CLI Guide - TP-Link

TL-SL3428/TL-SL3452 

JetStream L2 Managed Switch 

Rev: 1.2.0 

1910010700

TL-SL3428/TL-SL3452 JetStream L2 Managed Switch CLI Guide 

COPYRIGHT & TRADEMARKS 

Specifications are subject to change without notice. 

is a registered trademark of 

TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or 

registered trademarks of their respective holders. 

No part of the specifications may be reproduced in any form or by any means or used to make any 

derivative such as translation, transformation, or adaptation without permission from TP-LINK 

TECHNOLOGIES CO., LTD. Copyright © 2012 TP-LINK TECHNOLOGIES CO., LTD. All rights 

reserved. 

http://www.tp-link.com 

i


CONTENTS 

Preface .............................................................................................................. 1 

Chapter 1 Using the CLI ....................................................................................... 4 

1.1 Accessing the CLI ...........................................................................................................4 

1.1.1 Logon by a console port .......................................................................................4 

1.1.2 Logon by Telnet ....................................................................................................6 

1.2 CLI Command Modes .....................................................................................................8 

1.3 Security Levels ............................................................................................................. 11 

1.4 Conventions.................................................................................................................. 11 

1.4.1 Format Conventions ........................................................................................... 11 

1.4.2 Special Characters.............................................................................................. 11 

1.4.3 Parameter Format...............................................................................................12 

Chapter 2 User Interface .................................................................................... 13 

enable....................................................................................................................................13 

enable password ...................................................................................................................13 

disable...................................................................................................................................14 

configure................................................................................................................................14 

exit.........................................................................................................................................14 

end ........................................................................................................................................15 

Chapter 3 IEEE 802.1Q VLAN Commands ........................................................ 16 

vlan database ........................................................................................................................16 

vlan........................................................................................................................................16 

interface vlan .........................................................................................................................17 

description .............................................................................................................................17 

switchport type ......................................................................................................................18 

switchport allowed vlan..........................................................................................................18 

switchport pvid.......................................................................................................................19 

switchport general egress-rule ..............................................................................................19 

show vlan ..............................................................................................................................20 

show interface switchport ......................................................................................................20 

Chapter 4 Protocol VLAN Commands............................................................... 21 

protocol-vlan template ...........................................................................................................21 

protocol-vlan vlan ..................................................................................................................21 

protocol-vlan interface ...........................................................................................................22 

ii


show protocol-vlan template..................................................................................................23 

show protocol-vlan vlan .........................................................................................................23 

show protocol-vlan interface..................................................................................................23 

Chapter 5 Voice VLAN Commands.................................................................... 25 

voice-vlan enable ..................................................................................................................25 

voice-vlan aging-time ............................................................................................................25 

voice-vlan oui ........................................................................................................................26 

switchport voice-vlan mode ...................................................................................................27 

show voice-vlan global ..........................................................................................................27 

show voice-vlan oui ...............................................................................................................28 

show voice-vlan switchport....................................................................................................28 

Chapter 6 GVRP Commands.............................................................................. 29 

gvrp .......................................................................................................................................29 

gvrp (interface) ......................................................................................................................29 

gvrp registration.....................................................................................................................30 

gvrp timer ..............................................................................................................................30 

show gvrp global ...................................................................................................................31 

show gvrp interface ...............................................................................................................32 

Chapter 7 LAG Commands ................................................................................ 33 

interface link-aggregation ......................................................................................................33 

interface range link-aggregation ............................................................................................33 

link-aggregation.....................................................................................................................34 

link-aggregation hash-algorithm ............................................................................................35 

description .............................................................................................................................35 

show interface link-aggregation.............................................................................................36 

Chapter 8 LACP Commands .............................................................................. 37 

lacp system-priority ...............................................................................................................37 

lacp (interface).......................................................................................................................37 

lacp admin-key ......................................................................................................................38 

lacp port-priority.....................................................................................................................38 

show lacp interface................................................................................................................39 

show lacp system-priority ......................................................................................................39 

Chapter 9 User Manage Commands.................................................................. 41 

user add ................................................................................................................................41 

user remove ..........................................................................................................................42 

iii


user modify status .................................................................................................................42 

user modify type ....................................................................................................................43 

user modify password............................................................................................................43 

user access-control disable ...................................................................................................44 

user access-control ip-based.................................................................................................44 

user access-control mac-based.............................................................................................45 

user access-control port-based .............................................................................................45 

user max-number ..................................................................................................................46 

user idle-timeout....................................................................................................................46 

show user account-list...........................................................................................................47 

show user configuration.........................................................................................................47 

Chapter 10 Binding Table Commands................................................................. 49 

binding-table user-bind ..........................................................................................................49 

binding-table remove .............................................................................................................50 

dhcp-snooping.......................................................................................................................50 

dhcp-snooping global ............................................................................................................51 

dhcp-snooping information enable ........................................................................................52 

dhcp-snooping information strategy ......................................................................................52 

dhcp-snooping information user-defined ...............................................................................53 

dhcp-snooping information remote-id ....................................................................................53 

dhcp-snooping information circuit-id......................................................................................54 

dhcp-snooping trusted...........................................................................................................54 

dhcp-snooping mac-verify .....................................................................................................55 

dhcp-snooping rate-limit ........................................................................................................55 

dhcp-snooping decline...........................................................................................................56 

show binding-table.................................................................................................................56 

show dhcp-snooping global ...................................................................................................57 

show dhcp-snooping information...........................................................................................57 

show dhcp-snooping interface...............................................................................................58 

Chapter 11 ARP Inspection Commands.............................................................. 59 

arp detection (global).............................................................................................................59 

arp detection trust-port ..........................................................................................................59 

arp detection (interface).........................................................................................................60 

arp detection limit-rate...........................................................................................................60 

arp detection recover.............................................................................................................61 

show arp detection global......................................................................................................62 

show arp detection interface..................................................................................................62 

iv


show arp detection statistic ...................................................................................................63 

show arp detection statistic reset ..........................................................................................63 

Chapter 12 DoS Defend Command...................................................................... 64 

dos-prevent ...........................................................................................................................64 

dos-prevent type....................................................................................................................64 

show dos-prevent ..................................................................................................................65 

Chapter 13 IEEE 802.1X Commands ................................................................... 66 

dot1x......................................................................................................................................66 

dot1x auth-method ................................................................................................................66 

dot1x guest-vlan ....................................................................................................................67 

dot1x quiet-period..................................................................................................................68 

dot1x timer.............................................................................................................................68 

dot1x retry .............................................................................................................................69 

dot1x......................................................................................................................................69 

dot1x guest-vlan ....................................................................................................................70 

dot1x port-control ..................................................................................................................70 

dot1x port-method .................................................................................................................71 

radius authentication primary-ip ............................................................................................72 

radius authentication secondary-ip........................................................................................73 

radius authentication port ......................................................................................................73 

radius authentication key.......................................................................................................74 

radius accounting enable.......................................................................................................74 

radius accounting primary-ip .................................................................................................75 

radius accounting secondary-ip.............................................................................................75 

radius accounting port ...........................................................................................................76 

radius accounting key............................................................................................................76 

radius response-timeout........................................................................................................77 

show dot1x global..................................................................................................................78 

show dot1x interface .............................................................................................................78 

show radius authentication ....................................................................................................79 

show radius accounting.........................................................................................................79 

Chapter 14 Log Commands ................................................................................. 80 

logging local buffer ................................................................................................................80 

logging local flash..................................................................................................................81 

logging clear ..........................................................................................................................81 

logging loghost ......................................................................................................................82 

v


show logging local-config ......................................................................................................83 

show logging loghost.............................................................................................................83 

show logging buffer ...............................................................................................................84 

show logging flash.................................................................................................................84 

Chapter 15 SSH Commands................................................................................. 86 

ssh server enable ..................................................................................................................86 

ssh version ............................................................................................................................86 

ssh idle-timeout .....................................................................................................................87 

ssh max-client .......................................................................................................................87 

ssh download ........................................................................................................................88 

show ssh ...............................................................................................................................88 

Chapter 16 SSL Commands ................................................................................. 90 

ssl enable ..............................................................................................................................90 

ssl download certificate .........................................................................................................90 

ssl download key ...................................................................................................................91 

show ssl.................................................................................................................................91 

Chapter 17 Address Commands.......................................................................... 93 

bridge address port-security ..................................................................................................93 

bridge address static .............................................................................................................94 

bridge aging-time...................................................................................................................95 

bridge address filtering ..........................................................................................................95 

show bridge port-security ......................................................................................................96 

show bridge address .............................................................................................................96 

show bridge aging-time .........................................................................................................97 

Chapter 18 System Commands ........................................................................... 98 

system-descript .....................................................................................................................98 

system-time gmt ....................................................................................................................98 

system-time manual ..............................................................................................................99 

system-time dst .....................................................................................................................99 

ip address............................................................................................................................100 

ip management-vlan............................................................................................................101 

ip dhcp-alloc ........................................................................................................................101 

ip bootp-alloc .......................................................................................................................101 

reset ....................................................................................................................................102 

reboot ..................................................................................................................................102 

user-config backup ..............................................................................................................103 

vi


user-config load...................................................................................................................103 

user-config save ..................................................................................................................104 

firmware upgrade ................................................................................................................104 

ping .....................................................................................................................................105 

tracert ..................................................................................................................................105 

loopback ..............................................................................................................................106 

show system-info.................................................................................................................106 

show ip address ..................................................................................................................107 

show system-time................................................................................................................107 

show system-time dst..........................................................................................................108 

show system-time source....................................................................................................108 

show system-time mode......................................................................................................108 

Chapter 19 Ethernet Configuration Commands ................................................110 

interface ethernet ................................................................................................................ 110 

interface range ethernet ...................................................................................................... 110 

description ........................................................................................................................... 111 

shutdown ............................................................................................................................. 111 

flow-control .......................................................................................................................... 112 

negotiation........................................................................................................................... 112 

storm-control ....................................................................................................................... 113 

port rate-limit ....................................................................................................................... 114 

port rate-limit disable ingress............................................................................................... 114 

port rate-limit disable egress ............................................................................................... 115 

show interface configuration................................................................................................ 115 

show interface status........................................................................................................... 116 

show interface counters....................................................................................................... 116 

show storm-control ethernet ................................................................................................ 117 

show port rate-limit .............................................................................................................. 117 

Chapter 20 QoS Commands................................................................................119 

qos ...................................................................................................................................... 119 

qos dot1p enable................................................................................................................. 119 

qos dot1p config ..................................................................................................................120 

qos dscp enable ..................................................................................................................121 

qos dscp config ...................................................................................................................121 

qos scheduler ......................................................................................................................122 

show qos port-based ...........................................................................................................123 

show qos dot1p ...................................................................................................................124 

vii


show qos dscp.....................................................................................................................124 

show qos scheduler.............................................................................................................124 

Chapter 21 Port Mirror Commands ....................................................................126 

mirror add ............................................................................................................................126 

mirror remove group............................................................................................................127 

mirror remove mirrored........................................................................................................127 

show mirror..........................................................................................................................128 

Chapter 22 Port isolation Commands ................................................................129 

port isolation ........................................................................................................................129 

show port isolation...............................................................................................................129 

Chapter 23 Loopback Detection .........................................................................131 

loopback-detection ..............................................................................................................131 

loopback-detection interval..................................................................................................131 

loopback-detection recovery-time........................................................................................132 

show loopback-detection global ..........................................................................................132 

show loopback-detection interface ......................................................................................133 

show loopback-detection interface ethernet ........................................................................133 

Chapter 24 ACL Commands................................................................................134 

acl time-segment .................................................................................................................134 

acl edit time-segment ..........................................................................................................135 

acl holiday ...........................................................................................................................136 

acl create.............................................................................................................................136 

acl rule mac-acl ...................................................................................................................137 

acl edit rule mac-acl ............................................................................................................138 

acl rule std-acl .....................................................................................................................139 

acl edit rule std-acl...............................................................................................................140 

acl policy policy-add ............................................................................................................141 

acl policy action-add............................................................................................................142 

acl edit action ......................................................................................................................143 

acl bind to-port.....................................................................................................................144 

acl bind to-vlan ....................................................................................................................144 

show acl time-segment........................................................................................................145 

show acl holiday ..................................................................................................................145 

show acl config....................................................................................................................145 

show acl bind.......................................................................................................................146 

viii


Chapter 25 MSTP Commands .............................................................................147 

spanning-tree global............................................................................................................147 

spanning-tree common-config .............................................................................................148 

spanning-tree region............................................................................................................149 

spanning-tree msti...............................................................................................................150 

spanning-tree msti...............................................................................................................151 

spanning-tree tc-defend.......................................................................................................152 

spanning-tree security .........................................................................................................152 

spanning-tree mcheck .........................................................................................................153 

show spanning-tree global-info............................................................................................154 

show spanning-tree global-config........................................................................................154 

show spanning-tree port-config ...........................................................................................154 

show spanning-tree region ..................................................................................................155 

show spanning-tree msti config ...........................................................................................155 

show spanning-tree msti port ..............................................................................................156 

show spanning-tree security tc-defend................................................................................156 

show spanning-tree security port-defend.............................................................................157 

Chapter 26 IGMP Commands..............................................................................158 

igmp-snooping global ..........................................................................................................158 

igmp-snooping config ..........................................................................................................158 

igmp-snooping vlan-config-add ...........................................................................................159 

igmp-snooping vlan-config...................................................................................................160 

igmp-snooping multi-vlan-config..........................................................................................161 

igmp-snooping static-entry-add ...........................................................................................162 

igmp-snooping filter-add ......................................................................................................163 

igmp-snooping filter-config ..................................................................................................163 

igmp-snooping filter .............................................................................................................164 

show igmp-snooping global-config ......................................................................................165 

show igmp-snooping port-config..........................................................................................165 

show igmp-snooping vlan-config .........................................................................................166 

show igmp-snooping multi-vlan ...........................................................................................166 

show igmp-snooping multi-ip-list .........................................................................................167 

show igmp-snooping filter-ip-addr .......................................................................................167 

show igmp-snooping port-filter ............................................................................................167 

show igmp-snooping packet-stat .........................................................................................168 

show igmp-snooping packet-stat-clear ................................................................................168 

Chapter 27 SNMP Commands.............................................................................170 

ix


snmp global .........................................................................................................................170 

snmp view-add ....................................................................................................................171 

snmp group-add ..................................................................................................................171 

snmp user-add ....................................................................................................................173 

snmp community-add ..........................................................................................................174 

snmp notify-add...................................................................................................................175 

snmp-rmon history sample-cfg ............................................................................................176 

snmp-rmon history owner ....................................................................................................177 

snmp-rmon history enable ...................................................................................................177 

snmp-rmon event user.........................................................................................................178 

snmp-rmon event description ..............................................................................................178 

snmp-rmon event type.........................................................................................................179 

snmp-rmon event owner......................................................................................................180 

snmp-rmon event enable.....................................................................................................180 

snmp-rmon alarm config......................................................................................................181 

snmp-rmon alarm owner......................................................................................................182 

snmp-rmon alarm enable.....................................................................................................183 

show snmp global-config.....................................................................................................183 

show snmp view ..................................................................................................................184 

show snmp group ................................................................................................................184 

show snmp user ..................................................................................................................184 

show snmp community........................................................................................................185 

show snmp destination-host................................................................................................185 

show snmp-rmon history .....................................................................................................186 

show snmp-rmon event .......................................................................................................186 

show snmp-rmon alarm.......................................................................................................187 

Chapter 28 Cluster Commands...........................................................................188 

cluster ndp...........................................................................................................................188 

cluster ntdp..........................................................................................................................189 

cluster explore .....................................................................................................................190 

cluster..................................................................................................................................190 

cluster manage role-change ................................................................................................191 

show cluster ndp global .......................................................................................................191 

show cluster ndp port-status................................................................................................192 

show cluster neighbour........................................................................................................192 

show cluster ntdp global ......................................................................................................192 

show cluster ntdp port-status...............................................................................................193 

x


show cluster ntdp device .....................................................................................................193 

show cluster manage role....................................................................................................194 

xi


Preface 

This Guide is intended for network administrator to provide referenced information about CLI 

(Command Line Interface). The device mentioned in this Guide stands for TL-SL3428/TL-SL3452 

JetStream L2 Managed Switch. 

Overview of this Guide 

Chapter 1: Using the CLI 

Provide information about how to use the CLI, CLI Command Modes, Security Levels and some 

Conventions. 

Chapter 2: User Interface 

Provide information about the commands used to switch between five CLI Command Modes. 

Chapter 3: IEEE 802.1Q VLAN Commands 

Provide information about the commands used for configuring IEEE 802.1Q VLAN. 

Chapter 4: Protocol VLAN Commands 

Provide information about the commands used for configuring Protocol VLAN. 

Chapter 5: Voice VLAN Commands 

Provide information about the commands used for configuring Voice VLAN. 

Chapter 6: GVRP Commands 

Provide information about the commands used for configuring GVRP (GARP VLAN registration 

protocol). 

Chapter 7: LAG Commands 

Provide information about the commands used for configuring LAG (Link Aggregation Group). 

Chapter 8: LACP Commands 

Provide information about the commands used for configuring LACP (Link Aggregation Control 

Protocol). 

Chapter 9: User Manage Commands 

Provide information about the commands used for user management. 

Chapter 10: Binding Table Commands 

Provide information about the commands used for binding the IP address, MAC address, VLAN 

and the connected Port number of the Host together. 

Chapter 11: ARP Inspection Commands 

Provide information about the commands used for protecting the switch from the ARP cheating or 

ARP Attack. 

1


Chapter 12: DoS Defend Command 

Provide information about the commands used for DoS defend and detecting the DoS attack. 

Chapter 13: IEEE 802.1X Commands 

Provide information about the commands used for configuring IEEE 802.1X function. 

Chapter 14: Log Commands 

Provide information about the commands used for configuring system log. 

Chapter 15: SSH Commands 

Provide information about the commands used for configuring and managing SSH (Security 

Shell). 

Chapter 16: SSL Commands 

Provide information about the commands used for configuring and managing SSL (Secure 

Sockets Layer). 

Chapter 17: Address Commands 

Provide information about the commands used for Address configuration. 

Chapter 18: System Commands 

Provide information about the commands used for configuring the System information and System 

IP, reboot and reset the switch, upgrade the switch system and other operations. 

Chapter 19: Ethernet Configuration Commands 

Provide information about the commands used for configuring the Bandwidth Control, Negotiation 

Mode, and Storm Control for Ethernet ports. 

Chapter 20: QoS Commands 

Provide information about the commands used for configuring the QoS function. 

Chapter 21: Port Mirror Commands 

Provide information about the commands used for configuring the Port Mirror function. 

Chapter 22: Port isolation Commands 

Provide information about the commands used for configuring the Port isolation function. 

Chapter 23: Loopback Detection 

Provide information about the commands used for configuring the Loopback Detection function. 

Chapter 24: ACL Commands 

Provide information about the commands used for configuring the ACL (Access Control List). 

Chapter 25: MSTP Commands 

Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree 

Protocol). 

Chapter 26: IGMP Commands 

2


Provide information about the commands used for configuring the IGMP Snooping (Internet Group 

Management Protocol Snooping). 

Chapter 27: SNMP Commands 

Provide information about the commands used for configuring the SNMP (Simple Network 

Management Protocol) functions. 

Chapter 28: Cluster Commands 

Provide information about the commands used for configuring the Cluster Management function. 

3


Chapter 1 

Using the CLI 

1.1 Accessing the CLI 

You can log on to the switch and access the CLI by the following two methods: 

1. Log on to the switch by the console port on the switch. 

2. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 

1.1.1 Logon by a console port 

To log on to the switch by the console port on the switch, please take the following steps: 

1. Connect the PCs or Terminals to the console port on the switch by a provided cable. 

2. Click Start → All Programs → Accessories→ Communications → Hyper Terminal to 

open the Hyper Terminal as the figure 1-1 shown. 

Figure 1-1 Open Hyper Terminal 

3. The Connection Description Window will prompt as figure1-2. Enter a name into the 

Name field and click OK. 

4


Figure 1-2 Connection Description 

4. Select the port to connect in figure 1-3, and click OK. 

Figure 1-3 Select the port to connect 

5. Configure the port selected in the step above as the following figure1-4 shown. Configure Bits 

per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, 

and then click OK. 

5


Figure 1-4 Port Settings 

6. Type the User name and Password in the Hyper Terminal window, the factory default value for 

both of them is admin. The DOS prompt” TP-LINK>” will appear after pressing the Enter 

button as figure1-5 shown. It indicates that you can use the CLI now. 

Figure 1-5 Log in the Switch 

1.1.2 Logon by Telnet 

To log on to the switch by a Telnet connection, please take the following steps: 

1. Make sure the switch and the PC are in the same LAN. 

2. Click Start → Run to open the Run window. 

6


Figure 1-6 Open the Run window 

3. Type cmd in the prompt Run window as figure 1-7 and click OK. 

Figure 1-7 Run Window 

4. Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter 

button. 

7


Figure 1-8 Connecting to the Switch 

5. Type the User name and Password (the factory default value for both of them is admin) and 

press the Enter button, then you can use the CLI now, which is shown as figure1-9. 

Figure 1-9 Log in the Switch 

1.2 CLI Command Modes 

The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, 

Global Configuration Mode, Interface Configuration Mode and VLAN Database (VLAN 

Configuration Mode). Interface Configuration Mode can also be divided into Interface Ethernet, 

Interface link-aggregation and some other modes, which is shown as the following diagram. 

8


The following table gives detailed information about the Accessing path, Prompt of each mode and 

how to exit the current mode and access the next mode. 

Mode 

Accessing 

Path 

Prompt 

Logout or Access the next 

mode 

Primary mode once it is 

Use the exit command to disconnect the 

User 

Mode 

EXEC 

connected with the 

switch. 

TP-LINK> 

switch (except that the switch is 

connected through the Console port). 

Use the enable command to access 

Privileged EXEC mode. 

Use the enable 

Use the exit command to disconnect the 

command to enter this 

switch (except that the switch is 

Privileged 

EXEC Mode 

mode from User EXEC 

mode. 

TP-LINK# 

connected through the Console port). 

Enter the disable command to return to 

User EXEC mode. 

Enter configure command to access 

Global Configuration mode. 

Use the configure 

Use the exit or the end command or 


press Ctrl+Z to return to Privileged 

Global 

Configuration 

Mode 

mode from Privileged 

EXEC mode. 

TP-LINK(config)# 

EXEC mode. 

Use the interface type number 

command to access interface 

Configuration mode. 

Use the vlan database to access VLAN 


9


Use the interface type 

Use the end command or press Ctrl+Z 

Interface 

Configuration 

Mode 

number command to 

enter this mode from 

Global Configuration 

mode. 

TP-LINK(config-if 

)# 

to return to Privileged EXEC mode. 

Enter exit command to return to Global 


A port number must be specified in the 

interface command. 

VLAN 

Configuration 

Mode 

Use the vlan database 


mode from Global 


TP-LINK(configvlan)# 

Use the end command or press Ctrl+Z 

to return to Privileged EXEC mode. 

Enter the exit command to return to 

Global configuration mode. 

Note: 

1. The user is automatically in User EXEC Mode after the connection between the PC and the 

switch is established by a console port or by a telnet connection. 

2. Each command mode has its own set of specific commands. To configure some commands, 

you should access the corresponding command mode firstly. 

• Global Configuration Mode: In this mode, global commands are provided, such as the 

Spanning Tree, Schedule Mode and so on. 

• Interface Configuration Mode: In this mode, users can configure one or several ports, 

different ports corresponds to different commands 

a). Interface Ethernet: Configure parameters for an Ethernet port, such as Duplex-mode, 

flow control status. 

b). Interface range Ethernet: The commands contained are the same as that of the 

Interface Ethernet. Configure parameters for several Ethernet ports. 

c). Interface link-aggregation: Configure parameters for a link-aggregation, such as 

broadcast storm. 

d). Interface range link-aggregation: Configure parameters for multi-trunks. 

e). Interface vlan: Configure parameters for the vlan-port. 

• Vlan Configuration Mode: In this mode, users can create a VLAN and add a specified 

port to the VLAN. 

3. Some commands are global, that means they can be performed in all modes: 

• show: display all information of switch, for example: statistic information, port information, 

VLAN information. 

10


• history: Display the commands history. 

1.3 Security Levels 

This switch’s security is divided into two levels: User level and Admin level. 

User level only allows users to do some simple operations in User EXEC Mode; Admin level 

allows you to monitor, configure and manage the switch in Privileged EXEC Mode, Global 

Configuration Mode, Interface Configuration Mode and VLAN Configuration Mode. 

Users get the privilege to the User level once connecting console port with the switch or logging in 

by Telnet. However, Guest users are restricted to access the CLI. 

Users can enter Privileged EXEC mode from User EXEC mode by using the enable command. In 

default case, no password is needed. In Global Configuration Mode, you can configure password 

for Admin level by enable password command. Once password is configured, you are required to 

enter it to access Privileged EXEC mode. 

1.4 Conventions 

1.4.1 Format Conventions 

The following conventions are used in this Guide: 

‣ Items in square brackets [ ] are optional 

‣ Items in braces { } are required 

‣ Alternative items are grouped in braces and separated by vertical bars. For example: speed 

{10 | 100 | 1000 } 

‣ Bold indicates an unalterable keyword. For example: show logging 

‣ Normal Font indicates a constant (several options are enumerated and only one can be 

selected). For example: switchport type { access | trunk | general } 

‣ Italic Font indicates a variable (an actual value must be assigned). For example: bridge 

aging-time aging-time 

1.4.2 Special Characters 

You should pay attentions to the description below if the variable is a character string: 

‣ These six characters ” < > , \ & can not be input. 

11


‣ If a blank is contained in a character string, single or double quotation marks should be used, 

for example ’hello world’, ”hello world”, and the words in the quotation marks will be identified 

as a string. Otherwise, the words will be identified as several strings. 

1.4.3 Parameter Format 

Some parameters must be entered in special formats which are shown as follows: 

‣ MAC Address must be enter in the format of xx:xx:xx:xx:xx:xx 

‣ One or several values can be typed for a port-list or a vlan-list using comma to separate. Use 

a hyphen to designate a range of values, for instance, 1,3-5,7 indicates choosing 1,3,4,5,and 

7. 

12


Chapter 2 

User Interface 

enable 

Description 

Syntax 

The enable command is used to access Privileged EXEC Mode from User 

EXEC Mode. 

enable 

Command Mode 

Example 

User EXEC Mode 

If you have set the password to access Privileged EXEC Mode from User EXEC 

Mode: 

TP-LINK>enable 

Enter password: 


enable password 

Description 

The enable password command is used to set the password for users to 

access Privileged EXEC Mode from User EXEC Mode. To return to the default 

configuration, please use no enable password command. 

Syntax 

enable password password 

no enable password 

Parameter 

password —— super password , which contains 16 characters at most, 

composing digits, English letters and underdashes only. By default, it is empty. 

Command Mode 

Global Configuration Mode 

Example 

Set the super password as admin to access Privileged EXEC Mode from User 

EXEC Mode: 

TP-LINK(config)# enable password admin 

13


disable 

Description 

Syntax 

The disable command is used to return to User EXEC Mode from Privileged 

EXEC Mode. 

disable 

Command Mode 

Example 

Privileged EXEC Mode 

Return to User EXEC Mode from Privileged EXEC Mode: 

TP-LINK# disable 

TP-LINK> 

configure 

Description 

Syntax 

The configure command is used to access Global Configuration Mode from 

Privileged EXEC Mode. 

configure 

Command Mode 

Example 


Access Global Configuration Mode from Privileged EXEC Mode: 

TP-LINK# configure 

TP-LINK(config)# 

exit 

Description 

Syntax 

The exit command is used to return to the previous Mode from the current 

Mode. 

14


exit 

Command Mode 

Example 

Any Configuration Mode 

Return to Global Configuration Mode from Interface Configuration Mode, and 

then return to Privileged EXEC Mode: 

TP-LINK(config-if)# exit 

TP-LINK(config)#exit 


end 

Description 

The end command is used to return to Privileged EXEC Mode. 

Syntax 

end 

Command Mode 


Example 

Return to Privileged EXEC Mode from Interface Configuration Mode: 

TP-LINK(config-if)#end 


15


Chapter 3 

IEEE 802.1Q VLAN Commands 

VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into 

multiple logical LANs flexibly. Hosts in the same VLAN can communicate with each other, 

regardless of their physical locations. VLAN can enhance performance by conserving bandwidth, 

and improve security by limiting traffic to specific domains. 

vlan database 

Description 

Syntax 

The vlan database command is used to access VLAN Configuration Mode for 

creating, deleting 802.1Q VLAN and other operations. 

vlan database 

Command Mode 

Example 


Access VLAN Configuration Mode: 

TP-LINK(config)# vlan database 

TP-LINK(config-vlan)# 

vlan 

Description 

Syntax 

Parameter 

The vlan command is used to create IEEE 802.1Q VLAN. To delete the IEEE 

802.1Q VLAN, please use no vlan command. 

vlan VLAN_ID_LIST 

no vlan VLAN_ID_LIST 

VLAN_ID_LIST ——The list of VLAN ID, in the format of 2-5,7, ranging from 2 

to 4094. 

Command Mode 

VLAN Configuration Mode 

16


Example 

Create several VLANs with the vid as 2-5, 7: 

TP-LINK(config)# vlan database 

TP-LINK(config-vlan)#vlan 2-5,7 

interface vlan 

Description 

Syntax 

Parameter 

The interface vlan command is used to access VLAN Interface Mode to 

configure the specified VLAN. 

interface vlan vlan-id 

vlan-id ——VLAN ID, ranging from 1 to 4094. 

Command Mode 

Example 


Configure the VLAN2: 

TP-LINK(config)# interface vlan 2 

description 

Description 

Syntax 

Parameter 

The description command is used to assign a description string to a VLAN. To 

clear the description, please use no description command. 

description descript 

no description 

descript ——String to describe the VLAN, which contains 16 characters at most. 

Command Mode 

Example 

Interface Configuration Mode(interface vlan) 

Specify the description string of the VLAN 2 as “vlan 2”: 

17


TP-LINK(config)# interface vlan 2 

TP-LINK(config-if)#description vlan2 

switchport type 

Description 

Syntax 

Parameter 

The switchport type command is used to configure the Link Types for the 

ports. 

switchport type { access | trunk | general } 

access | trunk | general —— Link Types. There are three Link Types for the 

ports. 

Command Mode 

Example 

Interface Configuration Mode ( interface ethernet / interface range ethernet ) 

Specify the Link Type of port 5 as general: 

TP-LINK(config)# interface ethernet 5 

TP-LINK(config-if)#switchport type general 

switchport allowed vlan 

Description 

Syntax 

Parameter 

The switchport allowed vlan command is used to add the desired port to IEEE 

802.1Q VLAN, or to remove a port from the corresponding VLAN. 

switchport allowed vlan add vlan-list 

switchport allowed vlan remove vlan-list 

vlan-list —— VLAN ID list, it is multi-optional. 

Command Mode 

Example 


Add port 2 to IEEE 802.1Q VLAN: 

18



TP-LINK(config-if)# switchport allowed vlan add 2 

switchport pvid 

Description 

Syntax 

Parameter 

The switchport pvid command is used to configure the PVID for the switch 

ports. 

switchport pvid vlan-id 

vlan-id —— VLAN ID, ranging from 1 to 4094. 

Command Mode 

Example 

Interface Configuration Mode (interface ethernet / interface range ethernet ) 

Specify the PVID of port 2 as 2: 


TP-LINK(config-if)# switchport pvid 2 

switchport general egress-rule 

Description 

Syntax 

Parameter 

The switchport general egress-rule command is used to configure the 

egress-rule of the general port. 

switchport general egress-rule vlan-id { untagged | tagged } 


untagged | tagged ——egress-rule,untagged or tagged 

Command Mode 

Example 


Specify the egress-rule of port 2 in vlan 3 as tagged: 

19



TP-LINK(config-if)# switchport general egress-rule 3 tagged 

show vlan 

Description 

Syntax 

Parameter 

The show vlan command is used to display the information of IEEE 802.1Q 

VLAN . 

show vlan [vlan-id] 

vlan-id —— VLAN ID, ranging from 1 to 4094. By default , display all the 

information of IEEE 802.1Q VLAN. 

Command Mode 

Example 


Display the information of vlan 5: 

TP-LINK(config)# show vlan 5 

show interface switchport 

Description 

Syntax 

Parameter 

The show interface switchport command is used to display the IEEE 802.1Q 

VLAN configuration information of the specified port. 

show interface switchport [port-num] 

port-num —— The port number. By default, display the VLAN configuration 

information of all ports. 

Command Mode 

Example 


Display the VLAN configuration information of all ports: 

TP-LINK(config)# show interface switchport 

20


Chapter 4 

Protocol VLAN Commands 

Protocol VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A 

Protocol is relative to a single VLAN ID. The untagged packets and the priority-tagged packets 

matching the protocol template will be tagged with this VLAN ID. 

protocol-vlan template 

Description 

Syntax 

Parameter 

The protocol-vlan template command is used to create or delete Protocol 

VLAN template. 

protocol-vlan template add {protocol-name} {ether-type} 

protocol-vlan template remove index 

protocol-name —— Give a name for the Protocol Template , which contains 

8 characters at most. 

ether-type ——Enter the Ethernet protocol type field in the protocol template, 

composing 4 Hex integers. 

index —— The number of the Protocol template. You can get the template 

corresponding to the number by the show protocol-vlan template command. 

Command Mode 

Example 


Create a Protocol VLAN template named “arp” whose Ethernet protocol type is 

0806 and delete the Protocol template whose number is 2: 

TP-LINK(config)# protocol-vlan template add arp 0806 

TP-LINK(config)# protocol-vlan template remove 2 

protocol-vlan vlan 

Description 

Syntax 

The protocol-vlan vlan command is used to create a Protocol VLAN entry. To 

delete a Protocol VLAN entry ,please use no protocol-vlan command. 

21

Parameter 


protocol-vlan vlan vid template index 

no protocol-vlan entry-id 

vid ——VLAN ID,ranging from 1-4094. 

index ——The number of the Protocol template. You can get the template 

corresponding to the number by the show protocol-vlan template command. 

entry-id ——The number of the Protocol VLAN . You can get the Protocol VLAN 

entry corresponding to the number by the show protocol-vlan vlan command. 

Command Mode 

Example 


Create a Protocol VLAN entry, whose index is 1 and vid is 2. And then delete the 

Protocol VLAN entry whose number is 1: 

TP-LINK(config)# protocol-vlan vlan 2 template 1 

TP-LINK(config)# no protocol-vlan vlan 1 

protocol-vlan interface 

Description 

Syntax 

Parameter 

The protocol-vlan interface command is used to enable the Protocol VLAN 

feature for a specified port. To disable the Protocol VLAN feature of this port, 

please use no protocol-vlan interface command. By default, the Protocol 

VLAN feature of all ports is disabled. 

protocol-vlan vlan interface port-list 

no protocol-vlan interface [port-list] 

port-list ——The port numbers needed to be edited or canceled. 

Command Mode 

Example 


Enable the Protocol VLAN feature for the ports 1、4-6、9-11: 

TP-LINK(config)# protocol-vlan vlan interface 1,4-6,9-11 

22


show protocol-vlan template 

Description 

Syntax 

The show protocol-vlan template command is used to display the information 

of the Protocol VLAN templates. 

show protocol-vlan template 

Command Mode 

Example 


Display the information of the Protocol VLAN templates: 

TP-LINK(config)# show protocol-vlan template 

show protocol-vlan vlan 

Description 

Syntax 

The show protocol-vlan vlan command is used to display the information 

about Protocol VLAN entry. 

show protocol-vlan vlan 

Command Mode 

Example 


Display information of the protocol-vlan entry: 

TP-LINK(config)# show protocol-vlan vlan 

show protocol-vlan interface 

Description 

Syntax 

The show protocol-vlan interface command is used to display port state of 

Protocol VLAN. 

show protocol-vlan interface 

Command Mode 

23



Example 

Display the configuration of the protocol-vlan interface: 

TP-LINK(config)# show protocol-vlan interface 

24


Chapter 5 

Voice VLAN Commands 

Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and 

adding the ports with voice devices attached to voice VLANs, you can perform QoS-related 

configuration for voice data, ensuring the transmission priority of voice data stream and voice 

quality. 

voice-vlan enable 

Description 

The voice-vlan enable command is used to enable Voice VLAN function. To 

disable Voice VLAN function, please use no voice-vlan enable command. 

Syntax 

voice-vlan enable vlan-id 

no voice-vlan enable 

Parameter 


Command Mode 


Example 

Enable the Voice VLAN function for VLAN 2: 

TP-LINK(config)# voice-vlan enable 2 

voice-vlan aging-time 

Description 

The voice-vlan aging-time command is used to set the aging time for a voice 

VLAN. To restore to the default aging time for the Voice VLAN, please use no 

voice-vlan aging-time command. 

Syntax 

voice-vlan aging-time aging-time 

no voice-vlan aging-time 

25


Parameter 

aging-time ——Aging time (in minutes) to be set for the Voice VLAN. It ranges 

from 1 to 43200 and the default value is 1440. 

Command Mode 


Example 

Set the aging time for the Voice VLAN as 2880 minutes: 

TP-LINK(config)# voice-vlan aging-time 2880 

voice-vlan oui 

Description 

The voice-vlan oui command is used to create or delete Voice VLAN OUI. 

Syntax 

voice-vlan oui add mac-addr mask mask-addr [description] 

voice-vlan oui remove mac-addr 

Parameter 

mac-addr —— The OUI address of the voice device. 

mask-addr —— The OUI address mask of the voice device. 

description ——Give a description to the OUI for identification which contains 16 

characters at most. By default, it is empty. 

Command Mode 


Example 

Create a Voice VLAN OUI descripted as TP-LINK Phone with the MAC address 

00:01:E3:00:00:01 and the mask address FF:FF:FF:00:00:00. And then delete 

the Voice VLAN OUI with the MAC address 00:00:00:11:00:01: 

TP-LINK(config)# voice-vlan oui add 00:01:E3:00:00:01 mask 

FF:FF:FF:00:00:00 “TP-LINK Phone” 

TP-LINK(config)# voice-vlan oui remove 00:00:00:11:00:01 

26

switchport voice-vlan mode 


Description 

The switchport voice-vlan mode command is used to configure the Voice 

VLAN mode for the Ethernet port. 

Syntax 

switchport voice-vlan mode { manual | auto } 

Parameter 

manual / auto —— Port mode. 

Command Mode 

Interface Configuration Mode(interface ethernet / interface range ethernet) 

Example 

Configure Ethernet port 2 to operate in the manual voice VLAN mode: 


TP-LINK(config-if)# switchport voice-vlan mode manual 

show voice-vlan global 

Description 

The show voice-vlan global command is used to display the global 

configuration information of Voice VLAN. 

Syntax 

show voice-vlan global 

Command Mode 


Example 

Display the configuration information of Voice VLAN globally: 

TP-LINK(config)# show voice-vlan global 

27

show voice-vlan oui 


Description 

The show voice-vlan oui command is used to display the configuration 

information of Voice VLAN OUI. 

Syntax 

show voice-vlan oui 

Command Mode 


Example 

Display the configuration information of Voice VLAN OUI: 

TP-LINK(config)# show voice-vlan oui 

show voice-vlan switchport 

Description 

The show voice-vlan switchport command is used to displays the 

configuration information of the port in the Voice VLAN. 

Syntax 

show voice-vlan switchport [port] 

Parameter 

port —— Ethernet port. By default, it will display the configuration information of 

all the ports in the Voice VLAN. 

Command Mode 


Example 

Display the configuration information of all the ports in the Voice VLAN: 

TP-LINK(config)# show voice-vlan switchport 

28


Chapter 6 

GVRP Commands 

GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute 

registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the 

dynamic VLAN registration information and propagate the local VLAN registration information to 

other switches, without having to individually configure each VLAN. 

gvrp 

Description 

The gvrp command is used to enable the GVRP function globally. To disable the 

GVRP function, please use no gvrp command. 

Syntax 

gvrp 

no gvrp 

Command Mode 


Example 

Enable the GVRP function globally: 

TP-LINK(config)# gvrp 

gvrp (interface) 

Description 

The gvrp(interface) command is used to enable the GVRP function for the 

desired port. To disable the GVRP function of this port, please use no gvrp 

command. The GVRP feature can only be enabled for the trunk-type ports. 

Syntax 

gvrp 

no gvrp 

Command Mode 


29


Example 

Enable the GVRP function for ports 2-6: 

TP-LINK(config)# interface range ethernet 2-6 

TP-LINK(config-if)# gvrp 

gvrp registration 

Description 

The gvrp registration command is used to configure the GVRP registration 

type on the desired port. To restore to the default value, please use no gvrp 

registration command. 

Syntax 

gvrp registration { normal | fixed | forbidden } 

no gvrp registration 

Parameter 

normal | fixed | forbidden —— Registration mode. By default, the registration 

mode is normal. 

Command Mode 


Example 

Configure the GVRP registration mode on the port 2-6 to fixed: 


TP-LINK(config-if)# gvrp registration fixed 

gvrp timer 

Description 

The gvrp timer command is used to set a GVRP timer for the desired port. To 

restore to the default setting of a GARP timer, please use no gvrp timer 

command. 

Syntax 

gvrp timer { leaveall | join | leave } {value} 

30


no gvrp timer [leaveall | join | leave] 

Parameter 

leaveall | join | leave —— They are the three timers: leave All、join and leave. 

Once the LeaveAll Timer is set, the port with GVRP enabled can send a 

LeaveAll message after the timer times out, so that other GARP ports can 

re-register all the attribute information. After that, the LeaveAll timer will start to 

begin a new cycle. To guarantee the transmission of the Join messages, a 

GARP port sends each Join message two times. The Join Timer is used to 

define the interval between the two sending operations of each Join message. 

Once the Leave Timer is set, the GARP port receiving a Leave message will 

start its Leave timer, and unregister the attribute information if it does not receive 

a Join message again before the timer times out. 

value ——The value of the timer. The LeaveAll Timer ranges from 1000 to 

30000 centiseconds and the default value is 1000. The Join Timer ranges from 

20 to 1000 centiseconds and the default value is 20. The Leave Timer ranges 

from 60 to 3000 centiseconds and the default value is 60. 

Command Mode 


Example 

Set the GARP leaveall timer of port 6 to 2000 centiseconds and restore to the 

join timer of it to the default value: 


TP-LINK(config-if)# gvrp timer leaveall 2000 

TP-LINK(config-if)# no gvrp timer join 

show gvrp global 

Description 

The show gvrp global command is used to display the global GVRP status. 

Syntax 

show gvrp global 

Command Mode 


31


Example 

Display the global GVRP status: 

TP-LINK(config)# show gvrp global 

show gvrp interface 

Description 

The show gvrp interface command is used to display the GVRP configuration 

information of the specified Ethernet ports. 

Syntax 

show gvrp interface [ethernet port-num] 

Parameter 

port-num ——The Ethernet port number. By default, the GVRP configuration 

information of all the Ethernet ports is displayed. 

Command Mode 


Example 

Display the GVRP configuration information of all the Ethernet ports: 

TP-LINK(config)# show gvrp interface 

32


Chapter 7 

LAG Commands 

LAG (Link Aggregation Group) is to combine a number of ports together to make a single 

high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is 

the sum of bandwidth of its member port. 

interface link-aggregation 

Description 

The interface link-aggregation command is used to access the Interface 

Link-aggregation Mode. To delete the aggregation group, please use no 

interface link-aggregation command. 

Syntax 

interface link-aggregation group-number 

no interface link-aggregation group-number 

Parameter 

group-number ——The LAG number, ranging from1 to 14. 

Command Mode 


Example 

Access the Interface Link-aggregation Mode and configure the aggregation 

group 1: 

TP-LINK(config)# interface link-aggregation 1 

TP-LINK(config-if)# 

interface range link-aggregation 

Description 

The interface range link-aggregation command is used to access the 

Interface range Link-aggregation Mode, and you can configure some 

aggregation groups at the same time. To delete the aggregation group, please 

use no interface range link-aggregation command. 

33


Syntax 

interface range link-aggregation group-list 

no interface range link-aggregation group-list 

Command Mode 


Parameter 

group-list ——The aggregation group list. You can configure some aggregation 

groups at the same time. 

Example 

Access the Interface range Link-aggregation Mode and configure the 

aggregation group 1,4-6: 

TP-LINK(config)# interface range link-aggregation 1,4-6 

TP-LINK(config-if)# 

link-aggregation 

Description 

The link-aggregation command is used to add the current Ethernet port to an 

aggregation group. To remove the current Ethernet port from the aggregation 

group, please use no link-aggregation command. 

Syntax 

link-aggregation group-num 

no link-aggregation 

Parameter 

group-num ——The LAG number, ranging from1 to 14. 

Command Mode 


Example 

Add the Ethernet port 2-4 to aggregation group 1: 


TP-LINK(config-if)#link-aggregation 1 

34


link-aggregation hash-algorithm 

Description 

The link-aggregation hash-algorithm command is used to configure the 

Aggregate Arithmetic for LAG. 

Syntax 

link-aggregation hash-algorithm {src_dst_mac | src_dst_ip } 

Parameter 

src_dst_mac —— The source and destination MAC addresses. 

src_dst_ip ——The source and destination IP addresses. 

Command Mode 


Example 

Configure the Aggregate Arithmetic for LAG as src_dst_mac: 

TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac 

description 

Description 

The description command is used to set a description for an aggregation group. 

To remove the description of an aggregation group, please use no description 

command. 

Syntax 

description description 


Parameter 

description——The description of LAG, which contains 16 characters at most. 

Command Mode 

Interface Configuration Mode(interface link-aggregation) 

Example 

Set the description "movie server" for aggregation group1: 

35


TP-LINK(config)# interface link-aggregation 1 

TP-LINK(config-if)# description “movie server” 

show interface link-aggregation 

Description 

The show interface link-aggregation command is used to display the 

configuration information of the Aggregate Arithmetic and the aggregation 

groups. 

Syntax 

show interface link-aggregation [group-num] 

Parameter 

group-num ——The LAG number, ranging from1 to 14. By default, the LAG 

configuration information of all the Ethernet ports is displayed. 

Command Mode 


Example 

Display the LAG configuration information of all the Ethernet ports: 

TP-LINK(config)#show interface link-aggregation 

36


Chapter 8 

LACP Commands 

LACP (Link Aggregation Control Protocol) is defined in IEEE802.3ad and enables the dynamic link 

aggregation and disaggregation by exchanging LACP packets with its partner. The switch can 

dynamically group similarly configured ports into a single logical link, which will highly extend the 

bandwidth and flexibly balance the load. 

lacp system-priority 

Description 

The lacp system-priority command is used to set global lacp system priority. 

Syntax 

lacp system-priority value 

Command Mode 


Parameter 

value —— system-priority, ranging from 0 to 65535. By default, the value is 

32768. 

Example 

Set global lacp system priority 1024: 

TP-LINK(config)# lacp system-priority 1024 

lacp (interface) 

Description 

The lacp(interface) command is used to enable LACP protocol on the current 

port. To disable LACP protocol, please use no lacp command. 

Syntax 

lacp 

no lacp 

Command Mode 

37



Example 

Enable LACP protocol on the port 1: 


TP-LINK(config-if)# lacp 

lacp admin-key 

Description 

The lacp admin-key command is used to configure the admin key. To restore 

the default value, please use no lacp admin-key command. 

Syntax 

lacp admin-key value 

no lacp admin-key 

Parameter 

value —— admin key, ranging from 0 to 65535. By default, the value is 1. 

Command Mode 


Example 

Configure the admin key of port 1 as 1024: 


TP-LINK(config-if)# lacp admin-key 1024 

lacp port-priority 

Description 

The lacp port-priority command is used to set the priority of the current port. To 

restore to the default priority, please use no lacp port-priority command. 

Syntax 

lacp port-priority value 

no lacp port-priority 

38


Parameter 

value —— Port priority, ranging from 0 to 65535. By default, the value is 32768. 

Command Mode 


Example 

Set the port priority of port 1 to 1024: 


TP-LINK(config-if)# lacp port-priority 1024 

show lacp interface 

Description 

The show lacp interface command is used to display the port configuration 

information of LACP. 

Syntax 

show lacp interface [ethernet port-num] 

Parameter 

port-num —— The Ethernet port number. By default, display the configuration 

information of all the Ethernet ports. 

Command Mode 


Example 

Display the configuration information of all the Ethernet ports: 

TP-LINK(config)# show lacp interface 

show lacp system-priority 

Description 

The show lacp system-priority command is used to display the global system 

priority value of LACP. 

39


Syntax 

show lacp system-priority 

Command Mode 


Example 

Display the global system priority value of LACP: 

TP-LINK(config)# show lacp system-priority 

40


Chapter 9 

User Manage Commands 

User Manage Commands are used to configure the user name and password for users to log on to 

the Web management page with a certain access level so as to protect the settings of the switch 

from being randomly changed. 

user add 

Description 

The user add command is used to add a new user. 

Syntax 

user add user-name password password confirm-password 

confirm-password {guest | admin} {disable | enable} 

Parameter 

user-name ——Type a name for users' login, which contains 16 characters at 

most, composing digits, English letters and underdashes only. 

password ——Type a password for users' login, which contains 16 characters at 

most, composing digits, English letters and underdashes only. 

confirm-password ——Type the password again. 

guest | admin —— Access level. 

guest: only can view the settings without the right to edit and modify. 

admin: can edit, modify and view all the settings of different functions. 

disable | enable ——Enable/disable the user. 

Command Mode 


Example 

Add and enable a new admin user named tplink, and of which the password is 

password: 

TP-LINK(config)#user add tplink password password confirm-password 

password admin enable 

41


user remove 

Description 

The user remove command is used to delete an existing user. The current user 

can't be deleted by itself. 

Syntax 

user remove user-name 

Parameter 

user-name —— An existing user name. 

Command Mode 


Example 

Delete the user named tplink: 

TP-LINK(config)# user remove tplink 

user modify status 

Description 

The user modify status command is used to modify the status of the existing 

user. The current user can't be modified by itself. 

Syntax 

user modify status user-name {disable | enable} 

Parameter 

user-name —— The existing user name. 

disable | enable ——Disable/enable the user. 

Command Mode 


Example 

Enable the status of user “tplink”: 

TP-LINK(config)# user modify status tplink enable 

42

user modify type 


Description 

The user modify type command is used to modify the access level for the 

existing user. The current user can't be modified by itself. 

Syntax 

user modify type user-name {guest | admin} 

Parameter 


guest | admin —— Access level. guest: limited user; admin: manager. 

Command Mode 


Example 

Change the access level of tplink to admin: 

TP-LINK(config)# user modify type tplink admin 

user modify password 

Description 

The user modify password command is used to modify the password for the 

existing user. 

Syntax 

user modify password user-name old-password new-password 

confirm-password 

Parameter 


old-password —— The old password. 

new-password —— The new password, which contains 16 characters at most, 

composing digits, English letters and underdashes only. 

confirm-password —— Type the new password again. 

Command Mode 

43



Example 

Modify the password of tplink as newpwd: 

TP-LINK(config)# user modify password tplink password newpwd newpwd 

user access-control disable 

Description 

The user access-control disable command is used to cancel the user 

access-control. 

Syntax 

user access-control disable 

Command Mode 


Example 

Cancel the user access-control: 

TP-LINK(config)# user access-control disable 

user access-control ip-based 

Description 

The user access-control ip-based command is used to limit the IP-range of 

the users for login. Only the users within the IP-range you set here are allowed 

for login. 

Syntax 

user access-control ip-based ip-addr ip-mask 

Parameter 

ip-addr / ip-mask —— The IP source IP address. Only the users within the IP 

range you set here are allowed for login. 

Command Mode 


44


Example 

Enable the access-control of the user whose Ip address is 192.168.0.148: 

TP-LINK(config)# user access-control ip-based 192.168.0.148 

255.255.255.255 

user access-control mac-based 

Description 

The user access-control mac-based command is used to limit the MAC 

Address of the users for login. Only the user with this MAC Address you set here 

are allowed for login 

Syntax 

user access-control mac-based mac-addr 

Parameter 

mac-addr —— The source MAC address. 

Command Mode 


Example 

Enable the access-control of the user whose MAC address is 

00:00:13:0A:00:01: 

TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01 

user access-control port-based 

Description 

The user access-control port-based command is used to limit the ports for 

login. Only the users connected to these ports you set here are allowed for 

login. 

Syntax 

user access-control port-based port-list 

Parameter 

port-list ——The Ethernet port numbers. You can appoint 5 ports at most. 

45


Command Mode 


Example 

Enable the access-control of the ports 2, port4, port5, port6,and port10: 

TP-LINK(config)# user access-control port-based 2,4-6,10 

user max-number 

Description 

The user max-number command is used to configure the number of the users 

logging on at the same time. To cancel the limit to the numbers of the users 

logging in, please use no user max-number command. 

Syntax 

user max-number admin-num guest-num 

no user max-number 

Parameter 

admin-num ——The maximum number of the users logging on as Admin, 

ranging from 1 to 16. The total number of Admin and Guest should be less than 

16. 

guest-num ——The maximum number of the users logging on as Guest, 

ranging from 0 to 15. The total number of Admin and Guest should be less than 

16. 

Command Mode 


Example 

Configure the number of the users as Admin and Guest logging on as 5 and 3: 

TP-LINK(config)# user max-num 5 3 

user idle-timeout 

Description 

The user idle-timeout command is used to configure the timeout time of the 

46


switch. To restore to the default timeout time, please use no user idle-timeout 

command. 

Syntax 

user idle-timeout minutes 

no user idle-timeout 

Parameter 

minutes ——The timeout time, ranging from 5 to 30 in minutes. By default, the 

value is 10. 

Command Mode 


Example 

Configure the timeout time of the switch as 15 minutes: 

TP-LINK(config)# user idle-timeout 15 

show user account-list 

Description 

The show user account-list command is used to display the information of the 

current users. 

Syntax 

show user account-list 

Command Mode 


Example 

Display the information of the current users: 

TP-LINK(config)# show user account-list 

show user configuration 

Description 

The show user configuration command is used to display the security 

47


configuration information of the users, including access-control, max-number 

and the idle-timeout, etc. 

Syntax 

show user configuration 

Command Mode 


Example 

Display the security configuration information of the users: 

TP-LINK(config)# show user configuration 

48


Chapter 10 Binding Table Commands 

You can bind the IP address, MAC address, VLAN and the connected Port number of the Host 

together, which can be the condition for the ARP Inspection to filter the packets. 

binding-table user-bind 

Description 

The binding-table user-bind command is used to bind the IP address, MAC 

address, VLAN ID and the Port number together manually. You can manually 

bind the IP address, MAC address, VLAN ID and the Port number together in 

the condition that you have got the related information of the Hosts in the LAN. 

Syntax 

binding-table user-bind hostname ip-addr mac-addr vlan vid port 

port-num {none | arp-detection } 

Parameter 

hostname ——The Host Name, which contains 20 characters at most. 

ip-addr —— The IP Address of the Host. 

mac-addr —— The MAC Address of the Host. 

vid ——The VLAN ID needed to be bound, ranging from 1 to 4094. 

port-num —— The number of port connected to the Host. 

{none | arp-detection }——The protect type for the entry. arp-detection indicates 

ARP detection; none indicates applying none. 

Command Mode 


Example 

Bind an ACL entry with the IP is 192.168.0.1, MAC is 00:00:00:00:00:01, VLAN 

ID is 2 and the Port number is 5 manually. And then enable the entry for the ARP 

detection function: 

TP-LINK(config)# binding-table user-bind host1 192.168.0.1 

00:00:00:00:00:01 vlan 2 port 5 arp-detection 

49

inding-table remove 


Description 

The binding-table remove command is used to delete the IP-MAC –VID-PORT 

entry from the binding table. 

Syntax 

binding-table remove index idx 

Parameter 

idx —— The entry number needed to be deleted. You can use the show 

binding-table command to get the idx. Pay attention to that, the entry number is 

the actual number in the binding table not arranged in an order. 

Command Mode 


Example 

Delete the IP-MAC –VID-PORT entry with the index 5: 

TP-LINK(config)# binding-table remove index 5 

dhcp-snooping 

Description 

The dhcp-snooping command is used to enable the DHCP-snooping function 

for the switch. To disable the DHCP-snooping function, please use no 

dhcp-snooping command. DHCP Snooping functions to monitor the process of 

the Host obtaining the IP address from DHCP server, and record the IP address, 

MAC address, VLAN and the connected Port number of the Host for automatic 

binding. 

Syntax 

dhcp-snooping 

no dhcp-snooping 

Command Mode 


Example 

50


Enable the DHCP-snooping function globally: 

TP-LINK(config)# dhcp-snooping 

dhcp-snooping global 

Description 

The dhcp-snooping global command is used to configure the DHCP snooping 

globally. To restore to the default value, please use no dhcp-snooping global 

command. 

Syntax 

dhcp-snooping global [global-rate global-rate] [dec-threshold dec-threshold] 

[dec-rate dec-rate] 

no dhcp-snooping global 

Parameter 

global-rate —— The value to specify the maximum amount of DHCP messages 

that can be forwarded by the switch per second. The excessive massages will 

be discarded. The options are 0/10/20/30/40/50 (packet/second).By default, it is 

0 standing for disable. 

dec-threshold ——The value to specify the minimum transmission rate of the 

Decline packets to trigger the Decline protection for the specific port. The 

options are 0/5/10/15/20/25/30 (packet/second).By default, it is 0 standing for 

disable. 

Dec-rate ——The value to specify the Decline Flow Control. The traffic flow of 

the corresponding port will be limited to be this value if the transmission rate of 

the Decline packets exceeds the Decline Threshold. The options are 

5/10/15/20/25/30 (packet/second). By default, it is 5. 

Command Mode 


Example 

Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, 

and decline Flow Control as 20 pps for DHCP Snooping 

TP-LINK(config)# dhcp-snooping global global-rate 30 dec-threshold 20 

dec-rate 20 

51


dhcp-snooping information enable 

Description 

The dhcp-snooping information enable command is used to enable the 

Option 82 function of DHCP Snooping. To disable the Option 82 function, please 

use no dhcp-snooping information enable command. 

Syntax 

dhcp-snooping information enable 

no dhcp-snooping information enable 

Command Mode 


Example 

Enable the Option 82 function of DHCP Snooping: 

TP-LINK(config)# dhcp-snooping information enable 

dhcp-snooping information strategy 

Description 

The dhcp-snooping information strategy command is used to select the 

operation for the Option 82 field of the DHCP request packets from the Host. To 

restore to the default option, please use no dhcp-snooping information 

strategy command. 

Syntax 

dhcp-snooping information strategy {keep | replace | drop} 

no dhcp-snooping information strategy 

Parameter 

keep ——Indicates to keep the Option 82 field of the packets. It is the default 

option. 

replace ——Indicates to replace the Option 82 field of the packets with the 

switch defined one. 

drop ——Indicates to discard the packets including the Option 82 field 

Command Mode 

52



Example 

Replace the Option 82 field of the packets with the switch defined one and then 

send out: 

TP-LINK(config)# dhcp-snooping information strategy replace 

dhcp-snooping information user-defined 

Description 

The dhcp-snooping information user-defined command is used to permit 

users to define the Option 82. To disable the function, please use no 

dhcp-snooping information user-defined command. 

Syntax 

dhcp-snooping information user-defined 

no dhcp-snooping information user-defined 

Command Mode 


Example 

Permit users to define the Option 82: 

TP-LINK(config)# dhcp-snooping information user-defined 

dhcp-snooping information remote-id 

Description 

The dhcp-snooping information remote-id command is used to configure the 

sub-option Remote ID for the customized Option 82. 

Syntax 

dhcp-snooping information remote-id string 

Parameter 

string ——Enter the sub-option Remote ID, which contains 32 characters at 

most. 

Command Mode 

53



Example 

Configure the sub-option Remote ID for the customized Option 82 as tplink: 

TP-LINK(config)# dhcp-snooping information remote-id tplink 

dhcp-snooping information circuit-id 

Description 

The dhcp-snooping information circuit-id command is used to configure the 

sub-option Circuit ID for the customized Option 82. 

Syntax 

dhcp-snooping information circuit-id string 

Parameter 

string ——Enter the sub-option Circuit ID, which contains 32 characters at most. 

Command Mode 


Example 

Configure the sub-option Circuit ID for the customized Option 82 as tplink: 

TP-LINK(config)# dhcp-snooping information circuit-id tplink 

dhcp-snooping trusted 

Description 

The dhcp-snooping trusted command is used to configure a port to be a 

Trusted Port. Only the Trusted Port can receive the DHCP packets from DHCP 

servers. To turn the port back to a distrusted port, please use no 

dhcp-snooping trusted command. 

Syntax 

dhcp-snooping trusted 

no dhcp-snooping trusted 

Command Mode 

54



Example 

Configure the port 2 to be a Trusted Port: 


TP-LINK(config-if)# dhcp-snooping trusted 

dhcp-snooping mac-verify 

Description 

The dhcp-snooping mac-verify command is used to enable the MAC Verify 

feature. To disable the MAC Verify feature, please use no dhcp-snooping 

mac-verify command. There are two fields of the DHCP packet containing the 

MAC address of the Host. The MAC Verify feature is to compare the two fields 

and discard the packet if the two fields are different. 

Syntax 

dhcp-snooping mac-verify 

no dhcp-snooping mac-verify 

Command Mode 


Example 

Enable the MAC Verify feature for the port 2: 


TP-LINK(config-if)# dhcp-snooping mac-verify 

dhcp-snooping rate-limit 

Description 

The dhcp-snooping rate-limit command is used to enable the Flow Control 

feature for the DHCP packets. The excessive DHCP packets will be discarded. 

To restore to the default configuration, please use no dhcp-snooping rate-limit 

command. 

Syntax 

55


dhcp-snooping rate-limit value 

no dhcp-snooping rate-limit 

Parameter 

value ——The value of Flow Control. The options are 0/5/10/15/20/25/30 

(packet/second). The default value is 0, which stands for disable. 

Command Mode 


Example 

Set the Flow Control of port 2 as 20 pps: 


TP-LINK(config-if)# dhcp-snooping rate-limit 20 

dhcp-snooping decline 

Description 

The dhcp-snooping decline command is used to enable the Decline Protect 

feature. To disable the Decline Protect feature, please use no dhcp-snooping 

decline command. 

Syntax 

dhcp-snooping decline 

no dhcp-snooping decline 

Command Mode 


Example 

Enable the Decline Protect feature of port 2: 


TP-LINK(config-if)# dhcp-snooping decline 

show binding-table 

Description 

56


The show binding-table command is used to display the IP-MAC-VID-PORT 

binding table. 

Syntax 

show binding-table 

Command Mode 


Example 

Display the IP-MAC-VID-PORT binding table: 

TP-LINK(config)# show binding-table 

show dhcp-snooping global 

Description 

The show dhcp-snooping global command is used to display the global 

configuration of DHCP Snooping. 

Syntax 

show dhcp-snooping global 

Command Mode 


Example 

Display the configuration of DHCP Snooping globally: 

TP-LINK(config)# show dhcp-snooping global 

show dhcp-snooping information 

Description 

The show dhcp-snooping information command is used to display the Option 

82 configuration of DHCP Snooping. 

Syntax 

show dhcp snooping information 

Command Mode 

57



Example 

Display the Option 82 configuration of DHCP Snooping: 

TP-LINK(config)# show dhcp-snooping information 

show dhcp-snooping interface 

Description 

The show dhcp-snooping interface command is used to display the interface 

configuration of DHCP Snooping. 

Syntax 

show dhcp snooping interface [ethernet port-num] 

Parameter 

port-num ——The number of the switch port. By default, it will display the 

configuration of all the ports. 

Command Mode 


Example 

Display the interface configuration of all the ports: 

TP-LINK(config)# show dhcp-snooping interface 

58


Chapter 11 ARP Inspection Commands 

ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, 

such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc. 

arp detection (global) 

Description 

The arp detection (global) command is used to enable the ARP Detection 

function globally. To disable the ARP Detection function, please use no arp 

detection command. 

Syntax 

arp detection 

no arp detection 

Command Mode 


Example 

Enable the ARP Detection function globally: 

TP-LINK(config)# arp detection 

arp detection trust-port 

Description 

The arp detection trust-port command is used to configure the port for which 

the ARP Detect function is unnecessary as the Trusted Port. To clear the 

Trusted Port list, please use no arp detection trust-port command .The 

specific ports, such as up-linked port, routing port and LAG port, should be set 

as Trusted Port. To ensure the normal communication of the switch, please 

configure the ARP Trusted Port before enabling the ARP Detect function. 

Syntax 

arp detection trust-port port-list 

no arp detection trust-port 

59


Parameter 

port-list ——The specified Trusted Port list. 

Command Mode 


Example 

Configure the ports 2-5,11-15 as the Trusted Port: 

TP-LINK(config)# arp detection trust-port 2-5,11-15 

arp detection (interface) 

Description 

The arp detection (interface) command is used to enable the ARP Defend 

function. To disable the arp detection function, please use no arp detection 

command. ARP Attack flood produces lots of ARP Packets, which will occupy 

the bandwidth and slow the network speed extremely. With the ARP Defend 

enabled, the switch can terminate receiving the ARP packets for 300 seconds 

when the transmission speed of the legal ARP packet on the port exceeds the 

defined value so as to avoid ARP Attack flood. 

Syntax 

arp detection 

no arp detection 

Command Mode 


Example 

Enable the arp defend function for the ports 2-6: 


TP-LINK(config-if)# arp detection 

arp detection limit-rate 

Description 

The arp detection limit-rate command is used to configure the speed. The 

60


switch can terminate receiving the ARP packets for 300 seconds when the 

transmission speed of the legal ARP packet on the port exceeds the defined 

value. To restore to the default speed, please use no arp detection limit-rate 

command. 

Syntax 

arp detection limit-rate value 

no arp detection limit-rate 

Parameter 

value ——The value to specify the maximum amount of the received ARP 

packets per second, ranging from 10 to 100 in pps(packet/second). By 

default ,the value is 15. 

Command Mode 


Example 

Configure the maximum amount of the received ARP packets per second as 50 

pps for the port 5: 


TP-LINK(config-if)# arp detection limit-rate 50 

arp detection recover 

Description 

The arp detection recover command is used to restore to the port to the ARP 

transmit status from the ARP filter status. 

Syntax 

arp detection recover 

Command Mode 


Example 

Restore the port 5 to the ARP transmit status: 


61


TP-LINK(config-if)# arp detection recover 

show arp detection global 

Description 

The show arp detection global command is used to display the ARP detection 

global configuration including the enable/disable status and the Trusted Port list. 

Syntax 

show arp detection global 

Command Mode 


Example 

Display the ARP detection configuration globally: 

TP-LINK(config)# show arp detection global 

show arp detection interface 

Description 

The show arp detection interface command is used to display the interface 

configuration of ARP detection. 

Syntax 

show arp detection interface [ethernet port-num] 

Parameter 

port-num ——The number of switch port. By default, display the configuration of 

all the ports. 

Command Mode 


Example 

Display the configuration of all the ports: 

TP-LINK(config)# show arp detection interface 

62

show arp detection statistic 


Description 

The show arp detection statistic command is used to display the number of 

the illegal ARP packets received. 

Syntax 

show arp detection statistic 

Command Mode 


Example 

Display the number of the illegal ARP packets received: 

TP-LINK(config)# show arp detection statistic 

show arp detection statistic reset 

Description 

The show arp detection statistic reset command is used to clear the statistic 

of the illegal ARP packets received. 

Syntax 

show arp detection statistic reset 

Command Mode 


Example 

Clear the statistic of the illegal ARP packets received: 

TP-LINK(config)# show arp detection statistic reset 

63


Chapter 12 DoS Defend Command 

DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network 

attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend 

enabled, the switch can analyze the specific field of the received packets and provide the defend 

measures to ensure the normal working of the local network. 

dos-prevent 

Description 

The dos-prevent command is used to enable the DoS defend function globally. 

To disable the DoS defend function, please use no dos-prevent command. 

Syntax 

dos-prevent 

no dos-prevent 

Command Mode 


Example 

Enable the DoS defend function globally: 

TP-LINK(config)# dos-prevent 

dos-prevent type 

Description 

The dos-prevent type command is used to select the DoS Defend Type. To 

disable the corresponding Defend Type, please use no dos-prevent type 

command. 

Syntax 

dos-prevent type 

[ping-flood] [syn-flood] 

[scan-synfin] [xma-scan] [null-scan] [port-less-1024] 

no dos-prevent type [scan-synfin] [xma-scan] [null-scan] [port-less-1024] 

[ping-flood] [syn-flood] 

64


Parameter 

scan-synfin —— Scan SYNFIN attack. 

xma-scan —— Xma Scan attack. 

null-scan —— NULL Scan attack. 

port-less-1024 ——The SYN packets whose Source Port less than 1024. 

ping-flood —— Ping flooding attack. 

syn-flood —— SYN/SYN-ACK flooding attack. 

Command Mode 


Example 

Enable two DoS Defend Types named Xma Scan attack and Ping flooding 

attack: 

TP-LINK(config)# dos-prevent type xma-scan ping-flood 

show dos-prevent 

Description 

The show dos-prevent command is used to display the DoS information of the 

detected DoS attack, including enable/disable status, the DoS Defend Type, the 

count of the attack,etc. 

Syntax 

show dos-prevent 

Command Mode 


Example 

Display the DoS information of the detected DoS attack globally: 

TP-LINK(config)# show dos-prevent 

65


Chapter 13 IEEE 802.1X Commands 

IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the 

supplicant passing the authentication can access the LAN. 

dot1x 

Description 

The dot1x command is used to enable the IEEE 802.1X function globally. To 

disable the IEEE 802.1X function, please use no dot1x command. 

Syntax 

dot1x 

no dot1x 

Command Mode 


Example 

Enable the IEEE 802.1X function: 

TP-LINK(config)# dot1x 

dot1x auth-method 

Description 

The dot1x auth-method command is used to configure the Authentication 

Method of IEEE 802.1X. To restore to the default 802.1x authentication method, 

please use no dot1x auth-method command. 

Syntax 

dot1x auth-method { pap | eap-md5 } 

no dot1x auth-method 

Parameter 

pap | eap-md5 ——Authentication Methods. 

PAP: IEEE 802.1X authentication system uses extensible authentication 

protocol (EAP) to exchange information between the switch and the client. The 

66


transmission of EAP packets is terminated at the switch and the EAP packets 

are converted to the other protocol (such as RADIUS) packets for transmission. 

EAP-MD5: IEEE 802.1X authentication system uses extensible authentication 

protocol (EAP) to exchange information between the switch and the client. The 

EAP protocol packets with authentication data can be encapsulated in the 

advanced protocol (such as RADIUS) packets to be transmitted to the 

authentication server. 

Command Mode 


Example 

Configure the Authentication Method of IEEE 802.1X as pap: 

TP-LINK(config)# dot1x auth-method pap 

dot1x guest-vlan 

Description 

The dot1x guest-vlan command is used to enable the Guest VLAN function 

globally. To disable the Guest VLAN function, please use no dot1x guest-vlan 

command. 

Syntax 

dot1x guest-vlan vid 

no dot1x guest-vlan 

Parameter 

vid ——The VLAN ID needed to enable the Guest VLAN function, ranging from 

2 to 4094. The supplicants in the Guest VLAN can access the specified network 

source. 

Command Mode 


Example 

Enable the Guest VLAN function for VLAN 5: 

TP-LINK(config)# dot1x guest-vlan 5 

67

dot1x quiet-period 


Description 

The dot1x quiet-period command is used to enable the quiet-period function. 

To disable the function, please use no dot1x quiet-period command. 

Syntax 

dot1x quiet-period 

no dot1x quiet-period 

Command Mode 


Example 

Enable the quiet-period function: 

TP-LINK(config)# dot1x quiet-period 

dot1x timer 

Description 

The dot1x timer command is used to configure the Quiet Period and the 

SupplicantTimeout. To restore to the default, please use no dot1x timer 

command. 

Syntax 

dot1x timer quiet-period period supp-timeout timeout 

no dot1x timer 

Parameter 

period ——The value for Quiet Period, ranging from 1 to 999 in seconds. By 

default, it is 10. Once the supplicant failed to the 802.1X Authentication, then the 

switch will not respond to the authentication request from the same supplicant 

during the Quiet Period. 

timeout ——The maximum time for the switch to wait for the response from 

supplicant before resending a request to the supplicant., ranging from 1 to 9 in 

second. By default, it is 3. 

Command Mode 

68



Example 

Configure the Quiet Period and the SupplicantTimeout as 12 seconds and 6 

seconds: 

TP-LINK(config)# dot1x timer quiet-period 12 supp-timeout 6 

dot1x retry 

Description 

The dot1x retry command is used to configure the maximum transfer times of 

the repeated authentication request. To restore to the default value, please use 

no dot1x retry command. 

Syntax 

dot1x retry retry-time 

no dot1x retry 

Parameter 

retry-time ——The maximum transfer times of the repeated authentication 

request, ranging from 1 to 9 in times. By default, the value is 3. 

Command Mode 


Example 

Configure the maximum transfer times of the repeated authentication request as 

5: 

TP-LINK(config)# dot1x retry 5 

dot1x 

Description 

The dot1x command is used to enable the IEEE 802.1X function for a specified 

port. To disable the IEEE 802.1X function for a specified port, please use no 

dot1x command. 

Syntax 

69


dot1x 

no dot1x 

Command Mode 


Example 

Enable the IEEE 802.1X function for the port 1: 


TP-LINK(config-if)# dot1x 


Description 

The dot1x guest-vlan command is used to enable the Guest VLAN function for 

a specified port. To disable the Guest VLAN function for a specified port, please 

use no dot1x guest-vlan command. Please ensure that the Control Type of the 

corresponding port is port-based before enabling the Guest VLAN function for it. 

Please refer to dot1x port-method for details. 

Syntax 


no dot1x guest-vlan 

Command Mode 


Example 

Enable the Guest VLAN function for port 2: 


TP-LINK(config-if)# dot1x guest-vlan 

dot1x port-control 

Description 

The dot1x port-control command is used to configure the Control Mode of 

IEEE 802.1X for the specified port. To restore to the default configuration, 

70


please use no dot1x port-control command. 

Syntax 

dot1x port-control { auto | authorized-force | unauthorized-force } 

no dot1x port-control 

Parameter 

auto | authorized-force | unauthorized-force —— The Control Mode for the port. 

Auto: In this mode, the port will normally work only after passing the 802.1X 

Authentication. 

Authorized-force: In this mode, the port can work normally without passing the 

802.1X Authentication. 

Unauthorized-force: In this mode, the port is forbidden working for its fixed 

unauthorized status. 

By default, the Control Mode is auto. 

Command Mode 


Example 

Configure the Control Mode for port 1 as authorized-force: 


TP-LINK(config-if)# dot1x port-control authorized-force 

dot1x port-method 

Description 

The dot1x port-method command is used to configure the Control Type of 

IEEE 802.1X for the specified port. To restore to the default configuration, 

please use no dot1x port-method command. 

Syntax 

dot1x port-method { mac-based | port-based } 

no dot1x port-method 

Parameter 

mac-based | port-based ——The Control Type for the port. 

Mac-based: Any client connected to the port should pass the 802.1X 

71


Authentication for access. 

Port-based: All the clients connected to the port can access the network on the 

condition that any one of the clients has passed the 802.1X Authentication. 

By default, the Control Type is mas-based. 

Command Mode 


Example 

Configure the Control Type for port 5 as port-based: 


TP-LINK(config-if)# dot1x port-method port-based 

radius authentication primary-ip 

Description 

The radius authentication primary-ip command is used to configure the IP 

address of the authentication server. Authentication server provides the 

authentication service for the switch via the stored client information, such as 

the user name, password, etc, with the purpose to control the authentication and 

accounting status of the clients. The RADIUS(Remote Authentication Dial-In 

User Service)server is used as the Authentication server generally. 

Syntax 

radius authentication primary-ip ip-addr 

Parameter 

ip-addr —— The IP address of the authentication server. 

Command Mode 


Example 

Configure the IP of the authentication server as 10.20.1.100: 

TP-LINK(config)# radius authentication primary-ip 10.20.1.100 

72


radius authentication secondary-ip 

Description 

The radius authentication secondary-ip command is used to configure the IP 

address of the alternate authentication server. To restore to the default 

configuration, please use no radius authentication secondary-ip command. 

Syntax 

radius authentication secondary-ip ip-addr 

no radius authentication secondary-ip 

Parameter 

ip-addr ——The IP address of the alternate authentication server. By default, it 

is 0.0.0.0. 

Command Mode 


Example 

Configure the IP address of the alternate authentication server as 10.20.1.101: 

TP-LINK(config)# radius authentication secondary-ip 10.20.1.101 

radius authentication port 

Description 

The radius authentication port command is used to configure the 

authentication port of the alternate authentication server. To restore to the 

default value, please use no radius authentication port command. 

Syntax 

radius authentication port port-num 

no radius authentication port 

Parameter 

port-num ——The UDP port of authentication server(s) raging from 1 to 65535 

and the default port is 1812. 

Command Mode 

73



Example 

Configure the authentication port of the alternate authentication server as 1815: 

TP-LINK(config)# radius authentication port 1815 

radius authentication key 

Description 

The radius authentication key command is used to configure the shared 

password for the switch and the authentication servers to exchange messages. 

To clear the radius authentication key, please use no radius authentication 

key command. 

Syntax 

radius authentication key key-string 

no radius authentication key 

Parameter 

key-string——The shared password for the switch and the authentication 

servers to exchange messages which contains 15 characters at most.. 

Command Mode 


Example 

Configure the shared password for the switch and the authentication servers as 

tplink: 

TP-LINK(config)# radius authentication key tplink 

radius accounting enable 

Description 

The radius accounting enable command is used to enable the accounting 

feature. To disable the accounting feature, please use no radius accounting 

enable command. 

Syntax 

74


radius accounting enable 

no radius accounting enable 

Command Mode 


Example 

Enable the accounting feature: 

TP-LINK(config)# radius accounting enable 

radius accounting primary-ip 

Description 

The radius accounting primary-ip command is used to configure the IP 

address of the accounting server. 

Syntax 

radius accounting primary-ip ip-addr 

Parameter 

ip-addr —— The IP address of the accounting server. 

Command Mode 


Example 

Configure the IP address of the accounting server as 10.20.1.100: 

TP-LINK(config)# radius accounting primary-ip 10.20.1.100 

radius accounting secondary-ip 

Description 

The radius accounting secondary-ip command is used to configure the IP 

address of the alternate accounting server. To restore to the default 

configuration, please use no radius accounting secondary-ip command. 

Syntax 

radius accounting secondary-ip ip-addr 

75


no radius accounting secondary-ip 

Parameter 

ip-addr ——The IP address of the alternate accounting server. By default, it is 

0.0.0.0. 

Command Mode 


Example 

Configure the IP address of the alternate accounting server as 10.20.1.101: 

TP-LINK(config)# radius accounting secondary-ip 10.20.1.101 

radius accounting port 

Description 

The radius accounting port command is used to set the UDP port of 

accounting server(s). To restore to the default value, please use no radius 

accounting port. 

Syntax 

radius accounting port port-num 

no radius accounting port 

Parameter 

port-num ——The UDP port of accounting server(s) ranging from 1 to 65535. 

The default port is 1813. 

Command Mode 


Example 

Set the UDP port of accounting server(s) as 1816: 

TP-LINK(config)# radius accounting port 1816 

radius accounting key 

Description 

76


The radius accounting key command is used to configure the shared 

password for the switch and the accounting servers to exchange messages. To 

clear the shared password for the switch and the accounting servers, please 

use no radius accounting key command. 

Syntax 

radius accounting key key-string 

no radius accounting key 

Parameter 

key-string ——The shared password for the switch and the accounting servers 

to exchange messages which contains 15 characters at most. 

Command Mode 


Example 

Configure the shared password for the switch and the accounting servers as 

tplink: 

TP-LINK(config)# radius accounting key tplink 

radius response-timeout 

Description 

The radius response-timeout command is used to configure the maximum 

time for the switch to wait for the response from the RADIUS authentication and 

the accounting server. To restore to the default value, please use no radius 

response-timeout command. 

Syntax 

radius response-timeout time 

no radius response-timeout 

Parameter 

time ——The maximum time for the switch to wait for the response before 

resending a request to the supplicant., ranging from 1 to 9 in second. By default, 

it is 3. 

Command Mode 

77



Example 

Configure the maximum time for the switch to wait for the response from the 

RADIUS authentication and the accounting server as 5 seconds: 

TP-LINK(config)# radius response-timeout 5 

show dot1x global 

Description 

The show dot1x global command is used to display the global configuration of 

801.X. 

Syntax 

show dot1x global 

Command Mode 

Any configuration Mode 

Example 

Display the configuration of 801.X globally: 

TP-LINK(config)# show dot1x global 

show dot1x interface 

Description 

The show dot1x interface command is used to display the port configuration of 

801.X. 

Syntax 

show dot1x interface [ ethernet port-num ] 

Parameter 

port-num ——The number of the Ethernet port. Display the configuration of all 

the ports ,by default. 

Command Mode 


78


Example 

Display the port configuration of 801.X: 

TP-LINK(config)# show dot1x interface 

show radius authentication 

Description 

The show radius authentication command is used to display the configuration 

of the RADIUS authentication server. 

Syntax 

show radius authentication 

Command Mode 


Example 

Display the configuration of the RADIUS authentication server: 

TP-LINK(config)# show radius authentication 

show radius accounting 

Description 

The show radius accounting command is used to display the configuration of 

the accounting server. 

Syntax 

show radius accounting 

Command Mode 


Example 

Display the configuration of the accounting server: 

TP-LINK(config)# show radius accounting 

79


Chapter 14 Log Commands 

The log information will record the settings and operation of the switch respectively for you to 

monitor operation status and diagnose malfunction. 

logging local buffer 

Description 

The logging local buffer command is used to configure the severity level and 

the status of the configuration input to the log buffer. To restore to the default 

configuration, please use no logging local buffer command. Local Log is the 

log information saved in the switch. It has two output channels, that is, it can be 

saved to two different positions, log buffer and log file. Indicates the RAM for 

saving system log and the information in the log buffer can be got by show 

logging buffer command. It will be lost when the switch is restarted. 

Syntax 

logging local buffer {level} [disable | enable] 

no logging local buffer 

Parameter 

level ——Severity level of the log information output to each channel. There are 

8 severity levels marked with values 0-7. The smaller value has the higher 

priority. Only the log with the same or smaller severity level value will be output. 

By default, it is 7 indicating that all the log information will be saved in the log 

buffer. 

disable | enable —— Disable or enable the log buffer. By default, it is enabled. 

Command Mode 


Example 

Enable the log buffer function and set the severity as 6: 

TP-LINK(config)# logging local buffer 6 enable 

80

logging local flash 


Description 

The logging local flash command is used to configure the level and the status 

of the log file input. To restore to the default configuration, please use no 

logging local flash command. The log file indicates the flash sector for saving 

system log. The information in the log file will not be lost after the switch is 

restarted and can be got by the show logging flash command. 

Syntax 

logging local flash {level} [ disable | enable ] 

no logging local flash 

Parameter 

level ——Severity level of the log information output to each channel. There are 

8 severity levels marked with values 0-7. The smaller value has the higher 

priority. Only the log with the same or smaller severity level value will be output. 

By default, it is 4 for TL-SL3428 indicating that the log information marked with 

0~4 will be saved in the log buffer and it is 2 for TL-SL3452 indicating that the 

log information marked with 0~2 will be saved in the log buffer. 

disable | enable ——Disable or enable the log file. By default, it is enabled. 

Command Mode 


Example 

Enable the log file function and set the severity as 7: 

TP-LINK(config)# logging local flash 7 

logging clear 

Description 

The logging clear command is used to clear the information in the log buffer 

and log file. 

Syntax 

logging clear [ buffer | flash ] 

81


Parameter 

buffer | flash —The output channels: buffer and flash. Clear the information of 

the two channels, by default. 

Command Mode 


Example 

Clear the information in the log file: 

TP-LINK(config)# logging clear buffer 

logging loghost 

Description 

The logging loghost command is used to configure the Log Host. To clear the 

configuration of the specified Log Host, please use no logging loghost 

command. Log Host is to receive the system log from other devices. You can 

remotely monitor the settings and operation status of other devices through the 

log host. 

Syntax 

logging loghost index {idx} {host-ip} {level} {disable | enable} 

no logging loghost index {idx} 

Parameter 

idx ——The index of the log host. The switch supports 4 log hosts. 

host-ip —— The IP for the log host. 

level ——The severity level of the log information sent to each log host. There 

are 8 severity levels marked with values 0-7. The smaller value has the higher 

priority. Only the log with the same or smaller severity level value will be sent to 

the corresponding log host. By default, it is 6 indicating that the log information 

marked with 0~6 will be sent to the log host. 

disable | enable ——Disable or enable the log host. By default, it is disabled. 

Command Mode 


Example 

82


Enable the log host 2 and set the IP address 192.168.0.148, the level 5: 

TP-LINK(config)# logging loghost index 2 192.168.0.148 5 enable 

show logging local-config 

Description 

The show logging local-config command is used to display the configuration 

of the Local Log including the log buffer and the log file. 

Syntax 

show logging local-config 

Command Mode 


Example 

Display the configuration of the Local Log: 

TP-LINK(config)# show logging local-config 

show logging loghost 

Description 

The show logging loghost command is used to display the configuration of the 

log host. 

Syntax 

show logging loghost [index] 

Parameter 

index ——The index of the log host whose configuration will be displayed. 

Display the configuration of all the log hosts by default. 

Command Mode 


Example 

Display the configuration of the log host 2: 

TP-LINK(config)# show logging loghost 2 

83

show logging buffer 


Description 

The show logging buffer level command is used to display the log information 

in the log buffer according to the severity level. 

Syntax 

show logging buffer level [level] 

Parameter 

level ——Severity level. There are 8 severity levels marked with values 0-7. The 

information will be displayed only when the log with the same or smaller severity 

level value. Display all the log information in the log buffer by default. 

Command Mode 


Example 

Display the log information from level 0 to level 5 in the log buffer: 

TP-LINK(config)# show logging buffer level 5 

show logging flash 

Description 

The show logging flash level command is used to display the log information 

in the log file according to the severity level. 

Syntax 

show logging flash level [level] 

Parameter 

level ——Severity level. There are 8 severity levels marked with values 0-7. The 

information will be displayed only when the log with the same or smaller severity 

level value. Display all the log information in the log file by default. 

Command Mode 


Example 

84


Display the log information with the level marked 0~3 in the log file: 

TP-LINK(config)# show logging flash level 3 

85


Chapter 15 SSH Commands 

SSH (Security Shell) can provide the unsecured remote management with security and powerful 

authentication to ensure the security of the management information. 

ssh server enable 

Description 

The ssh server enable command is used to enable SSH function. To disable 

the SSH function, please use no ssh server enable command. 

Syntax 

ssh server enable 

no ssh server enable 

Command Mode 


Example 

Enable the SSH function: 

TP-LINK(config)# ssh server enable 

ssh version 

Description 

The ssh version command is used to enable the SSH protocol version. To 

disable the protocol version, please use no ssh version command. 

Syntax 

ssh version {v1 | v2 } 

no ssh version {v1 | v2} 

Parameter 

v1 | v2 —— The SSH protocol version to be enabled. They represent SSH v1 

and SSH v2 respectively. 

Command Mode 


Example 

86


Enable SSH v2: 

TP-LINK(config)# ssh version v2 

ssh idle-timeout 

Description 

The ssh idle-timeout command is used to specify the idle-timeout time of SSH. 

To restore to the factory defaults, please use no ssh idle-timeout command. 

Syntax 

ssh idle-timeout value 

no ssh idle-timeout 

Parameter 

value —— The Idle-timeout time. During this period, the system will 

automatically release the connection if there is no operation from the client. It 

ranges from 1 to 999 in seconds. By default, this value is 500. 

Command Mode 


Example 

Specify the idle-timeout time of SSH as 300 seconds: 

TP-LINK(config)# ssh idle-timeout 300 

ssh max-client 

Description 

The ssh max-client command is used to specify the maximum number of the 

connections to the SSH server. To return to the default configuration, please use 

no ssh max-client command. 

Syntax 

ssh max-client number 

no ssh max-client 

Parameter 

number —— The maximum number of the connections to the SSH server. It 

ranges from 1 to 5. By default, this value is 5. 

Command Mode 

87



Example 

Specify the maximum number of the connections to the SSH server as 3: 

TP-LINK(config)# ssh max-client 3 

ssh download 

Description 

The ssh download command is used to download the SSH key file from TFTP 

server. 

Syntax 

ssh download {v1 | v2 } key-file ip-address ip-addr 

Parameter 

v1 | v2 —— Select the type of SSH key to download, v1 represents SSH-1, v2 

represents SSH-2. 

key-file —— The name of the key-file which is selected to download. The 

length of the name ranges from 1 to 25 characters. The key length of the 

downloaded file must be in the range of 256 to 3072 bits. 

ip-addr —— The IP address of the TFTP server. 

Command Mode 


Example 

Download a SSH-1 type key file named ssh-key from TFTP server with the IP 

Address 192.168.0.148: 

TP-LINK(config)# ssh download v1 ssh-key ip-address 192.168.0.148 

show ssh 

Description 

The show ssh command is used to display the global configuration of SSH. 

Syntax 

show ssh 

Command Mode 


88


Example 

Display the global configuration of SSH: 

TP-LINK(config)# show ssh 

89


Chapter 16 SSL Commands 

SSL(Secure Sockets Layer), a security protocol, is to provide a secure connection for the 

application layer protocol(e.g. HTTP) based on TCP. Adopting asymmetrical encryption technology, 

SSL uses key pair to encrypt/decrypt information. A key pair refers to a public key (contained in the 

certificate) and its corresponding private key. By default the switch has a certificate (self-signed 

certificate) and a corresponding private key. The Certificate/Key Download function enables the 

user to replace the default key pair. 

ssl enable 

Description 

The ssl enable command is used to enable the SSL function on the switch. To 

disable the SSL function, please use no ssl enable command. Only the SSL 

function is enabled, a secure HTTPS connection can be established. 

Syntax 

ssl enable 

no ssl enable 

Command Mode 


Example 

Enable the SSL function: 

TP-LINK(config)# ssl enable 

ssl download certificate 

Description 

The ssl download certificate command is used to download a certificate to the 

switch from TFTP server. 

Syntax 

ssl download certificate ssl-cert ip-address ip-addr 

Parameter 

ssl-cert —— The name of the SSL certificate which is selected to download to 

the switch. The length of the name ranges from 1 to 25 characters. The 

90


Certificate must be BASE64 encoded. 


Command Mode 


Example 

Download a SSL Certificate named ssl-cert from TFTP server with the IP 

Address of 192.168.0.148: 

TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 

ssl download key 

Description 

The ssl download key command is used to download a SSL key to the switch 

from TFTP server. 

Syntax 

ssl download key ssl-key ip-address ip-addr 

Parameter 

ssl-key —— The name of the SSL key which is selected to download to the 

switch . The length of the name ranges from 1 to 25 characters. The Key must 

be BASE64 encoded. 


Command Mode 


Example 

Download a SSL Key named ssl-key from TFTP server with the IP Address of 

192.168.0.148: 

TP-LINK(config)# ssl download key ssl-key ip-address 192.168.0.148 

show ssl 

Description 

The show ssl command is used to display the global configuration of SSL. 

Syntax 

show ssl 

91


Command Mode 


Example 

Display the global configuration of SSL: 

TP-LINK(config)# show ssl 

92


Chapter 17 Address Commands 

Address configuration can improve the network security by configuring the Port Security and 

maintaining the address information by managing the Address Table. 

bridge address port-security 

Description 

The bridge address port-security command is used to configure port security. 

To return to the default configuration, please use no bridge address 

port-security command. Port Security is to protect the switch from the 

malicious MAC address attack by limiting the maximum number of the MAC 

addresses that can be learned on the port. The port with Port Security feature 

enabled will learned the MAC address dynamically. When the learned MAC 

address number reaches the maximum, the port will stop learning. Therefore, 

the other devices with the MAC address unlearned can not access to the 

network via this port. 

Syntax 

bridge address port-security [max-number {num}] [ mode {dynamic | static | 

permanent} ] [ status {disable | enable} ] 

no bridge address port-security 

Parameter 

num —— The maximum number of MAC addresses that can be learned on the 

port. It ranges from 0 to 64. By default this value is 64. 

mode —— Learn mode for MAC addresses. There are three modes, including 

Dynamic mode, Static mode and Permanent mode. When Dynamic mode is 

selected, the learned MAC address will be deleted automatically after the aging 

time. When Static mode is selected, the learned MAC address will be out of the 

influence of the aging time and can only be deleted manually. The learned 

entries will be cleared after the switch is rebooted. When permanent mode is 

selected, the learned MAC address will be out of the influence of the aging time 

and can only be deleted manually too. However, the learned entries will be 

saved even the switch is rebooted. 

status —— Enable or disable the Port Security function for a specified port. By 

default, this function is disabled. 

93


Command Mode 


Example 

Enable Port Security function for port1, select Static mode as the learn mode, 

and specify the maximum number of MAC addresses that can be learned on 

this port as 30: 


TP-LINK(config-if)# bridge address port-security max-number 30 mode 

static status enable 

bridge address static 

Description 

The bridge address static command is used to add the static MAC address 

entry. To remove the corresponding entry, please use no bridge address static 

command. The static address can be added or removed manually, independent 

of the aging time. In the stable networks, the static MAC address entries can 

facilitate the switch to reduce broadcast packets and enhance the efficiency of 

packets forwarding remarkably. 

Syntax 

bridge address static {mac mac} {vid vid} {port port} 

no bridge address static [mac] [vid] [port] 

Parameter 

mac ——The MAC address of the entry you desire to add. 

vid —— The VLAN ID number of your desired entry. It ranges from 1 to 4094. 

port —— The Port number of your desired entry. 

Command Mode 


Example 

Add a static Mac address entry to bind the MAC address 00:02:58:4f:6c:23, 

VLAN1 and Port1 together: 

TP-LINK(config)# bridge address static mac 00:02:58:4f:6c:23 vid 1 port 1 

94

idge aging-time 


Description 

The bridge aging-time command is used to configure aging time for the 

dynamic address. To return to the default configuration, please use no bridge 

aging-time command. 

Syntax 

bridge aging-time aging-time 

no bridge aging-time 

Parameter 

aging-time —— The aging time for the dynamic address. The value of it can be 

0 or ranges from 10 to 630 seconds. When 0 is entered, the Auto Aging function 

is disabled. By default, this value is 300. 

Command Mode 


Example 

Configure the aging time as 500 seconds: 

TP-LINK(config)# bridge aging-time 500 

bridge address filtering 

Description 

The bridge address filtering command is used to add the filtering address 

entry. To delete the corresponding entry, please use no bridge address 

filtering command. The filtering address function is to forbid the undesired 

package to be forwarded. The filtering address can be added or removed 

manually, independent of the aging time. 

Syntax 

bridge address filtering {mac} {vid} 

no bridge address filtering [mac] [vid] 

Parameter 

mac —— The MAC address to be filtered. 

vid —— The corresponding VLAN ID of the MAC address. It ranges from 1 to 

4094. 

95


Command Mode 


Example 

Add a filtering address entry whose VLAN ID is 1 and MAC address is 

00:1e:4b:04:01:5d: 

TP-LINK(config)# bridge address filtering 00:1e:4b:04:01:5d 1 

show bridge port-security 

Description 

The show bridge port-security command is used to configure the Port 

Security for each port, such as configure the Max number of MAC addressed 

that can be learned on the port and the Learn Mode. 

Syntax 

show bridge port-security [port-num] 

Parameter 

port-num —— The port number of the switch. By default, the Port Security 

configuration of all ports is displayed. 

Command Mode 


Example 

Display the Port Security configuration of port2: 

TP-LINK(config)# show bridge port-security 2 

show bridge address 

Description 

The show bridge address command is used to display the information of all 

Address entries. 

Syntax 

show bridge address {dynamic | static | filter | all } 

Parameter 

dynamic | static | filter | all —— the type of your desired entry 

Command Mode 

96



Example 

Display the information of all Address entries: 

TP-LINK(config)# show bridge address all 

show bridge aging-time 

Description 

The show bridge aging-time command is used to display the Aging Time of 

the MAC address. 

Syntax 

show bridge aging-time 

Command Mode 


Example 

Display the Aging Time of the MAC address: 

TP-LINK(config)# show bridge aging-time 

97


Chapter 18 System Commands 

System Commands can be used to configure the System information and System IP, reboot and 

reset the switch, upgrade the switch system and other operations. 

system-descript 

Description 

The system-descript command is used to configure the Device Name, Device 

Location and System Contact. To clear all the information, please use no 

system-descript command. 

Syntax 

system-descript {sysname {sysname} | location {location} | contact-info 

{contact_info} } 

no system-descript {sysname | location | contact_info} 

Parameter 

sysname —— System Name(Device Name). The length of the name ranges 

from 1 to 32 characters. By default, it is empty. 

location —— Device Location. It consists of 32 characters at most. By default, 

it is empty. 

contact_info —— Contact Information. It consists of 32 characters at most. By 

default, it is empty. 

Command Mode 


Example 

Configure the System Contact as www.tp-link.com.cn: 

TP-LINK(config)# system-descript contact-info www.tp-link.com.cn 

system-time gmt 

Description 

The system-time gmt command is used to configure the time zone and the IP 

Address for the NTP Server. 

Syntax 

98


system-time gmt {time-zone} {ntp-server} {backup-ntp-server} 

Parameter 

time-zone —— Your local time-zone, and it ranges from -12 to 13. 

ntp-server —— The IP Address for the Primary NTP Server. 

Backup-ntp-server —— The IP Address for the Secondary NTP Server. 

Command Mode 


Example 

Configure the system time mode as gmt, the time zone is -12, the primary ntp 

server is 133.100.9.2 and the secondary ntp server is 139.78.100.163: 

TP-LINK(config)# system-time gmt -12 133.100.9.2 139.78.100.163 

system-time manual 

Description 

The system-time manual command is used to configure the system time 

manually. 

Syntax 

system-time manual {time} 

Parameter 

time —— Set the date and time manually, MM/DD/YYYY-HH:MM:SS 

Command Mode 


Example 

Configure the system mode as manual, and the time is 12/20/2010 17:30:35 

TP-LINK(config)# system-time manual 12/20/2010-17:30:35 

system-time dst 

Description 

The system-time dst command is used to configure the DST (Daylight Saving 

Time). To clear all the information, please use no system-time dst command. 

Syntax 

system-time dst {start-date} {start-time} {end-date} {end-time} 

99


no system-time dst 

Parameter 

start-date —— The start date of DST you set. 

start-time —— The start time of DST you set. 

end-date —— The end date of DST you set. 

end-time —— The end time of DST you set. 

Command Mode 


Example 

Configure the dst, dst is from April 1 00:00 to November 1 23:00. 

TP-LINK(config)# system-time dst 04/01 0 11/01 23 

ip address 

Description 

The ip address command is used to configure the IP Address, Subnet Mask 

and Default Gateway. To restore to the factory defaults, please use no ip 

address command. 

Syntax 

ip address {ip-addr} {ip-mask} [gateway] 

no ip address 

Parameter 

ip-addr —— The system IP of the Switch. The default system IP is 

192.168.0.1. 

ip-mask —— The Subnet Mask of the Switch. The default Subnet Mask is 

255.255.255.0. 

gateway —— The Default Gateway of the Switch. By default, it is empty. 

Command Mode 


Example 

Configure the system IP as 192.168.0.69 and the Subnet Mask as 

255.255.255.0: 

TP-LINK(config)# ip address 192.168.0.69 255.255.255.0 

100

ip management-vlan 


Description 

The ip management-vlan command is used to configure the IP management 

VLAN, through which you can log on to the switch. 

Syntax 

ip management-vlan {vlan-id} 

Parameter 


Command Mode 


Example 

Set the VLAN6 as IP management VLAN: 

TP-LINK(config)# ip management-vlan 6 

ip dhcp-alloc 

Description 

The ip dhcp-alloc command is used to enable the DHCP Client function. When 

this function is enabled, the switch will obtain IP from DHCP Client server. 

Syntax 

ip dhcp-alloc 

Command Mode 


Example 

Enable the DHCP Client function: 

TP-LINK(config)# ip dhcp-alloc 

ip bootp-alloc 

Description 

The ip bootp-alloc command is used to obtain IP address from BOOTP Server. 

Syntax 

ip bootp-alloc 

101


Command Mode 


Example 

Enable the BOOTP Protocol to obtain IP address from BOOTP Server: 

TP-LINK(config)# ip bootp-alloc 

reset 

Description 

The reset command is used to reset the switch’s software. After resetting, all 

configuration of the switch will restore to the factory defaults and your current 

settings will be lost. 

Syntax 

reset 

Command Mode 


Example 

Reset the software of the Switch: 

TP-LINK# reset 

reboot 

Description 

The reboot command is used to reboot the Switch. To avoid damage, please 

don’t turn off the device while rebooting. 

Syntax 

reboot 

Command Mode 


Example 

Reboot the Switch: 

TP-LINK# reboot 

102

user-config backup 


Description 

The user-config backup command is used to backup the configuration file by 

TFTP server. 

Syntax 

user-config backup filename name ip-address ip-addr 

Parameter 

name —— Specify the name for the configuration file which would be 

backuped. 

ip-addr —— IP Address of the TFTP server. 

Command Mode 


Example 

Backup the configuration files by TFTP server with the IP 192.168.0.148 and 

name this file config.cfg: 

TP-LINK# user-config backup filename config.cfg ip-address 192.168.0.148 

user-config load 

Description 

The user-config load command is used to download the configuration file to 

the switch by TFTP server. 

Syntax 

user-config load filename name ip-address ip-addr 

Parameter 

name —— Specify the name for the configuration file which would be 

downloaded. 


Command Mode 


Example 

Download the configuration file to the switch by TFTP server with the IP 

103


192.168.0.148 and name this file config.cfg: 

TP-LINK# user-config load filename config.cfg ip-address 192.168.0.148 

user-config save 

Description 

The user-config save command is used to save current settings. 

Syntax 

user-config save 

Command Mode 


Example 

Save current settings: 

TP-LINK# user-config save 

firmware upgrade 

Description 

The firmware upgrade command is used to upgrade the switch system via the 

TFTP server. 

Syntax 

firmware upgrade filename name ip-address ip-addr 

Parameter 

name —— Specify the name for the Firmware File. 


Command Mode 


Example 

Upgrade the switch system via the TFTP server with the IP 192.168.0.148: 

TP-LINK# firmware upgrade filename firmware.bin ip-address 192.168.0.148 

104


ping 

Description 

The ping command is used to test the connectivity between the switch and one 

node of the network. 

Syntax 

ping {ip_addr} [-n {count}] [-l {count}] [-i {count}] 

Parameter 

ip_addr —— The IP address of the destination node for ping test. 

count (-n) —— The amount of times to send test data during Ping testing. It 

ranges from 1 to 10. By default, this value is 4. 

count (-l) —— The size of the sending data during ping testing. It ranges from 1 

to 1024 bytes. By default, this value is 64. 

count (-i) —— The interval to send ICMP request packets. It ranges from 100 

to 1000 milliseconds. By default, this value is 1000. 

Command Mode 

User EXEC Mode and Privileged EXEC Mode 

Example 

To test the connectivity between the switch and the network device with the IP 

192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 

milliseconds. If there is not any response after 8 times’ Ping test, the connection 

between the switch and the network device is failed to establish: 

TP-LINK# ping 192.168.0.131 –n 8 –l 512 

tracert 

Description 

The tracert command is used to test the connectivity of the gateways during its 

journey from the source to destination of the test data. 

Syntax 

tracert {url} [maxHops] 

Parameter 

url —— The IP address of the destination device. 

maxHops —— The maximum number of the route hops the test data can pass 

105


though. It ranges from 1 to 30. By default, this value is 4. 

Command Mode 


Example 

Test the connectivity between the switch and the network device with the IP 

192.168.0.131. If the destination device has not been found after 20 maxHops, 

the connection between the switch and the destination device is failed to 

establish: 

TP-LINK# tracert 192.168.0.131 20 

loopback 

Description 

The loopback command is used to test whether the port is available or not. 

Syntax 

loopback {port} { internal | external } 

Parameter 

port —— The number of the port which is selected for loopback test. 

internal | external —— Loopback Type. There are two options, Internal and 

External. 

Command Mode 


Example 

Do an Internal-type loopback test for port 4: 

TP-LINK#loopback 4 internal 

show system-info 

Description 

The show system-info command is used to display System Description, 

Device Name, Device Location, System Contact, Hardware Version, Firmware 

Version, System Time, Run Time and so on. 

Syntax 

106


show system-info 

Command Mode 


Example 

Display the system information: 

TP-LINK# show system-info 

show ip address 

Description 

The show ip address command is used to display MAC Address, IP Address, 

Subnet Mask and Default Gateway of the system, whether the DHCP Client 

function is enabled or not and some other information. 

Syntax 

show ip address 

Command Mode 


Example 

Display the IP Address of the system 

TP-LINK# show ip address 

show system-time 

Description 

The show system-time command is used to display the time information of the 

switch. 

Syntax 

show system-time 

Command Mode 


Example 

Display the time information of the switch 

TP-LINK# show system-time 

107

show system-time dst 


Description 

The show system-time dst command is used to display the DST time 

information of the switch. 

Syntax 

show system-time dst 

Command Mode 


Example 

Display the DST time information of the switch 

TP-LINK# show system-time dst 

show system-time source 

Description 

The show system-time source command is used to display the source of 

current time of the switch. 

Syntax 

show system-time source 

Command Mode 


Example 

Display the source of current time of the switch 

TP-LINK# show system-time source 

show system-time mode 

Description 

The show system-time mode command is used to display the configured 

mode for the switch to get system time. 

Syntax 

show system-time mode 

Command Mode 

108



Example 

Display the configured mode for the switch to get system time 

TP-LINK# show system-time mode 

109


Chapter 19 Ethernet Configuration Commands 

Ethernet Configuration Commands can be used to configure the Bandwidth Control, Negotiation 

Mode and Storm Control for Ethernet ports. 

interface ethernet 

Description 

The interface ethernet command is used to enter the Interface Configuration 

Mode and configure one Ethernet port. 

Syntax 

interface ethernet interface 

Parameter 

interface —— The Ethernet port to be configured. 

Command Mode 


Example 

Enter the Interface Configuration Mode and configure Ethernet port2: 


interface range ethernet 

Description 

The interface range ethernet command is used to enter the Interface 

Configuration Mode and configure multiple Ethernet ports at the same time. 

Syntax 

interface range ethernet port-list 

Parameter 

port-list —— The list of the Ethernet ports to be configured. Inconsecutive ports 

or port-groups are separated by a comma with no space. Use a hyphen to 

designate a range of ports, for instance 1-10 indicates from port 1 to port 10. 

Command Mode 


User Guidelines 

110


Command in the Interface Range Ethernet Mode is executed independently on 

all ports in the range. It does not effect the execution on the other ports at all if 

the command results in an error on one port. 

Example 

Enter the Interface Configuration Mode, add ports 1-3, 6-9 to the port-list and 

configure them: 

TP-LINK(config)# interface range ethernet 1-3,6-9 

description 

Description 

The description command is used to add a description to the Ethernet port. To 

clear the description of the corresponding port, please use no description 

command. 

Syntax 

description string 


Parameter 

string —— Content of a port description, ranging from 1 to 16 characters. 

Command Mode 

Interface Configuration Mode(interface Ethernet) 

Example 

Add a description Port #5 to port5: 


TP-LINK(config-if)# description Port #5 

shutdown 

Description 

The shutdown command is used to disable an Ethernet port. To enable this port 

again, please use no shutdown command. 

Syntax 

shutdown 

no shutdown 

111


Command Mode 


Example 

Disable Ethernet port3: 


TP-LINK(config-if)# shutdown 

flow-control 

Description 

The flow-control command is used to enable the flow-control function for a port. 

To disable the flow-control function for this corresponding port, please use no 

flow-control command. With the flow-control function enabled, the Ingress 

Rate and Egress Rate can be synchronized to avoid packets drop in the 

network. 

Syntax 

flow-control 

no flow-control 

Command Mode 


Example 

Enable the flow-control function for Ethernet port 5: 


TP-LINK(config-if)# flow-control 

negotiation 

Description 

The negotiation command is used to configure the Negotiation Mode for an 

Ethernet port. To return to the default configuration, please use no 

negotiation command. 

Syntax 

negotiation {auto | 10h |10f |100h |100f |1000f} 

no negotiation 

112


Parameter 

auto —— Auto negotiation (default). 

10h —— 10Mbps half-duplex. 

10f —— 10Mbps full-duplex. 

100h —— 100Mbps half-duplex. 



Command Mode 


Example 

Configure the Negotiation Mode as 100Mbps full-duplex for Ethernet port5: 


TP-LINK(config-if)# negotiation 100f 

storm-control 

Description 

The storm-control command is used to configure the Storm Control function. 

To disable the Storm Control function, please use no storm-control command. 

Storm Control function allows the switch to filter broadcast, multicast and UL 

frame in the network. If the transmission rate of the three kind packets exceeds 

the set bandwidth, the packets will be automatically discarded to avoid network 

broadcast storm. 

Syntax 

storm-control [bc-status bc-status] [mc-status mc-status] [ul-status 

ul-status][rate rate] 

no storm-control 

Parameter 

bc-status —— Enable/Disable broadcast control feature for the port. By default, 

it is disabled. 

mc-status —— Enable/Disable multicast control feature for the port. By default, 


ul-status —— Enable/Disable UL-Frame control feature for the port. By default, 


rate —— The maximum ingress rate of the specified packets. The packet traffic 

113


exceeding the bandwidth will be discarded. The value of it can be 128k | 256k | 

512k or 1m | 2m | 4m | 5m | 10m | 20m | 40m | 50m. 

Command Mode 


Example 

Enable the Storm Control function for port5 and specify the rate as 128kbps: 


TP-LINK(config-if)# storm-control bc-status enable mc-status enable 

ul-status enable rate 128k 

port rate-limit 

Description 

The port rate-limit command is used to configure the Rate Limit for an Ethernet 

port. To disable the Rate Limit, please use no port rate-limit command. 

Syntax 

port rate-limit [ ingress ingress-rate ] [egress egress-rate ] 

no port rate-limit 

Parameter 

ingress-rate —— Specify the bandwidth for receiving packets.Range:1-102400 

for the megaport, 1-1024000 for the gigaport. 

egress-rate —— Specify the bandwidth for sending packets. Range:1-102400 

for the megaport, 1-1024000 for the gigaport. 

Command Mode 


Example 

Configure the ingress-rate as 5120Kbps and egress-rate as 1024Kbps for port5: 


TP-LINK(config-if)# port rate-limit ingress 5120 egress 1024 

port rate-limit disable ingress 

Description 

The port rate-limit disable ingress command is used to disable the 

114


ingress-rate limit. 

Syntax 

port rate-limit disable ingress 

Command Mode 


Example 

Disable the ingress-rate limit for port5: 


TP-LINK(config-if)# port rate-limit disable ingress 

port rate-limit disable egress 

Description 

The port rate-limit disable egress command is used to disable the egress-rate 

limit. 

Syntax 

port rate-limit disable egress 

Command Mode 


Example 

Disable the egress-rate limit for port5: 


TP-LINK(config-if)# port rate-limit disable egress 

show interface configuration 

Description 

The show interface configuration command is used to display the 

configurations of an Ethernet port, including Port-status, Bandwidth Control, 

Negotiation Mode and Port-description. 

Syntax 

show interface configuration {ethernet [interface]} 

Parameter 

interface —— The port selected to display the configurations. By default, the 

115


configuration information of all ports is displayed. 

Command Mode 


Example 

Display the configurations of port5: 

TP-LINK# show interface configuration ethernet 5 

show interface status 

Description 

The show interface status command is used to display the connective-status 

of an Ethernet port. 

Syntax 

show interface status {ethernet [interface]} 

Parameter 

Interface —— The port selected to display the connective-status. By default, 

the connective-status of all ports is displayed. 

Command Mode 


Example 

Display the connective-status of all Ethernet ports: 

TP-LINK(config)# show interface status ethernet 

show interface counters 

Description 

The show interface counters command is used to display the statistic 

information of an Ethernet port. To clear the statistic information of all ports, 

please use show interface counters clear command. 

Syntax 

show interface counters {[ethernet interface] | clear} 

Parameter 

interface ——The port selected to display the statistic information. By default, 

the statistic information of all ports is displayed. 

116


Command Mode 


Example 

Display the statistic information of Ethernet port 3: 

TP-LINK(config)# show interface counters ethernet 3 

show storm-control ethernet 

Description 

The show storm-control ethernet command is used to display the 

storm-control information of an Ethernet port. 

Syntax 

show storm-control ethernet [port] 

Parameter 

port —— The port-number of the port selected to display the storm-control 

information. By default, the storm-control information of all ports is displayed. 

Command Mode 


Example 

Display the storm-control information of all Ethernet ports: 

TP-LINK(config)# show storm-control ethernet 

show port rate-limit 

Description 

The show port rate-limit command is used to display the rate-limit information 

of an Ethernet port. 

Syntax 

show port rate-limit [port-num] 

Parameter 

port-num —— The port-number of the port selected to display the rate-limit 

information. By default, the rate-limit information of all ports is displayed. 

Command Mode 


117


Example 

Display the rate-limit information of all Ethernet ports: 

TP-LINK(config)# show port rate-limit 

118


Chapter 20 QoS Commands 

QoS (Quality of Service) function is used to optimize the network performance. It provides you with 

network service experience of a better quality. 

qos 

Description 

The qos command is used to configure CoS (Class of Service) based on port. 

To return to the default configuration, please use no qos command. 

Syntax 

qos cos-id 

no qos 

Parameter 

cos-id —— The priority of port. It ranges from 0 to 7, which represent CoS0, 

CoS1, CoS2, CoS3, CoS4, CoS5, CoS6, CoS7 respectively. By default, the 

priority is 0. 

Command Mode 



Port priority is one property of the port. When the port priority is specified, the 

data will be classified into the egress queue based on the CoS value of the 

ingress port and the mapping relation between the CoS and TC in IEEE 802.1P. 

Example 

Configure the priority of port 5 as 3: 


TP-LINK(config-if)# qos 3 

qos dot1p enable 

Description 

The qos dot1p enable command is used to enable the mapping relation 

between IEEE 802.1P Priority and Egress Queue. To disable the mapping 

relation, please use no qos dot1p enable command. 

119


Syntax 

qos dot1p enable 

no qos dot1p enable 

Command Mode 


Example 

Enable the mapping relation between IEEE 802.1P Priority and Egress Queue: 

TP-LINK(config)# qos dot1p enable 

qos dot1p config 

Description 

The qos dot1p config command is used to configure the mapping relation 

between IEEE 802.1P Priority and Egress Queue. To return to the default 

configuration, please use no qos dot1p config command. IEEE 802.1P gives 

the Pri field in IEEE 802.1Q tag a recommended definition. This field is used to 

divide packets into 8 priorities. When IEEE 802.1P Priority is enabled, the 

packets with IEEE 802.1Q tag are mapped to different priority levels based on 

IEEE 802.1P priority mode. The untagged packets are mapped based on port 

priority mode. 

Syntax 

qos dot1p config {tag} {tc-id} 

no qos dot1p config 

Parameter 

tag —— The 8 priority levels defined by IEEE 802.1P, ranging from 0 to 7. 

tc-id —— The egress queue the packets with tag are mapped to. It ranges from 

0 to 3, which represent TC0, TC1, TC2, TC3 respectively. 

Command Mode 



1. By default, the mapping relation between tag and the egress queue is: 

0-TC1, 1-TC0, 2-TC0, 3-TC1, 4-TC2, 5-TC2, 6-TC3, 7-TC3 

2. Among the priority levels TC0-TC3, the bigger value, the higher 

priority. 

120


Example 

Map tag value 0 to TC3: 

TP-LINK(config)# qos dot1p config 0 3 

qos dscp enable 

Description 

The qos dscp enable command is used to enable the mapping relation 

between DSCP Priority and Egress Queue. To disable the mapping relation, 

please use no qos dscp enable command. 

Syntax 

qos dscp enable 

no qos dscp enable 

Command Mode 


Example 

Enable the mapping relation between DSCP Priority and Egress Queue: 

TP-LINK(config)# qos dscp enable 

qos dscp config 

Description 

The qos dscp config command is used to configure the mapping relation 

between DSCP Priority and Egress Queue. To return to the default configuration, 

please use no qos dscp config command. DSCP (DiffServ Code Point) is a 

new definition to IP ToS field given by IEEE. This field is used to divide IP 

datagram into 64 priorities. When DSCP Priority is enabled, IP datagram are 

mapped to different priority levels based on DSCP priority mode; non-IP 

datagram with IEEE 802.1Q tag are mapped to different priority levels based on 

IEEE 802.1P priority mode if IEEE 802.1P Priority is enabled; the untagged 

non-IP datagram are mapped based on port priority mode. 

Syntax 

qos dscp config {dscp-list} {tc-id} 

no qos dscp config 

Parameter 

121


dscp-list —— List of DSCP value. One or several DSCP values can be typed 

using comma to separate. Use a hyphen to designate a range of values, for 

instance, 1,4-7,11 indicates choosing 1,4,5,6,7,11. The DSCP value ranges 

from 0 to 63. 

tc-id —— The priority level the packets with tag are mapped to. It ranges from 

0 to 3, which represent TC0, TC1, TC2, TC3 respectively. 

Command Mode 



1. By default, DSCP values 0-15 are mapped to TC0, DSCP values 16-31 are 

mapped to TC1, DSCP values 32-47 are mapped to TC2, and DSCP 

values 48-63 are mapped to TC3. 

2. Among the priority levels TC0-TC3, the bigger value, the higher 

priority. 

Example 

Map DSCP values 10,11,15 to TC0: 

TP-LINK(config)# qos dscp config 10,11,15 0 

qos scheduler 

Description 

The qos scheduler command is used to configure the Schedule Mode. To 

return to the default configuration, please use no qos scheduler command. 

When the network is congested, the program that many packets complete for 

resources must be solved, usually in the way of queue scheduling. The switch 

will control the forwarding sequence of the packets according to the priority 

queues and scheduling algorithms you set. On this switch, the priority levels are 

labeled as TC0, TC1… TC3. 

Syntax 

qos scheduler {sp | wrr | sp+wrr | equ} 

no qos scheduler 

Parameter 

sp —— Strict-Priority Mode. In this mode, the queue with higher priority will 

occupy the whole bandwidth. Packets in the queue with lower priority are sent 

only when the queue with higher priority is empty. 

122


wrr —— Weight Round Robin Mode. In this mode, packets in all the queues 

are sent in order based on the weight value for each queue. The weight value 

ratio of TC0, TC1, TC2 and TC3 is 1:2:4:8. 

sp+wrr —— Strict-Priority + Weight Round Robin Mode. In this mode, the 

switch provides two scheduling groups, SP group and WRR group. Queues in 

SP group and WRR group are scheduled strictly based on Strict-Priority mode 

while the queues inside WRR group follow the WRR mode. In SP + WRR mode, 

TC3 is the SP group; TC0, TC1 and TC2 belong to the WRR group and the 

weight value ratio of TC0, TC1 and TC2 is 1:2:4. In this way, when scheduling 

queues, the switch allows TC3 to occupy the whole bandwidth following the SP 

mode and the TC0, TC1 and TC2 in the WRR group will take up the bandwidth 

according to their ratio 1:2:4. 

equ —— Equal-Mode. In this mode, all the queues occupy the bandwidth 

equally. The weight value ratio of all the queues is 1:1:1:1. 

Command Mode 


Example 

Specify the Schedule Mode as Weight Round Robin Mode: 

TP-LINK(config)# qos scheduler wrr 

show qos port-based 

Description 

The show qos port-based command is used to display the configuration of 

QoS based on port priority. 

Syntax 

show qos port-based [interface-num] 

Parameter 

interface-num —— The Ethernet port selected to display the configuration. By 

default, information of all the ports is displayed. 

Command Mode 


Example 

Display the configuration of QoS for port 5: 

TP-LINK# show qos port-based 5 

123

show qos dot1p 


Description 

The show qos dot1p command is used to display the configuration of IEEE 

802.1P Priority. 

Syntax 

show qos dot1p 

Command Mode 


Example 

Display the configuration of IEEE 802.1P Priority: 

TP-LINK# show qos dot1p 

show qos dscp 

Description 

The show qos dscp command is used to display the configuration of DSCP 

Priority. 

Syntax 

show qos dscp 

Command Mode 


Example 

Display the configuration of DSCP Priority: 

TP-LINK# show qos dscp 

show qos scheduler 

Description 

The show qos scheduler command is used to display the schedule rule of the 

egress queues. 

Syntax 

show qos scheduler 

Command Mode 

124



Example 

Display the schedule rule of the egress queues: 

TP-LINK# show qos scheduler 

125


Chapter 21 Port Mirror Commands 

Port Mirror refers to the process of forwarding copies of packets from one port to a mirroring port. 

Usually, the mirroring port is connected to data diagnose device, which is used to analyze the 

mirrored packets for monitoring and troubleshooting the network. 

mirror add 

Description 

The mirror add command is used to enable Port Mirror function. 

Syntax 

mirror add [mirrored port] [mirroring port] { none | ingress | egress | both } 

[group-num] 

Parameter 

mirrored port —— The port to be monitored. 

mirroring port —— The mirroring port. 

none —— Remove the mirrored port from the current mirror group. 

ingress —— Ingress monitoring. Select this option, the incoming packets 

received by the mirrored port will be copied to the mirroring port. 

egress —— Egress monitoring. Select this option, the outgoing packets sent 

by the mirrored port will be copied to the mirroring port. 

both —— Ingress and Egress monitoring. Select this option, the incoming 

packets received and the outgoing packets sent by the mirrored port will both be 

copied to the mirroring port. 

group-num—— The group number of mirror group. 

Command Mode 


Example 

Configure port 3 as mirrored port, port 4 as mirroring port, the mirror mode as 

both and group number as 1 : 

TP-LINK(config)# mirror add 3 4 both 1 


1. The mirroring port is corresponding to current interface configuration mode. 

126


2. Mirrored ports number is not limited, but it can’t be the mirroring port at the 

same time. 

3. Whether the mirroring port and mirrored ports are in the same VLAN or not 

is not demanded strictly. 

4. The mirroring port and mirrored ports cannot be link-aggregation member. 

mirror remove group 

Description 

The mirror remove group command is used to remove mirror group. 

Syntax 

mirror remove group [group-num] 

Parameter 

group-num—— The group number of mirror group. 

Command Mode 


Example 

Remove mirror group 1: 

TP-LINK(config)# mirror remove group 1 

mirror remove mirrored 

Description 

The mirror remove mirrored command is used to remove the mirrored port 

from the mirror group. 

Syntax 

mirror remove mirrored [mirrored port] [group-num] 

Parameter 

mirrored port —— The port to be monitored. 

group-num —— The group number of mirror group. 

Command Mode 


Example 

Remove mirrored port 1,2-4 from mirror group 1: 

127


TP-LINK(config)# mirror remove mirrored 1,2-4 1 

show mirror 

Description 

The show mirror command is used to display the configuration of mirror group. 

Syntax 

show mirror [group-num] 

Parameter 

group-num —— The group number of mirror group. 

Command Mode 


Example 

Display configuration of mirror group 1: 

TP-LINK# show mirror 1 

128


Chapter 22 Port isolation Commands 

Port Isolation provides a method of restricting traffic flow to improve the network security by 

forbidding the port to forward packets to the ports that are not on its forwarding port list. 

port isolation 

Description 

The port isolation command is used to configure the forward portlist of a port, 

so that this port can only communicate with the ports on its portlist. To delete the 

corresponding configuration, please use no port isolation command. 

Syntax 

port isolation { forward-list } 

no port isolation 

Parameter 

forward-list —— portlist of forward port. It is multi-optional. 

Command Mode 

Interface Configuration Mode 

Example 

Configure port 1 and port 2 can only forward packets to port 6 and port 13: 


TP-LINK(config-if)# port isolation 6,13 

show port isolation 

Description 

The show port isolation command is used to display the forward portlist of a 

port. 

Syntax 

show port isolation [port] 

Parameter 

port —— The port-number you want to show its forward portlist. 

Command Mode 

129



Example 

Display the forward-list of port 6: 

TP-LINK# show port isolation 6 

130


Chapter 23 Loopback Detection 

Note: 

The Loopback Detection function is for TL-SL3452 only. 

With loopback detection feature enabled, the switch can detect loops using loopback detection 

packets. When a loop is detected, the switch will display an alert or further block the corresponding 

port according to the port configuration. 

loopback-detection 

Description 

The loopback-detection command is used to enable the loopback detection 

function globally. To disable it, please use no loopback-detection command. 

Syntax 

loopback-detection 

no loopback-detection 

Command Mode 


Example 

Enable the loopback detection function globally: 

TP-LINK(config)# loopback-detection 

loopback-detection interval 

Description 

The loopback-detection interval command is used to define the interval of 

sending loopback-detection packets to switch ports, aiming at detecting network 

loops periodically. 

Syntax 

loopback-detection interval interval-time 

Parameter 

interval-time —— The interval of sending loopback-detection packets. It ranges 

from 1 to 1000 seconds. By default, this value is 30. 

131


Command Mode 


Example 

Specify the interval-time as 50 seconds: 

TP-LINK(config)# loopback-detection interval 50 

loopback-detection recovery-time 

Description 

The loopback-detection recovery-time command is used to configure the 

time after which the blocked port would automatically recover to normal status. 

Syntax 

loopback-detection recovery-time recovery-time 

Parameter 

recovery-time —— The time after which the blocked port would automatically 

recover to normal status. It can be set as integral times of detection interval. 

Command Mode 


Example 

Configure the recovery-time as 3 times of detection interval: 

TP-LINK(config)# loopback-detection recovery-time 3 

show loopback-detection global 

Description 

The show loopback-detection global command is used to display the global 

configuration of loopback detection function. 

Syntax 

show loopback-detection global 

Command Mode 


Example 

Display the global configuration of loopback detection function: 

TP-LINK# show loopback-detection global 

132


show loopback-detection interface 

Description 

The show loopback-detection interface command is used to display the 

configuration of loopback detection function and the status of all ports. 

Syntax 

show loopback-detection interface 

Command Mode 


Example 

Display the configuration of loopback detection function and the status of all 

ports: 

TP-LINK# show loopback-detection interface 

show loopback-detection interface ethernet 

Description 

The show loopback-detection interface ethernet command is used to display 

the configuration of loopback detection function and the status of an Ethernet 

port. 

Syntax 

show loopback-detection interface ethernet port 

Parameter 

port —— The Ethernet port selected to display the configuration and status. 

Command Mode 


Example 

Display the configuration of loopback detection function and the status of port 5: 

TP-LINK# show loopback-detection interface ethernet 5 

133


Chapter 24 ACL Commands 

ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, 

operations and time ranges. It provides a flexible and secured access control policy and facilitates 

you to control the network security. 

acl time-segment 

Description 

The acl time-segment command is used to add Time-Range. To delete the 

corresponding Time-Range, please use no acl time-segment command. A 

time-range based ACL enables you to implement ACL control over packets by 

differentiating the time-ranges. A time-range can be specified in each rule in an 

ACL. The rule takes effect only when the specified time-range is configured and 

the system time is within the time-range. 

Syntax 

acl time-segment {name} [start-time start-time] [end-time end-time] 

[week-day week-day] [start-date start-date] [end-date end-date] [holiday 

{disable | enable }] 

no acl time-segment {name} 

Parameter 

name —— The Time-Range name, ranging from 1 to 16 characters. 

start-time —— The start time of the time-slice, in the format of HH:MM. By 

default, it is 00:00. 

end-time —— The end time of the time-slice, in the format of HH:MM. By 


week-day —— Period Mode, in the format of 1-3,6 or daily, off-day, 

working-day. 1-3, 6 represent Monday, Tuesday, Wednesday and Saturday; 

daily represents every day; off-day represents weekend and working-day 

represents working day. By default, the period mode is disabled. 

start-date —— The start date in Absoluteness Mode, in the format of 

MM/DD/YYYY. By default, it is 01/01/1970. 

end-date —— The end date in Absoluteness Mode, in the format of 

MM/DD/YYYY. By default, it is 12/31/2099. The absoluteness mode will be 

disabled if the start date and end date are both not configured. 

134


holiday —— Enable/ Disable Holiday Mode. By default, it is disabled. 

Command Mode 


Example 

Add a time-range named tSeg1, with time from 8:30 to 12:00 at working day: 

TP-LINK(config)# acl time-segment tSeg1 start-time 08:30 end-time 12:00 

week-day working-day 

acl edit time-segment 

Description 

The acl edit time-segment command is used to edit Time-Range. 

Syntax 

acl edit time-segment {name} [start-time start-time] [end-time end-time] 

[week-day week-day] [start-date start-date] [end-date end-date] [holiday 

{disable | enable}] 

Parameter 

name —— The Time-Range name, ranging from 1 to 16 characters. 

start-time —— The start time of the time-slice, in the format of HH:MM. By 


end-time —— The end time of the time-slice, in the format of HH:MM. By 


week-day —— Period Mode, in the format of 1-3,6 or daily, off-day, 

working-day. 1-3, 6 represent Monday, Tuesday, Wednesday and Saturday; 

daily represents every day; off-day represents weekend and working-day 

represents working day. By default, the period mode is disabled. 

start-date —— The start date in Absoluteness Mode, in the format of 

MM/DD/YYYY. By default, it is 01/01/1970. 

end-date —— The end date in Absoluteness Mode, in the format of 

MM/DD/YYYY. By default, it is 12/31/2099. The absoluteness mode will be 

disabled if the start date and end date are both not configured. 

holiday —— Enable/ Disable Holiday Mode. By default, it is disabled. 

Command Mode 


135


Example 

Edit the time-range named tSeg1, with time from 8:30 to 12:00 at working day: 

TP-LINK(config)# acl edit time-segment tSeg1 start-time 08:30 end-time 

12:00 week-day working-day 

acl holiday 

Description 

The acl holiday command is used to create holiday in Holiday Mode in the acl 

time-segment command. To delete the corresponding holiday, please use no 

acl holiday command. 

Syntax 

acl holiday {name} {start-date} {end-date} 

no acl holiday {name} 

Parameter 

name —— The holiday name, ranging from 1 to 16 characters. 

start-date —— The start date of the holiday, in the format of MM/DD, for 

instance, 05/01. 

end-date —— The end date of the holiday, in the format of MM/DD, for 

instance, 05/03. 

Command Mode 


Example 

Define National Day, configuring the start date as October 1st, and the end date 

as October 3rd: 

TP-LINK(config)# acl holiday NationalDay 10/01 10/03 

acl create 

Description 

The acl create command is used to create ACL. To delete the corresponding 

ACL, please use no acl create command. 

Syntax 

acl create id 

136


no acl create id 

Parameter 

id —— ACL ID, ranging from 0 to 299. 0-99 must be MAC ACL, 100-199 must 

be Standard-IP ACL, and 200-299 must be Extend-IP ACL. 

Command Mode 


Example 

Create a MAC ACL whose ID is 20: 

TP-LINK(config)# acl create 20 

acl rule mac-acl 

Description 

The acl rule mac-acl command is used to add MAC ACL rule. To delete the 

corresponding rule, please use no acl rule mac-acl command. MAC ACLs 

analyze and process packets based on a series of match conditions, which can 

be the source MAC addresses, destination MAC addresses, VLAN ID, and 

EtherType carried in the packets. 

Syntax 

acl rule mac-acl {acl-id} {rule-id} [op {discard | permit }] [[smac source-mac] 

{smask source-mac-mask}] [[dmac destination-mac] {dmask 

destination-mac-mask}] [vid vlan-id] [type Ethernet-type] [pri user-pri] [tseg 

time-segment] 

no acl rule mac-acl {acl-id} {rule-id} 

Parameter 

acl-id —— The desired MAC ACL for configuration. 

rule-id —— The rule ID. 

op —— The operation for the switch to process packets which match the rules. 

There are two options, discard and permit. Discard means discarding packets, 

and permit means forwarding packets. By default, the option is permit. 

source-mac —— The source MAC address contained in the rule. 

source-mac-mask —— The source MAC address mask. It is required if you 

typed the source MAC address. 

destination-mac —— The destination MAC address contained in the rule. 

destination-mac-mask —— The destination MAC address mask. It is required 

137


if you typed the destination MAC address. 

vlan-id —— The VLAN ID contained in the rule, ranging from 1 to 4094. 

Ethernet-type —— EtherType contained in the rule, in the format of 4-hex 

number. 

user-pri —— The user priority contained in the rule, ranging from 0 to 7. By 

default, it is not limited. 

time-segment —— The time-range for the rule to take effect. By default, it is 

not limited. 

Command Mode 


Example 

Create a MAC ACL whose ID is 20, and add Rule 10 for it. In the rule, the source 

MAC address is 00:01:3F:48:16:23, the source MAC address mask is 

11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule 

to take effect is tSeg1, and the packets match this rule will be forwarded by the 

switch: 


TP-LINK(config)# acl rule mac-acl 20 10 op permit smac 00:01:3F:48:16:23 

smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 

acl edit rule mac-acl 

Description 

The acl edit rule mac-acl command is used to edit MAC ACL rule. 

Syntax 

acl edit rule mac-acl {acl-id} {rule-id} [op {discard | permit}] [[smac source-mac] 

{smask source-mac-mask}] [[dmac destination-mac] {dmask 

destination-mac-mask}] [vid vlan-id] [type Ethernet-type] [pri user-pri] [tseg 

time-segment] [index idx] 

Parameter 

acl-id —— The desired MAC ACL for configuration. 





138


source-mac —— The source MAC address contained in the rule. 

source-mac-mask —— The source MAC address mask. It is required if you 

typed the source MAC address. 

destination-mac —— The destination MAC address contained in the rule. 

destination-mac-mask —— The destination MAC address mask. It is required 

if you typed the destination MAC address. 

vlan-id —— The VLAN ID contained in the rule, ranging from 1 to 4094. 

Ethernet-type —— EtherType contained in the rule, in the format of 4-hex 

number. 

user-pri —— The user priority contained in the rule, ranging from 0 to 7. By 

default, it is not limited. 


not limited. 

index —— Change the index number of the entry. 

Command Mode 


Example 

Edit the MAC ACL whose ID is 20, and add Rule 10 for it. In the rule, the source 

MAC address is 00:01:3F:48:16:23, the source MAC address mask is 

11:11:11:11:11:00, VLAN ID is 2, the user priority is 5, the time-range for the rule 

to take effect is tSeg1, and the packets match this rule will be forwarded by the 

switch: 

TP-LINK(config)# acl edit rule mac-acl 20 10 op permit smac 

00:01:3F:48:16:23 smask 11:11:11:11:11:00 vid 2 pri 5 tseg tSeg1 

acl rule std-acl 

Description 

The acl rule std-acl command is used to add Standard-IP ACL rule. To delete 

the corresponding rule, please use no acl rule std-acl command. Standard-IP 

ACLs analyze and process data packets based on a series of match conditions, 

which can be the source IP addresses and destination IP addresses carried in 

the packets. 

Syntax 

acl rule std-acl {acl-id} {rule-id} [op {discard | permit}] [[sip source-ip] {smask 

139


source-ip-mask}] [[dip destination-ip] {dmask destination-ip-mask}] [tseg 

time-segment] 

no acl rule std-acl {acl-id} {rule-id} 

Parameter 

acl-id —— The desired Standard-IP ACL for configuration. 





source-ip —— The source IP address contained in the rule. 

source-ip-mask —— The source IP address mask. It is required if you typed 

the source IP address. 

destination-ip —— The destination IP address contained in the rule. 

destination-ip-mask —— The destination IP address mask. It is required if you 

typed the destination IP address. 


not limited. 

Command Mode 


Example 

Create a Standard-IP ACL whose ID is 120, and add Rule 10 for it. In the rule, 

the source IP address is 192.168.0.100, the source IP address mask is 

255.255.255.0, the time-range for the rule to take effect is tSeg1, and the 

packets match this rule will be forwarded by the switch: 


TP-LINK(config)# acl rule std-acl 120 10 op permit dip 192.168.0.100 dmask 

255.255.255.0 tseg tSeg1 

acl edit rule std-acl 

Description 

The acl edit rule std-acl command is used to edit Standard-IP ACL rule. 

Syntax 

acl edit rule std-acl {acl-id} {rule-id} [op {discard | permit}] [[sip source-ip] 

140


{smask source-ip-mask}] [[dip destination-ip] {dmask destination-ip-mask}] 

[tseg time-segment] [index idx] 

Parameter 

acl-id —— The desired Standard-IP ACL for configuration. 





source-ip —— The source IP address contained in the rule. 

source-ip-mask —— The source IP address mask. It is required if you typed 

the source IP address. 

destination-ip —— The destination IP address contained in the rule. 

destination-ip-mask —— The destination IP address mask. It is required if you 

typed the destination IP address. 


not limited. 

index —— Change the index number of the entry. 

Command Mode 


Example 

Edit Rule 10 for the Standard-IP ACL whose ID is 120. In the rule, the source IP 

address is 192.168.0.100, the source IP address mask is 255.255.255.0, the 

time-range for the rule to take effect is tSeg1, and the packets match this rule 

will be forwarded by the switch: 

TP-LINK(config)# acl edit rule std-acl 120 10 op permit dip 192.168.0.100 

dmask 255.255.255.0 tseg tSeg1 

acl policy policy-add 

Description 

The acl policy policy-add command is used to add Policy. To delete the 

corresponding Policy, please use no acl policy policy-add command. A Policy 

is used to control the data packets matching the corresponding ACL rules by 

configuring ACLs and actions together for effect. The operations here include 

stream mirror, stream condition and redirect. 

141


Syntax 

acl policy policy-add name 

no acl policy policy-add name 

Parameter 

name —— The Policy Name, ranging from 1 to 16 characters. 

Command Mode 


Example 

Add a Policy named policy1: 

TP-LINK(config)# acl policy policy-add policy1 

acl policy action-add 

Description 

The acl policy action-add command is used to add ACLs and create actions 

for the policy. To delete the corresponding actions, please use no acl policy 

action-add command. 

Syntax 

acl policy action-add {policy-name} {acl-id} [rate rate] [osd {none | discard}] 

[e-port egress-port] [vid vlan-id] [mirr mirror] 

no acl policy action-add {policy-name} {acl-id} 

Parameter 

policy-name —— The Policy Name, ranging from 1 to 16 characters. 

acl-id —— The ACL for configuration in the policy. 

rate —— The rate of Stream Condition, ranging from 1 to 1000000 in kbps. 

osd —— Out of Band disposal of Stream Condition. It is the disposal way of the 

data packets those are transmitted beyond the rate. There are two options, 

none and discard. By default, the option is none. 

egress-port —— The Destination Port of Redirect. The data packets those 

match the corresponding ACL will be forwarded to the specific port. By default, it 

is All Ports. 

vlan-id —— The VLAN ID of Redirect. The data packets those match the 

corresponding ACL will be forwarded in the specific VLAN. The VLAN ID ranges 

from 1 to 4094. 

142


mirror —— The Mirror Port of Stream Mirror. By default, it is 1. 

Command Mode 


Example 

Create a Policy named policy1. For the data packets those match ACL 120 in 

the policy, if the rate beyond 1000kbps, will be discarded by the switch: 

TP-LINK(config)# acl policy policy-add policy1 

TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard 

acl edit action 

Description 

The acl edit action command is used to edit actions for the policy. 

Syntax 

acl edit action {policy-name} {acl-id} [rate rate] [osd {none | discard}] [e-port 

egress-port] [vid vlan-id] [mirr mirror] 

Parameter 

policy-name —— The Policy Name, ranging from 1 to 16 characters. 

acl-id —— The ACL for configuration in the policy. 

rate —— The rate of Stream Condition, ranging from 1 to 1000000 in kbps. 

osd —— Out of Band disposal of Stream Condition. It is the disposal way of the 

data packets those are transmitted beyond the rate. There are two options, 

none and discard. By default, the option is none. 

egress-port —— The Destination Port of Redirect. The data packets those 

match the corresponding ACL will be forwarded to the specific port.. By default, 

it is All Ports. 

vlan-id —— The VLAN ID of Redirect. The data packets those match the 

corresponding ACL will be forwarded in the specific VLAN. The VLAN ID ranges 

from 1 to 4094. 

mirror —— The Mirror Port of Stream Mirror. By default, it is 1. 

Command Mode 


Example 

Edit the actions for the policy1. For the data packets those match ACL 120 in the 

143


policy, if the rate beyond 1000kbps, will be discarded by the switch: 

TP-LINK(config)# acl edit action policy1 120 rate 1000 osd discard 

acl bind to-port 

Description 

The acl bind to-port command is used to bind a policy to a port. To cancel the 

bind relation, please use no acl bind to-port command. 

Syntax 

acl bind to-port {policy-name} {port} 

no acl bind to-port {policy-name} {port} 

Parameter 

policy-name —— The name of the policy desired to bind. 

port —— The number of the port desired to bind. 

Command Mode 


Example 

Bind policy1 to Port 1: 

TP-LINK(config)# acl bind to-port policy1 1 

acl bind to-vlan 

Description 

The acl bind to-vlan command is used to bind a policy to a VLAN. To cancel 

the bind relation, please use no policy to-vlan command. 

Syntax 

acl bind to-vlan {policy-name} {vlan-id} 

no policy to-vlan {policy-name} {vlan-id} 

Parameter 

policy-name —— The name of the policy desired to bind. 

vlan-id —— The ID of the VLAN desired to bind, ranging from 1 to 4094. 

Command Mode 


Example 

144


Bind policy1 to VLAN 2: 

TP-LINK(config)# acl bind to-vlan policy1 2 

show acl time-segment 

Description 

The show acl time-segment command is used to display the configuration of 

Time-Range. 

Syntax 

show acl time-segment 

Command Mode 


Example 

Display the configuration of Time-Range: 

TP-LINK> show acl time-segment 

show acl holiday 

Description 

The show acl holiday command is used to display the defined holiday. 

Syntax 

show acl holiday 

Command Mode 


Example 

Display the defined holiday: 

TP-LINK> show acl holiday 

show acl config 

Description 

The show acl config command is used to display the configuration of ACL. 

Syntax 

show acl config acl-id 

145


Parameter 

acl-id —— The ID of the ACL selected to display the configuration. 

Command Mode 


Example 

Display the configuration of the MAC ACL whose ID is 20: 

TP-LINK> show acl config 20 

show acl bind 

Description 

The show acl bind command is used to display the configuration of Policy bind. 

Syntax 

show acl bind 

Command Mode 


Example 

Display the configuration of Policy bind: 

TP-LINK> show acl bind 

146


Chapter 25 MSTP Commands 

MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to 

IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as 

well as optimize paths. 

spanning-tree global 

Description 

The spanning-tree global command is used to configure STP globally. To 

return to the default configuration, please use no spanning-tree global 

command. 

Syntax 

spanning-tree global [status {disable | enable}] [mode {stp | rstp | mstp}] [cist 

cist] [htime hello-time] [mage max-age] [delay forward-delay] [hcount 

hold-count] [mhop max-hops] 

no spanning-tree global 

Parameter 

status —— Enable/ Disable STP function globally. By default, it is disabled. 

mode —— STP Version. There are three options, including SRP (Spanning 

Tree Protocol), RSTP (Rapid Spanning Tree Protocol) and MSTP (Multiple 

Spanning Tree Protocol). By default, the STP version is STP. 

cist —— CIST Priority, which must be multiple of 4096 ranging from 0 to 61440. 

By default, the CIST priority is 32768. CIST Priority is an important criterion on 

determining the root bridge. In the same condition, the switch with the highest 

priority will be chosen as the root bridge. The lower value has the higher priority. 

hello-time —— Hello Time, which is the interval to send BPDU packets, and 

used to test the links. Hello Time ranges from 1 to10 in seconds and it is 2 by 

default. Otherwise, 2 * (Hello Time + 1) = Max 

147


Age. 

hold-count —— TxHold Count, which is the maximum number of BPDU 

packets transmitted per Hello Time interval. TxHold Count ranges from 1 to 20 

in pps. By default, it is 5. 

max-hops —— Max Hops, which is the maximum number of hops that occur in 

a specific region before the BPDU is discarded. Max Hops ranges from 1 to 40 

in hop. By default, it is 20. 

Command Mode 


Example 

Enable the STP function, and configure the STP version as MSTP, CIST priority 

as 4096, Hello Time as 4 seconds, Max Age as 10 seconds, Forward Delay as 

10 seconds, TxHold Count as 8pps and Max Hops as 15 hops: 

TP-LINK(config)# spanning-tree global status enable mode mstp cist 4096 

htime 4 mage 10 delay 10 hcount 8 mhop 15 

spanning-tree common-config 

Description 

The spanning-tree common-config command is used to configure the 

parameters of the ports for comparison in the CIST and the common parameters 

of all instances. To return to the default configuration, please use no 

spanning-tree common-config command. CIST (Common and Internal 

Spanning Tree) is the spanning tree in a switched network, connecting all 

devices in the network. 

Syntax 

spanning-tree common-config [status {disable | enable}] [pri priority] [expath 

expath-consum] [inpath inpath-consum] [edge {disable | enable}] [ptop {auto | 

open | close}] 

no spanning-tree common-config 

Parameter 

status —— Enable/ Disable STP function for the desired port. By default, it is 

disabled. 

priority —— Port Priority, which must be multiple of 16 ranging from 0 to 240. 

By default, the port priority is 128. Port Priority is an important criterion on 

148


determining if the port connected to this port will be chosen as the root port. In 

the same condition, the port with the highest priority will be chosen as the root 

port. The lower value has the higher priority. 

expath-consum —— ExtPath Cost, which is used to choose the path and 

calculate the path costs of ports in different MST regions. It is an important 

criterion on determining the root port. The lower value has the higher priority. By 

default, it is automatic. 

inpath-consum —— IntPath Cost, which is used to choose the path and 

calculate the path costs of ports in an MST region. It is an important criterion on 

determining the root port. The lower value has the higher priority. By default, it is 

automatic. 

edge —— Enable/ Disable Edge Port. By default, it is disabled. The edge port 

can transit its state from blocking to forwarding rapidly without waiting for 

forward delay. 

ptop —— The P2P link status, with auto, open and close options. By default, 

the option is auto. If the two ports in the P2P link are root port or designated port, 

they can transit their states to forwarding rapidly to reduce the unnecessary 

forward delay. 

Command Mode 


Example 

Enable the STP function of port 1, and configure the Port Priority as 64, ExtPath 

Cost as 100, IntPath Cost as 100, and then enable Edge Port: 


TP-LINK(config-if)# spanning-tree common-config status enable pri 64 

expath 100 inpath 100 edge enable 

spanning-tree region 

Description 

The spanning-tree region command is used to configure the region of MSTP. A 

switched network can be divided into many MST regions (Multiple Spanning 

Tree Regions). An MST region comprises multiple switches which have the 

same region configuration (including region name and region revision 

configuration) and the same VLAN-to-spanning-tree mapping configuration. 

149


Syntax 

spanning-tree region {name} {revision} 

Parameter 

name —— The region name, used to identify MST region. It ranges from 1 to 

32 characters. 

revision —— The revision for MST region identification, ranging from 0 to 

65535. 

Command Mode 


Example 

Configure the region name of MSTP as r1, and the revision level as 100: 

TP-LINK(config)# spanning-tree region r1 100 

spanning-tree msti 

Description 

The spanning-tree msti command is used to configure MSTP Instance. To 

return to the default configuration of the corresponding Instance, please use no 

spanning-tree msti command. Instance Configuration, a property of MST 

region, is used to describe the VLAN-to-spanning-tree mapping configuration. 

You can assign VLAN to different instances appropriate to your needs. Every 

instance is a VLAN group independent of other instances and CST. 

Syntax 

spanning-tree msti {msti-id} [status {disable | enable}] [pri priority] [mapped 

mapped] 

no spanning-tree msti {msti-id} 

Parameter 

msti-id —— Instance ID, ranging from 1 to 8. 

status —— Enable/ Disable the corresponding instance. By default, it is 

disabled. 

priority —— MSTI Priority, which must be multiple of 4096 ranging from 0 to 

61440. By default, it is 32768. MSTI priority is an important criterion on 

determining if the switch will be chosen as the root bridge in the specific 

instance. 

mapped —— VLAN-Instance mapping. Enter the VLAN ID which belongs to 

150


the corresponding instance ID, in the format of 1,2-4. 

Command Mode 


Example 

Enable Instance 1, add VLAN 2, 3, 4, 5, 8 for it, and configure MSTI Priority as 

4096: 

TP-LINK(config)# spanning-tree msti 1 status enable pri 4096 mapped 2-5,8 

spanning-tree msti 

Description 

The spanning-tree msti command is used to configure MSTP Instance Port. To 

return to the default configuration of the corresponding Instance Port, please 

use no spanning-tree msti command. A port can play different roles in different 

spanning tree instance. You can use this command to configure the parameters 

of the ports in different instance IDs as well as view status of the ports in the 

specified instance. 

Syntax 

spanning-tree msti {id} [pri pri] [path path] 

no spanning-tree msti {id} 

Parameter 

id —— The desired instance ID for its port configuration, ranging from 1 to 8. 

pri —— Port Priority, which must be multiple of 16 ranging from 0 to 240. By 

default, it is 128. Port Priority is an important criterion on determining if the port 

will be chosen as the root port by the device connected to this port. 

path —— Path Cost, which is used to choose the path and calculate the path 

costs of ports in an MST region. It is an important criterion on determining the 

root port. The lower value has the higher priority. 

Command Mode 


Example 

Configure the priority of port 5 in instance 1 as 64, and Path Cost as 100: 


TP-LINK(config-if)# spanning-tree msti 1 pri 64 path 100 

151

spanning-tree tc-defend 


Description 

The spanning-tree tc-defend command is used to configure the TC Protect of 

Spanning Tree globally. To return to the default configuration, please use no 

spanning-tree tc-defend command. A switch removes MAC address entries 

upon receiving TC-BPDUs. If a malicious user continuously sends TC-BPDUs to 

a switch, the switch will be busy with removing MAC address entries, which may 

decrease the performance and stability of the network. 

Syntax 

spanning-tree tc-defend [threshold threshold] [period period] 

no spanning-tree tc-defend 

Parameter 

threshold —— TC Threshold, ranging from 1 to 100 packets. By default, it is 20. 

TC Threshold is the maximum number of the TC-BPDUs received by the switch 

in a TC Protect Cycle. 

period —— TC Protect Cycle, ranging from 1 to 10 in seconds. By default, it is 

5. 

Command Mode 


Example 

Configure TC Threshold as 30 packets and TC Protect Cycle as 10 seconds: 

TP-LINK(config)# spanning-tree tc-defend threshold 30 period 10 

spanning-tree security 

Description 

The spanning-tree security command is used to configure MSTP Port Protect. 

To return to the default configuration, please use no spanning-tree security 

command. Port Protect function is to prevent the devices from any malicious 

attack against STP features. 

Syntax 

spanning-tree security [loop { disable | enable }] [root { disable | enable }] [TC 

{ disable | enable }] [defend { disable | enable }] [hold { disable | enable }] 

no spanning-tree security 

152


Parameter 

loop —— Enable/ Disable Loop Protect. By default, it is disabled. Loop Protect 

is to prevent the loops in the network brought by recalculating STP because of 

link failures and network congestions. 

root —— Enable/ Disable Root Protect. By default, it is disabled. Root Protect 

is to prevent wrong network topology change caused by the role change of the 

current legal root bridge. 

TC —— Enable/ Disable TC Protect. By default, it is disabled. 

defend —— Enable/ Disable BPDU Protect. By default, it is disabled. BPDU 

Protect is to prevent the edge port from being attacked by maliciously created 

BPDUs. 

hold —— Enable/ Disable BPDU Filter. By default, it is disabled. BPDU Filter is 

to prevent BPDUs flood in the STP network. 

Command Mode 


Example 

Enable Loop Protect, Root Protect, TC Protect, BPDU Protect, and BPDU Filter 

for port 2: 


TP-LINK(config-if)# spanning-tree security loop enable root enable TC 

enable defend enable hold enable 

spanning-tree mcheck 

Description 

The spanning-tree mcheck command is used to enable MCheck. 

Syntax 

spanning-tree mcheck 

Command Mode 


Example 

Enable MCheck for port 2: 


TP-LINK(config-if)# spanning-tree mcheck 

153


show spanning-tree global-info 

Description 

The show spanning-tree global-info command is used to display the current 

status of Spanning Tree. 

Syntax 

show spanning-tree global-info 

Command Mode 


Example 

Display the current status of Spanning Tree: 

TP-LINK# show spanning-tree global-info 

show spanning-tree global-config 

Description 

The show spanning-tree global-config command is used to display the global 

configuration of Spanning Tree. 

Syntax 

show spanning-tree global-config 

Command Mode 


Example 

Display the global configuration of Spanning Tree: 

TP-LINK# show spanning-tree global-config 

show spanning-tree port-config 

Description 

The show spanning-tree port-config command is used to display the Port 


Syntax 

show spanning-tree port-config [port] 

Parameter 

154


port —— The port selected to display the configuration. By default, the 


Command Mode 


Example 

Display the configuration of port 5: 

TP-LINK(config)# show spanning-tree port-config 5 

show spanning-tree region 

Description 

The show spanning-tree region command is used to display the Region 

configuration of MSTP. 

Syntax 

show spanning-tree region 

Command Mode 


Example 

Display the region configuration of MSTP: 

TP-LINK(config)# show spanning-tree region 

show spanning-tree msti config 

Description 

The show spanning-tree msti config command is used to display the Instance 


Syntax 

show spanning-tree msti config {id} 

Parameter 

id —— The ID of the instance selected to display the configuration, ranging 

from 1 to 8. 

Command Mode 


Example 

155


Display the configuration of instance 1: 

TP-LINK(config)# show spanning-tree msti config 1 

show spanning-tree msti port 

Description 

The show spanning-tree msti port command is used to display the Instance 

Port configuration of Spanning Tree. 

Syntax 

show spanning-tree msti port {id} [port] 

Parameter 

id —— Instance ID, ranging from 1 to 8. 



Command Mode 


Example 

Display the configuration of port 5 in Instance 1: 

TP-LINK(config)# show spanning-tree msti port 1 5 

show spanning-tree security tc-defend 

Description 

The show spanning-tree security tc-defend command is used to display TC 

Threshold and TC Protect Cycle of Spanning Tree. 

Syntax 

show spanning-tree security tc-defend 

Command Mode 


Example 

Display TC Threshold and TC Protect Cycle of Spanning Tree: 

TP-LINK(config)# show spanning-tree security tc-defend 

156


show spanning-tree security port-defend 

Description 

The show spanning-tree security port-defend command is used to display 

the Port Protect configuration of Spanning Tree. 

Syntax 

show spanning-tree security port-defend [port] 

Parameter 

port —— The port selected to display the configuration. By default, the Port 

Protect configuration of all ports is displayed. 

Command Mode 


Example 

Display the Port Protect configuration of port 2: 

TP-LINK(config)# show spanning-tree security port-defend 2 

157


Chapter 26 IGMP Commands 

IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control 

mechanism running on Layer 2 switch. It can effectively prevent multicast groups being 

broadcasted in the network. 

igmp-snooping global 

Description 

The igmp-snooping global command is used to configure IGMP globally. To 

return to the default configuration, please use no igmp global-snooping 

command. 

Syntax 

igmp-snooping global [status {disable | enable}] [unknown-packet {pass | 

discard}] 

no igmp-snooping global 

Parameter 

status —— Enable/Disable IGMP Snooping function globally on the switch. By 

default, it is disabled. 

unknown-packet —— The operation for the switch to process unknown 

multicast, with pass and discard options. 

Command Mode 


Example 

Enable IGMP Snooping function, and specify the operation to process unknown 

multicast as discard: 

TP-LINK(config)# igmp-snooping global status enable unknown-packet 

discard 

igmp-snooping config 

Description 

The igmp-snooping config command is used to configure IGMP Snooping and 

Fast Leave function for port. To return to the default configuration, please use 

158


no igmp-snooping config command. 

Syntax 

igmp-snooping config status {disable | enable} fast-leave {disable | enable} 

no igmp-snooping config 

Parameter 

status —— Enable/ Disable IGMP Snooping for the desired port. 

fast-leave —— Enable/ Disable Fast Leave feature for the desired port. If Fast 

Leave is enabled for a port, the switch will immediately remove this port from the 

multicast group upon receiving IGMP leave messages. 

Command Mode 


Example 

Enable IGMP Snooping and Fast Leave function for port 5: 


TP-LINK(config-if)# igmp-snooping config status enable fast-leave enable 

igmp-snooping vlan-config-add 

Description 

The igmp-snooping vlan-config-add command is used to configure IGMP 

Snooping parameters for individual VLANs. To delete the corresponding 

configuration for the certain VLAN, please use no igmp-snooping 

vlan-config-add command. Multicast groups established by IGMP Snooping 

are based on VLANs. You can configure different IGMP parameters for different 

VLANs. 

Syntax 

igmp-snooping vlan-config-add {vlan-id} [rtime router-time] [mtime 

member-time] [ltime leave-time] [rport router-port] 

no igmp-snooping vlan-config-add {vlan-id} 

Parameter 

vlan-id —— The ID of the VLAN desired to enable IGMP Snooping, ranging 

from 1 to 4094. 

router-time —— Router Port Time. Within this time, if the switch does not 

receive IGMP query message from the router port, it will consider this port is not 

a router port any more. Router Port Time ranges from 60 to 600 in seconds. By 

159


default, it is 300. 

member-time —— Member Port Time. Within this time, if the switch does not 

receive IGMP report message from the member port, it will consider this port is 

not a member port any more. Member Port Time ranges from 60 to 600 in 

seconds. By default, it is 260. 

leave-time —— Leave Time, which is the interval between the switch receiving 

a leave message from a host and the switch removing the host from the 

multicast groups. Leave Time ranges from 1 to 30 in seconds. By default, it is 1. 

router-port —— Static Router Port, which is mainly used in the network with 

stable topology. 

Command Mode 


Example 

Enable IGMP Snooping for VLAN 1, and configure Router Port Time as 200 

seconds, Member Port Time as 100 seconds, Leave time as 10 seconds and 

Static Router Port as port 1: 

TP-LINK(config)# igmp-snooping vlan-config-add 1 rtime 200 mtime 100 

ltime 10 rport 1 

igmp-snooping vlan-config 

Description 

The igmp-snooping vlan-config command is used to modify IGMP Snooping 

parameters for individual VLANs. To return to the primary configuration of the 

corresponding VLAN, please use no igmp-snooping vlan-config command. 

Syntax 

igmp-snooping vlan-config {vlan-id} [rtime router-time] [mtime member-time] 

[ltime leave-time] [rport router-port] 

no igmp-snooping vlan-config {vlan-id} 

Parameter 

vlan-id —— The ID of the VLAN desired to modify configuration, ranging from 

1 to 4094. 




160











stable topology. 

Command Mode 


Example 

Modify Router Port Time as 300 seconds, Member Port Time as 200 seconds, 

and Leave time as 15 seconds for VLAN 1: 

TP-LINK(config)# igmp-snooping vlan-config 1 rtime 300 mtime 200 ltime 15 

igmp-snooping multi-vlan-config 

Description 

The igmp-snooping multi-vlan-config command is used to create Multicast 

VLAN. To delete the corresponding Multicast VLAN, please use no 

igmp-snooping multi-vlan-config command. 

Syntax 

igmp-snooping multi-vlan-config {disable | enable} {vid} [rtime router-time] 

[mtime member-time] [ltime leave-time] [rport router-port] 

no igmp-snooping multi-vlan-config 

Parameter 

disable | enable —— Enable/ Disable Multicast VLAN. 

vid —— The ID of the VLAN desired to modify configuration, ranging from 2 to 

4094. 





161










stable topology.. 

Command Mode 


Example 

Enable Multicast VLAN, and configure Router Port Time as 300 seconds, 

Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 2: 

TP-LINK(config)# igmp-snooping multi-vlan-config enable 2 rtime 300 

mtime 200 ltime 15 

igmp-snooping static-entry-add 

Description 

The igmp-snooping static-entry-add command is used to create static 

multicast IP entry. To delete the corresponding entry, please use no 

igmp-snooping static-entry-add command. The multicast groups configured 

here are not learned by IGMP Snooping and independent of dynamic multicast 

groups and multicast filter. Multicast IP addresses ranges from 224.0.0.0 to 

239.255.255.255. The range for receivers to join is from 224.0.1.0 to 

239.255.255.255. 

Syntax 

igmp-snooping static-entry-add {ip} {vlan-id} {switch-port} 

no igmp-snooping static-entry-add {ip} {vlan-id} 

Parameter 

ip —— The static multicast IP address. 

vlan-id —— The VLAN ID of the multicast IP, ranging from 1 to 4094. 

switch-port —— The forward port of the multicast group, in the format of 

1-3,6,23. 

162


Command Mode 


Example 

Add static multicast IP address 225.0.0.1, which correspond to VLAN 2, and 

configure the forward port as port 1: 

TP-LINK(config)# igmp-snooping static-entry-add 225.0.0.1 2 1 

igmp-snooping filter-add 

Description 

The igmp-snooping filter-add command is used to configure the multicast 

IP-range desired to filter. To delete the corresponding IP-range, please use no 

igmp-snooping filter-add command. When IGMP Snooping is enabled, you 

can specified the multicast IP-range the ports can join so as to restrict users 

ordering multicast programs via configuring multicast filter rules. Multicast IP 

addresses ranges from 224.0.0.0 to 239.255.255.255. The range for receivers 

to join is from 224.0.1.0 to 239.255.255.255. 

Syntax 

igmp-snooping filter-add {id} {start-ip} {end-ip} 

no igmp-snooping filter-add {id} 

Parameter 

id —— IP-range ID, ranging from 1 to 30. 

start-ip —— The start multicast IP of the IP-range. 

end-ip —— The end multicast IP of the IP-range. 

Command Mode 


Example 

Add multicast IP-range 225.0.0.1~225.0.0.4 to filter, and specify the IP-range ID 

as 20: 

TP-LINK(config)# igmp-snooping filter-add 20 225.0.0.1 225.0.0.4 

igmp-snooping filter-config 

Description 

163


The igmp-snooping filter-config command is used to modify the multicast 

filtering IP-range. 

Syntax 

igmp-snooping filter-config {id} {start-ip} {end-ip} 

Parameter 

id —— IP-range ID, ranging from 1 to 30. 

start-ip —— The start multicast IP of the IP-range. 

end-ip —— The end multicast IP of the IP-range. 

Command Mode 


Example 

Modify the multicast IP-range whose ID is 20 as 225.0.0.10~225.0.0.12: 

TP-LINK(config)# igmp-snooping filter- config 20 225.0.0.10 225.0.0.12 

igmp-snooping filter 

Description 

The igmp-snooping filter command is used to configure Port Filter. To return to 

the default configuration, please use no igmp-snooping filter command. When 

the switch receives IGMP report message, it examines the multicast filtering IP 

ID configured on the access port to determine if the port can join the multicast 

group. If the multicast IP is not filtered, the switch will add the port to the forward 

port list of the multicast group. Otherwise, the switch will drop the IGMP report 

message. In that way, you can control the multicast groups that users can 

access. 

Syntax 

igmp-snooping filter [status [disable | enable] | mode [refuse | accept] | 

addr-id [filter-addr-id] | maxgroup [max-group]] 

no igmp-snooping filter 

Parameter 

status —— Enable/ Disable port multicast filtering function. By default, it is 

disabled. 

mode —— Action Mode, with refuse and accept options. Refuse indicates only 

the multicast packets whose multicast IP is not in the IP-range will be processed, 

while accept indicates only the multicast packets whose multicast IP is in the 

164


IP-range will be processed. By default, the option is accept. 

filter-addr-id —— The IP-range ID the port will be bound to, in the format of 1-3, 

4, 6. Up to 15 IP-Ranges can be bound to one port. 

max-group —— The maximum number of multicast groups for the port to join 

in. It is used to prevent some ports taking up too much bandwidth. 

Command Mode 


Example 

Enable multicast filtering function for port 5, specify Action Mode as accept, 

bound IP-range 2, 3, 4, and specify the maximum number of multicast groups 

for port 5 to join in as 128: 


TP-LINK(config-if)# igmp-snooping filter status enable mode accept addr-id 

2-4 maxgroup 128 

show igmp-snooping global-config 

Description 

The show igmp-snooping global-config command is used to display the 

global configuration of IGMP. 

Syntax 

show igmp-snooping global-config 

Command Mode 


Example 

Display the global configuration of IGMP: 

TP-LINK> show igmp-snooping global-config 

show igmp-snooping port-config 

Description 

The show igmp-snooping port-config command is used to display the port 

configuration of IGMP. 

Syntax 

165


show igmp-snooping port-config [port] 

Parameter 



Command Mode 


Example 

Display the IGMP configuration of port 2: 

TP-LINK> show igmp-snooping port-config 2 

show igmp-snooping vlan-config 

Description 

The show igmp-snooping vlan-config command is used to display the VLAN 

configuration of IGMP. 

Syntax 

show igmp-snooping vlan-config 

Command Mode 


Example 

Display the VLAN configuration of IGMP: 

TP-LINK> show igmp-snooping vlan-config 

show igmp-snooping multi-vlan 

Description 

The show igmp-snooping multi-vlan command is used to display the 

Multicast VLAN configuration. 

Syntax 

show igmp-snooping multi-vlan 

Command Mode 


Example 

Display the Multicast VLAN configuration: 

166


TP-LINK> show igmp-snooping multi-vlan 

show igmp-snooping multi-ip-list 

Description 

The show igmp-snooping multi-ip-list command is used to display the 

Multicast IP table. 

Syntax 

show igmp-snooping multi-ip-list 

Command Mode 


Example 

Display the Multicast IP table: 

TP-LINK> show igmp-snooping multi-ip-list 

show igmp-snooping filter-ip-addr 

Description 

The show igmp-snooping filter-ip-addr command is used to display the 

Multicast Filter IP-Range table. 

Syntax 

show igmp-snooping filter-ip-addr 

Command Mode 


Example 

Display the Multicast Filter IP-Range table: 

TP-LINK(config)# show igmp-snooping filter-ip-addr 

show igmp-snooping port-filter 

Description 

The show igmp-snooping port-filter command is used to display the 

configuration of Multicast Port Filter. 

Syntax 

167


show igmp-snooping port-filter [port-num] 

Parameter 

port-num —— The port selected to display the configuration of Multicast Filter. 

By default, the configuration of all ports is displayed. 

Command Mode 


Example 

Display the Multicast Filter configuration of port 5: 

TP-LINK> show igmp-snooping port-filter 5 

show igmp-snooping packet-stat 

Description 

The show igmp-snooping packet-stat command is used to display the Packet 

Statistics information of all ports. 

Syntax 

show igmp-snooping packet-stat 

Command Mode 


Example 

Display the Packet Statistics information: 

TP-LINK> show igmp-snooping packet-stat 

show igmp-snooping packet-stat-clear 

Description 

The show igmp-snooping packet-stat-clear command is used to clear the 

Packet Statistics information of all ports. 

Syntax 

show igmp-snooping packet-stat-clear 

Command Mode 


Example 

Clear the Packet Statistics information: 

168


TP-LINK> show igmp-snooping packet-stat-clear 

169


Chapter 27 SNMP Commands 

SNMP (Simple Network Management Protocol) functions are used to manage the network devices 

for a smooth communication, which can facilitate the network administrators to monitor the 

network nodes and implement the proper operation. 

snmp global 

Description 

The snmp global command is used to configure the SNMP function globally. To 

return to the default configuration, please use no snmp global command. 

Syntax 

snmp global [status {disable | enable}] [engine-id engine-id] [remote-id 

remote-id] 

no snmp global 

Parameter 

status —— Enable/ Disable the SNMP function. By default, it is disabled. 

engine-id —— Local Engine ID for local clients. The Engine ID is a unique 

alphanumeric string used to identify the SNMP engine on the switch. Its length 

ranges from 10 to 64 hexadecimal characters, which must be even number 

meanwhile. 

remote-id —— Remote Engine ID for the switch. The Engine ID is a unique 

alphanumeric string used to identify the SNMP engine on the remote device 

which receives traps and informs from the switch. Its length ranges from 10 to 

64 hexadecimal characters, which must be even number meanwhile. 

Command Mode 


Example 

Enable the SNMP function, and specify the Local Engine ID as 1234567890, the 

Remote Engine ID as 123456abcdef: 

TP-LINK(config)# snmp global status enable engine-id 1234567890 

remote-id 123456abcdef 

170

snmp view-add 


Description 

The snmp view-add command is used to add View. To delete the 

corresponding View, please use no snmp view-add command. The OID 

(Object Identifier) of the SNMP packets is used to describe the managed objects 

of the switch, and the MIB (Management Information Base) is the set of the 

OIDs. The SNMP View is created for the SNMP management station to manage 

MIB objects. 

Syntax 

snmp view-add {name} {mib-oid} {include | exclude} 

no snmp view-add {name} {mib-oid} 

Parameter 

name —— The entry name of View, ranging from 1 to 16 characters. Each 

View can include several entries with the same name. 

mib-oid —— MIB Object ID. It is the Object Identifier (OID) for the entry of View, 

ranging from 1 to 61 characters. 

include | exclude —— View Type, with include and exclude options. They 

represent the view entry can/cannot be managed by the SNMP management 

station individually. 

Command Mode 


Example 

Add a View named view1, configuring the OID as 1.3.6.1.6.3.20, and this OID 

can be managed by the SNMP management station: 

TP-LINK(config)# snmp view-add view1 1.3.6.1.6.3.20 include 

snmp group-add 

Description 

The snmp group-add command is used to manage and configure the SNMP 

group. To delete the corresponding SNMP group, please use no snmp 

group-add command. SNMP v3 provides the VACM (View-based Access 

Control Model) and USM (User-Based Security Model) mechanisms for 

authentication. The users in the SNMP Group can manage the device via the 

171


Read View, Write View and Notify View. And the authentication mode and the 

privacy mode guarantee the high security for the communication between the 

management station and the managed device. 

Syntax 

Parameter 

snmp group-add {name} [smode { v1 | v2c | v3 }] [slev { noAuthNoPriv | 

authNoPriv | authPriv }] [ro ro-view] [wo wo-view] [notify notify-view] 

no snmp group-add {name} {smode { v1 | v2c | v3 }} {slev { noAuthNoPriv | 

authNoPriv | authPriv }} 

name ——The SNMP Group name, ranging from 1 to 16 characters. The Group 

Name, Security Model and Security Level compose the identifier of the SNMP 

Group. These three items of the Users in one group should be the same. 

smode —— Security Model, with v1、v2c and v3 options. They represent 

SNMP v1, SNMP v2c and SNMP v3. SNMP v1 and SNMP v2c are both 

authenticated by Community Name (please refer snmp community-add for 

detailed information), SNMP v3 is authenticated by USM mechanism. By default, 

the Security Model is v1. 

slev —— The Security Level of SNMP v3 Group. There are three options, 

including noAuthNoPriv(no authorization and no encryption)、authNoPriv 

(authorization and no encryption)and authPriv(authorization and encryption). 

By default, the Security Level is noAuthNoPriv. There is no need to configure 

this in SNMP v1 Model and SNMP v2c Model. 

ro-view —— Read-only view. The management access is restricted to 

read-only, and changes cannot be made to the assigned SNMP View. 

wo-view —— Write-only view. The management access is writing only and 

changes can be made to the assigned SNMP View. The View defined both as 

the Read View and the Write View can be read and modified. 

notify-view —— Notify view. The management station software can receive 

trap messages of the assigned SNMP view generated by the Switch's SNMP 

agent. 

Command Mode 

Example 

Global Configuration mode 

Add group 1, configure its Security Model as SNMP v2c, view1 can be read and 

edited by group member, and the trap messages sent by view2 can be received 

by Management station: 

TP-LINK(config)# snmp group-add group1 smode v2c ro view1 wo view1 

notify view2 

172

snmp user-add 


Description 

The snmp user-add command is used to add User. To delete the 

corresponding User, please use no snmp user-add command. The User in a 

SNMP Group can manage the switch via the management station software. The 

User and its Group have the same security level and access right. 

Syntax 

snmp user-add {name} { local | remote } {group-name} [smode { v1 | v2c | v3 }] 

[slev { noAuthNoPriv | authNoPriv | authPriv }] [cmode { none | MD5 | SHA }] 

[cpwd confirm-pwd] [emode { none | DES }] [epwd encrypt-pwd] 

no snmp user-add {name} 

Parameter 

name —— User Name, ranging from 1 to 16 characters. 

local | remote —— User Type, with local and remote options. Local indicates 

that the user is connected to a local SNMP engine, while remote indicates that 

the user is connected to a remote SNMP engine. 

group-name —— The Group Name of the User. The User is classified to the 

corresponding Group according to its Group Name, Security Model and Security 

Level. 

smode —— The Security Model of the User, with v1, v2c and v3 options. By 

default, the option is v1. The Security Model of the User must be the same with 

that of the Group which the User belongs to. 


including noAuthNoPriv (no authorization and no encryption), authNoPriv 

(authorization and no encryption) and authPriv (authorization and encryption). 

By default, the option is noAuthNoPriv. The Security Level of the User must be 

the same with that of the Group which the User belongs to. 

cmode —— The Authentication Mode of the SNMP v3 User, with none, MD5 

and SHA options. None indicates no authentication method is used, MD5 

indicates the port authentication is performed via HMAC-MD5 algorithm and 

SHA indicates the port authentication is performed via SHA (Secure Hash 

Algorithm). SHA authentication mode has a higher security than MD5 mode. By 

default, the Authentication Mode is none. 

confirm-pwd —— Authentication Password, ranging from 1 to 16 characters. 

emode —— The Privacy Mode of the SNMP v3 User, with none and DES 

173


options. None indicates no privacy method is used, and DES indicates DES 

encryption method is used. By default, the Privacy Mode is none. 

encrypt-pwd —— Privacy Password, ranging from 1 to 16 characters. 

Command Mode 


Example 

Add User admin to Group group2, and configure the Security Model of the user 

as v3, the Security Level of the group as authPriv, the Authentication Mode of 

the user as MD5, the Authentication Password as 11111, the Privacy Mode as 

DES, and the Privacy Password as 22222: 

TP-LINK(config)# snmp user-add admin local group2 smode v3 slev authPriv 

cmode MD5 cpwd 11111 emode DES epwd 22222 

snmp community-add 

Description 

The snmp community-add command is used to add Community. To delete the 

corresponding Community, please use no snmp community-add command. 

SNMP v1 and SNMP v2c adopt community name authentication. The 

community name can limit access to the SNMP agent from SNMP network 

management station, functioning as a password. 

Syntax 

snmp community-add {name} { read-only | read-write } {mib-view} 

no snmp community-add {name} 

Parameter 

name —— Community Name, ranging from 1 to 16 characters. 

read-only | read-write —— The access rights of the community, with read-only 

and read-write options. 

mib-view —— The MIB View for the community to access. 

Command Mode 


Example 

Add Community community1, and the community has read-write management 

right to View view1: 

174


TP-LINK(config)# snmp community-add community1 read-write view1 

snmp notify-add 

Description 

The snmp notify-add command is used to add Notification. To delete the 

corresponding Notification, please use no snmp notify-add command. With the 

Notification function enabled, the switch can initiatively report to the 

management station about the important events that occur on the Views, which 

allows the management station to monitor and process the events in time. 

Syntax 

snmp notify-add {ip} {udp-port} {user-name} [smode { v1 | v2c | v3 }] [slev 

{ noAuthNoPriv | authNoPriv | authPriv }] [type { trap | inform }] [resend resend] 

[timeout timeout] 

no snmp notify-add {ip} {user-name} 

Parameter 

ip —— The IP Address of the management Host. 

udp-port —— UDP port, which is used to send notifications. The UDP port 

functions with the IP address for the notification sending. By default, it is 162. 

user-name —— The User name of the management station. 

smode —— The Security Model of the management station, with v1, v2c and 

v3 options. By default, the option is v1. 


including noAuthNoPriv (no authorization and no encryption), authNoPriv 

(authorization and no encryption) and authPriv (authorization and encryption). 

By default, the option is noAuthNoPriv. 

type —— The type of the notifications, with trap and inform options. Trap 

indicates traps are sent, while inform indicates informs are sent. The inform type 

has a higher security than the trap type and resend and timeout need to be 

configured if you select this option. You can only select the trap type in Security 

Model v1. By default, the type of the notifications is trap. 

resend —— The amount of times the switch resends an inform request, 

ranging from 1 to 255. The switch will resend the inform request if it doesn’t get 

the response from the management station during the Timeout interval, and it 

will terminate resending the inform request if the resending times reach the 

specified Retry times. 

175


timeout —— The maximum time for the switch to wait for the response from 

the management station before resending a request, ranging from 1 to 3600 in 

seconds. 

Command Mode 


Example 

Add a Notification entry, and configure the IP Address of the management Host 

as 192.168.0.1, the UDP port as 162, the User name of the management station 

as admin, the Security Model of the management station as v2c, the type of the 

notifications as inform, the maximum time for the switch to wait as 1000 

seconds, and the resending time as 100: 

TP-LINK(config)# snmp notify-add 192.168.0.1 162 admin smode v2c type 

inform resend 100 timeout 1000 

snmp-rmon history sample-cfg 

Description 

The snmp-rmon history sample-cfg command is used to configure the history 

sample entry. To return to the default configuration, please use no snmp-rmon 

history sample-cfg command. RMON (Remote Monitoring), basing on SNMP 

architecture, functions to monitor the network. History Group is one of the 

commonly used RMON Groups. After a history group is configured, the switch 

collects network statistics information periodically, based on which the 

management station can monitor network effectively. 

Syntax 

snmp-rmon history sample-cfg {index} {port} {interval} 

no snmp-rmon history sample-cfg {index} 

Parameter 

index —— The index number of the entry, ranging from 1 to 12, in the format of 

1-3,5. 

port —— The port from which the history samples were taken. 

interval —— The interval to take samplings from the port, ranging from 10 to 

3600 in seconds. By default, it is 1800. 

Command Mode 


176


Example 

Configure the sample port as 1, and the sample interval as 100 seconds for the 

entries 1-3: 

TP-LINK(config)# snmp-rmon history sample-cfg 1-3 1 100 

snmp-rmon history owner 

Description 

The snmp-rmon history owner command is used to configure the owner of the 

history sample entry. To return to the default configuration, please use no 

snmp-rmon history owner command. 

Syntax 

snmp-rmon history owner {index} [owner] 

no snmp-rmon history owner {index} 

Parameter 

index —— The index number of the sample entry, ranging from 1 to 12. You 

can only select one entry for each command. 

owner —— The owner of the history sample entry, ranging from 1 to 16 

characters. By default, it is monitor. 

Command Mode 


Example 

Configure the owner of entry 1 as owner1: 

TP-LINK(config)# snmp-rmon history owner 1 owner1 

snmp-rmon history enable 

Description 

The snmp-rmon history enable command is used to enable the history sample 

entry. To disable the corresponding entry, please use no snmp-rmon history 

enable command. 

Syntax 

snmp-rmon history enable {index} 

no snmp-rmon history enable {index} 

177


Parameter 

index —— The index number of the entry desired to enable, ranging from 1 to 

12, in the format of 1-3,5. 

Command Mode 


Example 

Enable the history sample entries 1,2,3,4 and 8: 

TP-LINK(config)# snmp-rmon history enable 1-4,8 

snmp-rmon event user 

Description 

The snmp-rmon event user command is used to configure the user name of 

SNMP-RMON Event. To return to the default configuration, please use no 

snmp-rmon event user command. Event Group, as one of the commonly used 

RMON Groups, is used to define RMON events. Alarms occur when an event is 

detected. 

Syntax 

snmp-rmon event user {index} [user] 

no snmp-rmon event user {index} 

Parameter 

index —— The index number of the event entry, ranging from 1 to 12. You can 

only select one entry for each command. 

user —— The name of the User to which the event belongs, ranging from 1 to 

16 characters. By default, it is public. 

Command Mode 


Example 

Configure the user name of entry 1 as user1: 

TP-LINK(config)# snmp-rmon event user 1 user1 

snmp-rmon event description 

Description 

178


The snmp-rmon event description command is used to configure the 

description of SNMP-RMON Event. To return to the default configuration, please 

use no snmp-rmon event description command. 

Syntax 

snmp-rmon event description {index} {description} 

no snmp-rmon event description {index} 

Parameter 



description —— The description of the event, ranging from 1 to 16 characters. 

By default, it is empty. 

Command Mode 


Example 

Configure the description of entry 1 as description1: 

TP-LINK(config)# snmp-rmon event description 1 description1 

snmp-rmon event type 

Description 

The snmp-rmon event type command is used to configure the type of 


snmp-rmon event type command. 

Syntax 

snmp-rmon event type {index} { none | log | notify | both } 

no snmp-rmon event type {index} 

Parameter 

index —— The index number of the entry, ranging from 1 to 12, in the format of 

1-3,5. 

none | log | notify | both —— The event type, with none, log, notify and both 

options. None indicates no processing, log indicates logging the event, notify 

indicates sending trap messages to the management station, and both indicates 

logging the event and sending trap messages to the management station. 

Command Mode 


179


Example 

Configure the event type of entries 1,2,3,4 and 8 as log: 

TP-LINK(config)# snmp-rmon event type 1-4,8 log 

snmp-rmon event owner 

Description 

The snmp-rmon event owner command is used to configure the owner of 


snmp-rmon event owner command. 

Syntax 

snmp-rmon event owner {index} [owner] 

no snmp-rmon event owner {index} 

Parameter 



owner —— The owner of the event entry, ranging from 1 to 16 characters. By 

default, it is monitor. 

Command Mode 


Example 


TP-LINK(config)# snmp-rmon event owner 1 owner1 

snmp-rmon event enable 

Description 

The snmp-rmon event enable command is used to enable SNMP-RMON 

Event entry. To disable the corresponding entry, please use no snmp-rmon 

event enable command. 

Syntax 

snmp-rmon event enable {index} 

no snmp-rmon event enable {index} 

Parameter 

180




Command Mode 


Example 

Enable the SNMP-RMON Event entries 1,2,3,4 and 8: 

TP-LINK(config)# snmp-rmon event enable 1-4,8 

snmp-rmon alarm config 

Description 

The snmp-rmon alarm config command is used to configure SNMP-RMON 

Alarm Management. To return to the default configuration, please use no 

snmp-rmon alarm config command. Alarm Group is one of the commonly 

used RMON Groups. RMON alarm management allows monitoring the specific 

alarm variables. When the value of a monitored variable exceeds the threshold, 

an alarm event is generated, which triggers the switch to act in the set way. 

Syntax 

snmp-rmon alarm config {index} [var { drop | revbyte | revpkt | bpkt | mpkt | 

crc-align | undersize | oversize | fragment | jabber | collision | 64 | 65-127 | 

128-255 | 256-511 | 512-1023 | 1024-10240 }] [port port] [s-type { absolute | 

increment }] [r-hold r-hold] [r-event r-event] [f-hold f-hold] [f-event f-event] 

[a-type { rise | fall | all }] [interval interval] 

no snmp-rmon alarm config {index} 

Parameter 

index —— The index number of the Alarm Management entry, ranging from 1 

to 12, in the format of 1-3,5. 

var —— The alarm variable. By default, the option is drop. 

port —— The port on which the Alarm entry acts. 

s-type —— Sample Type, which is the sampling method for the selected 

variable and comparing the value against the thresholds. There are two options, 

absolute and increment. Absolute indicates comparing the values directly with 

the thresholds at the end of the sampling interval. Increment indicates 

subtracting the last sampled value from the current value, and then comparing 

the difference in the values with the threshold. By default, the Sample Type is 

181


absolute. 

r-hold —— The rising counter value that triggers the rising threshold alarm, 

ranging from 1 to 65535. By default, it is 100. 

r-event —— Rise Event, which is the index of the corresponding event which 

will be triggered if the sampled value is larger than the Rising Threshold. It 

ranges from 1 to 12. 

f-hold —— The falling counter value that triggers the falling threshold alarm, 

ranging from 1 to 65535. By default, it is 100. 

f-event —— Fall Event, which is the index of the corresponding event which 

will be triggered if the sampled value is lower than the Falling Threshold. It 

ranges from 1 to 12. 

a-type —— Alarm Type, with rise, fall and all options. Rise indicates that the 

alarm event will be triggered when the sampled value exceeds the Rising 

Threshold, fall indicates that the alarm event will be triggered when the sampled 

value is under the Falling Threshold, and all indicates that the alarm event will 

be triggered either the sampled value exceeds the Rising Threshold or is under 

the Falling Threshold. By default, the Alarm Type is all. 

interval —— The alarm interval time, ranging from 10 to 3600 in seconds. By 


Command Mode 


Example 

Configure the alarm interval time of the entries 1,2,3 and 6 as 1000 seconds: 

TP-LINK(config)# snmp-rmon alarm config 1-3,6 interval 1000 

snmp-rmon alarm owner 

Description 

The snmp-rmon alarm owner command is used to configure the owner of the 

Alarm Management entry. To return to the default configuration, please use no 

snmp-rmon alarm owner command. 

Syntax 

snmp-rmon alarm owner {index} [owner] 

no snmp-rmon alarm owner {index} 

Parameter 

182


index —— The index number of the entry, ranging from 1 to 12. You can only 

select one entry for each command. 

owner —— The owner of the entry, ranging from 1 to 16 characters. By default, 

it is monitor. 

Command Mode 


Example 


TP-LINK(config)# snmp-rmon alarm owner 1 owner1 

snmp-rmon alarm enable 

Description 

The snmp-rmon alarm enable command is used to enable SNMP-RMON 

Alarm Management entry. To disable the corresponding entry, please use no 

snmp-rmon alarm enable command. 

Syntax 

snmp-rmon alarm enable {index} 

no snmp-rmon alarm enable {index} 

Parameter 



Command Mode 


Example 

Enable the Alarm Management entries 1,2,3,4 and 8: 

TP-LINK(config)# snmp-rmon alarm enable 1-4,8 

show snmp global-config 

Description 

The show snmp global-config command is used to display SNMP 

configuration globally. 

Syntax 

183


show snmp global-config 

Command Mode 


Example 

Display SNMP configuration globally: 

TP-LINK> show snmp global-config 

show snmp view 

Description 

The show snmp view command is used to display the View table. 

Syntax 

show snmp view 

Command Mode 


Example 

Display the View table: 

TP-LINK> show snmp view 

show snmp group 

Description 

The show snmp group command is used to display the Group table. 

Syntax 

show snmp group 

Command Mode 


Example 

Display the Group table: 

TP-LINK> show snmp group 

show snmp user 

Description 

184


The show snmp user command is used to display the User table. 

Syntax 

show snmp user 

Command Mode 


Example 

Display the User table: 

TP-LINK> show snmp user 

show snmp community 

Description 

The show snmp community command is used to display the Community table. 

Syntax 

show snmp community 

Command Mode 


Example 

Display the Community table: 

TP-LINK> show snmp community 

show snmp destination-host 

Description 

The show snmp destination-host command is used to display the Notification 

table. 

Syntax 

show snmp destination-host 

Command Mode 


Example 

Display the Notification table: 

TP-LINK> show snmp destination-host 

185

show snmp-rmon history 


Description 

The show snmp-rmon history command is used to display the configuration of 

the history sample entry. 

Syntax 

show snmp-rmon history [index] 

Parameter 

index —— The index number of the entry selected to display the configuration, 

ranging from 1 to 12. You can only select one entry for each command. By 

default, the configuration of all entries is displayed. 

Command Mode 


Example 

Display the configuration of all history sample entries: 

TP-LINK> show snmp-rmon history 

show snmp-rmon event 

Description 

The show snmp-rmon event command is used to display the configuration of 

SNMP-RMON Event. 

Syntax 

show snmp-rmon event [index] 

Parameter 




Command Mode 


Example 

Display the Event configuration of entry 2: 

TP-LINK> show snmp-rmon event 2 

186

show snmp-rmon alarm 


Description 

The show snmp-rmon alarm command is used to display the configuration of 

the Alarm Management entry. 

Syntax 

show snmp-rmon alarm [index] 

Parameter 




Command Mode 


Example 

Display the configuration of all Alarm Management entries: 

TP-LINK> show snmp-rmon alarm 

187


Chapter 28 Cluster Commands 

Cluster Management function enables a network administrator to manage the scattered devices in 

the network via a management device. After a commander switch is configured, management and 

maintenance operations intended for the member devices in a cluster is implemented by the 

commander device. 

cluster ndp 

Description 

The cluster ndp command is used to configure NDP globally. To return to the 

default configuration, please use no cluster ndp command. NDP (Neighbor 

Discovery Protocol) is used to discover the information of the directly connected 

neighbor devices to support cluster establishing. An NDP-enabled device sends 

NDP packets regularly to neighbor devices as well as receives NDP packets 

from neighbor devices. An NDP packet carries the aging time, which indicates 

the period of the receiving devices to keep the NDP packet. 

Syntax 

cluster ndp [status { disable | enable }] [aging-timer aging-timer] [hello-timer 

hello-timer] 

no cluster ndp 

Parameter 

status —— Enable/ Disable NDP function globally. By default, it is disabled. 

aging-timer —— Aging Time, which is the period for the neighbor switch to 

keep the NDP packets from this switch. Aging Time ranges from 5 to 255 in 


hello-timer —— Hello Time, which is the interval to send NDP packets. Hello 

Time ranges from 5 to 254 in seconds. By default, it is 60. 

Command Mode 


Example 

Enable NDP function globally, and configure Aging Time as 120 seconds, Hello 

Time as 50 seconds: 

TP-LINK(config)# cluster ndp status enable aging-timer 120 hello-timer 50 

188


cluster ntdp 

Description 

The cluster ntdp command is used to configure NTDP globally. To return to the 

default configuration, please use no cluster ntdp command. NTDP (Neighbor 

Topology Discovery Protocol) is used to collect the NDP information and 

neighboring connection information of each device in a specific network range. 

It provides the commander switch with the information of devices which can join 

the cluster and collects topology information of devices within the specified 

hops. 

Syntax 

cluster ntdp [status { disable | enable }] [interval interval] [hop hop] 

[hop-delay hop-delay] [port-delay port-delay] 

no cluster ntdp 

Parameter 

status —— Enable/ Disable NTDP function globally. By default, it is disabled. 

interval —— NTDP Interval Time, which is the interval to collect topology 

information. NTDP Interval Time ranges from 1 to 60 in minutes. By default, it is 

1. 

hop —— NTDP Hops, which is the hop count the switch topology collects. 

NTDP Hops ranges from 1 to 16. By default, it is 3. 

hop-delay —— NTDP Hop Delay, which is the time between the switch 

receiving NTDP request packets and the switch forwarding NTDP request 

packets for the first time. NTDP Hop Delay ranges from 1 to 1000 in 

milliseconds. By default, it is 200. 

port-delay —— NTDP Port Delay, which is the time between the port 

forwarding NTDP request packets and its adjacent port forwarding NTDP 

request packets over. NTDP Port Delay ranges from 1 to 100 in milliseconds. By 


Command Mode 


Example 

Enable NTDP function globally, and specify NTDP Interval Time as 20 minutes, 

NTDP Hops as 5, NTDP Hop Delay as 300 milliseconds, and NTDP Port Delay 

as 50 milliseconds: 

189


TP-LINK(config)# cluster ntdp status enable interval 20 hop 5 hop-delay 

300 port-delay 50 

cluster explore 

Description 

The cluster explore command is used to enable the topology information 

collecting function manually. 

Syntax 

cluster explore 

Command Mode 


Example 

Enable the topology information collecting function manually: 

TP-LINK(config)# cluster explore 

cluster 

Description 

The cluster command is used to configure Cluster Port. To disable the cluster 

function for the port, please use no cluster command. 

Syntax 

cluster [ndp { disable | enable }] [ntdp { disable | enable }] 

no cluster 

Parameter 

ndp —— Enable/ Disable NDP function for the port. By default, it is enabled. 

ntdp —— Enable/ Disable NTDP function for the port. By default, it is enabled. 

Command Mode 


Example 

Enable NDP and NTDP function for port 5: 


TP-LINK(config-if)# cluster ndp enable ntdp enable 

190

cluster manage role-change 


Description 

The cluster manage role-change command is used to change the role of the 

current switch. According to their status and functions, switches in the cluster 

play different roles. You can specify the role the switch plays appropriate to your 

needs. A commander switch can recognize and manage the devices in the 

cluster; a member switch is managed by the commander; a candidate switch 

does not belong to any cluster through it can be added to a cluster; an individual 

switch is with the cluster feature disabled. 

Syntax 

cluster manage role-change { candidate | individual } 

Parameter 

candidate | individual —— The role you want the switch to play, with candidate 

and individual options. The role of the switch you can change to is related with 

the current role. The conversion among Candidate Switch and Individual Switch 

is: Candidate Switch Individual Switch. 

Command Mode 


Example 

Change the role of the current switch to Candidate Switch: 

TP-LINK(config)# cluster manage role-change candidate 

show cluster ndp global 

Description 

The show cluster ndp global command is used to display the global 

configuration of NDP. 

Syntax 

show cluster ndp global 

Command Mode 


Example 

Display the global configuration of NDP: 

TP-LINK> show cluster ndp global 

191


show cluster ndp port-status 

Description 

The show cluster ndp port-status command is used to display NDP 

configuration of the certain port. 

Syntax 

show cluster ndp port-status [port] 

Parameter 

port —— The port selected to display the configuration of NDP. By default, the 


Command Mode 


Example 

Display the NDP configuration of port 2: 

TP-LINK> show cluster ndp port-status 2 

show cluster neighbour 

Description 

The show cluster neighbour command is used to display the cluster neighbor 

information. 

Syntax 

show cluster neighbour 

Command Mode 


Example 

Display the cluster neighbor information: 

TP-LINK> show cluster neighbour 

show cluster ntdp global 

Description 

The show cluster ntdp global command is used to display the global 

configuration of NTDP. 

192


Syntax 

show cluster ntdp global 

Command Mode 


Example 

Display the global configuration of NTDP: 

TP-LINK> show cluster ntdp global 

show cluster ntdp port-status 

Description 

The show cluster ntdp port-status command is used to display NTDP 

configuration of the certain port. 

Syntax 

show cluster ntdp port-status [port] 

Parameter 

port —— The port selected to display the configuration of NTDP. By default, 

the configuration of all ports is displayed. 

Command Mode 


Example 

Display the NTDP configuration of port 2: 

TP-LINK> show cluster ntdp port-status 2 

show cluster ntdp device 

Description 

The show cluster ntdp device command is used to display the device table of 

NTDP. 

Syntax 

show cluster ntdp device 

Command Mode 


Example 

193


Display the device table of NTDP: 

TP-LINK> show cluster ntdp device 

show cluster manage role 

Description 

The show cluster manage role command is used to display the role of the 

current switch. 

Syntax 

show cluster manage role 

Command Mode 


Example 

Display the role of the current switch: 

TP-LINK(config)# show cluster manage role 

194

CLI Guide - TP-Link

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?