LevelOne GEP-2650 Page 92 User Manual Download

Page: 92 / 109

But discards all the DHCP Offer message from UNTRUST port, then we set legal DHCP Server

connected port as TRUST port, and the other port set as UNTRUST port, this can realize the shielding

of illegal DHCP Server.

1-1

As shown in diagram 1-1 network environment. The Client obtain IP address and surf the Internet

through legal DHCP Server. Set the switch port connected by client as untrust port according to the

requirement, set the switch port connected by DHCP Server as trust port. So we can put an end to the

affect to other user that private set up illegal DHCP Server user caused.

13.2.

DHCP Snooping Configuration

13.2.1. Enabling DHCP Snooping

Only after enabling the DHCP Snooping, DHCP Snooping function will take effect, the configured

trusted port and untrusted port can work properly.

Command

Function

Switch(config)#

dhcp-snooping

Enable DHCP Snooping, DHCP Snooping

is disabled by default.

Enabling DHCP Snooping in global configuration mode:

Switch# configure terminal

Switch(config)#

dhcp-snooping

Global DHCP mode: enable

13.2.2. Trusted Port Configuration

Use the following command to configure DHCP Snooping trusted port in interface configuration mode:

Summary of Contents for GEP-2650

Page 1: ...GEP 2650 26 Port Web Smart Gigabit PoE Switch 802 3at PoE 24 PoE Outputs 370W 2 x SFP User Manual V1 0 Digital Data Communications Asia Co Ltd http www level1 com...

Page 2: ...procedures hardware installation troubleshooting module specifications of equipment as well as the cable and connector specifications and standards Product manual commands This manual does a detailed...

Page 3: ...the output information screen The user with information from the terminal input information represented by the bold font 3 various types of marks The book also expressed in the operating process shoul...

Page 4: ...on interface 4 Configure access trunk port 5 Configure Link aggregation Port 6 Configure VLAN 7 Configure MAC address 8 Configuration of POE 9 configuration IGMP Snooping 10 Configure SNMP 11 Configur...

Page 5: ...enter global configuration mode Use the configuration mode global configuration mode interface configuration mode command will have an impact on the current running configuration If the user to save t...

Page 6: ...r the interface gigabitEthernet_id command To return to the privileged mode enter the end command or type the Ctrl Z key combination Various interfaces using the mode configuration of network devices...

Page 7: ...t to abbreviate command only need to enter the command key part of a character as long as this part of the character recognition only enough command keyword For example show running config The command...

Page 8: ...prompt on the seat under the input of a question mark this mode allows the command key will be displayed 1 5 Use the history command The system provides the user input command records The characterist...

Page 9: ...scrolling a page the next page content only in the output content does not end use 1 7 Visit CLI Before using CLI users need to use a terminal or PC and network equipment connection To start the netw...

Page 10: ...ment on time by manual way When you set the clock network equipment network equipment clock will you set the time is running down even if the network equipment network equipment clock continues to run...

Page 11: ...are not configured for the CLI command prompt then the system name if the system name exceeds 32 characters interception The first 32 characters will be the default command prompt prompt will change w...

Page 12: ...rminal rate setting must and network equipment console rate 2 5 2 Set console rate On line configuration mode rate you can use the following command to set the console Step 1 2 6 Connection timeout 2...

Page 13: ...line last line Access to the specified LINE model 2 7 3 Configure user authentication local By default the user can directly through the console port or telnet directly connected to the switch can be...

Page 14: ...Port interface configuration command a port configured as a Access Port Hybrid Port or Trunk Port Switch Port is used to manage the physical interface and the second related protocols and does not ha...

Page 15: ...ction between devices can also be used to connect the user s computer The default VLAN Because Trunk Port can belong to more than one VLAN so we need to set up a Native VLAN as the default VLAN when s...

Page 16: ...terface of the Native VLAN transmission Tagged Frame If the received frame is Trunk port TAG will be in accordance with the following conditions for processing receiving the data frame in sending the...

Page 17: ...is section describes the type three layer interface and the related definition can be divided into the following types SVI Switch virtual interface The SVI is switched virtual interface to achieve the...

Page 18: ...nfiguration command only to the physical port Link aggregation Port and the SVI interface is not supported media type setting This configuration command only for media port Configuration for the Link...

Page 19: ...ow to close the interface 0 1 Switch config terminal Switch config interface gigabitEthernet 0 1 Switch config if gigabitEthernet 0 1 shutdown The following example describes how to enable the interfa...

Page 20: ...ion of two layer interface are given in the following table Attribute The default settings Working mode L2 swith Switch port mode access port Allow VLAN range VLAN 1 4094 The default VLAN for access p...

Page 21: ...VLAN Command Function Switch config if GigabitEthernet 0 2 switch trunk native vlan vlan id Configure the trunk port s NATIVE VLAN Below is the example to configure Trunk Port Gigabitethernet 0 2 s Na...

Page 22: ...ern by using Link aggregation Port Specific configuration process please refer to Configure Link aggregation Port 4 1 3 Clear the port statistics Clear the port statistics by Clear Command in the priv...

Page 23: ...itch config if vlan1 ip address 192 168 1 1 255 255 255 0 4 2 Show the port configuration and Status This section describles the port s display content and display examples You can chec the port statu...

Page 24: ...Below is the example to show the port physical attribute Switch show interface gigabitEthernet 0 9 media Gi 0 9 media fiber optical interface Switch show interface gigabitEthernet 0 3 media Gi 0 3 me...

Page 25: ...bolErrors 0 TotalAlignmetErrors 0 TotalUndersizePkts 0 TotalOversizePkts 0 TotalFragments 0 TotalJabbers 0 TotalCollisions 0 TotalPkts64Octets 43300 TotalPkts65to127Octets 5005 TotalPkts128to255Octets...

Page 26: ...lance it can assign flow to each link evenly AP realize the linke backup When one of the link in the AP disconnected syestem will assign this link s flow to the other effective links automaticly One b...

Page 27: ...nput packets source MAC address 5 2 2 Link aggregation Port configuration Instructor AP members ports rate status duplex transmission media must be the same Two layer port can only join two layer AP t...

Page 28: ...manual mode the port needs to be configured to be manual mode Using the Command no link aggregation ap id to exit a physical port in the port configuration mode Below is the example to configure two l...

Page 29: ...on Switch show link aggregation group 1 Link Aggregation 1 Mode Manual Description Load balance method mac Number of ports in total 1 Number of ports attached 1 Gi 0 1 DETACHED Gi 0 3 ATTACHED 6 Confi...

Page 30: ...e same as a phosical network VLAN is connected with a subnet IP A typical example All the hosts in a same IP subnet belong to the same VLAN VLANs must communicate with each other by 3 layers equipment...

Page 31: ...t be removed You can configure a port s VLAN member type or add rmove a VLAN in port configurationmode 6 2 1 Save VLAN configuration information When you type the Command Write in the privileged mode...

Page 32: ...thernet 0 1 as Access port to join VLAN20 Switch configure terminal Switch config interface gigabitEthernet 0 1 Switch config if GigabitEthernet 0 1 switch mode access Switch config if GigabitEthernet...

Page 33: ...hernet 0 1 switch mode access Set a port to be Access mode S t e p 2 Switch config if GigabitEthernet 0 1 switch mode trunk Set a port to be Trunk mode Must assigned a Native VLAN for Trunk port So ca...

Page 34: ...GigabitEthernet 0 1 end 6 3 4 Configure Native VLAN A Trunk can receive and send TAG or UNTAG 802 1Q frame UNTAGframeusedtotransmit Native VLAN flow Default Native VLAN is VLAN 1 In the port configur...

Page 35: ...itch config if GigabitEthernet 0 1 no switch hybrid vlan 2 untagged 6 4 4 Configure Native VLAN Native vlan in the hybrid port confirm to recive without vlan marked packet and confirmitis transmitted...

Page 36: ...7 Configure MAC address Ethernet switches through the MAC address table in the data link layer to forward packets this article is description of configuration method of MAC address 7 1 Understand MAC...

Page 37: ...only one and message output directly from a table item of the corresponding port Multicast forwarding Ethernet switch can check message s purpose MAC address and tables that is correspond to VLAN ID t...

Page 38: ...Ethernet switch MAC address table has been in existence UserA s MAC address so the message is in the form of unicast forwarding to Gigabit Ethernet 0 2 ports Ethernet switches at the same time will le...

Page 39: ...ress of the message that the address will be deleted from the MAC address table when reaching to aging time 7 1 4 Filter addresses Manual configuration of the MAC address table entries for discarded i...

Page 40: ...4 Dynamic Address Aging Time Configuration 7 4 1 Aging Time Configuration Command Function Switch config mac address agint time 10 893 set the time span of an address kept in dynamic address table af...

Page 41: ...package forwards to ap id the link aggregation interface that package forwards to drop discarded data package Switch config no mac address static mac address vlan vlan id interface gigabitEthernet por...

Page 42: ...address or destination address from the specified VLAN of vlan id of the equipment the message will be discarded Switch config no mac address static mac address vlan vlan id drop Delete filtering add...

Page 43: ...hernet switch respectively through Gi0 1 and Gi0 2 server administrators connected to the Ethernet switch through Gi0 3 other normal users access to the Web server through the Ethernet switch Gi0 5 po...

Page 44: ...tion Server 00d0 3232 0002 VLAN10 Gi 0 2 Network Administrator 00d0 3232 1000 VLAN10 Gi 0 3 7 7 4 Configuration Steps enter the global configuration mode of the switch Switch en Switch configure termi...

Page 45: ...generally have internal power supply some products also supports external power supply external power supply is called the RPS PSE PSE Power Sourcing Equipment PSE on PoE interface circuit to find an...

Page 46: ...owing at the interface mode If you use interface range command batch configuration port PoE function Due to the range command is configuration interfaces one by one a port PoE function were switched o...

Page 47: ...l output the corresponding message in the configuration Static mode the distribution of power according to the user s configuration each port must be assigned to power supply When switch to static mod...

Page 48: ...erface are all low Same priority port the new insert port will not affect the already in the state of the power supply of PD equipment power supply Different priority of ports is not affected by this...

Page 49: ...itch configure terminal Enter configuration commands one per line End with CTRL Z Switch config interface gigabitEthernet 0 1 Switch config if gigabitEthernet 0 1 poe max power 17 Switch config if gig...

Page 50: ...ation commands one per line End with CTRL Z Switch config interface gigabitEthernet 0 1 Switch config if gigabitEthernet 0 1 poe alloc power 20 Switch config if gigabitEthernet 0 1 poe enable Switch c...

Page 51: ...mode to retain power it may lead to port under electric has access to electricity 8 2 7 Use hot start uninterrupted power supply function If you need to restart the switch in practical applications su...

Page 52: ...of the next If the user forgot to save the configuration or to save the configuration and then change the POE configuration system will prompt the user to save the configuration Command Function Switc...

Page 53: ...onfig if gigabitEthernet 0 1 poe recover auto manual Set the recovery mode Auto Power supply equipment to restore power PD device automatically restore power Manual Power supply equipment to restore p...

Page 54: ...terface of PD descriptors Switch configure terminal Enter configuration commands one per line End with CTRL Z Switch config interface gigabitEthernet 0 1 Switch config if gigabitEthernet 0 1 poe pd de...

Page 55: ...Detecting Max power 29 123 W Allocate power 19 124 W Current power 0 W Average power 0 W Peak power 0 W Voltage 0 V Current 0 mA PD class NO PD Devices Trouble cause None Priority Low Trouble Recover...

Page 56: ...ltage The current voltage of the port Current The current electricity of the port PD class Port s level according to the regulations of the 802 3af 802 3at PD equipment is divided into four levels Tro...

Page 57: ...W 0W 0W 0mA 0 N A Display all POE port configuration information Switch show poe interfaces configuration Interface Power Power Max Alloc Port Port Control Status Power Power Priority Legacy Gi0 1 Nor...

Page 58: ...y Display POE power supply state of the whole system Display Item Instructions Powerring Port List Currently in power supply port Power management Power supply management mode auto Automatic mode ener...

Page 59: ...carried out within the VLAN related port is refers to the internal members of the VLAN Run the IGMP Snooping devices through analyze the IGMP packets received For port and multicast address set up map...

Page 60: ...he Listener Port Said switch connection port of the IP multicast group side Such as the SwitchA of Gi 0 2 Gi 0 3 and Gi 0 4 port Switch to all members of the ports on the device including dynamic and...

Page 61: ...membership after receiving the report message Switch it to all routing within a VLAN connection port forwarding to go out From the analysis of the message in the host IP multicast group address to jo...

Page 62: ...ring using the features 9 2 Configure IGMP Snooping We will from the following sections describe how to configure the IGMP Snooping 9 2 1 Enable IGMP Snooping Step 1 Step 2 Step 3 The following exampl...

Page 63: ...AN off the IGMP Snooping function can use the following command In the global mode follow these steps to close the IGMP Snooping Command Function Switch config no ip igmp snooping vlan num Close the V...

Page 64: ...emove the port from the list of member port In the global mode follow these steps to configure the aging timer of member port Command Function Switch config ip igmp snooping timer report port expiry t...

Page 65: ...face gig port id link aggregation ap id Cancel the interface for static routing connections Step 1 Step 2 Step 3 Step 4 If you want to delete one of the IGMP profile you can use the no IP IGMP profile...

Page 66: ...ter Vlan SourceAddr Interface 1 0 0 0 0 Gi 0 1 static 9 2 8 Configure port IGMP Filtering In some cases you may need to control a certain ports can only receive a number of specific multicast data flo...

Page 67: ...how ip igmp snooping Global IGMP Snooping configuration IGMP Snooping Enabled Report Suppression Enabled TCN solicit query Disabled TCN flood query count 2 Last Member Query Interval 1000 IGMP version...

Page 68: ...on Command Function Switch show ip igmp snooping mrouter Check the IGMP Snooping routing connection information The following example uses theshow ip igmp snooping command to view IGMP Snooping routin...

Page 69: ...standards RFC1157 Up to now because of many manufacturers support for the deal SNMP has become the de facto standard of network management Network equipment by using SNMP protocol The network administ...

Page 70: ...ies the network equipment in the A list of Numbers can be used to represent such as 1 3 6 1 2 1 1 this string of Numbers is the management unit of the Object Identifier MIB is a collection of network...

Page 71: ...ters from Agent under a parameter value Get bulk Operation NMS extracted from Agent batch parameter values Set request Operation NMS set one or more of the parameters of the Agent Get response Operati...

Page 72: ...view based management The default does not specify a view which allows access to all MIB objects You can specify to use the certification of management IP If not specified were not limiting the use o...

Page 73: ...ake the initiative to send NMS sends the Trap message The Trap is Agent without request to take the initiative to send messages to the NMS Used to report some urgent and important event The default is...

Page 74: ...tatus SNMP ON SNMP Trap OFF 10 3 2 View the current state of SNMP In privileged user mode execute show snmp server to view the current state of SNMP Switch show snmp server 0 SNMP packets input 0 Bad...

Page 75: ...rk monitoring data Place the RMON detector in the network nodes network management platform decided what information these detectors Such as statistical information is monitored collecting historical...

Page 76: ...torical data for the administrator 10 4 1 3 Alarm group The alarm group is the third groups in the RMON At specified time intervals to monitor a specific MIB Management Information Base object When th...

Page 77: ...sion only supports Ethernet interface The index value should be an integer between 1 65535 Command Function Switch config if gigabitEthernet 0 1 rmon collection history index owner ownername buckets b...

Page 78: ...tion and last sampling and upper limit lower limit of difference comparison Value defines the upper limit lower limit value Event number When more than the upper limit or lower limit the triggering ev...

Page 79: ...conds to check port 6 received on the change of the number of unicast frame If received a unicast frame number than the last time check 30 seconds ago increased by 20 or more than 20 or more than the...

Page 80: ...rol Switch show rmon history control RMON history control entry index 1 Data source IfIndex 3 Buckets request 500 Buckets granted 1 Interval 600 Owner zhangsan Entry status Valid show rmon statistics...

Page 81: ...from the source port all input and output message copying a to the port of destination When the image flow of source port more than the destination port s bandwidth For example the 100Mbps destinatio...

Page 82: ...essage the message of the source MAC destination MAC VLAN ID and TTL changes as well the format of the message copy to the destination port will also change Bidirectional data flow Including the above...

Page 83: ...t gigabitEthernet 0 1 message to the mirror port gigabitEthernet 0 8 Show monitor session privilege commands are used to confirm the configuration was successful Switch config no monitor session 1 Swi...

Page 84: ...monitor privileges Switch show monitor session Session 1 Type Local Session Source interface Gi 0 1 BOTH Gi 0 1 Destination interface Gi 0 8 12 Configure the flow control based port 12 1 Storm Control...

Page 85: ...ol function enable state Switch show storm control interface unicast broadcast multicast action Gi 0 1 enable enable disable none Command Function Switch config if GigabitEthern et 0 1 storm control b...

Page 86: ...on isolated port can be normal communication When the two protection port to a SPAN port SPAN port to send or receive a frame can still image into the SPAN destination port Equipment support link aggr...

Page 87: ...he conversion for static configurationIn show running config can be seen in the configuration Save the configuration after the restart without having to learn these dynamic security address And if thi...

Page 88: ...y In interface configuration mode please configure port security and exception processing mode uses the following commands The following example illustrates the enable port security function interface...

Page 89: ...rnet 0 1 port security visitor ip address 1 1 1 3 mac address 0000 0000 0002 times 5 Description xxx Tip When the host match permit rule which is to permit the host biggest quantity is full can also a...

Page 90: ...ng command to check port security information The following example shows the port security of all address table information Switch show port security all IP address MAC address interface name bind co...

Page 91: ...escription 192 164 1 2 0012 0001 0002 Gi 0 5 VISITOR 50 49 13 Anti illegal DHCP Server 13 1 Summary DHCP is a dynamic protocol to assign IP addresses to the PC client dynamically It can be used for us...

Page 92: ...ort So we can put an end to the affect to other user that private set up illegal DHCP Server user caused 13 2 DHCP Snooping Configuration 13 2 1 Enabling DHCP Snooping Only after enabling the DHCP Sno...

Page 93: ...ort The following example is to configure DHCP Snooping trusted port Switch configure terminal Enter configuration commands one per line End with CTRL Z Switch config interface gigabitEthernet 0 1 Swi...

Page 94: ...ing information in privileged mode Command Function Switch show dhcp snooping Display DHCP Snooping information The following example is to display DHCP Snooping information Switch show dhcp snooping...

Page 95: ...Anti ARP Spoofing Configuration 14 2 1 Enable Anti ARP Spoofing Please use the following command to configure Anti ARP Spoofing in interface configuration mode Command Function Switch config if Gigabi...

Page 96: ...config link aggregation 1 Switch config link aggregation1 no arp inspection 14 3 View information of Anti ARP Spoofing Use the following command to view Anti ARP Spoofing information in Privileged mod...

Page 97: ...ss interface name tbl status 40 0001 7AD2 4D8C 192 168 100 1 Gi 0 4 AFFIRM 40 DDCC BBAA 4B79 0 0 0 1 Gi 0 4 ATTACK 40 0087 2380 9EA7 192 168 1 137 Gi 0 4 AFFIRM 40 C860 00E0 2B80 192 168 100 51 Gi 0 4...

Page 98: ...Configure the port rate limitation rate Committed Burst size Excess Burst size Below is the example to configure the Upstream Rate limitation Switch configure terminal Enter configuration commands on...

Page 99: ...itEthernet 0 1 no rate limit Below is the example to close the port Downstream Rate limitation Switch configure terminal Enter configuration commands one per line End with CTRL Z Switch config interfa...

Page 100: ...he traffic shape is not configured Gi 0 3 The traffic shape is not configured Gi 0 4 The traffic shape is not configured Gi 0 5 The traffic shape is not configured Gi 0 6 The traffic shape is not conf...

Page 101: ...fig loopback detection errdisable recover 30 Switch configure terminal Enter configuration commands one per line End with CTRL Z Switch config loopback detection enable Switch config loopback detectio...

Page 102: ...Switch show loopback detection Loopback detection is Runing on Detection interval time is 2 seconds Error Disable recover time is 60 seconds Interface Action State Gi 0 5 WARNING LINK_DOWN Gi 0 6 CON...

Page 103: ...7 2 configure access control Enter into global mode and configure access control Step 1 Command Function Switch config ip access list standard extended 0 9 10 19 Configuration list of access control S...

Page 104: ...matching rules of MAC data flow Step 3 Enter into standard IP rule table Switch config ip access list standard 9 and configure Command Function Switch config std ip nacl 0 permit any host sip Rule of...

Page 105: ...example for configure standard IP extended IP extended MAC Switch configure terminal Enter configuration commands one per line End with CTRL Z Switch config ip access list standard 0 Switch config st...

Page 106: ...e0 9 10 19 cancel extended IP access control list from table10 19 20 25 cancel extended mac access control list from table 20 25 Enter rule table Switch config ip access list extended 10 and delete ac...

Page 107: ...ist extended 10 1 deny tcp any any mac access list extended 20 mac access list extended 21 3 deny host 0012 0012 0012 any 18 File system Configuration 18 1 Overview Switch files containing several typ...

Page 108: ...Switch config fs cd word Enter directory word directory name The following example for input dir the default display Switch configure filesystem Switch config fs dir size date time name 0 JAN 01 1980...

Page 109: ...The Data of this dir will be lost if OS is deleted the system will hangup Please confirm to continue Yes No y Switch config fs...

Search results

Summary of Contents for GEP-2650

Reviews:

Related manuals for GEP-2650

Brands by name

Popular brands

LevelOne GEP-2650, User Manual

Search results

Summary of Contents for GEP-2650

Reviews:

Related manuals for GEP-2650

Brands by name

Popular brands