Typical CLI Configuration Examples for TP-Link JetStream Switch
This guide is intended to provide network administrators with some typical examples of CLI (Command Line Interface) configuration.
4.1 Globally Enable IGMP Snooping
4.3 Configuring IGMP Snooping for VLANs
4.4 Enable Fast Leave for VLANs
4.5 Enable IGMP Querier for VLANs
4.6 Configure IGMP Snooping for Ports
5. VLAN Interface/Switch IP Address
This chapter will introduce some CLI basics, including how to access the CLI, switch port types, command abbreviations, auto-completion, etc.
If you are not familiar with the CLI, it is recommended that you read this chapter first.
You can log into the switch and access the CLI by the following three methods:
- By the Console Port on the switch
- By a Telnet connection
- By an SSH connection
To use the Console port, you can refer to: https://www.tp-link.com/support/faq/291/
To use SSH/Telnet, please refer to the Configuration Guide-Accessing the Switch.
The CLI is divided into different command modes: User EXEC Mode, Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode, and VLAN Configuration Mode. Interface Configuration Mode can also be divided into Interface Ethernet, Interface link-aggregation, and some other modes, which are shown in the following diagram.
Mode |
Accessing Path |
Prompt |
Logout or Access the Next Mode |
User EXEC Mode |
Initial startup mode, which allows the user to execute only the basic commands, such as “show”. |
Switch> |
Use the exit command to disconnect the switch. Use the enable command to access Privileged EXEC mode. |
Privileged EXEC Mode |
Use the enable command to enter this mode from User EXEC mode, which allows more commands such as “configure”. |
Switch# |
Enter the disable or exit command to return to User EXEC mode. Enter configure command to access Global Configuration mode. |
Global Configuration Mode |
Use the configure command to enter this mode from Privileged EXEC mode, which allows doing global configurations such as STP, IGMP Snooping, etc. |
Switch(config)# |
Use the exit or the end command or press Ctrl+Z to return to Privileged EXEC mode. Use the interface command to access interface Configuration mode. Use the vlan command to access VLAN Configuration mode. |
Interface/VLAN Configuration Mode |
Use the interface or vlan command to enter this mode from Global Configuration Mode, which allows doing configurations for the specific port(s). |
Switch(config-if)# Switch(config-if-range)# Switch(config-vlan)# |
Use the end command or press Ctrl+Z to return to Privileged EXEC mode. Enter the exit or the # command to return to Global Configuration mode. |
You can configure specific Ethernet port(s) with the interface command.
[Syntax]
interface fastEthernet/gigabitEthernet/two-gigabitEthernet/ten-gigabitEthernet Port_ID
[Parameter]
- fastEthernet: 100Mpbs Ethernet port, fa for short.
- gigabitEthernet: 1Gbps Ethernet port, gi for short.
- two-gigabitEthernet port: 2.5Gbps Ethernet port, tw for short.
- ten-gigabitEthernet port: 10Gbps Ethernet port, te for short.
Note the Ethernet port type in the command is the native speed mode of the ports, not the current operating mode. For example, assuming the current speed mode of SFP+ port 25 is 1Gbps, to configure it, the command should be “interface ten-gigabitEthernet 1/0/25”, or simply “int te 1/0/25”.
After entering part of a command, you can press the TAB key or a question mark (?) then the switch will automatically complete the command. If your input corresponds to more than one command, the switch will not auto-complete but will display all related commands.
For example, to enter the show command, you can type “sh”, then press the TAB key, or type a question mark immediately afterward, like “sh?”, then the switch will automatically complete the interface command. Note that the question mark will not be displayed.
Switch# sh?
Switch# show
To check the system time, you need to execute the command “show system-time”, but if you input “show sys” and then type a question mark, you will get the following prompt.
Switch# show sys?
Switch# show system-
system-info system-time
Switch# show system-t?
Switch# show system-time
You can use the Auto-Completion feature to enter a complete command, you can also enter part of the command without completion, and the switch will recognize and execute the command automatically.
Note, if you enter an abbreviation that corresponds to more than one command, the switch will not be able to recognize the command you are trying to execute and you need to enter more.
The following are some common abbreviations:
Command |
Abbreviation |
enable |
en |
configure |
config |
interface |
int |
show |
sh |
fastEthernet |
fa |
gigabitEthernet |
gi |
two-gigabitEthernet |
tw |
ten-gigabitEthernet |
te |
running-config |
run |
startup-config |
start |
The question mark not only helps complete the command, but also helps display a list of available commands for each command mode, or a list of relevant keywords and arguments for any command.
For example, the show command can display information about many functions, you can enter the following command to view all the information that the show command can print, note that there is a space before the question mark, otherwise it is auto-completion.
Switch# show ?
Aaa - Display the AAA configuration
access-list - Display ACL information
arp - Display ARP information
auto-voip - Display Auto VoIP parameters
…
After you finish the configurations, don't forget to save them, otherwise, they will be lost if you power off or reboot the switch.
Through the Web GUI, you should click the Save button at the top right of the page, and through the CLI you need to enter the following command in Privileged EXEC mode:
Switch# copy running-config startup-config
Switch# copy run start (for short)
When there is a link exception, you may need to modify the switch port config. For example, the default port config of an SFP+ port is 10Gbps/Full duplex mode, if the opposite end is an SFP port, the link will not come up, and you need to manually change the port config of the SFP+ port to 1Gbps; if the opposite end is using Full duplex mode, you also need to modify the duplex mode.
The following configuration describes how to change the port speed of SFP+ port 25:
Switch> enable
Switch# configure
Switch(config)# interface ten-gigabitEthernet 1/0/25 (int te 1/0/25)
Switch(config-if)# speed 1000
Switch(config-if)# end
Switch# copy running-config startup-config (copy run start)
The following configuration describes how to change the port duplex of SFP+ port 25 to Full mode.
Note that TP-Link switches use Auto duplex mode by default and it is recommended to keep the mode if there are no connection problems.
Switch> enable
Switch# configure
Switch(config)# interface ten-gigabitEthernet 1/0/25 (int te 1/0/25)
Switch(config-if)# duplex auto
Switch(config-if)# end
Switch# copy running-config startup-config (copy run start)
You can check the port configurations by the command “show interface configuration”.
Switch> enable
Switch# show interface configuration ten-gigabitEthernet 1/0/25 (sh int config te 1/0/25)
Port State Speed Duplex FlowCtrl Description
---- ----- ----- ------ -------- -----------
Gi1/0/1 Enable 1000M Auto Disable
This chapter will cover how to configure and check VLAN using CLI with the following network topology. Please refer to Configuration Guide-802.1Q VLAN about how VLANs work on TP-Link switches and how you should configure VLANs to meet your network requirements.
Three networks with different VLAN IDs have been registered on the router and three computers should be connected to three different networks. Now we need to configure VLAN on the switch. VLAN and port configurations are listed below:
Port 1 |
Port 2 |
Port 3 |
Port 4 |
VLAN 20 Tagged VLAN 30 Tagged VLAN 40 Tagged |
VLAN 20 Untagged PVID 20 Name “RD” |
VLAN 30 Untagged PVID 30 Name “MKT” |
VLAN 40 Untagged PVID 40 Name “SRV” |
The vlan command is used to create IEEE 802.1Q VLAN and enter VLAN Configuration Mode. To delete a VLAN, use no vlan command.
The following configuration describes how to create VLAN 20, 30, 40.
Switch> enable
Switch# configure
Switch(config)# vlan 20
Switch(config-vlan)# name RD
Switch(config-vlan)# exit
Switch(config)# vlan 30
Switch(config-vlan)# name MKT
Switch(config-vlan)# exit
Switch(config)# vlan 40
Switch(config-vlan)# name SRV
Switch(config-vlan)# exit
The switchport general allowed command is used to add a port to a VLAN and set the tagged/untagged mode. To remove a port for a VLAN, please use no switchport general allowed command.
The switchport pvid command is used to set PVID for the port.
Ports 2, 3, 4 are used as access ports to connect computers. The following configurations describe how to add port 2, 3, 4 to the corresponding VLANs and set PVIDs.
Switch> enable
Switch# configure
Switch(config)# interface gigabitEthernet 1/0/2 (int gi 1/0/2)
Switch(config-if)# switchport general allowed vlan 20 untagged
Switch(config-if)# switchport pvid 20
Switch(config-if)# exit
Switch(config)# interface gigabitEthernet 1/0/3 (int gi 1/0/3)
Switch(config-if)# switchport general allowed vlan 30 untagged
Switch(config-if)# switchport pvid 30
Switch(config-if)# exit
Switch(config)# interface gigabitEthernet 1/0/4 (int gi 1/0/4)
Switch(config-if)# switchport general allowed vlan 40 untagged
Switch(config-if)# switchport pvid 40
Switch(config-if)# exit
In summary, to set a port as an access port for a certain VLAN, take VLAN 100 as an example, the common configuration is:
switchport general allowed vlan 100 untagged
switchport pvid 100
Port 1 is used as the trunk port to connect the router, which should transmit VLAN information of the data packets. The following configurations describe how to add port 1 to VLAN 20, 30, and 40.
Switch(config)# interface gigabitEthernet 1/0/1 (int gi 1/0/1)
Switch(config-if)# switchport general allowed vlan 20,30,40 tagged
Switch(config-if)# exit
Normally, all switch ports are member ports of VLAN 1. If you do not want to remove a port from VLAN 1, you need to additionally configure it.
The following configurations describe how to remove trunk port 1 from VLAN 1.
Switch(config)# interface gigabitEthernet 1/0/1 (int gi 1/0/1)
Switch(config-if)# no switchport general allowed vlan 1
Switch(config-if)# end
The command show interface switchport can be used to view VLAN configurations.
Switch# show interface switchport
Port LAG Type PVID Acceptable frame type Ingress Checking
------- --- ---- ---- --------------------- ----------------
Gi1/0/1 N/A General 1 All Enable
Gi1/0/2 N/A General 20 All Enable
Gi1/0/3 N/A General 30 All Enable
Gi1/0/4 N/A General 40 All Enable
Switch# show interface switchport gigabitEthernet 1/0/1
Port Gi1/0/1:
PVID: 1
Acceptable frame type: All
Ingress Checking: Enable
Member in LAG: N/A
Link Type: General
Member in VLAN:
Vlan Name Egress-rule
---- ----------- -----------
20 VLAN_20 Tagged
30 N/A Tagged
40 N/A Tagged
IGMP Snooping helps the switch maintain a multicast forwarding table by snooping the IGMP transmission between the host and the IGMP Querier. With the forwarding table, the switch can forward multicast data only to the ports that are in the corresponding multicast group, to constrain the flooding of multicast data in the Layer 2 network.
To complete IGMP Snooping configuration, follow these steps:
1) Enable IGMP Snooping globally and configure the global parameters.
2) Configure IGMP Snooping for VLANs.
3) Configure IGMP Snooping for ports.
4.1 Globally Enable IGMP Snooping
Use the command “ip igmp snooping” to globally enable the function. There are three versions of IGMP, the default version is v3, which supports to process IGMP v1, v2, and v3 report messages from the host, thus normally there is no need to modify the version.
Switch> enable
Switch# configure
Switch# ip igmp snooping
4.2 Unknown Multicast Groups
A commonly used option is “Unknown Multicast Groups”, by default, it is Forward, which means the switch forwards the multicast streams that are sent to unknown multicast groups. You can change the option to Discard so that the switch discards the multicast streams. Note to discard them, you need to enable MLD Snooping first.
Switch> enable
Switch# configure
Switch# ipv6 mld snooping
Switch# ip igmp snooping drop-unknown
Switch# ipv6 mld snooping drop-unknown
4.3 Configuring IGMP Snooping for VLANs
The switch supports configuring IGMP Snooping on a per-VLAN basis. After IGMP Snooping is enabled globally, you also need to enable IGMP Snooping and configure the corresponding parameters for the VLANs that the router ports and the member ports are in. The command is “ip igmp snooping vlan-config vlan-id”.
Switch> enable
Switch# configure
Switch# ip igmp snooping vlan-config 1
4.4 Enable Fast Leave for VLANs
With Fast Leave enabled on a VLAN, the switch will remove the (Multicast Group, Port, VLAN) entry from the multicast forwarding table before forwarding the leave message to the querier. This helps to reduce bandwidth waste since the switch no longer sends the corresponding multicast streams to the VLAN of the port as soon as the port receives a leave message from the VLAN.
You can enable Fast Leave by enabling the feature for both the VLAN and the Port when there is only one client connected to the access port.
The following configurations show how to enable Fast Leave for the VLAN 1:
Switch> enable
Switch# configure
Switch# ip igmp snooping vlan-config 1 immediate-leave
4.5 Enable IGMP Querier for VLANs
A querier periodically sends a general query on the network to solicit membership information and sends group-specific queries when it receives leave messages from hosts.
The querier is essential for IGMP Snooping to work properly. Usually, a router in the network can act as a querier. The switch can also act as a querier, but it is disabled by default, if you need to enable it, you can configure it as follows.
Switch> enable
Switch# configure
Switch# ip igmp snooping vlan-config 1 querier
Switch# ip igmp snooping vlan-config 1 querier general-query source-ip 192.168.0.1 (optional)
4.6 Configure IGMP Snooping for Ports
To enable IGMP Snooping and Fast Leave for port 1/0/1, the configurations are as follows.
Switch> enable
Switch# configure
Switch# interface gigabitEthernet 1/0/1
Switch(config-if)# ip igmp snooping (optional, since it is enabled by default)
Switch(config-if)# ip igmp snooping immediate-leave
5. VLAN Interface/Switch IP Address
By default, the switch is configured with an IP interface for VLAN 1 and obtains the IP address via DHCP with a fallback IP of 192.168.0.1. You can modify the IP address of the VLAN 1 interface to use another IP address to access the switch.
You can also configure IP interfaces for other VLANs, and the switch will implement the routing function between different VLANs. This chapter will explain how to view and modify the IP address of the VLAN 1 interface, create interfaces for other VLANs, and set IP addresses.
The command show ip interface can be used to view the IP address of an interface.
Switch> enable
Switch# show ip interface
VLAN1 is up, line protocol is up
Primary IP address is 192.168.0.100/24
Broadcast address is 255.255.255.255
Address determined by DHCP
Description is not set
MTU is 1500 bytes
ICMP redirects are never sent
ICMP unreachables are never sent
ICMP mask replies are never sent
DHCP Option 12 is not set
DHCP Option 60 is not set
The interface command is used to enter the Interface/VLAN Configuration Mode, after which you can modify the IP address settings with ip address or ip address-alloc commands. The command ip address is used to assign a static IP address to the interface, while the command ip address-alloc dhcp is used to enable DHCP for the interface.
The following configurations set a static IP address 192.168.0.100/24 for VLAN 1 interface, after which you can access the switch with the IP address.
Switch# configure
Switch(config)# interface vlan 1
Switch(config)# ip address 192.168.0.100 255.255.255.0
Switch(config)# exit
The following configurations restore the IP address settings to DHCP mode.
Switch# configure
Switch(config)# interface vlan 1
Switch(config)# ip address-alloc dhcp
Switch(config)# exit
You can use the command interface vlan ID to create an interface for a VLAN, then set the IP address.
The following configurations describe how to create interfaces for VLAN 20 and 30, and set a static IP address 192.168.20.1/24 for VLAN 20, and enable DHCP for VLAN 30.
Switch> enable
Switch# configure
Switch(config)# interface vlan 20
Switch(config-if)# ip address 192.168.20.1 255.255.255.0
Switch(config-if)# exit
Switch(config)# interface vlan 30
Switch(config-if)# ip address-alloc dhcp
Switch(config-if)# exit