Configuring TP-Link TL-SG5412F

On the test set up a new switch TP-Link TL-SG5412F.

Let me remind you that the speed when connecting via the console is 38400, the standard IP is, the login is admin, the password is admin.

After connecting via the console, we will switch to the configuration mode:


Perform the initial settings so that you can connect via telnet and specify the password when you switch to configuration mode:

line vty 0 5
login local
enable password TEXT

Change the standard password requested when connecting to the same:

line vty 0 5
password TEXT
enable password TEXT

Add a VLAN to manage (I have 207):

vlan 207
name core

And for users (226):

vlan 226
name local_smart

We specify the switch IP address in the managed VLAN (where gateway):

interface vlan 207
ip address

You can delete a VLAN or disable any function by adding the word “no” before the command, for example:

no vlan 207

Activate the loop guard function:

loopback-detection interval 50
loopback-detection recovery-time 3
show loopback-detection global

Configure the ports for users (I have port 9 uplink, the rest are user):

interface range gigabitEthernet 1/0/1-8,1/0/10-12
switchport mode access
switchport access vlan 226
switchport pvid 226
storm-control broadcast
storm-control rate 1m
loopback-detection config process-mode port-based recovery-mode auto

Now we will configure the uplink port (I have it 9, the Internet will come from it) and indicate that you can receive DHCP packets from this port:

interface gigabitEthernet 1/0/9
switchport mode trunk
switchport trunk allowed vlan 207,226
ip dhcp snooping trust
ip management-vlan 207

An example of viewing dhcp snooping settings:

show ip dhcp snooping
show ip source binding
show ip dhcp snooping interface gigabitEthernet 1/0/9

I will give an example of port handling (shutdown, setting connection speed, loop recovery):

interface gigabitEthernet 1/0/1
no shutdown
duplex full
speed auto
loopback-detection recover

To configure the traffic with and without a tag, we will do the following:

interface gigabitEthernet 1/0/2
switchport mode general
switchport general allowed vlan 207 tagged
switchport general allowed vlan 226 untagged

Let’s see our VLAN settings:

show vlan

We will restrict access to device management by IP or MAC address (I noticed that only one IP address can be registered, so I allowed it on a subnet:

user access-control ip-based
user access-control mac-based 00:00:22:22:11:11

Specify how many minutes of idleness to disconnect administrators:

user idle-timeout 10
show user configuration

Configure the built-in protection against DoS attacks:

ip dos-prevent
ip dos-prevent type xma-scan
ip dos-prevent type scan-synfin
ip dos-prevent type null-scan
ip dos-prevent type ping-flood
ip dos-prevent type syn-flood
show ip dos-prevent

Set up logs (logging level from 0 to 7, 7 – all information):

show logging local-config
logging buffer 6
logging flash 2

To clear the logs, use the command:

clear logging buffer/flash

Setting up sending level 5 logs to the server:

logging host index 1 5
show logging loghost

View logs:

show logging buffer
show logging buffer level 4
show logging flash
show logging flash level 1

The storage time of the mac-address in the switch table, standard is 300 seconds (5 minutes):

mac address-table aging-time 300

An example of viewing the table of mac-addresses:

show mac address-table address all
show mac address-table interface gigabitEthernet 1/0/1
show mac address-table vlan 207

Set the time:

system-time manual 09/21/2016-12:10:00
system-time ntp UTC+02:00 11
show system-time
show system-time ntp
show system-time dst

Configure SNMP:

snmp-server community public read-write viewDefault
show snmp-server
show snmp-server view
show snmp-server group
show snmp-server user
show snmp-server community
show snmp-server host
show snmp-server engineID

Cable diagnostics and viewing of some parameters:

show cable-diagnostics interface gigabitEthernet 1/0/1
show interface status
show interface configuration
show storm-control
show bandwidth
show port isolation interface

Save the settings by exiting configuration mode:

copy running-config startup-config

You can also send the configuration file to the TFTP server:

copy startup-config tftp ip-address filename config.cfg

To load the configuration file from the TFTP server into the switch, execute:

copy tftp startup-config ip-address filename config.cfg

You can view the configuration with the command:

show running-config

The switch reboots with the command:


Leave a comment

Leave a Reply