Simplicity 3424 Spezifikationen Seite 1

TL-SG3210/TL-SG3216/TL-SG3424 JetStream L2 Managed Switch REV1.1.0 1910010717

IX access-list bind(interface)...149 access-list bin

88 Parameter ssl-cert —— The name of the SSL certificate which is selected to download to the switch. The length of the name ranges from 1 to 25 ch

89 show ip http secure-server Description The show ip http secure-server command is used to display the global configuration of SSL. Syntax show i

90 Chapter 17 MAC Address Commands MAC Address configuration can improve the network security by configuring the Port Security and maintaining the

91 mac address-table aging-time Description The mac address-table aging-time command is used to configure aging time for the dynamic address. To retu

92 Command Mode Global Configuration Mode Example Add a filtering address entry of which VLAN ID is 1 and MAC address is 00:1e:4b:04:01:5d: TL-SG3424

93 status —— Enable or disable the Port Security function for a specified port. By default, this function is disabled. Command Mode Interface Confi

94 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Aging Time of the MAC address: TL-SG3424(config)# show mac addres

95 Syntax show mac address-table interface gigabitEthernet port Parameter port —— The Ethernet port number. Command Mode Privileged EXEC Mode a

96 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the MAC address 00:00:00:00:23:00:00: TL-SG3424(co

97 Chapter 18 System Configuration Commands System Configuration Commands can be used to configure the system information and system IP of the switc

X ip igmp snooping(interface) ...169 ip igmp snooping i

98 GMT-11 —— TimeZone for Midway Island,Samoa. GMT-10 —— TimeZone for Hawaii. GMT-09 —— TimeZone for Alaska. GMT-08 —— TimeZone for Pacific Ti

99 system-time dst predefined Description The system-time dst predefined command is used to select a predefined DST configuration and the configurati

100 Parameter smonth —— Month to start, with the options: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec sday —— Day to start, rangi

101 stime —— Time to start, in the format of: hh:mm. eweek —— Week to end, with options: first, second, third, fourth, last. eday —— Day to end, w

102 location Description The location command is used to configure the system location. To clear the system location information, please use no locat

103 reset Description The reset command is used to reset the switch’s software. After resetting, all configuration of the switch will restore to the

104 Command Mode Privileged EXEC Mode Example Save current settings: TL-SG3424# copy running-config startup-config copy startup-config tftp Descripti

105 name —— Specify the name for the configuration file which would be downloaded. Command Mode Privileged EXEC Mode Example Download the configura

106 Syntax ping { ip_addr } [ -n count ] [ -l count ] [ -i count ] Parameter ip_addr —— The IP address of the destination node for ping test. -n c

107 Example Test the connectivity between the switch and the network device with the IP 192.168.0.131. If the destination device has not been found a

XI Chapter 28 Cluster Commands...195 cluster ndp...

108 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the time information of the switch: TL-SG3424# show system-time show

109 show system-info Description The show system-info command is used to display system description, system name, device location, system contact, ha

110 Chapter 19 Ethernet Configuration Commands Ethernet Configuration Commands can be used to configure the Bandwidth Control, Negotiation Mode and

111 User Guidelines Command in the Interface Range gigabitEthernet Mode is executed independently on all ports in the range. It does not effect the

112 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Disable port 3: TL-SG3424(config)

113 Parameter full | half —— The duplex mode of the Ethernet port. There are two options: full-duplex mode (default) and half-duplex mode. Command

114 storm-control broadcast Description The storm-control broadcast command is used to enable the broadcast control function. To disable the broadcas

115 Parameter rate —— Select the bandwidth for receiving multicast packets on the port. The packet traffic exceeding the bandwidth will be discarde

116 bandwidth Description The bandwidth command is used to configure the bandwidth limit for an Ethernet port. To disable the bandwidth limit, please

117 show interface status Description The show interface status command is used to display the connective-status of an Ethernet port. Syntax show int

1 Preface This Guide is intended for network administrator to provide referenced information about CLI (Command Line Interface). The switch or TL-SG3

118 show interface description Description The show interface description command is used to display the description of all ports or an Ethernet port

119 show interface configuration Description The show interface configuration command is used to display the configurations of all ports or an Ether

120 TL-SG3424(config)# show storm-control interface range gigabitEthernet 1/0/4-7 show bandwidth Description The show bandwidth command is used to

121 Chapter 20 QoS Commands QoS (Quality of Service) function is used to optimize the network performance. It provides you with network service expe

122 Syntax qos dscp no qos dscp Command Mode Global Configuration Mode User Guidelines DSCP (DiffServ Code Point) is a new definition to IP ToS field

123 User Guidelines 1. By default, the mapping relation between tag/cos and the egress queue is: 0-TC1, 1-TC0, 2-TC0, 3-TC1, 4-TC2, 5-TC2, 6-TC3, 7-

124 User Guidelines By default, the mapping relation between tag and the egress queue is: (0-7)-CoS 0, (8-15)-CoS 1, (16-23)-CoS 2, (24-31)-CoS 3, (3

125 equ —— Equal-Mode. In this mode, all the queues occupy the bandwidth equally. The weight value ratio of all the queues is 1:1:1:1. Command Mode

126 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of IEEE 802.1P Priority and the mapping relation b

127 show qos status Description The show qos status command is used to display the status of IEEE 802.1P priority and DSCP priority. Syntax show qo

2 commands used for monitoring the process of the Host obtaining the IP address from DHCP server, and record the IP address, MAC address, VLAN and th

128 Chapter 21 Port Mirror Commands Port Mirror refers to the process of forwarding copies of packets from one port to a monitoring port. Usually, t

129 monitor session source interface Description The monitor session source interface command is used to configure the monitored port. To delete t

130 TL-SG3424(config)# monitor session 1 source interface gigabitEthernet 1/0/4-5,1/0/7 rx Delete port 4 in monitor session 1 and its configuration:

131 Chapter 22 Port isolation Commands Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding th

132 Syntax show port isolation interface [ gigabitEthernet port ] Parameter port —— The number of Ethernet port you want to show its forward port

133 Chapter 23 Loopback Detection Commands With loopback detection feature enabled, the switch can detect loops using loopback detection packets. Wh

134 Example Specify the interval-time as 50 seconds: TL-SG3424(config)# loopback-detection interval 50 loopback-detection recovery-time Description T

135 TL-SG3424(config)# interface range gigabitEthernet 1/0/1-3 TL-SG3424(Config-if)# loopback-detection loopback-detection config Description The lo

136 Syntax loopback-detection recover Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example

137 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of loopback detection function and the status of a

3 Provide information about the commands used for configuring the Loopback Detection function. Chapter 24: ACL Commands Provide information about the

138 Chapter 24 ACL Commands ACL (Access Control List) is used to filter data packets by configuring a series of match conditions, operations and tim

139 Parameter start-date —— The start date in Absoluteness Mode, in the format of MM/DD/ YYYY. By default, it is 01/01/2000. end-date —— The end d

140 TL-SG3424(config-time-range)# periodic week-date off-day time-slice1 08:30-12:00 holiday Description The holiday command is used to configure the

141 Example Define National Day, configuring the start date as October 1st, and the end date as October 3rd: TL-SG3424(config)# holiday nationalday s

142 Example Create a MAC ACL whose ID is 23: TL-SG3424(config)# mac access-list 23 access-list standard Description The access-list standard command

143 255.255.255.0, the time-range for the rule to take effect is tSeg1, and the packets match this rule will be forwarded by the switch: TL-SG3424(co

144 tos—— Enter the IP ToS contained in the rule. pri —— Enter the IP Precedence contained in the rule. Command Mode Global Configuration Mode Exa

145 ethernet-type —— EtherType contained in the rule, in the format of 4-hex number. user-pri —— The user priority contained in the rule, ranging f

146 TL-SG3424(config)# access-list policy name policy1 access-list policy action Description The access-list policy action command is used to add ACL

147 policy to port 2: TL-SG3424(config)# access-list policy action policy1 120 TL-SG3424(config-action)# redirect interface gigabitEthernet 1/0/2 red

4 Chapter 1 Using the CLI 1.1 Accessing the CLI You can log on to the switch and access the CLI by the following two methods: 1. Log on to the sw

148 Command Mode Action Configuration Mode Example Edit the actions for policy1. For the data packets matching ACL 120 in the policy, if the rate bey

149 Parameter dscp —— DSCP of QoS Remark. Specify the DSCP region for the data packets matching the corresponding ACL. DSCP ranges from 0 to 63. By

150 access-list bind(vlan) Description The access-list bind command is used to bind a policy to a VLAN. To cancel the bind relation, please use no ac

151 Syntax show holiday Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the defined holiday: TL-SG3424(config)# show hol

152 Example Display the information of a policy named policy1: TL-SG3424(config)# show access-list policy policy1 show access-list bind Description T

153 Chapter 25 MSTP Commands MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s, can disbranch a r

154 TL-SG3424(config-if)# spanning-tree spanning-tree common-config Description The spanning-tree common-config command is used to configure the par

155 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the STP function of port 1

156 default configuration of the corresponding Instance, please use no spanning-tree mst configuration command. Syntax spanning-tree mst configuratio

157 Remove VLANs 1-50 in maping VLANs 1-100 for Instance 1: TL-SG3424(config)# spanning-tree mst configuration TL-SG3424(config-mst)# no instance 1 v

5 Figure 1-2 Connection Description 4. Select the port to connect in Figure 1-3, and click OK. Figure 1-3 Select the port to connect 5. Configure

158 TL-SG3424(config-mst)# revison 100 spanning-tree mst instance Description The spanning-tree mst instance command is used to configure the priorit

159 Parameter instance-id —— Instance ID, ranging from 1 to 8. pri —— Port Priority, which must be multiple of 16 ranging from 0 to 240. By defau

160 spanning-tree tc-defend Description The spanning-tree tc-defend command is used to configure the TC Protect of Spanning Tree globally. To return

161 Parameter forward-time —— Forward Delay, which is the time for the port to transit its state after the network topology is changed. Forward Dela

162 TL-SG3424(config)# spanning-tree hold-count 8 spanning-tree max-hops Description The spanning-tree max-hops command is used to configure the max

163 Example Enable the BPDU filter function for port 2: TL-SG3424(config)# interface gigabitEthernet 1/0/2 TL-SG3424(config-if)# spanning-tree bpdufi

164 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the Loop Protect function

165 removing MAC address entries, which may decrease the performance and stability of the network. With the Protect of Spanning Tree function enabled

166 Syntax show spanning-tree active Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the active information of spanning-

167 Example Display the spanning-tree information of all ports: TL-SG3424(config)# show spanning-tree interface Display the spanning-tree information

6 Figure 1-4 Port Settings 6. The DOS prompt” TL-SG3424>” will appear after pressing the Enter button as Figure 1-5 shown. It indicates that you

168 show spanning-tree mst Description The show spanning-tree mst command is used to display the related information of MST Instance. Syntax show sp

169 Chapter 26 IGMP Commands IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on Layer 2 switch.

170 TL-SG3424(config)# interface gigabitEthernet 1/0/3 TL-SG3424(config-if)# ip igmp snooping ip igmp snooping immediate-leave Description The ip igm

171 ip igmp snooping vlan-config Description The ip igmp snooping vlan-config command is used to enable VLAN IGMP Snooping function or to modify IGMP

172 Example Enable the IGMP Snooping function and modify Router Port Time as 300 seconds, Member Port Time as 200 seconds for VLAN1-3, and set the Le

173 leave-time —— Leave Time, which is the interval between the switch receiving a leave message from a host and the switch removing the host from th

174 Example Bind the filtering address ID 2-6 to port 3: TL-SG3424(config)# interface gigabitEthernet 1/0/3 TL-SG3424(config-if)# ip igmp snooping fi

175 Syntax ip igmp snooping filter no ip igmp snooping filter Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range

176 Syntax ip igmp snooping filter mode mode Parameter mode —— Action Mode, with refuse and accept options. Refuse indicates only the multicast pac

177 Syntax show ip igmp snooping interface gigabitEthernet [ port | port-list ] { basic-config | filter | packet-stat } Parameter port —— The Eth

7 Note: 1. Before Telnet login, you are required to configure Telnet login mode and login authentication information through Console connection. Th

178 TL-SG3424# show ip igmp snooping vlan 2 show ip igmp snooping multi-vlan Description The show ip igmp snooping multi-vlan command is used to dis

179 Display the count of multicast entries in VLAN 5: TL-SG3424(config)#show ip igmp snooping groups vlan 5 count Display the dynamic multicast group

180 Chapter 27 SNMP Commands SNMP (Simple Network Management Protocol) functions are used to manage the network devices for a smooth communication,

181 mib-oid —— MIB Object ID. It is the Object Identifier (OID) for the entry of View, ranging from 1 to 61 characters. include | exclude —— View T

182 By default, the Security Level is noAuthNoPriv. There is no need to configure this in SNMP v1 Mode and SNMP v2c Mode. read-view —— Select the

183 Parameter name —— User Name, ranging from 1 to 16 characters. local | remote —— User Type, with local and remote options. Local indicates tha

184 snmp-server community Description The snmp-server community command is used to add Community. To delete the corresponding Community, please use n

185 udp-port —— UDP port, which is used to send notifications. The UDP port functions with the IP address for the notification sending. It ranges fr

186 snmp-server engineID Description The snmp-server engineID command is used to configure the local and remote engineID of the switch. To restore to

187 periodically, based on which the management station can monitor network effectively. Syntax rmon history index interface gigabitEthernet port [

I COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Othe

8 2. Open Telnet, then type telnet 192.168.0.1 in the command prompt shown as Figure 1-8, and press the Enter button. Figure 1-8 Connecting to the

188 Parameter index —— The index number of the event entry, ranging from 1 to 12. You can only select one entry for each command. user-name —— The

189 f-hold ] [ falling-event-index f-event ] [ a-type { rise | fall | all }] [ owner owner-name ] [ interval interval ] no rmon alarm index Paramete

190 Example Configure the port of entries of 1,2 and 3 as port 2, the owners as owner1 and the alarm intervals as 100 seconds TL-SG3424(config)# rmon

191 Syntax show snmp-server group Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the Group table: TL-SG3424# show snmp-

192 show snmp-server host Description The show snmp-server host command is used to display the Host table. Syntax show snmp-server host Command Mode

193 for each command. By default, the configuration of all history sample entries is displayed. Command Mode Privileged EXEC Mode and Any Configurati

194 Parameter index —— The index number of the entry selected to display the configuration, ranging from 1 to 12, in the format of 1-3, 5. You can

195 Chapter 28 Cluster Commands Cluster Management function enables a network administrator to manage the scattered devices in the network via a man

196 Change Aging Time to 80 seconds: TL-SG3424(config)# cluster ndp timer aging 80 Change Hello Time to 80 seconds: TL-SG3424(config)# cluster ndp ti

197 hop-value —— NTDP Hops, which is the hop count the switch topology collects. NTDP Hops ranges from 1 to 16. By default, it is 3. Command Mode Gl

9 Figure 1-10 Enter into the Privileged EXEC Mode ¾ Login Mode Firstly configure the Telnet login mode as “login”, and both the connection password

198 ntdp —— Enable/ Disable NTDP function for the port. By default, it is enabled. Command Mode Interface Configuration Mode (interface gigabitEthe

199 show cluster ndp Description The show cluster ndp command is used to display NDP configuration of certain ports. Syntax show cluster ndp [interf

200 Display the NTDP configuration of port 2: TL-SG3424# show cluster ntdp interface gigabitEthernet 1/0/2 Display the information of device collecte

10 Figure 1-12 Connecting to the Switch 2. You are prompted to enter the connection password 123 you have set through Console port connection, and

11 Now you can manage your switch with CLI commands through Telnet connection. Note: You can refer to Chapter 9 User Manage Commands for detailed com

12 VLAN Configuration Mode Use the vlan vlan-list command to enter this mode from Global Configuration mode. TL-SG3424(config-vlan)# Use the end co

13 Users get the privilege to the User level once connecting console port with the switch or logging in by Telnet. However, Guest users are restricte

14 ¾ The port number should format as 1/0/3, meaning unit/slot/port. The unit number is always 1, and slot number is always 0 and the port number is

15 Chapter 2 User Interface enable Description The enable command is used to access Privileged EXEC Mode from User EXEC Mode. Syntax enable Command

16 disable Description The disable command is used to return to User EXEC Mode from Privileged EXEC Mode. Syntax disable Command Mode Privileged EXE

17 Command Mode Any Configuration Mode Example Return to Global Configuration Mode from Interface Configuration Mode, and then return to Privileged E

II CONTENTS Preface ... 1 Chapter

18 Chapter 3 IEEE 802.1Q VLAN Commands VLAN (Virtual Local Area Network) technology is developed for the switch to divide the LAN into multiple logi

19 Parameter vlan-id —— Specify IEEE 802.1Q VLAN ID, ranging from 1 to 4094. Command Mode Global Configuration Mode Example Create VLAN Interface 2:

20 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Specify the Link Type of port 3 as

21 no switchport trunk allowed vlan vlan-list Parameter vlan-list —— Specify IEEE 802.1Q VLAN ID list, ranging from 2 to 4094, in the format of 2-3,

22 TL-SG3424(config-if)# switchport general allowed vlan 2 tagged switchport pvid Description The switchport pvid command is used to configure the P

23 show vlan brief Description The show vlan brief command is used to display the brief information of IEEE 802.1Q VLAN. Syntax show vlan brief Comma

24 Chapter 4 MAC-based VLAN Commands MAC-based VLAN (Virtual Local Area Network) is the way to classify the VLANs based on MAC Address. A MAC addres

25 Command Mode Privileged EXEC Mode and Any Configuration Mode Parameter mac-addr —— MAC address, in the format of XX:XX:XX:XX:XX:XX. vlan-id —— S

26 Chapter 5 Protocol-based VLAN Commands Protocol-based VLAN (Virtual Local Area Network) is the way to classify VLANs based on Protocols. A Protoc

27 protocol-vlan vlan Description The protocol-vlan vlan command is used to create a Protocol-based VLAN. To delete a Protocol-based VLAN, please use

III Chapter 5 Protocol-based VLAN Commands... 26 protocol-vlan template ...

28 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Create Protocol-based VLAN group 2

29 Chapter 6 Voice VLAN Commands Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with vo

30 Parameter time ——Aging time (in minutes) to be set for the Voice VLAN. It ranges from 1 to 43200 and the default value is 1440. Command Mode Glo

31 Syntax voice vlan mac-address mac-addr mask mask [ description descript ] no voice vlan mac-address mac-addr Parameter mac-addr —— The OUI address

32 TL-SG3424(config)# interface gigabitEthernet 1/0/3 TL-SG3424(config-if)# switchport voice vlan mode auto switchport voice vlan security Descriptio

33 show voice vlan oui Description The show voice vlan oui command is used to display the configuration information of Voice VLAN OUI. Syntax show v

34 Chapter 7 GVRP Commands GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allow

35 Example Enable the GVRP function for ports 2-6: TL-SG3424(config)# interface range gigabitEthernet 1/0/2-6 TL-SG3424(config-if-range)# gvrp gvrp

36 no gvrp timer [ leaveall | join | leave ] Parameter leaveall | join | leave —— They are the three timers: leave All、join and leave. Once the Leave

37 Example Display the global GVRP status: TL-SG3424(config)# show gvrp global show gvrp interface Description The show gvrp interface command is use

IV user access-control mac-based...44 user access-control p

38 Chapter 8 Etherchannel Commands Etherchannel Commands are used to configure LAG and LACP function. LAG (Link Aggregation Group) is to combine a

39 port-channel load-balance Description The port-channel load-balance command is used to configure the Aggregate Arithmetic for LAG. To return to th

40 Command Mode Global Configuration Mode Example Configure the LACP system priority as 1024 globally: TL-SG3424(config)# lacp system-priority 1024 l

41 Syntax show etherchannel [ channel-group-num ] { detail | summary } Parameter channel-group-num —— The EtherChannel Group number, ranging from 1

42 Parameter channel-group-num —— The EtherChannel Group number, ranging from 1 to 14. By default, it is empty, and will display the information of

43 Chapter 9 User Manage Commands User Manage Commands are used to manage the user’s logging information by Web, CLI or SSH, so as to protect the se

44 user access-control ip-based Description The user access-control ip-based command is used to limit the IP-range of the users for login. Only the u

45 Parameter mac-addr —— The source MAC address. Only the user with this MAC Address is allowed to login. Command Mode Global Configuration Mode Exam

46 user max-number Description The user max-number command is used to configure the maximum login user numbers at the same time. To cancel the limit

47 Parameter minutes ——The timeout time, ranging from 5 to 30 in minutes. The value is 10 by default. Command Mode Global Configuration Mode Exam

V Chapter 12 DoS Defend Command ... 66 ip dos-prevent...

48 TL-SG3424(config)# line vty 0 5 password Description The password command is used to configure the connection password. To clear the password, ple

49 Command Mode Line Configuration Mode Example Configure the login of Console port connection 0 as login mode: TL-SG3424(config)# line console 0 T

50 Syntax show user account-list Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the information of the current users: T

51 Chapter 10 Binding Table Commands You can bind the IP address, MAC address, VLAN and the connected Port number of the Host together, which can be

52 Command Mode Global Configuration Mode Example Bind an entry with the IP 192.168.0.1, MAC 00:00:00:00:00:01, VLAN ID 2 and Port number 5 manually.

53 To restore to the default value, please use no dhcp-snooping global command. Syntax ip dhcp snooping global [ global-rate global-rate ] [ dec-t

54 Syntax ip dhcp snooping information option no ip dhcp snooping information option Command Mode Global Configuration Mode Example Enable the Option

55 ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is used to enable and configure the customiz

56 Command Mode Global Configuration Mode Example Enable and configure the customized sub-option Circuit ID for the Option 82 as tplink: TL-SG3424(co

57 Syntax ip dhcp snooping mac-verify no ip dhcp snooping mac-verify Command Mode Interface Configuration Mode (interface gigabitEthernet / interfa

VI ip ssh download...85 show ip ssh

58 ip dhcp snooping decline Description The ip dhcp snooping decline command is used to enable the Decline Protect feature. To disable the Decline Pr

59 show ip dhcp snooping Description The show ip dhcp snooping command is used to display the running status of DHCP-Snooping. Syntax show ip dhcp

60 Syntax show ip dhcp snooping interface gigabitEthernet [ port ] Parameters port ——The Ethernet port number. Command Mode Privileged EXEC Mode and

61 Chapter 11 ARP Inspection Commands ARP (Address Resolution Protocol) Detect function is to protect the switch from the ARP cheating, such as the

62 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Configure the ports 2-5 as the Tru

63 ip arp inspection limit-rate Description The ip arp inspection limit-rate command is used to configure the ARP speed of a specified port. To resto

64 Example Restore port 5 to the ARP transmit status: TL-SG3424(config)# interface gigabitEthernet 1/0/5 TL-SG3424(config-if)# ip arp inspection reco

65 TL-SG3424(config)# show ip arp inspection interface Display the configuration of port 2: TL-SG3424(config)# show ip arp inspection interface gigab

66 Chapter 12 DoS Defend Command DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil

67 Parameter land —— Land attack. scan-synfin —— Scan SYNFIN attack. xma-scan —— Xma Scan attack. null-scan —— NULL Scan attack. port-less-than-1024

VII loopback interface ...107 show system

68 Chapter 13 IEEE 802.1X Commands IEEE 802.1X function is to provide an access control for LAN ports via the authentication. Only the supplicant pa

69 pap: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client. Th

70 dot1x quiet-period Description The dot1x quiet-period command is used to enable the quiet-period function. To disable the function, please use no

71 Example Configure the quiet period as 100 seconds: TL-SG3424(config)# dot1x timeout quiet-period 100 dot1x max-reauth-req Description The dot1x m

72 Command Mode Interface Configuration Mode (interface gigabitEthernet / interface range gigabitEthernet) Example Enable the IEEE 802.1X function fo

73 Syntax dot1x port-control { auto | authorized-force | unauthorized-force } no dot1x port-control Parameter auto | authorized-force | unauthorized-

74 port-based: All the clients connected to the port can access the network on the condition that any one of the clients has passed the 802.1X Authen

75 value ——The maximum time for the switch to wait for the response before resending a request to the supplicant., ranging from 1 to 9 in second. By

76 Command Mode Privileged EXEC Mode and Any Configuration Mode Example Display the configuration of 801.X globally: TL-SG3424(config)# show dot1x gl

77 Command Mode Privileged EXEC Mode and Any Configuration Modes Example Display the configuration of the accounting server: TL-SG3424(config)# show

VIII show qos status...127 Chapter 21

78 Chapter 14 System Log Commands The log information will record the settings and operation of the switch respectively for you to monitor operation

79 logging file flash Description The logging file flash command is used to configure the level and the status of the log file input. To restore to t

80 Command Mode Global Configuration Mode Example Clear the information in the log file: TL-SG3424(config)# clear logging buffer logging host index D

81 show logging local-config Description The show logging local-config command is used to display the configuration of the Local Log including the lo

82 The show logging buffer command is used to display the log information in the log buffer according to the severity level. Syntax show logging bu

83 Chapter 15 SSH Commands SSH (Security Shell) can provide the unsecured remote management with security and powerful authentication to ensure the

84 Example Enable SSH v2: TL-SG3424(config)# ip ssh version v2 ip ssh timeout Description The ip ssh timeout command is used to specify the idle-time

85 Command Mode Global Configuration Mode Example Specify the maximum number of the connections to the SSH server as 3: TL-SG3424(config)# ip ssh m

86 Example Display the global configuration of SSH: TL-SG3424(config)# show ip ssh

87 Chapter 16 SSL Commands SSL（Secure Sockets Layer）, a security protocol, is to provide a secure connection for the application layer protocol(e.