TP-Link TL-SG5426 User Guide
TP-Link TL-SG5426 Manual
 |
UPC - 845973020729
View all TP-Link TL-SG5426 manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link TL-SG5426 manual content summary:
- TP-Link TL-SG5426 | User Guide - Page 1
TL-SG5426 26-Port Gigabit Managed Switch Rev: 1.0.0 1910010105 - TP-Link TL-SG5426 | User Guide - Page 2
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. ® is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced - TP-Link TL-SG5426 | User Guide - Page 3
installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation - TP-Link TL-SG5426 | User Guide - Page 4
Main Menu Basic Configuration Displaying System Information Displaying Switch Hardware/Software Versions Displaying Bridge Extension Capabilities Setting the Switch's IP Address Manual Configuration Using DHCP/BOOTP Enabling Jumbo Frames Managing Firmware Downloading System Software from a Server - TP-Link TL-SG5426 | User Guide - Page 5
Protocol Renumbering the System Resetting the System Setting the Configuring HTTPS Replacing the Default Secure-site Certificate Configuring Access Control Lists Setting the ACL Name and Type Configuring a Standard IP ACL Configuring an Extended IP ACL Configuring a MAC ACL ii 3-19 3-20 3-21 3-23 - TP-Link TL-SG5426 | User Guide - Page 6
Port to an Access Control List Filtering IP Addresses for Management Access Port Configuration Enabling QinQ Tunneling on the Switch Adding an Interface to a QinQ Tunnel Configuring Private VLANs Enabling Private VLANs Configuring Uplink and Downlink Ports Protocol VLANs Contents 3-73 3-74 - TP-Link TL-SG5426 | User Guide - Page 7
Contents Protocol VLAN Group Configuration Configuring Protocol VLAN Interfaces Class of Service Configuration Layer 2 Queue Settings Setting the Default Priority for Interfaces Mapping CoS Values to Egress Queues Enabling CoS Selecting the Queue Mode Setting the Service Weight for Traffic Classes - TP-Link TL-SG5426 | User Guide - Page 8
DHCP Snooping Port Configuration DHCP Snooping Binding Information IP Source Guard IP Source Guard Port Configuration Static IP Source Guard Binding Configuration Dynamic IP Source Guard Binding Information Switch Clustering Cluster Configuration Cluster Member Configuration Cluster Member - TP-Link TL-SG5426 | User Guide - Page 9
management Web Server Commands ip http port ip http server ip http secure-server ip http secure-port Telnet Server Commands ip telnet port ip telnet server Secure Shell Commands ip ssh server ip ssh timeout ip ssh authentication-retries ip ssh server-key size delete public-key ip ssh crypto host-key - TP-Link TL-SG5426 | User Guide - Page 10
logging facility logging trap clear logging show logging show log SMTP Alert Commands logging sendmail host logging sendmail level logging sendmail source-email logging sendmail destination-email logging sendmail show logging sendmail Time Commands sntp client sntp server sntp poll show sntp clock - TP-Link TL-SG5426 | User Guide - Page 11
security 802.1X Port Authentication dot1x system-auth-control dot1x default dot1x max-req dot1x port-control dot1x operation-mode dot1x Control List Commands IP ACLs access-list ip permit, deny (Standard ACL) permit, deny (Extended ACL) show ip access-list ip access-group show ip access-group MAC - TP-Link TL-SG5426 | User Guide - Page 12
show interfaces status show interfaces counters show interfaces switchport Mirror Port Commands port monitor show port monitor Rate Limit Commands rate-limit Link Aggregation Commands channel-group lacp lacp system-priority lacp admin-key (Ethernet Interface) lacp admin-key (Port Channel) lacp port - TP-Link TL-SG5426 | User Guide - Page 13
port-priority spanning-tree edge-port spanning-tree portfast spanning-tree link-type spanning-tree mst cost spanning-tree mst port-priority -tree protocol-migration show spanning-tree show spanning-tree mst configuration VLAN Commands GVRP and Bridge Extension Commands bridge-ext gvrp show bridge- - TP-Link TL-SG5426 | User Guide - Page 14
policy-map class set police service-policy show class-map show policy-map show policy-map interface Example Multicast Filtering Commands IGMP Snooping Commands ip igmp snooping ip igmp snooping vlan static ip igmp snooping version ip igmp snooping leave-proxy ip igmp snooping immediate-leave show - TP-Link TL-SG5426 | User Guide - Page 15
mvr IP Interface Commands ip address ip default-gateway ip dhcp restart show ip interface show ip redirects ping IP Source Guard Commands ip source-guard ip source-guard binding show ip source-guard show ip source-guard binding DHCP Snooping Commands ip dhcp snooping ip dhcp snooping vlan ip dhcp - TP-Link TL-SG5426 | User Guide - Page 16
cluster cluster commander cluster ip-pool cluster member rcommand show cluster show cluster members show cluster candidates Appendix A: Software Specifications Software Features Management Features Standards Management Information Bases Appendix B: Troubleshooting Problems Accessing the Management - TP-Link TL-SG5426 | User Guide - Page 17
Contents xiv - TP-Link TL-SG5426 | User Guide - Page 18
Groups Line Commands General Commands System Management Commands Device Designation Commands User Access Commands Default Login Settings IP Filter Commands Web Server Commands HTTPS System Support Telnet Server Commands SSH Commands show ssh - display description Event Logging Commands Logging - TP-Link TL-SG5426 | User Guide - Page 19
Link VLAN Groups Configuring VLAN Interfaces Show VLAN Commands Command Function Mode Page Private VLAN Commands Protocol-based VLAN Commands Priority Commands Priority Commands (Layer 2) Default CoS Values to Egress Queues Priority Commands (Layer 3 and 4) IP DSCP to CoS Vales Quality of Service - TP-Link TL-SG5426 | User Guide - Page 20
Throttling Commands Multicast VLAN Registration Commands show mvr - display description show mvr interface - display description show mvr members - display description IP Interface Commands IP Source Guard Commands DHCP Snooping Commands Switch Cluster Commands Troubleshooting Chart Tables 4-206 - TP-Link TL-SG5426 | User Guide - Page 21
Tables xviii - TP-Link TL-SG5426 | User Guide - Page 22
Switch Information Bridge Extension Configuration Manual IP Configuration DHCP IP Configuration Bridge Extension Configuration Copy Firmware the System Resetting the System SNTP Configuration Setting the System Clock Configuring SNMP Community Strings Configuring IP Trap Managers Enabling - TP-Link TL-SG5426 | User Guide - Page 23
VLAN Information Displaying Current VLANs Configuring a VLAN Static List Configuring a VLAN Static Table VLAN Static Membership by Port Configuring VLANs per Port 802.1Q Tunnel Status Tunnel Port Configuration Private VLAN Status Private VLAN Link Status Protocol VLAN Configuration Protocol VLAN - TP-Link TL-SG5426 | User Guide - Page 24
IP Precedence Priority Values Figure 3-91 Mapping IP DSCP Priority Values Figure 3-92 IP Port Priority Status Figure 3-93 IP Port Priority Figure 3-94 Configuring Class Maps Figure 3-95 Configuring Policy Maps Figure 3-96 Service Figure 3-115 DHCP Snooping VLAN Configuration Figure 3-116 DHCP - TP-Link TL-SG5426 | User Guide - Page 25
Figures xxii - TP-Link TL-SG5426 | User Guide - Page 26
protocol-based or private VLANs Traffic Prioritization Default port priority, traffic class map, queue scheduling, or Differentiated Services Code Point (DSCP), and TCP/UDP Port Qualify of Service Supports Differentiated Services (DiffServ) Multicast Filtering Supports IGMP snooping and query - TP-Link TL-SG5426 | User Guide - Page 27
VLANs and protocol-based VLANs, plus support for automatic GVRP VLAN Control Lists - ACLs provide packet filtering for IP frames (based on address, protocol, or Configuration - You can manually configure the speed, duplex possible to double the throughput of switch connections. Flow control should also - TP-Link TL-SG5426 | User Guide - Page 28
bandwidth. To avoid dropping frames on congested ports, the TL-SG5426 provides 4 Mbits for frame buffering. This buffer can queue packets awaiting transmission on congested networks. Spanning Tree Algorithm - The switch supports these spanning tree protocols: Spanning Tree Protocol (STP, IEEE - TP-Link TL-SG5426 | User Guide - Page 29
point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has - TP-Link TL-SG5426 | User Guide - Page 30
to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query to manage multicast group registration. It also supports Multicast VLAN Registration (MVR) which allows common multicast traffic, such as television channels, to be - TP-Link TL-SG5426 | User Guide - Page 31
reset the switch defaults, this file should be set as the startup configuration file (page 3-19). The following table lists some of the basic system defaults Security Disabled IP Filtering Disabled Authentication traps: enabled Link-up-down events: enabled SNMP V3 View: default view Group: public - TP-Link TL-SG5426 | User Guide - Page 32
Traffic Prioritization IP Settings Multicast Filtering Table 1-2 System Defaults (Continued) Parameter Default Admin Status 802.1w) Fast Forwarding (Edge Port) Disabled Aging Time 300 seconds Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Enabled Switchport Mode ( - TP-Link TL-SG5426 | User Guide - Page 33
1 Introduction Function System Log SMTP Email Alerts SNTP DHCP Snooping IP Source Guard Switch Clustering Table 1-2 System Defaults (Continued) Parameter Default Status Enabled Messages Logged Levels 0-7 (all) Messages Logged to Flash Levels 0-3 Event Handler Enabled (but no server - TP-Link TL-SG5426 | User Guide - Page 34
256 IEEE 802.1Q VLANs • Enable GVRP automatic VLAN registration • Configure IGMP multicast filtering • Upload and download system firmware via TFTP • Upload and download switch configuration files via TFTP • Configure Spanning Tree parameters • Configure Class of Service (CoS) priority queuing 2-1 - TP-Link TL-SG5426 | User Guide - Page 35
terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide. To connect a terminal to the console port, complete the following - TP-Link TL-SG5426 | User Guide - Page 36
, DHCP or BOOTP protocol. The IP address for this switch is obtained via DHCP by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see "Setting an IP Address" on page 2-4. Note: This switch supports four concurrent Telnet/SSH sessions. After - TP-Link TL-SG5426 | User Guide - Page 37
the password in encrypted form. Username: admin Password: CLI session with the TL-SG5426 is opened. To end the CLI session, enter [Exit]. Console#configure the network. Manual Configuration You can manually assign an IP address to the switch. You may also need to specify a default gateway that - TP-Link TL-SG5426 | User Guide - Page 38
. Press . 4. To set the IP address of the default gateway for the network to which the switch belongs, type "ip default-gateway gateway," where "gateway" is the IP address of the default gateway. Press . Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255 - TP-Link TL-SG5426 | User Guide - Page 39
includes an SNMP agent that supports SNMP version 1, 2c, and 3 clients. To provide management access for version 1 or 2c clients, you must specify a community string. The switch provides a default MIB View (i.e., an SNMPv3 construct) for the default "public" community string that provides read - TP-Link TL-SG5426 | User Guide - Page 40
rw Console(config)#snmp-server community private Console(config)# 4-102 Note: If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access from SNMP v1 and - TP-Link TL-SG5426 | User Guide - Page 41
snmp-server user steve group r&d v3 auth md5 greenpeace priv des56 einstien4-113 Console(config)# For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refer to "Simple Network Management Protocol" on page 3-33, or refer to the specific CLI commands for SNMP - TP-Link TL-SG5426 | User Guide - Page 42
2 Initial Configuration 2-10 - TP-Link TL-SG5426 | User Guide - Page 43
browser, be sure you have first performed the following tasks: 1. Configure the switch with a valid IP address, subnet mask, and default gateway using an out-of-band serial connection, BOOTP or DHCP protocol. (See "Setting an IP Address" on page 2-4.) 2. Set user names and passwords using an out-of - TP-Link TL-SG5426 | User Guide - Page 44
and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is "admin." Home Page When your web browser connects with the switch's web agent, the home page is displayed as shown below. The home page - TP-Link TL-SG5426 | User Guide - Page 45
Sets specified values to the system. Links directly to webhelp. Notes: 1. using Internet Explorer 5.0, you may have to manually refresh the screen after making configuration changes by web agent displays an image of the switch's ports. The Mode can be set TL-SG5426 Figure 3-2 Panel Display 3-3 - TP-Link TL-SG5426 | User Guide - Page 46
Switch Information Bridge Extension Configuration IP Reset SNTP Configuration Clock Time Zone SNMP Configuration Agent Status SNMPv3 Table 3-2 Main Menu Description Page 3-10 Provides basic system description, including contact information 3-10 Shows the number of ports, hardware/firmware - TP-Link TL-SG5426 | User Guide - Page 47
SNMP v3 engine ID on this switch Sets the SNMP v3 engine ID for a remote device Configures SNMP v3 users on this switch Configures SNMP v3 users from a port Configures packet filtering based on IP or MAC addresses Binds a port to the specified ACL Sets IP addresses of clients allowed management - TP-Link TL-SG5426 | User Guide - Page 48
Configuring the Switch Table 3-2 Main Menu (Continued) Menu Description Aggregation Port Configures parameters for link aggregation group Address Table Static Addresses Displays entries for interface, address or VLAN Dynamic Addresses Displays or edits static entries in the Address Table - TP-Link TL-SG5426 | User Guide - Page 49
protocol 3-125 802.1Q Tunnel Configuration Enables QinQ Tunneling on the switch 3-126 Basic Information Displays information on the VLAN type supported by this switch 3-126 Current Table Shows the current port members of each VLAN and whether or 3-126 not the port is tagged or untagged - TP-Link TL-SG5426 | User Guide - Page 50
to a neighboring multicast router 3-166 Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID Indicates multicast addresses associated with the selected VLAN Configures IGMP filter profile controlled groups and access mode Assigns IGMP filter profiles to - TP-Link TL-SG5426 | User Guide - Page 51
DHCP Snooping for a VLAN 3-188 Information Option Configuration Enables DHCP Snooping Information Option 3-188 Port Configuration Selects the DHCP Snooping Information Option policy 3-189 Binding Information Displays the DHCP Snooping binding information 3-190 IP Source Guard 3-191 - TP-Link TL-SG5426 | User Guide - Page 52
of time the management agent has been up. These additional parameters are displayed for the CLI. • MAC Address - The physical layer address for this switch. • Web server - Shows if management access via HTTP is enabled. • Web server port - Shows the TCP port number used by the web interface. • Web - TP-Link TL-SG5426 | User Guide - Page 53
.cfg" contains all the system default settings and cannot be deleted from Firmware" on page 3-17 for more information. • Diagnostic Code - Software that is run during system boot-up, also known as POST (Power On Self-Test). Due to the size limit of the flash memory, the switch supports - TP-Link TL-SG5426 | User Guide - Page 54
Console(config)#exit Console#show system 4-61 System Description: TL-SG5426 System OID String: 1.3.6.1.4.1.11863.6.10.58 System Information System Pass. Console# Displaying Switch Hardware/Software Versions Use the Switch Information page to display hardware/firmware version numbers for the - TP-Link TL-SG5426 | User Guide - Page 55
3 Configuring the Switch Web - Click System, Switch Information. Figure 3-4 Switch Information CLI - Use the following command to display version information. Console#show version Unit 1 Serial Number: Hardware Version: EPLD Version: Number of Ports: Main Power - TP-Link TL-SG5426 | User Guide - Page 56
, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables. Field Attributes • Extended Multicast Filtering Services - This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration - TP-Link TL-SG5426 | User Guide - Page 57
). By default, all ports on the switch are members of VLAN 1. However, the management station can be attached to a port belonging to any VLAN, as long as that VLAN has been assigned an IP address. • IP Address Mode - Specifies whether IP functionality is enabled via manual configuration (Static - TP-Link TL-SG5426 | User Guide - Page 58
, subnet mask and gateway, then click Apply. Figure 3-6 Manual IP Configuration CLI - Specify the management interface, IP address and default gateway. Console#config Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.1 255.255.255.0 Console(config-if)#exit Console(config - TP-Link TL-SG5426 | User Guide - Page 59
Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services. Web - Click System, IP Configuration. Specify the VLAN to which the management station is attached, set the IP Address Mode to DHCP or BOOTP. Click Apply to - TP-Link TL-SG5426 | User Guide - Page 60
to restart DHCP service. Console#ip dhcp restart Console# 4-225 Enabling Jumbo Frames You can enable jumbo frames to support data packets file can later be downloaded to the switch to restore operation. You can also set the switch to use new firmware without overwriting the previous version. You - TP-Link TL-SG5426 | User Guide - Page 61
to file" as the file transfer method, enter the IP address of the TFTP server, set the file type to on the switch to overwrite or specify a new file name, then click Apply. If you replaced the current firmware used the system via the System/Reset menu. Figure 3-9 Copy Firmware If you download to a - TP-Link TL-SG5426 | User Guide - Page 62
downloading, set the new file to start up the system, and then restart the switch. To start the new firmware, enter the "reload" command or reboot the system. Console#copy tftp file TFTP server ip address: 192.168.1.23 Choose file type: 1. config: 2. opcode: : 2 Source file name: V2.2.7.1.bix - TP-Link TL-SG5426 | User Guide - Page 63
, but cannot be used as the destination on the switch. Web - Click System, File, Copy Operation. Select "tftp to startup-config" or "tftp to file" and enter the IP address of the TFTP server. Specify the name of the file. To use the new settings, reboot the system via the System/Reset menu. 3-20 - TP-Link TL-SG5426 | User Guide - Page 64
the startup file name on the switch, and then restart the switch. Console#copy tftp startup-config TFTP server ip address: 192.168.1.23 Source interval, the connection is terminated for the session. (Range: 0-300 seconds; Default: 0 seconds) • Exec Timeout - Sets the interval that the system waits - TP-Link TL-SG5426 | User Guide - Page 65
3 Configuring the Switch system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts) • Silent Time - Sets the amount of time the management console is inaccessible after the number of - TP-Link TL-SG5426 | User Guide - Page 66
the web or CLI interface. Command Attributes • Telnet Status - Enables or disables Telnet access to the switch. (Default: Enabled) • Telnet Port Number - Sets the TCP port number for Telnet on the switch. (Default: 23) • Login Timeout - Sets the interval that the system waits for a user to log into - TP-Link TL-SG5426 | User Guide - Page 67
3 Configuring the Switch system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt. (Range: 0-120; Default: 3 attempts) • Password2 - Specifies a password for the line connection. When a connection is started on a line - TP-Link TL-SG5426 | User Guide - Page 68
Messages The Logs page allows you to scroll through the logged system and event messages. The switch can store up to 2048 log entries in temporary random access memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory. Web - Click System, Log, Logs. Figure - TP-Link TL-SG5426 | User Guide - Page 69
Switch CLI - This example shows the event message stored in RAM. Console#show log ram [1] 00:00:27 2001-01-01 "VLAN 1 link switch to assist in troubleshooting network problems or RAM memory. The default is for event levels 0 firmware release. • RAM Level - Limits log messages saved to the switch - TP-Link TL-SG5426 | User Guide - Page 70
server to dispatch log messages to an appropriate service. The attribute specifies the facility type tag effect on the kind of messages reported by the switch. However, it may be used by the syslog Range: 0-7, Default: 6) • Host IP List - Displays the list of remote server IP addresses that receive the - TP-Link TL-SG5426 | User Guide - Page 71
the Switch • Host IP Address - Specifies a new server IP address to add to the Host IP List. Web - Click System, Log, Remote Logs. To add an IP address to the Host IP List, type the new IP address in the Host IP Address box, and then click Add. To delete an IP address, click the entry in the Host IP - TP-Link TL-SG5426 | User Guide - Page 72
an error conditions has occurred, such as invalid input, or default used. (Level 3) • Critical - Sends notification that a critical IP address to the Server IP List, type the new IP address in the Server IP Address box, and then click Add. To delete an IP address, click the entry in the Server IP - TP-Link TL-SG5426 | User Guide - Page 73
3 Configuring the Switch CLI - Enter the host ip address, followed by the mail severity level, source Console# Resetting the System Web - Click System, Reset. Click the Reset button to reboot the switch. When prompted, confirm that you want reset the switch. Figure 3-21 Resetting the System - TP-Link TL-SG5426 | User Guide - Page 74
an accurate time on the switch enables the system log to record meaningful dates and times for event entries. You can also manually set the clock using the : 16-16384 seconds; Default: 16 seconds) • SNTP Server - Sets the IP address for up to three time servers. The switch attempts to update the - TP-Link TL-SG5426 | User Guide - Page 75
CLI - This example configures the switch to operate as an SNTP unicast client and then displays the current time and settings. Console(config)#sntp server 10.1.0.19 137.82.140.80 - TP-Link TL-SG5426 | User Guide - Page 76
evaluate performance or detect potential problems. The switch includes an onboard SNMP agent IP Trap Managers should be listed in this table. For security reasons, you should consider removing the default strings. Command Attributes • SNMP Community Capability - Indicates that the switch supports - TP-Link TL-SG5426 | User Guide - Page 77
This switch supports up to five trap managers. • Current - Displays a list of the trap managers currently configured. • Trap Manager IP Address - IP address submitted during the SNMP access authentication process. (Default: Enabled) • Enable Link-up and Link-down Traps - Issues a trap message whenever a - TP-Link TL-SG5426 | User Guide - Page 78
IP Trap Managers CLI - This example adds a trap manager and enables both authentication and link-up, link-down traps. Console(config)#snmp-server host 192.168.1.19 private version 2c 4-104 Console(config)#snmp-server enable traps 4-106 Enabling SNMP Agent Status Enables SNMPv3 service - TP-Link TL-SG5426 | User Guide - Page 79
to generate the security keys for authenticating and encrypting SNMPv3 packets. A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engine ID is deleted or changed, all SNMP users will be cleared. You will need to - TP-Link TL-SG5426 | User Guide - Page 80
.168.1.19 Console(config)#exit Console#show snmp engine-id Local SNMP engineID: 83010000030000352810030000 Local SNMP engineBoots: 1 Remote SNMP engineID: 54321fedcba0 IP address 192.168.1.25 Console# 4-107 4-107 Configuring SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be - TP-Link TL-SG5426 | User Guide - Page 81
3 Configuring the Switch • Level - The security level used for the user: - noAuthNoPriv - There is no authentication or encryption used in SNMP communications. (This is the default for SNMPv3.) - AuthNoPriv - SNMP communications use authentication, but the data is not encrypted (only available for - TP-Link TL-SG5426 | User Guide - Page 82
3 Simple Network Management Protocol Web - Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list. To delete a user, check the box next to the user name, - TP-Link TL-SG5426 | User Guide - Page 83
3 Configuring the Switch Configuring Remote SNMPv3 Users Each SNMPv3 user is defined by a unique name. SNMPv3 security model). • Authentication - The method used for user authentication. (Options: MD5, SHA; Default: MD5) • Privacy - The encryption algorithm use for data privacy; only 56-bit DES is - TP-Link TL-SG5426 | User Guide - Page 84
to specific read, write, and notify views. You can use the pre-defined default groups or create new groups to map a set of SNMP users to SNMP views authentication or encryption used in SNMP communications. (This is the default for SNMPv3.) - AuthNoPriv - SNMP communications use authentication, but - TP-Link TL-SG5426 | User Guide - Page 85
Switch • Notify View - The configured view for notifications. (Range: 1-64 characters) Object Label RFC 1493 Traps newRoot topologyChange SNMPv2 Traps coldStart warmStart linkDowna linkUp 3-42 Table 3-4 Supported object for one of its communication links is about to enter the down state - TP-Link TL-SG5426 | User Guide - Page 86
3 Simple Network Management Protocol Table 3-4 Supported Notification Messages (Continued) Object Label Object ID Description 58.1.0.40 This trap is sent when an incorrect IP address is rejected by the IP Filter. swSmtpConnFailureTrap 1.3.6.1.4.1.11863.6.10.58.1.0.41 This trap - TP-Link TL-SG5426 | User Guide - Page 87
3 Configuring the Switch Web - Click SNMP, SNMPv3, Groups. Click New to configure a new group. In the New Group page, define a name, assign a security model and level, and then - TP-Link TL-SG5426 | User Guide - Page 88
view. Web - Click SNMP, SNMPv3, Views. Click New to configure a new view. In the New View page, define a name and specify OID subtrees in the switch MIB to be included or excluded in the view. Click Back to save the new view and return to the SNMPv3 Views list. For a specific - TP-Link TL-SG5426 | User Guide - Page 89
switch using the following options: • User Accounts - Manually configure access rights on the switch to control access to specific ports. • IP Filter - Filters management access to the web place. The default guest name is "guest" with the password "guest." The default administrator name - TP-Link TL-SG5426 | User Guide - Page 90
3 User Authentication • New Account - Displays configuration settings for a new account. - User Name - The name of the user. (Maximum length: 8 characters; maximum number of users: 16) - Access Level - Specifies the user level. (Options: Normal and Privileged) - Password - Specifies the user - TP-Link TL-SG5426 | User Guide - Page 91
manually configure access rights on the switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols. Remote Authentication Dial-in User Service default, management access is always checked against the authentication database stored on the local switch - TP-Link TL-SG5426 | User Guide - Page 92
: 2) - Timeout for a reply - The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5) • TACACS Settings - Server IP Address - Address of the TACACS+ server. (Default: 10.11.12.13) - Server Port Number - Network (TCP) port - TP-Link TL-SG5426 | User Guide - Page 93
3 Configuring the Switch Web - Click Security, Authentication Settings. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to three methods), fill in the parameters for - TP-Link TL-SG5426 | User Guide - Page 94
181 Retransmit times: 5 Request timeout: 10 Server 1: Server IP address: 192.168.1.25 Communication key with RADIUS server: ***** port 200 Console(config)#tacacs-server key green Console#show tacacs-server Server IP address: 10.20.30.40 Communication key with tacacs server: green Server port - TP-Link TL-SG5426 | User Guide - Page 95
support HTTPS: Table 3-5 HTTPS System Support Web Browser Operating System Internet Explorer 5.0 or later Windows 98,Windows NT (with service switch. (Default: Enabled) • Change HTTPS Port Number - Specifies the UDP port number used for HTTPS connection to the switch's web interface. (Default: - TP-Link TL-SG5426 | User Guide - Page 96
TFTP server, and use the following command at the switch's command-line interface to replace the default (unrecognized) certificate with an authorized one: Console#copy tftp https-certificate TFTP server ip address: Source certificate file name: Source - TP-Link TL-SG5426 | User Guide - Page 97
switch for management via the SSH protocol. Note: The switch supports both SSH Version 1.5 and 2.0 clients. Command Usage The SSH server on this switch supports key during the initial connection setup with the switch. Otherwise, you need to manually create a known hosts file on the management - TP-Link TL-SG5426 | User Guide - Page 98
SSH Service - On the SSH Settings page, enable the SSH server on the switch. 6. Challenge-Response Authentication - When an SSH client attempts to contact the switch, or manually entered into the known host file. However, you do not need to configure the client's keys. 2. The SSH server supports up - TP-Link TL-SG5426 | User Guide - Page 99
SSH Server Status - Allows you to enable/disable the SSH server on the switch. (Default: Disabled) • Version - The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients. • SSH Authentication Timeout - Specifies the - TP-Link TL-SG5426 | User Guide - Page 100
ip ssh server 4-35 Console(config)#ip ssh timeout 100 4-36 Console(config)#ip ssh authentication-retries 5 4-37 Console(config)#ip Version 2), Both: Default: RSA) The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch, and then negotiates - TP-Link TL-SG5426 | User Guide - Page 101
3 Configuring the Switch Web - Click Security, SSH, Host-Key Settings. Select the host-key type from the drop- keys to flash memory, and then displays the host's public keys. Console#ip ssh crypto host-key generate 4-35 Console#ip ssh save host-key 4-35 Console#show public-key host 4-35 Host - TP-Link TL-SG5426 | User Guide - Page 102
the switch dynamically learn the pair for frames received on the port. Note that you can also manually add the port. • Security Status - Enables or disables port security on the port. (Default: Disabled) • Max MAC Count - The maximum number of MAC addresses that can be - TP-Link TL-SG5426 | User Guide - Page 103
if)# 4-79 4-79 4-79 Configuring 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attaching requiring users to first submit credentials for authentication. Access to all switch ports in a network can be centrally controlled from a server, - TP-Link TL-SG5426 | User Guide - Page 104
the switch requires the following: • The switch must have an IP address assigned. • RADIUS authentication must be enabled on the switch and the IP address configured. • The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the - TP-Link TL-SG5426 | User Guide - Page 105
active. Command Attributes • 802.1X System Authentication Control - Sets the global setting for 802.1X. (Default: Disabled) Web - Select Security, 802.1X, Configuration. Enable 802.1X globally for the switch, and click Apply. Figure 3-40 802.1X Global Configuration CLI - This example enables 802.1X - TP-Link TL-SG5426 | User Guide - Page 106
by the Re-authentication Period. Re-authentication can be used to detect if a new device is plugged into a switch port. (Default: Disabled) • Max-Req - Sets the maximum number of times the switch port will retransmit an EAP request packet to the client before it times out the authentication session - TP-Link TL-SG5426 | User Guide - Page 107
3 Configuring the Switch Figure 3-41 802.1X Port Configuration 3-64 - TP-Link TL-SG5426 | User Guide - Page 108
3 User Authentication CLI - This example sets the 802.1X parameters on port 2. For a description of the additional fields displayed in this example, see "show dot1x" on page 4-86. Console(config)#interface ethernet 1/2 Console(config-if)#dot1x port-control auto Console(config-if)#dot1x re- - TP-Link TL-SG5426 | User Guide - Page 109
802.1X Statistics This switch can display statistics for dot1x protocol exchanges for any port. Parameter Rx EAPOL Start Rx EAPOL Logoff Rx EAPOL Invalid Rx EAPOL Total Rx EAP - TP-Link TL-SG5426 | User Guide - Page 110
an egress filter, all entries in the ACL must be deny rules. Otherwise, the bind operation will fail. • The switch does not support the explicit "deny any any" rule for the egress IP ACL. If these rules are included in ACL, and you attempt to bind the ACL to an interface for egress - TP-Link TL-SG5426 | User Guide - Page 111
3 Configuring the Switch 3. Explicit default rule (permit any any) in the ingress IP ACL for ingress ports. 4. If no explicit rule is matched, the implicit default is permit all. Setting the ACL Name and Type Use the ACL Configuration page to designate the name and type of an ACL. Command Attributes - TP-Link TL-SG5426 | User Guide - Page 112
addresses, "Host" to specify a specific host address in the Address field, or "IP" to specify a range of addresses with the Address and SubMask fields. (Options: Any, Host, IP; Default: Any) • IP Address - Source IP address. • Subnet Mask - A subnet mask containing four integers from 0 to 255, each - TP-Link TL-SG5426 | User Guide - Page 113
IP; Default: Any) • Source/Destination IP Address - Source or destination IP address. • Source/Destination Subnet Mask - Subnet mask for source or destination address. • Service - 1 (fin) - Finish - 2 (syn) - Synchronize - 4 (rst) - Reset - 8 (psh) - Push - 16 (ack) - Acknowledgement - 32 (urg) - - TP-Link TL-SG5426 | User Guide - Page 114
3 Access Control Lists Figure 3-45 Configuring Extended IP ACLs CLI - This example adds two rules: (1) Accept any incoming packets if the source address is in subnet 10.7.1.x. For example, if the rule is - TP-Link TL-SG5426 | User Guide - Page 115
Switch , Host, MAC; Default: Any) • Source VLAN bitmask. (Range: 1-4094) • Ethernet Type - This option can only be used to filter Ethernet II formatted packets. (Range: 600-fff hex.) A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include 0800 (IP - TP-Link TL-SG5426 | User Guide - Page 116
the Access Control Lists (ACL), you can bind the ports that need to filter traffic to the appropriate ACLs. You can assign one IP access list to any port. Command Usage This switch supports ACLs for ingress filtering only. Command Attributes • Port - Fixed port or SFP module. (Range: 1-26 - TP-Link TL-SG5426 | User Guide - Page 117
for Management Access You create a list of up to 16 IP addresses or IP address groups that are allowed management access to the switch through the web interface, SNMP, or Telnet. Command Usage • The management interfaces are open to all IP addresses by default. Once you add an entry to a filter list - TP-Link TL-SG5426 | User Guide - Page 118
and end address. Command Attributes • Web IP Filter - Configures IP address(es) for the web group. • SNMP IP Filter - Configures IP address(es) for the SNMP group. • Telnet IP Filter - Configures IP address(es) for the Telnet group. • IP Filter List - IP address which are allowed management access - TP-Link TL-SG5426 | User Guide - Page 119
the combo ports 21-24. (Options: Coppper-Forced, SFP-Forced, or SFP-Preferred-Auto; Default: SFP-Preferred-Auto) • Trunk Member4 - Shows if port is a trunk member. • Creation5 - Shows if a trunk is manually configured or dynamically set via LACP. 3. Port information only. 4. Port information only - TP-Link TL-SG5426 | User Guide - Page 120
1000 Mbps full-duplex operation - Sym - Transmits and receives pause frames for flow control - FC - Supports flow control • Broadcast storm - Shows if broadcast storm control is enabled or disabled. • Broadcast storm limit - Shows the broadcast storm threshold. (500-262143 packets per - TP-Link TL-SG5426 | User Guide - Page 121
the Switch • Port trap-and-shutdown, or none) Current Status: • Link Status - Indicates if the link is up or down. • Port Operation Status - manually disable an interface. You can disable an interface due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem - TP-Link TL-SG5426 | User Guide - Page 122
disabled) • Flow Control - Allows automatic or manual selection of flow control. • Autonegotiation (Port Capabilities Supports 100 Mbps half-duplex operation - 100full - Supports 100 Mbps full-duplex operation - 1000full (Combo ports only) - Supports 1000 Mbps full-duplex operation (Default - TP-Link TL-SG5426 | User Guide - Page 123
. You can create up to 32 trunks at a time. The switch supports both static trunking and dynamic Link Aggregation Control Protocol (LACP). Static trunks have to be manually configured at both ends of the link, and the switches must comply with the Cisco EtherChannel standard. On the other hand - TP-Link TL-SG5426 | User Guide - Page 124
VLAN, and IGMP settings can only be made for the entire trunk. Statically Configuring a Trunk Command Usage • When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer's implementation. However, note that the static trunks on this switch - TP-Link TL-SG5426 | User Guide - Page 125
has also enabled LACP on the connected ports, the trunk will be activated automatically. active links } dynamically enabled backup link } • A trunk formed with another switch using LACP will automatically be assigned the next available trunk ID. configured members • If more than eight ports - TP-Link TL-SG5426 | User Guide - Page 126
Port). • New - Includes entry fields for creating new trunks. - Port - Port identifier. (Range: 1-26) Web - Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add. After you have completed adding ports to the member list, click Apply. Figure 3-52 - TP-Link TL-SG5426 | User Guide - Page 127
number. (Range: 1-26) • System Priority - LACP system priority is used to determine link aggregation group (LAG) membership, and to identify this device to other switches during LAG negotiations. (Range: 0-65535; Default: 32768) - Ports must be configured with the same system priority to join the - TP-Link TL-SG5426 | User Guide - Page 128
key must be set to the same value for ports that belong to the same LAG. (Range: 0-65535; Default: 1) • Port Priority - If a link goes down, LACP port priority is used to select a backup link. (Range: 0-65535; Default: 32768) Set Port Partner - This menu sets the remote side of an aggregate - TP-Link TL-SG5426 | User Guide - Page 129
3 Configuring the Switch CLI - The following example configures LACP parameters for ports 1-4. Ports 3 LACP Port Priority: 128 Admin Key: 120 Oper Key: 120 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State: distributing, collecting, synchronization, aggregation, - TP-Link TL-SG5426 | User Guide - Page 130
3 Port Configuration Field Marker Unknown Pkts Marker Illegal Pkts Table 3-7 LACP Port Counters (Continued) Description Number of frames received that either (1) Carry the Slow Protocols Ethernet Type value, but contain an unknown PDU, or (2) are addressed to the Slow Protocols group MAC Address, - TP-Link TL-SG5426 | User Guide - Page 131
- The actor's receive machine is using defaulted operational partner information, administratively configured for the partner. • Distributing - If false, distribution of outgoing frames on this link is disabled; i.e., distribution is currently disabled and is not expected to be enabled in the - TP-Link TL-SG5426 | User Guide - Page 132
Eth 1/1 LACPDUs Internal: 30 sec LACP System Priority: 3 LACP Port Priority: 128 Admin Key: 120 Oper Key: 120 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State: distributing, collecting, synchronization, aggregation, long timeout, LACP-activity . . . 3-89 - TP-Link TL-SG5426 | User Guide - Page 133
3 Configuring the Switch Displaying LACP Settings and Status for the Remote Side You can display configuration settings and the operational state for the remote side of an link aggregation. Table 3-9 LACP Neighbor Configuration Information Field Description Partner Admin System ID LAG partner's - TP-Link TL-SG5426 | User Guide - Page 134
packets exceeding the specified threshold will then be dropped. Command Usage • Broadcast Storm Control is enabled by default. • Broadcast control does not effect IP multicast traffic. Command Attributes • Port - Port number. • Type - Indicates the port type. (100BASE-TX, 1000BASE-T, or SFP - TP-Link TL-SG5426 | User Guide - Page 135
3 Configuring the Switch Web - Click Port, Port/Trunk Broadcast Control. Set the threshold frames Native VLAN: 1 Priority for untagged traffic: 0 GVRP status: Disabled Allowed VLAN: 1(u), Forbidden VLAN: Private-VLAN mode: NONE Private-VLAN host-association: NONE Private-VLAN mapping: - TP-Link TL-SG5426 | User Guide - Page 136
mirroring port traffic, the target port must be included in the same VLAN as the source port. Command Attributes • Mirror Sessions - Displays a which traffic to mirror to the target port, Rx (receive), or Tx (transmit). (Default: Rx) • Target Port - The port that will mirror the traffic on the - TP-Link TL-SG5426 | User Guide - Page 137
at the edge of a network to limit traffic into or out of the switch. Traffic that falls within the rate limit is transmitted, while packets that . • Input/Output Rate Limit Status - Enables or disables the rate limit. (Default: Enabled) • Input/Output Rate Limit - Sets the rate limit level. Web - TP-Link TL-SG5426 | User Guide - Page 138
through each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). RMON are shown as counts per second. Statistics are refreshed every 60 seconds by default. Note: RMON groups 2, 3 and 9 can only be accessed using - TP-Link TL-SG5426 | User Guide - Page 139
3 Configuring the Switch Parameter Transmit Multicast Packets Transmit Broadcast Packets Transmit Discarded Packets Transmit Errors Etherlike Statistics Alignment Errors Late Collisions FCS Errors Excessive Collisions Single Collision Frames - TP-Link TL-SG5426 | User Guide - Page 140
Parameter RMON Statistics Drop Events Jabbers Received Bytes Collisions Received Frames Broadcast Frames Multicast Frames CRC/Alignment Errors Undersize Frames Oversize Frames Fragments 64 Bytes Frames 65-127 Byte Frames 128-255 Byte Frames 256-511 Byte Frames 512-1023 Byte Frames 1024-1518 Byte - TP-Link TL-SG5426 | User Guide - Page 141
3 Configuring the Switch Web - Click Port, Port Statistics. Select the required interface, and click Query. You can also use the Refresh button at the bottom of the page to update the screen. Figure 3-60 Port Statistics 3-98 - TP-Link TL-SG5426 | User Guide - Page 142
1024 to 1518 octets: 871 Console# Address Table Settings Switches store the addresses for all known devices. This information is in the dynamic address table. You can also manually configure static addresses that are bound to a specific . • VLAN - ID of configured VLAN (1-4094). 6. Web only. 3-99 - TP-Link TL-SG5426 | User Guide - Page 143
adds an address to the static address table, but sets it to be deleted when the switch is reset. Console(config)#mac-address-table static 00-12-cf-94-34-de interface ethernet 1/1 vlan 1 delete-on-reset Console(config)# 4-140 Displaying the Address Table The Dynamic Address Table contains the MAC - TP-Link TL-SG5426 | User Guide - Page 144
a Dynamic Address Table CLI - This example also displays the address table entries for port 1. Console#show mac-address-table interface ethernet 1/1 Interface Mac Address Vlan Type Eth 1/ 1 00-12-CF-48-82-93 1 Delete-on-reset Eth 1/ 1 00-12-CF-94-34-DE 2 Learned Console# 4-141 3-101 - TP-Link TL-SG5426 | User Guide - Page 145
only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down. The spanning tree algorithms supported by this switch include these versions: • STP - Spanning Tree Protocol (IEEE 802.1D) • RSTP - Rapid Spanning Tree - TP-Link TL-SG5426 | User Guide - Page 146
after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down. This bridge will then initiate negotiations on RSTP for fast convergence) is designed to support independent spanning trees based on VLAN groups. Using multiple spanning trees can provide multiple - TP-Link TL-SG5426 | User Guide - Page 147
Internal Spanning Tree (CIST). The CIST is formed as a result of the running spanning tree algorithm between switches that support the STP, RSTP, MSTP protocols. Once you specify the VLANs to include in a Multiple Spanning Tree Instance (MSTI), the protocol will automatically build an MSTI tree to - TP-Link TL-SG5426 | User Guide - Page 148
has been accepted as the root device of the Spanning Tree network. - Root Path Cost - The path cost from the root port on this switch to the root device. • Configuration Changes - The number of times the Spanning Tree has been reconfigured. • Last Topology Change - Time since the Spanning Tree - TP-Link TL-SG5426 | User Guide - Page 149
3 Configuring the Switch However, if all devices have the same priority, the device with the lowest MAC address will then become the root device. • Root Hello Time - Interval ( - TP-Link TL-SG5426 | User Guide - Page 150
to the network. Configuring Global Settings Global settings apply to the entire switch. Command Usage • Spanning Tree Protocol7 Uses RSTP for the internal state When operating multiple VLANs, we recommend selecting the MSTP option. • Rapid Spanning Tree Protocol7 RSTP supports connections to either - TP-Link TL-SG5426 | User Guide - Page 151
exist only on bridges that have compatible VLAN instance assignments. - Be careful when switching between spanning tree modes. Changing modes then become the root device. (Note that lower numeric values indicate higher priority.) - Default: 32768 - Range: 0-61440, in steps of 4096 - Options: 0, 4096, - TP-Link TL-SG5426 | User Guide - Page 152
Settings for MSTP • Max Instance Numbers - The maximum number of MSTP instances to which this switch can be assigned. • Region Revision - The revision for this MSTI. (Range: 0-65535; Default: 0) • Region Name - The name for this MSTI. (Maximum length: 32 characters) • Maximum Hop Count - The - TP-Link TL-SG5426 | User Guide - Page 153
3 Configuring the Switch Web - Click Spanning Tree, STA, Configuration. Modify the required attributes, and click Apply. Figure 3-65 Configuring Spanning Tree CLI - This example enables Spanning Tree Protocol, - TP-Link TL-SG5426 | User Guide - Page 154
and the other is discarding. - All ports are discarding when the switch is booted, then some of them change state to learning, and then this interface. This parameter is determined by manual configuration or by auto-detection, as described for Admin Link Type in STA Port Configuration on 3-114 - TP-Link TL-SG5426 | User Guide - Page 155
for all ports on a switch is the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device. • Fast forwarding - This field - TP-Link TL-SG5426 | User Guide - Page 156
timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device. • Admin Link Type - The link two or more bridges. - Auto - The switch automatically determines if the interface is attached to a point-to-point link or to shared media. Web - Click - TP-Link TL-SG5426 | User Guide - Page 157
link type to indicate a point-to-point connection or shared-media connection, and edge port to indicate if the attached device can support switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link : 2,000-200,000 • Default - - Ethernet - Half - TP-Link TL-SG5426 | User Guide - Page 158
- Auto - The switch automatically determines if the interface is attached to a point-to-point link or to shared media. (This is the default setting.) • Admin Edge button to manually re-check the appropriate BPDU format (RSTP or STP-compatible) to send on the selected interfaces. (Default: Disabled) - TP-Link TL-SG5426 | User Guide - Page 159
of a new topology for the failed instance. By default all VLANs are assigned to the Internal Spanning Tree (MST Instance 0) that connects all bridges and LANs within the MST region. This switch supports up to 65 instances. You should try to group VLANs which cover the same general area of your - TP-Link TL-SG5426 | User Guide - Page 160
. Select an instance identifier from the list, set the instance priority, and click Apply. To add the VLAN members to an MSTI instance, enter the instance identifier, the VLAN identifier, and click Add. Figure 3-68 Configuring Multiple Spanning Trees CLI - This example sets the priority for - TP-Link TL-SG5426 | User Guide - Page 161
Switch CLI - This example sets STA attributes for port 1, , followed by settings for each port. Console#show spanning-tree mst 2 Spanning-tree information Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :2 Vlans enable Admin Link type : auto Oper Link type (Default: 0) Note: - TP-Link TL-SG5426 | User Guide - Page 162
3 Spanning Tree Algorithm Configuration Web - Click Spanning Tree, MSTP, Port or Trunk Information. Select the required MST instance to display the current spanning tree values. Figure 3-69 Displaying MSTP Interface Settings 3-119 - TP-Link TL-SG5426 | User Guide - Page 163
Configuring the Switch CLI - Spanning tree mode :MSTP Spanning tree enable/disable :enable Instance :0 Vlans configuration :1-4094 Priority :32768 Bridge Hello Time (sec.) :2 Bridge port : enable Oper edge port : disable Admin Link type : auto Oper Link type : point-to-point Spanning Tree Status : - TP-Link TL-SG5426 | User Guide - Page 164
ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning -20,000,000 Fast Ethernet: 20,000-2,000,000 Gigabit Ethernet: 2,000-200,000 - Default: Ethernet - Half duplex: 2,000,000; full duplex: 1,000,000; trunk: 500,000 - TP-Link TL-SG5426 | User Guide - Page 165
to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms - TP-Link TL-SG5426 | User Guide - Page 166
to any end-node host that does not support VLAN tagging. VLAN Classification - When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port). But if the - TP-Link TL-SG5426 | User Guide - Page 167
the message to all other ports. When the message arrives at another switch that supports GVRP, it will also place the receiving port in the specified VLANs, and pass the message on to all other ports. VLAN requirements are propagated in this way throughout the network. This allows GVRP-compliant - TP-Link TL-SG5426 | User Guide - Page 168
the network. GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. (Default: Disabled) Note: GVRP is not supported in the current software. Web - Click VLAN, 802.1Q VLAN, GVRP Status. Enable or disable GVRP, click Apply Figure - TP-Link TL-SG5426 | User Guide - Page 169
be configured on this switch. Web - Click VLAN, 802.1Q VLAN, Basic Information. Figure 3-72 Displaying Basic VLAN Information CLI - Enter the following command. Console#show bridge-ext Max support vlan numbers: 256 Max support vlan ID: 4094 Extended multicast filtering services: No Static - TP-Link TL-SG5426 | User Guide - Page 170
any ID from the scroll-down list. Figure 3-73 Displaying Current VLANs Command Attributes (CLI) • VLAN - ID of configured VLAN (1-4094, no leading zeroes). • Type - Shows how this VLAN was added to the switch. - Dynamic: Automatically learned via GVRP. - Static: Added as a static entry. • Name - TP-Link TL-SG5426 | User Guide - Page 171
about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups. Command Attributes • Current - Lists all the current VLAN groups created for this system. Up to 255 VLAN groups can be defined. VLAN 1 is the default untagged VLAN. • New - TP-Link TL-SG5426 | User Guide - Page 172
-aware devices. Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol. Notes: 1. You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index (page 3-131). However, note that this configuration - TP-Link TL-SG5426 | User Guide - Page 173
the Switch 2. VLAN 1 is the default untagged VLAN containing all ports on the switch, and can only be modified by first reassigning the default port VLAN ID as described under "Configuring VLAN Behavior for Interfaces" on page 3-132. Command Attributes • VLAN - ID of configured VLAN (1-4094 - TP-Link TL-SG5426 | User Guide - Page 174
config-if)#exit Console(config)#interface ethernet 1/13 Console(config-if)#switchport allowed vlan add 2 tagged 4-116 4-173 Adding Static Members to VLANs (Port Index) Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface as a tagged member. Command Attributes - TP-Link TL-SG5426 | User Guide - Page 175
1Q Trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. Note that frames belonging to the port's default VLAN (i.e., associated with the PVID) are also transmitted as tagged frames - TP-Link TL-SG5426 | User Guide - Page 176
the tags when the frames leave the network. A service provider's customers may have specific requirements for their internal VLAN IDs and number of VLANs supported. VLAN ranges required by different customers in the same service-provider network might easily overlap, and traffic passing through - TP-Link TL-SG5426 | User Guide - Page 177
switch where the customer traffic enters the service provider's network. Each customer requires a separate SPVLAN, but this VLAN supports all of the customer's internal VLANs outer tag (SPVLAN) into the packet based on the default VLAN ID and Tag Protocol Identifier (TPID, that is, the ether-type - TP-Link TL-SG5426 | User Guide - Page 178
not equal to the TPID of the uplink port, the VLAN tag is determined to be a Customer VLAN (CVLAN) tag. The uplink port's PVID VLAN native tag is added to the packet. This outer tag is used for learning and switching packets within the service provider's network. The TPID must be configured on a per - TP-Link TL-SG5426 | User Guide - Page 179
VLAN 1 as a management VLAN instead of a data VLAN in the service provider network. • There are some inherent incompatibilities between Layer 2 and Layer 3 switching: - Tunnel ports do not support IP ethertype to identify 802.1Q tagged frames. The default ethertype value is 0x8100. (See "Adding an - TP-Link TL-SG5426 | User Guide - Page 180
normal VLAN mode or IEEE 802.1Q (QinQ) tunneling mode which is used for passing Layer 2 traffic across a service provider's metropolitan area network. Command Attributes • 802.1Q Tunnel - Sets the switch to QinQ mode, and allows the QinQ tunnel port to be configured. The default is for the switch to - TP-Link TL-SG5426 | User Guide - Page 181
- Set the VLAN membership mode of the port. (Default: Normal) - Normal - The port operates in its normal VLAN mode. - 802.1Q Tunnel - Configures IEEE 802.1Q tunneling (QinQ) for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network. 3-138 - TP-Link TL-SG5426 | User Guide - Page 182
Tunneling - 802.1Q Tunnel Uplink - Configures IEEE 802.1Q tunneling (QinQ) for an uplink port to another device within the service provider network. Web - Click VLAN, 802.1Q VLAN, Tunnel Configuration or Tunnel Trunk Configuration. Set the mode for a tunnel access port to 802.1Q Tunnel and a tunnel - TP-Link TL-SG5426 | User Guide - Page 183
3 Configuring the Switch CLI - This example sets port 1 to tunnel access mode, indicates that the TPID used for 802.1Q tagged frames is 9100 hexadecimal, and sets port 2 - TP-Link TL-SG5426 | User Guide - Page 184
, and from, uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.) Enabling Private VLANs Use the Private VLAN Status page to enable/disable the Private VLAN function. Web - Click VLAN, Private VLAN, Status. Select Enable or Disable from the scroll - TP-Link TL-SG5426 | User Guide - Page 185
communicate with any other ports on the switch and with any designated downlink ports. Web - Click VLAN, Private VLAN, Link Status. Mark the ports that will serve as uplinks and downlinks for the private VLAN, then click Apply. Figure 3-81 Private VLAN Link Status CLI - This configures port 3 as an - TP-Link TL-SG5426 | User Guide - Page 186
for all other frames types include IP, ARP, or RARP. Web - Click VLAN, Protocol VLAN, Configuration. Figure 3-82 Protocol VLAN Configuration Configuring Protocol VLAN Interfaces Use the Protocol VLAN Port Configuration menu to set the protocol VLAN settings per port. Command Attributes • Interface - TP-Link TL-SG5426 | User Guide - Page 187
switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port's high-priority queue will be transmitted before those in the lower-priority queues. You can set the default .1Q VLAN tagged frames. If the incoming frame is an IEEE 802.1Q VLAN tagged - TP-Link TL-SG5426 | User Guide - Page 188
: 5 GVRP status: Disabled Allowed VLAN: 1(u), Forbidden VLAN: Private-VLAN mode: NONE Private-VLAN host-association: NONE Private-VLAN mapping: NONE Console# 4-116 4-185 4-125 Mapping CoS Values to Egress Queues This switch processes Class of Service (CoS) priority tagged traffic by - TP-Link TL-SG5426 | User Guide - Page 189
in the following table. However, you can map the priority levels to the switch's output queues in any way that benefits application traffic for your own network. Priority Level 1 2 0 (default) 3 4 5 6 7 Table 3-12 CoS Priority Levels Traffic Type Background (Spare) Best Effort Excellent Effort - TP-Link TL-SG5426 | User Guide - Page 190
(CoS). Command Attributes • Traffic Classes - Click to enable Class of Service. (Default: Enabled) Web - Click Priority, Traffic Classes Status. Figure 3-86 Enable Traffic Classes Selecting the Queue Mode You can set the switch to service the queues based on a strict rule that requires all traffic - TP-Link TL-SG5426 | User Guide - Page 191
)#exit Console#show queue mode Queue mode: wrr Console# 4-185 4-188 Setting the Service Weight for Traffic Classes This switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each priority queue. As described in "Mapping CoS Values to Egress Queues" on - TP-Link TL-SG5426 | User Guide - Page 192
The switch allows you to choose between using IP Precedence or DSCP priority. Select one of the methods or disable this feature. Command Attributes • Disabled - Disables both priority services. (This is the default setting.) • IP Precedence - Maps layer 3/4 priorities using IP Precedence. • IP DSCP - TP-Link TL-SG5426 | User Guide - Page 193
IP Precedence/DSCP Priority Status CLI - The following example enables IP Precedence service on the switch. Console(config)#map ip precedence Console(config)# 4-204 Mapping IP Precedence The Type of Service . The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., - TP-Link TL-SG5426 | User Guide - Page 194
Priority Table, enter a value in the Class of Service Value field, and then click Apply. Figure 3-90 Mapping IP Precedence Priority Values CLI - The following example globally enables IP Precedence service on the switch, maps IP Precedence value 1 to CoS value 0 (on port 1), and then displays - TP-Link TL-SG5426 | User Guide - Page 195
the Switch be marked for different kinds of forwarding. The DSCP default values are defined in the following table. Note that all the DSCP IP DSCP settings apply to all interfaces. Web - Click Priority, IP DSCP Priority. Select an entry from the DSCP table, enter a value in the Class of Service - TP-Link TL-SG5426 | User Guide - Page 196
configuration command, but any changes will apply to the all interfaces on the switch. 4-189 4-116 4-190 4-191 Mapping IP Port Priority You can also map network applications to Class of Service values based on the IP port number (i.e., TCP/UDP port number) in the frame header. Some of the - TP-Link TL-SG5426 | User Guide - Page 197
the port number for a network application in the IP Port Number box and the new CoS value in the Class of Service box, and then click Apply. Figure 3-93 IP Port Priority CLI* - The following example globally enables IP Port Priority service on the switch, maps HTTP traffic on port 5 to CoS value - TP-Link TL-SG5426 | User Guide - Page 198
create a service policy for a specific category or ingress traffic, follow these steps: 1. Use the "Class Map" to designate a class name for a specific category of traffic. 2. Edit the rules for each class to specify a type of traffic based on an access list, a DSCP or IP Precedence value, or a VLAN - TP-Link TL-SG5426 | User Guide - Page 199
list, a DSCP or IP Precedence value, or a VLAN, and click the Add button next to the field for the selected traffic criteria. You can specify up to 16 items to match when assigning ingress traffic to a class map. • The class map is used with a policy map (page 3-158) to create a service policy (page - TP-Link TL-SG5426 | User Guide - Page 200
existing class. Figure 3-94 Configuring Class Maps CLI - This example creates a class map call "rd-class," and sets it to match packets marked for DSCP service value 3. Console(config)#class-map rd_class match-any Console(config-cmap)#match - TP-Link TL-SG5426 | User Guide - Page 201
3 Configuring the Switch Creating QoS Policies This function creates a policy map that can be policy for traffic that matches criteria defined in this class by setting the quality of service that an IP packet will receive (in the Action field), defining the maximum throughput and burst rate - TP-Link TL-SG5426 | User Guide - Page 202
be reduced. • Remove Class - Deletes a class. - Policy Options • Class Name - Name of class map. • Action - Configures the service provided to ingress traffic by setting a CoS, DSCP, or IP Precedence value in a matching packet (as specified in Match Class Settings on 3-155). (Range - CoS: 0-7, DSCP - TP-Link TL-SG5426 | User Guide - Page 203
3 Configuring the Switch Web - Click QoS, DiffServ, Policy Map to display the list of existing rd_policy#3 Console(config-pmap)#class rd_class#3 Console(config-pmap-c)#set ip dscp 4 Console(config-pmap-c)#police 100000 1522 exceed-action set ip dscp 0 Console(config-pmap-c)# 4-200 4-200 4-201 4-202 - TP-Link TL-SG5426 | User Guide - Page 204
Usage • You must first define a class map, then define a policy map, and finally bind the service policy to the required interface. • You can only bind one policy map to an interface. • The current firmware does not allow you to bind a policy map to an egress queue. Command Attributes • Ports - TP-Link TL-SG5426 | User Guide - Page 205
to all ports in the subnet (VLAN). Layer 2 IGMP (Snooping and Query) IGMP Snooping and Query - If multicast routing is not supported on other switches in your network, you can use IGMP Snooping and Query (page 3-163) to monitor IGMP service requests passing between multicast clients and servers - TP-Link TL-SG5426 | User Guide - Page 206
switch/router to ensure that it will continue to receive the multicast service. Note: Multicast routers use this information, along with a multicast routing protocol such as DVMRP or PIM, to support IP . (Range: 1-2; Default: 2) Notes: 1. All systems on the subnet must support the same version. - TP-Link TL-SG5426 | User Guide - Page 207
)#exit Console#show ip igmp snooping Service status: Enabled Querier status: Enabled Leave proxy status: Disabled Query count: 10 Query interval: 100 sec Query max response time: 20 sec Router port expire time: 300 sec Immediate Leave Processing: Disabled on all VLAN IGMP snooping - TP-Link TL-SG5426 | User Guide - Page 208
on VLAN 1, IGMP Snooping Version: Version 2 Console# 4-204 4-203 Displaying Interfaces Attached to a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP - TP-Link TL-SG5426 | User Guide - Page 209
a port attached to a multicast router. Console#show ip igmp snooping mrouter vlan 1 VLAN M'cast Router Port Type 1 Eth 1/11 Static Console ) on your switch, you can manually configure the interface (and a specified VLAN) to join all the current multicast groups supported by the attached - TP-Link TL-SG5426 | User Guide - Page 210
can display the port members associated with a specified VLAN and multicast service. Command Attributes • VLAN ID - Selects the VLAN for which to display port members. • Multicast IP Address - The IP address for a specific multicast service. • Multicast Group Port List - Shows the interfaces that - TP-Link TL-SG5426 | User Guide - Page 211
from the scroll-down lists. The switch will display all the interfaces that are propagating this multicast service. Figure 3-101 IP Multicast Registration Table CLI - This example displays all the known multicast services supported on VLAN 1, along with the ports propagating the corresponding - TP-Link TL-SG5426 | User Guide - Page 212
address to VLAN 1, and then displays all the known multicast services supported on VLAN 1. Console(config)#ip igmp snooping vlan 1 static 224 the same time. When the maximum number of groups is reached on a port, the switch can take one of two actions; either "deny" or "replace." If the action - TP-Link TL-SG5426 | User Guide - Page 213
IGMP Filter - Enables IGMP filtering and throttling globally for the switch. (Default: Disabled) • IGMP Profile - Creates IGMP profile numbers. ( )#ip igmp filter Console(config)#ip igmp profile 19 Console(config-igmp-profile)#end Console#show ip igmp filter IGMP filter enable Console#show ip igmp - TP-Link TL-SG5426 | User Guide - Page 214
join reports will be dropped. If the action is set to replace, the switch randomly removes an existing group and replaces it with the new multicast group. groups an interface can join at the same time. (Range: 0-256; Default: 256) • Current Multicast Groups - Displays the current number of multicast - TP-Link TL-SG5426 | User Guide - Page 215
3 Configuring the Switch Web - Click IGMP Snooping, IGMP Filter/Throttling Port Configuration or IGMP Eth 1/1 IGMP Profile 19 deny range 239.1.1.1 239.1.1.1 range 239.2.3.1 239.2.3.100 Console#show ip igmp throttle interface ethernet 1/1 Information of Eth 1/1 status : FALSE action : replace max - TP-Link TL-SG5426 | User Guide - Page 216
- Sets the access mode of the profile; either permit or deny. (Default: Deny) • New Multicast Address Range List - Specifies multicast groups to group range by entering a start and end IP address. Specify a single multicast group by entering the same IP address for the start and end of the - TP-Link TL-SG5426 | User Guide - Page 217
include enabling or disabling MVR for the switch, selecting the VLAN that will serve as the sole channel for common multicast streams supported by the service provider, and assigning the multicast group address for each of these services to the MVR VLAN. Command Attributes • MVR Status - When MVR is - TP-Link TL-SG5426 | User Guide - Page 218
significantly reduce to processing overhead required to dynamically monitor and establish the distribution tree for a normal multicast VLAN. This makes it possible to support common multicast services over a wide part of the network without having to use any multicast routing protocol. MVR maintains - TP-Link TL-SG5426 | User Guide - Page 219
the interfaces attached to the MVR VLAN. Field Attributes • Type - Shows the MVR port type. • Oper Status - Shows the link status. • MVR Status - Shows the MVR status. MVR status for source ports is "ACTIVE" if MVR is globally enabled on the switch. MVR - TP-Link TL-SG5426 | User Guide - Page 220
Information. 3 Multicast Filtering Figure 3-107 MVR Port Information CLI - This example shows information about interfaces attached to the MVR VLAN. Console#show mvr interface Port Type Status Immediate Leave eth1/1 SOURCE ACTIVE/UP Disable eth1/2 RECEIVER ACTIVE/UP Disable Console - TP-Link TL-SG5426 | User Guide - Page 221
• Group Port List - Shows the interfaces with subscribers for multicast services provided through the MVR VLAN. Web - Click MVR, Group IP Information. Figure 3-108 MVR Group IP Information CLI - This example following shows information about the interfaces associated with multicast groups assigned - TP-Link TL-SG5426 | User Guide - Page 222
enabled on a port attached to one multicast subscriber to avoid disrupting services to other group members attached to the same interface. Note that MVR VLAN. - Non-MVR - An interface that does not participate in the MVR VLAN. (This is the default type.) • Immediate Leave - Configures the switch to - TP-Link TL-SG5426 | User Guide - Page 223
Configuring the Switch Web - interfaces. Command Usage • Any multicast groups that use the MVR VLAN must be statically assigned to it under the MVR Configuration menu ( IP multicast address range of 224.0.0.x. Command Attributes • Interface - Indicates a port or trunk. • Member - Shows the IP - TP-Link TL-SG5426 | User Guide - Page 224
to the switch, and waiting for a response. You can manually configure entries in the DNS table used for mapping domain names to IP addresses, configure default domain names, or specify one or more name servers to use for domain name to address translation. Configuring General DNS Service Parameters - TP-Link TL-SG5426 | User Guide - Page 225
name is received by the DNS service on this switch and a domain name list has been specified, the switch will work through the domain list, for name-to-address resolution. (Range: 1-6 IP addresses) Web - Select DNS, General Configuration. Set the default domain name or list of domain names, specify - TP-Link TL-SG5426 | User Guide - Page 226
Domain Name Service CLI - This example sets a default domain name and a domain list. However, remember that if a domain list is specified, the default domain name is not used. Console(config)#ip domain-name sample.com Console(config)#ip domain-list sample.com.uk Console(config)#ip domain-list - TP-Link TL-SG5426 | User Guide - Page 227
the Switch Web - Select DNS, Static Host Table. Enter a host name and one or more corresponding addresses, then click Apply. Figure 3-112 DNS Static Host Table CLI - This example maps two address to a host name, and then configures an alias host name for the same addresses. Console(config)#ip - TP-Link TL-SG5426 | User Guide - Page 228
3 Configuring Domain Name Service Displaying the DNS Cache You can display entries in the DNS owner, and ALIAS which specifies multiple domain names which are mapped to the same IP address as an existing entry. • IP - The IP address associated with this record. • TTL - The time to live reported by - TP-Link TL-SG5426 | User Guide - Page 229
Switch CLI - This example displays all the resource records learned from the designated name servers. Console#show dns cache NO FLAG TYPE 0 4 CNAME 1 4 CNAME 2 4 CNAME 3 4 CNAME 4 4 CNAME 5 4 ALIAS 6 4 CNAME 7 4 ALIAS 8 4 CNAME 9 4 ALIAS 10 4 CNAME Console# IP - TP-Link TL-SG5426 | User Guide - Page 230
VLAN. If the DHCP snooping is globally disabled, all dynamic bindings are removed from the binding table. Additional considerations when the switch itself is a DHCP client - The port(s) through which the switch Verification. Console(config)#ip dhcp snooping Console(config)#ip dhcp snooping verify - TP-Link TL-SG5426 | User Guide - Page 231
, it allows compatible DHCP servers to use the information when assigning IP addresses, or to set other services or policies for clients. When the DHCP Snooping Information Option is enabled, clients can be identified by the switch port to which they are connected rather than just their MAC address - TP-Link TL-SG5426 | User Guide - Page 232
in a packet and then floods it to the entire VLAN. Web - Click DHCP Snooping, Information Option Configuration. Figure ip dhcp snooping information option Console(config)#ip dhcp snooping information policy replace Console(config)# 4-235 4-236 DHCP Snooping Port Configuration Configures switch - TP-Link TL-SG5426 | User Guide - Page 233
DHCP snooping binding information. • Unit - Stack unit. • Port - Port number. • VLAN ID - ID of a configured VLAN (Range: 1-4094) • MAC Address - A valid unicast MAC address. • IP Address - A valid unicast IP address. • IP Address Type - Indicates an IPv4 address type. • Lease Time (Seconds) - The - TP-Link TL-SG5426 | User Guide - Page 234
IpAddress Lease(sec) Type VLAN Interface 11-22-33-44-55-66 192.168.0.99 0 Dynamic 1 Eth 1/5 Console# IP Source Guard IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or static - TP-Link TL-SG5426 | User Guide - Page 235
switch to filter inbound traffic based source IP address, or source IP address and corresponding MAC address. (Default: None) • None - Disables IP source guard filtering on the port. • SIP - Enables traffic filtering based on IP , IP address, lease time, entry type (Static, Dynamic), VLAN identifier - TP-Link TL-SG5426 | User Guide - Page 236
entries in the table. • Port - Switch port number. (Range: 1-26) • VLAN ID - ID of a configured VLAN (Range: 1-4094) • MAC Address - A valid unicast MAC address. • IP Address - A valid unicast IP address, including classful types A, B or C. Web - Click IP Source Guard, Static Configuration. Figure - TP-Link TL-SG5426 | User Guide - Page 237
IpAddress Lease(sec) Type VLAN Interface 11-22-33-44-55-66 192.168.0.99 0 Static 1 Eth 1/5 Console# Switch Clustering Switch Clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped - TP-Link TL-SG5426 | User Guide - Page 238
switches in the network. These "Candidate" switches only become cluster Members when manually selected switch (the default is enabled), then set the switch as a Cluster Commander. Set a Cluster IP Pool that does not conflict with the network IP subnet. Cluster IP addresses are assigned to switches - TP-Link TL-SG5426 | User Guide - Page 239
Web - Click Cluster, Configuration. Figure 3-123 Cluster Configuration CLI - This example first enables clustering on the switch, sets the switch as the cluster Commander, and then configures the cluster IP pool. Console(config)#cluster Console(config)#cluster commander Console(config)#cluster - TP-Link TL-SG5426 | User Guide - Page 240
- The ID number of the Member switch. (Range: 1-16) • Role - Indicates the current status of the switch in the cluster. • IP Address - The internal cluster IP address assigned to the Member switch. • MAC Address - The MAC address of the Member switch. • Description - The system description string of - TP-Link TL-SG5426 | User Guide - Page 241
-0#sh cluster members Cluster Members: ID: 1 Role: Active member IP Address: 10.254.254.2 MAC Address: 00-12-cf-23-49-c0 Description: TL-SG5426 Vty-0# 4-241 Cluster Candidate Information Displays information about discovered switches in the network that are already cluster Members or are - TP-Link TL-SG5426 | User Guide - Page 242
Console Connection To access the switch through the console port, perform these steps: 1. At the console prompt, enter the user name and password. (The default user names are "admin" Username: admin Password: CLI session with TL-SG5426 is opened. To end the CLI session, enter [Exit]. Console# 4-1 - TP-Link TL-SG5426 | User Guide - Page 243
IP address for the Master unit, and set the default gateway if you are managing the switch from a different IP subnet. For example, Console(config)#interface vlan 1 Console(config-if)#ip screen displays: Username: admin Password: CLI session with TL-SG5426 is opened. To end the CLI session, enter [ - TP-Link TL-SG5426 | User Guide - Page 244
4 Entering Commands Entering Commands This section describes how to enter CLI commands. Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command "show interfaces status - TP-Link TL-SG5426 | User Guide - Page 245
bridge-ext calendar class-map cluster dns dot1q-tunnel dot1x garp gvrp history hosts interfaces ip lacp line log logging mac mac-address-table management map mvr policy-map port port-channel protocol-vlan public-key pvlan queue radius-server running-config snmp sntp spanning-tree ssh startup-config - TP-Link TL-SG5426 | User Guide - Page 246
vlan Protocol-VLAN effect of a command or reset the configuration to the default value. For example, the logging command will log system messages to a host server. To disable logging, specify the no logging command. This guide or enable certain switching functions. These - TP-Link TL-SG5426 | User Guide - Page 247
Line Multiple Spanning Tree Policy Map VLAN Database * You must be in Commands When you open a new console session on the switch with the user name and password "guest," the system : admin Password: [admin login password] CLI session with TL-SG5426 is opened. To end the CLI session, enter [Exit - TP-Link TL-SG5426 | User Guide - Page 248
used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. Policy Map VLAN Table 4-2 Configuration Modes Command Prompt line {console | vty} Console(config-line)# access-list ip standard access-list ip extended access- - TP-Link TL-SG5426 | User Guide - Page 249
4 Command Line Interface Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, - TP-Link TL-SG5426 | User Guide - Page 250
Link Aggregation Address Table Spanning Tree VLANs Class of Service Quality of Service Multicast Filtering IP Interface DHCP Snooping IP Source Guard IP a variety of other system information Manages code image or switch configuration files Configures logon access using local or remote authentication; - TP-Link TL-SG5426 | User Guide - Page 251
Configuration) LC (Line Configuration) MST (Multiple Spanning Tree) NE (Normal Exec) PE (Privileged Exec) PM (Policy Map Configuration) VC (VLAN Database Configuration) Line Commands You can access the onboard configuration program by attaching a VT100 compatible device to the server's serial - TP-Link TL-SG5426 | User Guide - Page 252
- Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line. Command Mode Global Configuration Command Usage Telnet is based on the user name specified with the username command. Default Setting login local Command Mode Line Configuration Command Usage • - TP-Link TL-SG5426 | User Guide - Page 253
via the user name and password specified by the username command (i.e., default setting). When using this method, the management interface starts in Normal ) mode. • This command controls login authentication via the switch itself. To configure user names and passwords for remote authentication - TP-Link TL-SG5426 | User Guide - Page 254
from a TFTP server. There is no need for you to manually configure encrypted passwords. Example Console(config-line)#password 0 secret Console( be disabled. • Using the command without specifying a timeout restores the default setting. Example To set the timeout to two minutes, enter this command - TP-Link TL-SG5426 | User Guide - Page 255
Line Interface Syntax exec-timeout [seconds] no exec-timeout seconds - Integer that specifies the number of seconds. (Range: 0-65535 seconds; 0: no timeout) Default Setting CLI: No timeout Telnet: 10 minutes Command Mode Line Configuration Command Usage • If user input is detected within the timeout - TP-Link TL-SG5426 | User Guide - Page 256
Syntax silent-time [seconds] no silent-time seconds - The number of seconds to disable console response. (Range: 0-65535; 0: no silent-time) Default Setting The default value is no silent-time. Command Mode Line Configuration Example To set the silent time to 60 seconds, enter this command: Console - TP-Link TL-SG5426 | User Guide - Page 257
setting. Syntax parity {none | even | odd} no parity • none - No parity • even - Even parity • odd - Odd parity Default Setting No parity Command Mode Line Configuration Command Usage Communication protocols provided by devices such as terminals and modems often require a specific parity bit setting - TP-Link TL-SG5426 | User Guide - Page 258
speed you selected is not supported. Example To specify 57600 bps, enter this command: Console(config-line)#speed 57600 Console(config-line)# stopbits This command sets the number of the stop bits transmitted per byte. Use the no form to restore the default setting. Syntax stopbits {1 | 2} • 1 - One - TP-Link TL-SG5426 | User Guide - Page 259
line This command displays the terminal line's parameters. Syntax show line [console | vty] • console - Console terminal line. • vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting Shows all lines Command Mode Normal Exec, Privileged Exec 4-18 - TP-Link TL-SG5426 | User Guide - Page 260
Example To show all lines, enter this command: Console#show line Console configuration: Password threshold: 3 times Interactive timeout: Disabled Login timeout: Disabled Silent time: Disabled Baudrate: 9600 Databits: 8 Parity: none Stopbits: 1 VTY configuration: Password threshold: 3 - TP-Link TL-SG5426 | User Guide - Page 261
normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, the privileged mode. See "Understanding Command Modes" on page 4-5. Default Setting None Command Mode Privileged Exec Command Usage The ">" character is - TP-Link TL-SG5426 | User Guide - Page 262
mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of Configuration, Line Configuration, and VLAN Database Configuration. See "Understanding Command Modes" on page 4-5. Default Setting None Command Mode Privileged - TP-Link TL-SG5426 | User Guide - Page 263
This example shows how to reset the switch: Console#reload System will be restarted, continue ? y end This command returns to Privileged Exec mode. Default Setting None Command Mode Global Configuration, Interface Configuration, Line Configuration, and VLAN Database Configuration. Example This - TP-Link TL-SG5426 | User Guide - Page 264
: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: quit This command exits the configuration program. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program - TP-Link TL-SG5426 | User Guide - Page 265
of error messages 4-43 Sets the system clock automatically via NTP/SNTP server or manually 4-53 Displays system configuration, active managers, and version information 4-57 Enables support for jumbo frames 4-63 Device Designation Commands Command prompt hostname snmp-server contact snmp - TP-Link TL-SG5426 | User Guide - Page 266
- The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode Global Configuration Example Console(config)#hostname RD#1 commands required for management access are listed in this section. This switch also includes other options for password checking via the console or - TP-Link TL-SG5426 | User Guide - Page 267
a TFTP server. There is no need for you to manually configure encrypted passwords. Example This example shows how to set the the Privileged Exec level from the Normal Exec level. Use the no form to reset the default password. Syntax enable password [level level] {0 | 7} password no enable password - TP-Link TL-SG5426 | User Guide - Page 268
a TFTP server. There is no need for you to manually configure encrypted passwords. Example Console(config)#enable password level 15 specifies the client IP addresses that are allowed management access to the switch through various protocols. Use the no form to restore the default setting. Syntax [ - TP-Link TL-SG5426 | User Guide - Page 269
group. • start-address - A single IP address, or the starting address of a range. • end-address - The end address of a range. Default Setting All addresses Command Mode Global Configuration Command Usage • If anyone tries to access a management interface on the switch from an invalid address, the - TP-Link TL-SG5426 | User Guide - Page 270
port number for HTTPS GC Page 4-29 4-30 4-30 4-31 ip http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. Syntax ip http port port-number no ip http port port-number - The TCP port to be used by - TP-Link TL-SG5426 | User Guide - Page 271
interface. Use the no form to disable this function. Syntax [no] ip http secure-server Default Setting Enabled Command Mode Global Configuration Command Usage • Both HTTP and HTTPS service can be enabled independently on the switch. However, you cannot configure the HTTP and HTTPS servers to use the - TP-Link TL-SG5426 | User Guide - Page 272
port number used for HTTPS connections to the switch's web interface. Use the no form to restore the default port. Syntax ip http secure-port port_number no ip http secure-port port_number - The UDP port used for HTTPS. (Range: 1-65535) Default Setting 443 Command Mode Global Configuration Command - TP-Link TL-SG5426 | User Guide - Page 273
Telnet interface GC 4-29 Allows the switch to be monitored or configured from Telnet GC 4-30 ip telnet port This command specifies the TCP default port. Syntax ip telnet port port-number no ip telnet port port-number - The TCP port to be used by the browser interface. (Range: 1-65535) Default - TP-Link TL-SG5426 | User Guide - Page 274
ip telnet server Default Setting Enabled Command Mode Global Configuration Example Console(config)#ip telnet server Console(config)# Related Commands ip the switch. Note: The switch supports both SSH Version 1.5 and 2.0. Command ip ssh server ip ssh timeout ip ssh authentication-retries ip ssh - TP-Link TL-SG5426 | User Guide - Page 275
this switch supports both ip ssh crypto host-key generate command to create a host public/private key pair. 2. Provide Host Public Key to Clients - Many SSH client programs automatically import the host public key during the initial connection setup with the switch. Otherwise, you need to manually - TP-Link TL-SG5426 | User Guide - Page 276
This command enables the Secure Shell (SSH) server on this switch. Use the no form to disable this service. Syntax [no] ip ssh server Default Setting Disabled Command Mode Global Configuration Command Usage • The SSH server supports up to four client sessions. The maximum number of client sessions - TP-Link TL-SG5426 | User Guide - Page 277
setting. Syntax ip ssh timeout seconds no ip ssh timeout seconds - The timeout for client response during SSH negotiation. (Range: 1-120) Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client - TP-Link TL-SG5426 | User Guide - Page 278
of authentication attempts permitted after which the interface is reset. (Range: 1-5) Default Setting 3 Command Mode Global Configuration Example Console(config)#ip ssh authentication-retires 2 Console(config)# Related Commands show ip ssh (4-40) ip ssh server-key size This command sets the SSH - TP-Link TL-SG5426 | User Guide - Page 279
host-key generate This command generates the host key pair (i.e., public and private). Syntax ip ssh crypto host-key generate [dsa | rsa] • dsa - DSA (Version 2) key type. • rsa - RSA (Version 1) key type. Default Setting Generates both the DSA and RSA key pairs. Command Mode Privileged Exec Command - TP-Link TL-SG5426 | User Guide - Page 280
crypto zeroize This command clears the host key from memory (i.e. RAM). Syntax ip ssh crypto zeroize [dsa | rsa] • dsa - DSA key type. • rsa - RSA key type. Default Setting Clears both the DSA and RSA key. Command Mode Privileged Exec Command Usage • This command clears the host key from volatile - TP-Link TL-SG5426 | User Guide - Page 281
command displays the connection settings used when authenticating client access to the SSH server. Command Mode Privileged Exec Example Console#show ip ssh SSH Enabled - version 1.99 Negotiation timeout: 120 secs; Authentication retries: 3 Server key size: 768 bits Console# show ssh This command - TP-Link TL-SG5426 | User Guide - Page 282
for the specified user or for the host. Syntax show public-key [user [username]| host] username - Name of an SSH user. (Range: 1-8 characters) Default Setting Shows all public keys. Command Mode Privileged Exec Command Usage • If no parameters are entered, all keys are displayed. If the user keyword - TP-Link TL-SG5426 | User Guide - Page 283
4 Command Line Interface Example Console#show public-key host Host: RSA: 1024 35 1568499540186766925933394677505461732531367489083654725415020245593199868 5443583616519999233297817660658309586108259132128902337654680172627257141 - TP-Link TL-SG5426 | User Guide - Page 284
error messages Limits syslog messages saved to switch memory based on severity Adds a syslog server host IP address that will receive logging messages Sets debug or error messages to switch memory. The no form disables the logging process. Syntax [no] logging on Default Setting None Command Mode - TP-Link TL-SG5426 | User Guide - Page 285
limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history { only Level 2, 5 and 6 error messages for the current firmware release. Default Setting Flash: errors (level 3 - 0) RAM: warnings (level - TP-Link TL-SG5426 | User Guide - Page 286
The IP address of a syslog server. Default service. (Range: 16-23) Default Setting 23 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the switch - TP-Link TL-SG5426 | User Guide - Page 287
selected level up through level 0. (Refer to the table on page 4-44.) Default Setting • Enabled • Level 6 - 0 Command Mode Global Configuration Command Usage • Event history stored in temporary RAM (i.e., memory flushed on power reset). Default Setting Flash and RAM Command Mode Privileged Exec 4-46 - TP-Link TL-SG5426 | User Guide - Page 288
show logging This command displays the configuration settings for logging messages to local switch memory, to an SMTP event handler, or to a remote syslog server. reset). • sendmail - Displays settings for the SMTP event handler (page 4-52). • trap - Displays settings for the trap function. Default - TP-Link TL-SG5426 | User Guide - Page 289
remote server as specified in the logging trap command. REMOTELOG server IP address The address of syslog servers as specified in the logging host on power reset). • tail - Shows event history starting from the most recent entry. • login - Shows the login record only. Default Setting None Command - TP-Link TL-SG5426 | User Guide - Page 290
6, module: 6, function: 1, and event no.: 1 [1] 00:00:48 2001-01-01 "VLAN 1 link-up notification." level: 6, module: 6, function: 1, and event no.: 1 Console# SMTP Alert no] logging sendmail host ip_address ip_address - IP address of an SMTP server that will be sent alert messages for event handling - TP-Link TL-SG5426 | User Guide - Page 291
first server configured by this command. If it fails to send mail, the switch selects the next server in the list and tries to send mail again. include the selected level down to level 0. (Range: 0-7; Default: 7) Default Setting Level 7 Command Mode Global Configuration Command Usage The specified - TP-Link TL-SG5426 | User Guide - Page 292
symbolic email address that identifies the switch, or the address of an administrator responsible for the switch. Example This example will set email address used in alert messages. (Range: 1-41 characters) Default Setting None Command Mode Global Configuration Command Usage You can specify up - TP-Link TL-SG5426 | User Guide - Page 293
logging sendmail This command enables SMTP event handling. Use the no form to disable this function. Syntax [no] logging sendmail Default Setting Enabled Command Mode Global Configuration Example Console(config)#logging sendmail Console(config)# show logging sendmail This command displays the - TP-Link TL-SG5426 | User Guide - Page 294
The time acquired from time servers is used to record accurate dates and times for log events. Without SNTP, the switch only records the time starting from the factory default set at the last bootup (i.e., 00:00:00, Jan. 1, 2001). • This command enables client time requests to time servers specified - TP-Link TL-SG5426 | User Guide - Page 295
sntp (4-55) sntp server This command sets the IP address of the servers to which SNTP time requests ip - IP address of a time server (NTP or SNTP). (Range: 1-3 addresses) Default Setting None Command Mode Global Configuration Command Usage This command specifies time servers from which the switch - TP-Link TL-SG5426 | User Guide - Page 296
the interval between sending time requests when the switch is set to SNTP client mode. Use the no form to restore to the default. Syntax sntp poll seconds no sntp poll seconds - Interval between time requests. (Range: 16-16384 seconds) Default Setting 16 seconds Command Mode Global Configuration - TP-Link TL-SG5426 | User Guide - Page 297
-utc - Sets the local time zone after (west) of UTC. Default Setting None Command Mode Global Configuration Command Usage This command sets the local is no time server on your network, or if you have not configured the switch to receive signals from a time server. Syntax calendar set hour min sec - TP-Link TL-SG5426 | User Guide - Page 298
April 2004 Console# show calendar This command displays the system clock. Default Setting None Command Mode Normal Exec, Privileged Exec Example Console#show and Telnet sessions, including user name, idle time, and IP address of Telnet clients Displays version information for the system Mode - TP-Link TL-SG5426 | User Guide - Page 299
the following information: - SNMP community strings - Users (names and access levels) - VLAN database (VLAN ID, name and state) - VLAN configuration settings for each interface - IP address configured for the switch - Spanning tree settings - Any configured settings for the console port and Telnet - TP-Link TL-SG5426 | User Guide - Page 300
config This command displays the configuration information currently in use. Default Setting None Command Mode Privileged Exec Command Usage • Use log settings - VLAN database (VLAN ID, name and state) - VLAN configuration settings for each interface - IP address configured for the switch - Layer 4 - TP-Link TL-SG5426 | User Guide - Page 301
! ! logging history ram 6 logging history flash 3 ! ! vlan database vlan 1 name DefaultVlan media ethernet state active ! ! interface ethernet 1/1 switchport allowed vlan add 1 untagged .switchport native vlan 1 . . interface VLAN 1 IP address DHCP ! no map IP DSCP ! ! line console ! line vty ! end - TP-Link TL-SG5426 | User Guide - Page 302
," contact your distributor for assistance. Example Console#show system System Description: TL-SG5426 System OID String: 1.3.6.1.4.1.11863.6.10.58 System Information System Up Time: , idle time, and IP address of Telnet client. Default Setting None Command Mode Normal Exec, Privileged Exec 4-61 - TP-Link TL-SG5426 | User Guide - Page 303
guest 0 None steve 15 RSA Online users: Line Username Idle time (h:m:s) Remote IP addr. 0 console admin 0:14:14 * 1 VTY 0 admin 0:00:00 for the system. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage See "Displaying Switch Hardware/Software Versions" - TP-Link TL-SG5426 | User Guide - Page 304
Management Commands Example Console#show version Unit1 Serial number: Service tag: Hardware version: Module A type: Module Default Setting Disabled Command Mode Global Configuration Command Usage • This switch provides more efficient throughput for large sequential data transfers by supporting - TP-Link TL-SG5426 | User Guide - Page 305
a TFTP server. When you save the system code or configuration settings to a file on a TFTP server, that file can later be downloaded to the switch to restore system operation. The success of the file transfer depends on the accessibility of the TFTP server and the quality of the network connection - TP-Link TL-SG5426 | User Guide - Page 306
instructions in the release notes for new firmware, or contact your distributor for help. • For information on specifying an https-certificate, see "Replacing the Default Secure-site Certificate" on page 3-53. For information on configuring the switch to use HTTPS for a secure connection, see "ip - TP-Link TL-SG5426 | User Guide - Page 307
1. config: 2. opcode: : 1 Source file name: startup TFTP server ip address: 10.1.0.99 Destination file name: startup.01 TFTP completed. Success. Console . It then reboots the switch to activate the certificate: Console#copy tftp https-certificate TFTP server ip address: 10.1.0.19 Source - TP-Link TL-SG5426 | User Guide - Page 308
key authentication via SSH is only supported for users configured locally on the switch: Console#copy tftp public-key TFTP server IP address: 192.168.1.19 Choose file or image name. unit - Stack unit. (Range: Unit 1) Default Setting None Command Mode Privileged Exec Command Usage • If the file type - TP-Link TL-SG5426 | User Guide - Page 309
includes: • boot-rom - Boot ROM (or diagnostic) image file. • config - Switch configuration file. • opcode - Run-time operation code image file. • filename - or code image. • unit - Stack unit. (Range: Unit 1) Default Setting None Command Mode Privileged Exec Command Usage • If you enter the - TP-Link TL-SG5426 | User Guide - Page 310
used to start up the system. Syntax boot system [unit:] {boot-rom| config | opcode}: filename The type of file or image to set as a default includes: • boot-rom* - Boot ROM. • config* - Configuration file. • opcode* - Run-time operation code. • filename - Name of the configuration file or code image - TP-Link TL-SG5426 | User Guide - Page 311
• If the file contains an error, it cannot be set as the default file. Example Console(config)#boot system config: startup Console(config)# Related Commands 68) whichboot (4-69) Authentication Commands You can configure this switch to authenticate users logging into the system for management access - TP-Link TL-SG5426 | User Guide - Page 312
{[local] [radius] [tacacs]} no authentication login • local - Use local password. • radius - Use RADIUS server password. • tacacs - Use TACACS server password. Default Setting Local Command Mode Global Configuration Command Usage • RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort - TP-Link TL-SG5426 | User Guide - Page 313
Exec command mode to Privileged Exec command mode with the enable command (see page 4-19). Use the no form to restore the default. Syntax authentication enable {[local] [radius] [tacacs]} no authentication enable • local - Use local password only. • radius - Use RADIUS server password only. • tacacs - TP-Link TL-SG5426 | User Guide - Page 314
changing command modes (4-26) RADIUS Client Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on for each user or group that require management access to a switch. Command radius-server host radius-server port radius-server key radius - TP-Link TL-SG5426 | User Guide - Page 315
period expires. • host_ip_address - IP address of server. • host_alias switch will try to authenticate logon access via the RADIUS server. (Range: 1-30) • key - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) Default - TP-Link TL-SG5426 | User Guide - Page 316
-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax radius-server retransmit number_of_retries no radius-server retransmit number_of_retries - Number of times the switch will try to authenticate logon access via the RADIUS server. (Range: 1-30 - TP-Link TL-SG5426 | User Guide - Page 317
- Number of seconds the switch waits for a reply before resending a request. (Range: 1-65535) Default Setting 5 Command Mode Global port number: 1812 Retransmit times: 2 Request timeout: 5 Sever 1: Server IP address: 192.168.1.1 Communication key with RADIUS server: ***** Server port number: - TP-Link TL-SG5426 | User Guide - Page 318
levels for each user or group that require management access to a switch. Command tacacs-server host tacacs-server port tacacs-server key show to restore the default. Syntax tacacs-server host host_ip_address no tacacs-server host host_ip_address - IP address of a TACACS+ server. Default Setting 10. - TP-Link TL-SG5426 | User Guide - Page 319
show tacacs-server This command displays the current settings for the TACACS+ server. Default Setting None Command Mode Privileged Exec Example Console#show tacacs-server Remote TACACS server configuration: Server IP address: 10.11.12.13 Communication key with TACACS server: ***** Server port - TP-Link TL-SG5426 | User Guide - Page 320
switch can automatically take action by disabling the port and sending a trap message. Command port security mac-address-table static show mac-address-table Table 4-31 Port Security Commands Function Configures a secure port Maps a static address to a port in a VLAN Default Setting • Status: - TP-Link TL-SG5426 | User Guide - Page 321
, the switch stops learning security and reset the maximum number of addresses to the default. • You can also manually add secure VLAN port. - Cannot be connected to a network interconnection device. - Cannot be a trunk port. • If a port is disabled due to a security violation, it must be manually - TP-Link TL-SG5426 | User Guide - Page 322
4 Authentication Commands 802.1X Port Authentication The switch supports IEEE 802.1X (dot1x) port-based access Enables dot1x globally on the switch. GC Resets all dot1x parameters to their default values GC Sets the maximum number of times that the switch IC retransmits an EAP request/ - TP-Link TL-SG5426 | User Guide - Page 323
(config)# dot1x max-req This command sets the maximum number of times the switch port will retransmit an EAP request/identity packet to the client before it times out the authentication session. Use the no form to restore the default. Syntax dot1x max-req count no dot1x max-req count - The maximum - TP-Link TL-SG5426 | User Guide - Page 324
-count - Keyword for the maximum number of hosts. - count - The maximum number of hosts that can connect to a port. (Range: 1-1024; Default: 5) Default Single-host Command Mode Interface Configuration Command Usage • The "max-count" parameter specified by this command is only effective if the dot1x - TP-Link TL-SG5426 | User Guide - Page 325
(config-if)# dot1x timeout quiet-period This command sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client. Use the no form to reset the default. Syntax dot1x timeout quiet-period seconds no dot1x timeout quiet-period seconds - TP-Link TL-SG5426 | User Guide - Page 326
-if)# dot1x timeout tx-period This command sets the time that an interface on the switch waits during an authentication session before re-transmitting an EAP packet. Use the no form to reset to the default value. Syntax dot1x timeout tx-period seconds no dot1x timeout tx-period seconds - The number - TP-Link TL-SG5426 | User Guide - Page 327
the following information: • Global 802.1X Parameters - Shows whether or not 802.1X port authentication is globally enabled on the switch. • 802.1X Port Summary - Displays the port access control parameters for each interface, including the following items: - Status - Administrative state - TP-Link TL-SG5426 | User Guide - Page 328
4 Authentication Commands • 802.1X Port Details - Displays the port access control parameters for each interface, including the following items: - reauth-enabled - reauth-period - quiet-period - tx-period - supplicant-timeout - server-timeout - reauth-max - max-req - Status - Operation Mode - Max - TP-Link TL-SG5426 | User Guide - Page 329
4 Command Line Interface Example Console#show dot1x Global 802.1X Parameters system-auth-control: enable 802.1X Port Summary Port Name 1/1 1.../2 1/26 Status disabled enabled disabled Operation Mode Single-Host Single-Host Mode ForceAuthorized auto Single-Host ForceAuthorized 802.1X Port - TP-Link TL-SG5426 | User Guide - Page 330
20. • This switch supports ACLs for ingress filtering only. You can only bind one IP ACL to any port IP ACL for ingress ports. 2. Explicit default rule (permit any any) in the ingress IP ACL for ingress ports. 3. If no explicit rule is matched, the implicit default is permit all. Command Groups IP - TP-Link TL-SG5426 | User Guide - Page 331
. • extended - Specifies an ACL that filters packets based on the source or destination IP address, and other more specific criteria. • acl_name - Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configuration Command Usage • When you create a new ACL or - TP-Link TL-SG5426 | User Guide - Page 332
. • bitmask - Decimal number representing the address bits to match. • host - Keyword followed by a specific IP address. Default Setting None Command Mode Standard ACL Command Usage • New rules are appended to the end of the list. • Address bitmasks are similar to a subnet mask, - TP-Link TL-SG5426 | User Guide - Page 333
match. • host - Keyword followed by a specific IP address. • sport - Protocol15 source port number. (Range: 0-65535) • dport - Protocol15 destination port number. (Range: 0-65535) • end - Upper bound of the protocol port range. (Range: 0-65535) Default Setting None Command Mode Extended ACL Command - TP-Link TL-SG5426 | User Guide - Page 334
This command binds a port to an IP ACL. Use the no form to remove the port. Syntax [no] ip access-group acl_name in • acl_name - Name of the ACL. (Maximum length: 16 characters) • in - Indicates that this list applies to ingress packets. Default Setting None Command Mode Interface Configuration - TP-Link TL-SG5426 | User Guide - Page 335
the no form to remove the specified ACL. Syntax [no] access-list mac acl_name acl_name - Name of the ACL. (Maximum length: 16 characters) Default Setting None Command Mode Global Configuration Command Usage • When you create a new ACL or enter configuration mode for an existing ACL, use the permit - TP-Link TL-SG5426 | User Guide - Page 336
bitmask} [vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]] Note:- The default is for Ethernet II packets. [no] {permit | deny} tagged-eth2 { for MAC address (in hexidecimal format). • vid - VLAN ID. (Range: 1-4093) • vid-bitmask - VLAN bitmask. (Range: 1-4093) • protocol - A specific - TP-Link TL-SG5426 | User Guide - Page 337
4 Access Control List Commands Default Setting None Command Mode MAC ACL Command Usage • New types can be found in RFC 1060. A few of the more common types include the following: - 0800 - IP - 0806 - ARP - 8137 - IPX Example This rule permits packets from any source MAC address to the destination - TP-Link TL-SG5426 | User Guide - Page 338
) • in - Indicates that this list applies to ingress packets. Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage • A port bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one. Example Console(config)#interface - TP-Link TL-SG5426 | User Guide - Page 339
a different ACL, the switch will replace the old ip access-group david in Console(config-if)# Related Commands show ip access-list (4-93) show ip access-group This command shows the ports assigned to IP ACLs. Command Mode Privileged Exec Example Console#show ip access-group Interface ethernet 1/25 IP - TP-Link TL-SG5426 | User Guide - Page 340
order in which the rules are displayed is determined by the associated mask. Example Console#show access-list IP standard access-list david: permit host 10.1.1.21 permit 168.92.16.0 255.255.240.0 IP extended access-list bob: permit 10.7.1.1 255.255.255.0 any permit 192.168.1.0 255.255.255.0 any - TP-Link TL-SG5426 | User Guide - Page 341
Line Interface SNMP Commands Controls access to this switch from management stations using the Simple Network Management of the MIB tree. To use SNMPv3, first set an SNMP engine ID (or accept the default), specify read and write access views for the MIB tree, configure SNMP user groups with the - TP-Link TL-SG5426 | User Guide - Page 342
4 SNMP Commands snmp-server This command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no form to disable the server. Syntax [no] snmp-server Default Setting Enabled Command Mode Global Configuration Example Console(config)#snmp-server Console( - TP-Link TL-SG5426 | User Guide - Page 343
Console#show snmp SNMP Agent: enabled SNMP traps: Authentication: enable Link-up-down: enable SNMP communities: 1. private, and the privilege management stations are able to both retrieve and modify MIB objects. Default Setting • public - Read-only access. Authorized management stations are only - TP-Link TL-SG5426 | User Guide - Page 344
-server contact string no snmp-server contact string - String that describes the system contact information. (Maximum length: 255 characters) Default Setting None Command Mode Global Configuration Example Console(config)#snmp-server contact Paul Console(config)# Related Commands snmp-server location - TP-Link TL-SG5426 | User Guide - Page 345
of the host (the targeted recipient). (Maximum host addresses: 5 trap destination IP address entries) • inform - Notifications are sent as inform messages. Note that as SNMP Version 1, 2c or 3 traps. (Range: 1, 2c, 3; Default: 1) - auth | noauth | priv - This group uses SNMPv3 with authentication - TP-Link TL-SG5426 | User Guide - Page 346
issued by the switch as trap messages by default. The recipient of a trap message does not send a response to the switch. Traps are a remote user (page 4-113). • The switch can send SNMP Version 1, 2c or 3 notifications to a host IP address, depending on the SNMP version that the management - TP-Link TL-SG5426 | User Guide - Page 347
supports. If the snmp-server host command does not specify the SNMP version, the default SNMP user account will be generated, and the switch will authorize SNMP access for the host. link-up-down - Keyword to issue link-up or link-down notifications. Default Setting Issue authentication and link - TP-Link TL-SG5426 | User Guide - Page 348
). Example Console(config)#snmp-server enable traps link-up-down Console(config)# Related Commands snmp-server default. Syntax snmp-server engine-id {local | remote {ip-address}} engineid-string no snmp-server engine-id {local | remote {ip-address}} • local - Specifies the SNMP engine on this switch - TP-Link TL-SG5426 | User Guide - Page 349
• A local engine ID is automatically generated that is unique to the switch. This is referred to as the default engine ID. If the local engine ID is deleted or changed, all SNMP engineBoots: 1 Remote SNMP engineID 80000000030004e2b316c54321 Console# IP address 192.168.1.19 Table 4-38 show snmp - TP-Link TL-SG5426 | User Guide - Page 350
mask a specific portion of the OID string. (Refer to the examples.) • included - Defines an included view. • excluded - Defines an excluded view. Default Setting defaultview (includes access to the entire MIB tree) Command Mode Global Configuration Command Usage • Views are used in the snmp-server - TP-Link TL-SG5426 | User Guide - Page 351
4 Command Line Interface show snmp view This command shows information on the SNMP views. Command Mode Privileged Exec Example Console#show snmp view View Name: mib-2 Subtree OID: 1.2.2.3.6.2.1 View Type: included Storage Type: permanent Row Status: active View Name: defaultview Subtree OID: 1 View - TP-Link TL-SG5426 | User Guide - Page 352
4 SNMP Commands Default Setting • Default groups: public17 (read only), private18 (read/write) • readview - Every object the notification messages supported by this switch, see "Supported Notification Messages" on page 5-13. Also, note that the authentication, link-up and link-down messages are - TP-Link TL-SG5426 | User Guide - Page 353
4 Command Line Interface show snmp group Four default groups are provided - SNMPv1 read-only access and read/write access, and SNMPv2c read-only access and read/write access. Command Mode Privileged Exec Example - TP-Link TL-SG5426 | User Guide - Page 354
a specific SNMP Read, Write, or Notify View. Use the no form to remove a user from an SNMP group. Syntax snmp-server user username groupname [remote ip-address] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv-password]] no snmp-server user username {v1 | v2c | v3 | remote - TP-Link TL-SG5426 | User Guide - Page 355
4 Command Line Interface Default Setting None Command Mode Global Configuration Command Usage • The SNMP device where the user resides. Then use the snmp-server user command to specify the user and the IP address for the remote device where the user resides. The remote agent's SNMP engine ID is used - TP-Link TL-SG5426 | User Guide - Page 356
4 SNMP Commands show snmp user This command shows information on SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile Row Status: active SNMP - TP-Link TL-SG5426 | User Guide - Page 357
or set communication parameters for an Ethernet port, aggregated link, or VLAN. Table 4-42 Interface Commands Command Function Mode interface Configures Unit 1) - port - Port number. (Range: 1-26) • port-channel channel-id (Range: 1-4) • vlan vlan-id (Range: 1-4094) Default Setting None 4-116 - TP-Link TL-SG5426 | User Guide - Page 358
command configures the speed and duplex mode of a given interface when autonegotiation is disabled. Use the no form to restore the default. Syntax speed-duplex {1000full | 100full | 100half | 10full | 10half} no speed-duplex • 1000full - Forces 1000 Mbps full-duplex operation • 100full - Forces 100 - TP-Link TL-SG5426 | User Guide - Page 359
Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • When auto-negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command. When auto-negotiation is disabled, you must manually specify the link - TP-Link TL-SG5426 | User Guide - Page 360
for asymmetric pause frames. (The current switch ASIC only supports symmetric pause frames.) Default Setting • 100BASE-TX: 10half, 10full, switch will negotiate the best settings for a link based on the capabilites command. When auto-negotiation is disabled, you must manually specify the link - TP-Link TL-SG5426 | User Guide - Page 361
flow control. Syntax [no] flowcontrol Default Setting Disabled Command Mode Interface Configuration from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall - TP-Link TL-SG5426 | User Guide - Page 362
a disabled interface, use the no form. Syntax [no] shutdown Default Setting All interfaces are enabled. Command Mode Interface Configuration (Ethernet, to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also want to disable a port for - TP-Link TL-SG5426 | User Guide - Page 363
as a rate; i.e., kilobits per second. (Range: 500-262143) Default Setting Enabled for all ports Packet-rate limit: 500 pps Command Mode Interface . However, the specified threshold value applies to all ports on the switch. Example The following shows how to configure broadcast storm control at 500 - TP-Link TL-SG5426 | User Guide - Page 364
will show the absolute value accumulated since the last power reset. Example The following example clears statistics on port 5. (Range: 1-26) • port-channel channel-id (Range: 1-4) • vlan vlan-id (Range: 1-4094) Default Setting Shows the status for all interfaces. Command Mode Normal Exec, Privileged - TP-Link TL-SG5426 | User Guide - Page 365
Link status: Up Port operation status: Up Operation speed-duplex: 100full Flow control type: None Console#show interfaces status vlan 1 Information of VLAN (Range: 1-26) • port-channel channel-id (Range: 1-4) Default Setting Shows the counters for all interfaces. Command Mode Normal Exec, - TP-Link TL-SG5426 | User Guide - Page 366
[interface] interface • ethernet unit/port - unit - Stack unit. (Range: Unit 1) - port - Port number. (Range: 1-26) • port-channel channel-id (Range: 1-4) Default Setting Shows all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all - TP-Link TL-SG5426 | User Guide - Page 367
is always enabled. Acceptable frame type Shows if acceptable VLAN frames include all types or tagged frames only (page 4-171). Native VLAN Indicates the default Port VLAN ID (page 4-172). Priority for untagged traffic Indicates the default priority for untagged frames (page 4-184). Gvrp status - TP-Link TL-SG5426 | User Guide - Page 368
number. (Range: 1-26) • rx - Mirror received packets. • tx - Mirror transmitted packets. Default Setting No mirror session is defined. Command Mode Interface Configuration (Ethernet, destination port) Command Usage • You , the target port must be included in the same VLAN as the source port 4-127 - TP-Link TL-SG5426 | User Guide - Page 369
Command Line Interface Example The following example configures the switch to mirror received packets from port 6 to 11: Stack unit. (Range: Unit 1) • port - Port number. (Range: 1-26) Default Setting Shows all sessions. Command Mode Privileged Exec Command Usage This command displays the currently - TP-Link TL-SG5426 | User Guide - Page 370
to define the rate limit level for a specific interface. Use this command without specifying a rate to restore the default rate limit level. Use the no form to restore the default status of disabled. Syntax rate-limit [rate] no rate-limit • input - Input rate limit - TP-Link TL-SG5426 | User Guide - Page 371
to comply with LACP. This switch supports up to 32 trunks. For example, a trunk consisting of two 1000 Mbps ports can support an aggregate bandwidth of 4 Gbps when operating at full duplex. Table 4-46 Link Aggregation Commands Command Function Mode Manual Configuration Commands interface port - TP-Link TL-SG5426 | User Guide - Page 372
a VLAN via the specified port-channel. • STP, VLAN, and a link goes down, LACP port priority is used to select the backup link. Default Setting The current port will be added to this trunk. Command Mode Interface Configuration (Ethernet) Command Usage • When configuring static trunks, the switches - TP-Link TL-SG5426 | User Guide - Page 373
.3ad Link Aggregation Control Protocol (LACP) for the current interface. Use the no form to disable it. Syntax [no] lacp Default Setting trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID. • If the target switch has also enabled LACP - TP-Link TL-SG5426 | User Guide - Page 374
• actor - The local side an aggregate link. • partner - The remote side of an aggregate link. • priority - This priority is used to determine link aggregation group (LAG) membership, and to identify this device to other switches during LAG negotiations. (Range: 0-65535) Default Setting 32768 4-133 - TP-Link TL-SG5426 | User Guide - Page 375
to join the same LAG. • System priority is combined with the switch's MAC address to form the LAG identifier. This identifier is used same value for ports that belong to the same link aggregation group (LAG). (Range: 0-65535) Default Setting 0 Command Mode Interface Configuration (Ethernet) Command - TP-Link TL-SG5426 | User Guide - Page 376
is used to identify a specific link aggregation group (LAG) during local LACP setup on this switch. (Range: 0-65535) Default Setting 0 Command Mode Interface longer used, the port channel admin key is reset to 0. Example Console(config)#interface port-channel 1 Console(config-if)#lacp actor - TP-Link TL-SG5426 | User Guide - Page 377
actor | partner} port-priority • actor - The local side an aggregate link. • partner - The remote side of an aggregate link. • priority - LACP port priority is used to select a backup link. (Range: 0-65535) Default Setting 32768 Command Mode Interface Configuration (Ethernet) Command Usage • Setting - TP-Link TL-SG5426 | User Guide - Page 378
4 Link Aggregation Commands Default Setting Port Channel: all Command Mode Privileged Exec Example Console#show lacp 1 counters Priority : 32768 Admin Key : 4 Oper Key : 4 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State : distributing, collecting, synchronization, - TP-Link TL-SG5426 | User Guide - Page 379
defaulted operational partner information, administratively configured for the partner. • Distributing - If false, distribution of outgoing frames on this link protocol information. • Collecting - Collection of incoming frames on this link is enabled; i.e., collection is currently enabled and is not - TP-Link TL-SG5426 | User Guide - Page 380
4 32768 00-12-CF-8F-2C-A7 Console# Table 4-50 show lacp sysid - display description Field Description Channel group A link aggregation group configured on this switch. System Priority* LACP system priority for this channel group. System MAC Address* System MAC address. * The LACP system - TP-Link TL-SG5426 | User Guide - Page 381
: 1-26) • port-channel channel-id (Range: 1-4) • vlan-id - VLAN ID (Range: 1-4094) • action - - delete-on-reset - Assignment lasts until the switch is reset. - permanent - Assignment is permanent. Default Setting No static addresses are defined. The default mode is permanent. Command Mode Global - TP-Link TL-SG5426 | User Guide - Page 382
addresses will not be removed from the address table when a given interface link is down. • Static addresses are bound to the assigned interface and will table static 00-12-cf-94-34-de interface ethernet 1/1 vlan 1 delete-on-reset Console(config)# clear mac-address-table dynamic This command removes - TP-Link TL-SG5426 | User Guide - Page 383
Example Console#show mac-address-table Interface Mac Address Vlan Type Eth 1/1 00-12-cf-94-34-de 1 Delete-on-reset Trunk 2 00-12-cf-8f-aa-1b 1 time. (Range: 10-30000 seconds; 0 to disable aging) Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time - TP-Link TL-SG5426 | User Guide - Page 384
-address-table aging-time 100 Console(config)# show mac-address-table aging-time This command shows the aging time for entries in the address table. Default Setting None Command Mode Privileged Exec Example Console#show mac-address-table aging-time Aging time: 100 sec. Console# 4-143 - TP-Link TL-SG5426 | User Guide - Page 385
Algorithm (STA) globally for the switch, and commands that configure STA GC Changes to MSTP configuration mode GC Adds VLANs to a spanning tree instance MST Configures the priority Sets an interface to fast forwarding IC Configures the link type for RSTP/MSTP IC Configures the path cost - TP-Link TL-SG5426 | User Guide - Page 386
form to disable it. Syntax [no] spanning-tree Default Setting Spanning tree is enabled. Command Mode Global Configuration Command Usage The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the - TP-Link TL-SG5426 | User Guide - Page 387
When operating multiple VLANs, we recommend selecting the MSTP option. • Rapid Spanning Tree Protocol RSTP supports connections to either the spanning tree bridge forward time globally for this switch. Use the no form to restore the default. Syntax spanning-tree forward-time seconds no spanning-tree - TP-Link TL-SG5426 | User Guide - Page 388
-time 20 Console(config)# spanning-tree hello-time This command configures the spanning tree bridge hello time globally for this switch. Use the no form to restore the default. Syntax spanning-tree hello-time time no spanning-tree hello-time time - Time in seconds. (Range: 1-10 seconds). The maximum - TP-Link TL-SG5426 | User Guide - Page 389
4 Command Line Interface spanning-tree max-age This command configures the spanning tree bridge maximum age globally for this switch. Use the no form to restore the default. Syntax spanning-tree max-age seconds no spanning-tree max-age seconds - Time in seconds. (Range: 6-40 seconds) The minimum - TP-Link TL-SG5426 | User Guide - Page 390
method This command configures the path cost method used for Rapid Spanning Tree and Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree pathcost method {long | short} no spanning-tree pathcost method • long - Specifies 32-bit based values that range from 1-200,000 - TP-Link TL-SG5426 | User Guide - Page 391
-tree mst-configuration This command changes to Multiple Spanning Tree (MST) configuration mode. Default Setting • No VLANs are mapped to any MST instance. • The region name is set the switch's MAC address. Command Mode Global Configuration Example Console(config)#spanning-tree mst-configuration - TP-Link TL-SG5426 | User Guide - Page 392
of a new topology for the failed instance. • By default all VLANs are assigned to the Internal Spanning Tree (MSTI 0) that connects all bridges and LANs within the MST region. This switch supports up to 58 instances. You should try to group VLANs which cover the same general area of your network - TP-Link TL-SG5426 | User Guide - Page 393
lowest MAC address will then become the root device. • You can set this switch to act as the MSTI root device by specifying a priority of 0, or name. Syntax name name name - Name of the spanning tree. Default Setting Switch's MAC address Command Mode MST Configuration Command Usage The MST region - TP-Link TL-SG5426 | User Guide - Page 394
the revision number for this multiple spanning tree configuration of this switch. Use the no form to restore the default. Syntax revision number number - Revision number of the spanning tree. (Range: 0-65535) Default Setting 0 Command Mode MST Configuration Command Usage The MST region name - TP-Link TL-SG5426 | User Guide - Page 395
: • Ethernet: 200,000-20,000,000 • Fast Ethernet: 20,000-2,000,000 • Gigabit Ethernet: 2,000-200,000 • 10 Gigabit Ethernet: 200-20,000 Default Setting By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown - TP-Link TL-SG5426 | User Guide - Page 396
priority for a port. (Range: 0-240, in steps of 16) Default Setting 128 Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage all ports on a switch are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. - TP-Link TL-SG5426 | User Guide - Page 397
port. Use the no form to restore the default. Syntax [no] spanning-tree edge-port Default Setting Disabled Command Mode Interface Configuration (Ethernet, the interface changes state, and also overcomes other STA-related timeout problems. However, remember that Edge Port should only be enabled for - TP-Link TL-SG5426 | User Guide - Page 398
workstations and servers, and also overcome other STA related timeout problems. (Remember that fast forwarding should only be enabled for link. • shared - Shared medium. Default Setting auto Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • Specify a point-to-point link - TP-Link TL-SG5426 | User Guide - Page 399
ethernet 1/5 Console(config-if)#spanning-tree link-type point-to-point spanning-tree mst -200,000 - 10 Gigabit Ethernet: 200-20,000 Default Setting By default, the system automatically detects the speed and duplex mode instance is associated with a unique set of VLAN IDs. • This command is used by - TP-Link TL-SG5426 | User Guide - Page 400
Multiple Spanning Tree. Use the no form to restore the default. Syntax spanning-tree mst instance_id port-priority priority no spanning all interfaces on a switch are the same, the interface with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. - TP-Link TL-SG5426 | User Guide - Page 401
Privileged Exec Command Usage If at any time the switch detects STP BPDUs, including Configuration or Topology Change protocol-migration command at any time to manually re-check the appropriate BPDU format to (Range: 0-4094, no leading zeroes) Default Setting None Command Mode Privileged Exec 4-160 - TP-Link TL-SG5426 | User Guide - Page 402
tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree (CST) and for every interface in the mode: MSTP Spanning tree enable/disable: enable Instance: 0 Vlans configuration: 1-4094 Priority: 32768 Bridge Hello Time (sec.): - TP-Link TL-SG5426 | User Guide - Page 403
transitions: 1 Admin edge port: enable Oper edge port: disable Admin Link type: auto Oper Link type: point-to-point Spanning Tree Status: enable show spanning-tree configuration Mstp Configuration Information Configuration name: R&D Revision level:0 Instance Vlans 1 2 Console# 4-162 - TP-Link TL-SG5426 | User Guide - Page 404
to automatically register VLAN members on interfaces across the network. This section describes how to enable GVRP for individual interfaces and globally for the switch, as well as how to display default configuration settings for the Bridge Extension MIB. Note: GVRP is not supported in the current - TP-Link TL-SG5426 | User Guide - Page 405
gvrp Default Setting Disabled Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. This function should be enabled to permit automatic VLAN registration, and to support VLANs which - TP-Link TL-SG5426 | User Guide - Page 406
4 VLAN Commands switchport gvrp This command enables GVRP for a port. Use the no form to disable it. Syntax [no] switchport gvrp Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Example Console(config)#interface ethernet 1/6 Console(config-if)#switchport gvrp - TP-Link TL-SG5426 | User Guide - Page 407
) Command Usage • Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate. These values should not be changed - TP-Link TL-SG5426 | User Guide - Page 408
database mode to add, change, and delete VLANs Configures a VLAN, including VID, name and state Mode GC VC Page 4-167 4-168 vlan database This command enters VLAN database mode. All commands in this mode will take effect immediately. Default Setting None Command Mode Global Configuration 4-167 - TP-Link TL-SG5426 | User Guide - Page 409
only VLAN 1 exists and is active. Command Mode VLAN Database Configuration Command Usage • no vlan vlan-id deletes the VLAN. • no vlan vlan-id name removes the VLAN name. • no vlan vlan-id state returns the VLAN to the default state (i.e., active). • You can configure up to 255 VLANs on the switch - TP-Link TL-SG5426 | User Guide - Page 410
ID 105 and name RD5. The VLAN is activated by default. Console(config)#vlan database Console(config-vlan)#vlan 105 name RD5 media ethernet Console(config-vlan)# Related Commands show vlan (4-175) Configuring VLAN Interfaces Command interface vlan switchport mode switchport acceptable-frame-types - TP-Link TL-SG5426 | User Guide - Page 411
to VLAN 1, and then assign an IP address to the VLAN: Console(config)#interface vlan 1 Console(config-if)#ip address VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. Note that frames belonging to the port's default VLAN - TP-Link TL-SG5426 | User Guide - Page 412
frame types, any received frames that are untagged are assigned to the default VLAN. Example The following example shows how to restrict the traffic received on Note: Although the ingress filtering command is available, the switch has ingress filtering permanently set to enable. Therefore, trying - TP-Link TL-SG5426 | User Guide - Page 413
ingress-filtering Console(config-if)# switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id - Default VLAN ID for a port. (Range: 1-4094, no leading - TP-Link TL-SG5426 | User Guide - Page 414
parameter used when adding a VLAN to an interface tells the switch whether to keep or remove the tag from a frame on egress. • The interface can be added to a VLAN as an untagged member regardless of connected devices to this interface. The default setting is untagged VLAN 1. Note that each port - TP-Link TL-SG5426 | User Guide - Page 415
forbidden vlan • add vlan-list - List of VLAN identifiers to add. • remove vlan-list - List of VLAN identifiers to remove. • vlan-list - Separate nonconsecutive VLAN identifiers with a comma and no spaces; use a hyphen to designate a range of IDs. Do not enter leading zeros. (Range: 1-4094). Default - TP-Link TL-SG5426 | User Guide - Page 416
string from 1 to 32 characters. • private-vlan - For an explanation of this command see "show vlan private-vlan" on page 4-184 - private-vlan-type - Indicates the private vlan type. (Options: Community, Isolated, Primary) Default Setting Shows all VLANs. Command Mode Normal Exec, Privileged Exec - TP-Link TL-SG5426 | User Guide - Page 417
service provider's network even when they use the same customer-specific VLAN IDs. QinQ tunneling expands VLAN space by using a VLAN-in-VLAN SPVLAN as a tagged member (switchport allowed vlan, page 4-173). dot1q-tunnel system-tunnel-control This command sets the switch to operate in QinQ mode. Use - TP-Link TL-SG5426 | User Guide - Page 418
4 VLAN Commands Default Setting Disabled Command Mode Global Configuration Command Usage QinQ tunnel mode must be enabled on the switch for QinQ interface settings to be functional. Example Console(config)#dot1q-tunnel system-tunnel-control Console(config)# Related Commands show dot1q-tunnel (4-178) - TP-Link TL-SG5426 | User Guide - Page 419
) value of a tunnel port. Use the no form to restore the default setting. Syntax switchport dot1q-tunnel tpid tpid no switchport dot1q-tunnel tpid tpid upon as untagged frames, and assigned to the native VLAN of that port. • All ports on the switch will be set to the same ethertype. Example Console - TP-Link TL-SG5426 | User Guide - Page 420
Function Enables and configured private VLANS Displays the configured private VLANS Mode GC PE Page 4-179 4-180 pvlan This command enables or configures a private VLAN. Use the no form to disable the private VLAN. Syntax pvlan [up-link interface-list down-link interface-list ] no pvlan 4-179 - TP-Link TL-SG5426 | User Guide - Page 421
- Sepcifies an uplink interface. • down-link - Sepcifies a downlink interface. Default Setting No private VLANs are defined. Command Mode Global Configuration Command Usage • A private VLAN provides port-based security and isolation between ports within the VLAN. Data traffic on the downlink ports - TP-Link TL-SG5426 | User Guide - Page 422
of configuration deprives users of the basic benefits of VLANs, including security and easy accessibility. To avoid these problems, you can configure this switch with protocol-based VLANs that divide the physical network into logical VLAN groups for each required protocol. When a frame is received - TP-Link TL-SG5426 | User Guide - Page 423
, and user-defined (0801-FFFF hexadecimal). Default Setting No protocol groups are configured. Command Mode Global Configuration Example The following creates protocol group 1, and specifies Ethernet frames with IP and ARP protocol types: Console(config)#protocol-vlan protocol-group 1 add frame-type - TP-Link TL-SG5426 | User Guide - Page 424
- Group identifier for a protocol group. (Range: 1-2147483647) Default Setting All protocol groups are displayed. Command Mode Privileged Exec Example This shows protocol group 1 configured for IP over Ethernet: Console#show protocol-vlan protocol-group ProtocolGroup ID Frame Type Protocol Type - TP-Link TL-SG5426 | User Guide - Page 425
frame priority tags to the switch's priority queues. Command Groups Priority (Layer 2) Priority (Layer 3 and 4) Table 4-61 Priority Commands Function Configures default priority for untagged frames, sets queue weights, and maps class of service tags to hardware queues Maps IP DSCP tags to class of - TP-Link TL-SG5426 | User Guide - Page 426
bandwidth at the egress ports by using scheduling weights 1, 2, 4, 8 for queues 0 - 3 respectively. Default Setting Weighted Round Robin Command Mode Global Configuration Command Usage You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority - TP-Link TL-SG5426 | User Guide - Page 427
bits will be used. • This switch provides eight priority queues for each port. It is configured to use Weighted Round Robin, which can be viewed with the show queue bandwidth command. Inbound frames that do not have VLAN tags are tagged with the input port's default ingress user priority, and then - TP-Link TL-SG5426 | User Guide - Page 428
ID. It is a space-separated list of numbers. The CoS value is a number from 0 to 7, where 7 is the highest priority. Default Setting This switch supports Class of Service by using four priority queues, with Weighted Round Robin queuing for each port. Eight separate traffic classes are defined in - TP-Link TL-SG5426 | User Guide - Page 429
7 Priority Queue: 0 1 2 1 2 2 3 3 Console# Related Commands show queue cos-map (4-189) show queue mode This command shows the current queue mode. Default Setting None Command Mode Privileged Exec Example Console#show queue mode Queue mode: wrr Console# show queue bandwidth This command displays the - TP-Link TL-SG5426 | User Guide - Page 430
26) • port-channel channel-id (Range: 1-4) Default Setting None Command Mode Privileged Exec Example Console#show ip dscp map ip dscp show map ip dscp Table 4-64 Priority Commands (Layer 3 and 4) Function Enables IP DSCP class of service mapping Maps IP DSCP value to a class of service Shows the IP - TP-Link TL-SG5426 | User Guide - Page 431
Point priority). Use the no form to restore the default table. Syntax map ip dscp dscp-value cos cos-value no map ip dscp • dscp-value - 8-bit DSCP value. (Range: 0-63) • cos-value - Class-of-Service value (Range: 0-7) Default Setting The DSCP default values are defined in the following table. Note - TP-Link TL-SG5426 | User Guide - Page 432
Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The precedence for priority mapping is IP DSCP, and default switchport priority. • DSCP priority values are mapped to default Class of Service values according to recommendations in the IEEE 802.1p standard, and then subsequently - TP-Link TL-SG5426 | User Guide - Page 433
The commands described in this section are used to configure Differentiated Services (DiffServ) classification criteria and service policies. You can classify traffic based on access lists, IP Precedence or DSCP values, or VLANs. Using access lists allows you select traffic based on Layer 2, Layer - TP-Link TL-SG5426 | User Guide - Page 434
specify type of traffic based on an access list, a DSCP or IP Precedence value, or a VLAN. 3. Set an ACL mask to enable filtering for the criteria specified rate, or just reduce the DSCP service level for traffic exceeding the specified rate. 7. Use the service-policy command to assign a policy map - TP-Link TL-SG5426 | User Guide - Page 435
the class map. (Range: 1-16 characters) Default Setting None Command Mode Global Configuration Command Usage service policy (page 4-199) for a specific interface that defines packet classification, service tagging -list acl-name | ip dscp dscp | ip precedence ip-precedence | vlan vlan} • acl-name - - TP-Link TL-SG5426 | User Guide - Page 436
4 Quality of Service Commands • vlan - A VLAN. (Range:1-4094) Default Setting None Command Mode Class Map sets it to match packets marked for IP Precedence service value 5: Console(config)#class-map rd_class#2 match-any Console(config-cmap)#match ip precedence 5 Console(config-cmap)# This - TP-Link TL-SG5426 | User Guide - Page 437
-name - Name of the class map. (Range: 1-16 characters) Default Setting None Command Mode Policy Map Configuration Command Usage • Use the policy the match criteria, where the: - set command classifies the service that an IP packet will receive. - police command defines the maximum throughput, - TP-Link TL-SG5426 | User Guide - Page 438
] set {cos new-cos | ip dscp new-dscp | ip precedence new-precedence |} • new-cos - New Class of Service (CoS) value. (Range: 0-7) • new-dscp - New Differentiated Service Code Point (DSCP) value. (Range: 0-63) • new-precedence - New IP Precedence value. (Range: 0-7) Default Setting None Command Mode - TP-Link TL-SG5426 | User Guide - Page 439
when specified rate or burst are exceeded. • set - Set DSCP service to the specified value. (Range: 0-63) Default Setting Drop out-of-profile packets. Command Mode Policy Map Class rd_class Console(config-pmap-c)#set ip dscp 3 Console(config-pmap-c)#police 100000 1522 exceed-action drop Console - TP-Link TL-SG5426 | User Guide - Page 440
(config-if)#service-policy input rd_policy Console(config-if)# show class-map This command displays the QoS class maps which define matching criteria used for classifying traffic. Syntax show class-map [class-map-name] class-map-name - Name of the class map. (Range: 1-16 characters) Default Setting - TP-Link TL-SG5426 | User Guide - Page 441
ip dscp 3 Class Map match-any rd_class#2 Match ip precedence 5 Class Map match-any rd_class#3 Match vlan Name of the class map. (Range: 1-16 characters) Default Setting Displays all policy maps and all classes. Command Mode ip dscp 3 Console# show policy-map interface This command displays the service - TP-Link TL-SG5426 | User Guide - Page 442
current snooping and query settings, and displays the multicast service and group members IGMP Query Configures IGMP query parameters ip igmp snooping leave-proxy Enables IGMP leave proxy on the switch ip igmp snooping immediate-leave Enables IGMP immediate leave for a VLAN interface show ip - TP-Link TL-SG5426 | User Guide - Page 443
IGMP snooping on this switch. Use the no form to disable it. Syntax [no] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static This command adds - TP-Link TL-SG5426 | User Guide - Page 444
igmp snooping leave-proxy This command enables IGMP leave proxy on the switch. Use the no form to disable the feature. Syntax [no] ip igmp snooping leave-proxy Default Setting Disabled Command Mode Global Configuration Command Usage • The IGMP snooping leave-proxy feature suppresses all unnecessary - TP-Link TL-SG5426 | User Guide - Page 445
a switch is set as the querier. Example Console(config)#ip igmp snooping leave-proxy Console(config)# ip igmp snooping immediate-leave This command enables IGMP immediate leave for specific VLAN. Use the no form to disable the feature for a VLAN. Syntax [no] ip igmp snooping immediate-leave Default - TP-Link TL-SG5426 | User Guide - Page 446
the current IGMP snooping configuration: Console#show ip igmp snooping Service status: Enabled Querier status: Enabled Leave vlan-id - VLAN ID (1 to 4094) • user - Display only the user-configured multicast entries. • igmp-snooping - Display only entries learned through IGMP snooping. Default - TP-Link TL-SG5426 | User Guide - Page 447
GC router-port-expire-time Page 4-206 4-206 4-207 4-208 4-208 ip igmp snooping querier This command enables the switch as an IGMP querier. Use the no form to disable it. Syntax [no] ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage If enabled, the - TP-Link TL-SG5426 | User Guide - Page 448
interval. Use the no form to restore the default. Syntax ip igmp snooping query-interval seconds no ip igmp snooping query-interval seconds - The frequency at which the switch sends IGMP host-query messages. (Range: 60-125) Default Setting 125 seconds Command Mode Global Configuration Example The - TP-Link TL-SG5426 | User Guide - Page 449
This command configures the query timeout. Use the no form to restore the default. Syntax ip igmp snooping router-port-expire-time seconds no ip igmp snooping router-port-expire-time seconds - The time the switch waits after the previous querier stops before it considers the router port (i.e., the - TP-Link TL-SG5426 | User Guide - Page 450
switch must use IGMPv2 for this command to take effect. Example The following shows how to configure the default timeout to 300 seconds: Console(config)#ip form to remove the configuration. Syntax [no] ip igmp snooping vlan vlan-id mrouter interface • vlan-id - VLAN ID (Range: 1-4094) • interface • - TP-Link TL-SG5426 | User Guide - Page 451
a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to ip igmp snooping mrouter [vlan vlan-id] vlan-id - VLAN ID (Range: 1-4094) Default Setting Displays multicast router ports for all configured VLANs - TP-Link TL-SG5426 | User Guide - Page 452
switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service filtering and throttling on the switch. Use the no form to disable the feature. Syntax [no] ip igmp filter Default Setting Disabled Command Mode Global - TP-Link TL-SG5426 | User Guide - Page 453
profile configuration mode. Use the no form to delete a profile number. Syntax [no] ip igmp profile profile-number profile-number - An IGMP filter profile number. (Range:1-4294967295) Default Setting Disabled Command Mode Global Configuration Command Usage A profile defines the multicast groups that - TP-Link TL-SG5426 | User Guide - Page 454
(Interface Configuration) This command assigns an IGMP filtering profile to an interface on the switch. Use the no form to remove a profile from an interface. Syntax [no] ip igmp filter profile-number profile-number - An IGMP filter profile number. (Range:1-4294967295) Default Setting None 4-213 - TP-Link TL-SG5426 | User Guide - Page 455
(config)#interface ethernet 1/1 Console(config-if)#ip igmp filter 19 Console(config-if)# ip igmp max-groups This command sets the IGMP throttling number for an interface on the switch. Use the no form to restore the default setting. Syntax ip igmp max-groups number no ip igmp max-groups number - The - TP-Link TL-SG5426 | User Guide - Page 456
IGMP throttling action for an interface on the switch. Syntax ip igmp max-groups action {replace | deny} • replace - The new multicast group replaces an existing group. • deny - The new multicast group join report is dropped. Default Setting Deny Command Mode Interface Configuration Command Usage - TP-Link TL-SG5426 | User Guide - Page 457
displays IGMP filtering profiles created on the switch. Syntax show ip igmp profile [profile-number] profile-number - An existing IGMP filter profile number. (Range: 1-4294967295) Default Setting None Command Mode Privileged Exec Example Console#show ip igmp profile IGMP Profile 19 IGMP Profile - TP-Link TL-SG5426 | User Guide - Page 458
Default Setting None Command Mode Privileged Exec Command Usage Using this command without specifying an interface displays all interfaces. Example Console#show ip as television channels) across a service provider's network. Any multicast traffic entering an MVR VLAN is sent to all subscribers. - TP-Link TL-SG5426 | User Guide - Page 459
VLAN Registration (MVR) globally on the switch, statically configures MVR multicast group IP address(es) using the group keyword, or specifies the MVR VLAN identifier using the vlan vlan keyword restore the default MVR VLAN. Syntax [no] mvr [group ip-address [count] | vlan vlan-id] • ip-address - IP - TP-Link TL-SG5426 | User Guide - Page 460
the MVR VLAN using the group keyword. Use the no form to restore the default settings. Syntax [no] mvr {type {receiver | source} | immediate | group ip-address} the switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group. • ip-address - TP-Link TL-SG5426 | User Guide - Page 461
different VLANs, but should not be configured as a member of the MVR VLAN. immediate leave is disabled, the switch follows the standard rules by multicast subscriber to avoid disrupting services to other group members attached join or leave an MVR group (see ip igmp snooping on page 4-202). Note that - TP-Link TL-SG5426 | User Guide - Page 462
: 1-12) • ip-address - IP address for an MVR multicast group. (Range: 224.0.1.0 - 239.255.255.255) Default Setting Displays global configuration switch. MVR running status Indicates whether or not all necessary conditions in the MVR environment are satisfied. MVR multicast vlan Shows the VLAN - TP-Link TL-SG5426 | User Guide - Page 463
"ACTIVE" if MVR is globally enabled on the switch. MVR status for receiver ports is "ACTIVE" IP Status Members Table 4-75 show mvr members - display description Description Multicast groups assigned to the MVR VLAN with subscribers for multicast services provided through the MVR VLAN. Also shows if - TP-Link TL-SG5426 | User Guide - Page 464
may be used for management access to the switch over your network. The IP address for this switch is obtained via DHCP by default. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server when it is powered on. You may also need - TP-Link TL-SG5426 | User Guide - Page 465
or by rebooting the switch. Note: Only one VLAN interface can be assigned an IP address (the default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the - TP-Link TL-SG5426 | User Guide - Page 466
or IP alias of the host. • size - Number of bytes in a packet. (Range: 32-512, default: 32) The actual packet size will be eight bytes larger than the size specified because the switch adds header information. • count - Number of packets to send. (Range: 1-16, default: 5) Default Setting This - TP-Link TL-SG5426 | User Guide - Page 467
to work and vice versa. Command ip source-guard ip source-guard binding show ip source-guard show ip source-guard binding Table 4-77 IP Source Guard Commands Function Configures the switch to filter inbound traffic based on source IP address, or source IP address and corresponding MAC address Adds - TP-Link TL-SG5426 | User Guide - Page 468
IP addresses and corresponding MAC addresses stored in the binding table. Default the "sip" option to check the VLAN ID, source IP address, and port number against all manually configured lease time. • If the IP source guard is enabled, an inbound packet's IP address (sip option) or both its IP - TP-Link TL-SG5426 | User Guide - Page 469
DHCP snooping binding, the packet will be forwarded. - If IP source guard if enabled on an interface for which IP source bindings (dynamically learned via DHCP snooping or manually configured) are not yet configured, the switch will drop all IP traffic on that port, except for DHCP packets. Example - TP-Link TL-SG5426 | User Guide - Page 470
source-guard binding 11-22-33-44-55-66 vlan 1 192.168.0.99 interface ethernet 1/5 Console(config-if)# Related Commands ip source-guard (4-227) ip dhcp snooping (4-231) ip dhcp snooping vlan (4-233) show ip source-guard This command shows whether source guard is enabled or disabled on each interface - TP-Link TL-SG5426 | User Guide - Page 471
ip source-guard binding MacAddress IpAddress Lease(sec) Type VLAN Interface 11-22-33-44-55-66 192.168.0.99 0 Static 1 Eth 1/5 Console# DHCP Snooping Commands DHCP snooping allows a switch to restore the default setting. Syntax [no] ip dhcp snooping Default Setting Disabled Command Mode - TP-Link TL-SG5426 | User Guide - Page 472
VLAN interface by the ip dhcp snooping vlan command (page 4-233), DHCP messages received on an untrusted interface (as specified by the no ip packet is from a client, such as a DECLINE or RELEASE message, the switch forwards the packet only if the corresponding entry is found in the binding table. - TP-Link TL-SG5426 | User Guide - Page 473
switch. Console(config)#ip dhcp snooping Console(config)# Related Commands ip dhcp snooping vlan (4-233) ip dhcp snooping trust (4-234) ip dhcp snooping vlan This command enables DHCP snooping on the specified VLAN. Use the no form to restore the default setting. Syntax [no] ip dhcp snooping vlan - TP-Link TL-SG5426 | User Guide - Page 474
with this command, DHCP packet filtering will be performed on any untrusted ports within the VLAN according to the default status, or as specifically configured for an interface with the no ip dhcp snooping trust command. • When an untrusted port is changed to a trusted port, all the dynamic DHCP - TP-Link TL-SG5426 | User Guide - Page 475
ip dhcp snooping (4-231) ip dhcp snooping vlan (4-233) ip dhcp snooping trust (4-234) ip dhcp snooping information option This command enables the DHCP Option 82 information relay for the switch. Use the no form to disable this function. Syntax [no] ip dhcp snooping information option Default - TP-Link TL-SG5426 | User Guide - Page 476
policy for DHCP client packets that include Option 82 information. Syntax ip dhcp snooping information policy • drop VLAN. • keep - Retains the client's DHCP information • replace - Overwrites the DHCP client packet information with the switch's relay information. Default - TP-Link TL-SG5426 | User Guide - Page 477
Exec Example Console#show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface 11-22-33-44-55-66 192.168.0.99 0 Static 1 Eth 1/5 Console# Switch Cluster Commands Switch Clustering is a method of grouping switches together to enable centralized management - TP-Link TL-SG5426 | User Guide - Page 478
first be sure that clustering is enabled on the switch (the default is enabled), then set the switch as a Cluster Commander. Set a Cluster IP Pool that does not conflict with any other IP subnets in the network. Cluster IP addresses are assigned to switches when they become Members and are used for - TP-Link TL-SG5426 | User Guide - Page 479
These "Candidate" switches only become cluster Members when manually selected by the administrator through the management station. Example Console(config)#cluster commander Console(config)# cluster ip-pool This command sets the cluster IP address pool. Use the no form to reset to the default address - TP-Link TL-SG5426 | User Guide - Page 480
MAC address of the Candidate switch. member-id - The ID number to assign to the Member switch. (Range: 1-16) Default Setting No Members Command Mode Global Telnet connection to the Commander switch. Managing cluster Members using the local console CLI on the Commander is not supported. • There is no - TP-Link TL-SG5426 | User Guide - Page 481
# show cluster members This command shows the current switch cluster members. Command Mode Privileged Exec Example Console#show cluster members Cluster Members: ID: 1 Role: Active member IP Address: 10.254.254.2 MAC Address: 00-12-cf-23-49-c0 Description: TL-SG5426 Console# 4-241 - TP-Link TL-SG5426 | User Guide - Page 482
Interface show cluster candidates This command shows the discovered Candidate switches in the network. Command Mode Privileged Exec Example Console#show cluster candidates Cluster Candidates: Role Mac Description ACTIVE MEMBER 00-12-cf-23-49-c0 TL-SG5426 CANDIDATE 00-12-cf-0b-47-a0 - TP-Link TL-SG5426 | User Guide - Page 483
to 256 groups; port-based or tagged (802.1Q), Private VLANs Protocol-based VLANs Class of Service Supports 4 levels of priority and Weighted Round Robin Queueing (which can be configured by VLAN tag or port), Layer 3/4 priority mapping: IP DSCP Multicast Filtering IGMP Snooping (Layer 2) Multicast - TP-Link TL-SG5426 | User Guide - Page 484
Quality of Service DiffServ supports class maps, policy maps, and service policies Additional Features BOOTP client SNTP (Simple Network Time Protocol) SNMP (Simple Network Management Protocol) RMON (Remote Monitoring, groups 1,2,3,9) SMTP Email Alerts DHCP Snooping IP Source Guard Switch Clustering - TP-Link TL-SG5426 | User Guide - Page 485
2.0) TFTP (RFC 1350) Management Information Bases Bridge MIB (RFC 1493) Differentiated Services MIB (RFC 3289) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665 2933) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) IP Multicasting related MIBs MAU MIB (RFC 2668) MIB II (RFC 1213) Port - TP-Link TL-SG5426 | User Guide - Page 486
A Software Specifications A-4 - TP-Link TL-SG5426 | User Guide - Page 487
. • Be sure you have configured the VLAN interface through which the management station is connected with a valid IP address, subnet mask and default gateway. • Be sure the management station has an IP address in the same subnet as the switch's IP interface to which it is connected. • If - TP-Link TL-SG5426 | User Guide - Page 488
Troubleshooting Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch . 6. Contact your distributor's service engineer. For example: Console(config - TP-Link TL-SG5426 | User Guide - Page 489
prevent blockage of lower-level queues. Priority may be set according to the port default, the packet's priority bit (in the VLAN tag), TCP/UDP port number, or DSCP priority bit. Differentiated Services Code Point Service (DSCP) DSCP uses a six-bit tag to provide for up to 64 different forwarding - TP-Link TL-SG5426 | User Guide - Page 490
a standard way for VLANs to communicate across switched networks. IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet extensions for VLAN tagging. IEEE 802.3x Defines Ethernet frame start/stop requests and timers used for flow control on full-duplex links. (Now - TP-Link TL-SG5426 | User Guide - Page 491
Management Management of the network from a station attached directly to the network. IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts. Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to - TP-Link TL-SG5426 | User Guide - Page 492
to a monitor port for troubleshooting with a logic analyzer links. Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. Remote Authentication Dial-in User Service - TP-Link TL-SG5426 | User Guide - Page 493
for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP - TP-Link TL-SG5426 | User Guide - Page 494
LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. A VLAN serves as a logical workgroup with no physical barriers, and allows users to share information and resources as though located on the same LAN - TP-Link TL-SG5426 | User Guide - Page 495
54 255.255.255.0 on VLAN 1, and address mode: DHCP. Console# Related Commands ip address (4-223) show ip interface This command displays the settings of an IP interface. Default Setting All interfaces Command Mode Privileged Exec Example Console#show ip interface IP address and netmask: 192.168 - TP-Link TL-SG5426 | User Guide - Page 496
port 3-144, 4-185 default settings, system 1-6 DHCP 3-16, 4-223 client 3-14 dynamic configuration 2-5 DHCP snooping global configuration 4-231, 4-238, 4-239 specifying trusted interfaces 4-234 verifying MAC addresses 4-235, 4-236 VLAN configuration 4-233 Differentiated Code Point Service See DSCP - TP-Link TL-SG5426 | User Guide - Page 497
Index F firmware displaying version 3-11, 4-62 upgrading 3-18, 4-64 G GARP VLAN Registration Protocol See GVRP gateway, default 3-14, 4-224 GVRP global setting 3-125, 4-164 interface configuration 4-165 H hardware version, displaying 3-11, 4-62 HTTPS 3-52, 4-30 HTTPS, secure server 3-52, 4-30 I - TP-Link TL-SG5426 | User Guide - Page 498
default port ingress 3-144, 4-185 problems, troubleshooting B-1 profiles, IGMP filter 3-172 protocol migration 3-115, 4-160 PVLAN interface configuration 3-142, 3-143 Q QoS 3-154, 4-192 Quality of Service filtering IP addresses , 4-154-4-160, 4-161 link type 3-113, 3-115, - TP-Link TL-SG5426 | User Guide - Page 499
4-178 traffic class weights 3-148, 4-186 trap manager 2-7, 3-34, 4-104 troubleshooting B-1 trunk configuration 3-80, 4-130 LACP 3-82, 4-132 static 3-81, 4-131 U upgrading software 3-18 user password 3-46, 4-25, 4-26 V VLANs 3-122-3-142, ??-3-144, 4-163 802.1Q tunnel mode 3-138 adding static members
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
 |
 |
TL-SG5426
26-Port Gigabit Managed Switch
Rev: 1.0.0
191001010
5