for monitoring and troubleshooting the network.
129 monitor session source interface Description The monitor session source interface command is used to configure the monitored port. T o delete the corre sponding monitored po rt, please use no monitor session source interface command.
130 TL-SG3424(config)# monitor session 1 source interface gigabitEthernet 1/0/4-5,1/0/7 rx Delete port 4 in monitor session 1 and its configuration: TL-SG3424(config)# no monitor session 1 source inte.
131 Chapter 22 Port isolation Commands Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding the port to forward packets to the ports that are not on its forwarding port list.
132 Synt ax show port isolation interface [ gigabitEthernet port ] Parameter port —— The number of Ethernet port you want to show its forward port list, in the format of 1/0/2.
133 Chapter 23 Loopback Detection Commands With loopback detection feature enabled, the switch can detect loops us ing loopback detection packet s. When a loop is detected, the switch will di splay an alert or further block the corresponding port according to the configuration.
134 Example S pecify the interval -time as 50 seconds: TL-SG3424(config)# loopback-detection interval 50 loopback-detection recovery-time Description The loopback-detection recovery-time command is used to configure the time after which the blocked port would automatically recover to normal status.
135 TL-SG3424(config)# interface range gigabitEthernet 1/0/1-3 TL-SG3424(Config-if)# loopback-detection loopback-detection config Description The loopback-detection config command is used to configure the process-mode and recovery-mode for the por ts by which the switch copes with the detected loops.
136 Synt ax loopback-detection recover Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Recover the blocked port 2 to normal status: TLS.
137 Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the configuration of loopback det ection function and the status of all ports: TL-SG3424# show loopback-detection inte.
138 Chapter 24 ACL Commands ACL (Access Control List) is used to filter data p ackets by configur ing a series of match conditions, operations and time ranges. It prov ides a flexible and secured acce ss control policy and facilitates you to control the network security .
139 Parameter start-date —— The start date in Absoluteness Mo de, in the format of MM/DD/ YYYY . By default, it i s 01/01/2000. end-date —— The end date in Absoluteness Mode, in the format of MM/DD/ YYYY . By default, it is 1 2/31/2000. The absoluteness mode will be disabled if the start date and end date are both in default value.
140 TL-SG3424(config-time-range)# periodic week-date off-day time-slice1 08:30-12:00 holiday Description The holiday command is used to configure t he time-range into Holiday Mode under T ime-range Creat e Configurati on Mode. T o delete the corresponding Holiday Mode time-range, please use no holiday command.
141 Example Define National Day , configuring the st art date as October 1st, and the end date as October 3rd: TL-SG3424(config)# holiday nationalday start-date 10/01 end-date 10/03 access-list create Description The access-list create command is used to create standard-IP ACL and extend-IP ACL.
142 Example Create a MAC ACL whose ID is 23: TL-SG3424(config)# mac access-list 23 access-list standard Description The acc ess-list standard command is used to add S tandard-IP ACL rule. T o delete the correspondi ng rule, please use no access-list standard command.
143 255.255.255.0, the time-range for the rule to take ef fect is tSeg1, and the packet s match this rule will be forwarded by the switch: TL-SG3424(config)# access-list create 120 TL-SG3424(config)# access-list standard 120 rule 10 permit sip 192.168.
144 tos —— Enter the IP T oS contained in the rule. pri —— Enter the IP Precedence contained in the rule. Command Mode Global Configuration Mode Example Create an Extended-IP ACL whose ID is 220, and add Rule 10 for it. In the rule, the source IP address is 192.
145 ethernet-type —— EtherT yp e contained in the ru le, in the format of 4-hex number . user-pri —— The user priority contained in th e rule, ranging from 0 to 7. By default, it is not limited. time-segmen t —— The time-rang e for the rule to take ef fect.
146 TL-SG3424(config)# access-list policy name policy1 access-list policy action Description The access-list policy action command is used to add ACLs and create actions for the policy . T o set the detail ed configuration of ac tions for a policy , please use access-list policy action command to access Action Configuration Mode.
147 policy to port 2: TL-SG3424(config)# access-list policy action policy1 120 TL-SG3424(config-action)# redirect interface gi gabitEthernet 1/0/2 redirect vlan Description The redirect vlan command is used to configure Direction function of policy action for specified VLAN.
148 Command Mode Action Configuration Mode Example Edit the actions for policy1. For the dat a p ackets matching ACL 120 in the policy , if the rate beyond 1000kbps, they will be discarded by the swit.
149 Parameter dscp —— DSCP of QoS Remark. S pecif y the DSCP region for the data packet s matching the corresponding ACL. DSCP ranges from 0 to 63. By default, it is not limited. pri —— Local Priority of QoS Remark. S pec ify the local priority for the data packet s matching the corresponding ACL.
150 access-list bind(vlan) Description The access-list bind command is used to bind a policy to a VLAN. T o cancel the bind relation, please use no access-list bind command. Synt ax access-list bind policy-name no access-list bind policy-name Parameter policy-name —— The name of the policy desired to bind.
151 Synt ax show holiday Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the defined holiday: TL-SG3424(config)# show holiday show access-list Description The show access-list command is used to display configuration of ACL.
152 Example Display the information of a policy named policy1: TL-SG3424(config)# show access-list policy policy1 show access-list bind Description The show access-list b ind command is used to displa y the configuration of Policy bind.
153 Chapter 25 MSTP Commands MSTP (Multiple S panning T ree Protocol), comp at ible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ri ng network. STP is to block redundant links and backup links as well as optimize paths. spanning-tree(global) Description The spanning-tree command is used to enable STP function globally .
154 TL-SG3424(config-if)# spanning-tree spanning-tree common-config Description The spanning-tree common-config command is used to configure the parameters of the port s for comparison in the CIST and the common parameters of all insta nces. T o return to the default configuration, please use no sp anning-tree common-config command.
155 Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Enable the STP function of por t 1, and configure the Port Priority as 64, ExtPath .
156 default configuration of the co rresponding Instance, please use no sp anning-tree mst configuration command. Synt ax sp anning-tree mst configuration no sp anning-tree mst configuration Command M.
157 Remove VLANs 1-50 in maping VLANs 1-100 for Instance 1: TL-SG3424(config)# sp anning-tree mst configuration TL-SG3424(config-mst)# no instance 1 vlan 1-50 name Description The name command is used to configure t he region name of MST instance. Synt ax name name Parameters name —— The region name, used to identify MST region.
158 TL-SG3424(config-mst)# revison 100 spanning-tree mst instance Description The sp anning-tree mst instance command is used to configure the priority of MST inst ance. T o return to the default va lue of MST instance priority , please us e no sp anning-tree mst instance command.
159 Parameter instance-id —— Instance ID, ranging from 1 to 8. pri —— Port Priority , which must be multiple of 16 ranging from 0 to 240. By default, it is 128. Port Priority is an im portant criterion on determining if the port will be chosen as the root port by the device connected to this port.
160 spanning-tree tc-defend Description The spanning-tree tc-defend command is used to confi gure the TC Protect of S panning T ree globally . T o return to t he default configurat ion, please use no sp anning-tree tc-defen d command. A switch removes MAC address entries upon receiving TC-BPDUs.
161 Parameter forward-time —— Forward Delay , which is the time for the port to transit its state af ter the network topology is change d. Forward Dela y ranges from 4 to 30 in seconds and it is 15 by default. Other wise, 2 * (Forward Delay - 1) >= Max Age.
162 TL-SG3424(config)# sp anning-tree hold-count 8 spanning-tree max-hops Description The spanning-tree max-hop s command is used to configure the maximum number of hops that occur in a specific region before the BPDU is discarded. T o return to the default c onfigurations, please use no sp anning-tree max-hops command.
163 Example Enable the BPDU filter function for port 2: TL-SG3424(config)# interface gigabitEthernet 1/0/2 TL-SG3424(config-if)# spanning-tree bp dufilter spanning-tree bpduguard Description The spanning-tree bp d uguard command is used to enable the BPDU protect function for a port.
164 Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Enable the Loop Protect function for port 2: TL-SG3424(config)# interface gigabitEt.
165 removing MAC address entries, whic h may decrease the performance and stability of the network. With the Prot ect of S panning T ree f unction enabled, you can configure the number of TC-BPDUs in a required time, so as to avoid the process of removing MAC addresses frequently .
166 Synt ax show spanning-tree active Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the active information of spanning-tree: TL-SG3424(config)# show spanning-tree active show spanning-tree bridge Description The show spanning-tree bridge command is used to display the bridge parameters.
167 Example Display the spanning-tree information of all ports: TL-SG3424(config)# show spanning-tree interface Display the spanning-tree information of port 2: TL-SG3424(config)# show spanning-tree i.
168 show spanning-tree mst Description The show sp anning-tree mst command is used to display the related information of MST Instan ce. Synt ax show spanning-tree mst { configuration [ digest ] | instance instance-id [ interface [ gigabitEthernet port ]]} Parameter instance-id —— Instance ID desired to show , ranging from 1 to 8.
169 Chapter 26 IGMP Commands IGMP Snooping (Internet Group Management Prot ocol Snooping) is a multicast control mechanism running on Layer 2 switch. It can effectively prevent multicast groups being broadcasted in the network. ip igmp snooping(global) Description The ip igmp snooping command is used to configure IGMP Snooping globally .
170 TL-SG3424(config)# interface gigabitEthernet 1/0/3 TL-SG3424(config-if)# ip igmp snooping ip igmp snooping immediate-leave Description The ip igmp snooping immediate-leave command is used to configure the Fast Leave function for port. T o disabl e the Fast Leave fu nction, please use no ip igmp snooping immediate-leave command.
171 ip igmp snooping vlan-config Description The ip igmp snooping v lan-config command is used to enable VLAN IGMP Snooping function or to modify IGMP Snooping parameters, and to create static multicast IP entry . T o disable the VL AN IGMP Snooping function, please use no ip igmp snooping vlan-config command.
172 Example Enable the IGMP Snooping function and m odify Router Port T ime as 300 seconds, Member Port T ime as 200 sec onds for VLAN1-3, and set the Leave time as 15 seconds for VLAN1-2: TL -SG34 24.
173 leave-time —— Leave Time, which is the interval between the switch receiving a leave message from a host and the switch removing the host from the multicast groups. Leave T ime ranges from 1 to 30 in seconds. By default, it is 1. port —— The Ethernet port number .
174 Example Bind the filtering address ID 2-6 to port 3: TL-SG3424(config)# interface gigabitEthernet 1/0/3 TL-SG3424(config-if)# ip igmp snooping filter addr-id 2-6 ip igmp snooping filter(global) Description The ip igmp snooping filter command is used to add or modify the multica st filtering IP-range.
175 Synt ax ip igmp snooping filter no ip igmp snooping filter Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example Enable IGMP Snooping fil.
176 Synt ax ip igmp snooping filter mode mode Parameter mode —— Action Mode, with refuse and accept options. Refuse indicates only the multicast packe ts whose multicast IP is not in th e IP-range will be processed, while accept indicates only the multicas t pa ckets whose multicast IP is in the IP-range will be processed.
177 Synt ax show ip igmp snooping interface gigabitEthernet [ port | port-list ] { basic-config | filt er | packet-stat } Parameter port —— The Ethernet port number . port-list —— The list of Ethernet port s. basic-config | filter | pa cket-stat —— The related configuration information selected to display .
178 TL-SG3424# show ip igmp snooping vlan 2 show ip igmp snooping multi-vlan Description The sho w ip igmp snooping multi-vlan command is u sed to display the Multicast VLAN configuration.
179 Display the count of multic ast entries in VLAN 5: TL-SG3424(config)#show ip igmp snooping groups vlan 5 count Display the dynamic multicast groups of VLAN 5 TL-SG3424(config)#show ip igmp snoopin.
180 Chapter 27 SNMP Commands SNMP (Simple Network Management Protocol) func tions are used to manage the network devices for a smooth communication, whic h can facilitate the network administrators to monitor the network nodes and implement the proper operation.
181 mib-oid —— MIB Object ID. It is the Object I dentifier (OID) for the entry of V iew , ranging from 1 to 61 characters. include | exclude —— View T ype, with include and exclude options. They represent the view entry can/cannot be managed by the SNMP management station individually .
182 By default, the Security Level is noAuthN oPriv . T here is no need to configure this in SNMP v1 Mode and SNMP v2c Mode. read-view —— Select the View to be the Read View . The management access is restricted to read-only , and changes cannot be made to the assigned SNMP Vie w .
183 Parameter name —— User Name, ranging from 1 to 16 characters. local | remote —— User T ype, with local and remote options. Local indicates that the user is c onnected to a local SNMP engine, while remote means that the user is connected to a remote SNMP engine.
184 snmp-server community Description The snmp-server community command is used to add Community . T o delete the corresponding Community , please use no snmp-server community command.
185 udp-port —— UDP port, which is used to s end notifications. The UDP port functions with the IP address for the not ification sending. It ranges from 1 to 65535. user-name —— The User name of the management station. smode —— The Security Model of the mana g ement station, with v1, v2c and v3 options.
186 snmp-server engineID Description The snmp-server engineID command is used to configure the local and remote engineID of the switch. T o restore to the default setting, please use no snmp-server engineID command.
187 periodically , based on which the managem ent station can monitor network effectively . Synt ax rmon history index interface gigabitEthernet port [ interval seconds ] [ ow ne r owner-name ] no rmon history index Parameter index —— The index number of the entry , ranging from 1 to 12, in the format of 1-3,5.
188 Parameter index —— The index number of the event e n try , r anging from 1 to 12. Y ou can only select one entry for each command. user-name —— The name of the User to wh ich the event belongs, ranging from 1 to 16 characters. By default, it is “public”.
189 f-hold ] [ falling-event-index f-event ] [ a-type { rise | fall | all }] [ ow ner owner-name ] [ interval interval ] no rmon alarm index Parameter index —— The inde x number of the Alar m Management entry , ranging from 1 to 12, in the format of 1-3,5.
190 Example Configure the port of entries of 1,2 and 3 as port 2, the owners as owner1 and the alarm intervals as 100 seconds TL-SG3424(config)# rmon alarm 1-3 interface gigabitEthernet 1/0/2 ow ne r owner1 interval 100 show snmp-server Description The show snmp-server command is used to display SNMP configuration globally .
191 Synt ax show snmp-server group Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the Group table: TL-SG3424# show snmp-server group show snmp-server user Description The show snmp-server user command is used to display the User table.
192 show snmp-server host Description The show snmp-server host command is used to display the Host table. Synt ax show snmp-server host Command Mode Privileged EXEC Mode and Any Co nfiguration Mode E.
193 for each command. By default, t he configuration of all hi story sample entries is displayed. Command Mode Privileged EXEC Mode and Any Co nfiguration Mode Example Display the configuration of all.
194 Parameter index —— The index nu mber of the entry sele cted to display the configuration, ranging from 1 to 12, in the format of 1- 3, 5. Y ou can select more than on e entry for each command. By default, the conf iguration of all Alarm Management entries is displayed.
195 Chapter 28 Cluster Commands Cluster Management function enables a network administrator to manage the scattered devices in the network via a manag ement device. After a co mmander s witch is configured, manag ement and maintenance operations intended fo r the member devices in a cl uster is implemented by the commander device.
196 Change Aging T ime to 80 seconds: TL-SG3424(config)# cluster nd p timer aging 80 Change Hello T ime to 80 seconds: TL-SG3424(config)# cluster nd p timer hello 80 cluster ntdp Description The cluster ntd p command is used to configure NTDP globally .
197 hop-value —— NTDP Hop s, which is the hop count the switch topology collects. NTDP Hops ranges from 1 to 16. By default, it is 3. Command Mode Global Configuration Mode Example Enable NTDP fun.
198 ntdp —— Enable/ Disable NTDP function fo r the port. By default, it is enabled. Command Mode Interface Configuration Mode (interfa ce gigabitEthernet / interface range gigabitEthernet) Example.
199 show cluster ndp Description The show cluster ndp command is used to display NDP configuration of certain ports. Synt ax show cluster ndp [ interface [ gigabitEthernet port ]] Parameter port —— The Ethernet port numbe r .
200 Display the NTDP confi guration of port 2: TL-SG3424# show cluster ntd p interface gigabitEthernet 1/0/2 Display the information of device collected through NTDP: TL-SG3424# show cluster ntd p device-list show cluster neighbour Description The show cluster neighbour command is used to display the cluster neighbor information.
An important point after buying a device TP-Link TL-SG3216 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought TP-Link TL-SG3216 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data TP-Link TL-SG3216 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, TP-Link TL-SG3216 you will learn all the available features of the product, as well as information on its operation. The information that you get TP-Link TL-SG3216 will certainly help you make a decision on the purchase.
If you already are a holder of TP-Link TL-SG3216, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime TP-Link TL-SG3216.
However, one of the most important roles played by the user manual is to help in solving problems with TP-Link TL-SG3216. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device TP-Link TL-SG3216 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center