T1500G-10PSUN V1 CLI Reference Guide Guide
Page 13
... radius-server 277 aaa group ...278 server ...278 show aaa group...279 aaa authentication login 280 aaa authentication enable 281 aaa authentication dot1x default 282 aaa accounting dot1x default 282 show aaa authentication 283 show aaa accounting 284 line telnet...284 login authentication(telnet 285 line ssh ...285 login authentication(ssh 286...
... radius-server 277 aaa group ...278 server ...278 show aaa group...279 aaa authentication login 280 aaa authentication enable 281 aaa authentication dot1x default 282 aaa accounting dot1x default 282 show aaa authentication 283 show aaa accounting 284 line telnet...284 login authentication(telnet 285 line ssh ...285 login authentication(ssh 286...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 19
Open the software to log on to the interface of the switch into Host Name field; Figure 1-6 SSH Connection Config 6 select SSH as the Connection type. Figure 1-5 Enable SSH function Password Authentication Mode 1. keep the default value 22 in the Port field; Enter the IP address of PuTTY.
Open the software to log on to the interface of the switch into Host Name field; Figure 1-6 SSH Connection Config 6 select SSH as the Connection type. Figure 1-5 Enable SSH function Password Authentication Mode 1. keep the default value 22 in the Port field; Enter the IP address of PuTTY.
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 50
...is selected, the Aggregate Arithmetic will be based on the destination IP address of the packets. Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: T1500G-10MPS(config)# interface range gigabitEthernet 1/0/2-4 T1500G-10MPS(config-if-range)# channel-group 1 mode on the source...on the source MAC address of the packets. 37 The source and destination IP address. dst-ip -- src-dst-ip -- When this option is "src-dst-mac" by default. The destination IP address. src-ip -- The destination MAC address. When this option is selected, the Aggregate Arithmetic...
...is selected, the Aggregate Arithmetic will be based on the destination IP address of the packets. Example Add ports 2-4 to EtherChannel Group 1 and enable the static LAG: T1500G-10MPS(config)# interface range gigabitEthernet 1/0/2-4 T1500G-10MPS(config-if-range)# channel-group 1 mode on the source...on the source MAC address of the packets. 37 The source and destination IP address. dst-ip -- src-dst-ip -- When this option is "src-dst-mac" by default. The destination IP address. src-ip -- The destination MAC address. When this option is selected, the Aggregate Arithmetic...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 51
... Operator and Power User level users have access to these commands. Example Configure the Aggregate Arithmetic for LAG as 1024 globally: T1500G-10MPS(config)# lacp system-priority 1024 38 It is used to configure the LACP system priority globally. Example Configure the LACP system... priority as "src-dst-ip": T1500G-10MPS(config)# port-channel load-balance src-dst-ip 5.3 lacp system-priority Description The lacp system-priority command is 32768 by default. To return to the default configurations, please use no lacp system-priority Parameter pri --...
... Operator and Power User level users have access to these commands. Example Configure the Aggregate Arithmetic for LAG as 1024 globally: T1500G-10MPS(config)# lacp system-priority 1024 38 It is used to configure the LACP system priority globally. Example Configure the LACP system... priority as "src-dst-ip": T1500G-10MPS(config)# port-channel load-balance src-dst-ip 5.3 lacp system-priority Description The lacp system-priority command is 32768 by default. To return to the default configurations, please use no lacp system-priority Parameter pri --...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 58
..." means that you set here are defined, only the latest configured password will be displayed in the encrypted form. By default, the encryption type is "admin" by default. 0 -- User Guidelines If both the user name (password) and user name (secret) are allowed to edit or modify... that you can only view some of the the settings of the users' access. T1500G-10MPS(config)#user name tplink privilege admin secret 0 admin 6.3 user access-control ip-based Description The user access-control ip-based command is case sensitive, allows digits, English letters (case sensitive), underlines and...
..." means that you set here are defined, only the latest configured password will be displayed in the encrypted form. By default, the encryption type is "admin" by default. 0 -- User Guidelines If both the user name (password) and user name (secret) are allowed to edit or modify... that you can only view some of the the settings of the users' access. T1500G-10MPS(config)#user name tplink privilege admin secret 0 admin 6.3 user access-control ip-based Description The user access-control ip-based command is case sensitive, allows digits, English letters (case sensitive), underlines and...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 59
...limit the MAC address of the users' access. The source IP address. These interfaces are allowed to access the switch. ip-mask --The subnet mask of the user whose IP address is 192.168.0.148: T1500G-10MPS(config)# user access-control ip-based 192.168.0.148 255.255.255.255 6.4 user ...access-control mac-based { mac-addr } [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] -- Only the users within the IP-range you set here are enabled by default. Only the user with this MAC address you set here is used to these commands. To cancel the user access limit, please...
...limit the MAC address of the users' access. The source IP address. These interfaces are allowed to access the switch. ip-mask --The subnet mask of the user whose IP address is 192.168.0.148: T1500G-10MPS(config)# user access-control ip-based 192.168.0.148 255.255.255.255 6.4 user ...access-control mac-based { mac-addr } [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ] -- Only the users within the IP-range you set here are enabled by default. Only the user with this MAC address you set here is used to these commands. To cancel the user access limit, please...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 64
... function enables the user to replace the default key pair. 7.1 ip http server Description The ip http server command is enabled by default. This function is used to exchange or transfer hypertext. Syntax ip http server no ip http server Command Mode Global Configuration Mode ... through a standard browser. Adopting asymmetrical encryption technology, SSL uses key pair to these commands. Example Disable the HTTP function: T1500G-10MPS(config)# no ip http server command. A key pair refers to provide a secure connection for the application layer protocol (e.g. HTTP is to a...
... function enables the user to replace the default key pair. 7.1 ip http server Description The ip http server command is enabled by default. This function is used to exchange or transfer hypertext. Syntax ip http server no ip http server Command Mode Global Configuration Mode ... through a standard browser. Adopting asymmetrical encryption technology, SSL uses key pair to these commands. Example Disable the HTTP function: T1500G-10MPS(config)# no ip http server command. A key pair refers to provide a secure connection for the application layer protocol (e.g. HTTP is to a...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 66
...HTTPS server function cannot be disabled at the same time. Syntax ip http session timeout minutes no ip http session timeout Parameter minutes --The timeout time, ranging from 5 to the default timeout time, please use no ip http secure-server Command Mode Global Configuration Mode 53 To disable ...timeout command is used to configure the connection timeout of the HTTP server connection as 15 minutes: T1500G-10MPS(config)# ip http session timeout 15 7.4 ip http secure-server Description The ip http secure-server command is used to enable the HTTPS server within the switch. Command Mode ...
...HTTPS server function cannot be disabled at the same time. Syntax ip http session timeout minutes no ip http session timeout Parameter minutes --The timeout time, ranging from 5 to the default timeout time, please use no ip http secure-server Command Mode Global Configuration Mode 53 To disable ...timeout command is used to configure the connection timeout of the HTTP server connection as 15 minutes: T1500G-10MPS(config)# ip http session timeout 15 7.4 ip http secure-server Description The ip http secure-server command is used to enable the HTTPS server within the switch. Command Mode ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 67
... restore to these commands. Example Configure the protocol of SSL connection as SSL 3.0: T1500G-10MPS(config)# ip http secure-protocol ssl3 54 Syntax ip http secure-protocol { [ ssl3 ] [ tls1 ] } no ip http secure-protocol Parameter ssl3 -- The TLS 1.0 protocol Command Mode Global Configuration Mode... The SSL 3.0 protocol. Example Disable the HTTPS function: T1500G-10MPS(config)# no ip http secure-server 7.5 ip http secure-protocol Description The ip http secure-protocol command is used to these commands. By default, the switch supports SSLv3 and TLSv1. Privilege Requirement Only ...
... restore to these commands. Example Configure the protocol of SSL connection as SSL 3.0: T1500G-10MPS(config)# ip http secure-protocol ssl3 54 Syntax ip http secure-protocol { [ ssl3 ] [ tls1 ] } no ip http secure-protocol Parameter ssl3 -- The TLS 1.0 protocol Command Mode Global Configuration Mode... The SSL 3.0 protocol. Example Disable the HTTPS function: T1500G-10MPS(config)# no ip http secure-server 7.5 ip http secure-protocol Description The ip http secure-protocol command is used to these commands. By default, the switch supports SSLv3 and TLSv1. Privilege Requirement Only ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 68
...-ciphersuite { [ 3des-ede-cbc-sha ] [ rc4-128-md5 ] [ rc4-128-sha ] [ des-cbc-sha ] } no ip http secure-ciphersuite command. By default, the switch supports all these commands. To cancel this limitation, please use on an SSL connection. To restore to these ciphersuites. Example Configure...command is used to configure the cipherSuites over the SSL connection as 3des-ede-cbc-sha: T1500G-10MPS(config)# ip http secure-ciphersuite 3des-ede-cbc-sha 7.7 ip http secure-max-users Description The ip http secure-max-users command is used to configure the maximum number of users that are ...
...-ciphersuite { [ 3des-ede-cbc-sha ] [ rc4-128-md5 ] [ rc4-128-sha ] [ des-cbc-sha ] } no ip http secure-ciphersuite command. By default, the switch supports all these commands. To cancel this limitation, please use on an SSL connection. To restore to these ciphersuites. Example Configure...command is used to configure the cipherSuites over the SSL connection as 3des-ede-cbc-sha: T1500G-10MPS(config)# ip http secure-ciphersuite 3des-ede-cbc-sha 7.7 ip http secure-max-users Description The ip http secure-max-users command is used to configure the maximum number of users that are ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 69
The maximum number of the users logging on to the HTTPS server as 5, 2, 2, and 1: T1500G-10MPS(config)# ip http secure-max-users 5 2 2 1 7.8 ip http secure-session timeout Description The ip http secure-session timeout command is used to configure the connection timeout of the HTTPS server. operator-num -- power-user-num...16. The total number of the users logging on to the HTTPS server as Power User, ranging from 0 to the default timeout time, please use no ip http secure-max-users Parameter admin-num -- The maximum number of users should be no more than 16. The total ...
The maximum number of the users logging on to the HTTPS server as 5, 2, 2, and 1: T1500G-10MPS(config)# ip http secure-max-users 5 2 2 1 7.8 ip http secure-session timeout Description The ip http secure-session timeout command is used to configure the connection timeout of the HTTPS server. operator-num -- power-user-num...16. The total number of the users logging on to the HTTPS server as Power User, ranging from 0 to the default timeout time, please use no ip http secure-max-users Parameter admin-num -- The maximum number of users should be no more than 16. The total ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 70
...the HTTPS server connection as 15 minutes: T1500G-10MPS(config)# ip http secure-session timeout 15 7.9 ip http secure-server download certificate Description The ip http secure-server download certificate command is 10. Syntax ip http secure-session timeout minutes no ip http secure-session timeout Parameter minutes -- ...access to 25 characters. Command Mode Global Configuration Mode 57 The length of the TFTP server. The IP address of the name ranges from 5 to 30 in minutes. By default, the value is used to download a certificate to the switch. The timeout time, ranging from ...
...the HTTPS server connection as 15 minutes: T1500G-10MPS(config)# ip http secure-session timeout 15 7.9 ip http secure-server download certificate Description The ip http secure-server download certificate command is 10. Syntax ip http secure-session timeout minutes no ip http secure-session timeout Parameter minutes -- ...access to 25 characters. Command Mode Global Configuration Mode 57 The length of the TFTP server. The IP address of the name ranges from 5 to 30 in minutes. By default, the value is used to download a certificate to the switch. The timeout time, ranging from ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 77
... the Option 82 function of DHCP Snooping on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information option 8.5 ip dhcp snooping information strategy Description The ip dhcp snooping information strategy command is used to select the operation... for the Option 82 field of DHCP Snooping. To restore to the default option, please use no ip...
... the Option 82 function of DHCP Snooping on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information option 8.5 ip dhcp snooping information strategy Description The ip dhcp snooping information strategy command is used to select the operation... for the Option 82 field of DHCP Snooping. To restore to the default option, please use no ip...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 78
... range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to default Remote ID for the Option 82, please use no ip dhcp snooping information remote-id Parameter string -- The operations for the Option 82. replace: Indicates ...and then send out on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information strategy replace 8.6 ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is the default option; Example Replace the Option 82 field...
... range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to default Remote ID for the Option 82, please use no ip dhcp snooping information remote-id Parameter string -- The operations for the Option 82. replace: Indicates ...and then send out on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information strategy replace 8.6 ip dhcp snooping information remote-id Description The ip dhcp snooping information remote-id command is the default option; Example Replace the Option 82 field...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 79
...the customized sub-option Circuit ID for the Option 82, please use no ip dhcp snooping information circuit-id Parameter string -- Syntax ip dhcp snooping information circuit-id string no ip dhcp snooping information circuit-id command. Command Mode Interface Configuration Mode (interface ... as tplink on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information remote-id tplink 8.7 ip dhcp snooping information circuit-id Description The ip dhcp snooping information circuit-id command is used to the default Circuit ID for the Option...
...the customized sub-option Circuit ID for the Option 82, please use no ip dhcp snooping information circuit-id Parameter string -- Syntax ip dhcp snooping information circuit-id string no ip dhcp snooping information circuit-id command. Command Mode Interface Configuration Mode (interface ... as tplink on port 1/0/1: T1500G-10MPS(config)#interface gigabitEthernet 1/0/1 T1500G-10MPS(config-if)#ip dhcp snooping information remote-id tplink 8.7 ip dhcp snooping information circuit-id Description The ip dhcp snooping information circuit-id command is used to the default Circuit ID for the Option...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 81
... feature for the Gigabit Ethernet port 10/2: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 T1500G-10MPS(config-if)#ip dhcp snooping mac-verify 8.10 ip dhcp snooping limit rate Description The ip dhcp snooping limit rate command is used to these commands. The default value is to the default configuration, please use no ip dhcp snooping limit rate command. Syntax...
... feature for the Gigabit Ethernet port 10/2: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 T1500G-10MPS(config-if)#ip dhcp snooping mac-verify 8.10 ip dhcp snooping limit rate Description The ip dhcp snooping limit rate command is used to these commands. The default value is to the default configuration, please use no ip dhcp snooping limit rate command. Syntax...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 82
... the Decline Protect feature and configure the rate limit on Gigabit Ethernet port 1/0/2: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 69 Syntax ip dhcp snooping decline rate value no ip dhcp snooping decline rate command. Specify the rate limit of GigabitEthernet port 1/0/2 as...Decline packets as 20 pps: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 T1500G-10MPS(config-if)#ip dhcp snooping limit rate 20 8.11 ip dhcp snooping decline rate Description The ip dhcp snooping decline rate command is 0, which stands for "disable". It default value is used to these ...
... the Decline Protect feature and configure the rate limit on Gigabit Ethernet port 1/0/2: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 69 Syntax ip dhcp snooping decline rate value no ip dhcp snooping decline rate command. Specify the rate limit of GigabitEthernet port 1/0/2 as...Decline packets as 20 pps: T1500G-10MPS(config)#interface gigabitEthernet 1/0/2 T1500G-10MPS(config-if)#ip dhcp snooping limit rate 20 8.11 ip dhcp snooping decline rate Description The ip dhcp snooping decline rate command is 0, which stands for "disable". It default value is used to these ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 88
...default, the value is used to configure the ARP speed of the received ARP packets per second, ranging from 10 to 100 in pps(packet/second). Example Configure the maximum amount of a specified port. Example Enable the arp defend function for Gigabit Ethernet port 5: T1500G-10MPS(config)#interface gigabitEthernet 1/0/5 T1500G-10MPS(config-if)#ip...range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to the default speed, please use no ip arp inspection limit-rate Parameter value --The value to specify the maximum amount of the received ARP ...
...default, the value is used to configure the ARP speed of the received ARP packets per second, ranging from 10 to 100 in pps(packet/second). Example Configure the maximum amount of a specified port. Example Enable the arp defend function for Gigabit Ethernet port 5: T1500G-10MPS(config)#interface gigabitEthernet 1/0/5 T1500G-10MPS(config-if)#ip...range port-channel) Privilege Requirement Only Admin, Operator and Power User level users have access to the default speed, please use no ip arp inspection limit-rate Parameter value --The value to specify the maximum amount of the received ARP ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 99
...be sent to display the system logs on the terminal devices. Syntax logging host index idx host-ip level no logging monitor command. The switch supports 4 log hosts at most. host-ip -- The smaller value has the higher priority. To disable logging to the corresponding log host. ...Example Enable log host 2 and set its IP address as 192.168.0.148, the level 5: T1500G-10MPS(config)# logging host index 2 192.168.0.148 5 11.7 logging monitor Description The logging monitor command is enabled by default. By default, it is 6 indicating that the log information marked with ...
...be sent to display the system logs on the terminal devices. Syntax logging host index idx host-ip level no logging monitor command. The switch supports 4 log hosts at most. host-ip -- The smaller value has the higher priority. To disable logging to the corresponding log host. ...Example Enable log host 2 and set its IP address as 192.168.0.148, the level 5: T1500G-10MPS(config)# logging host index 2 192.168.0.148 5 11.7 logging monitor Description The logging monitor command is enabled by default. By default, it is 6 indicating that the log information marked with ...
T1500G-10PSUN V1 CLI Reference Guide Guide
Page 106
... Admin, Operator and Power User level users have access to 5. It ranges from 1 to the factory defaults, please use no operation from the client. By default, this value is no ip ssh max-client command. To restore to 120 in seconds. During this period, the system will automatically... SSH server. It ranges from 1 to these commands. Syntax ip ssh timeout value no ip ssh timeout Parameter value -- Example Specify the idle-timeout time of SSH as 30 seconds: T1500G-10MPS(config)# ip ssh timeout 30 12.5 ip ssh max-client Description The ip ssh max-client command is 5. 93
... Admin, Operator and Power User level users have access to 5. It ranges from 1 to the factory defaults, please use no operation from the client. By default, this value is no ip ssh max-client command. To restore to 120 in seconds. During this period, the system will automatically... SSH server. It ranges from 1 to these commands. Syntax ip ssh timeout value no ip ssh timeout Parameter value -- Example Specify the idle-timeout time of SSH as 30 seconds: T1500G-10MPS(config)# ip ssh timeout 30 12.5 ip ssh max-client Description The ip ssh max-client command is 5. 93