On the test set up a new switch TP-Link TL-SG5412F.
Let me remind you that the speed when connecting via the console is 38400, the standard IP is 192.168.0.1, the login is admin, the password is admin.
After connecting via the console, we will switch to the configuration mode:
enable
config
Perform the initial settings so that you can connect via telnet and specify the password when you switch to configuration mode:
line vty 0 5
login local
exit
enable password TEXT
Change the standard password requested when connecting to the same:
line vty 0 5
login
password TEXT
exit
enable password TEXT
Add a VLAN to manage (I have 207):
vlan 207
name core
exit
And for users (226):
vlan 226
name local_smart
exit
We specify the switch IP address in the managed VLAN (where 192.168.0.1 gateway):
interface vlan 207
ip address 192.168.0.223 255.255.255.0 192.168.0.1
exit
You can delete a VLAN or disable any function by adding the word “no” before the command, for example:
no vlan 207
Activate the loop guard function:
loopback-detection
loopback-detection interval 50
loopback-detection recovery-time 3
show loopback-detection global
Configure the ports for users (I have port 9 uplink, the rest are user):
interface range gigabitEthernet 1/0/1-8,1/0/10-12
switchport mode access
switchport access vlan 226
switchport pvid 226
storm-control broadcast
storm-control rate 1m
loopback-detection
loopback-detection config process-mode port-based recovery-mode auto
exit
Now we will configure the uplink port (I have it 9, the Internet will come from it) and indicate that you can receive DHCP packets from this port:
interface gigabitEthernet 1/0/9
switchport mode trunk
switchport trunk allowed vlan 207,226
ip dhcp snooping trust
exit
ip management-vlan 207
An example of viewing dhcp snooping settings:
show ip dhcp snooping
show ip source binding
show ip dhcp snooping interface gigabitEthernet 1/0/9
I will give an example of port handling (shutdown, setting connection speed, loop recovery):
interface gigabitEthernet 1/0/1
shutdown
no shutdown
duplex full
speed auto
loopback-detection recover
exit
To configure the traffic with and without a tag, we will do the following:
interface gigabitEthernet 1/0/2
switchport mode general
switchport general allowed vlan 207 tagged
switchport general allowed vlan 226 untagged
exit
Let’s see our VLAN settings:
show vlan
We will restrict access to device management by IP or MAC address (I noticed that only one IP address can be registered, so I allowed it on a subnet:
user access-control ip-based 192.168.0.0 255.255.255.0
user access-control mac-based 00:00:22:22:11:11
Specify how many minutes of idleness to disconnect administrators:
user idle-timeout 10
show user configuration
Configure the built-in protection against DoS attacks:
ip dos-prevent
ip dos-prevent type xma-scan
ip dos-prevent type scan-synfin
ip dos-prevent type null-scan
ip dos-prevent type ping-flood
ip dos-prevent type syn-flood
show ip dos-prevent
Set up logs (logging level from 0 to 7, 7 – all information):
show logging local-config
logging buffer 6
logging flash 2
To clear the logs, use the command:
clear logging buffer/flash
Setting up sending level 5 logs to the server:
logging host index 1 192.168.0.2 5
show logging loghost
View logs:
show logging buffer
show logging buffer level 4
show logging flash
show logging flash level 1
The storage time of the mac-address in the switch table, standard is 300 seconds (5 minutes):
mac address-table aging-time 300
An example of viewing the table of mac-addresses:
show mac address-table address all
show mac address-table interface gigabitEthernet 1/0/1
show mac address-table vlan 207
Set the time:
system-time manual 09/21/2016-12:10:00
system-time ntp UTC+02:00 192.168.0.1 192.168.0.1 11
show system-time
show system-time ntp
show system-time dst
Configure SNMP:
snmp-server
snmp-server community public read-write viewDefault
show snmp-server
show snmp-server view
show snmp-server group
show snmp-server user
show snmp-server community
show snmp-server host
show snmp-server engineID
Cable diagnostics and viewing of some parameters:
show cable-diagnostics interface gigabitEthernet 1/0/1
show interface status
show interface configuration
show storm-control
show bandwidth
show port isolation interface
Save the settings by exiting configuration mode:
exit
copy running-config startup-config
You can also send the configuration file to the TFTP server:
copy startup-config tftp ip-address 192.168.0.2 filename config.cfg
To load the configuration file from the TFTP server into the switch, execute:
copy tftp startup-config ip-address 192.168.0.2 filename config.cfg
You can view the configuration with the command:
show running-config
The switch reboots with the command:
reboot