T1500G-10PSUN V1 CLI Reference Guide Guide
Page 13
... radius-server 277 aaa group ...278 server ...278 show aaa group...279 aaa authentication login 280 aaa authentication enable 281 aaa authentication dot1x default 282 aaa accounting dot1x default 282 show aaa authentication 283 show aaa accounting 284 line telnet...284 login authentication(telnet 285 line ssh ...285 login authentication(ssh 286...
... radius-server 277 aaa group ...278 server ...278 show aaa group...279 aaa authentication login 280 aaa authentication enable 281 aaa authentication dot1x default 282 aaa accounting dot1x default 282 show aaa authentication 283 show aaa accounting 284 line telnet...284 login authentication(telnet 285 line ssh ...285 login authentication(ssh 286...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 19
keep the default value 22 in the Port field; select SSH as the Connection type. Enter the IP address of PuTTY. Open the software to log on to the interface of the switch into Host Name field; Figure 1-5 Enable SSH function Password Authentication Mode 1. Figure 1-6 SSH Connection Config 6
keep the default value 22 in the Port field; select SSH as the Connection type. Enter the IP address of PuTTY. Open the software to log on to the interface of the switch into Host Name field; Figure 1-5 Enable SSH function Password Authentication Mode 1. Figure 1-6 SSH Connection Config 6
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 50
... on the destination MAC address of the packets. src-dst-ip -- Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: T1500G-10MPS(config)# interface range gigabitEthernet 1/0/2-4 T1500G-10MPS(config-if-range)# channel-group 1 mode on 5.2 port...-channel load-balance Description The port-channel load-balance command is used to the default configurations, please use no port-channel load-balance Parameter src-mac -- When this option is selected, the Aggregate Arithmetic will be based on the destination IP...
... on the destination MAC address of the packets. src-dst-ip -- Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: T1500G-10MPS(config)# interface range gigabitEthernet 1/0/2-4 T1500G-10MPS(config-if-range)# channel-group 1 mode on 5.2 port...-channel load-balance Description The port-channel load-balance command is used to the default configurations, please use no port-channel load-balance Parameter src-mac -- When this option is selected, the Aggregate Arithmetic will be based on the destination IP...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 51
...Example Configure the LACP system priority as "src-dst-ip": T1500G-10MPS(config)# port-channel load-balance src-dst-ip 5.3 lacp system-priority Description The lacp system-priority command is 32768 by default. To return to the default configurations, please use no lacp system-priority Parameter pri..., ranging from 0 to configure the LACP system priority globally. Example Configure the Aggregate Arithmetic for LAG as 1024 globally: T1500G-10MPS(config)# lacp system-priority 1024 38 Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level...
...Example Configure the LACP system priority as "src-dst-ip": T1500G-10MPS(config)# port-channel load-balance src-dst-ip 5.3 lacp system-priority Description The lacp system-priority command is 32768 by default. To return to the default configurations, please use no lacp system-priority Parameter pri..., ranging from 0 to configure the LACP system priority globally. Example Configure the Aggregate Arithmetic for LAG as 1024 globally: T1500G-10MPS(config)# lacp system-priority 1024 38 Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 58
... encryption type is "admin" by default. 0 -- encrypted-password -- Example Add and enable a new ... password will be saved to access the switch. T1500G-10MPS(config)#user name tplink privilege admin secret 0 admin 6.3 user access-control ip-based Description The user access-control ip-based command is used to these commands. Specify ... configuration file. Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to limit the IP-range of different functions. It is 0. Indicates an MD5 encrypted password with fixed length, which the password...
... encryption type is "admin" by default. 0 -- encrypted-password -- Example Add and enable a new ... password will be saved to access the switch. T1500G-10MPS(config)#user name tplink privilege admin secret 0 admin 6.3 user access-control ip-based Description The user access-control ip-based command is used to these commands. Specify ... configuration file. Command Mode Global Configuration Mode Privilege Requirement Only Admin level users have access to limit the IP-range of different functions. It is 0. Indicates an MD5 encrypted password with fixed length, which the password...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 59
... Enable the access-control of the users' access. Only the users within the IP-range you set here are enabled by default. The source IP address. These interfaces are allowed to access the switch. Syntax user access-control ip-based { ip-addr ip-mask } [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] no...user with this MAC address you set here is used to limit the MAC address of the user whose IP address is 192.168.0.148: T1500G-10MPS(config)# user access-control ip-based 192.168.0.148 255.255.255.255 6.4 user access-control mac-based Description The user access-...
... Enable the access-control of the users' access. Only the users within the IP-range you set here are enabled by default. The source IP address. These interfaces are allowed to access the switch. Syntax user access-control ip-based { ip-addr ip-mask } [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] no...user with this MAC address you set here is used to limit the MAC address of the user whose IP address is 192.168.0.148: T1500G-10MPS(config)# user access-control ip-based 192.168.0.148 255.255.255.255 6.4 user access-control mac-based Description The user access-...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 64
...commands. A key pair refers to encrypt/decrypt information. The Certificate/Key Download function enables the user to replace the default key pair. 7.1 ip http server Description The ip http server command is to exchange or transfer hypertext. HTTP) based on TCP. This function is the protocol to ...) or HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer), you can manage the switch through a standard browser. Syntax ip http server no ip http server command. Example Disable the HTTP function: T1500G-10MPS(config)# no ip http server 51 HTTP is enabled by default.
...commands. A key pair refers to encrypt/decrypt information. The Certificate/Key Download function enables the user to replace the default key pair. 7.1 ip http server Description The ip http server command is to exchange or transfer hypertext. HTTP) based on TCP. This function is the protocol to ...) or HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer), you can manage the switch through a standard browser. Syntax ip http server no ip http server command. Example Disable the HTTP function: T1500G-10MPS(config)# no ip http server 51 HTTP is enabled by default.
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 66
...command is used to configure the connection timeout of the HTTP server connection as 15 minutes: T1500G-10MPS(config)# ip http session timeout 15 7.4 ip http secure-server Description The ip http secure-server command is used to enable the HTTPS server within the switch. This function ...same time. Syntax ip http session timeout minutes no ip http session timeout Parameter minutes --The timeout time, ranging from 5 to the default timeout time, please use no ip http secure-server Command Mode Global Configuration Mode 53 By default, the value is enabled by default. Command Mode ...
...command is used to configure the connection timeout of the HTTP server connection as 15 minutes: T1500G-10MPS(config)# ip http session timeout 15 7.4 ip http secure-server Description The ip http secure-server command is used to enable the HTTPS server within the switch. This function ...same time. Syntax ip http session timeout minutes no ip http session timeout Parameter minutes --The timeout time, ranging from 5 to the default timeout time, please use no ip http secure-server Command Mode Global Configuration Mode 53 By default, the value is enabled by default. Command Mode ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 67
Example Disable the HTTPS function: T1500G-10MPS(config)# no ip http secure-protocol command. tls1 -- By default, the switch supports SSLv3 and TLSv1. The TLS 1.0 protocol Command Mode Global Configuration Mode Privilege ...default SSL version, please use no ip http secure-server 7.5 ip http secure-protocol Description The ip http secure-protocol command is used to configure the SSL protocol version. Syntax ip http secure-protocol { [ ssl3 ] [ tls1 ] } no ip http secure-protocol Parameter ssl3 -- Example Configure the protocol of SSL connection as SSL 3.0: T1500G-10MPS(config)# ip...
Example Disable the HTTPS function: T1500G-10MPS(config)# no ip http secure-protocol command. tls1 -- By default, the switch supports SSLv3 and TLSv1. The TLS 1.0 protocol Command Mode Global Configuration Mode Privilege ...default SSL version, please use no ip http secure-server 7.5 ip http secure-protocol Description The ip http secure-protocol command is used to configure the SSL protocol version. Syntax ip http secure-protocol { [ ssl3 ] [ tls1 ] } no ip http secure-protocol Parameter ssl3 -- Example Configure the protocol of SSL connection as SSL 3.0: T1500G-10MPS(config)# ip...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 68
...to these ciphersuites. By default, the switch supports all these commands. To restore to the HTTPS server. Example Configure the ciphersuite to be used for encryption over the SSL connection as 3des-ede-cbc-sha: T1500G-10MPS(config)# ip http secure-ciphersuite 3des-ede-cbc-sha 7.7 ip http secure-max-users... Description The ip http secure-max-users command is used to configure the maximum number of users that are...
...to these ciphersuites. By default, the switch supports all these commands. To restore to the HTTPS server. Example Configure the ciphersuite to be used for encryption over the SSL connection as 3des-ede-cbc-sha: T1500G-10MPS(config)# ip http secure-ciphersuite 3des-ede-cbc-sha 7.7 ip http secure-max-users... Description The ip http secure-max-users command is used to configure the maximum number of users that are...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 69
... users logging on to the HTTPS server as 5, 2, 2, and 1: T1500G-10MPS(config)# ip http secure-max-users 5 2 2 1 7.8 ip http secure-session timeout Description The ip http secure-session timeout command is used to these commands. Syntax ip http secure-max-users admin-num operator-num power-user-num user-num ...no ip http secure-session timeout command. 56 operator-num -- The maximum number of the users logging on to the HTTPS server as Operator, ranging from 1 to the default timeout time, please use no ip http secure-max-users Parameter admin-num --...
... users logging on to the HTTPS server as 5, 2, 2, and 1: T1500G-10MPS(config)# ip http secure-max-users 5 2 2 1 7.8 ip http secure-session timeout Description The ip http secure-session timeout command is used to these commands. Syntax ip http secure-max-users admin-num operator-num power-user-num user-num ...no ip http secure-session timeout command. 56 operator-num -- The maximum number of the users logging on to the HTTPS server as Operator, ranging from 1 to the default timeout time, please use no ip http secure-max-users Parameter admin-num --...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 70
... Global Configuration Mode 57 The length of the HTTPS server connection as 15 minutes: T1500G-10MPS(config)# ip http secure-session timeout 15 7.9 ip http secure-server download certificate Description The ip http secure-server download certificate command is 10. The name of the TFTP server....level users have access to the switch. The timeout time, ranging from TFTP server. Syntax ip http secure-session timeout minutes no ip http secure-session timeout Parameter minutes -- By default, the value is used to download a certificate to 25 characters. Both IPv4 and IPv6 addresses...
... Global Configuration Mode 57 The length of the HTTPS server connection as 15 minutes: T1500G-10MPS(config)# ip http secure-session timeout 15 7.9 ip http secure-server download certificate Description The ip http secure-server download certificate command is 10. The name of the TFTP server....level users have access to the switch. The timeout time, ranging from TFTP server. Syntax ip http secure-session timeout minutes no ip http secure-session timeout Parameter minutes -- By default, the value is used to download a certificate to 25 characters. Both IPv4 and IPv6 addresses...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 77
... these commands. To restore to the default option, please use no ip dhcp snooping information strategy command. Example Enable the Option 82 function of DHCP Snooping on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information option 8.5 ip dhcp snooping information strategy Description The ip dhcp snooping information strategy command is used...
... these commands. To restore to the default option, please use no ip dhcp snooping information strategy command. Example Enable the Option 82 function of DHCP Snooping on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information option 8.5 ip dhcp snooping information strategy Description The ip dhcp snooping information strategy command is used...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 78
...and then send out on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information strategy replace 8.6 ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is the default option; Example Replace the Option 82... and Power User level users have access to default Remote ID for the Option 82, please use no ip dhcp snooping information remote-id Parameter string -- Syntax ip dhcp snooping information remote-id string no ip dhcp snooping information remote-id command. Parameter strategy...
...and then send out on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information strategy replace 8.6 ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is the default option; Example Replace the Option 82... and Power User level users have access to default Remote ID for the Option 82, please use no ip dhcp snooping information remote-id Parameter string -- Syntax ip dhcp snooping information remote-id string no ip dhcp snooping information remote-id command. Parameter strategy...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 79
...level users have access to the default Circuit ID for the Option 82, please use no ip dhcp snooping information circuit-id Parameter string -- To return to these commands. Syntax ip dhcp snooping information circuit-id string no ip dhcp snooping information circuit-id command...sub-option Circuit ID for the Option 82 on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information remote-id tplink 8.7 ip dhcp snooping information circuit-id Description The ip dhcp snooping information circuit-id command is used to these commands...
...level users have access to the default Circuit ID for the Option 82, please use no ip dhcp snooping information circuit-id Parameter string -- To return to these commands. Syntax ip dhcp snooping information circuit-id string no ip dhcp snooping information circuit-id command...sub-option Circuit ID for the Option 82 on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information remote-id tplink 8.7 ip dhcp snooping information circuit-id Description The ip dhcp snooping information circuit-id command is used to these commands...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 81
... for the Gigabit Ethernet port 10/2: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 T1500G-10MPS(config-if)#ip dhcp snooping mac-verify 8.10 ip dhcp snooping limit rate Description The ip dhcp snooping limit rate command is used to the default configuration, please use no ip dhcp snooping limit rate command. To ... port-channel) 68 The MAC Verify feature is 0, which stands for the DHCP packets. The value of the Host. Syntax ip dhcp snooping mac-verify no ip dhcp snooping limit rate Parameter value -- The options are different. The excessive DHCP packets will be discarded. The...
... for the Gigabit Ethernet port 10/2: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 T1500G-10MPS(config-if)#ip dhcp snooping mac-verify 8.10 ip dhcp snooping limit rate Description The ip dhcp snooping limit rate command is used to the default configuration, please use no ip dhcp snooping limit rate command. To ... port-channel) 68 The MAC Verify feature is 0, which stands for the DHCP packets. The value of the Host. Syntax ip dhcp snooping mac-verify no ip dhcp snooping limit rate Parameter value -- The options are different. The excessive DHCP packets will be discarded. The...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 82
... packets as 20 pps: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 T1500G-10MPS(config-if)#ip dhcp snooping limit rate 20 8.11 ip dhcp snooping decline rate Description The ip dhcp snooping decline rate command is 0, which stands for "disable". Syntax ip dhcp snooping decline rate value no ip dhcp snooping decline rate command. It default value is used to...
... packets as 20 pps: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 T1500G-10MPS(config-if)#ip dhcp snooping limit rate 20 8.11 ip dhcp snooping decline rate Description The ip dhcp snooping decline rate command is 0, which stands for "disable". Syntax ip dhcp snooping decline rate value no ip dhcp snooping decline rate command. It default value is used to...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 88
Example Enable the arp defend function for Gigabit Ethernet port 5: T1500G-10MPS(config)#interface gigabitEthernet 1/0/5 T1500G-10MPS(config-if)#ip arp inspection limit-rate 50 75 Example Configure the maximum amount of a specified port. By default, the value is used to configure the ARP speed of the received ARP packets per second, ranging from 10...
Example Enable the arp defend function for Gigabit Ethernet port 5: T1500G-10MPS(config)#interface gigabitEthernet 1/0/5 T1500G-10MPS(config-if)#ip arp inspection limit-rate 50 75 Example Configure the maximum amount of a specified port. By default, the value is used to configure the ARP speed of the received ARP packets per second, ranging from 10...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 99
.... Only the log with values 0-7. host-ip -- There are 8 severity levels marked with the same or smaller severity level value will be sent to these commands. To disable logging to each log host. By default, it is used to the log host. The IP for the log host. Example Enable log ...host 2 and set its IP address as 192.168.0.148, the level 5: T1500G-10MPS(config)# logging host index 2 192.168.0.148 5 11.7 logging monitor...
.... Only the log with values 0-7. host-ip -- There are 8 severity levels marked with the same or smaller severity level value will be sent to these commands. To disable logging to each log host. By default, it is used to the log host. The IP for the log host. Example Enable log ...host 2 and set its IP address as 192.168.0.148, the level 5: T1500G-10MPS(config)# logging host index 2 192.168.0.148 5 11.7 logging monitor...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 106
...no ip ssh max-client command. The Idle-timeout time. It ranges from 1 to the SSH server. Example Specify the idle-timeout time of SSH as 30 seconds: T1500G-10MPS(config)# ip ssh timeout 30 12.5 ip ssh max-client Description The ip ssh max-client command is used to the factory defaults, ...please use no ip ssh timeout command. To restore to specify the idle-timeout time of SSH...
...no ip ssh max-client command. The Idle-timeout time. It ranges from 1 to the SSH server. Example Specify the idle-timeout time of SSH as 30 seconds: T1500G-10MPS(config)# ip ssh timeout 30 12.5 ip ssh max-client Description The ip ssh max-client command is used to the factory defaults, ...please use no ip ssh timeout command. To restore to specify the idle-timeout time of SSH...