TP-Link JetStream T1500-28PCT User Manual Download Page 561

Page: 561 / 861

User Guide

538

Configuring AAA

AAA Configuration

Switch#configure
Switch(config)#tacacs-server host

192.168.0.20

auth-port

timeout

key

123456

Switch(config)#show tacacs-server

Server Ip Port Timeout Shared key
192.168.0.20 49 8 123456

Switch(config)#end
Switch#copy running-config startup-config

2.2.2 Configuring Server Groups

The switch has two built-in server groups, one for RADIUS and the other for . The

servers running the same protocol are automatically added to the default server group.

You can add new server groups as needed.
The two default server groups cannot be deleted or edited. Follow these steps to add a

server group:

Step 1

configure

Enter global configuration mode.

Step 2

aaa group {

radius | tacacs

}

group-name

Create a server group.

radius | tacacs:

Specify the group type.

group-name

Specify a name for the group.

Step 3

server

ip-address

Add the existing servers to the server group.

ip-address

Specify IP address of the server to be added to the group.

Step 4

show aaa group

[

group-name ]

Verify the configuration of server group.

Step 5

end

Return to privileged EXEC mode.

Step 6

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to create a RADIUS server group named RADIUS1 and

add the existing two RADIUS servers whose IP address is 192.168.0.10 and 192.168.0.20

to the group.

Switch#configure

Downloaded from

ManualsNet.com

search engine

Summary of Contents for JetStream T1500-28PCT

Page 1: ...User Guide Jetstream Smart Switches T1500G 8T TL SG2008 T1500 28PCT TL SL2428P TL SG2210MP TL SG2210P 1910012765 REV3 3 0 March 2020 Downloaded from ManualsNet com search engine...

Page 2: ...Login 11 SSH Login 12 Disable Telnet Login 16 Disable SSH Login 17 Copy running config startup config 17 Change the Switch s IP Address and Default Gateway 18 Managing System System 20 Overview 20 Sup...

Page 3: ...Configuring the Boot File 50 Restoring the Configuration of the Switch 52 Backing up the Configuration File 52 Upgrading the Firmware 53 Rebooting the switch 54 Reseting the Switch 55 Using the CLI 55...

Page 4: ...eme 84 Using the GUI 84 Using the CLI 87 Appendix Default Parameters 88 Managing Physical Interfaces Physical Interface 92 Overview 92 Supported Features 92 Basic Parameters Configurations 93 Using th...

Page 5: ...17 Configuring Static LAG or LACP 118 Configuration Example 122 Network Requirements 122 Configuration Scheme 122 Using the GUI 123 Using the CLI 124 Appendix Default Parameters 126 Managing MAC Addre...

Page 6: ...guration Example 147 Network Requirements 147 Configuration Scheme 147 Network Topology 148 Using the GUI 148 Using the CLI 151 Appendix Default Parameters 154 Configuring MAC VLAN Overview 156 MAC VL...

Page 7: ...ocol VLAN 178 Configuration Example 181 Network Requirements 181 Configuration Scheme 181 Using the GUI 183 Using the CLI 188 Appendix Default Parameters 193 Configuring GVRP Overview 195 GVRP Configu...

Page 8: ...s 235 Configuring Hosts to Statically Join a Group 236 Using the CLI 236 Configuring MLD Snooping Globally 236 Configuring MLD Snooping for VLANs 237 Configuring MLD Snooping for Ports 242 Configuring...

Page 9: ...rements 270 Configuration Scheme 270 Using the GUI 271 Using the CLI 273 Example for Configuring MVR 275 Network Requirements 275 Network Topology 275 Configuration Scheme 276 Using the GUI 276 Using...

Page 10: ...ters 314 Enabling STP RSTP Globally 316 MSTP Configurations 318 Using the GUI 318 Configuring Parameters on Ports in CIST 318 Configuring the MSTP Region 321 Configuring MSTP Globally 325 Verifying th...

Page 11: ...guring LLDP Globally 369 Configuring LLDP MED Globally 369 Configuring LLDP MED for Ports 370 Using the CLI 372 Global Config 372 Port Config 373 Viewing LLDP Settings 376 Using GUI 376 Viewing LLDP D...

Page 12: ...409 Using the CLI 410 Enabling DHCP L2 Relay 410 Configuring Option 82 for Ports 411 Configuration Examples 414 Example for DHCP VLAN Relay 414 Network Requirements 414 Configuration Scheme 414 Using...

Page 13: ...h Control Configuration 459 Using the GUI 459 Configuring Rate Limit 459 Configuring Storm Control 460 Using the CLI 461 Configuring Rate Limit 461 Configuring Storm Control 462 Voice VLAN Configurati...

Page 14: ...he GUI 506 Configuring the Access Control Feature 506 Configuring the HTTP Function 509 Configuring the HTTPS Function 511 Configuring the SSH Feature 514 Configuring the Telnet Function 515 Using the...

Page 15: ...ng the CLI 549 Appendix Default Parameters 552 Configuring 802 1x Overview 555 802 1x Configuration 556 Using the GUI 556 Configuring the RADIUS Server 556 Configuring 802 1x Globally 559 Configuring...

Page 16: ...Configuring Combined ACL Rule 596 Configuring the IPv6 ACL Rule 601 Configuring ACL Binding 605 Using the CLI 606 Configuring Time Range 606 Configuring ACL 606 Configuring Policy 615 Configuring ACL...

Page 17: ...he CLI 645 Adding IP MAC Binding Entries 645 Enabling ARP Detection 645 Configuring ARP Detection on Ports 646 Viewing ARP Statistics 648 IPv4 Source Guard Configuration 649 Using the GUI 649 Adding I...

Page 18: ...es 675 ND Detection Configuration 676 Using the GUI 676 Adding IPv6 MAC Binding Entries 676 Enabling ND Detection 676 Configuring ND Detection on Ports 677 Viewing ND Statistics 677 Using the CLI 678...

Page 19: ...ring Legal DHCPv4 Servers 698 Using the CLI 699 Configuring the Basic DHCPv4 Filter Parameters 699 Configuring Legal DHCPv4 Servers 701 DHCPv6 Filter Configuration 703 Using the GUI 703 Configuring th...

Page 20: ...he CPU 726 Using the GUI 726 Using the CLI 726 Monitoring the Memory 728 Using the GUI 728 Using the CLI 728 Monitoring Traffic Traffic Monitor 731 Using the GUI 731 Using the CLI 735 Appendix Default...

Page 21: ...or SNMP v3 762 Using the CLI 763 Enabling SNMP 763 Creating an SNMP View 765 Creating SNMP Communities For SNMP v1 v2c 766 Creating an SNMP Group For SNMPv3 767 Creating SNMP Users For SNMPv3 769 Noti...

Page 22: ...CLI 815 Diagnosing the Network 816 Using the GUI 816 Troubleshooting with Ping Testing 816 Troubleshooting with Tracert Testing 817 Using the CLI 818 Configuring the Ping Test 818 Configuring the Trac...

Page 23: ...Configuration Example 830 Network Requirements 830 Configuration Scheme 830 Using the GUI 830 Using the CLI 831 Appendix Default Parameters 832 Downloaded from ManualsNet com search engine...

Page 24: ...power budget is not guaranteed and will vary as a result of client limitations and environmental factors The information in this document is subject to change without notice Every effort has been mad...

Page 25: ...gress ingress rate is used to restrict ingress bandwidth bandwidth egress egress rate is used to restrict egress bandwidth bandwidth ingress ingress rate egress egress rate is used to restrict ingress...

Page 26: ...Part 1 Accessing the Switch CHAPTERS 1 Determine the Management Method 2 Web Interface Access 3 Command Line Interface Access Downloaded from ManualsNet com search engine...

Page 27: ...n the download center of our official website https www tp link com download center html Standalone Mode If you have a relatively small sized network and only one or just a small number of devices nee...

Page 28: ...tch is available 2 Launch a web browser The supported web browsers include but are not limited to the following types IE 8 0 9 0 10 0 11 0 Firefox 26 0 27 0 Chrome 32 0 33 0 3 Enter the switch s IP ad...

Page 29: ...figuration file and the start up configuration file After you perform configurations on the sub interfaces and click Apply the modifications will be saved in the running configuration file The configu...

Page 30: ...switch to accss a network you can configure the default gateway of the switch Only the computers in the management VLAN can access the management interface of the switch By default VLAN 1 owning all t...

Page 31: ...itch Web Interface Access Figure 2 7 Change the switch s IP address and default gateway 2 Enter the new IP address in the web browser to access the switch 3 Click to save the settings Downloaded from...

Page 32: ...ort connected directly Hyper Terminal Telnet RJ 45 port CMD SSH RJ 45 port Putty 3 1 Console Login only for switch with console port Follow these steps to log in to the switch via the Console port 1 C...

Page 33: ...r protect your network and devices 4 Enter enable to enter the User EXEC Mode to further configure the switch Figure 3 2 User EXEC Mode Note In Windows XP go to Start All Programs Accessories Communic...

Page 34: ...witch and the PC are in the same LAN Local Area Network Click Start and type in cmd in the Search bar and press Enter Figure 3 3 Open the cmd Window 2 Type in telnet 192 168 0 1 in the cmd window and...

Page 35: ...the following two modes Password Authentication Mode and Key Authentication Mode You can choose one according to your needs Password Authentication Mode Username and password are required which are bo...

Page 36: ...password to log in to the switch and you can continue to configure the switch Figure 3 9 Log In to the Switch Note The first time you log in change the password to better protect your network and dev...

Page 37: ...2 bits You can accelerate the key generation process by moving the mouse quickly and randomly in the Key section 2 After the keys are successfully generated click Save public key to save the public ke...

Page 38: ...d with the type of the key file In the above CLI v1 corresponds to SSH 1 RSA and v2 corresponds to SSH 2 RSA and SSH 2 DSA The key downloading process cannot be interrupted 4 After the public key is d...

Page 39: ...ame to log in If you can log in without entering the password the key authentication completed successfully Figure 3 15 Log In to the Switch Note The first time you log in change the password to bette...

Page 40: ...SH Config disable the SSH server and click Apply Figure 3 17 Shut down SSH server Using the CLI Switch configure Switch config no ip ssh server 3 6 Copy running config startup config The switch s conf...

Page 41: ...VLAN can access the management interface of the switch By default VLAN 1 owning all the ports is the management VLAN and you can access the switch via any port By default the system IP address is 192...

Page 42: ...ement Configurations 4 System Tools Configurations 5 EEE Configuration 6 PoE Configurations Only for Certain Devices 7 SDM Template Configuration 8 Time Range Configuration 9 Example for PoE Configura...

Page 43: ...re the configurations update the firmware reset the switch and reboot the switch EEE EEE Energy Efficient Ethernet is used to save power consumption of the switch during periods of low data activity Y...

Page 44: ...ving power from the PSE for example IP phones and access points According to whether PDs comply with IEEE standard they can be classified into standard PDs and non standard PDs Only standard PDs can b...

Page 45: ...mary Choose the menu SYSTEM System Info System Summary to load the System Summary page You can view the port status and system information of the switch Viewing the Port Status In the Port Status sect...

Page 46: ...e SFP port is at the speed of 100Mbps You can move your cursor to a port to view the detailed information of the port Figure 2 2 Port Information Port Information Indication Port Displays the port num...

Page 47: ...nfo Configurations Figure 2 3 Bnadwidth Utilization RX Displays the bandwidth utilization of receiving packets on this port TX Displays the bandwidth utilization of sending packets on this port Downlo...

Page 48: ...itch You can edit it on the Device Description page Device Location Displays the location of the switch You can edit it on the Device Description page Contact Information Displays the contact informat...

Page 49: ...ng Tree Displays whether Spanning Tree is enabled You can click Settings to jump to the Spanning Tree configuration page DHCP Relay Displays whether DHCP Relay is enabled You can click Settings to jum...

Page 50: ...the System Time In the Time Info section you can view the current time information of the switch Current System Time Displays the current date and time of the switch Current Time Source Displays how t...

Page 51: ...aylight Saving Time to load the following page Figure 2 7 Configuring the Daylight Saving Time Follow these steps to configure Daylight Saving Time 1 In the DST Config section enable the Daylight Savi...

Page 52: ...If you select Date Mode specify an absolute time range for the Daylight Saving Time of the switch This configuration will be used only one time Offset Specify the time to set the clock forward by Star...

Page 53: ...he interface Static Assign an IP address to the management interface DHCP Assign an IP address to the management interface through the DHCP server BOOTP Assign an IP address to the management interfac...

Page 54: ...n the management VLAN can access the management interface of the switch By default VLAN 1 owning all the ports is the management VLAN and you can access the switch via any port IPv6 Enable Enable the...

Page 55: ...a RA message With this option enabled the interface automatically generates a global address and other information according to the address prefix and other configuration parameters from the received...

Page 56: ...lifetime is the length of time that an IPv6 address is in the valid state When the valid lifetime expires the address become invalid and can be no longer usable Status Displays the status of the link...

Page 57: ...N A N A Disable Copper Gi1 0 3 LinkUp 1000M Full Disable Disable Copper Switch show system info System Description JetStream 48 Port Gigabit Smart Switch with 4 SFP Slots System Name T1500 28PCT Syst...

Page 58: ...m information including system Description Device Name Device Location System Contact Hardware Version Firmware Version System Time Run Time and so on Step 6 end Return to privileged EXEC mode Step 7...

Page 59: ...zone which ranges from UTC 12 00 to UTC 13 00 The detailed information of each time zone are displayed as follows UTC 12 00 TimeZone for International Date Line West UTC 11 00 TimeZone for Coordinate...

Page 60: ...ver Specify the IP address of the primary NTP server backup ntp server Specify the IP address of the backup NTP server fetching rate Specify the interval fetching time from the NTP server Step 3 Use t...

Page 61: ...following command to set the Daylight Saving Time in recurring mode system time dst recurring sweek sday smonth stime eweek eday emonth etime offset Specify the Daylight Saving Time in Recuring mode...

Page 62: ...g Time which ranges from 1 to 31 etime Enter the end time of Daylight Saving Time in the format of HH MM eyear Enter the end year of Daylight Saving Time offset Enter the offset of Daylight Saving Tim...

Page 63: ...AN ID Step 4 Automatically assign an IP Address and default gateway for the management interface via DHCP or BOOTP ip address alloc dhcp bootp Specify the IP Address assignment mode of the management...

Page 64: ...255 255 0 gateway 192 168 0 100 The connection will be interrupted and you should telnet to the switch s new IP address 192 168 0 10 C Users Administrator telnet 192 168 0 10 User admin Password admi...

Page 65: ...address via DHCPv6 server ipv6 address dhcp Enable the DHCPv6 Client function When this function is enabled the Layer 3 interface will try to obtain the IPv6 address from DHCPv6 server Manually config...

Page 66: ...ess fe80 20a ebff fe13 237b NOR Global Address RA Disable Global Address DHCPv6 Enable Global unicast address es ff02 1 ff13 237b Joined group address es ff02 1 ICMP error messages limited to one ever...

Page 67: ...You can also create more Admin accounts If you create Operator Power User or User accounts you need go to the AAA section to create an Enable Password If needed these types of users can use the Enabl...

Page 68: ...w all the settings of different functions Operator Operator can edit modify and view most of the settings of different functions Power User Power User can edit modify and view some of the settings of...

Page 69: ...ive privileges 3 2 Using the CLI There are four types of user accounts with different access levels Admin Operator Power User and User There is a default Admin account which cannot be deleted The defa...

Page 70: ...ration file After the encrypted password is configured you should use the corresponding unencrypted password to reenter this mode Use the following command to create an account MD5 encrypted user name...

Page 71: ...ric encrypted password with fixed length which you can copy from another switch s configuration file After the encrypted password is configured you should use the corresponding unencrypted password to...

Page 72: ...privileges The following example shows how to create a uesr with the access level of Operator set the username as user1 and password as 123 and set the enable password as abc123 Switch configure Switc...

Page 73: ...e Restore the configuration of the switch Back up the configuration file Upgrade the firmware Reboot the switch Reset the switch 4 1 Using the GUI 4 1 1 Configuring the Boot File Choose the menu SYSTE...

Page 74: ...t Startup Config Displays the current startup configuration Next Startup Config Specify the next startup configuration When the switch is powered on it will try to start up with the next startup confi...

Page 75: ...to reboot the switch after restoring is completed Only after the switch is rebooted will the imported configuration take effect 4 Click Import to import the configuration file Note It will take some t...

Page 76: ...he system Image Name Displays the image to upgrade The operation will only affect the image displayed here Follow these steps to upgrade the firmware of the switch 1 Click Browse and select the proper...

Page 77: ...hoose whether to save the current configuration before reboot 3 Click Reboot Configuring Reboot Schedule Choose the menu SYSTEM System Tools System Reboot Reboot Schedule to load the following page Fi...

Page 78: ...h 1 In the System Reset section select the desired unit 2 Choose whether to maintain the IP address of selected unit when resetting 3 Click Reset After reset all configurations of the switch will be r...

Page 79: ...e configuration file The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file...

Page 80: ...h IP address 192 168 0 100 Switch enable Switch copy tftp startup config ip address 192 168 0 100 filename file1 Start to load user config file Operation OK Now rebooting system 4 2 3 Backing up the C...

Page 81: ...ep 3 Enter Y to continue and then enter Y to reboot the switch with the backup image The following example shows how to upgrade the firmware using the configuration file named file3 bin The TFTP serve...

Page 82: ...the format of DD MM YYYY The date should be within 30 days save_before_reboot Save the configuration file before the switch reboots If no date is specified the switch will reboot according to the tim...

Page 83: ...ip To maintain the IP address when resetting the switch add this part to the command Follow these steps to disable the reset function of console port or reset button Step 1 configure Enter global con...

Page 84: ...Enable or disable EEE on the selected port s 3 Click Apply 5 1 Using the CLI Follow these steps to configure EEE Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port ra...

Page 85: ...figuration file The following example shows how to enable the EEE feature on port 1 0 1 Switch config Switch config interface gigabitEthernet 1 0 1 Switch config if eee Switch config if show interface...

Page 86: ...ith the PoE feature you can Configure the PoE parameters manually Configure the PoE parameters using the profile You can configure the PoE parameters one by one via configuring the PoE parameters manu...

Page 87: ...nfigure the basic PoE parameters 1 In the PoE Config section you can view the current PoE parameters System Power Limit W Displays the maximum power the PoE switch can supply System Power Consumption...

Page 88: ...he maximum power that the port can supply automatically Class1 The maximum power that the port can supply is 4 W Class2 The maximum power that the port can supply is 7 W Class3 The maximum power that...

Page 89: ...ys the port s real time power supply Current mA Displays the port s real time current Voltage V Displays the port s real time voltage PD Class Displays the class the linked PD belongs to Power Status...

Page 90: ...The following options are provided High Middle and Low When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensure stable running of other PDs P...

Page 91: ...profile to the corresponding ports 1 In the PoE Config section you can view the current PoE parameters System Power Limit W Displays the maximum power the PoE switch can supply System Power Consumptio...

Page 92: ...power exceeds the system power limit the switch will power off PDs on low priority ports to ensure stable running of other PDs Power Limit Displays the maximum power the corresponding port can supply...

Page 93: ...e PoE function By default it is enable Step 5 power inline priority low middle high Specify the PoE priority for the corresponding port low middle high Select the priority level for the corresponding...

Page 94: ...pecify the list of Ethernet ports in the format of 1 0 1 3 1 0 5 Step 11 end Return to privileged EXEC mode Step 12 copy running config startup config Save the settings in the configuration file The f...

Page 95: ...1 class2 class3 class4 Create a PoE profile for the switch In a profile the PoE status PoE priority and power limit are configured You can bind a profile to the corresponding port to quickly configure...

Page 96: ...ow power profile Verify the defined PoE profile Step 8 show power inline configuration interface fastEthernet port port list gigabitEthernet port port list ten gigabitEthernet port port list Verify th...

Page 97: ...gigabitEthernet 1 0 6 Switch config if power inline profile profile1 Switch config if show power inline configuration interface gigabitEthernet 1 0 6 Interface PoE Status PoE Prio Power Limit w Time R...

Page 98: ...e reboot Select Next Template Select the template that will be effective after the next reboot Default Select the template of default It gives balance to the IP ACL rules and MAC ACL rules EnterpriseV...

Page 99: ...ys the resource allocation of the default template enterpriseV4 Displays the resource allocation of the enterpriseV4 template enterpriseV6 Displays the resource allocation of the enterpriseV6 template...

Page 100: ...f IPV6 ACL Rules 0 number of IPV4 Source Guard Entries 253 number of IPV6 Source Guard Entries 0 Switch config sdm prefer enterpriseV4 Switch to enterpriseV4 tempale Changes to the running SDM prefere...

Page 101: ...to load the following page Figure 8 1 Configuring Time Range Follow these steps to add time range entries 1 In the Time Range Config section specify a name for the entry and select the Holiday mode N...

Page 102: ...ow will pop up Figure 8 2 Adding Period Time Configure the following parameters and click Create Date Specify the start date and end date of this time range Time Specify the start time and end time of...

Page 103: ...enu SYSTEM Time Range Holiday Config and click to load the following page Figure 8 4 Configuring Holiday Configure the following parameters and click Create to add a Holiday entry Holiday Name Specify...

Page 104: ...d date of this time range start date Specify the start date in the format MM DD YYYY end date Specify the end date in the format MM DD YYYY Step 5 periodic start start time end end time day of the wee...

Page 105: ...how time range Time range entry 12 Inactive Time range entry time1 Inactive holiday exclude number of time slice 1 01 10 01 2017 to 10 31 2017 08 00 to 20 00 on 1 2 Switch config time range end Switch...

Page 106: ...to create a holiday entry and set the entry name as holiday1 and set start date and end date as 07 01 and 09 01 Switch config Switch config holiday holiday1 start date 07 01 end date 09 01 Switch conf...

Page 107: ...P1 AP2 Switch A 9 2 Configuring Scheme To implement this requirement you can set a PoE time range as the office time for example from 08 30 to 18 00 on work days Then apply the settings to port 1 0 3...

Page 108: ...s User Guide 85 Figure 9 2 Creating Time Range 2 Click and the following window will pop up Set Date Time and Day of Week as the following figure shows Click Create Figure 9 3 Creating a Periodic Time...

Page 109: ...range Click Create Figure 9 4 Configuring Time Range 4 Choose the menu SYSTEM PoE PoE Config to load the following page Select port 1 0 3 and set the Time Range as OfficeTime Click Apply Figure 9 5 Co...

Page 110: ...the basic parameters for the port 1 0 3 and bind the time range office time to the port Switch_A config interface gigabitEthernet 1 0 3 Switch_A config if power inline supply enable Switch_A config i...

Page 111: ...le 10 3 Default Settings of Daylight Saving Time Configuration Parameter Default Setting DST status Disabled Default settings of User Management are listed in the following table Table 10 4 Default Se...

Page 112: ...nfiguration Parameter Default Setting PoE Config System Power Limit 192 0 W For T1500 28PCT 150 0 W For TL SG2210MP 58 0 W For TL SG2210P Port Config PoE Status Enabled PoE Priority Low Power Limit 0...

Page 113: ...endix Default Parameters Default settings of Time Range are listed in the following table Table 10 9 Default Settings of Time Range Configuration Parameter Default Setting Holiday Include Downloaded f...

Page 114: ...es CHAPTERS 1 Physical Interface 2 Basic Parameters Configurations 3 Port Isolation Configurations 4 Loopback Detection Configuration 5 Configuration Examples 6 Appendix Default Parameters Downloaded...

Page 115: ...This chapter introduces the configurations for physical interfaces 1 2 Supported Features The switch supports the following features about physical interfaces Basic Parameters You can configure port...

Page 116: ...figure the size of jumbo frames By default it is 1518 bytes Generally the MTU Maximum Transmission Unit size of a normal frame is 1518 bytes If you want the switch supports to transmit frames of which...

Page 117: ...ch gets overloaded it will send a PAUSE frame to notify the peer device to stop sending data for a specified period of time thus avoiding the packet loss caused by congestion By default it is disabled...

Page 118: ...ull half Duplex mode of the port The device connected to the port should be in the same speed and duplex mode with the port When auto is selected the duplex mode will be determined by auto negotiation...

Page 119: ...uplex auto Switch config if flow control Switch config if show interface configuration gigabitEthernet 1 0 1 Port State Speed Duplex FlowCtrl Description Gi1 0 1 Enable Auto Auto Enable router connect...

Page 120: ...tted by a port The isolated port can only send packets to the ports specified in its Forwarding Port List Choose the menu L2 FEATURES Switching Port Port Isolation to load the following page Figure 3...

Page 121: ...ommunicate with It is multi optional 3 Click Apply 3 2 Using the CLI Follow these steps to configure Port Isolation Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port...

Page 122: ...t port ten gigabitEthernet port port channel port channel Verify the Port Isolation configuration of the specified port Step 5 end Return to privileged EXEC mode Step 6 copy running config startup con...

Page 123: ...s enabled For detailed introductions about storm control refer to Configuring QoS Choose the menu L2 FEATURES Switching Port Loopback Detection to load the following page Figure 4 1 Configuring Loopba...

Page 124: ...the port Operation Mode Select the operation mode when a loopback is detected on the port Alert The Loop Status will display whether there is a loop detected on the corresponding port It is the defau...

Page 125: ...ten range gigabitEthernet port list port channel port channel range port channel port channel list Enter interface configuration mode Step 6 loopback detection Enable loopback detection for the port B...

Page 126: ...ction global Loopback detection global status enable Loopback detection interval 30s Loopback detection recovery time 3 intervals Switch config if end Switch copy running config startup config The fol...

Page 127: ...Host C Server 5 1 2 Configuration Scheme You can configure port isolation to implement the requirement Set port 1 0 4 as the only forwarding port for port 1 0 1 thus forbidding Host A to forward pack...

Page 128: ...page to load the following page Select port 1 0 1 as the port to be isolated and select port 1 0 4 as the forwarding port Click Apply Figure 5 3 Port Isolation Configuration 3 Select port 1 0 4 as th...

Page 129: ...nfig interface gigabitEthernet 1 0 1 Switch config if port isolation gi forward list 1 0 4 Switch config if exit Switch config interface gigabitEthernet 1 0 4 Switch config if port isolation gi forwar...

Page 130: ...rading the network performance To reduce the impacts of broadcast storms users need to detect loops in the network via Switch A and timely block the port on which a loop is detected Figure 5 5 Network...

Page 131: ...pply Figure 5 6 Global Configuration 3 In the Port Config section enable ports 1 0 1 3 select the operation mode as Port Based so that the port will be blocked when a loop is detected and keep the rec...

Page 132: ...ection Switch config if range loopback detection config process mode port based recovery mode auto Switch config if range end Switch copy running config startup config Verify the Configuration Verify...

Page 133: ...Type Copper For RJ45 Ports Fiber For SFP Ports Status Enabled Speed Auto For RJ45 Ports 1000M For SFP Ports Duplex Auto For RJ45 Ports Full For SFP Ports Flow Control Disabled Loopback Detection Loopb...

Page 134: ...Part 4 Configuring LAG CHAPTERS 1 LAG 2 LAG Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 135: ...the connection reliability 1 2 Supported Features You can configure LAG in two ways static LAG and LACP Link Aggregation Control Protocol Static LAG The member ports are manually added to the LAG LACP...

Page 136: ...nly If an active link fails the other active links share the bandwidth evenly One LACP LAG supports multiple member ports but at most eight of them can work simultaneously and the other member ports a...

Page 137: ...he destination MAC addresses of the packets SRC MAC DST MAC The computation is based on the source and destination MAC addresses of the packets SRC IP The computation is based on the source IP address...

Page 138: ...only one LAG mode Static LAG or LACP And make sure both ends of a link use the same LAG mode Configuring Static LAG Choose the menu L2 FEATURES Switching LAG Static LAG to load the following page Fig...

Page 139: ...ue means a higher priority To keep active ports consistent at both ends you can set the system priority of one device to be higher than that of the other device The device with higher priority will de...

Page 140: ...he port with a smaller port number has the higher priority Mode Select the LACP mode for the port In LACP the switch uses LACPDU Link Aggregation Control Protocol Data Unit to negotiate the parameters...

Page 141: ...n is based on the source and destination IP addresses of the packets Step 3 show etherchannel load balance Verify the configuration of load balancing algorithm Step 4 end Return to privileged EXEC mod...

Page 142: ...turn to privileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to add ports1 0 5 8 to LAG 2 and set the mode as stat...

Page 143: ...Step 4 channel group num mode active passive Add the port to an LAG and set the mode as LACP num The group ID of the LAG mode LAG mode Here you need to select LACP mode active or passive In LACP the s...

Page 144: ...DU sending mode as active Switch configure Switch config interface range gigabitEthernet 1 0 1 4 Switch config if range channel group 6 mode active Switch config if range show lacp internal Flags S De...

Page 145: ...ackup To avoid traffic bottleneck between the servers and Switch B you also need to configure LAG on them to increase link bandwidth Here we mainly introduce the LAG configuration between the two swit...

Page 146: ...on 2 Choose the menu L2 FEATURES Switching LAG LACP Config to load the following page In the Global Config section specify the system priority of Switch A as 0 and Click Apply Remember to ensure that...

Page 147: ...ange lacp port priority 0 Switch config if range exit 4 Add port 1 0 9 to LAG 1 and set the mode as LACP Then specify the port priority as 1 to set it as a backup port When any of the active ports is...

Page 148: ...el group 1 Port Flags State LACP Port Priority Admin Key Oper Key Port Number Port State Gi1 0 1 SA Down 0 0x1 0 0x1 0x45 Gi1 0 2 SA Down 0 0x1 0 0x2 0x45 Gi1 0 3 SA Down 0 0x1 0 0x3 0x45 Gi1 0 4 SA D...

Page 149: ...ettings of Switching are listed in the following tables Table 4 1 Default Settings of LAG Parameter Default Setting LAG Table Hash Algorithm SRC MAC DST MAC LACP Config System Priority 32768 Admin Key...

Page 150: ...Part 5 Managing MAC Address Table CHAPTERS 1 MAC Address Table 2 MAC Address Configurations 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 151: ...addresses and filtering addresses Address Configurations Dynamic address Dynamic addresses are addresses learned by the switch automatically and the switch regularly ages out those that are not in us...

Page 152: ...s Entries You can add static MAC address entries by manually specifying the desired MAC address or binding dynamic MAC address entries Adding MAC Addresses Manually Choose the menu L2 FEATURES Switchi...

Page 153: ...onnected port or the device has been changed the switch cannot forward the packets correctly Please reset the static address entry appropriately 2 Click Create Binding Dynamic Address Entries If some...

Page 154: ...e steps to modify the aging time of dynamic address entries 1 In the Aging Config section enable Auto Aging and enter your desired length of time Auto Aging Enable Auto Aging then the switch automatic...

Page 155: ...ss Specify the MAC address to be used by the switch to filter the received packets VLAN ID Specify an existing VLAN in which packets with the specific MAC address are dropped 2 Click Create Note In th...

Page 156: ...id interface fastEthernet port gigabitEthernet port ten gigabitEthernet port Bind the MAC address VLAN and port together to add a static address to the VLAN mac addr Enter the MAC address and packets...

Page 157: ...h MAC address 00 02 58 4f 6c 23 VLAN 10 and port 1 When a packet is received in VLAN 10 with this address as its destination the packet will be forwarded only to port 1 0 1 Switch configure Switch con...

Page 158: ...sed or updated Switch configure Switch config mac address table aging time 500 Switch config show mac address table aging time Aging time is 500 sec Switch config end Switch copy running config startu...

Page 159: ...iltering address 00 1e 4b 04 01 5d to VLAN 10 Then the switch will drop the packet that is received in VLAN 10 with this address as its source or destination Switch configure Switch config mac address...

Page 160: ...n the following tables Table 3 1 Entries in the MAC Address Table Parameter Default Setting Static Address Entries None Dynamic Address Entries Auto learning Filtering Address Entries None Table 3 2 D...

Page 161: ...Part 6 Configuring 802 1Q VLAN CHAPTERS 1 Overview 2 802 1Q VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 162: ...ithin its VLAN It reduces the influence of broadcast traffic in Layer 2 network to the whole network To enhance network security Devices from different VLANs cannot achieve Layer 2 communication and t...

Page 163: ...n 2802 1Q VLAN Configuration To complete 802 1Q VLAN configuration follow these steps 1 Configure the VLAN including creating a VLAN and adding the desired ports to the VLAN 2 Configure port parameter...

Page 164: ...Follow these steps to configure VLAN 1 Enter a VLAN ID and a description for identification to create a VLAN VLAN ID Enter a VLAN ID for identification with the values between 2 and 4094 VLAN Name Gi...

Page 165: ...om 1 to 4094 It is used mainly in the following two ways When the port receives an untagged packet the switch inserts a VLAN tag to the packet based on the PVID Ingress Checking Enable or disable Ingr...

Page 166: ...on Valid values are from 2 to 4094 for example 2 3 5 Step 3 name descript Optional Specify a VLAN description for identification descript The length of the description should be 1 to 16 characters Ste...

Page 167: ...tagged untagged Add ports to the specified VLAN vlan list Specify the ID or ID list of the VLAN s that the port will be added to The ID ranges from 1 to 4094 tagged untagged Select the egress rule for...

Page 168: ...de Step 3 switchport pvid vlan id Configure the PVID of the port s By default it is 1 vlan id The default VLAN ID of the port with the values between 1 and 4094 Step 4 switchport check ingress Enable...

Page 169: ...5 Switch config if switchport pvid 2 Switch config if switchport check ingress Switch config if switchport acceptable frame all Switch config if show interface switchport gigabitEthernet 1 0 5 Port G...

Page 170: ...h computers in the other department 3 2 Configuration Scheme Divide computers in Department A and Department B into two VLANs respectively so that computers can communicate with each other in the same...

Page 171: ...8 on Switch 2 Figure 3 1 Network Topology VLAN 10 VLAN 20 Host A1 Host A2 Host B1 Host B2 Switch 1 Switch 2 Fa1 0 2 Fa1 0 3 Fa1 0 4 Fa1 0 6 Fa1 0 7 Fa1 0 8 Demonstrated with T1500 28PCT the following...

Page 172: ...partment A 2 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 20 with the description of Department_B Add port 1 0 3 as an untagged port and po...

Page 173: ...3 3 Creating VLAN 20 for Department B 3 Choose the menu L2 FEATURES VLAN 802 1Q VLAN Port Config to load the following page Set the PVID of port 1 0 2 as 10 and click Apply Set the PVID of port 1 0 3...

Page 174: ...VLAN 20 for Department B and configure the description as Department B Switch_1 configure Switch_1 config vlan 10 Switch_1 config vlan name Department A Switch_1 config vlan exit Switch_1 config vlan...

Page 175: ...2 Switch_1 config if switchport pvid 10 Switch_1 config if exit Switch_1 config interface fastEthernet 1 0 3 Switch_1 config if switchport pvid 20 Switch_1 config if end Switch_1 copy running config s...

Page 176: ...onfig show interface switchport Port LAG Type PVID Acceptable frame type Ingress Checking Fa1 0 1 N A General 1 All Enable Fa1 0 2 N A General 10 All Enable Fa1 0 3 N A General 20 All Enable Fa1 0 4 N...

Page 177: ...x Default Parameters Default settings of 802 1Q VLAN are listed in the following table Table 4 1 Default Settings of 802 1Q VLAN Parameter Default Setting VLAN ID 1 PVID 1 Ingress Checking Enabled Acc...

Page 178: ...Part 7 Configuring MAC VLAN CHAPTERS 1 Overview 2 MAC VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 179: ...hen their access ports change The figure below shows a common application scenario of MAC VLAN Figure 1 1 Common Application Scenario of MAC VLAN Meeting Room 1 Laptop A Laptop B Meeting Room 2 Switch...

Page 180: ...other VLANs such as the protocol VLAN If there is a match the switch will forward the data packet Otherwise the switch will process the data packet according to the processing rule of the 802 1 Q VLA...

Page 181: ...lick Create Note One MAC address can be bound to only one VLAN 2 1 3 Enabling MAC VLAN for the Port By default MAC VLAN is disabled on all ports You need to enable MAC VLAN for your desired ports manu...

Page 182: ...Enter the ID number of the 802 1Q VLAN that will be bound to the MAC VLAN descript Specify the MAC address description for identification with up to 8 characters Step 3 show mac vlan all mac address...

Page 183: ...el port channel list Enter interface configuration mode Step 3 mac vlan Enable MAC VLAN for the port Step 4 show mac vlan interface Verify the configuration of MAC VLAN on each interface Step 5 end Re...

Page 184: ...Room 1 Laptop A 00 19 56 8A 4C 71 Laptop B 00 19 56 82 3B 70 Meeting Room 2 Switch 3 Fa1 0 3 Fa1 0 2 Fa1 0 2 Fa1 0 2 Gi1 0 1 Fa1 0 1 Fa1 0 5 Fa1 0 4 Switch 1 Switch 2 Server B VLAN 20 Server A VLAN 1...

Page 185: ...28PCT the following sections provide configuration procedure in two ways using the GUI and using the CLI 3 3 Using the GUI Configurations for Switch 1 and Switch 2 The configurations of Switch 1 and S...

Page 186: ...Figure 3 2 Creating VLAN 10 2 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 20 and add untagged port 1 0 1 and tagged port 1 0 2 to VLAN 20...

Page 187: ...cify the corresponding parameters and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20 Figure 3 4 Creating MAC VLAN 4 Choose the menu L2 FEAT...

Page 188: ...Port 5 Click to save the settings Configurations for Switch 3 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 and add untagged port 1 0 4...

Page 189: ...LAN Configuration Example Figure 3 6 Creating VLAN 10 2 Click Create to load the following page Create VLAN 20 and add untagged port 1 0 5 and tagged ports 1 0 2 3 to VLAN 20 Click Create Downloaded f...

Page 190: ...Switch 1 and Switch 2 The configurations of Switch 1 and Switch 2 are the same The following introductions take Switch 1 as an example 1 Create VLAN 10 for Department A and create VLAN 20 for Departm...

Page 191: ...nd bind the MAC address of Laptop B to VLAN 20 Switch_1 config mac vlan mac address 00 19 56 8A 4C 71 vlan 10 description PCA Switch_1 config mac vlan mac address 00 19 56 82 3B 70 vlan 20 description...

Page 192: ...allowed vlan 10 untagged Switch_3 config if exit Switch_3 config interface fastEthernet 1 0 5 Switch_3 config if switchport general allowed vlan 20 untagged Switch_3 config if end Switch_3 copy runni...

Page 193: ...tion Example VLAN Name Status Ports 1 System VLAN active Fa1 0 1 Fa1 0 2 Fa1 0 3 Fa1 0 4 Fa1 0 5 Fa1 0 6 Fa1 0 7 Fa1 0 8 10 DeptA active Fa1 0 2 Fa1 0 3 Fa1 0 4 20 DeptB active Fa1 0 2 Fa1 0 3 Fa1 0 5...

Page 194: ...pendix Default Parameters Default settings of MAC VLAN are listed in the following table Table 4 1 Default Settings of MAC VLAN Parameter Default Setting MAC Address None Description None VLAN ID None...

Page 195: ...Part 8 Configuring Protocol VLAN CHAPTERS 1 Overview 2 Protocol VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 196: ...Ns Since different applications and services use different protocols network administrators can use protocol VLAN to manage the network based on specific applications and services The figure below sho...

Page 197: ...packet If there is a match the switch will insert the corresponding VLAN tag to the data packet and forward it within the VLAN Otherwise the switch will forward the data packet to the default VLAN bas...

Page 198: ...template Frame Type Select the frame type of the new protocol template Ethernet II A common Ethernet frame format Select to specify the Frame Type by entering the Ether Type SNAP An Ethernet 802 3 fra...

Page 199: ...f the frame 2 Click Create Note A protocol template that is bound to a VLAN cannot be deleted 2 1 3 Configuring Protocol VLAN Choose the menu L2 FEATURES VLAN Protocol VLAN Protocol VLAN Group and cli...

Page 200: ...p 1 configure Enter global configuration mode Step 2 protocol vlan template name protocol name frame ether_2 ether type type snap ether type type llc dsap dsap_type ssap ssap_type Create a protocol te...

Page 201: ...col VLAN Follow these steps to configure protocol VLAN Step 1 configure Enter global configuration mode Step 2 show protocol vlan template Check the index of each protocol template Step 3 protocol vla...

Page 202: ...e settings in the configuration file The following example shows how to bind the IPv6 protocol template to VLAN 10 and add port 1 0 2 to protocol VLAN Switch configure Switch config show protocol vlan...

Page 203: ...figuring Protocol VLAN Protocol VLAN Configuration Index Protocol Name VID Priority Member 1 IPv6 10 5 Gi1 0 2 Switch config if end Switch copy running config startup config Downloaded from ManualsNet...

Page 204: ...sts access the network via Switch 1 Switch 2 is connected to two routers to access the IPv4 network and IPv6 network respectively The routers belong to VLAN 10 and VLAN 20 respectively Figure 3 1 Netw...

Page 205: ...ch and create the IPv6 protocol template 3 Bind the protocol templates to the corresponding VLANs to form protocol groups and add port 1 0 1 to the groups For Switch 1 configure 802 1Q VLAN according...

Page 206: ...nfigurations for Switch 1 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 and add untagged port 1 0 1 and untagged port 1 0 3 to VLAN 10...

Page 207: ...l VLAN Configuration Example 2 Click to load the following page Create VLAN 20 and add untagged ports 1 0 2 3 to VLAN 20 Click Create Figure 3 3 Create VLAN 20 3 Click to save the settings Downloaded...

Page 208: ...ions for Switch 2 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 and add tagged port 1 0 1 and untagged port 1 0 2 to VLAN 10 Click Crea...

Page 209: ...otocol VLAN Configuration Example 2 Click to load the following page Create VLAN 20 and add tagged port 1 0 1 and untagged port 1 0 3 to VLAN 20 Click Create Figure 3 5 Create VLAN 20 Downloaded from...

Page 210: ...rnet II frame type enter 86DD in the Ether Type field and click Create to create the IPv6 protocol template Tips The IPv4 protocol template is already provided by the switch You only need to create th...

Page 211: ...ion Example Figure 3 8 Configure the IPv4 Protocol Group Figure 3 9 Configure the IPv6 Protocol Group 6 Click to save the settings 3 4 Using the CLI Configurations for Switch 1 1 Create VLAN 10 and VL...

Page 212: ...0 2 Switch_1 config if switchport general allowed vlan 20 untagged Switch_1 config if exit Switch_1 config interface fastEthernet 1 0 3 Switch_1 config if switchport general allowed vlan 10 20 untagge...

Page 213: ...vlan 20 untagged Switch_2 config if exit 3 Create the IPv6 protocol template Switch_2 config protocol vlan template name IPv6 frame ether_2 ether type 86dd Switch_2 config show protocol vlan template...

Page 214: ...Switch 1 Verify 802 1Q VLAN configuration Switch_1 show vlan VLAN Name Status Ports 1 System VLAN active Fa1 0 1 Fa1 0 2 Fa1 0 3 Fa1 0 4 Gi1 0 25 Gi1 0 26 Gi1 0 27 Gi1 0 28 10 IPv4 active Fa1 0 1 Fa1...

Page 215: ...Protocol VLAN Configuration Example Verify protocol group configuration Switch_2 show protocol vlan vlan Index Protocol Name VID Priority Member 1 IP 10 0 Fa1 0 1 2 IPv6 20 0 Fa1 0 1 Downloaded from M...

Page 216: ...N are listed in the following table Table 4 1 Default Settings of Protocol VLAN Parameter Default Setting Protocol Template Table 1 IP Ethernet II ether type 0800 2 ARP Ethernet II ether type 0806 3 R...

Page 217: ...Part 9 Configuring GVRP CHAPTERS 1 Overview 2 GVRP Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 218: ...s sent from Switch A in VLAN 10 only when the network administrator has manually created VLAN 10 on Switch B and Switch C Figure 1 1 VLAN Topology Switch A Switch B VLAN 10 Switch C The configuration...

Page 219: ...gisters VLANs only when it receives GVRP messages As the messages can only be sent from one GVRP participant to another two way registration is required to configure a VLAN on all ports in a link To i...

Page 220: ...GVRP configuration It is multi optional Status Enable or disable GVRP on the port By default it is disabled Registration Mode Select the GVRP registration mode for the port Normal In this mode the po...

Page 221: ...registration A participant will send a Leave message if it wants other participants to deregister some of its attributes The participant receiving the message starts the Leave timer If the participant...

Page 222: ...hat the participant restarts the LeaveAll timer join Join timer controls the sending of Join messages A GVRP participant starts the Join timer after sending the first Join message If the participant d...

Page 223: ...ll should be greater than or equal to ten times the Leave value The value for Leave should be greater than or equal to two times the Join value The following example shows how to enable GVRP globally...

Page 224: ...Gi1 0 1 Switch 4 Dept B VLAN 20 Gi1 0 1 3 2 Configuration Scheme To reduce manual configuration and maintenance workload GVRP can be enabled to implement dynamic VLAN registration and update on the s...

Page 225: ...same as Switch 1 and Switch 4 are the same as Switch 2 Other switches share similar configurations The following configuration procedures take Switch 1 Switch 2 and Switch 5 as example Configurations...

Page 226: ...as Enable and set Registration Mode as Fixed Keep the values of the timers as default Click Apply Figure 3 3 GVRP Configuration 3 Click to save the settings Configurations for Switch 2 1 Choose the m...

Page 227: ...0 2 Choose the menu L2 FEATURES VLAN GVRP to load the following page Enable GVRP globally then click Apply Select port 1 0 1 set Status as Enable and set Registration Mode as Fixed Keep the values of...

Page 228: ...ings Configurations for Switch 5 1 Choose the menu L2 FEATURES VLAN GVRP to load the following page Enable GVRP globally then click Apply Select ports 1 0 1 3 set Status as Enable and keep the Registr...

Page 229: ...ilar configurations The following configuration procedures take Switch 1 Switch 2 and Switch 5 as example Configurations for Switch 1 1 Enable GVRP globally Switch_1 configure Switch_1 config gvrp 2 C...

Page 230: ...artment_B Switch_2 config vlan exit 3 Add tagged port 1 0 1 to VLAN 20 Enable GVRP on the port and set the registration mode as Fixed Switch_2 config interface gigabitEthernet 1 0 1 Switch_2 config if...

Page 231: ...1 0 1 Switch_1 show gvrp interface Port Status Reg Mode LeaveAll JoinIn Leave LAG Gi1 0 1 Enabled Fixed 1000 20 60 N A Gi1 0 2 Disabled Normal 1000 20 60 N A Switch 2 Verify the global GVRP configura...

Page 232: ...Global Status Enabled Verify GVRP configuration for ports 1 0 1 3 Switch_5 show gvrp interface Port Status Reg Mode LeaveAll JoinIn Leave LAG Gi1 0 1 Enabled Normal 1000 20 60 N A Gi1 0 2 Enabled Norm...

Page 233: ...P are listed in the following tables Table 4 1 Default Settings of GVRP Parameter Default Setting Global Config GVRP Disabled Port Config Status Disabled Registration Mode Normal LeaveAll Timer 1000 c...

Page 234: ...icast 2 IGMP Snooping Configuration 3 MLD Snooping Configuration 4 MVR Configuration 5 Multicast Filtering Configuration 6 Viewing Multicast Snooping Information 7 Configuration Examples 8 Appendix De...

Page 235: ...ogy not only transmits data with high efficiency but also saves a large bandwidth and reduces network load In practical applications Internet information provider can provide value added services such...

Page 236: ...each attached network and a timer for each membership Normally only one device acts as querier per physical network If there are more than one multicast router in the network a querier election proce...

Page 237: ...nts can dynamically join or leave the multicast VLAN without interfering with their relationships in other VLANs There are two types of MVR modes Compatible Mode In compatible mode the MVR switch does...

Page 238: ...IGMP Snooping takes effect only when it is enabled globally in the corresponding VLAN and port at the same time 2 1 Using the GUI 2 1 1 Configuring IGMP Snooping Globally Choose the menu L2 FEATURES M...

Page 239: ...ulticast MLD Snooping Global Config page at the same time Header Validation Enable or disable Header Validation By default it is disabled Generally for IGMP packets the TTL value should be 1 ToS field...

Page 240: ...hat port with a configured interval Last Member Query Interval and wait for IGMP group membership reports If there are other receivers connecting to the switch they will response to the queries before...

Page 241: ...oes not receive any IGMP general query message from a dynamic router port within the router port aging time the switch will no longer consider this port as a router port and delete it from the router...

Page 242: ...nooping Querier enabled specify the number of group specific queries to be sent If specified count of group specific queries are sent and no report message is received the switch will delete the multi...

Page 243: ...port IGMPv1 does not support fast leave Fast Leave can be enabled on a per port basis or per VLAN basis When enabled on a per port basis the switch will remove the port from the corresponding multicas...

Page 244: ...rts of the multicast group Multicast IP Specify the address of the multicast group that the hosts need to join VLAN ID Specify the VLAN that the hosts are in Member Ports Select the ports that the hos...

Page 245: ...sure MLD Snooping is enabled globally To enable MLD Snooping globally use the ipv6 mld snooping command in global configuration mode Step 5 ip igmp snooping header validation Optional Enable header va...

Page 246: ...configure IGMP Snooping for VLANs Step 1 configure Enter global configuration mode Step 2 ip igmp snooping vlan config vlan id list mtime member time Enable IGMP Snooping for the specified VLANs and...

Page 247: ...cond When the switch receives a leave message from a port to leave a multicast group it will wait for a leave time before removing the port from the multicast group During the period if the switch rec...

Page 248: ...on a VLAN the switch will remove the Multicast Group Port VLAN entry from the multicast forwarding table before forwarding the leave message to the querier This helps to reduce bandwidth waste since...

Page 249: ...interval Specify the interval between general query messages sent by the switch Valid values are from 10 to 300 seconds and the default value is 60 seconds ip addr Specify the source IP address of th...

Page 250: ...VLAN 1 and configure the query interval as 100 seconds the maximum response time as 15 seconds the last member query interval as 2 seconds the last member query count as 3 and the general query source...

Page 251: ...ave Optional Enable Fast Leave on the specified port Fast Leave can be enabled on a per port basis or per VLAN basis When enabled on a per port basis the switch will remove the port from the correspon...

Page 252: ...ally join a group Step 1 configure Enter global configuration mode Step 2 ip igmp snooping vlan config vlan id list static ip interface fastEthernet port list gigabitEthernet port list ten gigabitEthe...

Page 253: ...oping vlan config 2 static 239 1 2 3 interface gigabitEthernet 1 0 1 3 Switch config show ip igmp snooping groups static Multicast ip VLAN id Addr type Switch port 239 1 2 3 2 static Gi1 0 1 3 Switch...

Page 254: ...g Globally Follow these steps to configure MLD Snooping globally 1 In the Global Config section enable MLD Snooping and configure the Unknown Multicast Groups feature globally MLD Snooping Enable or d...

Page 255: ...nable MLD Snooping and configure the corresponding parameters for the VLANs that the router ports and the member ports are in Choose the menu L2 FEATURES Multicast MLD Snooping Global Config and click...

Page 256: ...the querier This helps to reduce bandwidth waste since the switch no longer sends the corresponding multicast streams to the VLAN of the port as soon as the port receives a done message from the VLAN...

Page 257: ...globally and in the VLAN Query Interval With MLD Snooping Querier enabled specify the interval between general query messages sent by the switch Maximum Response Time With MLD Snooping Querier enabled...

Page 258: ...there is only one receiver connected to the port MLD Snooping Enable or disable MLD Snooping for the port Fast Leave Enable or disable Fast Leave for the port Fast Leave can be enabled on a per port...

Page 259: ...1 Specify the multicast IP address VLAN ID Select the ports to be the static member ports of the multicast group Multicast IP Specify the IPv6 address of the multicast group that the hosts need to joi...

Page 260: ...py running config startup config Save the settings in the configuration file The following example shows how to enable MLD Snooping globally and the way how the switch processes multicast streams that...

Page 261: ...300 seconds Once the switch receives an MLD general query message from a port the switch adds this port to the router port list Router ports that are learned in this way are called dynamic router por...

Page 262: ...ponding multicast group That is if there are other receivers connecting to the switch the one sent done message have to wait until the port ages out from the switch s forwarding list of the correspond...

Page 263: ...fy the host s maximum response time to general query messages query interval interval Specify the interval between general query messages sent by the switch ip addr Specify the source IP address of th...

Page 264: ...as 100 seconds the maximum response time as 15 seconds the last listener query interval as 2 seconds the last listener query count as 3 and the general query source IP as FE80 1 Switch configure Switc...

Page 265: ...Leave can be enabled on a per port basis or per VLAN basis When enabled on a per port basis the switch will remove the port from the corresponding multicast group of all VLANs before forwarding the d...

Page 266: ...ip interface fastEthernet port list gigabitEthernet port list ten gigabitEthernet port list port channel lag list vlan id list Specify the ID or the ID list of the VLAN s ip Specify the IP address of...

Page 267: ...Layer 2 Multicast MLD Snooping Configuration Multicast ip VLAN id Addr type Switch port ff80 1234 01 2 static Gi1 0 1 3 Switch config end Switch copy running config startup config Downloaded from Man...

Page 268: ...ls can be enabled on a port at the same time When both are enabled MVR listens to the report and leave messages only for the multicast groups configured in MVR All other multicast groups are managed b...

Page 269: ...ticast VLAN Dynamic In this mode after receiving report or leave messages from the hosts the switch will forward them to the IGMP querier via the multicast VLAN with appropriate translation of the VLA...

Page 270: ...of the multicast groups MVR Group IP MVR Group Count Specify the start IP address and the number of contiguous series of multicast groups Multicast data sent to the address specified here will be sen...

Page 271: ...VR group is added successfully and the source port has received query messages from this multicast group Member Displays the member ports in this MVR group 4 1 4 Configuring MVR for the Port Choose th...

Page 272: ...ort is physically up and in one or more VLANs Active NotInVLAN The port is physically up and not in any VLAN Inactive InVLAN The port is physically down and in one or more VLANs Inactive NotInVLAN The...

Page 273: ...groups membership information from the switch You have to statically configure the IGMP querier to transmit all the required multicast streams to the switch via the multicast VLAN dynamic In this mod...

Page 274: ...ctive Show all inactive multicast group active Show all active multicast group Step 8 end Return to privileged EXEC mode Step 9 copy running config startup config Save the settings in the configuratio...

Page 275: ...port Step 4 mvr type source receiver Configure the MVR port type as receiver or source By default the port is a non MVR port If you attempt to configure a non MVR port with MVR characteristics the op...

Page 276: ...of the specified interface s show mvr members Show the membership information of all MVR groups Step 8 end Return to privileged EXEC mode Step 9 copy running config startup config Save the settings i...

Page 277: ...Gi1 0 2 Enable Receiver INACTIVE InVLAN Enable Gi1 0 3 Enable Receiver INACTIVE InVLAN Enable Gi1 0 7 Enable Source INACTIVE InVLAN Disable Switch config if range show mvr members MVR Group IP status...

Page 278: ...iles for both IPv4 and IPv6 network With multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources The process for creating multicast profi...

Page 279: ...9 Mode Select Permit or Deny as the filtering mode Permit Acts as a whitelist and only allows specific member ports to join specified multicast groups Deny Acts as a blacklist and prevents specific me...

Page 280: ...configure the number of multicast groups a port can join and the overflow action The process for configuring multicast filtering for ports in IPv4 and IPv6 are similar The following introductions take...

Page 281: ...icast groups the port has joined exceeds the maximum Drop Drop all subsequent membership report messages to prevent the port joining a new multicast groups Replace Replace the existing multicast group...

Page 282: ...5 show ip igmp profile id Show the detailed IGMP profile configuration Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration file T...

Page 283: ...be filtered start ip end ip Specify the start IP address and end IP address of the IP range Step 5 show ipv6 mld profile id Show the detailed MLD profile configuration Step 6 end Return to privileged...

Page 284: ...e the maximum number of multicast groups the port can join maxgroup Specify the maximum number of multicast groups the port can join Valid values are from is 1 to 511 Step 5 ip igmp snooping max group...

Page 285: ...s Gi1 0 2 Switch config if show ip igmp snooping interface gigabitEthernet 1 0 2 max groups Port Max Groups Overflow Action Gi1 0 2 50 Drops Switch config end Switch copy running config startup confi...

Page 286: ...ed MLD profile configuration show ipv6 mld snooping interface fastEthernet port list gigabitEthernet port list ten gigabitEthernet port list port channel port channel list max groups Show the multicas...

Page 287: ...ng Configuration Gi1 0 2 Switch config if show ipv6 mld snooping interface gigabitEthernet 1 0 2 max groups Port Max Groups Overflow Action Gi1 0 2 50 Drops Switch config end Switch copy running confi...

Page 288: ...id Multicast IP VLAN Port entries Multicast IP Displays the multicast source IP address VLAN ID Displays the ID of the VLAN the multicast group belongs to Source Displays the source of the multicast e...

Page 289: ...s on each port 1 To get the real time multicast statistics enable Auto Refresh or click Refresh Auto Refresh Enable or disable Auto Refresh When enabled the switch will automatically refresh the multi...

Page 290: ...all valid Multicast IP VLAN Port entries Multicast IP Displays the multicast source IP address VLAN ID Displays the ID of the VLAN the multicast group belongs to Source Displays the source of the mult...

Page 291: ...nable or disable Auto Refresh When enabled the switch will automatically refresh the multicast statistics Refresh Interval After Auto Refresh is enabled specify the time interval for the switch to ref...

Page 292: ...t port list packet stat Displays the packet statistics on specified ports or all ports clear ip igmp snooping statistics Clear all statistics of all IGMP packets 6 2 2 Viewing IPv6 Multicast Snooping...

Page 293: ...topology Host B Host C and Host D are connected to port 1 0 1 port 1 0 2 and port 1 0 3 respectively Port 1 0 4 is the router port connected to the multicast querier Figure 7 1 Network Topology for B...

Page 294: ...d using the CLI 7 1 3 Using the GUI 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 and add Untagged port 1 0 1 3 and Tagged port 1 0 4 t...

Page 295: ...e following page In the Global Config section enable IGMP Snooping globally Configure the IGMP version as v3 so that the switch can process IGMP messages of all versions Then click Apply Figure 7 4 Co...

Page 296: ...cast IGMP Snooping Port Config to load the following page Enable IGMP Snooping for ports 1 0 1 4 Figure 7 6 Enable IGMP Snooping for the Ports 6 Click to save the settings 7 1 4 Using the CLI 1 Create...

Page 297: ...tch config interface range fastEthernet 1 0 1 4 Switch config if range switchport pvid 10 Switch config if range exit 4 Enable IGMP Snooping globally Switch config ip igmp snooping 5 Enable IGMP Snoop...

Page 298: ...e VLAN 10 7 2 Example for Configuring MVR 7 2 1 Network Requirements Host B Host C and Host D are in three different VLANs of the switch All of them want to receive multicast streams sent to multicast...

Page 299: ...either MVR compatible mode or MVR dynamic mode When in compatible mode remember to statically configure the Querier to transmit the streams of multicast group 225 1 1 1 to the switch via the multicast...

Page 300: ...7 8 VLAN Configurations for Port 1 0 1 3 Figure 7 9 PVID for Port 1 0 1 3 2 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 40 and add port 1...

Page 301: ...t MVR MVR Config to load the following page Enable MVR globally and configure the MVR mode as Dynamic multicast VLAN ID as 40 Figure 7 11 Configure MVR Globally 4 Choose the menu L2 FEATURES Multicast...

Page 302: ...the settings 7 2 5 Using the CLI 1 Create VLAN 10 VLAN 20 VLAN 30 and VLAN 40 Switch configure Switch config vlan 10 20 30 40 Switch config vlan exit 2 Add port 1 0 1 3 to VLAN 10 VLAN 20 and VLAN 30...

Page 303: ...port pvid 40 Switch config if exit 3 Check whether port1 0 1 3 only belong to VLAN 10 VLAN 20 and VLAN 30 respectively If not delete them from the other VLANs By default all ports are in VLAN 1 so you...

Page 304: ...config if range exit Switch config interface fastEthernet 1 0 4 Switch config if mvr Switch config if mvr type source Switch config if exit 6 Save the settings Switch config end Switch copy running c...

Page 305: ...tch config show mvr members MVR Group IP Status Members 225 1 1 1 active Gi1 0 4 7 3 Example for Configuring Unknown Multicast and Fast Leave 7 3 1 Network Requirement A user experiences lag when he i...

Page 306: ...nds a leave message about leaving the previous channel With Fast Leave enabled on port 1 0 2 the switch will then drop multicast data from the previous channel which ensures that Host B only receives...

Page 307: ...TURES Multicast MLD Snooping Global Config page at the same time 3 In the IGMP VLAN Config section click in VLAN 10 to load the following page Enable IGMP Snooping for VLAN 10 Figure 7 16 Enable IGMP...

Page 308: ...s Discard globally Switch config ip igmp snooping drop unknown 3 Enable IGMP Snooping on port 1 0 2 and enable Fast Leave On port 1 0 4 enable IGMP Snooping Switch config interface fastEthernet 1 0 2...

Page 309: ...enable enable 7 4 Example for Configuring Multicast Filtering 7 4 1 Network Requirements Host B Host C and Host D are in the same subnet Host C and Host D only receive multicast data sent to 225 0 0...

Page 310: ...LAN 10 Querier Source Gi1 0 4 Gi1 0 2 Gi1 0 3 Gi1 0 1 Demonstrated with T1500 28PCT this section provides configuration procedures in two ways using the GUI and using the CLI 7 4 4 Using the GUI 1 Cre...

Page 311: ...ion Examples Figure 7 19 Enable IGMP Snooping Globally 3 In the IGMP VLAN Config section click in VLAN 10 to load the following page Enable IGMP Snooping for VLAN 10 Figure 7 20 Enable IGMP Snooping f...

Page 312: ...le IGMP Snooping on the Port 5 Choose the menu L2 FEATURES Multicast Multicast Filtering IPv4 Profile and click to load the following page Create Profile 1 specify the mode as Permit bind the profile...

Page 313: ...7 22 Configure Filtering Profile for Host C and Host D 6 Click again to load the following page Create Profile 2 specify the mode as Deny bind the profile to port 1 0 1 and specify the filtering mult...

Page 314: ...igure Switch config vlan 10 Switch config vlan name vlan10 Switch config vlan exit 2 Add port 1 0 1 3 to VLAN 10 and set the link type as untagged Add port 1 0 4 to VLAN 10 and set the link type as ta...

Page 315: ...gmp snooping Switch config if range exit 7 Create Profile 1 configure the mode as permit and add an IP range with both start IP and end IP being 225 0 0 1 Switch config ip igmp profile 1 Switch config...

Page 316: ...artup config Verify the Configurations Show global settings of IGMP Snooping Switch config show ip igmp snooping IGMP Snooping Enable IGMP Version V3 Enable Port Gi1 0 1 4 Enable VLAN 10 Show all prof...

Page 317: ...MP Snooping Disabled Fast Leave Disabled Report Suppression Disabled Member Port Aging Time 260 seconds Router Port Aging Time 300 seconds Leave Time 1 second IGMP Snooping Querier Disabled Query Inte...

Page 318: ...abled Report Suppression Disabled Member Port Aging Time 260 seconds Router Port Aging Time 300 seconds Leave Time 1 second MLD Snooping Querier Disabled Query Interval 60 seconds Maximum Response Tim...

Page 319: ...oup Settings MVR Group Entries None MVR Settings on the Port MVR Mode Disabled MVR Port Type None Fast Leave Disabled MVR Static Group Members MVR Static Group Member Entries None 8 4 Default Paramete...

Page 320: ...anning Tree CHAPTERS 1 Spanning Tree 2 STP RSTP Configurations 3 MSTP Configurations 4 STP Security Configurations 5 Configuration Example for MSTP 6 Appendix Default Parameters Downloaded from Manual...

Page 321: ...panning Tree Protocol provides the same features as STP Besides RSTP can provide much faster spanning tree convergence MSTP MSTP Multiple Spanning Tree Protocol also provides the fast spanning tree co...

Page 322: ...wed to be configured manually on the switch and the switch with the lowest priority value will be elected as the root bridge If the priority of the switches are the same the switch with the smallest M...

Page 323: ...ee function enabled Port Status Generally in STP the port status includes Blocking Listening Learning Forwarding and Disabled Blocking In this status the port receives and sends BPDUs The other packet...

Page 324: ...ort is enabled with spanning tree function but not connected to any device Path Cost The path cost reflects the link speed of the port The smaller the value the higher link speed the port has The path...

Page 325: ...to help determine the spanning tree topology 1 2 2 MSTP Concepts MSTP compatible with STP and RSTP has the same basic elements used in STP and RSTP Based on the networking topology this section will...

Page 326: ...nstance but one VLAN can be mapped to only one instance As Figure 1 4 shows VLAN 3 is mapped to instance 1 VLAN 4 and VLAN 5 are mapped to instance 2 the other VLANs are mapped to the IST IST The Inte...

Page 327: ...ay be lead to low speed links With root protect function enabled when the port receives higher priority BDPUs it will temporarily transit to blocking state After two times of forward delay if the port...

Page 328: ...used to announce changes in the network topology If a user maliciously sends a large number of TC BPDUs to a switch in a short period the switch will be busy with removing MAC address entries which ma...

Page 329: ...nning tree it s necessary to make clear the role that each switch plays in a spanning tree To avoid any possible network flapping caused by STP RSTP parameter changes it is recommended to enable STP R...

Page 330: ...g is Auto which means the port calculates the internal path cost automatically according to the port s link speed This parameter is only used in MSTP and you need not to configure it if the spanning t...

Page 331: ...with the root bridge Designated Port Indicates that the port is the designated port in the spanning tree It has the lowest path cost from the root bridge to this physical network segment and is used...

Page 332: ...lected as the root bridge in CIST Hello Time Specify the interval between BPDUs sending The default value is 2 The root bridge sends configuration BPDUs at an interval of Hello Time It works with the...

Page 333: ...orward Delay and Max Age conform to the following formulas 2 Hello Time 1 Max Age 2 Forward Delay 1 Max Age 2 In the Global Config section enable spanning tree function choose the STP mode as STP RSTP...

Page 334: ...f the local bridge The local bridge is the current switch Root Bridge Displays the bridge ID of the root bridge External Path Cost Displays the root path cost from the switch to the root bridge Region...

Page 335: ...ged 2 2 Using the CLI 2 2 1 Configuring STP RSTP Parameters on Ports Follow these steps to configure STP RSTP parameters on ports Step 1 configure Enter global configuration mode Step 2 interface fast...

Page 336: ...t auto open close Select the status of the P2P Point to Point link to which the ports are connected During the regeneration of the spanning tree if the port of P2P link is elected as the root port or...

Page 337: ...2 2 Configuring Global STP RSTP Parameters Follow these steps to configure global STP RSTP parameters of the switch Step 1 configure Enter global configuration mode Step 2 spanning tree priority pri...

Page 338: ...e to test the link failures and maintain the spanning tree max age Specify the value of Max Age It is the maximum time that the switch can wait without receiving a BPDU before attempting to regenerate...

Page 339: ...igure Enter global configuration mode Step 2 spanning tree mode stp rstp Configure the spanning tree mode as STP RSTP stp Specify the spanning tree mode as STP rstp Specify the spanning tree mode as R...

Page 340: ...dge is the root bridge Designated Bridge Priority 32768 Address 00 0a eb 13 12 ba Local Bridge Priority 32768 Address 00 0a eb 13 12 ba Interface State Prio Ext Cost Int Cost Edge P2p Mode Gi1 0 16 En...

Page 341: ...ing the spanning tree it s necessary to make clear the role that each switch plays in a spanning tree To avoid any possible network flapping caused by MSTP parameter changes it is recommended to enabl...

Page 342: ...t indicates the path cost of the port in spanning tree The port with the lowest root path cost will be elected as the root port of the switch For MSTP external path cost indicates the path cost of the...

Page 343: ...r that the MCheck status of the port will switch to Disabled Port Mode Displays the spanning tree mode of the port STP The spanning tree mode of the port is STP RSTP The spanning tree mode of the port...

Page 344: ...he switches with the same region name the same revision level and the same VLAN Instance mapping are considered as in the same region Besides configure the priority of the switch the priority and path...

Page 345: ...nstance ID Priority and corresponding VLAN ID Figure 3 4 Configuring the Instance Instance ID Enter the corresponding instance ID Priority Specify the priority for the switch in the corresponding inst...

Page 346: ...LAGs for configuration Priority Specify the Priority for the port in the corresponding instance The value should be an integral multiple of 16 ranging from 0 to 240 The port with lower value has the h...

Page 347: ...r master port Backup Port Indicates that the port is the backup port in the desired instance It is the backup of the designated port Master Port Indicates the port provides the lowest root path cost f...

Page 348: ...he higher priority In STP RSTP CIST priority is the priority of the switch in spanning tree The switch with the highest priority will be elected as the root bridge In MSTP CISP priority is the priorit...

Page 349: ...he new value When the hop reaches zero the switch will discard the BPDU This value can control the scale of the spanning tree in the MST region Note Max Hops is a parameter configured in MSTP You need...

Page 350: ...mmary information of CIST Spanning Tree Displays the status of the spanning tree function Spanning Tree Mode Displays the spanning tree mode Local Bridge Displays the bridge ID of the local switch The...

Page 351: ...ot Bridge Displays the bridge ID of the root bridge in the desired instance Internal Path Cost Displays the internal path cost It is the root path cost from the current switch to the regional root bri...

Page 352: ...in MSTP For MSTP internal path cost is used to calculate the path cost in IST The port with the lowest root path cost will be elected as the root port of the switch in IST portfast enable disable Ena...

Page 353: ...fig startup config Save the settings in the configuration file This example shows how to enable spanning tree function for port 1 0 3 and configure the port priority as 32 Switch configure Switch conf...

Page 354: ...nfiguration mode as to configure the VLAN Instance mapping region name and revision level Step 4 name name Configure the region name of the region name Specify the region name used to identify an MST...

Page 355: ...h config mst show spanning tree mst configuration Region Name R1 Revision 100 MST Instance Vlans Mapped 0 1 7 4094 5 2 6 Switch config mst end Switch copy running config startup config Configuring the...

Page 356: ...oot path cost will be elected as the root port of the switch Step 4 show spanning tree mst configuration digest instance instance id interface fastEthernet port gigabitEthernet port port channel lagid...

Page 357: ...lay Hello Time and Max Age forward time Specify the value of Forward Delay It is the interval between the port state transition from listening to learning The valid values are from 4 to 30 in seconds...

Page 358: ...urn to privileged EXEC mode Step 8 copy running config startup config Save the settings in the configuration file Note To prevent frequent network flapping make sure that Hello Time Forward Delay and...

Page 359: ...ormation of MSTP Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file This example shows how to configure the spanning tree m...

Page 360: ...Gi 0 16 Enable 128 200000 200000 No Yes auto Mstp Altn Blk Gi 0 20 Enable 128 200000 200000 No Yes auto Mstp Root Fwd MST Instance 1 Root Bridge Priority 32768 Address 00 0a eb 13 12 ba Local bridge i...

Page 361: ...unit or LAGs for configuration Loop Protect Enable or disable Loop Protect It is recommended to enable this function on root ports and alternate ports When there are link congestions or link failures...

Page 362: ...er after receiving the first TC BPDU then it will restart timing BPDU Protect Enable or disable the BPDU Protect function It is recommended to enable this function on edge ports Edge ports in spanning...

Page 363: ...ly transit to blocking state when it receives higher priority BDPUs After two forward delays if the port does not receive any other higher priority BDPUs it will transit to its normal state Step 5 spa...

Page 364: ...id Specify the ID of the LAG Step 10 end Return to privileged EXEC mode Step 11 copy running config startup config Save the settings in the configuration file This example shows how to enable Loop Pro...

Page 365: ...s the default path cost of the port is 200000 It is required that traffic in VLAN 101 VLAN 103 and traffic in VLAN 104 VLAN 106 should be transmitted along different paths Figure 5 1 Network Topology...

Page 366: ...f Switch C as 0 to set it as the root bridge in instance 2 5 Configure the path cost to block the specified ports For instance 1 set the path cost of port 1 0 1 of Switch A to be greater than the defa...

Page 367: ...ollowing page Enable spanning tree function on port 1 0 1 and port 1 0 2 Here we leave the values of the other parameters as default settings Click Apply Figure 5 4 Enable Spanning Tree Function on Po...

Page 368: ...d set the priority as 32768 map VLAN104 VLAN106 to instance 2 and set the priority as 32768 Click Create Figure 5 6 Configuring the VLAN Instance Mapping 5 Choose the menu L2 FEATURES Spanning Tree MS...

Page 369: ...owing page Enable MSTP function globally here we leave the values of the other global parameters as default settings Click Apply Figure 5 8 Configure the Global MSTP Parameters of the Switch 2 Choose...

Page 370: ...g page Set the region name as 1 and the revision level as 100 Click Apply Figure 5 10 Configuring the Region 4 Choose the menu L2 FEATURES Spanning Tree MSTP Instance Instance Config Map VLAN101 VLAN1...

Page 371: ...selected as the designated port Figure 5 12 Configure the Path Cost of Port 1 0 2 in Instance 2 6 Click to save the settings Configurations for Switch C 1 Choose the menu L2 FEATURES Spanning Tree STP...

Page 372: ...tion on Ports 3 Choose the menu Spanning Tree MSTP Instance Region Config to load the following page Set the region name as 1 and the revision level as 100 Click Apply Figure 5 15 Configuring the Regi...

Page 373: ...0000 Switch config if exit Switch config interface gigabitEthernet 1 0 2 Switch config if spanning tree Switch config if exit 3 Configure the region name as 1 the revision number as 100 map VLAN101 VL...

Page 374: ...h B in instance 1 as 0 to set it as the root bridge in instance 1 Switch config spanning tree mst configuration Switch config mst name 1 Switch config mst revision 100 Switch config mst instance 1 vla...

Page 375: ...ch config mst instance 1 vlan 101 103 Switch config mst instance 2 vlan 104 106 Switch config mst exit Switch config spanning tree mst instance 2 priority 0 Switch config end Switch copy running confi...

Page 376: ...Priority 0 Address 3c 46 d8 9d 88 f7 Internal Cost 200000 Root Port 2 Designated Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Local Bridge Priority 32768 Address 00 0a eb 13 23 97 Interface Prio Cost...

Page 377: ...Gi1 0 2 128 200000 Desg Fwd Verify the configurations of Switch B in instance 2 Switch config show spanning tree mst instance 2 MST Instance 2 Root Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Interna...

Page 378: ...ted Bridge Priority 0 Address 00 0a eb 13 12 ba Local Bridge Priority 32768 Address 3c 46 d8 9d 88 f7 Interface Prio Cost Role Status Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128 200000 Root Fwd Verify the...

Page 379: ...Spanning Tree Configuration Example for MSTP Local Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Interface Prio Cost Role Status Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128 200000 Desg Fwd Downloaded from M...

Page 380: ...sabled Mode STP CIST Priority 32768 Hello Time 2 seconds Max Age 20 seconds Forward Delay 15 seconds Tx Hold Count 5 pps Max Hops 20 hops Table 6 2 Default Settings of the Port Parameters Parameter De...

Page 381: ...g Priority 32768 Port Priority 128 Path Cost Auto Table 6 4 Default Settings of the STP Security Parameter Default Setting Loop Protect Disabled Root Protect Disabled TC Guard Disabled BPDU Protect Di...

Page 382: ...LLDP CHAPTERS 1 LLDP 2 LLDP Configurations 3 LLDP MED Configurations 4 Viewing LLDP Settings 5 Viewing LLDP MED Settings 6 Configuration Example 7 Appendix Default Parameters Downloaded from ManualsNe...

Page 383: ...ice to access the network VoIP devices can use LLDP MED for auto configuration to minimize the configuration effort 1 2 Supported Features The switch supports LLDP and LLDP MED LLDP allows the local d...

Page 384: ...follow the steps 1 Configure the LLDP feature globally 2 Configure the LLDP feature for the port 2 1 Using the GUI 2 1 1 Configuring LLDP Globally Choose the L2 FEATURES LLDP LLDP Config Global Confi...

Page 385: ...discarding it The default value is 4 TTL Hold Multiplier Transmit Interval Transmit Delay Specify the amount of delay from when Admin Status of ports becomes Disable until reinitialization will be att...

Page 386: ...s and receives LLDP packets Rx_Only The port only receives LLDP packets Tx_Only The port only transmits LLDP packets Disable The port will not transmit LLDP packets or drop the received LLDP packets N...

Page 387: ...of the VLAN which the port is in LA Used to advertise whether the link is capable of being aggregated whether the link is currently in an aggregation and the port ID when it is in an aggregation PS Us...

Page 388: ...kets that are periodically sent from the local device to its neighbors tx delay Specify the amount of time that the local device waits before sending another LLDP packet to its neighbors The default i...

Page 389: ...atus Notification Mode and the TLVs included in the LLDP packets Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port r...

Page 390: ...ample shows how to configure the port 1 0 1 The port can receive and transmit LLDP packets its notification mode is enabled and the outgoing LLDP packets include all TLVs Switch configure Switch confi...

Page 391: ...onfigurations Port VLAN ID Yes Protocol VLAN ID Yes VLAN Name Yes Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes Switch config if end Switch copy running config startup config Downlo...

Page 392: ...onfigure the LLDP parametres for the ports For the details of LLDP configuration refer to LLDP Configuration 3 1 1 Configuring LLDP MED Globally Choose the menu L2 FEATURES LLDP Config LLDP MED Config...

Page 393: ...2 FEATURES LLDP LLDP MED Config Port Config to load the following page Figure 3 2 LLDP MED Port Config Follow these steps to enable LLDP MED 1 Select the desired port and enable LLDP MED Click Apply 2...

Page 394: ...ocation Identification Parameters section Extended Power Via MDI Used to advertise the detailed PoE information including power supply priority and supply status between LLDP MED Endpoint devices and...

Page 395: ...l Specify the number of successive LLDP MED frames that the local device sends when fast start mechanism is activated When the fast start mechanism is activated the local device will send the specifie...

Page 396: ...nfigure the LLDP MED TLVs included in the outgoing LLDP packets By default the outgoing LLDP packets include all TLVs If LLDP MED Location TLV is selected configure the parameters as follows lldp med...

Page 397: ...med fast count 4 Switch config interface gigabitEthernet 1 0 1 Switch config if lldp med status Switch config if lldp med tlv select all Switch config if show lldp interface gigabitEthernet 1 0 1 LLDP...

Page 398: ...uide 375 LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch config end Switch copy running config startup conf...

Page 399: ...apter introduces how to view the LLDP settings on the local device 4 1 Using GUI 4 1 1 Viewing LLDP Device Info Viewing the Local Info Choose the menu L2 FEATURES LLDP LLDP Config Local Info to load t...

Page 400: ...e local device System Description Displays the system description of the local device System Capabilities Supported Displays the supported capabilities of the local system System Capabilities Enabled...

Page 401: ...vice OperMau Displays the OperMau Optional Mau field of the TLV configured by the local device Link Aggregation Supported Displays whether the local device supports link aggregation Link Aggregation E...

Page 402: ...ording to your needs Click Apply 2 In the Neighbor Info section select the desired port and view its associated neighbor device information System Name Displays the system name of the neighbor device...

Page 403: ...global statistics of the local device Last Update Displays the time when the statistics updated Total Inserts Displays the total number of neighbors during latest update time Total Deletes Displays t...

Page 404: ...cards Displays the total number of the TLVs discarded by the port when receiving LLDP packets TLV Unknowns Displays the total number of the unknown TLVs included in the received LLDP packets 4 2 Using...

Page 405: ...DP MED Settings 5Viewing LLDP MED Settings 5 1 Using GUI Choose the menu L2 FEATURES LLDP LLDP MED Config Local Info to load the following page Viewing the Local Info Figure 5 1 LLDP MED Local Info Do...

Page 406: ...plays the Layer 2 priority used in the specific application Media Policy DSCP Displays the DSCP value used in the specific application Location Data Format Displays the Location ID data format of the...

Page 407: ...Follow these steps to view LLDP MED neighgbor information 1 In the Auto Refresh section enable the Auto Refresh feature and set the Refresh Rate according to your needs Click Apply 2 In the Neighbor...

Page 408: ...the ports on the local device Viewing the Neighbor Info show lldp neighbor information interface fastEthernet port gigabitEthernet port ten gigabitEthernet port Display the information of the neighbor...

Page 409: ...DP Network Topology Fa1 0 1 Fa1 0 2 Switch A Switch B PC 6 3 Configuration Scheme LLDP can meet the network requirements Enable the LLDP feature globally on Switch A and Switch B Configure the related...

Page 410: ...fig to load the following page Set the Admin Status of port Fa1 0 1 as Tx Rx enable Notification Mode and configure all the TLVs included in the outgoing LLDP packets Figure 6 3 LLDP Port Config 6 5 U...

Page 411: ...ets Switch_A configure Switch_A config interface fastEthernet 1 0 1 Switch_A config if lldp receive Switch_A config if lldp transmit Switch_A config if lldp snmp trap Switch_A config if lldp tlv selec...

Page 412: ...em Name Yes Management Address Yes Port VLAN ID Yes Protocol VLAN ID Yes VLAN Name Yes Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes LLDP MED Status Disabled TLV Status Network Poli...

Page 413: ...gement address type ipv4 Management address 192 168 0 226 Management address interface type IfIndex Management address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLA...

Page 414: ...ion type Reserved Unknown policy Yes Tagged No VLAN ID 0 Layer 2 Priority 0 DSCP 0 Location Data Format Civic Address LCI What Switch Country Code CN Power Type PSE Device Power Source Primary Power P...

Page 415: ...JetStream 48 Port Gigabit Smart PoE Switch with 4 SFP Slots System capabilities supported Bridge Router System capabilities enabled Bridge Router Management address type ipv4 Management address 192 16...

Page 416: ...393 Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Power port class PSE PSE power supported Yes PSE power enabled No PSE pairs control ability No Maximum frame size...

Page 417: ...al 30 seconds Hold Multiplier 4 Transmit Delay 2 seconds Reinitialization Delay 2 seconds Notification Interval 5 seconds Fast Start Repeat Count 3 Table 7 2 Default LLDP Settings on the Port Paramete...

Page 418: ...t 13 Configuring DHCP Service CHAPTERS 1 DHCP 2 DHCP Relay Configuration 3 DHCP L2 Relay Configuration 4 Configuration Examples 5 Appendix Default Parameters Downloaded from ManualsNet com search engi...

Page 419: ...s in different LANs can share one DHCP server DHCP Relay includes three features Option 82 and DHCP VLAN Relay Option 82 Option 82 is called the DHCP Relay Agent Information Option It provides additio...

Page 420: ...gs Type Hex Length Hex Value Format Remote ID Customization Normal TLV Disabled 00 06 Default remote ID Enabled 01 Length of the customized remote ID Customized remote ID Private Only the value Disabl...

Page 421: ...lients and the VLANs that the clients belong to and the remote ID records the MAC address of the DHCP relay agent That is the two sub options together record the location of the clients To record the...

Page 422: ...In DHCP L2 Relay in addition to normally assigning IP addresses to clients from the DHCP server the switch can inform the DHCP server of some specified information such as the location information of...

Page 423: ...1 Using the GUI 2 1 1 Enabling DHCP Relay and Configuring Option 82 Choose the menu L3 FEATURES DHCP Service DHCP Relay DHCP Relay Config to load the following page Figure 2 1 Enable DHCP Relay and C...

Page 424: ...that include the Option 82 field Keep The switch keeps the Option 82 field of the packets Replace The switch replaces the Option 82 field of the packets with a new one The switch presets a default cir...

Page 425: ...faces Choose the menu L3 FEATURES DHCP Service DHCP Relay DHCP VLAN Relay to load the following page Figure 2 2 Configure DHCP VLAN Relay Follow these steps to specify DHCP Server for the specific VLA...

Page 426: ...count is more than the value you set here the packet will be dropped hops Specify the maximum hops for DHCP packets Valid values are from the 1 to 16 and the default value is 4 Step 4 ip dhcp relay ti...

Page 427: ...tch config ip dhcp relay time 10 DHCP relay state enabled DHCP relay hops 5 DHCP relay Time Threshold 10 seconds Switch config end Switch copy running config startup config 2 2 2 Optional Configuring...

Page 428: ...ible with each other The default circuit ID is a 4 byte value which consists of 2 byte VLAN ID and 2 byte Port ID The VLAN ID indicates which VLAN the DHCP client belongs to and the Port ID indicates...

Page 429: ...startup config 2 2 3 Configuring DHCP VLAN Relay Follow these steps to configure DHCP VLAN Relay Step 1 configure Enter Global Configuration Mode Step 2 Enter VLAN Interface Configuration Mode interfa...

Page 430: ...d configure the DHCP server address as 192 168 1 8 on VLAN 10 Switch configure Switch config interface vlan 1 Switch config if ip dhcp relay default interface Switch config if exit Switch config ip dh...

Page 431: ...Service DHCP L2 Relay Global Config to load the following page Figure 3 1 Enable DHCP L2 Relay Follow these steps to enable DHCP L2 Relay globally for the specified VLAN 1 In the Global Config section...

Page 432: ...same DHCP server Option 82 Policy Select the operation for the switch to take when receiving DHCP packets that include the Option 82 field Keep The switch keeps the Option 82 field of the packets Rep...

Page 433: ...mpatible with each other Remote ID Customization Enable or disable Remote ID Customization Enable it if you want to manually configure the remote ID Otherwise the switch uses its own MAC address as th...

Page 434: ...cp l2relay information option Enable the Option 82 feature on the port Step 4 ip dhcp l2relay information strategy keep replace drop Specify the operation for the switch to take when receiving DHCP pa...

Page 435: ...ver should be compatible with each other string Enter the remote ID with up to 64 characters Step 8 show ip dhcp l2relay information interface fastEthernet port gigabitEthernet port port channel port...

Page 436: ...Configuring DHCP Service DHCP L2 Relay Configuration User Guide 413 Switch config if end Switch copy running config startup config Downloaded from ManualsNet com search engine...

Page 437: ...pology for DHCP VLAN Relay DHCP Server 192 168 0 59 24 VLAN 20 VLAN 10 Marketing Dept R D Dept DHCP Relay Agent 192 168 0 1 Gi1 0 1 Gi1 0 2 4 1 2 Configuration Scheme In the given situation the DHCP s...

Page 438: ...following sections provide configuration procedures in two ways using the GUI and using the CLI 4 1 3 Using the GUI Configuring the DHCP Server 1 Choose the menu L3 FEATURES DHCP Service DHCP Server D...

Page 439: ...Ns on the Relay Agent 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 for the Marketing department and add port 1 0 1 as untagged port to...

Page 440: ...DHCP VLAN Relay on the Relay Agent 1 Choose the menu L3 FEATURES DHCP Service DHCP Relay DHCP Relay Config to load the following page In the Global Config section enable DHCP Relay and click Apply Fi...

Page 441: ...d VLAN 20 Figure 4 8 Specify DHCP Server for Interface VLAN 10 Figure 4 9 Specify DHCP Server for Interface VLAN 20 4 Click to save the settings 4 1 4 Using the CLI Configurting the DHCP Server 1 Enab...

Page 442: ...witch config vlan 20 Switch config vlan name RD Switch config vlan exit Switch config interface gigabitEthernet 1 0 2 Switch config if switchport general allowed vlan 20 untagged Switch config if exit...

Page 443: ...lan Helper address VLAN 10 192 168 0 59 VLAN 20 192 168 0 59 4 2 Example for Option 82 in DHCP Relay 4 2 1 Network Requirements As the following figure shows there are two groups of computers Group 1...

Page 444: ...P addresses of different address pools to the computers in different groups The overview of the configurations are as follows 1 Configuring Switch A a Configure 802 1Q VLAN Add all computers to VLAN 2...

Page 445: ...ure 4 11 Enable DHCP Relay 2 In the Option 82 Config section select port 1 0 1 and port 1 0 2 enable Option 82 Support and set Option 82 Policy as Replace You can configure other parameters according...

Page 446: ...Follow these steps to configure DHCP relay and enable Option 82 in DHCP Relay on Switch A 1 Enable DHCP Relay Switch configure Switch config service dhcp relay 2 Enable Option 82 for port 1 0 1 and p...

Page 447: ...config if exit 4 Specify the DHCP server for the interface VLAN 2 Switch config ip dhcp relay vlan 2 helper address 192 168 0 59 Switch config end Switch copy running config startup config 5 Verify th...

Page 448: ...HCP classes to identify the Option 82 payloads of DHCP request packets from Group 1 and Group 2 respectively In this example the DHCP relay agent uses the default circuit ID and remote ID in TLV forma...

Page 449: ...ters 192 168 0 1 option subnet mask 255 255 255 0 option domain name servers 192 168 0 59 option domain name example com default lease time 600 max lease time 7200 authoritative pool range 192 168 0 5...

Page 450: ...e PCs in different groups The overview of the configurations are as follows 1 Configuring Switch A a Enable DHCP L2 Relay globally and on VLAN 1 b Configure Option 82 on ports 1 0 1 and 1 0 2 Demonstr...

Page 451: ...click Apply Figure 4 16 Enabling DHCP L2 Relay 2 Choose the menu L3 FEATURES DHCP Service DHCP L2 Relay Port Config to load the following page Select port 1 0 1 enable Option 82 Support and select Op...

Page 452: ...config ip dhcp l2relay vlan 1 2 On port 1 0 1 enable Option 82 and select Option 82 Policy as Replace You can configure other parameters according to your needs In this example keep Format as Normal a...

Page 453: ...ernet 1 0 1 Interface Option 82 Status Operation Strategy Format Circuit ID Gi1 0 1 Enable Replace Normal Group1 Switch show ip dhcp l2relay information interface gigabitEthernet 1 0 1 Interface Optio...

Page 454: ...f the Linux ISC DHCP Server is ddns update style interim ignore client updates Create two classes to match the pattern of Option 82 in DHCP request packets from Group 1 and Group 2 respectively The ag...

Page 455: ...option domain name example com default lease time 600 max lease time 7200 authoritative pool range 192 168 10 100 192 168 10 150 allow members of Group1 pool range 192 168 10 151 192 168 10 200 allow...

Page 456: ...y Time Threshold 0 Option 82 Configuration Option 82 Support Disabled Option 82 Policy Keep Format Normal Circuit ID Customization Disabled Circuit ID None Remote ID Customization Disabled Remote ID N...

Page 457: ...s Parameter Default Setting VLAN Status Disabled Port Config Option 82 Support Disabled Option 82 Policy Keep Format Normal Circuit ID Customization Disabled Circuit ID None Remote ID Customization Di...

Page 458: ...ERS 1 QoS 2 Class of Service Configuration 3 Bandwidth Control Configuration 4 Voice VLAN Configuration 5 Auto VoIP Configuration 6 Configuration Examples 7 Appendix Default Parameters Downloaded from...

Page 459: ...erent priority queues and then forwards the packets according to specified scheduler settings to implement QoS function Priority Mode Three modes are supported Port Priority 802 1p Priority and DSCP P...

Page 460: ...ures can be enabled on the ports that transmit voice traffic only or transmit both voice traffic and data traffic Voice VLAN can change the voice packets 802 1p priority and transmit the packets in de...

Page 461: ...e from 0 to 7 802 1P priority determines the priority of packets based on the PRI value In this mode the switch only prioritizes packets with VLAN tag regardless of the IP header of the packets DSCP P...

Page 462: ...ify the 802 1p priority and set the trust mode as Untrusted 802 1p Priority Specify the port to 802 1p mapping for the desired port The ingress packets from one port are first mapped to 802 1p priorit...

Page 463: ...e 802 1p to Queue Mapping In the 802 1p to Queue Mapping section configure the mappings and click Apply 802 1p Priority Displays the number of 802 1p priority In QoS 802 1p priority is used to represe...

Page 464: ...g the Trust Mode Follow these steps to configure the trust mode 1 Select the desired ports and set the trust mode as Trust 802 1p Trust Mode Select the Trust mode as Trust 802 1p In this mode the tagg...

Page 465: ...2 1Q tag as PRI filed The PRI values are called 802 1p priority and used to represent the priority of the layer 2 packets This function requires packets with VLAN tags Queue Select the TC queue for th...

Page 466: ...port to 802 1p mapping and will be forwarded according to the 802 1p to queue mapping 2 1 3 Configuring DSCP Priority Configuring the Trust Mode Choose the menu QoS Class of Service Port Priority to...

Page 467: ...e 802 1p to Queue Mapping In the 802 1p to Queue Mapping section configure the mappings and click Apply 802 1p Priority Displays the number of 802 1p priority In QoS 802 1p priority is used to represe...

Page 468: ...represent the priority of IP packets The DSCP values range from 0 to 63 802 1p Priority Specify the DSCP to 802 1p mapping The ingress packets are first mapped to 802 1p priority based on the DSCP to...

Page 469: ...tion occurs Choose the menu QoS Class of Service Scheduler Settings to load the following page Figure 2 8 Specifying the Scheduler Settings Follow these steps to configure the schedule mode 1 In the S...

Page 470: ...alues are from 1 to 127 Management Type Displays the Management Type for the queues The switch supports Taildrop mode When the traffic exceeds the limit the additional traffic will be dropped 3 Click...

Page 471: ...t channel port channel id Verify the port to 802 1p mappings Step 7 end Return to privileged EXEC mode Step 8 copy running config startup config Save the settings in the configuration file Configuring...

Page 472: ...h config qos cos map 1 3 Switch config show qos trust interface gigabitEthernet 1 0 1 Port Trust Mode LAG Gi1 0 1 untrust N A Switch config show qos port priority interface gigabitEthernet 1 0 1 Port...

Page 473: ...ps to configure the 802 1p to queue mapping and 802 1p remap Step 1 configure Enter global configuration mode Step 2 qos cos map dot1p priority tc queue Specify the 802 1p to queue mapping The packets...

Page 474: ...following example shows how to configure the trust mode of port 1 0 1 as dot1p map 802 1p priority 3 to TC4 and configure to map the original 802 1p 1 to 802 1p priority 3 Switch configure Switch conf...

Page 475: ...os trust mode untrust dot1p dscp Select the trust mode for the port By default it is untrust Here we set the trust mode as dscp dscp Specify the ports trust mode as dscp In this mode the IP packets wi...

Page 476: ...ping then to TC queues based on the 802 1p to queue mapping The untagged packets with the desired DSCP priority will be added an 802 1p priority value according to the DSCP to 802 1p mapping by defaul...

Page 477: ...port 1 0 1 as dscp map 802 1p priority 3 to TC4 map DSCP priority 1 3 5 7 to 802 1p priority 3 and configure to map the original DSCP priority 9 to DSCP priority 5 Switch configure Switch config inte...

Page 478: ...0 31 DSCP to 802 1P 3 3 3 3 3 3 3 3 DSCP 32 33 34 35 36 37 38 39 DSCP to 802 1P 4 4 4 4 4 4 4 4 DSCP 40 41 42 43 44 45 46 47 DSCP to 802 1P 5 5 5 5 5 5 5 5 DSCP 48 49 50 51 52 53 54 55 DSCP to 802 1P...

Page 479: ...59 60 61 62 63 DSCP remap value 56 57 58 59 60 61 62 63 Switch config if end Switch copy running config startup config 2 2 4 Specifying the Scheduler Settings Follow these steps to specify the schedul...

Page 480: ...idth that each traffic queue occupies will be allocated based on the queue weight weight Specify the queue weight for the desired queue This value can be set only in the wrr mode The valid values are...

Page 481: ...ring QoS Class of Service Configuration TC1 Strict N A TC2 WRR 1 TC3 WRR 1 TC4 WRR 5 TC5 WRR 1 TC6 WRR 1 TC7 WRR 1 Switch config if end Switch copy running config startup config Downloaded from Manual...

Page 482: ...ese steps to configure the Rate Limit function 1 Select the desired port and configure the upper rate limit to receive and send packets Ingress Rate 0 1 000 000Kbps Configure the upper rate limit for...

Page 483: ...the specific kinds of traffic in kilo bits per second ratio The switch will limit the percentage of bandwidth utilization for specific kinds of traffic Broadcast Threshold 0 1 000 000 Specify the uppe...

Page 484: ...l not recover to its normal state automatically and you can recover the port manually 2 Click Apply Note The member port of an LAG Link Aggregation Group follows the configuration of the LAG and not i...

Page 485: ...itch config interface gigabitEthernet 1 0 5 Switch config if bandwidth ingress 5120 egress 1024 Switch config if show bandwidth interface gigabitEthernet 1 0 5 Port IngressRate Kbps EgressRate Kbps LA...

Page 486: ...receiving unknown unicast frames The traffic exceeding the limit will be processed according to the Action configurations rate Enter the upper rate In kbps mode the valid values are from 1 to 1000000...

Page 487: ...ollowing example shows how to configure the upper rate limit of broadcast packets as 1024 kbps Specify the action as shutdown and set the recover time as 10 for port 1 0 5 Switch configure Switch conf...

Page 488: ...figuring 802 1Q VLAN VLAN 1 is a default VLAN and cannot be configured as the voice VLAN Only one VLAN can be set as the voice VLAN on the switch 4 1 Using the GUI 4 1 1 Configuring OUI Addresses The...

Page 489: ...packet An OUI address is the first 24 bits of a MAC address and is assigned as a unique identifier by IEEE Institute of Electrical and Electronics Engineers to a device vendor If the source MAC addre...

Page 490: ...alue means a higher priority This is an IEEE 802 1p priority and you can further configure its scheduler mode in Class of Service if needed 2 Click Apply 4 1 1 Adding Ports to Voice VLAN Choose the me...

Page 491: ...OUI address to the table oui prefix Enter the OUI address for your voice device in the format of XX XX XX string Give an OUI address description for identification It contains 16 characters at most St...

Page 492: ...lt SIEMENS 00 03 6B Default CISCO1 00 12 43 Default CISCO2 00 0F E2 Default H3C 00 60 B9 Default NITSUKO 00 D0 1E Default PINTEL 00 E0 75 Default VERILINK 00 E0 BB Default 3COM 00 04 0D Default AVAYA1...

Page 493: ...iguring QoS Voice VLAN Configuration Gi1 0 3 enabled Up N A Gi1 0 4 disabled Down N A Gi1 0 5 disabled Down N A Switch config if end Switch copy running config startup config Downloaded from ManualsNe...

Page 494: ...ic It can work with other features such as VLAN and Class of Service to process the voice packets with specific fields You can choose and configure Auto VoIP and other features according to your needs...

Page 495: ...ue Enter the value of VLAN ID or 802 1p priority for the port according to the Interface Mode configurations CoS Override Mode Enable or disable the Class of Service override mode Enabled Enable CoS o...

Page 496: ...as dot1p In this mode the voice devices will send voice packets with desired 802 1p priority If this mode is selected it is necessary to specify 802 1p priority The valid values are from 0 to 7 In ad...

Page 497: ...enable the CoS override mode for port 1 0 3 Switch configure Switch config auto voip Switch config interface gigabitEthernet 1 0 3 Switch config if auto voip dot1p 4 Switch config if auto voip dscp 10...

Page 498: ...erface Gi1 0 3 Auto VoIP Interface Mode Enabled Auto VoIP Priority 4 Auto VoIP COS Override True Auto VoIP DSCP Value 10 Auto VoIP Port Status Enabled Switch config if end Switch copy running config s...

Page 499: ...RD Dept Marketing Dept Router Fa1 0 3 Fa1 0 1 Fa1 0 2 Switch A Internet 6 1 2 Configuration Scheme To implement this requirement you can configure Port Priority to put the packets from the Marketing...

Page 500: ...riority to load the following page Set the trust mode of port 1 0 1 and 1 0 2 as untrusted Specify the 802 1p priority of port 1 0 1 as 1 and specify the 802 1p priority of port 1 0 2 as 0 Click Apply...

Page 501: ...gs 3 Choose the menu QoS Class of Service Scheduler Settings to load the following page Select the port 1 0 3 and set the scheduler type of TC 0 and TC 1 as Weighted Specify the queue weight of TC 0 a...

Page 502: ...if qos trust mode untrust Switch_A config if qos port priority 1 Switch_A config if exit 2 Set the trust mode of port 1 0 2 as untrusted and specify the 802 1p priority as 0 Switch_A config interface...

Page 503: ...config if qos queue 1 mode wrr weight 5 Switch_A config if end Switch_A copy running config startup config Verify the configurations Verify the trust mode of the port Switch_A show qos trust interface...

Page 504: ...1 0 3 LAG N A Queue Schedule Mode Weight TC0 WRR 1 TC1 WRR 5 TC2 WRR 1 TC3 WRR 1 TC4 WRR 1 TC5 WRR 1 TC6 WRR 1 TC7 WRR 1 6 2 Example for Voice VLAN 6 2 1 Network Requirements As shown below the compan...

Page 505: ...on specify the priority to make the voice traffic can take precedence when the congestion occurs 1 Configure 802 1Q VLAN for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 2 Configure Voice VLAN feat...

Page 506: ...uration Examples User Guide 483 Figure 6 6 Configuring VLAN 2 2 Click to load the following page Create VLAN 3 and add untagged port 1 0 3 and port 1 0 4 to VLAN 3 Click Create Downloaded from Manuals...

Page 507: ...e 6 7 Configuring VLAN 3 3 Choose the menu L2 FEATURES VLAN 802 1Q VLAN Port Config to load the following page Disable the Ingress Checking feature on port 1 0 1 and port 1 0 2 and specify the PVID as...

Page 508: ...nu QoS Voice VLAN OUI Config to load the following page Check the OUI table Figure 6 9 Checking the OUI Table 5 Choose the menu QoS Voice VLAN Global Config to load the following page Enable Voice VLA...

Page 509: ...n Ports 7 Click to save the settings 6 2 4 Using the CLI 1 Create VLAN 2 and add untagged port 1 0 1 port 1 0 2 and port 1 0 4 to VLAN 2 Switch_A configure Switch_A config vlan 2 Switch_A config vlan...

Page 510: ...nfig if exit Switch_A config interface fastEthernet 1 0 4 Switch_A config if switchport general allowed vlan 3 untagged Switch_A config if exit 3 Disable the Ingress Checking feature on port 1 0 1 and...

Page 511: ...fastEthernet 1 0 1 Switch_A config if voice vlan Switch_A config if exit Switch_A config interface fastEthernet 1 0 2 Switch_A config if voice vlan Switch_A config if end Switch_A copy running config...

Page 512: ...N A Fa1 0 2 enabled Up N A Fa1 0 3 disabled Down N A Fa1 0 4 disabled Down N A Fa1 0 5 disabled Down N A Gi1 0 28 disabled Down N A 6 3 Example for Auto VoIP 6 3 1 Network Requirements As shown below...

Page 513: ...edence when congestion occurs 1 Enable the Auto VoIP feature and configure the DSCP value of ports 2 Configure Class of Service 3 Enable LLDP MED and configure the corresponding parameters Demonstrate...

Page 514: ...ort Priority to load the following page Set the trust mode of port 1 0 1 as trust DSCP Click Apply Figure 6 14 Configuring Port Priority 3 Choose the menu QoS Class of Service DSCP Priority to load th...

Page 515: ...s 5 for other DSCP priorities Click Apply Figure 6 16 Specifying the 802 1p priority for Other DSCP priorities 5 Choose the menu QoS Class of Service Scheduler Settings to load the following page Sele...

Page 516: ...93 Figure 6 17 Configuring the TC 5 for the Port 6 Select port 1 0 2 Set the scheduler mode as weighted and specify the queue weight as 10 for TC 7 Click Apply Figure 6 18 Configuring the TC 7 for the...

Page 517: ...f port1 0 1 to load the following page Check the boxes of all the TLVs Click Save Figure 6 19 Configuring the TLVs 8 Choose the menu L2 FEATURES LLDP LLDP MED Config Port Config to load the following...

Page 518: ...de dscp Switch_A config if exit Switch_A config qos dscp map 63 7 Switch_A config qos dscp map 0 62 5 3 On port 1 0 1 set the scheduler mode as weighted and specify the queue weight as 1 for TC 5 Set...

Page 519: ...erride False Auto VoIP DSCP Value 63 Auto VoIP Port Status Disabled Interface Fa1 0 2 Auto VoIP Interface Mode Disabled Auto VoIP COS Override False Auto VoIP DSCP Value 0 Auto VoIP Port Status Disabl...

Page 520: ...1 12 13 14 15 DSCP to 802 1P 5 5 5 5 5 5 5 5 DSCP 16 17 18 19 20 21 22 23 DSCP to 802 1P 5 5 5 5 5 5 5 5 DSCP 24 25 26 27 28 29 30 31 DSCP to 802 1P 5 5 5 5 5 5 5 5 DSCP 32 33 34 35 36 37 38 39 DSCP t...

Page 521: ...Disabled TLV Status Port Description Yes System Capability Yes System Description Yes System Name Yes Management Address Yes Port VLAN ID Yes Protocol VLAN ID Yes VLAN Name Yes Link Aggregation Yes MA...

Page 522: ...Configuring QoS Configuration Examples User Guide 499 Inventory Management Yes Downloaded from ManualsNet com search engine...

Page 523: ...ng 802 1P Priority 0 Trust Mode Untrusted Table 7 2 Default Settings of 802 1p to Queue Mapping 802 1p Priority Queues 8 0 TC1 1 TC0 2 TC2 3 TC3 4 TC4 5 TC5 6 TC6 7 TC7 Table 7 3 Default Settings of 8...

Page 524: ...3 3 25 25 47 47 4 4 26 26 af31 011010 48 48 cs6 110000 5 5 27 27 49 49 6 6 28 28 af32 011100 50 50 7 7 29 29 51 51 8 8 cs1 001000 30 30 af33 011110 52 52 9 9 31 31 53 53 10 10 af11 001010 32 32 cs4 1...

Page 525: ...Parameter Default Setting Ingress Rate 0 1 000 000Kbps 0 Egress Rate 0 1 000 000Kbps 0 Table 7 8 Default Settings of Storm Control Parameter Default Setting Rate Mode kbps Broadcast Threshold 0 1 000...

Page 526: ...1 00 12 43 Default CISCO2 00 0F E2 Default H3C 00 60 B9 Default NITSUKO 00 D0 1E Default PINTEL 00 E0 75 Default VERILINK 00 E0 BB Default 3COM 00 04 0D Default AVAYA1 00 1B 4F Default AVAYA2 00 04 13...

Page 527: ...Part 15 Configuring Access Security CHAPTERS 1 Access Security 2 Access Security Configurations 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 528: ...l It can allow or deny users to access the switch via a web browser HTTPS This function is based on the SSL or TLS protocol working in transport layer It supports a security access via a web browser S...

Page 529: ...urity Access Control to load the following page Figure 2 1 Configuring the Access Control 1 In the Global Config section enable Access Control select one control mode and click Apply Control Mode Choo...

Page 530: ...on to manage the network devices via NMS Telnet A connection type for users to remote login SSH A connection type based on SSH protocol HTTP A connection type based on HTTP protocol HTTPS A connection...

Page 531: ...ress Enter the MAC address Only the users with this MAC address can access the switch via the specified interfaces When the Port based mode is selected the following window will pop up Figure 2 4 Conf...

Page 532: ...In the Global Control section enable HTTP function specify the port using for HTTP and click Apply to enable the HTTP function HTTP HTTP function is based on the HTTP protocol It allows users to manag...

Page 533: ...ime The total number of users should be no more than 16 Number of Admins Specify the maximum number of users whose access level is Admin Number of Operators Specify the maximum number of users whose a...

Page 534: ...the menu SECURITY Access Security HTTPS Config to load the following page Figure 2 6 Configuring the HTTPS Function 1 In the Global Config section enable HTTPS function select the protocol version th...

Page 535: ...time Port Specify the port number for HTTPS service 2 In the Cipher Suite Config section select the algorithm to be enabled and click Apply RSA_WITH_ RC4_128_MD5 128 bit RC4 encryption with MD5 messag...

Page 536: ...users whose access level is Operator Number of Power Users Specify the maximum number of users whose access level is Power User Number of Users Specify the maximum number of users whose access level i...

Page 537: ...ring the SSH Feature 1 In the Global Config section select Enable to enable SSH function and specify following parameters SSH Select Enable to enable the SSH function SSH is a protocol working in appl...

Page 538: ...and click Apply 4 In Import Key File section select key type from the drop down list and click Browse to download the desired key file Key Type Select the key type The algorithm of the corresponding t...

Page 539: ...C based user access control mac based mac addr snmp telnet ssh http https ping all Only the users with a certain MAC address can access the switch via the specified interfaces mac addr Specify the MAC...

Page 540: ...cess control ip based 192 168 0 100 255 255 255 0 snmp telnet http https Switch config show user configuration User authentication mode IP based Index IP Address Access Interface 1 192 168 0 100 24 SN...

Page 541: ...ow ip http configuration Verify the configuration information of the HTTP server including status session timeout access control max user number and the idle timeout etc Step 6 end Return to privilege...

Page 542: ...rsion 1 2 as the protocol for HTTPS all Enable all the above protocols for HTTPS The HTTPS server and client will negotiate the protocol each time Step 4 ip http secure ciphersuite rc4 128 md5 rc4 128...

Page 543: ...ess ip addr Download the desired certificate to the switch from TFTP server ssl cert Specify the name of the SSL certificate which ranges from 1 to 25 characters The certificate must be BASE64 encoded...

Page 544: ...ttp secure server download certificate ca crt ip address 192 168 0 100 Start to download SSL certificate Download SSL certificate OK Switch config ip http secure server download key ca key ip address...

Page 545: ...you set num Enter the number of the connections which ranges from 1 to 5 The default value is 5 Step 6 ip ssh algorithm AES128 CBC AES192 CBC AES256 CBC Blowfish CBC Cast128 CBC 3DES CBC HMAC SHA1 HMA...

Page 546: ...ity algorithm Choose the key type as SSH 2 RSA DSA Switch config ip ssh server Switch config ip ssh version v1 Switch config ip ssh version v2 Switch config ip ssh timeout 100 Switch config ip ssh max...

Page 547: ...ch config end Switch copy running config startup config 2 2 5 Configuring the Telnet Function Follow these steps enable the Telnet function Step 1 configure Enter global configuration mode Step 2 teln...

Page 548: ...imeout 10 minutes Number Control Disabled Table 3 3 Default Settings of HTTPS Configuration Parameter Default Setting HTTPS Enabled Protocol Version All Port 443 RSA_WITH_RC4_128_MD5 Enabled RSA_WITH_...

Page 549: ...ctions 5 Port 22 AES128 CBC Enabled AES192 CBC Enabled AES256 CBC Enabled Blowfish CBC Enabled Cast128 CBC Enabled 3DES CBC Enabled HMAC SHA1 Enabled HMAC MD5 Enabled Key Type SSH 2 RSA DSA Table 3 5...

Page 550: ...Part 16 Configuring AAA CHAPTERS 1 Overview 2 AAA Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 551: ...ve privileges without the Enable password provided AAA provides a safe and efficient authentication method The authentication can be processed locally on the switch or centrally on the RADIUS TACACS s...

Page 552: ...users in the order they are added The server that is first added to the group has the highest priority and is responsible for authentication under normal circumstances If the first one breaks down or...

Page 553: ...ers act as backup servers in case the first one breaks down Adding RADIUS Server Choose the menu SECURITY AAA RADIUS Config and click to load the following page Figure 2 1 RADIUS Server Configuration...

Page 554: ...y the NAS indicates the switch itself 2 Click Create to add the RADIUS server on the switch Adding TACACS Server Choose the menu SECURITY AAA TACACS Config and click to load the following page Figure...

Page 555: ...configure a new server group 1 Click and the following window will pop up Figure 2 4 Add Server Group Configure the following parameters Server Group Specify a name for the server group Server Type S...

Page 556: ...entication You can edit the default methods or follow these steps to add a new method 1 Click in the Authentication Login Method List section or Authentication Enable Method List section to add corres...

Page 557: ...SECURITY AAA Global Config to load the following page Figure 2 7 Configure Application List Follow these steps to configure the AAA application list 1 In the AAA Application List section select an ac...

Page 558: ...iew the configurations and some network information without the Enable password Some configuration principles on the server are as follows For Login authentication configuration more than one login ac...

Page 559: ...e valid values are from 1 to 3 and the default setting is 2 nas id nas id Specify the name of the NAS Network Access Server to be contained in RADIUS packets for identification It ranges from 1 to 31...

Page 560: ...server to reply before resending The valid values are from 1 to 9 seconds and the default setting is 5 seconds key 0 string 7 encrypted string Specify the shared key 0 and 7 represent the encryption...

Page 561: ...these steps to add a server group Step 1 configure Enter global configuration mode Step 2 aaa group radius tacacs group name Create a server group radius tacacs Specify the group type group name Speci...

Page 562: ...method3 method4 Configure a login method list method list Specify a name for the method list method1 method2 method3 method4 Specify the authentication methods in order The first method authenticates...

Page 563: ...us local Switch config end Switch copy running config startup config The following example shows how to create an Enable method list named Enable1 and configure the method 1 as the default radius serv...

Page 564: ...ethod list Step 5 show aaa global Verify the configuration of application list Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuratio...

Page 565: ...d list Step 5 show aaa global Verify the configuration of application list Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration fi...

Page 566: ...eturn to privileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to apply the existing Login method list named Login1...

Page 567: ...y from the configuration file of another switch The key or encrypted key you configured here will be displayed in the encrypted form enable admin secret 0 password 5 encrypted password Set the Enable...

Page 568: ...s enable and the Enable password is customizable All the users trying to get administrative privileges share this Enable password On TACACS server configure the value of enable 15 as the Enable passwo...

Page 569: ...authentication system Figure 3 1 Network Topology RADIUS Server 1 192 168 0 10 24 Auth Port 1812 RADIUS Server 2 192 168 0 20 24 Auth Port 1812 Switch Administrator Management Network 3 2 Configuratio...

Page 570: ...IP as 192 168 0 10 the Shared Key as 123456 the Authentication Port as 1812 and keep the other parameters as default Click Create to add RADIUS Server 1 on the switch Figure 3 2 Add RADIUS Server 1 2...

Page 571: ...he menu SECURITY AAA Method List and click in the Authentication Login Method List section Specify the Method List Name as MethodLogin and select the Pri1 as RADIUS1 Click Create to set the method lis...

Page 572: ...pplication List 7 Click to save the settings 3 4 Using the CLI 1 Add RADIUS Server 1 and RADIUS Server 2 on the switch Switch config radius server host 192 168 0 10 auth port 1812 key 123456 Switch co...

Page 573: ...tion Method Enable Switch config line end Switch copy running config startup config Verify the Configuration Verify the configuration of the RADIUS servers Switch show radius server Server Ip Auth Por...

Page 574: ...nable RADIUS1 Verify the status of the AAA feature and the configuration of the AAA application list Switch show aaa global Module Login List Enable List Telnet Method Login Method Enable SSH default...

Page 575: ...None Shared Key None Auth Port 1812 Acct Port 1813 Retransmit 2 Timeout 5 seconds NAS Identifier The MAC address of the switch TACACS Config Server IP None Timeout 5 seconds Shared Key None Port 49 Se...

Page 576: ...fault Parameters Parameter Default Setting AAA Application List telnet Login List default Enable List default ssh Login List default Enable List default http Login List default Enable List default Dow...

Page 577: ...Part 17 Configuring 802 1x CHAPTERS 1 Overview 2 802 1x Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 578: ...1x authentication client software on the client hosts enabling them to request 802 1x authentication to access the LAN Authenticator An authenticator is usually a network device that supports 802 1x...

Page 579: ...thentication and Port Security cannot be enabled at the same time Before enabling 802 1x authentication make sure that Port Security is disabled 2 1 Using the GUI 2 1 1 Configuring the RADIUS Server C...

Page 580: ...server if the server does not respond The default setting is 2 Timeout Specify the time interval that the switch waits for the server to reply before resending The default setting is 5 seconds NAS Id...

Page 581: ...Save Figure 2 4 Adding Server Group Configuring the Dot1x List Choose the menu SECURITY AAA Dot1x List to load the following page Figure 2 5 Configuring the Dot1x List Follow these steps to configure...

Page 582: ...client The transmission of EAP Extensible Authentication Protocol packets is terminated at the switch and the EAP packets are converted to other protocol such as RADIUS packets and transmitted to the...

Page 583: ...exists on the switch the switch will directly add the authenticated port to the related VLAN and change the PVID instead of creating a new VLAN If no VLAN is supplied by the RADIUS server or if 802 1x...

Page 584: ...network only when it is authenticated Force Authorized If this option is selected the port can access the network without authentication Force Unauthorized If this option is selected the port can neve...

Page 585: ...ddress of the first authenticated device wil be displayed with a suffix p PAE State Displays the current state of the authenticator PAE state machine Possible values are Initialize Disconnected Connec...

Page 586: ...e server if the server does not respond The valid values are from 1 to 3 and the default setting is 2 nas id nas id Specify the name of the NAS Network Access Server to be contained in RADIUS packets...

Page 587: ...onfiguration of RADIUS server Step 8 show aaa group group name Optional Verify the configuration of server group Step 9 show aaa authentication dot1x Optional Verify the authentication method list Ste...

Page 588: ...Timeout Retransmit NAS Identifier Shared key 192 168 0 100 1812 1813 5 2 000AEB132397 123456 Switch config show aaa group radius1 192 168 0 100 Switch config show aaa authentication dot1x Methodlist p...

Page 589: ...Link 802 1x Client and the switch Please disable Handshake feature if you are using other client softwares instead of TP Link 802 1x Client Step 6 dot1x vlan assignment Optional Enable or disable the...

Page 590: ...ten gigabitEthernet port range ten gigabitEthernet port list Enter interface configuration mode port Enter the ID of the port to be configured Step 3 dot1x Enable 802 1x authentication for the port S...

Page 591: ...other clients can access the LAN without authentication Step 8 dot1x max req times Specify the maximum number of attempts to send the authentication packet for the client times The maximum attempts fo...

Page 592: ...port based Switch config if show dot1x interface gigabitEthernet 1 0 2 Port State MAB State GuestVLAN PortControl PortMethod Gi1 0 2 disabled disabled 0 auto port based MaxReq QuietPeriod SuppTimeout...

Page 593: ...address Initialize the specific client To access the network the client needs to provide the correct information to pass the authentication again mac address Enter the MAC address of the client that w...

Page 594: ...tion configure the control mode as auto and set the control type as MAC based Enable 802 1x authentication on the ports connected to clients Keep 802 1x authentication disabled on ports connected to t...

Page 595: ...1812 Demonstrated with T1500 28PCT acting as the authenticator the following sections provide configuration procedure in two ways using the GUI and using the CLI 3 4 Using the GUI 1 Choose the menu SE...

Page 596: ...r group for authentication and click Apply Figure 3 4 Configuring Authentication RADIUS Server 4 Choose the menu SECURITY 802 1x Global Config to load the following page Enable 802 1x authentication a...

Page 597: ...up exit Switch_A config aaa authentication dot1x default RADIUS1 2 Globally enable 802 1x authentication and set the authentication protocol Switch_A config dot1x system auth control Switch_A config d...

Page 598: ...x authentication Switch_A show dot1x global 802 1X State Enabled Authentication Protocol EAP Handshake State Enabled 802 1X Accounting State Disabled 802 1X VLAN Assignment State Disabled Verify the c...

Page 599: ...of RADIUS Switch_A show aaa global Module Login List Enable List Telnet default default Ssh default default Http default default Switch_A show aaa authentication dot1x Methodlist pri1 pri2 pri3 pri4...

Page 600: ...Authentication Method EAP Handshake Enabled Accounting Disabled VLAN Assignment Disabled Port Config 802 1x Status Disabled MAB Disabled Guest VLAN Disabled Port Control Auto Guest VLAN 0 Maximum Requ...

Page 601: ...Part 18 Configuring Port Security CHAPTERS 1 Overview 2 Port Security Configuration 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 602: ...it the number of MAC addresses that can be learned on each port thus preventing the MAC address table from being exhausted by the attack packets In addtion the switch can send a notification if the nu...

Page 603: ...mber of MAC Specify the maximum number of MAC addresses that can be learned on the port When the learned MAC address number reaches the limit the port will stop learning It ranges from 0 to 64 The def...

Page 604: ...he limit the port will stop learning and discard the packets with the MAC addresses that have not been learned Forward When the number of learned MAC addresses reaches the limit the port will stop lea...

Page 605: ...ed status Status of port security feature By default it is disabled drop When the number of learned MAC addresses reaches the limit the port will stop learning and discard the packets with the MAC add...

Page 606: ...ed max learned enable mode permanent status drop Switch config if show mac address table max mac count interface gigabitEthernet 1 0 1 Port Max learn Current learn Exceed Max Limit Mode Status Gi1 0 1...

Page 607: ...ngs of Port Security are listed in the following table Table 3 1 Default Parameters of Port Security Parameter Default Setting Max Learned Number of MAC 64 Current Learned Number 0 Exceed Max Learned...

Page 608: ...Part 19 Configuring ACL CHAPTERS 1 Overview 2 ACL Configuration 3 Configuration Example for ACL 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 609: ...w these steps 1 Configure a time range during which the ACL is in effect 2 Create an ACL and configure the rules to filter different packets 3 Bind the ACL to a port or VLAN to make it effective Confi...

Page 610: ...pe port number and so on MAC ACL MAC ACL uses source and destination MAC address for matching operations IP ACL IP ACL uses source and destination IP address IP protocols and so on for matching operat...

Page 611: ...CL Config page Figure 2 2 Editing ACL Click Edit ACL in the Operation column Then you can configure rules for this ACL The following sections introduce how to configure MAC ACL IP ACL Combined ACL and...

Page 612: ...the interval between rule IDs is 5 Operation Select an action to be taken when a packet matches the rule Permit To forward the matched packets Deny To discard the matched packets S MAC Mask Enter the...

Page 613: ...tal Matched Counter in the ACL Rules Table to view the matching times 2 In the Policy section enable or disable the Mirroring feature for the matched packets With this option enabled choose a destinat...

Page 614: ...rded 5 In the Policy section enable or disable the QoS Remark feature for the matched packets With this option enabled configure the related parameters and the remarked values will take effect in the...

Page 615: ...ation Configuring IP ACL Rule Click Edit ACL for an IP ACL entry to load the following page Figure 2 9 Configuring the IP ACL Rule In ACL Rules Table section click and the following page will appear D...

Page 616: ...any current rule ID in the same ACL If you select Auto Assign the rule ID will be assigned automatically and the interval between rule IDs is 5 Operation Select an action to be taken when a packet ma...

Page 617: ...number with a mask Value Specify the port number Mask Specify the port mask with 4 hexadacimal numbers DSCP Specify a DSCP value to be matched between 0 and 63 The default is No Limit IP ToS Specify...

Page 618: ...s will be copied to the destination port and the original forwarding will not be affected While in the Redirect feature the matched packets will be forwarded only on the destination port 4 In the Poli...

Page 619: ...ark DSCP Specify the DSCP field for the matched packets The DSCP field of the packets will be changed to the specified one Local Priority Specify the local priority for the matched packets The local p...

Page 620: ...L rule 1 In the Combined ACL Rule section configure the following parameters Rule ID Enter an ID number to identify the rule It should not be the same as any current rule ID in the same ACL If you sel...

Page 621: ...will be matched IP Protocol Select a protocol type from the drop down list The default is No Limit which indicates that packets of all protocols will be matched You can also select User defined to cu...

Page 622: ...the Mirroring feature for the matched packets With this option enabled choose a destination port to which the packets will be mirrored Figure 2 17 Configuring Mirroring 3 In the Policy section enable...

Page 623: ...the matched packets With this option enabled configure the related parameters and the remarked values will take effect in the QoS processing on the switch Figure 2 20 Configuring QoS Remark DSCP Spec...

Page 624: ...ACL Rule Click Edit ACL for an IPv6 ACL entry to load the following page Figure 2 21 Configuring the IPv6 ACL Rule In ACL Rules Table section click and the following page will appear Figure 2 22 Confi...

Page 625: ...the rule A value of 1 in the mask indicates that the corresponding bit in the address will be matched IPv6 Destination IP Enter the destination IPv6 address to be matched All types of IPv6 address wil...

Page 626: ...t to which the packets will be redirected Figure 2 24 Configuring Redirect Note In the Mirroring feature the matched packets will be copied to the destination port and the original forwarding will not...

Page 627: ...of the packets will be changed to the specified one Local Priority Specify the local priority for the matched packets The local priority of the packets will be changed to the specified one 802 1p Pri...

Page 628: ...Different types of ACLs cannot be bound to the same port or VLAN Multiple ACLs of the same type can be bound to the same port or VLAN The switch matches the received packets using the ACLs in order Th...

Page 629: ...2 1 Configuring Time Range Some ACL based services or features may need to be limited to take effect only during a specified time period In this case you can configure a time range for the ACL For det...

Page 630: ...If enable is selected the times that the rule is matched will be logged every 5 minutes With ACL Counter trap enabled a related trap will be generated if the matching times changes source mac Enter t...

Page 631: ...ule 5 permit logging disable smac 00 34 A2 D4 34 B5 smask FF FF FF FF FF FF Switch config mac acl exit Switch config show access list 50 MAC access list 50 name ACL_50 rule 5 permit logging disable sm...

Page 632: ...IP address This is required if a source IP address is entered dip address Enter the destination IP address dip address mask Enter the mask of the destination IP address This is required if a destinat...

Page 633: ...600 rule 1 permit logging disable sip 192 168 1 100 sip mask 255 255 255 255 Switch config show access list 600 IP access list 600 name ACL_600 rule 1 permit logging disable sip 192 168 1 100 smask 25...

Page 634: ...for the ACL rule If enable is selected the times that the rule is matched will be logged every 5 minutes With ACL Counter trap enabled a related trap will be generated if the matching times changes so...

Page 635: ...ACK Acknowledge Flag PSH Push Flag RST Reset Flag SYN Synchronize Flag and FIN Finish Flag time range name The name of the time range The default is No Limit Step 4 end Return to privileged EXEC mode...

Page 636: ...nges from 0 to 63 flow label value Specify a Flow Label value to be matched source ip address Enter the source IP address Enter the destination IPv6 address to be matched All types of IPv6 address wil...

Page 637: ...the rules by providing a Start Rule ID and Step value Step 1 configure Enter global configuration mode Step 2 access list resequence acl id or name start start rule id step rule id step value Resequen...

Page 638: ...o further process the matched packets through operations such as mirroring rate limiting redirecting or changing priority Follow the steps below to configure the policy actions for an ACL rule Step 1...

Page 639: ...nd ranging from 1 to 128 osd Enter either none or discard as the action to be taken for the packets whose rate is beyond the specified rate The default is None qos remark dscp dscp priority pri dot1p...

Page 640: ...gure Enter global configuration mode Step 2 access list bind acl id or name interface vlan vlan list fastEthernet port list gigabitEthernet port list ten gigabitEthernet port list Bind the ACL to a po...

Page 641: ...startup config 2 2 5 Viewing ACL Counting You can use the following command to view the number of matched packets of each ACL in the privileged EXEC mode and any other configuration mode show access...

Page 642: ...4 Fa1 0 2 It is required that The Marketing department can only access internal server group in the intranet The Marketing department can only visit http and https websites on the internet 3 2 Configu...

Page 643: ...defined in the rule If no rules are matched the packet will be dropped Binding Configuration Bind the IP ACL to port 1 0 1 so that the ACL rules will apply to the Marketing department only Demonstrat...

Page 644: ...with the source IP address 10 10 70 0 24 and destination IP address 10 10 80 0 24 Figure 3 5 Configuring Rule 1 5 In the same way configure rule 2 and rule 3 to permit packets with source IP 10 10 70...

Page 645: ...User Guide 622 Configuring ACL Configuration Example for ACL Figure 3 6 Configuring Rule 2 Downloaded from ManualsNet com search engine...

Page 646: ...Configuring ACL Configuration Example for ACL User Guide 623 Figure 3 7 Configuring Rule 3 Downloaded from ManualsNet com search engine...

Page 647: ...n Example for ACL 6 In the same way configure rule 4 and rule 5 to permit packets with source IP 10 10 70 0 and with destination port TCP 53 or UDP 53 DNS service port Figure 3 8 Configuring Rule 4 Do...

Page 648: ...uration Example for ACL User Guide 625 Figure 3 9 Configuring Rule 5 7 In the same way configure rule 6 to deny packets with source IP 10 10 70 0 Figure 3 10 Configuring Rule 6 Downloaded from Manuals...

Page 649: ...255 0 dip 10 10 80 0 dmask 255 255 255 0 3 Configure rule 2 and Rule 3 to permit packets with source IP 10 10 70 0 24 and destination port TCP 80 http service port or TCP 443 https service port Switch...

Page 650: ...nfigurations Verify the IP ACL 500 Switch show access list 500 rule 1 permit logging disable sip 10 10 70 0 smask 255 255 255 0 dip 10 10 80 0 dmask 255 255 255 0 rule 2 permit logging disable sip 10...

Page 651: ...Permit User Priority No Limit Time Range No Limit Table 4 2 IP ACL Parameter Default Setting Operation Permit IP Protocol All DSCP No Limit IP ToS No Limit IP Pre No Limit Time Range No Limit Table 4...

Page 652: ...ACL Appendix Default Parameters User Guide 629 Table 4 5 Policy Parameter Default Setting Mirroring Disabled Redirect Disabled Rate Limit Disabled QoS Remark Disabled Downloaded from ManualsNet com se...

Page 653: ...4 IMPB CHAPTERS 1 IPv4 IMPB 2 IP MAC Binding Configuration 3 ARP Detection Configuration 4 IPv4 Source Guard Configuration 5 Configuration Examples 6 Appendix Default Parameters Downloaded from Manual...

Page 654: ...Detection In an actual complex network there are high security risks during ARP implementation procedure The cheating attacks against ARP such as imitating gateway cheating gateway cheating terminal h...

Page 655: ...Binding Table 2 1 Using the GUI 2 1 1 Binding Entries Manually You can manually bind the IP address MAC address VLAN ID and the Port number together on the condition that you have got the detailed inf...

Page 656: ...applied to the IPv4 Source Guard feature Both This entry will be applied to both of the features 3 Enter or select the port that is connected to this host 4 Click Apply 2 1 2 Binding Entries via ARP...

Page 657: ...Scan to scan the entries in the specified IP address range and VLAN Starting IP Address Ending IP Address Specify an IP range by entering a start and end IP address VLAN ID Specify a VLAN ID 2 In the...

Page 658: ...tection This entry will be applied to the ARP Detection feature IP Source Guard This entry will be applied to the IP Source Guard feature Both This entry will be applied to both of the features 2 1 3...

Page 659: ...ng 1 In the Global Config section globally enable DHCP Snooping Click Apply 2 In the VLAN Config section enable DHCP Snooping on a VLAN or range of VLANs Click Apply VLAN ID Displays the VLAN ID Statu...

Page 660: ...o load the following page Figure 2 4 Binding Table You can specify the search criteria to search your desired entries Source Select the source of the entry and click Search All Displays the entries fr...

Page 661: ...Source Guard feature Both This entry will be applied to both of the features Source Displays the source of the entry 2 2 Using the CLI Binding entries via ARP scanning is not supported by the CLI The...

Page 662: ...applied to any feature arp detection indicates this entry will be applied to ARP Detection ip verify source indicates this entry will be applied to IPv4 Source Guard Step 3 show ip source binding Veri...

Page 663: ...iguration mode Step 5 ip dhcp snooping max entries value Configure the maximum number of binding entries the port can learn via DHCP snooping value Enter the value of maximum number of entries The val...

Page 664: ...h config if end Switch copy running config startup config 2 2 3 Viewing Binding Entries On privileged EXEC mode or any other configuration mode you can use the following command to view binding entrie...

Page 665: ...e ARP packets based on the binding entries in the IP MAC Binding Table So before configuring ARP Detection you need to complete IP MAC Binding configuration For details refer to IP MAC Binding Configu...

Page 666: ...he sender IP address of all ARP packets and the target IP address of ARP reply packets are legal The illegal ARP packets will be discarded including broadcast addresses multicast addresses Class E add...

Page 667: ...for this time range the port will be shut down Status Displays the status of the ARP attack Normal The forwarding of ARP packets on the port is normal Down The transmission speed of the legal ARP pack...

Page 668: ...n mode Step 2 ip arp inspection Globally enable the ARP Detection feature Step 3 ip arp inspection validate src mac dst mac ip Configure the switch to check the IP address or MAC address of the receiv...

Page 669: ...globally and on VLAN 2 and enable the switch to check whether the source MAC address and the sender MAC address are the same when receiving an ARP packet Switch configure Switch config ip arp inspecti...

Page 670: ...y a time range If the speed of received ARP packets reaches the limit for this time range the port will be shut down value Specify the time range The valid values are from 1 to 15 seconds and the defa...

Page 671: ...ws how to restore the port 1 0 1 that is in Down status to Normal status Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if ip arp inspection recover Switch config if end...

Page 672: ...MAC Binding Entries In IPv4 Source Guard the switch filters the packets that do not match the rules of IPv4 MAC Binding Table So before configuring ARP Detection you need to complete IP MAC Binding co...

Page 673: ...rules can be processed otherwise the packet will be discarded SIP Only the packet with its source IP address and port number matching the IPv4 MAC binding rules can be processed otherwise the packet w...

Page 674: ...source interface fastEthernet port gigabitEthernet port ten gigabitEthernet port port channel port channel id Verify the IP Source Guard configuration for IPv4 packets Step 5 end Return to privileged...

Page 675: ...s to configure Switch A to prevent ARP attacks from the LAN Figure 5 1 Network Topology LAN WAN Fa1 0 3 Fa1 0 1 Fa1 0 2 Router User 2 88 A9 D4 54 FD C3 192 168 0 33 24 User 1 74 D3 45 32 B6 8D 192 168...

Page 676: ...UI and using the CLI 5 1 3 Using the GUI 1 Choose the menu SECURITY IPv4 IMBP IP MAC Binding Manual Binding and click to load the following page Enter the host name IP address MAC address and VLAN ID...

Page 677: ...stination MAC and Validate IP and click Apply Select VLAN 1 change Status as Enabled and click Apply Figure 5 4 Enable ARP Detection 4 Choose the menu SECURITY IPv4 IMBP ARP Detection Port Config to l...

Page 678: ...1 0 1 arp detection Switch_A config ip source binding User1 192 168 0 32 88 a9 d4 54 fd c3 vlan 1 interface fastEthernet 1 0 2 arp detection 2 Enable ARP Detection globally and on VLAN 1 Switch_A con...

Page 679: ...ARP D Manual Notice 1 Here ARP D for ARP Detection and IP V S for IP Verify Source Verify the global configuration of ARP Detection Switch_A show ip arp inspection Global Status Enable Verify SMAC En...

Page 680: ...ng to access the network via ports 1 0 1 3 Figure 5 6 Network Topology Switch Fa1 0 2 Fa1 0 3 Fa1 0 1 Legal Host 192 168 0 100 74 D3 45 32 B5 6D Unknown Host Unknown Host 5 2 2 Configuration Scheme To...

Page 681: ...ID of the legal host select the protect type as and select port 1 0 1 on the panel Click Apply Figure 5 7 Manual Binding 2 Choose the menu SECURITY IPv4 IMPB IPv4 Source Guard to load the following pa...

Page 682: ...fig ip source binding legal host 192 168 0 100 74 d3 45 32 b5 6d vlan 1 interface fastEthernet 1 0 1 ip verify source 2 Enable the log feature and IP Source Guard on ports 1 0 1 3 Switch config ip ver...

Page 683: ...5 32 b5 6d 1 Fa1 0 1 IP V S Manual Notice 1 Here ARP D for ARP Detection and IP V S for IP Verify Source Verify the configuration of IP Source Guard Switch show ip verify source IP Source Guard log En...

Page 684: ...bled VLAN Config Status Disabled Port Config Maximum Entry 512 Default settings of ARP Detection are listed in the following table Table 6 2 ARP Detection Parameter Default Setting Global Config ARP D...

Page 685: ...d ARP Statistics Auto Refresh Disabled Refresh Interval 5 seconds Default settings of IPv4 Source Guard are listed in the following table Table 6 3 ARP Detection Parameter Default Setting Global Confi...

Page 686: ...6 IMPB CHAPTERS 1 IPv6 IMPB 2 IPv6 MAC Binding Configuration 3 ND Detection Configuration 4 IPv6 Source Guard Configuration 5 Configuration Examples 6 Appendix Default Parameters Downloaded from Manua...

Page 687: ...the ND attacks The application topology of ND Detection is as the following figure shows The port that is connected to the gateway should be configured as trusted port and other ports should be config...

Page 688: ...usted Port Switch Untrusted Port Untrusted Port Attacker User A Gateway Internet IPv6 Source Guard IPv6 Source Guard is used to filter the IPv6 packets based on the IPv6 MAC Binding table Only the pac...

Page 689: ...Binding Table 2 1 Using the GUI 2 1 1 Binding Entries Manually You can manually bind the IPv6 address MAC address VLAN ID and the Port number together on the condition that you have got the detailed i...

Page 690: ...ture IPv6 Source Guard This entry will be applied to the IPv6 Source Guard feature Both This entry will be applied to both of the features 3 Enter or select the port that is connected to this host 4 C...

Page 691: ...a ND Snooping 1 In the ND Snooping section enable ND Snooping and click Apply 2 In the VLAN Config section select one or more VLANs and enable ND Snooping Click Apply VLAN ID Displays the VLAN ID Stat...

Page 692: ...to SECURITY IPv6 IMPB IPv6 MAC Binding Binding Table to view or edit the entries 2 1 3 Binding Entries via DHCPv6 Snooping With DHCPv6 Snooping enabled the switch can monitor the IP address obtaining...

Page 693: ...snooping Click Apply Port Displays the port number Maximum Entries Configure the maximum number of binding entries a port can learn via DHCPv6 snooping LAG Displays the LAG that the port is in 4 The...

Page 694: ...ys the port number Protect Type Select the protect type for the entry The entry will be applied to to the specific feature The following options are provided None This entry will not be applied to any...

Page 695: ...entry will not be applied to any feature nd detection indicates this entry will be applied to ND Detection ipv6 verify source indicates this entry will be applied to IP Source Guard both indicates th...

Page 696: ...aximum number of ND binding entries a port can learn via ND snooping value Enter the maximum number of ND binding entries a port can learn via ND snooping The valid values are from 0 to 1024 and the d...

Page 697: ...figuration mode Step 2 ipv6 dhcp snooping Globally enable DHCPv6 Snooping Step 3 ipv6 dhcp snooping vlan vlan range Enable DHCPv6 Snooping on the specified VLAN vlan range Enter the vlan range in the...

Page 698: ...g interface gigabitEthernet 1 0 1 Switch config if ipv6 dhcp snooping max entries 100 Switch config if show ipv6 dhcp snooping Global Status Enable VLAN ID 5 Switch config if show ipv6 dhcp snooping i...

Page 699: ...and filter out the illegal ND packets Before configuring ND Detection complete IPv6 MAC Binding configuration For details refer to IPv6 MAC Binding Configuration 3 1 2 Enabling ND Detection Choose th...

Page 700: ...ese steps to configure ND Detection on ports 1 Select one or more ports and configure the parameters Port Displays the port number Trust Status Enable or disable this port to be a trusted port On a tr...

Page 701: ...number of forwarded ND packets in this VLAN Dropped Displays the number of dropped ND packets in this VLAN 3 2 Using the CLI 3 2 1 Adding IPv6 MAC Binding Entries The ND Detection feature allows the s...

Page 702: ...6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration file The following example shows how to enable ND Detection globally and on VLAN 1...

Page 703: ...ction configuration of the port Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to confi...

Page 704: ...MAC Binding Table and filter out the illegal ND packets Before configuring ND Detection complete IPv6 MAC Binding configuration For details refer to IPv6 MAC Binding Configuration 4 1 2 Configuring I...

Page 705: ...ets based on the binding entries in the IPv6 MAC Binding Table and filter out the illegal ND packets Before configuring ND Detection complete IPv6 MAC Binding configuration For details refer to IPv6 M...

Page 706: ...ode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to enable IPv6 Source Guard on port 1 0 1 Switch configure Switch config inter...

Page 707: ...strator wants to configure Switch A to prevent ND attacks from the LAN Figure 5 1 Network Topology LAN WAN Fa1 0 3 Fa1 0 1 Fa1 0 2 Router User 2 88 A9 D4 54 FD C3 2001 6 User 1 74 D3 45 32 B6 8D 2001...

Page 708: ...the menu SECURITY IPv6 IMBP IPv6 MAC Binding Manual Binding and click to load the following page Enter the host name IPv6 address MAC address and VLAN ID of User 1 select the protect type as ND Detect...

Page 709: ...Detection and click Apply Select VLAN 1 change Status as Enabled and click Apply Figure 5 4 Enable ND Detection 4 Choose the menu SECURITY IPv6 IMBP ND Detection Port Config to load the following page...

Page 710: ...config ip source binding User1 2001 6 88 a9 d4 54 fd c3 vlan 1 interface fastEthernet 1 0 2 nd detection 2 Enable ND Detection globally and on VLAN 1 Switch_A config ipv6 nd detection vlan 1 3 Config...

Page 711: ...Verify the ND Detection configuration on VLAN Switch_A show ipv6 nd detection vlan VID Enable status Log Status 1 Enable Disable Verify the ND Detection configuration on ports Switch_A show ipv6 nd de...

Page 712: ...view of configuration on the switch is as follows 1 Bind the MAC address IPv6 address connected port number and VLAN ID of the legal host with IPv6 MAC Binding 2 Enable IPv6 Source Guard on ports 1 0...

Page 713: ...ual Binding 2 Choose the menu SECURITY IPv6 IMPB IPv6 Source Guard to load the following page Select ports 1 0 1 3 configure the Security Type as SIPv6 MAC and click Apply Figure 5 8 IPv6 Source Guard...

Page 714: ...source Switch config interface range fastEthernet 1 0 1 3 Switch config if range ipv6 verify source sipv6 mac Switch config if range end Switch copy running config startup config Verify the Configurat...

Page 715: ...g DHCPv6 Snooping Disabled VLAN Config Status Disabled Port Config Maximum Entry 512 Default settings of ND Detection are listed in the following table Table 6 2 ND Detection Parameter Default Setting...

Page 716: ...MPB Appendix Default Parameters Default settings of IPv6 Source Guard are listed in the following table Table 6 3 ND Detection Parameter Default Setting Port Config Security Type Disabled Downloaded f...

Page 717: ...Configuring DHCP Filter CHAPTERS 1 DHCP Filter 2 DHCPv4 Filter Configuration 3 DHCPv6 Filter Configuration 4 Configuration Examples 5 Appendix Default Parameters Downloaded from ManualsNet com search...

Page 718: ...es that users get IP addresses only from the legal DHCP server and enhances the network security As the following figure shows there are both legal and illegal DHCP servers on the network You can conf...

Page 719: ...guring DHCP Filter DHCP Filter DHCPv4 Filter DHCPv4 Filter is used for DHCPv4 servers and IPv4 clients DHCPv6 Filter DHCPv6 Filter is used for DHCPv6 servers and IPv6 clients Downloaded from ManualsNe...

Page 720: ...he GUI 2 1 1 Configuring the Basic DHCPv4 Filter Parameters Choose the menu SECURITY DHCP Filter DHCPv4 Filter Basic Config to load the following page Figure 2 1 DHCPv4 Filter Basic Config Follow thes...

Page 721: ...number of DHCPv4 packets that can be forwarded on the port per second The excessive DHCPv4 packets will be discarded Decline Protect Select to enable the decline protect feature and specify the maxim...

Page 722: ...tEthernet port range ten gigabitEthernet port list interface port channel port channel id interface range port channel port channel id list Enter interface configuration mode Step 4 ip dhcp filter Ena...

Page 723: ...eturn to privileged EXEC mode Step 11 copy running config startup config Save the settings in the configuration file Note The member port of an LAG Link Aggregation Group follows the configuration of...

Page 724: ...MAC address of the DHCP Client The value all means all client mac addresses port list port channel id Specify the port that the legal DHCPv4 server is connected to Step 3 show ip dhcp filter server pe...

Page 725: ...User Guide 702 Configuring DHCP Filter DHCPv4 Filter Configuration Switch config end Switch copy running config startup config Downloaded from ManualsNet com search engine...

Page 726: ...nfiguring the Basic DHCPv6 Filter Parameters Choose the menu SECURITY DHCP Filter DHCPv6 Filter Basic Config to load the following page Figure 3 1 DHCPv6 Filter Basic Config Follow these steps to comp...

Page 727: ...be discarded LAG Displays the LAG that the port is in 3 Click Apply Note The member port of an LAG Link Aggregation Group follows the configuration of the LAG and not its own The configurations of th...

Page 728: ...sive DHCP packets will be discarded value Specify the limit rate value The following options are provided 0 5 10 15 20 25 and 30 packets second The default value is 0 which indicates disabling limit r...

Page 729: ...hcp filter Global Status Enable Switch config if show ip dhcp filter interface gigabitEthernet 1 0 1 Interface state Limit Rate Dec rate LAG Gi1 0 1 Enable 10 20 N A Switch config if end Switch copy r...

Page 730: ...to create an entry for the legal DHCPv6 server whose IPv6 address is 2001 54 and connected port number is 1 0 1 Switch configure Switch config ipv6 dhcp filter server permit entry server ip 2001 54 in...

Page 731: ...re 4 1 Network Topology Fa1 0 1 DHCPv4 Client DHCPv4 Client Illegal DHCPv4 Server DHCPv4 Client Switch A Legal DHCPv4 Server 192 168 0 200 4 1 2 Configuration Scheme To meet the requirements you can c...

Page 732: ...e Enable DHCPv4 Filter globally and click Apply Select all ports change Status as Enable and click Apply Figure 4 2 Basic Config 2 Choose the menu SECURITY DHCP Filter DHCPv4 Filter Legal DHCPv4 Serve...

Page 733: ...if range ip dhcp filter Switch_A config interface range gigabitEthernet 1 0 25 28 Switch_A config if range ip dhcp filter Switch_A config if range exit 2 Create an entry for the legal DHCPv4 server S...

Page 734: ...A Fa1 0 4 Enable Disable Disable Disable N A Verify the legal DHCPv4 server configuration Switch_A show ip dhcp filter server permit entry Server IP Client MAC Interface 192 168 0 200 all Fa1 0 1 4 2...

Page 735: ...server The overview of configuration is as follows 1 Enable DHCPv6 Filter globally and on all ports 2 Create an entry for the legal DHCPv6 server Demonstrated with T1500 28PCT the following sections p...

Page 736: ...SECURITY DHCP Filter DHCPv6 Filter Legal DHCPv6 Servers and click to load the following page Specify the IP address and connected port number of the legal DHCPv6 server Click Create Figure 4 3 Create...

Page 737: ...ver Switch_A config ipv6 dhcp filter server permit entry server ip 2001 54 interface fastEthernet 1 0 1 Switch_A config end Switch_A copy running config startup config Verify the Configuration Verify...

Page 738: ...User Guide 715 Configuring DHCP Filter Configuration Examples Switch_A show ipv6 dhcp filter server permit entry Server IP Interface 2001 54 Fa1 0 1 Downloaded from ManualsNet com search engine...

Page 739: ...DHCPv4 Filter Parameter Default Setting Global Config DHCPv4 Filter Disabled Port Config Status Disabled MAC Verify Disabled Rate Limit Disabled Decline Protect Disabled Table 5 2 DHCPv6 Filter Parame...

Page 740: ...Part 23 Configuring DoS Defend CHAPTERS 1 Overview 2 DoS Defend Configuration 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 741: ...abnormal service or breakdown of the network With DoS Defend feature the switch can analyze the specific fields of the IP packets distinguish the malicious DoS attack packets and discard them directl...

Page 742: ...k The attacker sends a specific fake SYN synchronous packet to the destination host Because both of the source IP address and the destination IP address of the SYN packet are set to be the IP address...

Page 743: ...nding SYN ACK packets If the attacker sends overflowing fake request packets the network resource will be occupied maliciously and the requests of the legal clients will be denied WinNuke Attack Becau...

Page 744: ...f the attacked host is reduced because the Host circularly attempts to build a connection with the attacker ping flood The attacker floods the destination system with Ping packets creating a broadcast...

Page 745: ...onfig ip dos prevent Switch config ip dos prevent type land Switch config show ip dos prevent DoS Prevention State Enabled Type Status Land Attack Enabled Scan SYNFIN Disabled Xmascan Disabled NULL Sc...

Page 746: ...ppendix Default Parameters 3Appendix Default Parameters Default settings of Network Security are listed in the following tables Table 3 1 DoS Defend Parameter Default Setting DoS Defend Disabled Downl...

Page 747: ...Part 24 Monitoring the System CHAPTERS 1 Overview 2 Monitoring the CPU 3 Monitoring the Memory Downloaded from ManualsNet com search engine...

Page 748: ...ory utilization of the switch The CPU utilization should be always under 80 and excessive use may result in switch malfunctions For example the switch fails to respond to management requests ICMP ping...

Page 749: ...the CPU Click Monitor to enable the switch to monitor and display its CPU utilization rate every five seconds 2 2 Using the CLI On privileged EXEC mode or any other configuration mode you can use the...

Page 750: ...toring the CPU User Guide 727 The following example shows how to monitor the CPU Switch show cpu utilization Unit CPU Utilization No Five Seconds One Minute Five Minutes 1 13 13 13 Downloaded from Man...

Page 751: ...o enable the switch to monitor and display its memory utilization rate every five seconds 3 2 Using the CLI On privileged EXEC mode or any other configuration mode you can use the following command to...

Page 752: ...Monitoring the System Monitoring the Memory User Guide 729 Unit Current Memory Utilization 1 74 Downloaded from ManualsNet com search engine...

Page 753: ...Part 25 Monitoring Traffic CHAPTERS 1 Traffic Monitor 2 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 754: ...summary of each port 1 To get the real time traffic summary enable Auto Refresh or click Refresh Auto Refresh With this option enabled the switch will automatically refresh the traffic summary Refres...

Page 755: ...Octets Rx Displays the number of octets received on the port Error octets are counted Octets Tx Displays the number of octets transmitted on the port Error octets are counted To view a port s traffic...

Page 756: ...s than 64 bytes long 64 Octets Packets Displays the number of the received packets including error packets that are 64 bytes long 65 to 127 Octects Packets Displays the number of the received packets...

Page 757: ...ed on the port Error frames are not counted Unicast Displays the number of valid unicast packets transmitted on the port Error frames are not counted Pkts Displays the number of packets transmitted on...

Page 758: ...rror frames are not counted Rx Alignment Displays the number of the received packets that have a Frame Check Sequence FCS with a non integral octet Alignment Error The size of the packet is between 64...

Page 759: ...c Appendix Default Parameters 2Appendix Default Parameters Table 2 1 Traffic Statistics Monitoring Parameter Default Setting Traffic Summary Auto Refresh Disabled Refresh Rate 10 seconds Downloaded fr...

Page 760: ...Part 26 Mirroring Traffic CHAPTERS 1 Mirroring 2 Configuration Examples 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 761: ...LAGs or the CPU to a destination port It does not affect the switching of network traffic on source ports LAGs or the CPU 1 1 Using the GUI Choose the menu MAINTENANCE Mirroring to load the following...

Page 762: ...ired ports as the source interfaces The switch will send a copy of traffic passing through the port to the destination port LAGS Select the desired LAGs as the source interfaces The switch will send a...

Page 763: ...ored interfaces session_num The monitor session number It can only be specified as 1 cpu_number The CPU number It can only be specified as 1 port list List of source ports It is multi optional mode Th...

Page 764: ...g monitor session 1 source cpu 1 both Switch config show monitor session Monitor Session 1 Destination Port Gi1 0 10 Source Ports Ingress Gi1 0 1 3 Source Ports Egress Gi1 0 1 3 Source CPU Ingress cpu...

Page 765: ...e Mirroring feature to copy the packets from ports 1 0 2 5 to port 1 0 1 The overview of configuration is as follows 1 Specify ports 1 0 2 5 as the source ports allowing the switch to copy the packets...

Page 766: ...s 1 0 2 5 as the source ports and enable Ingress and Egress to allow the received and sent packets to be copied to the destination port Then click Apply Figure 2 4 Source Port Configuration 4 Click to...

Page 767: ...ic Configuration Examples Verify the Configuration Switch show monitor session 1 Monitor Session 1 Destination Port Fa1 0 1 Source Ports Ingress Fa1 0 2 5 Source Ports Egress Fa1 0 2 5 Downloaded from...

Page 768: ...User Guide 745 3Appendix Default Parameters Default settings of Switching are listed in th following tables Table 3 1 Configurations for Ports Parameter Default Setting Ingress Disabled Egress Disable...

Page 769: ...Part 27 Configuring DLDP CHAPTERS 1 Overview 2 DLDP Configuration 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 770: ...link exists A unidirectional link occurs whenever traffic sent by a local device is received by its peer device but traffic from the peer device is not received by the local device Unidirectional lin...

Page 771: ...le port of another switch To detect unidirectional links make sure DLDP is enabled on both sides of the links 2 1 Using the GUI Choose the menu MAINTENANCE DLDP to load the following page Figure 2 1 C...

Page 772: ...ne or more ports enable DLDP and click Apply Then you can view the relevant DLDP information in the table DLDP Enable or disable DLDP on the port Protocol State Displays the DLDP protocol state Initia...

Page 773: ...manual The switch displays an alert when a unidirectional link is detected Then the users can manually shut down the unidirectional link ports Step 4 interface fastEthernet port range fastEthernet por...

Page 774: ...py running config startup config The following example shows how to enable DLDP on port 1 0 1 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if dldp Switch config if show...

Page 775: ...of DLDP are listed in the following table Table 3 1 Default Settings of DLDP Parameter Default Setting Global Config DLDP State Disabled Advertisement Interval 5 seconds Shut Mode Auto Auto Refresh D...

Page 776: ...guring SNMP RMON CHAPTERS 1 SNMP 2 SNMP Configurations 3 Notification Configurations 4 RMON 5 RMON Configurations 6 Configuration Example 7 Appendix Default Parameters Downloaded from ManualsNet com s...

Page 777: ...NMP Agent Get or set MIB objects values Respond or send notifications SNMP Manager Host Running NMS Application Managed Device MIB 1 2 Basic Concepts The following basic concepts of SNMP will be intro...

Page 778: ...fine private branches that include managed objects for their own products Figure 1 2 MIB Tree root iso 1 iso itu t 2 enterprise 1 tplink 11863 itu t 0 standard 0 dod 6 internet 1 directory 1 security...

Page 779: ...engine ID to uniquely identify the SNMP entity within that administrative domain Notification Types Notifications are messages that the switch sends to the NMS host when important events occur Notific...

Page 780: ...MPv1 SNMPv1 is applicable to small scale networks with simple networking good stability and low security requirements such as campus networks and small enterprise networks SNMPv2c SNMPv2c is applicabl...

Page 781: ...v3 1 Enable SNMP 2 Create an SNMP view for managed objects 3 Create an SNMP group and specify the security level and accessible view 4 Create SNMP users and configure the authentication mode privacy m...

Page 782: ...vice that receives Inform messages from the switch 2 Click Apply Note In SNMPv3 changing the value of the SNMP engine ID has important side effects A user s password is converted to an MD5 or SHA secu...

Page 783: ...function of the device When a MIB Object ID is specified all its child Object IDs are specified For specific ID rules refer to the device related MIBs 2 Click Create 2 1 3 Creating SNMP Communities Fo...

Page 784: ...vel and the read view write view and notify view Group Name Set the SNMP group name using 1 to 16 characters The identifier of a group consists of a group name security model and security level Groups...

Page 785: ...group which the user belongs to Then configure the security level User Name Set the SNMP user name using 1 to 16 characters For different entries user names cannot be the same User Type Choose a user...

Page 786: ...need to set corresponding Authentication Mode or Privacy Mode If not skip this step Authentication Mode With AuthNoPriv or AuthPriv selected configure the authentication mode and password for authenti...

Page 787: ...mote device that receives inform messages from switch Note In SNMPv3 changing the value of the SNMP engine ID has important side effects A user s password is converted to an MD5 or SHA security digest...

Page 788: ...Maximum packet size 1500 0 No such name errors 0 Bad value errors 0 General errors 0 Response PDUs 0 Trap PDUs Switch config show snmp server engineID Local engine ID 80002e5703000aeb13a23d Remote en...

Page 789: ...ot be managed by the NMS Step 3 show snmp server view Displays the view table Step 4 end Return to Privileged EXEC Mode Step 5 copy running config startup config Save the settings in the configuration...

Page 790: ...end Return to Privileged EXEC Mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to set an SNMP community Name the community as...

Page 791: ...gorithm and a privacy algorithm are applied to check and encrypt packets read view Set the view to be the Read view Then the NMS can view parameters of the specified view write view Set the view to be...

Page 792: ...vel as noAuthNoPriv For this level no authentication algorithm but a user name match is applied to check packets and no privacy algorithm is applied to encrypt them To create a user with the security...

Page 793: ...ngs are asTable 2 1 Table 2 1 Security Settings for the User Parameter Value Security Level v3 Authentication Mode SHA Authentication Password 1234 Privacy Mode DES Privacy Password 5678 Switch config...

Page 794: ...ps Configuration Guidelines To guarantee the communication between the switch and the NMS ensure the switch and the NMS can reach one another 3 1 Using the GUI 3 1 1 Configuring the Information of NMS...

Page 795: ...ersion If you choose the Inform type you need to set retry times and timeout interval Type Choose a notification type for the NMS host For SNMPv1 the supported type is Trap For SNMPv2c and SNMPv3 you...

Page 796: ...h running SNMP the trap can be triggered if you disable and then enable SNMP without changing any parameters Link Status Enable or disable Link Status Trap globally The trap includes the following two...

Page 797: ...et LLDP The trap includes the following sub traps LLDP RemTablesChange Indicates that the switch senses an LLDP topology change The trap can be triggered when adding or removing a remote device and wh...

Page 798: ...shutdown Triggered when the PSE chip overheats The switch will stop supplying power in this case IP MAC Binding Triggered in the following two situations the ARP Inspection feature is enabled and the...

Page 799: ...ype for the NMS host For SNMPv1 the supported type is Trap For SNMPv2c and SNMPv3 you can configure the type as Trap or Inform Trap The switch will send Trap messages to the NMS host when certain even...

Page 800: ...t 100 Switch config show snmp server host No Des IP UDP Name SecMode SecLev Type Retry Timeout 1 172 16 1 222 162 admin v3 authPriv inform 3 100 Switch config end Switch copy running config startup co...

Page 801: ...and on all ports which means that the traps will be triggered when a device is connected to or disconnected from any port of the switch If you do not want to receive notification messages about some...

Page 802: ...a endpoints The trap can be triggered when adding or removing a media endpoint that supports LLDP such as an IP Phone An LLDP Remtableschange trap will be also triggered every time LLDP Topologychange...

Page 803: ...configure Switch config snmp server traps vlan Switch config end Switch copy running config startup config Enabling the SNMP Security Traps Globally Step 1 configure Enter Global Configuration Mode S...

Page 804: ...k the matched ACL information every five minutes and send SNMP traps if there is any updated information Step 3 end Return to Privileged EXEC Mode Step 4 copy running config startup config Save the se...

Page 805: ...are disabled over max pwr budget Triggered when the total power required by the connected PDs exceeds the maximum power the PoE switch can supply port pwr change Triggered when the total power requir...

Page 806: ...umbers separated by commas or use a hyphen to indicates a range of port numbers For example 1 3 5 indicates port 1 2 3 5 Step 3 snmp server traps link status Enable Link Status Trap for the port By de...

Page 807: ...MP protocol the NMS collects network data by communicating with Agents However the NMS cannot obtain every datum of RMON MIB because the device resources are limited Generally the NMS can only get inf...

Page 808: ...Choose the menu MAINTENANCE SNMP RMON Statistics and click to load the following page Figure 5 1 Creating a Statistics Entry Follow these steps to configure the Statistics group 1 Specify the entry in...

Page 809: ...a History entry and specify a port to be monitored Index Displays the index of History entries The switch supports up to 12 History entries Port Specify a port to be monitored 2 Set the sample interva...

Page 810: ...menu MAINTENANCE SNMP RMON Event to load the following page Figure 5 3 Configuring the Event Entry Follow these steps to configure the Event group 1 Choose an Event entry and specify an SNMP User for...

Page 811: ...3 Enter the owner name and set the status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters Status Enable or disable the entry Enable The entry is enabled Disabl...

Page 812: ...18 Total number of packets of the specified size Statistics Associate the Alarm entry with a Statistics entry Then the switch monitors the specified variable of the Statistics entry 2 Set the sample t...

Page 813: ...m is triggered only when the sampling value or the difference value exceeds the rising threshold Falling The alarm is triggered only when the sampling value or the difference value is below the fallin...

Page 814: ...or a Statistics entry since the entry status is configured as valid Step 3 show rmon statistics index Displays the statistics entries and their configurations index Enter the index of statistics entry...

Page 815: ...tory entry When the number of records exceeds the limit the earliest record will be overwritten The values are from 10 to 130 the default is 50 Step 3 show rmon history index Displays the specified Hi...

Page 816: ...tify log notify Specify the action type of the event then the switch will take the specified action to deal with the event By default the type is none None indicates the switch takes no action log ind...

Page 817: ...ich ranges from 1 to 12 To configure multiple indexes enter a list of indexes separated by commas or use a hyphen to indicates a range of indexes For example 1 3 5 indicates 1 2 3 5 sindex Specify the...

Page 818: ...ifference value exceeds the rising threshold Fall indicates that the alarm is triggered only when the sampling value or difference value is below the falling threshold All indicates that the alarm is...

Page 819: ...old 2000 falling event index 2 a type all interval 10 owner monitor Switch config show rmon alarm Index State 1 Enabled Statistics index 1 Alarm variable BPkt Sample Type Absolute RHold REvent 3000 1...

Page 820: ...ch A and regularly collect and save data for follow up checks Specifically Switch A should notify the NMS when the number of packets transmitted and received on the ports during the sample interval ex...

Page 821: ...3 Create an Alarm entry to monitor RecPackets Received Packets Configure the rising and falling thresholds Configure the rising event as the Notify event entry and the falling event as the Log event...

Page 822: ...View Click Create Figure 6 4 Configuring an SNMP Group 4 Choose MAINTENANCE SNMP SNMP v3 SNMP User and click to load the following page Create a user named admin for the NMS set the user type as Remot...

Page 823: ...s of the NMS host and the port of the host for transmitting notifications Specify the User as admin and choose the type as Inform Set the retry times as 3 with the timeout period as 100 seconds Click...

Page 824: ...pectively Set the owner of the entries as monitor and the status as Valid Figure 6 8 Configuring Statistics Entry 1 Figure 6 9 Configuring Statistics Entry 2 2 Choose the menu MAINTENANCE SNMP RMON Hi...

Page 825: ...ntries 4 Choose MAINTENANCE SNMP RMON Alarm to load the following page Configure entries 1 and 2 For entry 1 set the alarm variable as RecPackets related statistics entry ID as 1 bound to port 1 0 1 t...

Page 826: ...lude 3 Create a group of SNMPv3 with the name of nms monitor Enable Auth Mode and Privacy Mode and set both the Read and Notify views as View Switch_A config snmp server group nms monitor smode v3 sle...

Page 827: ...ner monitor buckets 50 3 Create Event entries 1 and 2 for the SNMP user admin Set entry 1 as the Notify type and its description as rising_notify Set entry 2 as the Log type and its description as fal...

Page 828: ...kets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get requ...

Page 829: ...o Name Sec Mode Sec Lev Read View Write View Notify View 1 nms monitor v3 authPriv View View Verify SNMP user configurations Switch_A config show snmp server user No U Name U Type G Name S Mode S Lev...

Page 830: ...Enable Verify RMON event configurations Switch_A config show rmon event Index User Description Type Owner State 1 admin rising_notify Notify monitor Enable 2 admin falling_log Log monitor Enable Veri...

Page 831: ...ion Example Index State 2 Enabled Statistics index 2 Alarm variable RevPkt Sample Type Absolute RHold REvent 3000 1 FHold FEvent 2000 2 Alarm startup All Interval 10 Owner monitor Downloaded from Manu...

Page 832: ...t ID viewDefault Include 1 viewDefault Exclude 1 3 6 1 6 3 15 viewDefault Exclude 1 3 6 1 6 3 16 viewDefault Exclude 1 3 6 1 6 3 18 Table 7 3 Default SNMP v1 v2c Settings Parameter Default Setting Com...

Page 833: ...Mode DES when Security Level is configured as AuthPriv Privacy Password None Default settings of Notification are listed in the following table Table 7 5 Default Notification Settings Parameter Defaul...

Page 834: ...seconds Max Buckets 50 Owner monitor Status Disabled Table 7 8 Default Settings for Event Entries Parameter Default Setting User public Description None Type None Owner monitor Status Disabled Table...

Page 835: ...User Guide 812 Appendix Default Parameters Parameter Default Setting Interval 1800 seconds Owner monitor Status Disabled Downloaded from ManualsNet com search engine...

Page 836: ...Part 29 Diagnosing the Device Network CHAPTERS 1 Diagnosing the Device 2 Diagnosing the Network 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 837: ...onnection status cable length and fault location 1 1 Using the GUI Choose the menu MAINTENANCE Device Diagnostics to load the following page Figure 1 1 Diagnosing the Cable Follow these steps to diagn...

Page 838: ...on status of the cable that is connected to the switch show cable diagnostics interface fastEthernet port gigabitEthernet port ten gigabitEthernet port View the cable diagnostics of the connected Ethe...

Page 839: ...s from the switch to the destination With Network Diagnostics you can Troubleshoot with Ping testing Troubleshoot with Tracert testing 2 1 Using the GUI 2 1 1 Troubleshooting with Ping Testing You can...

Page 840: ...request packets are sent It is recommended to keep the default value of 1000 milliseconds 2 In the Ping Result section check the test results 2 1 2 Troubleshooting with Tracert Testing You can use th...

Page 841: ...e values are from 1 to 10 times the default is 4 times size Specify the size of the sending data for ping testing The values are from 1 to 1500 bytes the default is 64 bytes interval Specify the inter...

Page 842: ...ert test should be IPv6 ip_addr Enter the IP address of the destination device If the parameter ip ipv6 is not selected both IPv4 and IPv6 addresses are supported such as 192 168 0 100 or fe80 1234 ma...

Page 843: ...sted in the following tables Table 3 1 Default Settings of Ping Config Parameter Default Setting Destination IP 192 168 0 1 Ping Times 4 Data Size 64 bytes Interval 1000 milliseconds Table 3 2 Default...

Page 844: ...Part 30 Configuring System Logs CHAPTERS 1 Overview 2 System Logs Configurations 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Page 845: ...saved in various destinations such as the log buffer log file or remote log servers depending on your configuration Logs saved in the log buffer and log file are called local logs and logs saved in re...

Page 846: ...y of the switch Alerts 1 Actions must be taken immediately The memory utilization reaches the limit Critical 2 Cause analysis or actions must be taken immediately The memory utilization reaches the wa...

Page 847: ...og file will not be lost after the switch is restarted and can be exported on the MAINTENANCE Logs Back Up Logs page Severity Specify the severity level of the log messages that are saved to the selec...

Page 848: ...server UDP Port Displays the UDP port used by the server to receive the log messages The switch uses standard port 514 to send log messages Severity Specify the severity level of the log messages sent...

Page 849: ...e time the log event occurred To get the exact time when the log event occurs you need to configure the system time on the SYSTEM System Info System Time Web management page Module Select a module fro...

Page 850: ...n in the log file will not be lost after the switch is restarted You can view the logs with show logging flash command Step 5 logging file flash frequency periodic periodic immediate Specify the frequ...

Page 851: ...ng local config Channel Level Status Sync Periodic Buffer 5 enable Immediately Flash 2 enable 10 hour s Console 5 enable Immediately Monitor 5 enable Immediately Switch config end Switch copy running...

Page 852: ...els 0 to 6 will be sent to the log server Step 3 show logging loghost index View the configuration information of the log server index Enter the index of the log server to view the corresponding confi...

Page 853: ...sure the switch and the PC are reachable to each other configure a log server that complies with the syslog standard on the PC and set the PC as the log server Demonstrated with T1500 28PCT this chapt...

Page 854: ...figure Switch config logging host index 1 1 1 0 1 5 Switch config end Switch copy running config startup config Verify the Configurations Switch show logging loghost Index Host IP Severity Status 1 1...

Page 855: ...Logs Parameter Default Setting Status of Log Buffer Enabled Severity of Log Buffer Level_6 Sync Periodic of Log Buffer Immediately Status of Log File Disabled Severity of Log File Level_3 Sync Periodi...

Page 856: ...d in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interferenc...

Page 857: ...which case the user will be required to correct the interference at his own expense This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This devi...

Page 858: ...peration is subject to the following two conditions 1 This device may not cause interference 2 This device must accept any interference including interference that may cause undesired operation of the...

Page 859: ...disassemble repair or modify the device Place the device with its bottom surface downward Please read and follow the above safety information when operating the device We cannot guarantee that no acci...

Page 860: ...symbol for Waste electrical and electronic equipment WEEE This means that this product must be handled pursuant to European directive 2012 19 EU in order to be recycled or dismantled to minimize its i...

Page 861: ...stered trademarks of their respective holders No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation transformation or adaptatio...

Search results

Summary of Contents for JetStream T1500-28PCT

Reviews:

Related manuals for JetStream T1500-28PCT

Brands by name

Popular brands

TP-Link JetStream T1500-28PCT, User Manual

Search results

Summary of Contents for JetStream T1500-28PCT

Reviews:

Related manuals for JetStream T1500-28PCT

Brands by name

Popular brands