TP-Link TL-SG3428XMP TL-SG2428PUN V1 CLI Reference Guide Guide
TP-Link TL-SG3428XMP Manual
View all TP-Link TL-SG3428XMP manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link TL-SG3428XMP manual content summary:
- TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 1
CLI Reference Guide Jetstream Switches 1910012904 REV4.5.0 October 2020 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 2
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-Link Corporation Limited. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 3
Only for Certain Devices 20 2.1 line...20 2.2 media-type rj45 ...21 Chapter 3 User Interface 22 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 enable ...22 service password-encryption 22 enable password...23 enable secret ...24 configure...25 exit...26 end ...26 clipaging ...27 history ...27 history - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 4
5.26 5.27 5.28 5.29 5.30 5.31 5.32 5.33 5.34 5.35 5.36 system-time manual ...34 system-time ntp ...34 system-time dst predefined ...36 system-time dst date ...37 system-time inform-url (Only for Certain Devices 44 reset ...44 service reset-disable...45 reboot ...46 reboot-schedule ...46 copy - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 5
5.37 5.38 5.39 5.40 5.41 5.42 5.43 5.44 5.45 5.46 5.47 5.48 5.49 5.50 5.51 tracert ...59 show system-info ...60 show image-info...60 show boot...61 show running-config...61 show startup-config ...62 show system-time ...63 show system-time dst...63 show system-time ntp ...64 show cable-diagnostics - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 6
9.6 9.7 9.8 9.9 9.10 9.11 9.12 9.13 9.14 duplex ...80 jumbo-size ...81 speed ...81 serdes-mode ...82 clear counters...83 show fiber-ports...83 show interface status...84 show interface counters ...84 show interface configuration...85 Chapter 10 Port Isolation Commands 87 10.1 10.2 port - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 7
13.4 13.5 13.6 13.7 13.8 lacp port-priority ...106 show etherchannel...106 show etherchannel load-balance 107 show lacp...108 show lacp sys-id...108 Chapter 14 MAC Address Commands 110 14.1 14.2 14.3 14.4 14.5 14.6 14.7 14.8 14.9 14.10 14.11 14.12 14.13 14.14 14.15 14.16 14.17 14.18 14.19 mac - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 8
15.11 show vlan ...130 15.12 show interface switchport ...131 Chapter 16 MAC-based VLAN Commands 132 16.1 16.2 16.3 16.4 mac-vlan mac-address...132 mac-vlan ...133 show mac-vlan...133 show mac-vlan interface ...134 Chapter 17 Protocol-based VLAN Commands 135 17.1 17.2 17.3 17.4 17.5 protocol- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 9
Chapter 20 GVRP Commands 154 20.1 20.2 20.3 20.4 20.5 20.6 gvrp...154 gvrp (interface)...154 gvrp registration...155 gvrp timer ...156 show gvrp interface ...157 show gvrp global...158 Chapter 21 IGMP Snooping Commands 159 21.1 21.2 21.3 21.4 21.5 21.6 21.7 21.8 21.9 21.10 21.11 21.12 21.13 21 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 10
Chapter 22 MLD Snooping Commands 180 22.1 22.2 22.3 22.4 22.5 22.6 22.7 22.8 22.9 22.10 22.11 22.12 22.13 22.14 22.15 22.16 22.17 22.18 22.19 22.20 22.21 22.22 22.23 ipv6 mld snooping (global)...180 ipv6 mld snooping drop-unknown 180 ipv6 mld snooping vlan-config 181 ipv6 mld snooping vlan- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 11
Chapter 24 MSTP Commands 206 24.1 24.2 24.3 24.4 24.5 24.6 24.7 24.8 24.9 24.10 24.11 24.12 24.13 24.14 24.15 24.16 24.17 24.18 24.19 24.20 24.21 24.22 24.23 24.24 24.25 24.26 24.27 debug spanning-tree...206 spanning-tree (global) ...207 spanning-tree (interface) ...207 spanning-tree common- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 12
25.9 25.10 25.11 25.12 25.13 25.14 25.15 25.16 25.17 25.18 lldp management-address ...231 lldp med-fast-count ...232 lldp med-status...233 lldp med-tlv-select ...233 lldp med-location ...234 show lldp ...235 show lldp interface ...235 show lldp local-information interface 236 show lldp neighbor- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 13
(interface)...274 show ip arp summary...274 show gratuitous-arp ...275 show ip proxy-arp ...275 Chapter 31 DHCP Server Commands 277 31.1 31.2 31.3 service dhcp server ...277 ip dhcp server extend-option capwap-ac-ip 277 ip dhcp server extend-option vendor-class-id 278 XII - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 14
pool...290 show ip dhcp server excluded-address 291 show ip dhcp server manual-binding 291 show ip dhcp server binding 292 clear ip dhcp server statistics 32.3 32.4 32.5 32.6 32.7 32.8 32.9 32.10 32.11 32.12 service dhcp relay ...294 ip dhcp relay hops ...294 ip dhcp relay time...295 ip helper- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 15
Chapter 33 DHCP L2 Relay Commands 303 33.1 33.2 33.3 33.4 33.5 33.6 33.7 33.8 33.9 ip dhcp l2relay...303 ip dhcp l2relay vlan...303 ip dhcp l2relay information...304 ip dhcp l2relay information strategy 304 ip dhcp l2relay information format 305 ip dhcp l2relay information circuit-id 306 ip - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 16
35.7 show bandwidth ...328 Chapter 36 Voice VLAN Commands 329 36.1 36.2 36.3 36.4 36.5 36.6 36.7 voice vlan...329 voice vlan (interface)...329 voice vlan priority...330 voice vlan oui...331 show voice vlan ...331 show voice vlan oui-table...332 show voice vlan interface ...332 Chapter 37 Auto - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 17
39.9 39.10 39.11 39.12 39.13 39.14 ip http secure-max-users ...351 ip http secure-session timeout 352 ip http secure-server download certificate 352 ip http secure-server download key 353 show ip http configuration...354 show ip http secure-server ...355 Chapter 40 SSH Commands 356 40.1 40.2 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 18
43.12 43.13 43.14 43.15 43.16 43.17 43.18 43.19 43.20 43.21 43.22 43.23 43.24 43.25 43.26 43.27 43.28 show aaa authentication ...375 show aaa accounting...376 line telnet ...376 login authentication (telnet)...377 line ssh...377 login authentication (ssh) ...378 line console...379 login - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 19
Chapter 45 Port Security Commands 402 45.1 45.2 mac address-table max-mac count 402 show mac address-table max-mac-count 402 Chapter 46 Port Mirroring Commands 404 46.1 46.2 46.3 monitor session destination interface 404 monitor session source...405 show monitor session ...406 Chapter 47 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 20
Chapter 49 IPv6 IMPB Commands 432 49.1 49.2 49.3 49.4 49.5 49.6 49.7 49.8 49.9 49.10 49.11 49.12 Ipv6 source binding...432 ipv6 dhcp snooping ...433 ipv6 dhcp snooping vlan ...434 ipv6 dhcp snooping max-entries 434 ipv6 nd snooping ...435 ipv6 nd snooping vlan ...436 ipv6 nd snooping max-entries - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 21
53.3 53.4 53.5 53.6 53.7 53.8 ipv6 dhcp filter limit rate ...455 ipv6 dhcp filter decline rate...456 ipv6 dhcp filter server permit-entry 457 show ipv6 dhcp filter...458 show ipv6 dhcp filter interface 458 show ip dhcp filter server permit-entry 459 Chapter 54 DoS Defend Commands 460 54.1 54 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 22
Chapter 57 DLDP Commands (Only for Certain Devices 482 57.1 57.2 57.3 57.4 57.5 57.6 57.7 57.8 dldp (global) ...482 dldp interval ...482 dldp shut-mode ...483 dldp reset (global) ...484 dldp(interface)...484 dldp reset (interface) ...485 show dldp ...485 show dldp interface...486 Chapter 58 SNMP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 23
58.28 58.29 58.30 58.31 show rmon history...510 show rmon event ...511 show rmon alarm...512 show rmon statistics ...512 Chapter 59 PoE Commands (Only for Certain Devices 514 59.1 59.2 59.3 59.4 59.5 59.6 59.7 59.8 59.9 59.10 59.11 power inline consumption (global 514 power profile ...514 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 24
61.6 61.7 61.8 show ipv6 nd detection interface 533 show ipv6 nd detection statistics 534 show ipv6 nd detection vlan 535 Chapter 62 System Log Commands 536 62.1 62.2 62.3 62.4 62.5 62.6 62.7 62.8 62.9 62.10 62.11 62.12 62.13 62.14 62.15 logging buffer...536 logging buffer level...536 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 25
may be unavailable in your country or region. For local sales information, visit https://www.tp-link.com. Overview of this Guide Chapter 1: Using the CLI Provide information about how to use the CLI, CLI Command Modes, Security Levels and some Conventions. Chapter 2: Line Commands (Only for - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 26
Chapter 11: Loopback Detection Commands Provide information about the commands used for configuring the Loopback Detection function. Chapter 12: DDM Commands (Only for Certain Devices) Provide information about the commands used for DDM (Digital Diagnostic Monitoring) function. Chapter 13: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 27
Chapter 24: MSTP Commands Provide information about the commands used for configuring the MSTP (Multiple Spanning Tree Protocol). Chapter 25: LLDP Commands Provide information about the commands used for configuring LLDP function. Chapter 26: L2PT Commands (Only for Certain Devices) Provide - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 28
Chapter 39: HTTP and HTTPS Commands Provide information about the commands used for configuring the HTTP and HTTPS logon. Chapter 40: SSH Commands Provide information about the commands used for configuring and managing SSH (Security Shell). Chapter 41: Telnet Commands Provide information about the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 29
Chapter 52: DHCPv4 Filter Commands Provide information about the commands used for configuring the DHCPv4 Filter. Chapter 53: DHCPv6 Filter Commands Provide information about the commands used for configuring the DHCPv6 Filter. Chapter 54: DoS Defend Command Provide information about the commands - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 30
required. The USB driver is provided on the resource CD. Follow the InstallSheild Wizard to accomplish the installation. The TP-Link USB Console Driver supports the following Windows operating systems: ■ 32-bit Windows XP SP3 ■ 64-bit Windows XP ■ 32-bit Windows Vista ■ 64-bit Windows Vista ■ 32-bit - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 31
■ 64-bit Windows 7 ■ 32-bit Windows 8 ■ 64-bit Windows 8 ■ 32-bit Windows 8.1 ■ 64-bit Windows 8.1 After the TP-Link USB Console Driver is installed, the PC's USB port will act as RS-232 serial port when the PC's USB port is connected to the switch's Micro-USB console port. And the PC's USB port - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 32
■ Baud rate: 38400 bps ■ Data bits: 8 ■ Parity: none ■ Stop bits: 1 ■ Flow control: none 5. Type the Username and Password in the Hyper Terminal window. The default value for both of them are admin. Press Enter in the main window and "Switch>" will appear indicating that you have successfully logged - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 33
Figure 1-1 Run Window 2. Type in telnet 192.168.0.1 in the cmd window and press Enter. Figure 1-2 Type in the telnet command 3. Type in the login username and password (both admin by default). Press Enter and you will enter User EXEC Mode. Figure 1-2 Log in the Switch Note: The first time you log in - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 34
4. Type in enable command and you will enter Privileged EXEC Mode. By default, no password is needed. Later you can set a password for users who want to access the Privileged EXEC Mode. Figure 1-3 Enter into Priviledged EXEC Mode 1.1.3 Logon by SSH To log on by SSH, a Putty client software is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 35
■ Password Authentication Mode 1. Open the software to log on to the interface of PuTTY. Enter the IP address of the switch into Host Name field; keep the default value 22 in the Port field; select SSH as the Connection type. Figure 1-5 SSH Connection Config 2. Click the Open button in the above - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 36
■ Key Authentication Mode 2. Select the key type and key length, and generate SSH key. Figure 1-7 Generate SSH Key Note: 1. The key length is in the range of 512 to 3072 bits. 2. During the key generation, randomly moving the mouse quickly can accelerate the key generation. 12 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 37
3. After the key is successfully generated, please save the public key and private key to a TFTP server. Figure 1-8 Save the Generated Key 4. Log on to the switch by Telnet and download the public key file from the TFTP server to the switch, as the following figure shows: Figure 1-9 Download the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 38
Note: 1. The key type should accord with the type of the key file. 2. The SSH key downloading can not be interrupted. 5. After the public key is downloaded, please log on to the interface of PuTTY and enter the IP address for login. Figure 1-10 SSH Connection Config 14 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 39
6. Click Browse to download the private key file to SSH client software and click Open. Figure 1-11 Download the Private Key 7. After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 40
Interface Configuration Mode can also be divided into Interface Ethernet, Interface link-aggregation and some other modes, which is shown as the following diagram. The following table gives detailed information about the Accessing path, Prompt of each mode and how to exit the current mode and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 41
Mode Accessing Path Layer 3 Interface: Use the no switchport command to enter Routed Port mode from Interface Configuration mode. Interface Configuration Mode Use the interface vlan vlan-id command to enter VLAN Interface mode from Global Configuration mode. Use the interface loopback id - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 42
Duplex-mode, flow control status. b). Interface range gigabitEthernet: Configure parameters for several Ethernet ports. c). Interface link-aggregation: Configure parameters for a link-aggregation, such as broadcast storm. d). Interface range link-aggregation: Configure parameters for multi-trunks. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 43
1.4.2 Format Conventions The following conventions are used in this Guide: • Items in square brackets [ ] are optional • Items in braces { } are required • Alternative items are grouped in braces and separated by vertical bars. For example: speed { - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 44
Chapter 2 Line Commands (Only for Certain Devices) Note: Line Commands are only available on certain devices. 2.1 line Description The line command is used to enter the Line Configuration Mode and make related configurations for the desired user(s). Syntax line { console linenum | vty startlinenum - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 45
Enter the Virtual Terminal configuration mode so as to prepare further configurations such as password and login mode for virtual terminal 0 to 5: T2600G-28TS(config)#line vty 0 5 2.2 media-type rj45 Description The media-type rj45 command is used to configure the console media type as RJ-45 for - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 46
If you have set the password to access Privileged EXEC Mode from User EXEC Mode: Switch>enable Enter password: Switch# 3.2 service password-encryption Description The service password-encryption command is used to encrypt the password when the password is defined or when the configuration is written - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 47
Mode Privilege Requirement Only Admin level users have access to these commands. Example Enable the global encryption function: Switch(config)# service password-encryption 3.3 enable password Description The enable password command is used to set or change the password for users to access - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 48
User Guidelines If the password you configured here is unencrypted and the global encryption function is enabled in service password-encryption, the password in the configuration file will be displayed in the symmetric encrypted form. If both the enable password and enable secret are - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 49
Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. User Guidelines If both the enable password and enable secret are defined, only the latest configured password will take effect. Example Set the secret password as "admin" and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 50
3.6 exit Description The exit command is used to return to the previous Mode from the current Mode. Syntax exit Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 51
3.8 clipaging Description The clipaging command is used to enable the pause function for the screen display. If you want to display all the related information of the switch at once when using the show command, please use no clipaging command. Syntax clipaging no clipaging Command Mode Privileged - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 52
3.10 history clear Description The history clear command is used to clear the commands you have entered in the current mode; therefore, these commands will not be shown next time you use the history command. Syntax history clear Command Mode Privileged EXEC Mode and any Configuration Mode Privilege - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 53
Chapter 4 User Management Commands User Management commands are used to manage the user's logging information by Web, Telnet or SSH, so as to protect the settings of the switch from being randomly changed. 4.1 user name (password) Description The user name command is used to add a new user or modify - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 54
have access to these commands. User Guidelines If the password you configured here is unencrypted and the global encryption function is enabled in service password-encryption, the password in the configuration file will be displayed in the symmetric encrypted form. If both the user name (password - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 55
password-recovery command is used to enable the password-recovery feature. To disable the password-recovery feature, please use no service password-recovery command. With password-recovery enabled, you can connect to the switch's console port and delete all your previous set accounts. You can - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 56
Mode Privilege Requirement Only Admin level users have access to these commands. Example Enable the switch's password-recovery feature: T2600G-28TS(config)# service password-recovery 4.4 show user account-list Description The show user account-list command is used to display the information of the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 57
4.5 show user configuration Description The show user configuration command is used to display the security configuration information of the users, including access-control, max-number and the idle-timeout, etc. Syntax show user configuration Command Mode Privileged EXEC Mode and Any Configuration - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 58
Requirement Only Admin and Operator level users have access to these commands. Example Configure the system mode as manual, and the time is 12/20/2010 17:30:35 Switch (config)# system-time manual 12/20/2010-17:30:35 5.2 system-time ntp Description The system-time ntp command is used to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 59
The detailed information that each time-zone means are displayed as follow: UTC-12:00 -- TimeZone for International Date Line West. UTC-11:00 -- TimeZone for Coordinated Universal Time-11. UTC-10:00 -- TimeZone for Hawaii. UTC-09:00 -- TimeZone for Alaska. UTC-08:00 -- TimeZone for Pacific Time - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 60
backup-ntp-server -- The IP address for the Secondary NTP Server. fetching-rate -- Specify the rate fetching time from NTP server. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the system time mode as - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 61
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the daylight saving time as USA standard: Switch(config)#system-time dst predefined USA 5.4 system-time dst date Description The system-time dst date command is used to configure the one-off - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 62
Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the daylight saving time from zero clock, Apr 1st to zero clock Oct 1st and the offset is 30 minutes in 2015: Switch(config)# system-time dst date Apr 1 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 63
etime -- The end moment of the daylight saving time, HH:MM. offset -- The number of minutes to add during the daylight saving time. It is 60 minutes by default. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 64
5.7 location Description The location command is used to configure the system location. To clear the system location information, please use no location command. Syntax location [ location ] no location Parameter location -- Device Location. It consists of 32 characters at most. It is "SHENZHEN" by - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 65
ip address Description This ip address command is used to configure the IP address and IP subnet mask for the specified interface manually. The interface type includes: routed port, port-channel interface, loopback interface and VLAN interface. Syntax ip address { ip-addr } { mask } [ secondary ] no - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 66
Parameter ip-addr -- The IP address of the Layer 3 interface. mask -- The subnet mask of the Layer 3 interface. secondary -- Specify the interface's secondary IP address. If this parameter is omitted here, the configured IP address is the interface's primary address. Command Mode Interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 67
bootp -- Specify the Layer 3 interface to obtain IP address from the BOOTP Server. Command Mode Interface Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the DHCP Client function on the Lay 3 routed port 1/0/1: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 68
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. 5.13 controller inform-url (Only for Certain Devices) Note: This command is only available on certain devices Description If your switch and Omada SDN Controller are not located on the same subnet, - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 69
have access to these commands. Example Reset all settings of the switch except its IP address: Switch # reset except-ip 5.15 service reset-disable Description The service reset-disable command is used to disable the reset function of the console port or reset button. To enable the reset function - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 70
5.16 reboot Description The reboot command is used to reboot the Switch. To avoid damage, please don't turn off the device while rebooting. Syntax reboot Command Mode Privileged EXEC Mode Privilege Requirement Only Admin level users have access to these commands. Example Reboot the switch: Switch # - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 71
interval -- Specify a time period after which the switch reboots. It ranges from 1 to 43200 minutes. cancel -- Delete the reboot schedule settings. Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. User Guidelines In the command reboot - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 72
startup-config tftp ip-address ip-addr filename name Parameter ip-addr -- IP Address of the TFTP server. Both IPv4 and IPv6 addresses are supported, for example 192.168.0.1 or fe80::1234. name -- Specify the name for the configuration file which would be backup. Command Mode Privileged EXEC Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 73
backup-config tftp ip-address ip-addr filename name Parameter ip-addr -- IP Address of the TFTP server. Both IPv4 and IPv6 addresses are supported, for example 192.168.0.1 or fe80::1234. name -- Specify the name for the configuration file which would be exported. Command Mode Privileged EXEC Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 74
5.22 copy backup-config startup-config Description The copy backup-config startup-config command is used to replace the startup configuration file using the backup configuration file. Syntax copy backup-config startup-config Command Mode Privileged EXEC Mode Privilege Requirement Only Admin level - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 75
tftp backup-config ip-address ip-addr filename name Parameter ip-addr -- IP Address of the TFTP server. Both IPv4 and IPv6 addresses are supported, for example 192.168.0.1 or fe80::1234. name -- Specify the name for the configuration file which would be downloaded. Command Mode Privileged EXEC Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 76
startup | backup -- Specify the property of the image, either startup image or backup image. Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Configure the image2.bin as the startup image: Switch (config)# boot application - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 77
firmware upgrade tftp ip-address ip-addr filename name Parameter ip-addr -- IP Address of the TFTP server. Both IPv4 and IPv6 addresses are supported, for example 192.168.0.1 or fe80::1234. name -- Specify the name for the firmware file. Command Mode Privileged EXEC Mode Privilege Requirement Only - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 78
Example Upgrade the switch's backup iamge file with the file firmware.bin in the TFTP server with the IP address 192.168.0.148, and reboot the switch with this firmware: Switch # firmware upgrade tftp ip-address 192.168.0.148 filename firmware.bin It will only upgrade the backup image. Continue? - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 79
T2600-28TS(config)# boot autoinstall start 5.30 boot autoinstall persistent-mode Note: This command is only available on certain devices. Description The boot autoinstall persistent-mode command is used to start Auto Install function to next reboot cycle. To disable persistent mode, use no boot - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 80
Privilege Requirement Only Admin level users have access to these commands. Example Configure Auto Install function to auto-save new configuration file to start-up configuration file: T2600-28TS(config)# boot autoinstall auto-save 5.32 boot autoinstall auto-reboot Note: This command is only - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 81
Syntax boot autoinstall retry-count count no boot autoinstall retry-count Parameter count -- The count of retrying auto install. The value ranges from 1 to 3. Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Configure TFTP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 82
. ip_addr -- The IP address of the destination node for ping test. If the parameter ip/ipv6 is not selected, both IPv4 and IPv6 addresses are supported, for example 192.168.0.100 or fe80::1234. -n count -- The amount of times to send test data during Ping testing. It ranges from 1 to 10 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 83
should be IPv6. ip_addr -- The IP address of the destination device. If the parameter ip/ipv6 is not selected, both IPv4 and IPv6 addresses are supported, for example 192.168.0.100 or fe80::1234. maxHops -- The maximum number of the route hops the test data can pass though. It ranges from - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 84
Example Test the connectivity between the switch and the network device with the IP 192.168.0.131. If the destination device has not been found after 20 maxHops, the connection between the switch and the destination device is failed to establish: Switch # tracert 192.168.0.131 20 Test the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 85
Syntax show image-info Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Display the system image files' information: Switch# show image-info 5.40 show boot Description The show boot command is used to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 86
Syntax show running-config [unit {all | | [exclude keyword ] [include keyword ] | interface {fastEthernet |gigabitEthernet | ten-gigabitEthernet} port} ] show running-config [all | | [exclude keyword] [include keyword ] | interface {fastEthernet |gigabitEthernet | ten-gigabitEthernet} port ] - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 87
Privilege Requirement Only Admin level users have access to these commands. Example Display the saved configuration: Switch# show startup-config 5.43 show system-time Description The show system-time command is used to display the time information of the switch. Syntax show system-time Command Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 88
Ethernet Port., which facilitates you to check the connection status of the cable connected to the switch, locate and diagnose the trouble spot of the network. Syntax show cable-diagnostics interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port } Parameter port -- The number - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 89
Example Show the cable-diagnostics of port 3: Switch# show cable-diagnostics interface gigabitEthernet 1/0/3 5.47 show cpu-utilization Description The show cpu-utilization command is used to display the system's CPU utilization in the last 5 seconds/1minute/5minutes. Syntax show cpu-utilization - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 90
Example Display the memory utilization information of the switch: Switch# show memory-utilization 5.49 show controller Note: This command is only available on certain devices. Description The show controller command is used to display the current controller settings and status. Syntax show - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 91
Privilege Requirement None. Example Display the temperature information of the switch: T2600G-28TS-DC# show temperature 5.51 show voltage Note: This command is only available on certain devices. Description The show voltage command is used to display the voltage of DC power board. Syntax show - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 92
Chapter 6 EEE Configuration Commands EEE (Energy Efficient Ethernet) is used to save power consumption of the switch during periods of low data activity. You can simply enable this feature on ports to allow power reduction. 6.1 eee Description The eee command is used to enable EEE on the port. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 93
Privilege Requirement None. Example Display the EEE configuration of each port Switch# show interface eee 69 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 94
prefer Description The sdm prefer command is used to configure the SDM template. The SDM template is used to allocate system resources to best support the features being used in your application. To return to use the default template, please use the sdm prefer default command. The template change - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 95
7.2 show sdm prefer Description The show sdm prefer command is used to display resource allocation of the current SDM template in use, or the SDM templates that can be used. Syntax show sdm prefer { used | default | enterpriseV4 | enterpriseV6 } Parameter used -- Display the resource allocation of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 96
Chapter 8 Time Range Commands With this feature, you can configure a time range and bind it to a PoE port or an ACL rule. 8.1 time-range Description The time-range command is used to create time-range entry for the switch and enter Time-range Create Configuration Mode. After a time-range entry is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 97
Syntax absolute from start-date to end-date no absolute [index ] Parameter start-date -- The start date in Absoluteness Mode, in the format of MM/DD/YYYY. end-date -- The end date in Absoluteness Mode, in the format of MM/DD/YYYY. Command Mode Time-Range Create Configuration Mode Privilege - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 98
Command Mode Time-Range Create Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the time-range tSeg1 with time from 8:30 to 12:00 at weekends: Switch(config)#time-range tSeg1 Switch(config -time-range)#periodic - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 99
8.5 holiday Description The holiday command is used to create holiday for the switch. To delete the corresponding holiday configuration, please use no holiday command. Syntax holiday name start-date start-date end-date end-date no holiday name Parameter name -- The holiday name, ranging from 1 to 16 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 100
Example Display the defined holiday: Switch# show holiday 8.7 show time-range Description The show time-range command is used to display the defined time-range. Syntax show time-range [ time-range-name ] Parameter time-range-name -- Specify the time range name with 1 to 16 characters. Command Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 101
Chapter 9 Port Configuration Commands Ethernet Configuration Commands can be used to configure the Bandwidth Control, Negotiation Mode and Storm Control for Ethernet ports. 9.1 interface gigabitEthernet Description The interface gigabitEthernet command is used to enter the Interface gigabitEthernet - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 102
Syntax interface range gigabitEthernet port-list Parameter port-list -- The list of Ethernet ports. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. User Guidelines Command in the Interface Range - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 103
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Add a description Port_5 to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 104
9.5 flow-control Description The flow-control command is used to enable the flow-control function for a port. To disable the flow-control function for this corresponding port, please use no flow-control command. With the flow-control function enabled, the Ingress Rate and Egress Rate can be - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 105
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the Duplex Mode as full-duplex - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 106
Syntax speed { 10 | 100 | 1000 | auto } no speed Parameter 10 | 100 | 1000 | auto -- The speed mode of the Ethernet port. There are four options: 10Mbps, 100Mbps, 1000Mbps and Auto negotiation mode (default). Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 107
Example Configure port 1/0/26 to collocate with electrical interface modules: Switch(config)# interface gigabitEthernet 1/0/26 Switch(config-if)# serdes-mode sgmii 9.10 clear counters Description The clear counters command is used to clear the statistics information of all the Ethernet ports and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 108
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the information of all fiber ports: T2600G-28TS(config)# show fiber ports 9.12 show interface status Description The show interface status command is used to display the connection status of the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 109
Syntax show interface counters [ gigabitEthernet port ] [ port-channel port-channel-id ] Parameter port -- The Ethernet port number. port-channel-id -- The ID of the port channel. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the statistics - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 110
Switch(config)# show interface configuration Display the configurations of port 1/0/2: Switch(config)# show interface configuration gigabitEthernet 1/0/2 86 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 111
Chapter 10 Port Isolation Commands Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding the port to forward packets to the ports that are not on its forwarding port list. 10.1 port isolation Description The port isolation command is used to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 112
Switch(config-if)# no port isolation 10.2 show port isolation interface Description The show port isolation interface command is used to display the forward port list of a port/port channel. Syntax show port isolation interface [fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port | - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 113
Chapter 11 Loopback Detection Commands With loopback detection feature enabled, the switch can detect loops using loopback detection packets. When a loop is detected, the switch will display an alert or further block the corresponding port according to the configuration. 11.1 loopback-detection ( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 114
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the interval-time as 50 seconds: Switch(config)# loopback-detection interval 50 11.3 loopback-detection recovery-time Description The loopback- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 115
the process-mode is Port Based or VLAN Based. Syntax loopback-detection config process-mode { alert | port-based | vlan-based } recovery-mode { auto | manual } Parameter alert -- When a loop is detected, the switch will send a trap message and generate an entry on the log file. It is the default - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 116
for port 2: Switch(config)# interface gigabitEthernet 1/0/2 Switch(config-if)# loopback-detection config process-mode port-based recovery-mode manual 11.6 loopback-detection recover Description The loopback-detection recover command is used to remove the block status of selected ports, recovering - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 117
Switch(config)# interface gigabitEthernet 1/0/2 Switch(config-if)# loopback-detection recover 11.7 show loopback-detection global Description The show loopback-detection global command is used to display the global configuration of loopback detection function such as loopback detection global status - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 118
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration of loopback detection function and the status of all ports: Switch# show loopback-detection interface Display the configuration of loopback detection function and the status of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 119
Chapter 12 DDM Commands (Only for Certain Devices) Note: DDM commands are only available on certain devices. The DDM (Digital Diagnostic Monitoring) function allows the user to monitor the status of the SFP modules inserted into the SFP ports on the switch. The user can choose to shut down the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 120
12.2 ddm shutdown Description The ddm shutdown command is used to configure whether to shut down the port when an exceeding alarm threshold or warning threshold event is encountered. Syntax ddm shutdown { none | warning | alarm } Parameter none -- The port will never be shut down regardless of the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 121
Parameter high_alarm -- Specify the highest threshold for the alarm. When the operating parameter rises above the value hereinafter, action associated with the alarm will be taken. high_warning --Specify the highest threshold for the warning. When the operating parameter rises above the value - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 122
Parameter high_alarm -- Specify the highest threshold for the alarm. When the operating parameter rises above the value hereinafter, action associated with the alarm will be taken. high_warning --Specify the highest threshold for the warning. When the operating parameter rises above the value - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 123
Parameter high_alarm -- Specify the highest threshold for the alarm. When the operating parameter rises above the value hereinafter, action associated with the alarm will be taken. high_warning --Specify the highest threshold for the warning. When the operating parameter rises above the value - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 124
Parameter high_alarm -- Specify the highest threshold for the alarm. When the operating parameter rises above the value hereinafter, action associated with the alarm will be taken. high_warning --Specify the highest threshold for the warning. When the operating parameter rises above the value - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 125
Parameter high_alarm -- Specify the highest threshold for the alarm. When the operating parameter rises above the value hereinafter, action associated with the alarm will be taken. high_warning --Specify the highest threshold for the warning. When the operating parameter rises above the value - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 126
voltage -- Displays the threshold of the DDM Voltage value. bias_current -- Displays the threshold of the DDM Bias Current value. tx_power -- Displays the threshold of the DDM Tx Power value. rx_power -- Displays the threshold of the DDM Rx Power value. Command Mode Privileged EXEC Mode and Any - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 127
Chapter 13 Etherchannel Commands Etherchannel Commands are used to configure LAG and LACP function. LAG (Link Aggregation Group) is to combine a number of ports together to make a single high-bandwidth data path, which can highly extend the bandwidth. The bandwidth of the LAG is the sum of bandwidth - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 128
Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: Switch(config)# interface range gigabitEthernet 1/0/2-4 Switch(config-if-range)# channel-group 1 mode on 13.2 port-channel load-balance Description The port-channel load-balance command is used to configure the Aggregate - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 129
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the Aggregate Arithmetic for LAG as "src-dst-ip": Switch(config)# port-channel load-balance src-dst-ip 13.3 lacp system-priority Description - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 130
13.4 lacp port-priority Description The lacp port-priority command is used to configure the LACP port priority for specified ports. To return to the default configurations, please use no lacp port-priority command. Syntax lacp port-priority pri no lacp port-priority Parameter pri -- The port - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 131
Parameter channel-group-num -- The EtherChannel Group number, ranging from 1 to 14. By default, it is empty, and will display the information of all EtherChannel Groups. detail -- The detailed information of EtherChannel. summary -- The EtherChannel information in summary. Command Mode Privileged - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 132
13.7 show lacp Description The show lacp command is used to display the LACP information for a specified EtherChannel Group. Syntax show lacp [ channel-group-num ] { internal | neighbor } Parameter channel-group-num -- The EtherChannel Group number, ranging from 1 to 14. By default, it is empty, and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 133
Example Display the LACP system priority: Switch(config)# show lacp sys-id 109 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 134
MAC address entry. To remove the corresponding entry, please use no mac address-table static command. The static address can be added or removed manually, independent of the aging time. In the stable networks, the static MAC address entries can facilitate the switch to reduce broadcast packets and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 135
14.2 no mac address-table dynamic Description The no mac address-table dynamic command is used to delete the specified dynamic MAC address, or dynamic MAC addresses based on the VLAN or the port. Syntax no mac address-table dynamic { mac-addr | vid vid | interface {fastEthernet port | - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 136
filtering command. The filtering address function is to forbid the undesired package to be forwarded. The filtering address can be added or removed manually, independent of the aging time. Syntax mac address-table filtering mac-addr vid vid no mac address-table filtering {[ mac-addr ] [ vid vid - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 137
14.5 mac address-table notification Note: This command is only available on certain devices. Description The mac address-table notification command is used to configure global settings of MAC address table notification. Syntax mac address-table notification { [ global-status enable | disable ] [ - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 138
out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted. When be out of the influence of the aging time and can only be deleted manually too. However, the learned entries will be saved even the switch is rebooted. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 139
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable Port Security function for port 1/0/1, select Static mode as the learn mode, and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 140
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the learn-mode-change notification on port 1/0/2: T2600G-28TS(config)# mac - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 141
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the max learned MAC address number is VLAN 2 as 1000, and drop the packets that have no match in the MAC address table: T2600G-28TS(config)# - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 142
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the max learned MAC address number is VLAN 2 as 1000: T2600G-18TS(config)# mac address-table vlan-security vid 2 max-learn 1000 14.10 show mac address-table Description The show mac - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 143
Parameter dynamic | static | filtering -- The type of your desired entry. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Clear the information of all static address entries: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 144
Syntax show mac address-table max-mac-count { all | interface gigabitEthernet port } Parameter all -- Displays the security information of all the Ethernet ports. port -- The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 145
Example Display the address configuration of port 1/0/1: Switch(config)# show mac address-table interface gigabitEthernet 1/0/1 14.15 show mac address-table count Description The show mac address-table count command is used to display the total amount of MAC address table. Syntax show mac address- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 146
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the information of the MAC address 00:00:00:00:23:00 in VLAN 1: Switch(config)#show mac address-table address 00:00:00:00:23:00 vid 1 14.17 show mac address-table vlan Description The show mac - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 147
Parameter all -- Displays the notification information globally and of all the Ethernet ports. port -- Displays the notification information on the specified port. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the notification configuration - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 148
Chapter 15 IEEE 802.1Q VLAN Commands VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logical LANs flexibly. Hosts in the same VLAN can communicate with each other, regardless of their physical locations. VLAN can enhance performance by - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 149
15.2 name Description The name command is used to assign a description to a VLAN. To clear the description, please use no name command. Syntax name descript no name Parameter descript --String to describe the VLAN, which contains 16 characters at most. Command Mode VLAN Configuration Mode(VLAN) - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 150
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable VLAN Trunk globally: Switch(config)#vlan_trunk 15.4 vlan_trunk (interface) Description The vlan_trunk command is used to enable VLAN Trunk for the desired port. When enabled, all - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 151
Syntax switchport general allowed vlan vlan-list { tagged | untagged } no switchport general allowed vlan vlan-list Parameter vlan-list -- VLAN ID list, ranging from 2 to 4094, in the format of 2-3, 5. It is multi-optional. tagged | untagged -- egress-rule. Command Mode Interface Configuration Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 152
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the PVID of port 1/0/2 as 2: Switch(config)# interface gigabitEthernet 1/0/2 Switch(config-if)# switchport pvid 2 15.7 switchport check ingress Description The switchport check - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 153
15.8 switchport acceptable frame Description The switchport acceptable frame command is used to specify the acceptable frame type for the switch ports and the ports will perform this operation before Ingress Checking. To restore to the default setting, please use no switchport acceptable frame - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 154
Privilege Requirement None. Example Display the summarized information of IEEE 802.1Q VLAN: Switch(config)# show vlan summary 15.10 show vlan brief Description The show vlan brief command is used to display the brief information of IEEE 802.1Q VLAN. Syntax show vlan brief Command Mode Privileged - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 155
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the information of vlan 5: Switch(config)# show vlan id 5 15.12 show interface switchport Description The show interface switchport command is used to display the IEEE 802.1Q VLAN configuration - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 156
Chapter 16 MAC-based VLAN Commands MAC VLAN (Virtual Local Area Network) is the way to classify the VLANs based on MAC Address. A MAC address is relative to a single VLAN ID. The untagged packets and the priority-tagged packets coming from the MAC address will be tagged with this VLAN ID. 16.1 mac- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 157
16.2 mac-vlan Description The mac-vlan command is used to enable a port for the MAC-based VLAN feature. Only the port is enabled can the configured MAC-based VLAN take effect. To disable the MAC-based VLAN function, please use no mac-vlan command. All the ports are disabled by default. Syntax mac- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 158
Privilege Requirement None. Parameter mac-addr -- MAC address, in the format of XX:XX:XX:XX:XX:XX. vlan-id -- Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Example Display the information of all the MAC-based VLAN entry: Switch(config)#show mac-vlan all 16.4 show mac-vlan interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 159
Chapter 17 Protocol-based VLAN Commands Protocol VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A Protocol is relative to a single VLAN ID. The untagged packets and the priority-tagged packets matching the protocol template will be tagged with this VLAN ID. 17.1 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 160
Example Create a Protocol-based VLAN template named "TP" whose Ethernet protocol type is 0x2024: Switch(config)#protocol-vlan template name TP frame ether_2 ether-type 2024 17.2 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol-based VLAN entry. To delete a - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 161
Example Create Protocol-based VLAN 2 and bind it with Protocol-based VLAN Template 3: Switch(config)#protocol-vlan vlan 2 template 3 17.3 protocol-vlan group Description The protocol-vlan command is used to add the port to a specified protocol group. To remove the port from this protocol group, - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 162
Syntax show protocol-vlan template Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the information of the Protocol-based VLAN templates: Switch(config)#show protocol-vlan template 17.5 show protocol-vlan vlan Description The show protocol-vlan - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 163
Chapter 18 Private VLAN Commands (Only for Certain Devices) Note: Private VLAN commands are only available on certain devices. Private VLANs are configured specially for saving VLAN resource of uplink devices and decreasing broadcast. 18.1 private-vlan primary Description The private-vlan primary - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 164
Syntax private-vlan community no private-vlan community Command Mode VLAN Configuration Mode (VLAN) Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the VLAN 4 as the community VLAN of the private VLAN: T2600G-28TS(config)#vlan 4 T2600G-28TS( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 165
18.4 private-vlan association Description The private-vlan association command is used to associate primary VLAN with secondary VLAN. To exterminate the currently association, please use no private-vlan association command. Syntax private-vlan association vlan_list no private-vlan association - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 166
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure Gigabit Ethernet port 3 as "host - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 167
Example Configure host type Gigabit Ethernet port 1/0/3 as a member of primary VLAN 3 and secondary VLAN 4, with the type of VLAN 4 as community: T2600G-28TS(config)#interface gigabitEthernet 1/0/3 T2600G-28TS(config-if)#switchport private-vlan host-association 3 4 community 18.7 switchport private- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 168
18.8 show vlan private-vlan Description The show vlan private-vlan command is used to display the Private VLAN configuration information of the switch. Syntax show vlan private-vlan Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin and Operator level users - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 169
Example Display the configuration information of all the Ethernet ports: T2600G-28TS(config)#show vlan private-vlan interface 145 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 170
packets with VLAN tags of private networks to be encapsulated with VLAN tags of public networks at the network access terminal of the Internet Service Provider. And these packets will be transmitted with double-tag across the public networks. 19.1 dot1q-tunnel Description The dot1q-tunnel command is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 171
Syntax switchport dot1q-tunnel tpid tpid no switchport dot1q-tunnel tpid Parameter tpid -- The value of Global TPID. It must be 4 Hex integers. By default, it is 8100. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 172
Example Enable the VLAN mapping feature globally: T2600G-28TS(config)#dot1q-tunnel mapping 19.4 switchport dot1q-tunnel mode Description The switchport dot1q-tunnel mode command is used to configure the VPN port's mode. To close this VPN port, please use the no switchport dot1q-tunnel mode command. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 173
19.5 switchport dot1q-tunnel missdrop Note: For some devices, Missdrop can only be enabled on UNI ports. For other devices, Missdrop can only be enabled on NNI ports. Description The switchport dot1q-tunnel missdrop command is used to enable the VLAN-VPN missdrop function for a specific port. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 174
c-vlan sp-vlan [ descript ] no switchport dot1q-tunnel mapping [ c-vlan ] Parameter c-vlan -- Customer VLAN ID, ranging from 1 to 4094. sp-vlan -- Service Provider VLAN ID, ranging from 1 to 4094. descript -- Give a Description to the VLAN Mapping entry, which contains 16 characters at most. Command - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 175
.8 switchport dot1q-tunnel replace Description The switchport dot1q-tunnel replace command is used to replace the customer VLAN ID with a VLAN ID of service provider on a specified port. To delete the VLAN Replace entry on this port, please use the no switchport dot1q-tunnel replace command. Syntax - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 176
Example Add a VLAN Replace entry on the Gigabit Ethernet port 1/0/3 to replace the Customer VLAN (VLAN 2) with the Service Provider VLAN (VLAN 3): T2600G-28TS(config)# switchport dot1q-tunnel replace 2 3 19.9 show dot1q-tunnel Description The show dot1q-tunnel command is used to display the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 177
Example Display the information of VLAN Mapping entry: T2600G-28TS(config)#show dot1q-tunnel mapping 19.11 show dot1q-tunnel interface Description The show dot1q-tunnel mapping interface command is used to display the VLAN VPN port type. Syntax show dot1q-tunnel interface Command Mode Privileged - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 178
Chapter 20 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagate the local VLAN registration information - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 179
no gvrp Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the GVRP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 180
Example Configure the GVRP registration mode as "fixed" for Gigabit Ethernet ports 1/0/2-6: Switch(config)#interface range gigabitEthernet 1/0/2-6 Switch(config-if-range)#gvrp registration fixed 20.4 gvrp timer Description The gvrp timer command is used to set a GVRP timer for the desired port. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 181
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Set the GARP leaveall timer of Gigabit Ethernet port 1/0/6 as 2000 centiseconds and restore the join timer of it to the default value: Switch(config)#interface gigabitEthernet 1/0/6 Switch( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 182
20.6 show gvrp global Description The show gvrp global command is used to display the global GVRP status. Syntax show gvrp global Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the global GVRP status: Switch(config)#show gvrp global 158 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 183
Chapter 21 IGMP Snooping Commands IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on Layer 2 switch. It can effectively prevent multicast groups being broadcasted in the network. 21.1 ip igmp snooping (global) Description The ip igmp snooping - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 184
Parameter v1 | v2 | v3-- Specify the IGMP version. By default, it is IGMP v3. v1: The switch works as an IGMPv1 Snooping switch. It can only process IGMPv1 messages from the host. Report messages of other versions are ignored. v2: The switch works as an IGMPv2 Snooping switch. It can process both - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 185
Switch(config)# ip igmp snooping drop-unknown 21.4 ip igmp snooping header-validation Description The ip igmp snooping header-validation command is used to enable IGMP Header Validation globally. To disable the IGMP Header Validation function, please use no ip igmp snooping header-validation command - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 186
no ip igmp snooping vlan-config vlan-id-list [ rtime | mtime | ltime ] Parameter vlan-id-list -- The ID list of the VLAN desired to modify configuration, ranging from 1 to 4094, in the format of 1-3, 5. router-time -- The Router Port Aging Time. Within this time, if the switch does not receive IGMP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 187
21.6 ip igmp snooping vlan-config (immediate-leave) Description This command is used to enable the Fast Leave feature for specific VLANs. To disable Fast Leave on the VLANs, please use no ip igmp snooping vlan-config vlan-id-list immediate-leave command. This function is disabled by default. Syntax - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 188
please use no ip igmp snooping vlan-config vlan-id-list report-suppression command. This function is disabled by default. Syntax ip igmp snooping vlan-config vlan-id-list report-suppression no ip igmp snooping vlan-config vlan-id-list report-suppression Parameter vlan-id-list -- The ID list of the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 189
port-channel-list -- Forbid the specified port-channels as being router ports. Packets sent from multicast routers to these port-channels will be discarded. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 190
Example Set the router port as 1/0/1 for VLAN 1-2: Switch(config)# ip igmp snooping vlan-config 1-2 rport interface gigabitEthernet 1/0/1 21.10 ip igmp snooping vlan-config (static) Description This command is used to configure interfaces to statically join a multicast group. To remove interfaces - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 191
21.11 ip igmp snooping vlan-config (querier) Description This command is used to enable the IGMP Snooping Querier feature for specific VLANs. To disable the IGMP Snooping Querier feature on the VLANs, please use no ip igmp snooping vlan-config vlan-id-list querier command without any parameters. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 192
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the IGMP Snooping Querier for VLAN 3, and configure the query interval as 100 seconds: Switch(config)# ip igmp snooping vlan-config 3 querier - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 193
21.13 ip igmp snooping max-groups Description The ip igmp snooping max-groups command is used to configure the maximum number of groups that a port can join in. The ip igmp snooping max-groups action is used to configure the action that the port takes when it receives an IGMP report message and the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 194
Switch(config-if-range)#ip igmp snooping max-groups 10 Switch(config-if-range)#ip igmp snooping max-groups action replace 21.14 ip igmp snooping immediate-leave Description The ip igmp snooping immediate-leave command is used to configure the Fast Leave function for port. To disable the Fast Leave - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 195
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. User Guidelines The IGMP Authentication - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 196
Example Enable IGMP accounting globally: T2600G-28TS(config)# ip igmp snooping accounting 21.17 ip igmp profile Description The ip igmp profile command is used to create the configuration profile. To delete the corresponding profile, please use no ip igmp profile command. Syntax ip igmp profile id - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 197
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the filtering mode of profile 1 as deny: Switch(config)# ip igmp profile 1 Switch(config-igmp-profile)#deny 21.19 permit Description The permit command is used to configure the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 198
Syntax range start-ip end-ip no range start-ip end-ip Parameter start-ip -- The start filtering multicast IP address. end-ip -- The end filtering multicast IP address. Command Mode Profile Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 199
Example Bind profile 1 to interface gigabitEthernet 1/0/2: Switch(config)# interface gigabitEthernet 1/0/2 Switch(config-if)# ip igmp filter 1 21.22 clear ip igmp snooping statistics Description The clear ip igmp snooping statistics command is used to clear the statistics of the IGMP packets. Syntax - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 200
21.24 show ip igmp snooping interface Description The show ip igmp snooping interface command is used to display the port configuration of IGMP snooping. If no interface is specified, it displays all interfaces' IGMP snooping configurations. Syntax show ip igmp snooping interface [ gigabitEthernet [ - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 201
21.25 show ip igmp snooping vlan Description The show ip igmp snooping vlan command is used to display the VLAN configuration of IGMP snooping. Syntax show ip igmp snooping vlan [ vlan-id ] Parameter vlan-id --The VLAN ID selected to display. Command Mode Privileged EXEC Mode and Any Configuration - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 202
static-- Display static multicast groups. static count-- The numbers of all static multicast groups. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the information of all IGMP snooping groups: Switch#show ip igmp snooping groups Display all - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 203
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration information of all profiles: Switch(config)# show ip igmp profile 179 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 204
Chapter 22 MLD Snooping Commands MLD Snooping (Multicast Listener Discovery Snooping) is a multicast control mechanism running on Layer 2 switch. It can effectively prevent multicast groups being broadcasted in the IPv6 network. 22.1 ipv6 mld snooping (global) Description The ipv6 mld snooping - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 205
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable unknown multicast filter function: Switch(config)# ipv6 mld snooping drop-unknown 22.3 ipv6 mld snooping vlan-config Description The ipv6 mld snooping vlan-config command is used to enable VLAN - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 206
• The Leave Time mechanism will not take effect when Fast Leave takes effect. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable the MLD Snooping function and modify Router Port Time as 300 seconds, Member - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 207
22.5 ipv6 mld snooping vlan-config (report-suppression) Description This command is used to enable the MLD Report Suppression function for specific VLANs. When enabled, the switch will only forward the first MLD report message for each multicast group to the MLD querier and suppress subsequent MLD - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 208
22.6 ipv6 mld snooping vlan-config (router-ports-forbidden) Description This command is used to forbid the specified ports as being router ports in the specified VLAN(s). To delete the forbidden router ports, please use no ipv6 mld snooping vlan-config vlan-id-list router-ports-forbidd command. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 209
22.7 ipv6 mld snooping vlan-config (rport interface) Description This command is used to specify the static router ports for specific VLANs. To delete the static router ports, please use no ipv6 mld snooping vlan-config vlan-id-list rport interface command. Syntax ipv6 mld snooping vlan-config vlan- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 210
Syntax ipv6 mld snooping vlan-config vlan-id-list static ip interface { gigabitEthernet port-list | port-channel port-channel-list } no ipv6 mld snooping vlan-config vlan-id-list static ip interface { gigabitEthernet port-list | port-channel port-channel-list } Parameter vlan-id-list -- The ID list - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 211
Syntax ipv6 mld snooping vlan-config vlan-id-list querier [ max-response-time response-time | query-interval interval | general-query source-ip ip-addr | last-listener-query-count count | last-listener-query-interval interval ] no ipv6 mld snooping vlan-config vlan-id-list querier [ max-response- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 212
Example Enable the MLD Snooping Querier for VLAN 3, and configure the query interval as 100 seconds: Switch(config)# ipv6 mld snooping vlan-config 3 querier Switch(config)# ipv6 mld snooping vlan-config 3 querier query interval 100 22.10 ipv6 mld snooping (interface) Description The ipv6 mld - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 213
snooping max-groups command. To return to the default action of dropping the report, please use the no ipv6 mld snooping max-groups action command. These commands only apply to the dynamic multicast groups. Syntax ipv6 mld snooping max-groups maxgroup ipv6 mld snooping max-groups action { drop | - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 214
Syntax ipv6 mld snooping immediate-leave no ipv6 mld snooping immediate-leave Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin and Operator level users have - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 215
22.14 deny Description The deny command is used to configure the filtering mode of profile as deny. Syntax deny Command Mode Profile Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the filtering mode of profile 1 as deny: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 216
22.16 range Description The range command is used to configure the range of the profile's filtering multicast address. To delete the corresponding filtering multicast address, please use no range command. A profile contains 16 filtering IP-range entries at most. Syntax range start-ip end-ip no range - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 217
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin and Operator level users have access to these commands. Example Bind profile 1 to interface gigabitEthernet - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 218
Privilege Requirement None. Example Display the global configuration of MLD Snooping: Switch(config)# show ipv6 mld snooping 22.20 show ipv6 mld snooping interface Description The show ipv6 mld snooping interface command is used to display the port configuration of MLD snooping. Syntax show ipv6 mld - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 219
Display the MLD packet statistics of ports 1/0/1-4: Switch# show ipv6 mld snooping interface gigabitEthernet 1/0/1-4 packet-stat 22.21 show ipv6 mld snooping vlan Description The show ipv6 mld snooping vlan command is used to display VLAN information of MLD Snooping. Syntax show ipv6 mld snooping - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 220
dynamic count-- The numbers of all dynamic multicast groups. static-- Display static multicast groups. static count-- The numbers of all static multicast groups. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display all of the multicast groups: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 221
Chapter 23 MVR Commands MVR (Multicast VLAN Registration) allows a single multicast VLAN to be shared for multicast member ports in different VLANs in IPv4 network. In IGMP Snooping, if member ports are in different VLANs, a copy of the multicast streams is sent to each VLAN that has member ports. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 222
no mvr group ip-addr [count ] Parameter ip-addr -- The start IP address of the contiguous series of multicast groups. count -- The number of the multicast groups to be added to the MVR. Valid values are from 1 to 256, and the default value is 1. Command Mode Global Configuration Mode Privilege - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 223
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the MVR mode as dynamic: Switch(config)# mvr mode dynamic 23.4 mvr querytime Description The mvr querytime command is used to configure the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 224
23.5 mvr vlan Description The mvr vlan command is used to specify the multicast VLAN. By default, it is VLAN 1. To return to the default configuration, please use no mvr vlan command. Syntax mvr vlan vlan-id no mvr vlan Parameter vlan-id -- The ID of the multicast VLAN. Valid values are from 1 to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 225
Example Enable MVR for port 1/0/1: Switch(config)# interface gigabitEthernet 1/0/1 Switch(config-if)#mvr 23.7 mvr type Description The mvr type command is used to configure the MVR port type as receiver or source. By default, the port is a non-MVR port. If you attempt to configure a non-MVR port - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 226
range gigabitEthernet) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. User Guidelines Only receiver ports support Fast Leave. Before enabling Fast Leave for a port, make sure there is only a single receiver device connecting to the port. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 227
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. User Guidelines This command applies to only receiver ports. The switch adds or removes the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 228
23.11 show mvr interface Description The show mvr interface command is used to display the MVR configurations of specific interfaces. Syntax show mvr interface gigabitEthernet [port | port-list ] Parameter port --The Ethernet port number. port-list -- The list of Ethernet ports. Command Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 229
Example Display the membership information of all MVR groups: Switch# show mvr members 205 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 230
Chapter 24 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a ring network. STP is to block redundant links and backup links as well as optimize paths. 24.1 debug spanning-tree Description The debug spanning-tree - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 231
Privilege Requirement Only Admin level users have access to these commands. Example Display all the spanning-tree debug messages: Switch# debug spanning-tree all 24.2 spanning-tree (global) Description The spanning-tree command is used to enable STP function globally. To disable the STP function, - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 232
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the STP function for port 1/0/2: Switch(config)# interface gigabitEthernet 1/0/2 Switch(config-if)# spanning-tree 24.4 spanning-tree common-config Description The spanning-tree common- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 233
default, it is automatic. It ranges from o to 2000000. By default, it is 0 which is mean auto. portfast -- Enable/ Disable Edge Port. By default, it is disabled. The edge port can transit its state from blocking to forwarding rapidly without waiting for forward delay. point-to-point -- The P2P link - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 234
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the spanning-tree mode as mstp: Switch(config)# spanning-tree mode mstp 24.6 spanning-tree mst configuration Description The spanning-tree mst - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 235
please use no instance command. When an instance is disabled, the related mapping VLANs will be removed. Syntax instance instance-id vlan vlan-id no instance instance-id [ vlan vlan-id ] Parameters instance-id -- Instance ID, ranging from 1 to 8. vlan-id -- The VLAN ID selected to mapping with the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 236
Parameters name -- The region name, used to identify MST region. It ranges from 1 to 32 characters. Command Mode MST Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the region name of MST as "region1": Switch( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 237
24.10 spanning-tree mst instance Description The spanning-tree mst instance command is used to configure the priority of MST instance. To return to the default value of MST instance priority, please use no spanning-tree mst instance command. Syntax spanning-tree mst instance instance-id priority pri - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 238
no spanning-tree mst instance instance-id Parameter instance-id -- Instance ID, ranging from 1 to 8. pri -- Port Priority, which must be multiple of 16 ranging from 0 to 240. By default, it is 128. Port Priority is an important criterion on determining if the port will be chosen as the root port by - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 239
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the bridge priority as 4096: Switch(config)# spanning-tree priority 4096 24.13 spanning-tree timer Description The spanning-tree timer command is used to configure forward-time, - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 240
Switch(config)# spanning-tree timer forward-time 16 hello-time 3 max-age 22 24.14 spanning-tree hold-count Description The spanning-tree hold-count command is used to configure the maximum number of BPDU packets transmitted per Hello Time interval. To return to the default configurations, please use - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 241
Parameter value -- The maximum number of hops that occur in a specific region before the BPDU is discarded, ranging from 1 to 40 in hop. By default, it is 20. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 242
24.17 spanning-tree bpduflood Description The spanning-tree bpduflood command is used to enable the BPDU forward function for a port. With the function enabled, the port still can forward spanning tree BPDUs when the spanning tree function is disabled on this port. To disable the BPDU filter - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 243
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the BPDU protect - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 244
24.20 spanning-tree guard root Description The spanning-tree guard root command is used to enable the Root Protect function for a port. With the Root Protect function enabled, the root bridge will set itself automatically as ERROR-PORT when receiving BPDU packets with higher priority, in order to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 245
no spanning-tree guard tc Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 246
Syntax show spanning-tree active Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the active information of spanning-tree: Switch(config)# show spanning-tree active 24.24 show spanning-tree bridge Description The show spanning-tree bridge - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 247
Syntax show spanning-tree interface [ gigabitEthernet port | port-channel port-channel-id ] [ edge | ext-cost | int-cost | mode | p2p | priority | role | state | status ] Parameter port -- The Ethernet port number. port-channel-id -- The ID of the port channel. Command Mode Privileged EXEC Mode and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 248
Privilege Requirement None. Example Display the protect information of all ports: Switch(config)# show spanning-tree interface-security Display the protect information of port 1: Switch(config)# show spanning-tree interface-security gigabitEthernet 1/0/1 Display the interface security bpdufilter - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 249
Display all the ports information of MST Instance 1: Switch(config)#show spanning-tree mst instance 1 interface 225 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 250
Chapter 25 LLDP Commands LLDP function enables network devices to advertise their own device information periodically to neighbors on the same LAN. The information of the LLDP devices in the LAN can be stored by its neighbor in a standard MIB, so it is possible for the information to be accessed by - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 251
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the switch to forward LLDP messages when LLDP function is disabled globally: Switch(config)#lldp forward_message 25.3 lldp hold-multiplier - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 252
25.4 lldp timer Description The lldp timer command is used to configure the parameters about transmission. To return to the default configuration, please use no lldp timer command. Syntax lldp timer { tx-interval tx-interval | tx-delay tx-delay | reinit-delay reinit-delay | notify-interval notify- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 253
Switch(config)#lldp timer tx-interval 45 Switch(config)#lldp timer notify-interval 120 25.5 lldp receive Description The lldp receive command is used to enable the designated port to receive LLDPDU. To disable the function, please use no lldp receive command. Syntax lldp receive no lldp receive - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 254
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable Gigabit Ethernet port 1/0/1 to transmit LLDPDU: Switch(config)# interface gigabitEthernet 1/0/1 Switch(config-if)#lldp transmit 25.7 lldp snmp-trap Description The lldp snmp-trap - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 255
25.8 lldp tlv-select Description The lldp tlv-select command is used to configure TLVs to be included in outgoing LLDPDU. To exclude TLVs, please use no lldp tlv-select command. By default, All TLVs are included in outgoing LLDPDU. Syntax lldp tlv-select { [ port-description ] [ system-capability ] - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 256
Syntax lldp management-address { ip-address } no lldp management-address Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 257
Switch(config)# lldp med-fast-count 5 25.11 lldp med-status Description The lldp med-status command is used to enable the LLDP-MED feature for the corresponding port. After the LLDP-MED feature is enabled, the port's Admin Status will be changed to Tx&Rx. To disable the LLDP-MED feature for the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 258
box post-office-box ] [ additional additional ] [ country-code country-code ] [ what { dhcp-server | endpoint | switch } ] ] } Parameter emergency-number -- Emergency Call Service ELIN identifier, which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. The length of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 259
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the civic address in the Location Identification TLV's content in outgoing LLDPDU of port 1/0/2. Configure the language as English and city as London: Switch(config)# interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 260
Parameters port -- The Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the LLDP configuration of Gigabit Ethernet port 1/0/1: Switch#show lldp interface gigabitEthernet 1/0/1 25.16 show lldp local-information interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 261
25.17 show lldp neighbor-information interface Description The show lldp neighbor-information interface command is used to display the neighbor information of the corresponding port. By default, the neighbor information of all the ports will be displayed. Syntax show lldp neighbor-information - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 262
Privilege Requirement None. Example Display the LLDP statistic information of Gigabit Ethernet port 1/0/1: Switch#show lldp traffic interface gigabitEthernet 1/0/1 238 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 263
certain devices. L2PT (Layer 2 Protocol Tunneling) is a feature for service providers to transmit packets from different customers across their ISP networks and maintain Layer 2 protocol configurations of each customer. The supported Layer 2 protocols are STP (Spanning Tree Protocol), GVRP (GARP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 264
the port's type as UNI if it is connecting to the user's local network. 01000ccccccc | 01000ccccccd | gvrp | stp | lacp | all -- Select the supported Layer 2 protocol type. Packets of the specified protocol will be encapsulated with their destination MAC address before they are sent to the ISP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 265
■ threshold --Configure the threshold for packets-per-second accepted for encapsulation. Packets beyond the threshold will be dropped. It ranges from 0 to 1000. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 266
26.4 show l2protocol-tunnel interface Description The show l2protocol-tunnel interface command is used to display the L2PT configuration information of a specified Ethernet port or of all Ethernet ports. Syntax show l2protocol-tunnel interface [ gigabitEthernet port | port-channel port-channel-id ] - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 267
Chapter 27 PPPoE ID-Insertion Commands (Only for Certain Devices) Note: PPPoE ID-Insertion commands are only available on certain devices. The PPPoE ID-Insertion feature provides a way to extract a Vendor-specific tag as an identifier for the authentication, authorization, and accounting (AAA) - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 268
27.2 pppoe circuit-id (interface) Description The pppoe circuit-id command is used to enable the PPPoE Circuit-ID Insertion function for a specified port. To disable the PPPoE Circuit-ID Insertion function on a specified port, please use no pppoe circuit-id command. Syntax pppoe circuit-id no pppoe - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 269
ip: The IP address of the switch will be used to encode the Circuit-ID option. This is the default value. udf: A user specified string with the maximum length of 40 characters will be used to encode the Circuit-ID option. udf-only: Only the user specified string with the maximum length of 40 will be - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 270
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the remote-ID as "mac" for the Gigabit Ethernet port 1/0/1: T2600G-28TS ( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 271
Syntax show pppoe id-insertion interface [gigabitEthernet port ] Parameter port -- The Fast/Gigabit Ethernet port number. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration information of PPPoE Circuit-ID Insertion function of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 272
Chapter 28 Static Routes Commands 28.1 ip routing Description This ip routing command is used to enable IPv4 routing globally. To disable IPv4 routing, please use the no ip routing command. Syntax ip routing no ip routing Command Mode Global Configuration Mode Privilege Requirement Only Admin, - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 273
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Create the VLAN interface 2: Switch(config)# interface vlan 2 28.3 interface loopback Description This interface loopback command is used to create the loopback interface. To delete the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 274
Syntax switchport no switchport Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 275
28.6 description Description This description command is used to add a description to the Layer 3 interface, including routed port, port-channel interface, loopback interface and VLAN interface. To clear the description of the corresponding interface, please use the no description command. Syntax - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 276
no shutdown Command Mode Interface Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Shut down the routed port 1/0/9: Switch(config)# interface gigabitEthernet 1/0/9 Switch(config-if)# no switchport Switch(config-if)# - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 277
28.9 ip route Description This ip route command is configure the static route. To clear the corresponding entry, please use the no ip route command. Syntax ip route { dest-address } { mask } { next-hop-address } [ distance ] no ip route { dest-address } { mask } { next-hop-address } Parameter dest- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 278
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable IPv6 routing globally: Switch(config)# ipv6 routing 28.11 ipv6 route Description This ipv6 route command is configure the IPv6 static route. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 279
28.12 show interface vlan Description The show interface vlan command is used to display the information of the specified interface VLAN. Syntax show interface vlan vid Parameter vid -- The VLAN ID. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 280
Privilege Requirement None. Example Display the detailed information of the VLAN interface 2: Switch(config)# show ip interface vlan 2 28.14 show ip interface brief Description This show ip interface brief command is used to display the summary information of the Layer 3 interfaces. Syntax show ip - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 281
connected: The connected routes. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the static routes: Switch(config)# show ip route static 28.16 show ip route specify Description This show ip route specify command is used to display the valid - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 282
Switch(config)# show ip route specify 192.168.0.0 255.255.0.0 longer-prefixes 28.17 show ip route summary Description This show ip route summary command is used to display the summary information of the route entries classified by their sources. Syntax show ip route summary Command Mode Privileged - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 283
Switch(config)# show ipv6 interface 28.19 show ipv6 route Description This show ipv6 route command is used to display the IPv6 route entries of the specified type. Syntax show ipv6 route [ static | connected ] Parameter static | connected -- Specify the route type. If not specified, all types of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 284
Privilege Requirement None. Example Display the summary information of IPv6 route entries: Switch(config)# show ipv6 route summary 260 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 285
enable the automatic configuration of the ipv6 link-local address. The switch has only one ipv6 link-local address, which can be configured automatically or manually. The general ipv6 link-local address 261 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 286
links. The autu-configured ipv6 link-local address is in EUI-64 format. To verify the uniqueness of the link-local address, the manually configured ipv6 link-local address will be deleted when the auto-configured ipv6 link-local address takes effect. Syntax ipv6 address autoconfig Configuration Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 287
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the link-local address as fe80::1234 on the VLAN interface 1: Switch(config)# interface vlan 1 Switch(config-if)# ipv6 address fe80::1234 link-local 29.4 ipv6 address dhcp - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 288
on VLAN interface 1: Switch(config)# interface vlan 1 Switch(config-if)# ipv6 address ra 29.6 ipv6 address eui-64 Description This command is used to manually configure a global IPv6 address with an extended unique identifier (EUI) in the low-order 64 bits on the interface. Specify only the network - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 289
64: Switch(config)# interface vlan 1 Switch(config-if)# ipv6 address 3ffe::/64 eui-64 29.7 ipv6 address Description This command is used to manually configure a global IPv6 address on the interface. To remove a global IPv6 address from the interface, please use no ipv6 address command. Syntax ipv6 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 290
29.8 show ipv6 interface Description This command is used to display the configured ipv6 information of the management interface, including ipv6 function status, link-local address and global address, ipv6 multicast groups etc. Syntax show ipv6 interface Command Mode Privileged EXEC Mode and Any - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 291
contains two types of ARP entries: dynamic and static. An ARP dynamic entry is automatically created and maintained by ARP. A static ARP entry is manually configured and maintained. 30.1 arp Description This arp command is used to add a static ARP entry. To delete the specified ARP entry, please use - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 292
30.2 clear arp-cache Description This clear arp-cache command is used to clear all the dynamic ARP entries. Syntax clear arp-cache Command Mode Privileged EXEC Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Clear all the dynamic ARP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 293
30.4 arp timeout Description This arp timeout command is used to configure the ARP aging time of the interface. Syntax arp timeout timeout no arp timeout Parameter timeout -- Specify the aging time, ranging from 10 to 3000 seconds. The default value is 1200 seconds. Command Mode Global Configuration - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 294
Privilege Requirement None. Example Enable the switch's Layer 3 interfaces to send gratuitous ARP packets when their status becomes up: Switch(config)# gratuitous-arp intf-status-up enable 30.6 gratuitous-arp dup-ip-detected enable Description This gratuitous-arp dup-ip-detected enable command is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 295
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Enable the Layer 3 interface to learn MAC addresses from the gratuitous ARP packets: Switch(config)# gratuitous-arp learning enable 30.8 gratuitous-arp send-interval Description This gratuitous-arp send- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 296
30.9 ip proxy-arp Description The ip proxy-arp command is used to enable Proxy ARP function on the specified VLAN interface or routed port. To disable Proxy ARP on this interface, please use no ip proxy-arp command. Syntax ip proxy-arp no ip proxy-arp Command Mode Interface Configuration Mode ( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 297
Command Mode Interface Configuration Mode (Interface vlan / interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement None Example Enable the Proxy ARP function on VLAN Interface 2: Switch(config)# interface vlan 2 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 298
Example Display the ARP entry with the IP as 192.168.0.2: Switch(config)# show arp 192.168.0.2 30.12 show ip arp (interface) Description This show ip arp (interface) command is used to display the active ARP entries associated with a specified Layer 3 interface. Syntax show ip arp { gigabitEthernet - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 299
Privilege Requirement None. Example Display the number of the ARP entries: Switch(config)# show ip arp summary 30.14 show gratuitous-arp Description This show gratuitous arp command is used to display the configuration of gratuitous ARP. Syntax show gratuitous-arp Command Mode Privileged EXEC Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 300
Example Display the Proxy ARP status: Switch(config)# show ip proxy-arp 276 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 301
Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable DHCP server service globally: Switch(config)# service dhcp server 31.2 ip dhcp server extend-option capwap-ac-ip Description The ip dhcp server extend-option capwap-ac-ip - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 302
Syntax ip dhcp server extend-option capwap-ac-ip ip-address no ip dhcp server extend-option capwap-ac-ip Parameter ip-address -- Specify the management IP address of an AC (Access Control) device. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 303
Example Set the class ID of the DHCP packets from another network segment as 34: Switch(config)# ip dhcp server extend-option vendor-class-id 34 31.4 ip dhcp server exclude-address Description The ip dhcp server exclude-address command is used to specify the reserved IP addresses which are forbidden - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 304
Syntax ip dhcp server pool pool-name no ip dhcp server pool pool-name Parameter pool-name -- Specify the address pool name, ranging from 1 to 8 characters. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 305
Example Set the timeout of PING as 200ms: Switch(config)# ip dhcp server ping timeout 200 31.7 ip dhcp server ping packets Description The ip dhcp server ping packets command is used to specify the number of PING packets sent. If this value is set to 0, the PING process will be disabled. To resume - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 306
Parameter network-address -- Specify the network address of the pool, with the format A.B.C.D. All the IP addresses in the same subnet are allocatable except the reserved addresses and specific addresses. subnet-mask -- Specify the subnet mask of the pool, with the format A.B.C.D. Command Mode DHCP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 307
Switch(config-dhcp)# lease 10 31.10 address hardware-address Description The address hardware-address command is used to reserve the static address bound with hardware address in the address pool. To delete the binding, please use no address hardware-address. Syntax address ip-address hardware- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 308
31.11 address client-identifier Description The address client-identifier command is used to specify the static address bound with client ID in the address pool. To delete the binding, please use no address command. Syntax address ip-address client-identifier client-id [ascii] no address ip-address - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 309
Parameter gateway-list -- Specify the gateway list, with the format of A.B.C.D,E.F.G.H. At most 8 gateways can be configured, separated by comma. Command Mode DHCP Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 310
Switch(config-dhcp)# dns-server 192.168.0.1,192.168.1.1 31.14 netbios-name-server Description The netbios-name-server command is used to specify the Netbios server's IP address. To delete the Netbios servers, please use no netbios-name-server command. Syntax netbios-name-server NBNS-list no netbios- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 311
Parameter type -- Specify the node type as b-node, h-node, m-node or p-node. Command Mode DHCP Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the address pool's Netbios server type as b-node: Switch(config)# ip - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 312
31.17 domain-name Description The domain-name command is used to specify the domain name for the DHCP client. To delete the domain name, please use no domain-name command. Syntax domain-name domainname no domain-name Parameter domainname -- Specify the domain name for the DHCP client. Command Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 313
boot1 31.19 show ip dhcp server status Description The show ip dhcp server status command is used to display the status of the DHCP service. Syntax show ip dhcp server status Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the status of DHCP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 314
Privilege Requirement None. Example Display the statistics of DHCP packets received and sent by the DHCP server: Switch(config)# show ip dhcp server statistics 31.21 show ip dhcp server extend-option Description The show ip dhcp server extend-option command is used to display the configuration of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 315
None. Example Display the configured reserved addresses: Switch(config)# show ip dhcp server excluded-address 31.24 show ip dhcp server manual-binding Description The show ip dhcp server manual-binding command is used to display the configuration of static binding address. Syntax show ip dhcp server - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 316
Example Display the configured static binding address: Switch(config)# show ip dhcp server manual-binding 31.25 show ip dhcp server binding Description The show ip dhcp server binding command is used to display the binding entries. Syntax show - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 317
Example Clear the packet statistics: Switch(config)# clear ip dhcp server statistics 31.27 clear ip dhcp server binding Description The clear ip dhcp server binding command is used to clear the binding information. Syntax clear ip dhcp server binding [ ip-address ] Parameter ip-address -- Specify - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 318
Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable DHCP Relay function globally: Switch(config)# service dhcp relay 32.2 ip dhcp relay hops Description The ip dhcp relay hops command is used to specify the maximum hops (DHCP Relay - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 319
packet is greater than the value set here, the DHCP packet will be dropped by the switch. To restore the default value, please use no service dhcp relay time command. Syntax ip dhcp relay time time no ip dhcp relay time Parameter time --Specify the DHCP relay time threshold. The valid - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 320
(config-if)# ip helper-address 192.168.2.1 32.5 ip dhcp relay information Description The ip dhcp relay information command is used to enable option 82 support in DHCP Relay. To disable this function, please use no ip dhcp relay information command. Syntax ip dhcp relay information no ip dhcp relay - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 321
port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable option 82 support in DHCP Relay for port 2: Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)# ip dhcp relay information 32.6 ip dhcp relay information - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 322
Example Specify the option 82 strategy as replace to replace the Option 82 field with the local parameter on receiving the DHCP request packet for port 2: Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)# ip dhcp relay information strategy replace 32.7 ip dhcp relay information - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 323
32.8 ip dhcp relay information circuit-id Description The ip dhcp relay information circuit-id command is used to specify the custom circuit ID when option 82 customization is enabled. To clear the circuit ID, please use no ip dhcp relay information circuit-id command. Syntax ip dhcp relay - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 324
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the remote ID as "TP- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 325
32.11 ip dhcp relay vlan Description The ip dhcp relay vlan command is used to add DHCP server address to specified VLAN. If there is an IP interface in the VLAN and it has configured a DHCP server address at the interface level, then the configuration at the interface level has higher priority. In - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 326
Privilege Requirement None. Example Display the configuration of DHCP Relay: Switch(config)# show ip dhcp relay 302 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 327
Chapter 33 DHCP L2 Relay Commands 33.1 ip dhcp l2relay Description The ip dhcp l2relay command is used to enable DHCP L2 Relay function globally. To disable DHCP L2 Relay function, please use no ip dhcp l2relay command. Syntax ip dhcp l2relay no ip dhcp l2relay Command Mode Global Configuration Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 328
(config)# ip dhcp l2relay vlan 2 33.3 ip dhcp l2relay information Description The ip dhcp l2relay information command is used to enable option 82 support in DHCP Relay. To disable this function, please use no ip dhcp l2relay information command. Syntax ip dhcp l2relay information no ip dhcp l2relay - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 329
Syntax ip dhcp l2relay information strategy { drop | keep | replace } no ip dhcp l2relay information strategy Parameter drop | keep | replace -- The operations for Option 82 field of the DHCP request packets from the Host. The default operation is keep. drop: Discard the packet with the Option 82 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 330
normal: Indicates that the format of sub-option value field is TLV (type-length-value). private: Indicates that the format of sub-option value field is the value you configure for the related sub-option. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 331
Example Specify the circuit ID as "TP-Link" for port 2: Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)# ip dhcp l2relay information circuit-id TP-Link 33.7 ip dhcp l2relay information remote-id Description The ip dhcp l2relay information remote-id command is used to specify the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 332
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration of DHCP Relay: Switch(config)# show ip dhcp l2relay 33.9 show ip dhcp l2relay interface Description The show ip dhcp l2relay interface command is used to display the DHCP L2 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 333
.1p and on DSCP. 34.1 qos trust mode Description The qos trust mode command is used to configure the trust mode of CoS (Class of Service) function for the ports. The default trust mode is trust port priority. Syntax qos trust mode { dot1p | dscp | untrust } Parameter dot1p-- Trust 802.1p mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 334
34.2 qos port-priority Description The qos port-priority command is used to configure the port to 802.1p priority mapping for the desired port. To return to the default configuration, please use no qos port-priority command. When Port Priority is enabled, the packets will be mapped to different - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 335
Syntax qos cos-map { dot1p-priority } { tc-queue } no qos cos-map Parameter dot1p-priority -- The value of 802.1p priority. It ranges from 0 to 7, which represent 802.1p priority 0-7 respectively. tc-queue-- The number of TC queue that the 80.1p priority will be mapped to. It ranges from 0 to 7. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 336
For other devices: Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example For some devices: Remap - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 337
Command Mode For some devices: Global Configuration Mode For other devices: Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 338
the minimum guaranteed bandwidth allocated to the specified queue. A value of 0 means there is no guaranteed minimum bandwidth in effect (best-effort service). The default value is 0. The sum of all bandwidth values for the queues must not exceed 100%. To return to the default configuration - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 339
Parameter tc-queue -- The egress queue ID. It ranges from 0 to 7, which represents TC queue from TC0 to TC7 respectively. rate --The minimum bandwidth percentage for queue, ranging from 1 to 100 in increments of 1. By default, it is 0. Command Mode Interface Configuration Mode (interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 340
wrr -- Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue. If you select this mode, you need to specify the queue weight at the same time. weight -- Configure the weight value of the specified TC queue. When the scheduler mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 341
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the 802.1p to queue mappings: Switch# show qos cos-map 34.10 show qos dot1p-remap interface Note: This command is only available on certain devices. Description The show qos dot1p-remap interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 342
Description The show qos dot1p-remap interface command is used to display the 802.1p priority to 802.1p priority mappings. Syntax show qos dot1p-remap Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the IEEE 802.1P remap configuration: Switch# - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 343
34.13 show qos dscp-map Note: This command is only available on certain devices. Description The show qos dscp-map command is used to display the DSCP priority configuration. Syntax show qos dscp-map Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 344
Example Display the DSCP to DSCP mappings for all the ports: T2600G-28TS# show qos dscp-remap interface 34.15 show qos dscp-remap Note: This command is only available on certain devices. Description The show qos dscp-remap command is used to display the DSCP priority to DSCP priority mappings. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 345
Privilege Requirement None. Example Display the port to 802.1p priority mappings for all the ports: Switch# show qos port-priority interface 34.17 show qos trust interface Description The show qos trust interface command is used to display the trust mode of the ports. Syntax show qos trust interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 346
Parameter port -- The port number. port-channel-id -- The ID of the port channel. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the scheduler settings of all the ports: Switch# show qos queue interface 322 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 347
Chapter 35 Bandwidth Control Commands Bandwidth Control functions to control the traffic rate and traffic threshold on each port to ensure network performance. Rate limit functions to limit the ingress/egress traffic rate on each port. Storm Control function allows the switch to monitor broadcast - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 348
Example Set the storm control mode as kbps on port 1/0/5: Switch(config)# interface gigabitEthernet 1/0/5 Switch(config-if)# storm-control rate-mode kbps 35.2 storm-control Description The storm-control command is used to enable the broadcast, multicast, or unknown unicast strom control function and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 349
as 0, which means the port will not recover to its normal state automatically and you can recover the port manually using storm-control recover command. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 350
not recover to its normal state automatically. In this condition, you need to use this command to recover the port manually. Syntax storm-control recover Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 351
egress-rate -- Specify the upper rate limit for sending packets. The rate ranges from 1 to 1000000 kbps for the gigaport and 1 to 100000 kbps for the fast port, and is rounded off to the nearest multiple of 64. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 352
35.7 show bandwidth Description The show bandwidth command is used to display the bandwidth-limit information of Ethernet ports. Syntax show bandwidth interface [ fastEthernet port | gigabitEthernet port-list ten-gigabitEthernet port | port-channel port-channel-id-list ] Parameter port-list --The - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 353
Chapter 36 Voice VLAN Commands Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with voice devices attached to voice VLANs, you can perform QoS-related configuration for voice data, ensuring the transmission priority of voice data stream and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 354
Syntax voice vlan no voice vlan Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 355
Example Configure the priority of the Voice VLAN as 5: Switch(config)# voice vlan priority 5 36.4 voice vlan oui Description The voice vlan oui command is used to create Voice VLAN OUI. To delete the specified Voice VLAN OUI, please use no voice vlan oui command. Syntax voice vlan oui oui-prefix oui - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 356
Syntax show voice vlan Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Display the configuration information of Voice VLAN globally: Switch(config)# show voice vlan 36.6 show - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 357
Syntax show voice vlan interface Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Display the Voice VLAN configuration information of all ports and port channels: Switch(config)# - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 358
Chapter 37 Auto VoIP Commands The Auto VoIP feature is used to prioritize the transmission of voice traffic. Voice over Internet Protocol (VoIP) enables telephone calls over a data network, and the Auto VoIP feature helps provide a classification mechanism for voice packets. When Auto VoIP is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 359
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Example Set Auto VoIP VLAN 3 for port 3: Switch(config)# interface gigabitEthernet 1/0/3 Switch(config-if)# auto-voip 3 37.3 auto-voip dot1p - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 360
-voip none Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Example Instruct voice devices that are connected to port 3 to send the packets according to its own configuration: Switch(config - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 361
37.6 no auto-voip (interface) Description The no auto-voip command is used to specify the interface mode as disabled for the ports, which means the Auto VoIP function is disabled on the corresponding port. Syntax no auto-voip Command Mode Interface Configuration Mode (interface gigabitEthernet / - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 362
Switch(config)# interface gigabitEthernet 1/0/3 Switch(config-if)# auto-voip dscp 33 37.8 auto-voip data priority Description The auto-voip data priority command is used to enable or disable the CoS Override Mode on specified ports. Syntax auto-voip data priority { trust | untrust } Parameter trust - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 363
Parameter interface -- Displays the Auto VoIP configuration information of ports. When no parameter is entered, displays the global Auto VoIP configuration information. Command Mode Privileged EXEC Mode and any Configuration Mode Example Displays the global Auto VoIP configuration information: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 364
Chapter 38 Access Control Commands 38.1 user access-control ip-based enable Description The user access-control ip-based enable command is used to configure the access control mode IP-based. To disable the access control feature, please use no user access-control command. Syntax user access-control - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 365
Parameter ip-addr -- The source IP address. Only the users within the IP-range you set here are allowed for login. 5 IP-based entries can be configured at most. ip-mask -- The subnet mask of the IP address. [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] -- Specify the access - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 366
Example Configure the access control mode as MAC-based: Switch(config)# user access-control mac-based enable 38.4 user access-control mac-based Description The user access-control mac-based command is used to limit the MAC address of the users for login. Only the user with this MAC address you set - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 367
38.5 user access-control port-based enable Description The user access-control port-based enable command is used to configure the access control mode Port-based. To disable the access control feature, please use no user access-control command. Syntax user access-control port-based enable no user - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 368
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] -- Specify the access interface. These interfaces are enabled by default. id-- Specify the ID of the port-based entry to be deleted. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 369
Chapter 39 HTTP and HTTPS Commands With the help of HTTP (HyperText Transfer Protocol) or HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer), you can manage the switch through a standard browser. HTTP is the protocol to exchange or transfer hypertext. SSL (Secure Sockets Layer), a - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 370
39.2 ip http port Description The ip http port command is used to configure the port number of the HTTP server within the switch. To set the number to the default value, please use no ip http port command. Syntax ip http port port-num no ip http port Parameter port-num -- Enter the port number. This - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 371
operator-num -- The maximum number of the users logging on to the HTTP server as operator, ranging from 0 to 15. The total number of users should be no more than 16. poweruser-num -- The maximum number of the users logging on to the HTTP server as Power User, ranging from 0 to 15. The total number - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 372
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Configure the timeout time of the HTTP connection as 15 minutes: Switch(config)# ip http session timeout 15 39.5 ip http secure-server Description The ip http secure-server command is used to enable the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 373
the SSL protocol version. To restore to the default SSL version, please use no ip http secure-protocol command. By default, the switch supports all the protocol versions, including SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2. Syntax ip http secure-protocol { ssl3 | tls1 | tls11 | tls12 | all } no ip http - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 374
protocol ssl3 39.8 ip http secure-ciphersuite Description The ip http secure-ciphersuite command is used to configure the cipherSuites over the SSL connection supported by the switch. To restore to the default ciphersuite types, please use no ip http secure-ciphersuite command. Syntax ip http secure - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 375
39.9 ip http secure-max-users Description The ip http secure-max-users command is used to configure the maximum number of users that are allowed to connect to the HTTPs server. To cancel this limitation, please use no ip http secure-max-users command. Syntax ip http secure-max-users admin-num - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 376
39.10 ip http secure-session timeout Description The ip http secure-session timeout command is used to configure the connection timeout of the HTTPS server. To restore to the default timeout time, please use no ip http secure-session timeout command. Syntax ip http secure-session timeout time no ip - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 377
ip-addr -- The IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported, for example 192.168.0.1 or fe80::1234. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 378
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Download an SSL key named ssl-key from TFTP server with the IP address of 192.168.0.146: Switch(config)# ip http secure-server download key ssl-key ip-address 192.168.0.146 Download an SSL - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 379
39.14 show ip http secure-server Description The show ip http secure-server command is used to display the global configuration of SSL. Syntax show ip http secure-server Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the global configuration - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 380
SSH function: Switch(config)# ip ssh server 40.2 ip ssh port Description The ip ssh port command is used to configure the port for SSH service. To set the value to the default, please use no ip ssh port command. Syntax ip ssh port port no ip ssh port 356 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 381
Parameter port -- Set the port number. It ranges from 1 to 65535. The default value is 22. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the SSH port number as 22: Switch(config)# ip ssh - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 382
40.4 ip ssh algorithm Description The ip ssh algorithm command is used to configure the algorithm in SSH function. To disable the specified algorithm, please use no ip ssh algorithm command. Syntax ip ssh algorithm { AES128-CBC | AES192-CBC | AES256-CBC | Blowfish-CBC | Cast128-CBC | 3DES-CBC | HMAC - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 383
operation from the client. It ranges from 1 to 120 in seconds. By default, this value is 120 seconds. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the idle-timeout time of SSH as 30 seconds - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 384
must be in the range of 512 to 3072 bits. ip-addr -- The IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported, for example 192.168.0.1 or fe80::1234. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 385
Parameter v1 | v2 -- Select the type of SSH public key, v1 represents SSH-1, v2 represents SSH-2. Command Mode Privileged EXEC Mode Privilege Requirement Only Admin level users have access to these commands. Example Remove the SSH-1 type public key from the switch: Switch# remove public-key v1 40.9 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 386
Chapter 41 Telnet Commands 41.1 telnet Description The telnet command is used to log in and manage other devices via telnet. Syntax telnet ip-addr Parameter ip-addr--The IP address of the device you want to log in. Command Mode Privileged EXEC Mode Privilege Requirement None. User Guidelines Make - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 387
Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Disable the Telnet function: Switch(config)# telnet disable 41.3 telnet port Description The telnet port command is used to configure the telent port number. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 388
Syntax show telnet-status Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display whether the Telnet function is enabled: Switch(config)# show telnet-status 364 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 389
Chapter 42 Serial Port Commands Note: Serial Port commands are only available on certain devices. 42.1 serial_port baud-rate Description The serial_port baud-rate command is used to configure the communication baud rate on the console port. To return to the default baud rate, please use no - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 390
Telnet, SSH and HTTP. • Authentication Method List A method list describes the authentication methods and their sequence to authenticate a user. The switch supports Login List for users to gain access to the switch, and Enable List for normal users to gain administrative privileges. • RADIUS/TACACS - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 391
time -- Specify the time in seconds the switch waits for the server's response before it times out. The time ranges from 1 to 9 seconds. The default is 5 seconds. [ 0 ] string | 7 encrypted-string -- 0 and 7 are the encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 392
Privilege Requirement Only Admin level users have access to these commands. Example Display the information of all the TACACS+ servers: Switch(config)# show tacacs-server 43.3 radius-server host Description The radius-server host command is used to configure a new RADIUS server. To delete the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 393
encrypted key with a fixed length will follow. By default, the encryption type is 0. "string" is the shared key for the switch and the authentication servers to exchange messages. "encrypted-string" is a symmetric encrypted key with a fixed length, which you can copy from another switch's - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 394
Example Display the information of all the RADIUS servers: Switch(config)# show radius-server 43.5 aaa group Description This aaa group command is used to create AAA server groups to group existing TACACS+/RADIUS servers for authentication. This command puts the switch in the server group - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 395
Syntax server ip-address no server ip-address Parameter ip-address -- Specify the server's IP address. Command Mode Server Group Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Create the RADIUS server 1.1.1.1 to RADIUS server group "radius1": - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 396
43.8 aaa authentication login Description This aaa authentication login command is used to configure a login authentication method list. A method list describes the authentication methods and their sequence to authenticate a user. To delete the specified authentication method list, please use the no - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 397
43.9 aaa authentication enable Description This aaa authentication enable command is used to configure a privilege authentication method list. A method list describes the authentication methods and their sequence to elevate a user's privilege. To delete the specified authentication method list, - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 398
authentication dot1x default { method } no aaa authentication dot1x default Parameter method -- Specify the method name. Only RADIUS server group is supported, and the default method is server group "radius". Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 399
Parameter method -- Sp+ecify the method name. Only RADIUS server group is supported, and the default method is server group "radius". Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 400
43.13 show aaa accounting Description This show aaa accounting command is used to display the summary information of the accounting metheod list. Syntax show aaa accounting [ dot1x ] Parameter dot1x -- Specify the method list type. Command Mode Privileged EXEC Mode and Any Configuration Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 401
Example Enter the telnet terminal line configuration mode: Switch(config)#line telnet 43.15 login authentication (telnet) Description The login authentication command is used to apply the login authentication method list to the telnet terminal line. To restore to the default authentication method - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 402
Syntax line ssh Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Enter the ssh terminal line configuration mode: Switch(config)#line ssh 43.17 login authentication (ssh) Description The login authentication command is used to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 403
Switch(config-line)# login authentication list1 43.18 line console Note: This command is only available on certain devices. Description The line console command is used to enter the Line Configuration Mode to configure the console terminal line to which you want to apply the authentication list. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 404
Parameter method-list -- Specify the login method list on the console terminal line. It is "default" by default, which contains the method "local". Command Mode Line Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Configure the login - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 405
Example Configure the enable authentication method list on the telnet terminal line as "list2": Switch(config)#line telnet Switch(config-line)# enable authentication list2 43.21 enable authentication (ssh) Description The enable authentication command is used to apply the privilege authentication - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 406
Description The enable authentication command is used to apply the privilege authentication method list to the console terminal line. To restore to the default authentication method list, please use the no enable authentication command. Syntax enable authentication { method-list } no enable - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 407
Parameter method-list -- Specify the login method list on the HTTP access. It is "default" by default, which contains the method "local". Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Configure the login authentication - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 408
Switch(config)# ip http enable authentication list2 43.25 show aaa global Description This show aaa global command is used to display global status of AAA function and the login/enable method lists of different application modules: telnet, ssh and HTTP. Syntax show aaa global Command Mode Privileged - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 409
have access to these commands. User Guidelines If the password you configured here is unencrypted and the global encryption function is enabled in service password-encryption, the password in the configuration file will be displayed in the symmetric encrypted form. If both the enable admin password - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 410
no enable admin Parameter 0 -- Specify the encryption type. 0 indicates that an unencrypted password will follow. By default, the encryption type is 0. password -- Enable password, a string with 31 characters at most, which can contain only English letters (case-sensitive), digits and 17 kinds of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 411
Syntax enable-admin Command Mode Privileged EXEC Mode Privilege Requirement Only User, Power User and Operator level users have access to these commands. Example Get the administrative privelges (the Enable password is "123456"): Switch# enable-admin Password: 123456 387 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 412
LAN. • Authenticator: controls the physical access to the network based on the authentication status of the supplicant. It is usually an 802.1x-supported network device, such as this TP-Link switch. It acts as an intermediary (proxy) between the supplicant and the authentication server, requesting - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 413
44.2 dot1x handshake Description The dot1x handshake command is used enable the handshake feature. The handshake feature is used to detect the connection status between the TP-Link 802.1x supplicant and the switch. Please disable the handshake feature if you are using a non-TP-Link 802.1x-compliant - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 414
pap: EAP termination mode. IEEE 802.1x authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client. The EAP packets are terminated at the switch and repackaged in the Password Authentication Protocol (PAP) packets, and then - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 415
Syntax dot1x vlan-assignment no dot1x vlan-assignment Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the VLAN assignment feature: Switch(config)#dot1x vlan-assignment 44.5 dot1x accounting - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 416
44.6 dot1x mab Description The dot1x mab command is used to enable the MAB feature on the port.To disable this feature, please use no dot1x mab command. With MAB (MAC-Based Authentication Bypass) feature enabled, the switch automatically sends the authentication server a RADIUS access request frame - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 417
Syntax dot1x guest-vlan vid no dot1x guest-vlan Parameter vid -- The VLAN ID needed to enable the Guest VLAN function, ranging from 0 to 4094. 0 means that Guest VLAN is disabled. The supplicants in the Guest VLAN can access the specified network source. Command Mode Interface Configuration Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 418
Command Mode Interface Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the quiet-period function and set the quiet-period as 5 seconds on the Gigabit Ethernet port 1/0/1: Switch(config)#interface gigabitEthernet - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 419
Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#dot1x timeout supp-timeout 5 44.10 dot1x max- req Description The dot1x max-req command is used to configure the maximum transfer times of the repeated authentication request when the server cannot be connected. To restore to the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 420
Syntax dot1x no dot1x Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet ) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the IEEE 802.1x function for the Gigabit Ethernet port 1: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 421
Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the Control Mode for Gigabit Ethernet port 20 as "authorized-force": Switch( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 422
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the Control Type for Gigabit Ethernet port 20 as "port-based": Switch(config)#interface gigabitEthernet 1/0/20 Switch(config-if)#dot1x port-method port-based 44.14 dot1x auth-init - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 423
Syntax dot1x auth-reauth [ mac mac-address ] Parameter mac-address: Enter the MAC address of the client that will be reauthenticated. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement None. Example Reauthenticate the client - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 424
44.17 show dot1x interface Description The show dot1x interface command is used to display all ports or the specified port's configuration information of 801.X. Syntax show dot1x interface [ gigabitEthernet port ] Parameter port -- The Ethernet port number. If not specified, the information of all - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 425
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the authentication status of each port: Switch(config)#show dot1x auth-state interface 401 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 426
Chapter 45 Port Security Commands You can limit the number of MAC addresses that can be learned on each port on this page, thus preventing the MAC address table from being exhausted by the attack packets. 45.1 mac address-table max-mac count Description The mac address-table max-mac-count command is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 427
Syntax show mac address-table max-mac-count interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port } Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the port security configuration on port 1/0/1 Switch# show mac - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 428
, the monitoring port is connected to data diagnose device, which is used to analyze the monitored packets for monitoring and troubleshooting the network. 46.1 monitor session destination interface Description The monitor session destination interface command is used to configure the monitoring - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 429
Switch(config)# no monitor session 1 destination interface gigabitEthernet 1/0/2 Delete the monitor session 1: Switch(config)# no monitor session 1 46.2 monitor session source Description The monitor session source command is used to configure the monitored interface. To delete the corresponding - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 430
User Guidelines 1. The monitoring port is corresponding to current interface configuration mode. 2. Monitored ports number is not limited, but it can't be the monitoring port at the same time. 3. Whether the monitoring port and monitored ports are in the same VLAN or not is not demanded strictly. 4. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 431
Switch(config)# show monitor session 1 407 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 432
Chapter 47 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and time ranges. It provides a flexible and secured access control policy and facilitates you to control the network security. 47.1 access-list create Description - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 433
Description The access-list packet-content profile command is used to specify the offset of each chunk. There are four chunks to be configured. They must be configured before you configure the chunk value&mask. Syntax access-list packet-content profile chunk-offset0 offset0 chunk-offset1 offset1 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 434
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Resequence the rules of ACL 12 with the start ID as 1 and step value as 5: Switch(config)# access-list resequence 12 start 1 step 5 47.4 access-list mac - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 435
source-mac-mask -- Enter the mask of the source MAC address. This is required if a source MAC address is entered. The format is FF:FF:FF:FF:FF:FF. destination-mac -- Enter the destination MAC address. The format is FF:FF:FF:FF:FF:FF. destination-mac-mask -- Enter the mask of the destination MAC - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 436
[pre pre-value] [frag enable | disable] [protocol protocol [s-port s-port-number] [s-port-mask s-port-mask] [d-port d-port-number] [d-port-mask d-port-mask] [tcpflag tcpflag]] [tseg time-range-name] no access-list ip acl-id-or-name rule rule-id Parameter acl-id-or-name -- Enter the ID or name of the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 437
d-port-mask -- Specify the destination port mask with 4 hexadacimal numbers. tcpflag -- For TCP protocol, specify the flag value using either binary numbers or * (for example, 01*010*). The default is *, which indicates that the flag will not be matched. The flags are URG (Urgent flag), ACK ( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 438
Parameter acl-id-or-name -- Enter the ID or name of the ACL that you want to add a rule for. auto -- The rule ID will be assigned automatically and the interval between rule IDs is 5. rule-id -- Assign an ID to the rule. deny | permit -- Specify the action to be taken with the packets that match the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 439
d-port-mask -- Specify the destination port mask with 4 hexadecimal numbers. tcpflag -- For TCP protocol, specify the flag value using either binary numbers or * (for example, 01*010*). The default is *, which indicates that the flag will not be matched. The flags are URG (Urgent flag), ACK ( - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 440
Parameter acl-id-or-name -- Enter the ID or name of the ACL that you want to add a rule for. auto -- The rule ID will be assigned automatically and the interval between rule IDs is 5. rule-id -- Assign an ID to the rule. deny | permit -- Specify the action to be taken with the packets that match the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 441
Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. User Guidelines Before binding an IPv6 ACL to a VLAN or interface, you should configure the SDM template as "enterpriseV6" and save your configurations. Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 442
auto -- The rule ID will be assigned automatically and the interval between rule IDs is 5. rule-id -- Assign an ID to the rule. deny | permit -- Specify the action to be taken with the packets that match the rule. Deny means to discard; permit means to forward. By default, it is set to permit. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 443
Parameter acl-id-or-name -- Enter the ID or name of the ACL. rule-id -- Enter the ID of the ACL rule. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Specify the rule 1 of ACL 200 to be configured - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 444
Switch(config)# access-list action 6 rule 1 Switch(config-action)# redirect interface gigabitEthernet 1/0/1 47.11 s-condition Description The s-condition command is used to limit the rate of the matched packets. To restore the settings to the defaults, please use no s-condition. Syntax s-condition - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 445
47.12 s-mirror Description The s-mirror command is used to define the policy to mirror the matched packets to the desired port. To disable this policy, please use no s-mirror command. Syntax s-mirror interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port } Parameter port -- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 446
pri -- Local Priority of QoS Remark. Specify the local priority for the data packets matching the corresponding ACL. Local Priority ranges from 0 to 7. dot1p-pri -- 802.1P priority of QoS Remark. This remark configuration will change the data packet's 802.1P priority field to the dot1p-pri you set. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 447
port-list -- Specify the number or the list of the Ethernet port that you want to bind the ACL to. Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Bind ACL 1 to port 3 and VLAN 4: Switch(config)# - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 448
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the configuration of Policy bind: Switch(config)# show access-list bind 47.17 show access-list status Description The show access-list status command is used to display usage status of ACL entry - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 449
Privilege Requirement None. Example Display the packet counter of ACL 100: Switch(config)# show access-list 100 counter 47.19 clear access-list Description The clear access-list command is used to clear the counter of matched packets of a specified ACL or rule. Syntax clear access-list acl-id-or- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 450
source binding Description The ip source binding command is used to bind the IP address, MAC address, VLAN ID and the Port number together manually. You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the related information of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 451
these commands. Example Bind an ACL entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and the Port number 5 manually. And then enable the entry for the ARP detection: Switch(config)#ip source binding host1 192.168.0.1 00:00:00:00:00:01 vlan 2 interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 452
48.3 ip dhcp snooping vlan Description The ip dhcp snooping vlan command is used to enable DHCP Snooping function on a specified VLAN. To disable DHCP Snooping function on this VLAN, please use no ip dhcp snooping vlan command. Syntax ip dhcp snooping vlan vlan-range no ip dhcp snooping vlan vlan- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 453
Syntax value -- Enter the value of maximum number of entries that can be learned on the port via DHCP Snooping. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 454
48.6 show ip dhcp snooping Description The show ip dhcp snooping command is used to display the running status of DHCP Snooping. Syntax show ip dhcp snooping Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the running status of DHCP Snooping: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 455
Example Display the DHCP Snooping configuration of all Ethernet ports and port channels: Switch#show ip dhcp snooping interface Display the DHCP Snooping configuration of Gigabit Ethernet port 1/0/5: Switch#show ip dhcp snooping interface gigabitEthernet 1/0/5 431 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 456
binding Description The ipv6 source binding command is used to bind the IPv6 address, MAC address, VLAN ID and the Port number together manually. You can manually bind the IPv6 address, MAC address, VLAN ID and the Port number together in the condition that you have got the related information - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 457
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example The following example shows how to bind an entry with the hostname host1, IPv6 address 2001:0:9d38:90d5::34, MAC address AA-BB-CC-DD-EE-FF, VLAN ID 10, port number 1/0/5, and enable this - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 458
49.3 ipv6 dhcp snooping vlan Description The ipv6 dhcp snooping vlan command is used to enable DHCP Snooping function on a specified VLAN. To disable DHCP Snooping function on this VLAN, please use no ipv6 dhcp snooping vlan command. Syntax ipv6 dhcp snooping vlan vlan-range no ipv6 dhcp snooping - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 459
Syntax value: Enter the value of maximum number of entries that can be learned on the port via DHCPv6 Snooping. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 460
Example Enable the ND snooping function globally: T160G-28TS(config)#ipv6 nd snooping 49.6 ipv6 nd snooping vlan Description The ipv6 nd snooping vlan command is used to enable ND snooping function on a specified VLAN. To disable ND Snooping function on this VLAN, please use no ipv6 nd snooping vlan - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 461
Syntax ipv6 nd snooping max-entries value no ipv6 nd snooping max-entries Parameter value -- Specify the maximum number of ND snooping entries on this interface. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 462
Switch(config)#show ipv6 source binding 49.9 show ipv6 dhcp snooping Description The show ipv6 dhcp snooping command is used to display the running status of DHCPv6 Snooping. Syntax show ipv6 dhcp snooping Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 463
Privilege Requirement None. Example Display the DHCPv6 Snooping configuration of all Ethernet ports and port channels: Switch#show ipv6 dhcp snooping interface Display the DHCPv6 Snooping configuration of Gigabit Ethernet port 1/0/5: Switch#show ipv6 dhcp snooping interface gigabitEthernet 1/0/5 49. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 464
Syntax show ipv6 nd snooping interface [ gigabitEthernet port | port-channel port-channel-id ] Parameters port -- The Ethernet port number. port-channel-id -- The ID of the port channel. Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the ND - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 465
Chapter 50 IP Verify Source Commands IP Verify Source is to filter the IP packets based on the IP-MAC Binding entries. Only the packets matched to the IP-MAC Binding rules can be processed, which can enhance the bandwidth utility. 50.1 ip verify source Description The ip verify source command is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 466
address and port number matched to the IP-MAC binding rules can be processed: Switch(config)#interface range gigabitEthernet 1/0/5-10 Switch(config-if-range)#ip verify source sip+mac 50.2 ip verify source logging Description The ip verify source logging command is used to enable the log feature. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 467
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the IP Verify Source configuration information: Switch(config)#show ip verify source 50.4 show ip verify source interface Description The show ip verify source interface command is used to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 468
Chapter 51 IPv6 Verify Source Commands IPv6 Verify Source is to filter the IPv6 packets based on the IPv6-MAC Binding entries. Only the packets matched to the IPv6-MAC Binding rules can be processed, which can enhance the bandwidth utility. Before configuring IPv6 Verify Source feature, you should - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 469
address and port number matched to the IPv6-MAC binding rules can be processed: Switch(config)#interface range gigabitEthernet 1/0/5-10 Switch(config-if-range)#ipv6 verify source sipv6+mac 51.2 show ipv6 verify source Description The show ipv6 verify source command is used to display the IPv6 Verify - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 470
Privilege Requirement None. Example Display the IPv6 verify source configuration of Gigabit Ethernet port 1/0/5: Switch#show ipv6 verify source interface gigabitEthernet 1/0/5 446 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 471
server packet by any specified DHCP client, it is useful when one or more DHCP servers are present on the network and both provide DHCP services to different distinct groups of clients. 52.1 ip dhcp filter Description The ip dhcp filter command is used to enable DHCP Filter function globally. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 472
Syntax ip dhcp filter no ip dhcp filter Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 473
Example Enable the MAC Verify feature for the Gigabit Ethernet port 10/2: Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#ip dhcp filter mac-verify 52.4 ip dhcp filter limit rate Description The ip dhcp filter limit rate command is used to enable the Flow Control feature for the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 474
52.5 ip dhcp filter decline rate Description The ip dhcp filter decline rate command is used to enable the Decline Protect feature and configure the rate limit on DHCP Decine packets. The excessive DHCP Decline packets will be discarded. To disable the Decline Protect feature, please use no ip dhcp - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 475
Syntax ip dhcp filter server permit-entry server-ip ipAddr client-mac macAddr interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port | interface port-channel port-channel-id } no ip dhcp filter server permit-entry server-ip ipAddr client-mac macAddr interface { fastEthernet - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 476
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the DHCP Filter configuration: Switch#show ip dhcp filter 52.8 show ip dhcp filter interface Description The show ip dhcp filter interface command is used to display the configuration of DHCP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 477
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the legal DHCP server configuration: Switch#show ip dhcp filter server permit-entry 453 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 478
packet by any specified DHCPv6 client, it is useful when one or more DHCPv6 servers are present on the network and both provide DHCPv6 services to different distinct groups of clients. 53.1 ipv6 dhcp filter Description The ipv6 dhcp filter command is used to enable DHCP Filter function globally - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 479
Syntax ipv6 dhcp filter no ipv6 dhcp filter Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet / interface port-channel / interface range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to these - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 480
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Set the Flow Control of GigabitEthernet port 2 as 20 pps: Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#ipv6 dhcp filter limit rate 20 53.4 ipv6 dhcp filter decline rate - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 481
Example Configure the rate limit of DHCPv6 Decline packets as 20 packets per second on Gigabit Ethernet port 1/0/2: Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#ipv6 dhcp filter decline 20 53.5 ipv6 dhcp filter server permit-entry Description The ipv6 dhcp filter server permit- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 482
53.6 show ipv6 dhcp filter Description The show ipv6 dhcp filter command is used to display the configuration of DHCPv6 Filter. Syntax show ipv6 dhcp filter Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the DHCPv6 Filter configuration: - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 483
53.8 show ip dhcp filter server permit-entry Description The show ipv6 dhcp filter server permit-entry command is used to display the legal server configuration. Syntax show ipv6 dhcp filter server permit-entry Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 484
) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host. With the DoS Defend enabled, the switch can analyze the specific field of the received packets and provide the defend measures - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 485
Syntax ip dos-prevent type { land | scan-synfin | xma-scan | null-scan | port-less-1024 | blat | ping-flood | syn-flood | win-nuke | ping-of-death | smurf } no ip dos-prevent type { land | scan-synfin | xma-scan | null-scan | port-less-1024 | blat | ping-flood | syn-flood | win-nuke | ping-of-death - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 486
crash on the target computer. Note: ping-of-death is only available on certain devices. smurf --Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 487
Privilege Requirement None. Example Display the DoS information of the detected DoS attack globally: Switch(config)#show ip dos-prevent 463 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 488
Chapter 55 sFlow Commands (Only for Certain Devices) Note: sFlow commands are only available on certain devices. sFlow (Sampled Flow) is a technology for accurately monitoring network traffic at high speeds. The sFlow monitoring system consists of a sFlow agent (embedded in a switch or router or in - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 489
55.2 sflow enable Description The sflow enable command is used to enable sFlow function. To disable the sFlow function, please use no sflow enable command. Syntax sflow enable no sflow enable Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 490
port --The number of the udp port which is selected for the sFlow collector. maxData --Specify the maximum number of data bytes that can be sent in a single sample datagram. The value ranges from 300 to 1400 and the default value is 300 bytes. timeout --Specify the aging time of the sFlow collector, - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 491
the next sample is taken. The value ranges from 1024 to 65535 and the default value is 0 which means no packets will be sampled. maxHeader --Specify the maximum number of bytes that should be copied from a sampled packet. The value ranges from 18 to 256 and the default value is 128 bytes. Command - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 492
55.6 show sflow collector Description The show sflow collector command is used to display the global configuration of the sFlow collector. Syntax show sflow collector Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the global configuration of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 493
on certain devices. Ethernet OAM (standing for Operation, Administration, and Maintenance) is Layer 2 protocol that is used for monitoring and troubleshooting Ethernet networks. It can report the network status to network administrators through the OAMPDUs exchanged between two OAM entities. The - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 494
56.2 ethernet-oam mode Description The ethernet-oam mode command is used to configure the OAM mode for the desired port. To return to the default configurations, please use no ethernet-oam mode command. The default mode is active. Syntax ethernet-oam mode { passive | active } no ethernet-oam mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 495
Syntax ethernet-oam link-monitor symbol-period { threshold threshold | window window | notify { disable | enable }} no ethernet-oam link-monitor symbol-period { threshold | window | notify } Parameter threshold -- Configure the error threshold for generating error symbol-period event. The range is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 496
Syntax ethernet-oam link-monitor frame { [threshold threshold ] [ window window ] [notify { disable | enable } ] } no ethernet-oam link-monitor frame { threshold | window | notify } Parameter threshold -- Configure the error threshold for generating error frame event. The range is from 1 to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 497
Syntax ethernet-oam link-monitor frame-period { [threshold threshold ] [ window window ] [notify { disable | enable } ] } no ethernet-oam link-monitor frame-period { threshold | window | notify } Parameter threshold -- Configure the error threshold for generating error frame period event. The range - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 498
Syntax ethernet-oam link-monitor frame-seconds { [threshold threshold ] [ window window ] [notify { disable | enable } ] } no ethernet-oam link-monitor frame-seconds { threshold | window | notify } Parameter threshold -- Configure the error threshold for generating error frame seconds event. The - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 499
Syntax ethernet-oam remote-failure { dying-gasp | critical-event } notify { disable | enable } no ethernet-oam remote-failure { dying-gasp | critical-event } notify Parameter dying-gasp -- Dying Gasp link event. Dying gasp means an unrecoverable fault, such as power failure, occurs. critical-event - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 500
no ethernet-oam remote-loopback received-remote-loopback Parameter process -- Process the received remote loopback request. ignore -- Ignore the received remote loopback request. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 501
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Request the remote peer to start the Ethernet OAM remote loopback mode on Gigabit Ethernet port 1/0/3: T2600G-28TS(config)# interface gigabitEthernet 1/0/3 T2600G-28TS(config-if)# ethernet-oam remote- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 502
56.11 clear ethernet-oam event-log Description The clear ethernet-oam event-log command is used to clear the Ethernet OAM event log. Syntax clear ethernet-oam event-log [ interface gigabitEthernet port ] Parameter port --The Gigabit Ethernet port number. By default, the Ethernet OAM event logs of - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 503
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Display Ethernet OAM configuration information of Gigabit Ethernet port 1/0/2: T2600G-28TS(config)# show ethernet-oam configuration interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 504
56.14 show ethernet-oam statistics Description The show ethernet-oam statistics command is used to display the Ethernet OAM statistics. Syntax show ethernet-oam statistics [ interface gigabitEthernet port ] Parameter port -- The Gigabit Ethernet port number. By default, the Ethernet OAM statistics - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 505
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Display Ethernet OAM status of Gigabit Ethernet port 1/0/2: T2600G-28TS(config)# show ethernet-oam status interface gigabitEthernet 1/0/2 481 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 506
state of fiber-optic or twisted-pair Ethernet cables. When a unidirectional link is detected, the corresponding port will be shut down automatically or manually (depending on the shut mode configured). 57.1 dldp (global) Description The dldp command is used to enable the DLDP function globally. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 507
-mode Description The dldp shut-mode command is used to configure the shutdown mode when a unidirectional link is detected. Syntax dldp shut-mode { auto | manual } Parameter auto -- The switch automatically shuts down ports when a unidirectional link is detected. By default, the shut-mode is auto - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 508
57.4 dldp reset (global) Note: This command is only available on certain devices Description The dldp reset command is used to reset all the unidirectional links and restart the link detect process. Syntax dldp reset Command Mode Global Configuration Mode Privilege Requirement Only Admin and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 509
Example Enable the DLDP function of ports 1/0/2-4: Switch (config)# interface range gigabitEthernet 1/0/2-4 Switch (config-if-range)# dldp 57.6 dldp reset (interface) Note: This command is only available on certain devices Description The dldp reset command is used to reset the specified port and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 510
Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the global configuration of DLDP function: Switch# show dldp 57.8 show dldp interface Description The show dldp interface command is used to display the configuration and state of the specified - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 511
Chapter 58 SNMP Commands SNMP (Simple Network Management Protocol) functions are used to manage the network devices for a smooth communication, which can facilitate the network administrators to monitor the network nodes and implement the proper operation. 58.1 snmp-server Description The snmp- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 512
Parameter name -- The entry name of View, ranging from 1 to 16 characters. Each View includes several entries with the same name. mib-oid -- MIB Object ID. It is the Object Identifier (OID) for the entry of View, ranging from 1 to 61 characters. include | exclude -- View Type, with include and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 513
SNMP Group. These three items of the Users in one group should be the same. v3 -- The security mode for the group, v3 indicates SNMPv3, the most secure level. slev -- The Security Level of SNMP v3 Group. There are three options, including noAuthNoPriv (No authentication algorithm but a user name - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 514
58.4 snmp-server user Description The snmp-server user command is used to add User. To delete the corresponding User, please use no snmp-server user command. The User in an SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 515
encrypt packets). The security level from lowest to highest is: noAuthNoPriv, authNoPriv, authPriv, and the default is noAuthNoPriv. The security level of the user should not be lower than the group it belongs to. cmode -- The Authentication Mode of the SNMP v3 User, with none, MD5 and SHA options. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 516
retries ] [ timeout timeout ] no snmp-server host ip user-name Parameter ip -- The IP Address of the management Host. Both IPv4 and IPv6 addresses are supported, for example 192.168.0.100 or fe80::1234. udp-port -- UDP port, which is used to send notifications. The UDP port functions with the IP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 517
user-name -- The User name of the management station. smode -- The Security Model of the management station, with v1, v2c and v3 options. By default, the option is v1. slev -- The Security Level of SNMP v3 User. There are three options, including noAuthNoPriv (No authentication algorithm but a user - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 518
Add a Notification entry, and configure the IP Address of the management Host as fe80::1234, the UDP port as 162, the User name of the management station as admin, the Security Model of the management station as v2c, the type of the notifications as inform, the maximum time for the switch to wait as - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 519
Switch(config)# snmp-server engineID local 1234567890 remote abcdef123456 58.8 snmp-server traps snmp Description The snmp-server traps snmp command is used to enable SNMP standard traps which include four types: linkup, linkdown, warmstart and coldstart. The command without parameter enables all - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 520
Switch(config)# snmp-server traps snmp linkup 58.9 snmp-server traps Description The snmp-server traps command is used to enable SNMP extended traps. To disable the sending of SNMP extended traps, please use no snmp-server traps command. All SNMP extended traps are disabled by default. Syntax snmp- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 521
storm-control --The feature is used to monitor network storms. And the trap is disabled by default. The system will generate the trap when the rate of broadcast or multicast reaches the limit of storm control. spanning-tree --The feature is used to monitor the spanning tree status. And the trap is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 522
DDM traps. And the no snmp-server traps ddm command without any parameter is used to disable all the types of DDM traps. For more instructions about the alarm threshold or warning threshold, refer to Chapter 11 DDM Commands. Command Mode Global Configuration Mode Example Enable all the SNMP DDM - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 523
Syntax snmp-server traps vlan [ create | delete ] no snmp-server traps vlan [create | delete ] Parameter create --Triggered when certain VLANs are created successfully. delete --Triggered when certain VLANs are deleted successfully. Command Mode Global Configuration Mode Privilege Requirement Only - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 524
Privilege Requirement Only Admin level users have access to these commands. Example Enable the DHCP filter trap for the switch: Switch(config)# snmp-server traps security dhcp-filter 58.13 snmp-server traps acl Description The snmp-server traps acl command is used to enable the ACL trap. To disable - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 525
Parameter change -- Enable SNMP IP change traps. The trap monitors the IP changed of each interface. The trap can be triggered when the IP address of any interface is changed. duplicate -- Enable SNMP IP duplicate traps. The trap can be triggered when the switch detects an IP conflict event. Command - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 526
port-pwr-deny --Triggered when the switch powers off PDs on low-priority PoE ports. When the total power required by the connected PDs exceeds the system power limit, the switch will power off PDs on low-priority PoE ports to ensure stable running of the other PDs. port-pwr-over-30w --Triggered when - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 527
Example Enable SNMP link status trap for port 3: Switch(config)# interface gigabitEthernet 1/0/3 Switch(config-if)# snmp-server traps link-status 58.17 rmon history Description The rmon history command is used to configure the history sample entry. To return to the default configuration, please use - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 528
Example Configure the sample port as Gi1/0/2 and the sample interval as 100 seconds for the entry 1-3: Switch(config)# rmon history 1-3 interface gigabitEthernet 1/0/2 interval 100 owner owner1 58.18 rmon event Description The rmon event command is used to configure the entries of SNMP-RMON Event. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 529
Example Configure the user name of entry 1, 2, 3 and 4 as user1, the description of the event as description1, the type of event as log and the owner of the event as owner1: Switch(config)# rmon event 1-4 user user1 description description1 type log owner owner1 58.19 rmon alarm Description The rmon - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 530
statistics command is used to configure the entries of SNMP-RMON statistics. To delete the corresponding entry, please use no rmon statistics command. The maximum supported entries are 1000. 506 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 531
Syntax rmon statistics index interface gigabitEthernet port [ owner owner-name] [ status { underCreation | valid }] no rmon statistics index Parameter index -- The index number of the statistics entry, ranging from 1 to 65535, in the format of 1-3,5. port -- The statistics port number, in the format - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 532
Example Display SNMP configuration globally: Switch# show snmp-server 58.22 show snmp-server view Description The show snmp-server view command is used to display the View table. Syntax show snmp-server view Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 533
58.24 show snmp-server user Description The show snmp-server user command is used to display the User table. Syntax show snmp-server user Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Display the User - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 534
Syntax show snmp-server host Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only Admin level users have access to these commands. Example Display the Host table: Switch# show snmp-server host 58.27 show snmp-server engineID Description The show snmp-server - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 535
Parameter index -- The index number of the entry selected to display the configuration, ranging from 1 to 12, in the format of 1-3, 5. You can select more than one entry for each command. By default, the configuration of all history sample entries is displayed. Command Mode Privileged EXEC Mode and - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 536
58.30 show rmon alarm Description The show rmon alarm command is used to display the configuration of the Alarm Management entry. Syntax show rmon alarm [ index ] Parameter index -- The index number of the entry selected to display the configuration, ranging from 1 to 12, in the format of 1-3, 5. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 537
Example Display the configuration of the statistics entry 1: Switch#show rmon statistics 1 513 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 538
Chapter 59 PoE Commands (Only for Certain Devices) Note: PoE commands are only available on certain devices. PoE (Power over Ethernet) technology describes a system to transmit electrical power along with data to remote devices over standard twisted-pair cable in an Ethernet network. It is - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 539
power the port in the profile can supply, with five options: "power-limit", "auto", "class1", "class2", "class3" and "class4". "Power-limit" indicates you can manually enter a value ranging from 1 to 300. The value is in the unit of 0.1 watt. For instance, if you want to configure the max power as - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 540
power the port in the profile can supply, with five options: "power-limit", "auto", "class1", "class2", "class3" and "class4". "Power-limit" indicates you can manually enter a value ranging from 1 to 300. The value is in the unit of 0.1 watt. For instance, if you want to configure the max power as - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 541
gigabitEthernet) Privilege Requirement None. Example Configure the PoE priority as "low" for port 2: Switch(config)# interface gigabitEthernet 1/0/2 Switch(config-if)# power inline priority low 59.5 power inline supply Description The power inline supply command is used to configure the PoE status - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 542
Syntax power inline profile name no power inline profile Parameter name -- The name of the PoE profile to be bound to the port. If the name being assigned contains spaces then put it inside double quotes. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 543
Switch(config)# interface gigabitEthernet 1/0/2 Switch(config-if)# power inline time-range tRange2 59.8 show power inline Description The show power inline command is used to display the global PoE information of the system. Syntax show power inline Command Mode Privileged EXEC Mode and Any - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 544
Example Display the PoE configuration of all ports: Switch# show power inline configuration interface 59.10 show power inline information interface Description The show power inline information command is used to display the PoE information of the certain port. Syntax show power inline information - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 545
Example Display the defined PoE profile: Switch# show power profile 521 - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 546
Chapter 60 ARP Inspection Commands ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, such as the Network Gateway Spoofing and Man-In-The-Middle Attack, etc. 60.1 ip arp inspection Description The ip arp inspection command is used to enable the ARP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 547
Syntax src-mac -- Enable the switch to check whether the source MAC address and the sender MAC address are the same when receiving an ARP packet. If not, the ARP packet will be discarded. dst-mac -- Enable the switch to check whether the sender IP address of all ARP packets and the target IP address - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 548
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the ARP Detection function on VLAN 2: Switch(config)#ip arp inspection vlan 2 60.4 ip arp inspection vlan logging Description The ip arp inspection vlan logging command is used to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 549
60.5 ip arp inspection trust Description The ip arp inspection trust command is used to configure the port for which the ARP Detect function is unnecessary as the Trusted Port. To clear the Trusted Port list, please use no ip arp detection trust command .The specific ports, such as up-linked port - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 550
Parameter value --The value to specify the maximum amount of the received ARP packets per second, ranging from 1 to 300 in pps(packet/second). By default, the value is 100. Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Privilege Requirement - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 551
Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Configure the burst interval as 2 seconds for Gigabit Ethernet port 5: Switch(config)#interface gigabitEthernet 1/0/5 Switch(config-if)#ip arp inspection burst-interval 2 60.8 ip arp - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 552
Syntax show ip arp inspection Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the ARP detection configuration globally: Switch(config)#show ip arp inspection 60.10 show ip arp inspection interface Description The show ip arp inspection - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 553
60.11 show ip arp inspection vlan Description The show ip arp inspection vlan command is used to display the VLAN configuration of ARP detection. Syntax show ip arp inspection vlan Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement None. Example Display the ARP - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 554
60.13 clear ip arp inspection statistics Description The clear ip arp inspection statistics command is used to clear the statistic of the illegal ARP packets received. Syntax clear ip arp inspection statistics Command Mode Privileged EXEC Mode and Any Configuration Mode Privilege Requirement Only - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 555
Chapter 61 ND Detection Commands The ND Detection feature allows the switch to detect the ND packets based on the binding entries in the IPv6-MAC Binding Table and filter out the illegal ND packets. Before configuring ND Detection, complete IPv6-MAC Binding configuration. For details, refer to IPv6- - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 556
Parameter vlan-range --Enter the vlan range in the format of 1-3, 5. Command Mode Global Configuration Mode Example Enable the ND Detection function on VLAN 1,4,6-7: Switch(config)#ipv6 nd detection vlan 1,4,6-7 61.3 ipv6 nd detection vlan logging Description The ipv6 nd detection vlan logging - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 557
as Trusted Port. To ensure the normal communication of the switch, please configure the ND Detection Trusted Port before enabling the ND Detection function. Syntax Ipv6 nd detection trust no ipv6 nd detection trust Command Mode Interface Configuration Mode (interface gigabitEthernet / interface - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 558
Syntax show ipv6 nd detection interface[ fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port | port-channel port-channel-id ] Parameter port --The Ethernet port number. port-channel-id -- The ID of the port channel. Command Mode Privileged EXEC Mode and Any Configuration Mode Example - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 559
61.8 show ipv6 nd detection vlan Description The show ipv6 nd detection vlan command is used to display the VLAN configuration of ND Detection. Syntax show ipv6 nd detection vlan Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the ipv6 ND Detection configuration of VLAN. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 560
Chapter 62 System Log Commands The log information will record the settings and operation of the switch respectively for you to monitor operation status and diagnose malfunction. 62.1 logging buffer Description The logging buffer command is used to store the system log messages to an internal buffer - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 561
Syntax logging buffer level level no logging buffer level Parameter level -- Severity level of the log information output to each channel. There are 8 severity levels marked with values 0-7. The smaller value has the higher priority. Only the log with the same or smaller severity level value will be - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 562
Privilege Requirement Only Admin and Operator level users have access to these commands. Example Enable the log file flash function: Switch(config)#logging file flash 62.4 logging file flash frequency Description The logging file flash frequency command is used to specify the frequency to - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 563
62.5 logging file flash level Description The logging file flash level command is used to specify the system log message severity level. Messages will a severity level equal to or higher than this value will be stored to the flash. To restore to the default level, please use no logging file flash - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 564
Syntax logging host index idx host-ip level no logging host index idx Parameter idx -- The index of the log host. The switch supports 4 log hosts at most. host-ip -- The IP for the log host. level -- The severity level of the log information sent to each log host. - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 565
Example Enable logging to the console port: Switch(config)# logging console 62.8 logging console level Description The logging console level command is used to limit messages logged to the console port. System logs no higher than the set threshold level will be displayed on the console port. To - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 566
62.9 logging monitor Description The logging monitor command is used to display the system logs on the terminal devices. To disable logging to the terminal, please use no logging monitor command. This function is enabled by default. Syntax logging monitor no logging monitor Command Mode Global - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 567
be output to the terminal devices. By default, it is 5 indicating that all the log information between level 0-5 will be output to the terminal devices. Command Mode Global Configuration Mode Privilege Requirement Only Admin and Operator level users have access to these commands. Example Output the - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 568
62.12 show logging local-config Description The show logging local-config command is used to display the configuration of the Local Log output to the console, the terminal, the log buffer and the log file. Syntax show logging local-config Command Mode Privileged EXEC Mode and Any Configuration Mode - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 569
Example Display the configuration of the log host 2: Switch(config)# show logging loghost 2 62.14 show logging buffer Description The show logging buffer command is used to display the log information in the log buffer according to the severity level. Syntax show logging buffer [ level level ] - TP-Link TL-SG3428XMP | TL-SG2428PUN V1 CLI Reference Guide Guide - Page 570
Parameter level -- Severity level. There are 8 severity levels marked with values 0-7. The information of levels with priority not lower than the select level will display. Display all the log information in the log file by default. Command Mode Privileged EXEC Mode and Any Configuration Mode
CLI Reference Guide
Jetstream Switches
1910012904 REV4.5.0
October 2020