Typical CLI Configuration Examples for TP-Link JetStream Switch

Knowledgebase
Configuration Guide
12-22-2022

This guide is intended to provide network administrators with some typical examples of CLI (Command Line Interface) configuration.

1. CLI Basics. 2

1.1 Accessing the CLI. 2

1.2 CLI Command Modes. 2

1.3 Interface Ethernet Mode. 3

1.4 Auto-Completion.. 3

1.5 Abbreviation.. 4

1.6 Help.. 4

1.7 Save. 5

2. Port Config.. 5

2.1 Port Speed.. 5

2.2 Port Duplex. 5

2.3 Show Port Config.. 5

3. 802.1Q VLAN Config.. 6

3.1 Add VLAN.. 6

3.2 Access Port Config.. 6

3.3 Trunk Port Config.. 7

3.4 Remove Default VLAN 1.. 7

3.5 Show VLAN Config.. 7

4. IGMP Snooping.. 8

4.1 Globally Enable IGMP Snooping.. 8

4.3 Configuring IGMP Snooping for VLANs. 9

4.4 Enable Fast Leave for VLANs. 9

4.5 Enable IGMP Querier for VLANs. 9

4.6 Configure IGMP Snooping for Ports. 9

5. VLAN Interface/Switch IP Address. 9

5.1 Show VLAN 1 IP Address. 10

5.2 Modify IP Address. 10

5.3 Create New VLAN Interface. 10

1. CLI Basics

This chapter will introduce some CLI basics, including how to access the CLI, switch port types, command abbreviations, auto-completion, etc.

If you are not familiar with the CLI, it is recommended that you read this chapter first.

1.1 Accessing the CLI

You can log into the switch and access the CLI by the following three methods:

  • By the Console Port on the switch
  • By a Telnet connection
  • By an SSH connection

To use the Console port, you can refer to: https://www.tp-link.com/support/faq/291/

To use SSH/Telnet, please refer to the Configuration Guide-Accessing the Switch.

1.2 CLI Command Modes

The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode, and VLAN Configuration Mode. Interface Configuration Mode can also be divided into Interface Ethernet, Interface link-aggregation, and some other modes, which are shown in the following diagram.

Mode

Accessing Path

Prompt

Logout or Access the Next Mode

User EXEC Mode

Initial startup mode, which allows the user to execute only the basic commands, such as “show”.

Switch>

Use the exit command to disconnect the switch.

Use the enable command to access Privileged EXEC mode.

Privileged EXEC Mode

Use the enable command to enter this mode from User EXEC mode, which allows more commands such as “configure”.

Switch#

Enter the disable or exit command to return to User EXEC mode.

Enter configure command to access Global Configuration mode.

Global Configuration Mode

Use the configure command to enter this mode from Privileged EXEC mode, which allows doing global configurations such as STP, IGMP Snooping, etc.

Switch(config)#

Use the exit or the end command or press Ctrl+Z to return to Privileged EXEC mode.

Use the interface command to access interface Configuration mode.

Use the vlan command to access VLAN Configuration mode.

Interface/VLAN Configuration Mode

Use the interface or vlan command to enter this mode from Global Configuration Mode, which allows doing configurations for the specific port(s).

Switch(config-if)#

Switch(config-if-range)#

Switch(config-vlan)#

Use the end command or press

Ctrl+Z to return to Privileged EXEC mode.

Enter the exit or the # command to return to Global Configuration mode.

1.3 Interface Ethernet Mode

You can configure specific Ethernet port(s) with the interface command.

[Syntax]

interface fastEthernet/gigabitEthernet/two-gigabitEthernet/ten-gigabitEthernet Port_ID

[Parameter]

  • fastEthernet: 100Mpbs Ethernet port, fa for short.
  • gigabitEthernet: 1Gbps Ethernet port, gi for short.
  • two-gigabitEthernet port: 2.5Gbps Ethernet port, tw for short.
  • ten-gigabitEthernet port: 10Gbps Ethernet port, te for short.

Note the Ethernet port type in the command is the native speed mode of the ports, not the current operating mode. For example, assuming the current speed mode of SFP+ port 25 is 1Gbps, to configure it, the command should be “interface ten-gigabitEthernet 1/0/25”, or simply “int te 1/0/25”.

1.4 Auto-Completion

After entering part of a command, you can press the TAB key or a question mark (?) then the switch will automatically complete the command. If your input corresponds to more than one command, the switch will not auto-complete but will display all related commands.

For example, to enter the show command, you can type “sh”, then press the TAB key, or type a question mark immediately afterward, like “sh?”, then the switch will automatically complete the interface command. Note that the question mark will not be displayed.

Switch# sh?

Switch# show

To check the system time, you need to execute the command “show system-time”, but if you input “show sys” and then type a question mark, you will get the following prompt.

Switch# show sys?

Switch# show system-

system-info system-time

Switch# show system-t?

Switch# show system-time

1.5 Abbreviation

You can use the Auto-Completion feature to enter a complete command, you can also enter part of the command without completion, and the switch will recognize and execute the command automatically.

Note, if you enter an abbreviation that corresponds to more than one command, the switch will not be able to recognize the command you are trying to execute and you need to enter more.

The following are some common abbreviations:

Command

Abbreviation

enable

en

configure

config

interface

int

show

sh

fastEthernet

fa

gigabitEthernet

gi

two-gigabitEthernet

tw

ten-gigabitEthernet

te

running-config

run

startup-config

start

1.6 Help

The question mark not only helps complete the command, but also helps display a list of available commands for each command mode, or a list of relevant keywords and arguments for any command.

For example, the show command can display information about many functions, you can enter the following command to view all the information that the show command can print, note that there is a space before the question mark, otherwise it is auto-completion.

Switch# show ?

Aaa - Display the AAA configuration

access-list - Display ACL information

arp - Display ARP information

auto-voip - Display Auto VoIP parameters

1.7 Save

After you finish the configurations, don't forget to save them, otherwise, they will be lost if you power off or reboot the switch.

Through the Web GUI, you should click the Save button at the top right of the page, and through the CLI you need to enter the following command in Privileged EXEC mode:

Switch# copy running-config startup-config

Switch# copy run start (for short)

2. Port Config

When there is a link exception, you may need to modify the switch port config. For example, the default port config of an SFP+ port is 10Gbps/Full duplex mode, if the opposite end is an SFP port, the link will not come up, and you need to manually change the port config of the SFP+ port to 1Gbps; if the opposite end is using Full duplex mode, you also need to modify the duplex mode.

2.1 Port Speed

The following configuration describes how to change the port speed of SFP+ port 25:

Switch> enable

Switch# configure

Switch(config)# interface ten-gigabitEthernet 1/0/25 (int te 1/0/25)

Switch(config-if)# speed 1000

Switch(config-if)# end

Switch# copy running-config startup-config (copy run start)

2.2 Port Duplex

The following configuration describes how to change the port duplex of SFP+ port 25 to Full mode.

Note that TP-Link switches use Auto duplex mode by default and it is recommended to keep the mode if there are no connection problems.

Switch> enable

Switch# configure

Switch(config)# interface ten-gigabitEthernet 1/0/25 (int te 1/0/25)

Switch(config-if)# duplex auto

Switch(config-if)# end

Switch# copy running-config startup-config (copy run start)

2.3 Show Port Config

You can check the port configurations by the command “show interface configuration”.

Switch> enable

Switch# show interface configuration ten-gigabitEthernet 1/0/25 (sh int config te 1/0/25)

Port State Speed Duplex FlowCtrl Description

---- ----- ----- ------ -------- -----------

Gi1/0/1 Enable 1000M Auto Disable

3. 802.1Q VLAN Config

This chapter will cover how to configure and check VLAN using CLI with the following network topology. Please refer to Configuration Guide-802.1Q VLAN about how VLANs work on TP-Link switches and how you should configure VLANs to meet your network requirements.

Three networks with different VLAN IDs have been registered on the router and three computers should be connected to three different networks. Now we need to configure VLAN on the switch. VLAN and port configurations are listed below:

Port 1

Port 2

Port 3

Port 4

VLAN 20 Tagged

VLAN 30 Tagged

VLAN 40 Tagged

VLAN 20 Untagged

PVID 20

Name “RD”

VLAN 30 Untagged

PVID 30

Name “MKT”

VLAN 40 Untagged

PVID 40

Name “SRV”

3.1 Add VLAN

The vlan command is used to create IEEE 802.1Q VLAN and enter VLAN Configuration Mode. To delete a VLAN, use no vlan command.

The following configuration describes how to create VLAN 20, 30, 40.

Switch> enable

Switch# configure

Switch(config)# vlan 20

Switch(config-vlan)# name RD

Switch(config-vlan)# exit

Switch(config)# vlan 30

Switch(config-vlan)# name MKT

Switch(config-vlan)# exit

Switch(config)# vlan 40

Switch(config-vlan)# name SRV

Switch(config-vlan)# exit

3.2 Access Port Config

The switchport general allowed command is used to add a port to a VLAN and set the tagged/untagged mode. To remove a port for a VLAN, please use no switchport general allowed command.

The switchport pvid command is used to set PVID for the port.

Ports 2, 3, 4 are used as access ports to connect computers. The following configurations describe how to add port 2, 3, 4 to the corresponding VLANs and set PVIDs.

Switch> enable

Switch# configure

Switch(config)# interface gigabitEthernet 1/0/2 (int gi 1/0/2)

Switch(config-if)# switchport general allowed vlan 20 untagged

Switch(config-if)# switchport pvid 20

Switch(config-if)# exit

Switch(config)# interface gigabitEthernet 1/0/3 (int gi 1/0/3)

Switch(config-if)# switchport general allowed vlan 30 untagged

Switch(config-if)# switchport pvid 30

Switch(config-if)# exit

Switch(config)# interface gigabitEthernet 1/0/4 (int gi 1/0/4)

Switch(config-if)# switchport general allowed vlan 40 untagged

Switch(config-if)# switchport pvid 40

Switch(config-if)# exit

In summary, to set a port as an access port for a certain VLAN, take VLAN 100 as an example, the common configuration is:

switchport general allowed vlan 100 untagged

switchport pvid 100

3.3 Trunk Port Config

Port 1 is used as the trunk port to connect the router, which should transmit VLAN information of the data packets. The following configurations describe how to add port 1 to VLAN 20, 30, and 40.

Switch(config)# interface gigabitEthernet 1/0/1 (int gi 1/0/1)

Switch(config-if)# switchport general allowed vlan 20,30,40 tagged

Switch(config-if)# exit

3.4 Remove Default VLAN 1

Normally, all switch ports are member ports of VLAN 1. If you do not want to remove a port from VLAN 1, you need to additionally configure it.

The following configurations describe how to remove trunk port 1 from VLAN 1.

Switch(config)# interface gigabitEthernet 1/0/1 (int gi 1/0/1)

Switch(config-if)# no switchport general allowed vlan 1

Switch(config-if)# end

3.5 Show VLAN Config

The command show interface switchport can be used to view VLAN configurations.

Switch# show interface switchport

Port LAG Type PVID Acceptable frame type Ingress Checking

------- --- ---- ---- --------------------- ----------------

Gi1/0/1 N/A General 1 All Enable

Gi1/0/2 N/A General 20 All Enable

Gi1/0/3 N/A General 30 All Enable

Gi1/0/4 N/A General 40 All Enable

Switch# show interface switchport gigabitEthernet 1/0/1

Port Gi1/0/1:

PVID: 1

Acceptable frame type: All

Ingress Checking: Enable

Member in LAG: N/A

Link Type: General

Member in VLAN:

Vlan Name Egress-rule

---- ----------- -----------

20 VLAN_20 Tagged

30 N/A Tagged

40 N/A Tagged

4. IGMP Snooping

IGMP Snooping helps the switch maintain a multicast forwarding table by snooping the IGMP transmission between the host and the IGMP Querier. With the forwarding table, the switch can forward multicast data only to the ports that are in the corresponding multicast group, to constrain the flooding of multicast data in the Layer 2 network.

To complete IGMP Snooping configuration, follow these steps:

1) Enable IGMP Snooping globally and configure the global parameters.

2) Configure IGMP Snooping for VLANs.

3) Configure IGMP Snooping for ports.

4.1 Globally Enable IGMP Snooping

Use the command “ip igmp snooping” to globally enable the function. There are three versions of IGMP, the default version is v3, which supports to process IGMP v1, v2, and v3 report messages from the host, thus normally there is no need to modify the version.

Switch> enable

Switch# configure

Switch# ip igmp snooping

4.2 Unknown Multicast Groups

A commonly used option is “Unknown Multicast Groups”, by default, it is Forward, which means the switch forwards the multicast streams that are sent to unknown multicast groups. You can change the option to Discard so that the switch discards the multicast streams. Note to discard them, you need to enable MLD Snooping first.

Switch> enable

Switch# configure

Switch# ipv6 mld snooping

Switch# ip igmp snooping drop-unknown

Switch# ipv6 mld snooping drop-unknown

4.3 Configuring IGMP Snooping for VLANs

The switch supports configuring IGMP Snooping on a per-VLAN basis. After IGMP Snooping is enabled globally, you also need to enable IGMP Snooping and configure the corresponding parameters for the VLANs that the router ports and the member ports are in. The command is “ip igmp snooping vlan-config vlan-id”.

Switch> enable

Switch# configure

Switch# ip igmp snooping vlan-config 1

4.4 Enable Fast Leave for VLANs

With Fast Leave enabled on a VLAN, the switch will remove the (Multicast Group, Port, VLAN) entry from the multicast forwarding table before forwarding the leave message to the querier. This helps to reduce bandwidth waste since the switch no longer sends the corresponding multicast streams to the VLAN of the port as soon as the port receives a leave message from the VLAN.

You can enable Fast Leave by enabling the feature for both the VLAN and the Port when there is only one client connected to the access port.

The following configurations show how to enable Fast Leave for the VLAN 1:

Switch> enable

Switch# configure

Switch# ip igmp snooping vlan-config 1 immediate-leave

4.5 Enable IGMP Querier for VLANs

A querier periodically sends a general query on the network to solicit membership information and sends group-specific queries when it receives leave messages from hosts.

The querier is essential for IGMP Snooping to work properly. Usually, a router in the network can act as a querier. The switch can also act as a querier, but it is disabled by default, if you need to enable it, you can configure it as follows.

Switch> enable

Switch# configure

Switch# ip igmp snooping vlan-config 1 querier

Switch# ip igmp snooping vlan-config 1 querier general-query source-ip 192.168.0.1 (optional)

4.6 Configure IGMP Snooping for Ports

To enable IGMP Snooping and Fast Leave for port 1/0/1, the configurations are as follows.

Switch> enable

Switch# configure

Switch# interface gigabitEthernet 1/0/1

Switch(config-if)# ip igmp snooping (optional, since it is enabled by default)

Switch(config-if)# ip igmp snooping immediate-leave

5. VLAN Interface/Switch IP Address

By default, the switch is configured with an IP interface for VLAN 1 and obtains the IP address via DHCP with a fallback IP of 192.168.0.1. You can modify the IP address of the VLAN 1 interface to use another IP address to access the switch.

You can also configure IP interfaces for other VLANs, and the switch will implement the routing function between different VLANs. This chapter will explain how to view and modify the IP address of the VLAN 1 interface, create interfaces for other VLANs, and set IP addresses.

5.1 Show VLAN 1 IP Address

The command show ip interface can be used to view the IP address of an interface.

Switch> enable

Switch# show ip interface

VLAN1 is up, line protocol is up

Primary IP address is 192.168.0.100/24

Broadcast address is 255.255.255.255

Address determined by DHCP

Description is not set

MTU is 1500 bytes

ICMP redirects are never sent

ICMP unreachables are never sent

ICMP mask replies are never sent

DHCP Option 12 is not set

DHCP Option 60 is not set

5.2 Modify IP Address

The interface command is used to enter the Interface/VLAN Configuration Mode, after which you can modify the IP address settings with ip address or ip address-alloc commands. The command ip address is used to assign a static IP address to the interface, while the command ip address-alloc dhcp is used to enable DHCP for the interface.

The following configurations set a static IP address 192.168.0.100/24 for VLAN 1 interface, after which you can access the switch with the IP address.

Switch# configure

Switch(config)# interface vlan 1

Switch(config)# ip address 192.168.0.100 255.255.255.0

Switch(config)# exit

The following configurations restore the IP address settings to DHCP mode.

Switch# configure

Switch(config)# interface vlan 1

Switch(config)# ip address-alloc dhcp

Switch(config)# exit

5.3 Create New VLAN Interface

You can use the command interface vlan ID to create an interface for a VLAN, then set the IP address.

The following configurations describe how to create interfaces for VLAN 20 and 30, and set a static IP address 192.168.20.1/24 for VLAN 20, and enable DHCP for VLAN 30.

Switch> enable

Switch# configure

Switch(config)# interface vlan 20

Switch(config-if)# ip address 192.168.20.1 255.255.255.0

Switch(config-if)# exit

Switch(config)# interface vlan 30

Switch(config-if)# ip address-alloc dhcp

Switch(config-if)# exit

Bitte bewerten Sie dieses Dokument

Verwandte Dokumente