On the test set up a new switch TP-Link TL-SG5412F.
Let me remind you that the speed when connecting via the console is 38400, the standard IP is 192.168.0.1, the login is admin, the password is admin.
After connecting via the console, we will switch to the configuration mode:
enable config
Perform the initial settings so that you can connect via telnet and specify the password when you switch to configuration mode:
line vty 0 5 login local exit enable password TEXT
Change the standard password requested when connecting to the same:
line vty 0 5 login password TEXT exit enable password TEXT
Add a VLAN to manage (I have 207):
vlan 207 name core exit
And for users (226):
vlan 226 name local_smart exit
We specify the switch IP address in the managed VLAN (where 192.168.0.1 gateway):
interface vlan 207 ip address 192.168.0.223 255.255.255.0 192.168.0.1 exit
You can delete a VLAN or disable any function by adding the word “no” before the command, for example:
no vlan 207
Activate the loop guard function:
loopback-detection loopback-detection interval 50 loopback-detection recovery-time 3 show loopback-detection global
Configure the ports for users (I have port 9 uplink, the rest are user):
interface range gigabitEthernet 1/0/1-8,1/0/10-12 switchport mode access switchport access vlan 226 switchport pvid 226 storm-control broadcast storm-control rate 1m loopback-detection loopback-detection config process-mode port-based recovery-mode auto exit
Now we will configure the uplink port (I have it 9, the Internet will come from it) and indicate that you can receive DHCP packets from this port:
interface gigabitEthernet 1/0/9 switchport mode trunk switchport trunk allowed vlan 207,226 ip dhcp snooping trust exit ip management-vlan 207
An example of viewing dhcp snooping settings:
show ip dhcp snooping show ip source binding show ip dhcp snooping interface gigabitEthernet 1/0/9
I will give an example of port handling (shutdown, setting connection speed, loop recovery):
interface gigabitEthernet 1/0/1 shutdown no shutdown duplex full speed auto loopback-detection recover exit
To configure the traffic with and without a tag, we will do the following:
interface gigabitEthernet 1/0/2 switchport mode general switchport general allowed vlan 207 tagged switchport general allowed vlan 226 untagged exit
Let’s see our VLAN settings:
show vlan
We will restrict access to device management by IP or MAC address (I noticed that only one IP address can be registered, so I allowed it on a subnet:
user access-control ip-based 192.168.0.0 255.255.255.0 user access-control mac-based 00:00:22:22:11:11
Specify how many minutes of idleness to disconnect administrators:
user idle-timeout 10 show user configuration
Configure the built-in protection against DoS attacks:
ip dos-prevent ip dos-prevent type xma-scan ip dos-prevent type scan-synfin ip dos-prevent type null-scan ip dos-prevent type ping-flood ip dos-prevent type syn-flood show ip dos-prevent
Set up logs (logging level from 0 to 7, 7 – all information):
show logging local-config logging buffer 6 logging flash 2
To clear the logs, use the command:
clear logging buffer/flash
Setting up sending level 5 logs to the server:
logging host index 1 192.168.0.2 5 show logging loghost
View logs:
show logging buffer show logging buffer level 4 show logging flash show logging flash level 1
The storage time of the mac-address in the switch table, standard is 300 seconds (5 minutes):
mac address-table aging-time 300
An example of viewing the table of mac-addresses:
show mac address-table address all show mac address-table interface gigabitEthernet 1/0/1 show mac address-table vlan 207
Set the time:
system-time manual 09/21/2016-12:10:00 system-time ntp UTC+02:00 192.168.0.1 192.168.0.1 11 show system-time show system-time ntp show system-time dst
Configure SNMP:
snmp-server snmp-server community public read-write viewDefault show snmp-server show snmp-server view show snmp-server group show snmp-server user show snmp-server community show snmp-server host show snmp-server engineID
Cable diagnostics and viewing of some parameters:
show cable-diagnostics interface gigabitEthernet 1/0/1 show interface status show interface configuration show storm-control show bandwidth show port isolation interface
Save the settings by exiting configuration mode:
exit copy running-config startup-config
You can also send the configuration file to the TFTP server:
copy startup-config tftp ip-address 192.168.0.2 filename config.cfg
To load the configuration file from the TFTP server into the switch, execute:
copy tftp startup-config ip-address 192.168.0.2 filename config.cfg
You can view the configuration with the command:
show running-config
The switch reboots with the command:
reboot