TP-Link TL-SG3216 TL-SG3216 V1 CLI Reference Guide

TP-Link TL-SG3216 Manual

Get TP-Link TL-SG3216 PDF manuals and user guides View all TP-Link TL-SG3216 manuals
Add to My Manuals
Save this manual to your list of manuals

TP-Link TL-SG3216 manual content summary:

  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 1
    TL-SG3216/TL-SG3424 JetStream L2 Lite Managed Switch Rev: 1.0.2 1910010511
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 2
    COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 3
    CONTENTS Preface ...1 Chapter 1 Using the CLI 4 1.1 Accessing the CLI ...4 1.1.1 Logon by a console port 4 1.1.2 Logon by Telnet ...6 1.2 CLI Command Modes ...8 1.3 Security Levels ...10 1.4 Conventions ...11 1.4.1 Format Conventions 11 1.4.2 Special Characters 11 1.4.3 Parameter Format 11
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 4
    ...32 show gvrp interface ...33 Chapter 8 LAG Commands 34 interface link-aggregation ...34 interface range link-aggregation 34 link-aggregation ...35 link-aggregation hash-algorithm 36 description ...36 show interfaces link-aggregation 37 Chapter 9 LACP Commands 38 lacp ...38 lacp (interface
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 5
    status ...43 user modify type ...44 user modify password...44 user access-control disable 45 user access-control ip-based 45 user access-control mac-based 46 user access-control port-based 46 user max-number ...47 user idle-timeout ...47 show user account-list ...48 show user configuration
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 6
    detection interface 63 show arp detection statistic 63 show arp detection statistic reset 64 Chapter 13 DoS Defend Command 65 dos-prevent ...65 dos- port-control ...71 dot1x port-method ...72 radius authentication primary-ip 73 radius authentication secondary-ip 73 radius authentication port
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 7
    89 ssl download key ...90 show ssl...90 Chapter 18 Address Commands 92 bridge address port-security 92 bridge address static ...93 bridge aging-time...93 bridge address filtering ...94 show bridge port-security ...95 show bridge address ...95 show bridge aging-time ...96 Chapter 19 System Commands
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 8
    manual ...98 ip address...98 ip dhcp-alloc ...99 ip bootp-alloc ...99 reset ...100 reboot ...100 user-config backup ...101 user-config load...101 user-config save ...102 firmware control disable ul-rate 111 port rate-limit ...111 port rate-limit disable ingress 112 port rate-limit disable egress
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 9
    policy policy-add ...129 acl policy action-add ...130 acl bind to-port...131 acl bind to-vlan ...131 show acl time-segment...132 show acl holiday ...132 show acl config...133 show acl bind...133 Chapter 24 MSTP Commands 134 spanning-tree global ...134 spanning-tree common-config 135
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 10
    -config 152 show igmp-snooping vlan-config 153 show igmp-snooping multi-vlan 153 show igmp-snooping multi-ip-list 153 show igmp-snooping filter-ip-addr 154 show igmp-snooping port-filter 154 show igmp-snooping packet-stat 155 show igmp-snooping packet-stat-clear 155 Chapter 26 SNMP Commands
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 11
    175 cluster explore ...176 cluster ...176 cluster manage role-change 177 show cluster ndp global ...177 show cluster ndp port-status 178 show cluster neighbour...178 show cluster ntdp global ...178 show cluster ntdp port-status 179 show cluster ntdp device ...179 show cluster manage role...180 X
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 12
    in this Guide stands for TL-SG3216/TL-SG3424 JetStream L2 Lite Managed Switch. Overview of this Guide Chapter 1: the commands used for configuring LACP (Link Aggregation Control Protocol). Chapter 10: User used for binding the IP address, MAC address, VLAN and the connected Port number of the Host together
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 13
    used for configuring the System information and System IP, reboot and reset the switch, upgrade the switch system and other operations. Chapter 20: Port Mirror function. Chapter 23: ACL Commands Provide information about the commands used for configuring the ACL (Access Control List). Chapter 24:
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 14
    Provide information about the commands used for configuring the SNMP (Simple Network Management Protocol) functions. Chapter 27 Cluster Commands Provide information about the commands used for configuring the Cluster Management function. 3
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 15
    two methods: 1. Log on to the switch by the console port on the switch. 2. Log on to the switch remotely by a Telnet or SSH connection through an Ethernet port. 1.1.1 Logon by a console port To log on to the switch by the console port on the switch, please take the following steps: 1. Connect
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 16
    Figure 1-2 Connection Description 4. Select the port to connect in figure 1-3, and click OK. Figure 1-3 Select the port to connect 5. Configure the port selected in the step above as the following figure1-4 shown. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1,
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 17
    1-4 Port Settings 6. Type the User name and Password in the Hyper Terminal window, the factory default value for both of them is admin. The DOS prompt" TP-LINK>" will appear after pressing the Enter button as figure1-5 shown. It indicates that you can use the CLI now. Figure 1-5 Log in the Switch
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 18
    Figure 1-6 Open the Run window 3. Type cmd in the prompt Run window as figure 1-7 and click OK. Figure 1-7 Run Window 4. Type telnet 192.168.0.1 in the command prompt shown as figure1-8, and press the Enter button. Figure 1-8 Connecting to the Switch 7
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 19
    the factory default value for both of them is admin) and press the Enter button, then you can use the CLI now, which is shown as figure1-9. Figure 1-9 Log in the Switch 1.2 Mode can also be divided into Interface Ethernet, Interface link-aggregation and some other modes, which is shown as
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 20
    . Privileged EXEC Mode Use the enable command to enter this mode from User EXEC mode. TP-LINK# Use the exit command to disconnect the switch (except that the switch is connected through the Console port). Enter the disable command to return to User EXEC mode. Enter configure command to access
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 21
    ports. c). Interface link-aggregation: Configure parameters for a link-aggregation, such as broadcast storm. d). Interface range link- Mode. Users get the privilege to the User level once connecting console port with the switch or logging in by Telnet. However, Guest users are restricted to
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 22
    Conventions 1.4.1 Format Conventions The following conventions are used in this Guide: ¾ Items in square brackets [ ] are optional ¾ Items xx:xx:xx:xx ¾ One or several values can be typed for a port-list or a vlan-list using comma to separate. Use a hyphen to designate a range of values
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 23
    , which contains 16 characters at most, composing digits, English letters and underdashes only. By default, it is empty. Command Mode Global Configuration Mode Example Set the super password as admin to access Privileged EXEC Mode from User EXEC Mode: TP-LINK(config)# enable password admin 12
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 24
    Mode from Privileged EXEC Mode. Syntax configure Command Mode Privileged EXEC Mode Example Access Global Configuration Mode from Privileged EXEC Mode: TP-LINK# configure TP-LINK(config)# exit Description The exit command is used to return to the previous Mode from the current Mode. Syntax exit 13
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 25
    Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode,and then return to Privileged EXEC Mode: TP-LINK(config-if)# exit TP-LINK(config)#exit TP-LINK# end Description The end command is used to return to Privileged EXEC Mode. Syntax end Command Mode Any
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 26
    (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logical LANs flexibly. Hosts Mode Global Configuration Mode Example Access VLAN Configuration Mode: TP-LINK(config)# vlan database TP-LINK(config-vlan)# vlan Description The vlan command is used
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 27
    vlan vlan-id Parameter vlan-id --VLAN ID,ranging from 1 to 4094. Command Mode Global Configuration Mode Example Configure the VLAN2: TP-LINK(config)# interface vlan 2 description Description The description command is used to assign a description string to a VLAN. To clear the description, please
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 28
    Command Mode Interface Configuration Mode ( interface ethernet / interface range ethernet ) Example Specify the Link Type of port 5 as general: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)#switchport type general switchport allowed vlan Description The switchport allowed vlan command is
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 29
    PVID for the switch ports. Syntax switchport pvid vlan-id Parameter vlan-id -- VLAN ID, ranging from 1 to 4094. Command Mode Interface Configuration Mode (interface ethernet / interface range ethernet ) Example Specify the PVID of port 2 as 2: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 30
    . Syntax show interface switchport [port-num] Parameter port-num -- The port number. By default, display the VLAN configuration information of all ports. Command Mode Any Configuration Mode Example Display the VLAN configuration information of all ports: TP-LINK(config)# show interface switchport 19
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 31
    -addr -- MAC address. description --Give a description to the MAC address for identification.By default , it is empty. Command Mode Global Configuration Mode Example Create VLAN 2 named "RD",and the MAC address is 00:00:00:00:00:01: TP-LINK(config)# mac-vlan add 2 00:00:00:00:00:01 RD mac-vlan
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 32
    -Based VLAN entry with the MAC address of 00:00:00:00:00:02: TP-LINK(config)# mac-vlan remove 00:00:00:00:00:02 mac-vlan modify Description of the MAC VLAN entry with the MAC address of 00:00:00:00:00:02 as 12: TP-LINK(config)# mac-vlan modify 12 00:00:00:00:00:02 show mac-vlan Description The show
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 33
    arp" whose Frame-type is ethernet2, Ethernet protocol type is 0806. Delete the Protocol template whose number is 2: TP-LINK(config)# protocol-vlan template add arp 0806 ethernet2 TP-LINK(config)# protocol-vlan template remove 2 protocol-vlan vlan Description The protocol-vlan vlan command is used to
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 34
    number by the show protocol-vlan vlan command. member-list -- The port numbers needed to be added in the vlan. Command Mode Global Configuration the Protocol VLAN entry whose number is 1: TP-LINK(config)# protocol-vlan vlan 2 template 1 4-6,8 TP-LINK(config)# no protocol-vlan vlan 1 show protocol
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 35
    show protocol-vlan vlan Command Mode Any Configuration Mode Example Display information of the protocol-vlan entry: TP-LINK(config)# show protocol-vlan vlan 24
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 36
    data stream. By configuring Voice VLANs and adding the ports with voice devices attached to voice VLANs, you can perform TP-LINK(config)# voice-vlan enable 2 voice-vlan aging-time Description The voice-vlan aging-time command is used to set the aging time for a voice VLAN. To restore to the default
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 37
    ) to be set for the Voice VLAN. It ranges from 1 to 43200 and the default value is 1440. Command Mode Global Configuration Mode Example Set the aging time for the Voice VLAN as 2880 minutes: TP-LINK(config)# voice-vlan aging-time 2880 voice-vlan priority Description The voice-vlan priority command
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 38
    -vlan mode { manual | auto } Parameter manual / auto -- Port mode. Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Configure Ethernet port 2 to operate in the manual voice VLAN mode: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 39
    Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable Ethernet port 2 for the Voice VLAN security mode: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# switchport voice-vlan security enable show voice-vlan global Description The show voice
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 40
    -vlan switchport [port] Parameter port -- Ethernet port. By default, it will display the configuration information of all the ports in the Voice VLAN. Command Mode Any Configuration Mode Example Display the configuration information of all the ports in the Voice VLAN: TP-LINK(config)# show voice
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 41
    propagate the local VLAN registration information to other switches, without having to individually configure each VLAN. TP-LINK(config)# gvrp gvrp (interface) Description The gvrp(interface) command is used to enable the GVRP function for the desired port.To disable the GVRP function of this port
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 42
    the GVRP registration mode on the port 2-6 to fixed: TP-LINK(config)# interface range ethernet 2-6 TP-LINK(config-if)# gvrp registration fixed gvrp timer Description The gvrp timer command is used to set a GVRP timer for the desired port. To restore to the default setting of a GARP timer, please use
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 43
    Join message. Once the Leave Timer is set, the GARP port receiving a Leave message will start its Leave timer, and port 6 to 2000 centiseconds and restore to the join timer of it to the default value: TP-LINK(config)# interface ethernet 6 TP-LINK(config-if)# gvrp timer leaveall 2000 TP-LINK
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 44
    interface [ethernet port-num] Parameter port-num --The Ethernet port number. By default, the GVRP configuration information of all the Ethernet ports isdisplayed. Command Mode Any Configuration Mode Example Display the GVRP configuration information of all the Ethernet ports: TP-LINK(config)# show
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 45
    -aggregation Mode and configure the aggregation group 1: TP-LINK(config)# interface link-aggregation 1 TP-LINK(config-if)# interface range link-aggregation Description The interface range link-aggregation command is used to access the Interface range Link-aggregation Mode, and you can configure some
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 46
    configure the aggregation group 1,4-6: TP-LINK(config)# interface range link-aggregation 1,4-6 TP-LINK(config-if)# link-aggregation Description The link-aggregation command is used to add the current Ethernet port to a aggregation group. To remove the current Ethernet port from the aggregation group
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 47
    and destination MAC addresses. src_dst_ip --The source and destination IP addresses. Command Mode Global Configuration Mode Example Configure the Aggregate Arithmetic for LAG as src_dst_mac: TP-LINK(config)# link-aggregation hash-algorithm src_dst_mac description Description The description command
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 48
    group-num --The LAG number,ranging from1 to 14. By default, the GVRP configuration information of all the Ethernet ports is displayed. Command Mode Any Configuration Mode Example Display the GVRP configuration information of all the Ethernet ports: TP-LINK(config)#show interface link-aggregation 37
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 49
    link aggregation and disaggregation by exchanging LACP packets with its partner. The switch can dynamically group similarly configured ports into a single logical link TP-LINK(config)# lacp lacp (interface) Description The lacp(interface) command is used to to enable LACP protocol on the current port
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 50
    ) Example Configure the admin key of port 1 as 1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp admin-key 1024 lacp system-priority Description The lacp system-priority command is used to set the system priority for a port. To restore to the default priority, please use no lacp
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 51
    Set the system priority of port 1 to1024: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# lacp system-priority 1024 lacp port-priority Description The lacp port-priority command is used to to set the priority of the current port. To restore to the default priority, please use no lacp
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 52
    show lacp interface [ethernet port-num] Parameter port-num -- The Ethernet port number. By default, display the configuration information of all the Ethernet ports. Command Mode Any Configuration Mode Example Display the configuration information of all the Ethernet ports: TP-LINK(config)# show lacp
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 53
    management page with a certain access level so as to protect the settings of the switch from being randomly changed. user add Description The user add command is used to which the password is password: TP-LINK(config)#user add tplink password password confirm-password password admin enable 42
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 54
    Syntax user remove user-name Parameter user-name -- An existing user name. Command Mode Global Configuration Mode Example Delete the user named tplink: TP-LINK(config)# user remove tplink user modify status Description The user modify status command is used to modify the status of the existing user
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 55
    | admin -- Access level. Guest: limited user; admin: manager. Command Mode Global Configuration Mode Example Change the access level of tplink to admin: TP-LINK(config)# user modify type tplink admin user modify password Description The user modify password command is used to modify the password for
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 56
    disable Command Mode Global Configuration Mode Example Cancel the user access-control: TP-LINK(config)# user access-control disable user access-control ip-based Description The user access-control ip-based command is used to limit the IP-range of the users for login. Only the current host and the
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 57
    TP-LINK(config)# 255.255.255.0 user access-control ip-based 192.168.0.148 user access-control 00:01: TP-LINK(config)# user access-control mac-based 00:00:13:0A:00:01 user access-control port-based Description The user access-control port-based command is used to to limit the ports for login.
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 58
    access-control of the ports 2, port4, port5, port6,and port10: TP-LINK(config)# user access-control port-based 2,4-6,10 user TP-LINK(config)# user max-num 5 3 user idle-timeout Description The user idle-timeout command is used to configure the timeout time of the switch. To restore to the default
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 59
    -timeout Parameter minute --The timeout time, ranging from 5 to 30 in minites. By default, the value is 10. Command Mode Global Configuration Mode Example Configure the timeout time of the switch as 15 minites: TP-LINK(config)# user idle-timeout 15 show user account-list Description The show user
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 60
    Command Mode Any Configuration Mode Example Display the security configuration information of the users: TP-LINK(config)# show user configuration 49
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 61
    . Command Mode Global Configuration Mode Example Bind an ACL entry with the IP is 192.168.0.1, MAC is 00:00:00:00:00:01, VLAN ID is 2 and the Port number is 5 manually. Andthen enable the entry for the ARP detection.: TP-LINK(config)# binding-table user-bind host1 192.168.0.1 00:00:00:00
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 62
    Mode Global Configuration Mode Example Delete the IP-MAC -VID-PORT entry with the indexr 5: TP-LINK(config)# binding-table remove index 5 dhcp-snooping Description The dhcp-snooping command is used to enable the DHCP-snooping function for the switch. To disable the DHCP-snooping function, please
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 63
    for the specific port.The options are 0/5/10/15/20/25/30 (packet/second).By default, it is 0 default, it is 5. Command Mode Global Configuration Mode Example Configure the Global Flow Control as 30pps, the Decline Threshold as 20 pps, Decline Flow Control as 20 pps for DHCP Snooping TP-LINK
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 64
    Example Enable the Option 82 function of DHCP Snooping: TP-LINK(config)# dhcp-snooping information enable dhcp-snooping information strategy of the packets. It is the default option. replace --Indicates to replace the Option 82 field of the packets with the switch defined one. drop --Indicates to
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 65
    Option 82 field of the packets with the switch defined one and then send out: TP-LINK(config)# dhcp-snooping information strategy replace dhcp- Configuration Mode Example Permit users to define the Option 82: TP-LINK(config)# dhcp-snooping information user-defined dhcp-snooping information remote-
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 66
    ID for the customized Option 82 as tplink: TP-LINK(config)# dhcp-snooping information circuit-id tplink dhcp-snooping trusted Description The dhcp-snooping trusted command is used to configure a port to be a Trusted Port. Only the Trusted Port can receive the DHCP packets from DHCP servers.To
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 67
    Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable the MAC Verify feature for the port 2: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dhcp-snooping mac-verify dhcp-snooping rate-limit Description The dhcp-snooping rate-limit command is
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 68
    default value is 0, which stands for disable. Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Set the Flow Control of port 2 as 20 pps: TP-LINK(config)# interface ethernet 2 TP-LINK of port 2: TP-LINK(config)# interface ethernet 2 TP-LINK(config-
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 69
    Mode Any Configuration Mode Example Display the IP-MAC-VID-PORT binding table: TP-LINK(config)# show binding-table show dhcp- Any Configuration Mode Example Display the configuration of DHCP Snooping globally: TP-LINK(config)# show dhcp-snooping global show dhcp-snooping information Description The
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 70
    show dhcp snooping interface [ethernet port-num] Parameter port-num --The number of the switch port. By default, it will display the configuration of all the ports. Command Mode Any Configuration Mode Example Display the interface configuration of all the ports: TP-LINK(config)# show dhcp-snooping
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 71
    detection Command Mode Global Configuration Mode Example Enable the ARP Detection function globally: TP-LINK(config)# arp detection arp detection trust-port Description The arp detection trust-port command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 72
    Enable the arp defend function for the ports 2-6: TP-LINK(config)# interface range ethernet 2-6 TP-LINK(config-if)# arp detection arp detection limit-rate Description The arp detection limit-rate command is used to configure the speed. The switch can terminate receiving the ARP packets for 300
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 73
    (packet/second). By default ,the value is 15. Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Configure the maximum amount of the received ARP packets per second as 50 pps for the port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# arp
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 74
    . Syntax show arp detection interface [ethernet port-num] Parameter port-num --The number of switch port. By default, display the configuration of all the ports. Command Mode Any Configuration Mode Example Display the configuration of all the ports: TP-LINK(config)# show arp detection interface show
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 75
    Any Configuration Mode Example Display the number of the illegal ARP packets received: TP-LINK(config)# show arp detection statistic show arp detection statistic reset Description The show arp detection statistic reset command is used to clear the statistic fo the the illegal ARP packets received
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 76
    lot of service requests to the Host. With the DoS Defend enabled, the switch can analyze Example Enable the DoS defend function globally: TP-LINK(config)# dos-prevent dos-prevent type Description The synfin] [xma-scan] [null-scan] [port-less-1024] [blat] [ping-flood] [syn-flood] no dos-prevent type
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 77
    attack is enabled, the switch will automatically limit the tansmission rate of SYN/SYN-ACK packets to 512K upon being attacked.. Command Mode Global Configuration Mode Example Enable three DoS Defend Types named Land attack, Xma Scan attack and Ping flooding attack: TP-LINK(config)# dos-prevent type
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 78
    is to provide an access control for LAN ports via the authentication. Only the supplicant passing the TP-LINK(config)# dot1x dot1x authentication-method Description The dot1x authentication-method command is used to configure the Authentication Method of IEEE 802.1X. To restore to the default
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 79
    uses extensible authentication protocol (EAP) to exchange information between the switch and the client. The EAP protocol packets with authentication data Configure the Authentication Method of IEEE 802.1X as pap: TP-LINK(config)# dot1x authentication-method pap dot1x guest-vlan Description The
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 80
    TP-LINK(config)# dot1x quiet-period dot1x timer Description The dot1x timer command is used to configure the Quiet Period and the SupplicantTimeout. To restore to the default in seconds. By default, it is 10. Once the supplicant failed to the 802.1X Authentication, then the switch will not respond to
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 81
    . By default, the value is 3. Command Mode Global Configuration Mode Example Configure the maximum transfer times of the repeated authentication request as 5: TP-LINK(config)# dot1x retry 5 dot1x(interface) Description The dot1x command is used to enable the IEEE 802.1X function for a specified port
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 82
    Guest VLAN function for port 2: TP-LINK(config)# interface ethernet 2 TP-LINK(config-if)# dot1x guest-vlan dot1x port-control Description The dot1x port-control command is used to configure the Control Mode of IEEE 802.1X for the specified port. To restore to the default configuration, please use no
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 83
    as authorized-force: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# dot1x port-control authorized-force dot1x port-method Description The dot1x port-method command is used to configure the Control Type of IEEE 802.1X for the specified port. To restore to the default configuration, please
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 84
    ethernet 5 TP-LINK(config-if)# dot1x port-method port-based radius authentication primary-ip Description The radius authentication primary-ip command is used to configure the IP addressof the authentication server. Authentication server provides the authentication service for the switch via the
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 85
    server as 10.20.1.101: TP-LINK(config)# radius authentication secondary-ip 10.20.1.101 radius authentication port Description The radius authendication port command is used to configure the authentication port of the alternate authentication server. To restore to the default value, please use no
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 86
    contains 15 characters at most.. Command Mode Global Configuration Mode Example Configure the shared password for the switch and the authentication servers as tplink: TP-LINK(config)# radius authentication key tplink radius accounting enable Description The radius accunting enable command is used to
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 87
    server as 10.20.1.100: TP-LINK(config)# radius accounting primary-ip 10.20.1.100 radius accounting secondary-ip Description The radius accounting secondary-ip command is used to configure the IP address of the alternate accounting server. To restore to the default configuration, please use no radius
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 88
    . The default port is 1813. Command Mode Global Configuration Mode Example Set the UDP port of accounting server(s) as 1816: TP-LINK(config)# radius accounting port 1816 radius accounting key Description The radius accounting key command is used to configure the shared password for the switch and
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 89
    ., ranging from 1 to 9 in second. By default, it is 3. Command Mode Global Configuration Mode Example Configure the maximum time for the switch to wait for the response from the RADIUS authentication and the accounting server as 5 seconds: TP-LINK(config)# radius response-timeout 5 show dot1x global
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 90
    show dot1x interface [ ethernet port-num ] Parameter port-num --The number of the Ethernet port, ranging from 1 to 16. Display the configuration of all the ports ,by default. Command Mode Any configurartion Mode Example Display the port configuration of 801.X: TP-LINK(config)# show dot1x interface
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 91
    Any configuration Mode Example Display the configuration of the RADIUS authentication server: TP-LINK(config)# show radius authentication show radius accounting Description The show radius accounting command is used to display the configuration of the accounting server. Syntax show
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 92
    be got by show logging buffer command. It will be lost when the switch is restarted. Syntax logging local buffer {level} [ disable | enable ] buffer. By default, it is enabled. Command Mode Global Configuration Mode Example Enable the log buffer function and set the severity as 6: TP-LINK(config)#
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 93
    log. The inforamtion in the log file will not be lost after the switch is restarted and can be got by the show logging flash command. Syntax logging . By default, it is enabled. Command Mode Global Configuration Mode Example Enable the log file function and set the severity as 7: TP-LINK(config)#
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 94
    } Parameter idx --The index of the log host. The switch supports 4 log hosts. host-ip -- The IP for the log host. level --The severity level of the default, it is disabled. Command Mode Global Configuration Mode Example Enable the log host 2 and set the IP address 192.168.0.148, the level 5: TP-LINK
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 95
    host whose configuration will be displayed. Display the configuration of all the log hosts by default. Command Mode Any Configuration Mode Example Display the configuration of the log host 2: TP-LINK(config)# show logging loghost 2 show logging buffer level Description The show logging buffer level
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 96
    severity level value. Display all the log information in the log buffer by default. Command Mode Any Configuration Mode Example Display the log information from level 0 to level 5 in the log buffer: TP-LINK(config)# show logging buffer level 5 show logging flash level Description The show logging
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 97
    can provide the unsecured remote management with security and powerful authentication to ensure the security of the management information enable Command Mode Global Configuration Mode Example Enable the SSH function: TP-LINK(config)# ssh server enable ssh version Description The ssh version command
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 98
    TP-LINK(config)# ssh version v2 ssh idle-timeout Description The ssh idle-timeout command is used to specify the idle-timeout time of SSH. To restore to the factory defaults, please use no ssh idle-timeout command. Syntax ssh idle-timeout value no ssh idle-timeout Parameter value - - The Idle-
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 99
    . Command Mode Global Configuration Mode Example Download a SSH-1 type key file named ssh-key from TFTP server with the IP Address 192.168.0.148: TP-LINK(config)# ssh download v1 ssh-key ip-address 192.168.0.148 show ssh Description The show ssh command is used to display the global configuration of
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 100
    corresponding private key. By default the switch has a certificate ( self TP-LINK(config)# ssl enable ssl download certificate Description The ssl download certificate command is used to download a certificate to the switch from from TFTP server. Syntax ssl download certificate ssl-cert ip-address ip
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 101
    named ssl-cert from TFTP server with the IP Address of 192.168.0.148: TP-LINK(config)# ssl download certificate ssl-cert ip-address 192.168.0.148 ssl download key Description The ssl download key command is used to download a SSL key to the switch from TFTP server. Syntax ssl download key ssl
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 102
    Display the global configuration of SSL: TP-LINK(config)# show ssl 91
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 103
    MAC address will be out of the influence of the aging time and can only be deleted manually too. However, the learned entries will be saved even the switch is rebooted. status -- Enable or disable the Port Security function for a specified port. By default, this function is disabled. Command Mode 92
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 104
    that can be learned on this port as 30: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# bridge address port-security max-number 30 mode static or removed manually, independent of the aging time. In the stable networks, the static MAC address entries can facilitate the switch to reduce
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 105
    disabled. By default, this value is 300. Command Mode Global Configuration Mode Example Configure the aging time as 500 seconds: TP-LINK(config)# package to be forwarded. The filtering address can be added or removed manually, independent of the aging time. Syntax bridge address filtering {mac}
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 106
    show bridge port-security [port-num] Parameter port-num -- The port number of the switch. It ranges from 1 to 16. By default, the Port Security configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Security configuration of port2: TP-LINK(config)# show
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 107
    show bridge aging-time Description The show bridge aging-time command is used to display the Aging Time of the MAC address. Syntax show bridge aging-time Command Mode Any Configuration Mode Example Display the Aging Time of the MAC address: TP-LINK(config)# show bridge aging-time 96
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 108
    the System information and System IP, reboot and reset the switch, upgrade the switch system and other operations. system default, it is empty. Command Mode Global Configuration Mode Example Configure the System Contact as www.tp-link.com.cn: TP-LINK(config)# system-descript contact-info www.tp-link
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 109
    Configure the system mode as manual, and the time is 12/20/2010 17:30:35 TP-LINK(config)# system-time manual 12/20/2010-17:30:35 ip address Description The ip address command is used to configure the IP Address, Subnet Mask and Default Gateway. To restore to the factory defaults, please use no
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 110
    Subnet Mask of the Switch. The default Subnet Mask is 255.255.255.0. gateway -- The Default Gateway of the Switch. By default, it is empty. Command Mode Global Configuration Mode Example Configure the system IP as 192.168.0.69 and the Subnet Mask as 255.255.255.0: TP-LINK(config)# ip address 192.168
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 111
    BOOTP Protocol to obtain IP address from BOOTP Server: TP-LINK(config)# ip bootp-alloc reset Description The reset command is used to reset the switch's software. After resetting, all configuration of the switch (except the IP Address) will restore to the factory defaults and your current settings
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 112
    files by TFTP server with the IP 192.168.0.148 and name this file config.cfg: TP-LINK# user-config backup filename config.cfg ip-address 192.168.0.148 user-config load Description The user-config load command is used to download the configuration file to the switch by TFTP server. Syntax user-config
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 113
    name ip-address ip-addr Parameter name -- Specify the name for the Firmware File. ip-addr -- IP Address of the TFTP server. Command Mode Privileged EXEC Mode Example Upgrade the switch system via the TFTP server with the IP 192.168.0.148: TP-LINK# firmware upgrade filename firmware.bin ip-address
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 114
    network device with the IP 192.168.0.131, please specify the count (-l) as 512 bytes and count (-i) as 1000 milliseconds. If there is not any response after 8 times' Ping test, the connection between the switch and the network device is failed to establish: TP-LINK# ping 192.168.0.131 -n 8 -l 512
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 115
    with the IP 192.168.0.131. If the destination device has not been found after 20 maxHops, the connection between the switch and the destination device is failed to establish: TP-LINK# tracert 192.168.0.131 20 loopback Description The loopback command is used to test whether the port is available
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 116
    Command Mode Any Configuration Mode Example Display the system information: TP-LINK# show system-info show ip address Description The show ip address command is used to display MAC Address, IP Address, Subnet Mask and Default Gateway of the system, whether the DHCP Client function is enabled or not
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 117
    Syntax interface ethernet interface Parameter interface -- The Ethernet port to be configured. Command Mode Global Configuration Mode Example Enter the Interface Configuration Mode and configure Ethernet port2: TP-LINK(config)# interface ethernet 2 interface range ethernet Description The interface
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 118
    , ranging from 1 to 16 characters. Command Mode Interface Configuration Mode(interface ethernet) Example Add a description Port #5 to port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# description Port #5 shutdown Description The shutdown command is used to disable an Ethernet
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 119
    the flow-control function for Ethernet port 5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# flow-control negotiation Description The negotiation command is used to configure the Negotiation Mode for an Ethernet port. To return to the default configuration, please use no negotiation
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 120
    )# interface ethernet 5 TP-LINK(config-if)# negotiation 100f storm-control Description The storm-control command is used to configure the Storm Control function. To disable the Storm Control function, please use no storm-control command. Storm Control function allows the switch to filter broadcast
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 121
    Enable the Storm Control function for port5 and specify the bc-rate as 100kbps, mc-rate as 500kbps and ul-rate as 2Mbps: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control bc-rate 100k mc-rate 500k ul-rate 2m storm-control disable bc-rate Description The storm-control disable
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 122
    Mode(interface ethernet / interface range ethernet) Example Disable the UL-Frame control for port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# storm-control disable ul-rate port rate-limit Description The port rate-limit command is used to configure the Rate Limit for an Ethernet
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 123
    ethernet / interface range ethernet) Example Disable the ingress-rate limit for port5: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# port rate-limit disable ingress port rate-limit disable egress Description The port rate-limit disable egress command is used to disable the egress-rate
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 124
    [interface] } Parameter Interface -- The port selected to display the connective-status. By default, the connective-status of all ports is displayed. Command Mode Any Configuration Mode Example Display the connective-status of all Ethernet ports: TP-LINK(config)# show interface status ethernet show
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 125
    1 to 16. By default, the storm-control information of all ports is displayed. Command Mode Any Configuration Mode Example Display the storm-control information of all Ethernet ports: TP-LINK(config)# show storm-control ethernet show port rate-limit Description The show port rate-limit command is
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 126
    The port-number of the port selected to display the rate-limit information. It ranges from 1 to 16. By default, the rate-limit information of all ports is displayed. Command Mode Any Configuration Mode Example Display the rate-limit information of all Ethernet ports: TP-LINK(config)# show port rate
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 127
    Configure the priority of port 5 as 3: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# qos 3 qos dot1p config Description The qos dot1p config command is used to configure the mapping relation between IEEE 802.1P Priority and Egress Queue. To return to the default configuration, please use
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 128
    are mapped based on port priority mode. Syntax qos default, the mapping relation between tag and the egress queue is: 0-TC1, 1-TC0, 2-TC0, 3-TC1, 4-TC2, 5-TC2, 6-TC3, 7-TC3 2. Among the priority levels TC0-TC3, the bigger value, the higher p r i o r i t y. Example Map tag value 0 to TC3: TP-LINK
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 129
    TP-LINK(config)# qos dscp enable qos dscp config Description The qos dscp config command is used to configure the mapping relation between DSCP Priority and 802.1P Priority. To return to the default is enabled; the untagged non-IP datagram are mapped based on port priority mode. Syntax qos dscp
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 130
    configure the Schedule Mode. To return to the default configuration, please use no qos scheduler command. When +wrr -- Strict-Priority + Weight Round Robin Mode. In this mode, the switch provides two scheduling groups, SP group and WRR group. Queues in SP group TP-LINK(config)# qos scheduler wrr 119
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 131
    selected to display the configuration, ranging from 1 to 16. By default, information of all the ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of QoS for port 5: TP-LINK# show qos port-based 5 show qos dot1p Description The show qos dot1p command is used
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 132
    show qos dscp Command Mode Any Configuration Mode Example Display the configuration of DSCP Priority: TP-LINK# show qos dscp show qos scheduler Description The show qos scheduler command is used to display the schedule rule of the egress queues. Syntax show
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 133
    group. Command Mode Global Configuration Mode Example Configure port 3 as mirrored port, port 4 as mirroring port, the mirror mode as both and group number as 1 : TP-LINK(config)# mirror add 3 4 both 1 User Guidelines 1. The mirroring port is corresponding to current interface configuration mode
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 134
    group. Syntax mirror remove mirrored [mirrored port] [group-num] Parameter Mirrored port -- The port to be monitored. group-num -- The group number of mirrior group. Command Mode Global Configuration Mode Example Remove mirrored port 1,2-4 from mirror group 1: TP-LINK(config)# mirror remove mirrored
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 135
    . Syntax show mirror [group-num] Parameter group-num -- The group number of mirrior group. Command Mode Any Configuration Mode Example Display configuration fo mirror group 1: TP-LINK# show mirror 1 124
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 136
    , off-day, working-day. 1-3,6 represent Monday, Tuesday, Wednesday and Saturday; daily represents every day; off-day represents weekend and working-day represents working day. By default, the period mode is disabled. start-date - - The start date in Absoluteness Mode, in the format of MM/DD/YYYY. By
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 137
    05/03. Command Mode Global Configuration Mode Example Define National Day, configuring the start date as October 1st, and the end date as October 3rd: TP-LINK(config)# acl holiday NationalDay 10/01 10/03 acl create Description The acl create command is used to create ACL. To delete the corresponding
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 138
    IP ACL, and 200-299 must be Extend-IP ACL. Command Mode Global Configuration Mode Example Create a MAC ACL whose ID is 20: TP-LINK rule ID. op -- The operation for the switch to process packets which match the rules. There and permit means forwarding packets. By default, the option is permit. source-
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 139
    By default, it is not limited. time-segment -- The time-range for the rule to take effect. By default, it will be forwarded by the switch: TP-LINK(config)# acl create 20 TP-LINK(config)# acl rule mac-acl IP ACL rule. To delete the corresponding rule, please use no acl rule std-acl command. Standard-IP
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 140
    . In the rule, the source IP address is 192.168.0.100, the source IP address mask is 255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TP-LINK(config)# acl create 120 TP-LINK(config)# acl rule std-acl 120
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 141
    Command Mode Global Configuration Mode Example Add a Policy named policy1: TP-LINK(config)# acl policy policy-add policy1 acl policy action-add Description ACL will be forwarded to the specific port. The destination port ranges from 1 to 16. By default, it is All Ports. dscp -- DSCP of QoS Remark.
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 142
    beyond 1000kbps, will be discarded by the switch: TP-LINK(config)# acl policy policy-add policy1 TP-LINK(config)# acl policy action-add policy1 120 rate 1000 osd discard acl bind to-port Description The acl bind to-port command is used to bind a policy to a port. To cancel the bind relation, please
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 143
    display the configuration of Time-Range. Syntax show acl time-segment Command Mode Any Configuration Mode Example Display the configuration of Time-Range: TP-LINK> show acl time-segment show acl holiday Description The show acl holiday command is used to display the defined holiday. Syntax show acl
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 144
    of the ACL selected to display the configuration. Command Mode Any Configuration Mode Example Display the configuration of the MAC ACL whose ID is 20: TP-LINK> show acl config 20 show acl bind Description The show acl bind command is used to display the configuration of Policy bind. Syntax show acl
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 145
    is the interval to send BPDU packets, and used to test the links. Hello Time rangs form 1 to10 in seconds and it is 2 by default. Otherwise, 2 * (Hello Time + 1)
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 146
    Count as 8pps and Max Hops as 15 hops: TP-LINK(config)# spanning-tree global status enable mode mstp cist default, the port priority is 128. Port Priority is an important criterion on determining if the port connected to this port will be chosen as the root port. In the same condition, the port
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 147
    and then enable Edge Port: TP-LINK(config)# interface ethernet 1 TP-LINK(config-if)# spanning-tree common-config status enable pri 64 expath 100 inpath 100 edge enable spanning-tree region Description The spanning-tree region command is used to configure the region of MSTP. A switched network can be
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 148
    TP-LINK(config)# spanning-tree region r1 100 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance. To return to the default from 0 to 61440. By default, it is 32768. MSTI priority is an important criterion on determining if the switch will be chosen as the
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 149
    MSTI Priority as 4096: TP-LINK(config)# spanning-tree msti 1 status enable pri 4096 mapped 2-5,8 spanning-tree msti Description The spanning-tree msti command is used to configure MSTP Instance Port. To return to the default configuration of the corresponding Instance Port, please use no spanning
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 150
    TC-BPDUs received by the switch in a TC Protect Cycle. period -- TC Protect Cycle, ranging from 1 to 10 in seconds. By default, it is 5. Command Mode Global Configuration Mode Example Configure TC Threshold as 30 packets, and TC Protect Cycle as 10 seconds: TP-LINK(config)# spanning-tree tc-defend
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 151
    . By default, it is disabled. BPDU Filter is to prevent BPDUs flood in the STP network. Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable Loop Protect, Root Protect, TC Protect, BPDU Protect, and BPDU Filter for port 2: TP-LINK(config)# interface
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 152
    of Spanning Tree: TP-LINK# show spanning-tree global-config show spanning-tree port-config Description The show spanning-tree port-config command is used to display the Port configuration of Spanning Tree. Syntax show spanning-tree port-config [port] Parameter port -- The port selected to display
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 153
    Display the configuration of port 5: TP-LINK(config)# show spanning-tree port-config 5 show spanning-tree region Description The show spanning-tree region command is used to display the Region configuration of MSTP. Syntax show spanning-tree
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 154
    display the configuration, ranging from 1 to 16. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the configuration of port 5 in Instance 1: TP-LINK(config)# show spanning-tree msti port 1 5 show spanning-tree security tc-defend Description
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 155
    port -- The port selected to display the configuration, ranging from 1 to 16. By default, the Port Protect configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the Port Protect configuration of port 2: TP-LINK(config)# show spanning-tree security port-defend 2
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 156
    switch. By default, it is disabled. unknown-packet - - The operation for the switch to process unknown multicast, with pass and discard options. Command Mode Global Configuration Mode Example Enable IGMP Snooping function, and specify the operation to process unknown multicast as discard: TP-LINK
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 157
    for a port, the switch will immediately remove this port from the multicast group upon receiving IGMP leave messages. Command Mode Interface Configuration Mode(interface ethernet / interface range ethernet) Example Enable IGMP Snooping and Fast Leave function for port 5: TP-LINK(config)# interface
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 158
    Mode Global Configuration Mode Example Enable IGMP Snooping for VLAN 1, and configure Router Port Time as 200 seconds, Member Port Time as 100 seconds, Leave time as 10 seconds and Static Router Port as port 1: TP-LINK(config)# igmp-snooping vlan-config-add 1 rtime 200 mtime 100 ltime 10 rport
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 159
    stable topology. It ranges from 1 to 16. Command Mode Global Configuration Mode Example Modify Router Port Time as 300 seconds, Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 1: TP-LINK(config)# igmp-snooping vlan-config 1 rtime 300 mtime 200 ltime 15 igmp-snooping multi-vlan
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 160
    , Member Port Time as 200 seconds, and Leave time as 15 seconds for VLAN 2: TP-LINK(config)# igmp-snooping multi-vlan-config enable 2 rtime 300 mtime 200 ltime 15 igmp-snooping static-entry-add Description The igmp-snooping static-entry-add command is used to create static multicast IP entry. To
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 161
    which correspond to VLAN 2, and configure the forward port as port 1: TP-LINK(config)# igmp-snooping static-entry-add 225.0.0.1 2 1 igmp-snooping filter-add Description The igmp-snooping filter-add command is used to configure the multicast IP-range desired to filter. To delete the corresponding
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 162
    10~225.0.0.12: TP-LINK(config)# igmp-snooping filter-config 20 225.0.0.10 225.0.0.12 igmp-snooping filter Description The igmp-snooping filter command is used to configure Port Filter. To return to the default configuration, please use no igmp-snooping filter command. When the switch receives IGMP
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 163
    range ethernet) Example Enable multicast filtering function for port 5, specify Action Mode as accept, bound IP-range 2, 3, 4, and specify the maximum number of multicast groups for port 5 to join in as 128: TP-LINK(config)# interface ethernet 5 TP-LINK(config-if)# igmp-snooping filter status enable
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 164
    Example Display the IGMP configuration of port 2: TP-LINK> show igmp-snooping port-config 2 show igmp-snooping vlan-config Multicast VLAN configuration: TP-LINK> show igmp-snooping multi-vlan show igmp-snooping multi-ip-list Description The show igmp-snooping multi-ip-list command is used
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 165
    IP-Range table: TP-LINK(config)# show igmp-snooping filter-ip-addr show igmp-snooping port-filter Description The show igmp-snooping port-filter command is used to display the configuration of Multicast Port Filter. Syntax show igmp-snooping port-filter [port-num] Parameter port-num -- The port
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 166
    packet-stat command is used to display the Packet Statistics information of all ports. Syntax show igmp-snooping packet-stat Command Mode Any Configuration Mode Example Display the Packet Statistics information: TP-LINK> show igmp-snooping packet-stat show igmp-snooping packet-stat-clear Description
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 167
    SNMP function. By default, it is switch. Its length ranges from 10 to 64 hexadecimal characters, which must be even number meanwhile. Command Mode Global Configuration Mode Example Enable the SNMP function, and specify the Local Engine ID as 1234567890, the Remote Engine ID as 123456abcdef: TP-LINK
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 168
    Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. , and this OID can be managed by the SNMP management station: TP-LINK(config)# snmp view-add view1 1.3.6.1.6.3.20 include snmp group-add Description
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 169
    mechanism. By default, the Security Model Switch's SNMP agent.inform. Command Mode Global Configuration mode Example Add group 1, configure its Security Model as SNMP v2c, view1 can be read and edited by group member, and the trap messages sent by view2 can be received by Management station: TP-LINK
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 170
    no snmp user-add command. The User in a SNMP Group can manage the switch via the management station software. The User and its Group have the same security level port authentication is performed via SHA (Secure Hash Algorithm). SHA authentication mode has a higher security than MD5 mode. By default
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 171
    encryption method is used. By default, the Privacy Mode is none. encrypt-pwd -- Privacy Password, the Authentication Password as 11111, the Privacy Mode as DES, and the Privacy Password as 22222: TP-LINK(config)# snmp user-add admin local group2 smode v3 slev authPriv cmode MD5 cpwd 11111 emode DES
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 172
    the Notification function enabled, the switch can initiatively report to the management ip} {user-name} Parameter ip -- The IP Address of the management Host. udp-port -- UDP port, which is used to send notifications. The UDP port functions with the IP address for the notification sending. By default
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 173
    192.168.0.1, the UDP port as 162, the User name of the management station as admin, the Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as 1000 seconds, and the resending time as 100: TP-LINK(config)# snmp notify
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 174
    . owner -- The owner of the history sample entry, ranging from 1 to 16 characters. By default, it is minitor. Command Mode Global Configuration Mode Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon history owner 1 owner1 snmp-rmon history enable Description The snmp-rmon
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 175
    of the User to which the event belongs, ranging from 1 to 16 characters. By default, it is public. Command Mode Global Configuration Mode Example Configure the user name of entry 1 as user1: TP-LINK(config)# snmp-rmon event user 1 user1 snmp-rmon event description Description The snmp-rmon event
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 176
    description -- The description of the event, ranging from 1 to 16 characters. By default, it is empty. Command Mode Global Configuration Mode Example Configure the description of entry 1 as description1: TP-LINK(config)# snmp-rmon event description 1 description1 snmp-rmon event type Description The
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 177
    command. owner -- The owner of the event entry, ranging from 1 to 16 characters. By default, it is minitor. Command Mode Global Configuration Mode Example Configure the owner of entry 1 as owner1: TP-LINK(config)# snmp-rmon event owner 1 owner1 snmp-rmon event enable Description The snmp-rmon event
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 178
    TP-LINK(config)# snmp-rmon event enable 1-4,8 snmp-rmon alarm config Description The snmp-rmon alarm config command is used to configure SNMP-RMON Alarm Management. To return to the default generated, which triggers the switch to act in the . By default, the option is drop. port -- The port on which
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 179
    -- The alarm interval time, ranging from 10 to 3600 in seconds. By default, it is 1800. Command Mode Global Configuration Mode Example Configure the alarm interval time of the entries 1,2,3 and 6 as 1000 seconds: TP-LINK(config)# snmp-rmon alarm config 1-3,6 interval 1000 snmp-rmon alarm owner
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 180
    to enable, ranging from 1 to 12, in the format of 1-3,5. Command Mode Global Configuration Mode Example Enable the Alarm Management entries 1,2,3,4 and 8: TP-LINK(config)# snmp-rmon alarm enable 1-4,8 show snmp global-config Description The show snmp global-config command is used to display SNMP
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 181
    show snmp view command is used to display the View table. Syntax show snmp view Command Mode Any Configuration Mode Example Display the View table: TP-LINK> show snmp view show snmp group Description The show snmp group command is used to display the Group table. Syntax show snmp group Command Mode
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 182
    is used to display the Notification table. Syntax show snmp destination-host Command Mode Any Configuration Mode Example Display the Notification table: TP-LINK> show snmp destination-host show snmp-rmon history Description The show snmp-rmon history command is used to display the configuration of
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 183
    from 1 to 12. You can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the Event configuration of entry 2: TP-LINK> show snmp-rmon event 2 show snmp-rmon alarm Description The show snmp-rmon alarm
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 184
    ranging from 1 to 12. You can only select one entry for each command. By default, the configuration of all entries is displayed. Command Mode Any Configuration Mode Example Display the configuration of all Alarm Management entries: TP-LINK> show snmp-rmon alarm 173
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 185
    After a commander switch is configured, management directly connected neighbor devices to support cluster establishing. An NDP- default, it is 60. Command Mode Global Configuration Mode Example Enable NDP function globally, and configure Aging Time as 120 seconds, Hello Time as 50 seconds: TP-LINK
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 186
    -delay - - NTDP Hop Delay, which is the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time. NTDP Hop Delay ranges from 1 to 1000 in milliseconds. By default, it is 200. port-delay - - NTDP Port Delay, which is the time between the
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 187
    Mode Global Configuration Mode Example Enable the topology information collecting function manually: TP-LINK(config)# cluster explore cluster Description The cluster command is used to configure Cluster Port. To return to the default configuration, please use no cluster command. Syntax cluster [ndp
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 188
    with the current role. The conversion between Candidate Switch and Individual Switch is: Candidate Switch Ù Individual Switch. Command Mode Global Configuration Mode Example Change the role of the current switch to Candidate Switch: TP-LINK(config)# cluster manage role-change candidate show cluster
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 189
    ndp port-status [port] Parameter port -- The port selected to display the configuration of NDP, ranging from 1 to 16. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NDP configuration of port 2: TP-LINK> show cluster ndp port-status
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 190
    display the configuration of NTDP, ranging from 1 to 16. By default, the configuration of all ports is displayed. Command Mode Any Configuration Mode Example Display the NTDP configuration of port 2: TP-LINK> show cluster ntdp port-status 2 show cluster ntdp device Description The show cluster ntdp
  • TP-Link TL-SG3216 | TL-SG3216 V1 CLI Reference Guide - Page 191
    cluster ntdp device show cluster manage role Description The show cluster manage role command is used to display the role of the current Switch. Syntax show cluster manage role Command Mode Any Configuration Mode Example Display the role of the current Switch: TP-LINK> show cluster manage role 180
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
TL-SG3216/TL-SG3424
JetStream L2 Lite Managed Switch
Rev: 1.0.2
1910010511