manualshive.com logo in svg

TP-Link JetStream TL-SG3216, User Manual

Looking for a reliable network switch? The TP-Link JetStream TL-SG3216 is a top-notch option. Ensure smooth operation with the user manual available for free download at manualshive.com. This manual provides detailed instructions on setup, configuration, and troubleshooting, making it easy to optimize your network performance.

Share
Download
background image

 

 

Figure 11-15 ARP Statistics 

The following entries are displayed on this screen: 

¾

 

Auto Refresh 

Auto Refresh: 

Enable/Disable the Auto Refresh feature. 

Refresh Interval: 

Specify the refresh interval to display the ARP Statistics. 

¾

 

Illegal ARP Packet 

Port: 

Displays the port number.   

Trusted Port: 

Indicates the port is an ARP Trusted Port or not.   

Illegal ARP Packet: 

Displays the number of the received illegal ARP packets. 

11.3 DoS Defend 

DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network 
attackers or the evil programs sending a lot of service requests to the Host, which incurs an 
abnormal service or even breakdown of the network.   

With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets and 
distinguish the malicious DoS attack packets. Upon detecting the packets, the switch will discard 
the illegal packets directly and limit the transmission rate of the legal packets if the over legal 
packets may incur a breakdown of the network. The switch can defend a few types of DoS attack 
listed in the following table.   

153

 

Summary of Contents for JetStream TL-SG3216

Page 1: ...TL SG3216 TL SG3424 JetStream L2 Lite Managed Switch Rev 1 0 2 1910010512...

Page 2: ...led and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference...

Page 3: ...Login 9 3 2 Configuration 9 Chapter 4 System 11 4 1 System Info 11 4 1 1 System Summary 11 4 1 2 Device Description 13 4 1 3 System Time 13 4 1 4 System IP 15 4 2 User Manage 16 4 2 1 User Table 16 4...

Page 4: ...Q VLAN 49 6 1 1 VLAN Config 51 6 1 2 Port Config 53 6 2 MAC VLAN 55 6 3 Protocol VLAN 56 6 3 1 Protocol Group Table 59 6 3 2 Protocol Group 59 6 3 3 Protocol Template 60 6 4 Application Example for 80...

Page 5: ...nge 103 8 3 2 Port Filter 104 8 4 Packet Statistics 105 Chapter 9 QoS 107 9 1 DiffServ 110 9 1 1 Port Priority 110 9 1 2 Schedule Mode 111 9 1 3 802 1P Priority 112 9 1 4 DSCP Priority 112 9 2 Bandwid...

Page 6: ...MAC Binding 136 11 1 1 Binding Table 136 11 1 2 Manual Binding 137 11 1 3 ARP Scanning 139 11 1 4 DHCP Snooping 140 11 2 ARP Inspection 146 11 2 1 ARP Detect 150 11 2 2 ARP Defend 151 11 2 3 ARP Stat...

Page 7: ...ample for Cluster Function 192 Chapter 14 Maintenance 195 14 1 System Monitor 195 14 1 1 CPU Monitor 195 14 1 2 Memory Monitor 196 14 2 Log 197 14 2 1 Log Table 198 14 2 2 Local Log 198 14 2 3 Remote...

Page 8: ...ne console cable Two mounting brackets and other fittings Installation Guide Resource CD for TL SG3216 TL SG3424 Switch including This User Guide Other Helpful Information Note Make sure that the pack...

Page 9: ...SG3424 just differ in the number of LED indicators and ports and all figures in this guide are of TL SG3216 Menu Name Submenu Name Tab page indicates the menu structure System System Info System Summa...

Page 10: ...changing the 802 1Q VLAN configuration z Protocol VLAN Create VLANs in application layer to make some special data transmitted in the specified VLAN z GVRP GVRP allows the switch to automatically add...

Page 11: ...ule is used to configure the multiple protection measures for the network security Here mainly introduces z IP MAC Binding Bind the IP address MAC address VLAN ID and the connected Port number of the...

Page 12: ...e connected device are available z Network Diagnose Test if the destination is reachable and the account of router hops from the switch to the destination Appendix A Specifications Lists the hardware...

Page 13: ...ilability Link aggregation LACP increases aggregated bandwidth optimizing the transport of business critical data IEEE 802 1s Multiple Spanning Tree provides high link availability in multiple VLAN en...

Page 14: ...ex mode on Switching Port Port Config page For 100M module please select 100MFD while select 1000MFD for gigabit module By default the Speed and Duplex mode of SFP port is 1000MFD Console Port Designe...

Page 15: ...gure 2 2 Rear Panel Grounding Terminal TL SG3216 TL SG3424 already comes with Lightning Protection Mechanism You can also ground the Switch through the PE Protecting Earth cable of AC cord or with Gro...

Page 16: ...IP address is 192 168 0 x x is any number from 2 to 254 Subnet Mask is 255 255 255 0 For the detailed instructions as to how to do this please refer to Appendix B 2 After a moment a login window will...

Page 17: ...ve before the switch is rebooted If you want to keep the configurations effective even the switch is rebooted please click Saving Config You are suggested to click Saving Config before cutting off the...

Page 18: ...can view the port connection status and the system information The port status diagram shows the working status of 16 10 100 1000Mbps RJ45 ports and 2 SFP ports of the switch The ports labeled as numb...

Page 19: ...type of the port Rate Displays the maximum transmission rate of the port Status Displays the connection status of the port Click a port to display the bandwidth utilization on this port The actual rat...

Page 20: ...ollowing entries are displayed on this screen Device Description Device Name Enter the name of the switch Device Location Enter the location of the switch System Contact Enter your contact information...

Page 21: ...t GMT When this option is selected you can configure the time zone and the IP Address for the NTP Server The switch will get GMT automatically if it has connected to a NTP Server z Time Zone Select yo...

Page 22: ...lowing page Figure 4 6 System IP The following entries are displayed on this screen IP Config MAC Address Displays MAC Address of the switch IP Address Mode Select the mode to obtain IP Address for th...

Page 23: ...to the Web management page with a certain access level so as to protect the settings of the switch from being randomly changed The User Manage function can be implemented on User Table and User Config...

Page 24: ...ssword for users login Confirm Password Retype the password User Table Select Select the desired entry to delete the corresponding user information It is multi optional The current user information ca...

Page 25: ...Restore Restore Config Click the Restore Config button to restore the backup configuration file It will take effect after the switch automatically reboots Note 1 It will take a few minutes to restore...

Page 26: ...he configuration Please wait without any operation 4 3 3 Firmware Upgrade The switch system can be upgraded via the Web management page To upgrade the system is to get more functions and better perfor...

Page 27: ...Reset On this page you can reset the switch to the default All the settings will be cleared after the switch is reset Choose the menu System System Tools System Reset to load the following page Figur...

Page 28: ...ed Select this option to limit the ports for login IP Address Mask These fields can be available for configuration only when IP based mode is selected Only the current host and the users within the IP...

Page 29: ...to the correct users and servers 2 Encrypt the data transmission to prevent the data being intercepted 3 Maintain the integrality of the data to prevent the data being altered in the transmission Adop...

Page 30: ...ured connection using https please enter https into the URL field of the browser 4 It may take more time for https connection than that for http connection because https connection involves authentica...

Page 31: ...ssfully downloaded the certificate authentication will be preferred for SSH access to the switch Choose the menu System Access Seurity SSH Config to load the following page Figure 4 16 SSH Config The...

Page 32: ...d file will result in the SSH access to the switch via Password authentication Application Example 1 for SSH Network Requirements 1 Log on to the switch via password authentication using SSH and the S...

Page 33: ...ient software is recommended Configuration Procedure 1 Select the key type and key length and generate SSH key Note 1 The key length is in the range of 256 to 3072 bits 2 During the key generation ran...

Page 34: ...tch download the public key file saved in the computer to the switch Note 1 The key type should accord with the type of the key file 2 The SSH key downloading can not be interrupted 4 Download the pri...

Page 35: ...on to the interface of PuTTY and enter the IP address for login After successful authentication please enter the login user name If you log on to the switch without entering password it indicates tha...

Page 36: ...the packets on the port will be discarded Disabling the port which is vacant for a long time can reduce the power consumption effectively And you can enable the port when it is in need The parameters...

Page 37: ...Note 1 The switch can not be managed through the disabled port Please enable the port which is used to manage the switch 2 The parameters of the port members in a LAG should be set as the same 3 When...

Page 38: ...group Click Edit to display the following figure Figure 5 3 Mirroring Port The following entries are displayed on this screen Mirror Group Number Select the mirror group number you want to configure...

Page 39: ...tch will broadcast the packets to all the ports At this moment the attacker can obtain the network information via various sniffers and attacks When the MAC Address Table is full the packets traffic w...

Page 40: ...rom the LAG will the Port Security function be available for the port 2 The Port Security function is disabled when the 802 1X function is enabled 5 2 LAG LAG Link Aggregation Group is to combine a nu...

Page 41: ...mplemented on the LAG Table Static LAG and LACP Config configuration pages 5 2 1 LAG Table On this page you can view the information of the current LAG of the switch Choose the menu Switching LAG LAG...

Page 42: ...LAG Click the Detail button for the detailed information of your selected LAG Figure 5 6 Detail Information 5 2 2 Static LAG On this page you can manually configure the LAG The LACP feature is disabl...

Page 43: ...cal link which will highly extend the bandwidth and flexibly balance the load With the LACP feature enabled the port will notify its partner of the aggregation ID consist of System Priority system MAC...

Page 44: ...tional Port Displays the port number Admin Key Specify an Admin Key for the port The member ports in a dynamic aggregation group must have the same Admin Key System Priority Specify a System Priority...

Page 45: ...itoring the traffic of each port is implemented on the Traffic Summary and Traffic Statistics pages 5 3 1 Traffic Summary Traffic Summary screen displays the traffic information of each port which fac...

Page 46: ...Displays the number of octets received on the port The error octets are counted in Octets Tx Displays the number of octets transmitted on the port Statistics Click the Statistics button to view the d...

Page 47: ...error packets that are less than 64 bytes long Pkts64Octets Displays the number of the received packets including error packets that are 64 bytes long Pkts65to127Octets Displays the number of the rece...

Page 48: ...ion is saved Relationship between the bound MAC address and the port Static Address Table Manually configuring No Yes The bound MAC address can not be learned by the other ports in the same VLAN Dynam...

Page 49: ...of your desired entry Type Select the type of your desired entry z All This option allows the address table to display all the address entries z Static This option allows the address table to display...

Page 50: ...MAC address entries can facilitate the switch to reduce broadcast packets and remarkably enhance the efficiency of packets forwarding without learning the address The static MAC address learned by the...

Page 51: ...rrectly Please reset the static address entry appropriately 2 If the MAC address of a device has been added to the Static Address Table connecting the device to another port will cause its address not...

Page 52: ...he Aging Time for the dynamic address Search Option Search Option Select a Search Option from the pull down list and click the Search button to find your desired entry in the Dynamic Address Table MAC...

Page 53: ...g excessive invalid MAC address entries maintained by the switch may fill up the MAC address table This prevents the MAC address table from updating with network changes in time If the aging time is t...

Page 54: ...ber of your desired entry Filtering Address Table Select Select the entry to delete the corresponding filtering address It is multi optional MAC Address Displays the filtering MAC Address VLAN ID Disp...

Page 55: ...packets are limited in a VLAN Hosts in the same VLAN communicate with one another via Ethernet whereas hosts in different VLANs communicate with one another through the Internet devices such as Router...

Page 56: ...ty Priority is a 3 bit field referring to 802 1p priority Refer to section QoS QoS profile for details 3 CFI CFI is a 1 bit field indicating whether the MAC address is encapsulated in the standard for...

Page 57: ...mines the default broadcast domain of the port i e when the port receives UL packets or broadcast packets the port will broadcast the packets in its default VLAN Different packets tagged or untagged w...

Page 58: ...he following entries are displayed on this screen VLAN Table VLAN ID Select Click the Select button to quick select the corresponding entry based on the VLAN ID number you entered Select Select the de...

Page 59: ...ck the Check button to check whether the VLAN ID you entered is valid or not VLAN Members Port Select Click the Select button to quick select the corresponding entry based on the port number you enter...

Page 60: ...VLAN please acquaint yourself with all the devices connected to the switch in order to configure the ports properly Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Figure 6 5 8...

Page 61: ...VLAN Click the Detail button to view the information of the VLAN to which the port belongs Click the Detail button to view the information of the corresponding VLAN Figure 6 6 View the Current VLAN of...

Page 62: ...ches the packet with the current MAC VLAN If the packet is matched the switch will add a corresponding MAC VLAN tag to it If no MAC VLAN is matched the switch will add a tag to the packet according to...

Page 63: ...he device in a MAC VLAN it s required to set its connected port of switch to be a member of this VLAN so as to ensure the normal communication 6 3 Protocol VLAN Protocol VLAN is another way to classif...

Page 64: ...without other fields Currently only IPX protocol supports 802 3 raw encapsulation format The last two bytes of the Length field in 802 3 raw encapsulation is 0xFFFF z 802 2LLC Logic Link Control encap...

Page 65: ...protocol and the protocol templates are for reference Meanwhile some protocol templates has been preset in the switch you can create protocol VLAN according to the corresponding protocol template Enca...

Page 66: ...2 1Q VLAN so as to ensure the packets forwarded normally 6 3 1 Protocol Group Table On this page you can create Protocol VLAN and view the information of the current defined Protocol VLANs Choose the...

Page 67: ...ress port belongs to Protocol Group Member Select your desired port for Protocol VLAN Group 6 3 3 Protocol Template The Protocol Template should be created before configuring the Protocol VLAN By defa...

Page 68: ...page set the link type for the port based on its connected device 2 Create VLAN Required On the VLAN 802 1Q VLAN VLAN Config page click the Create button to create a VLAN Enter the VLAN ID and the des...

Page 69: ...2 1Q VLAN VLAN Config page create a VLAN with its VLANID as 10 owning Port 2 and Port 3 3 Create VLAN20 Required On VLAN 802 1Q VLAN VLAN Config page create a VLAN with its VLANID as 20 owning Port 3...

Page 70: ...Procedure z Configure Switch A Step Operation Description 1 Configure the Link Type of the ports Required On VLAN 802 1Q VLAN Port Config page configure the link type of Port 11 and Port 12 as GENERAL...

Page 71: ...reate MAC VLAN10 with the MAC address as 00 19 56 82 3B 70 z Configure Switch C Step Operation Description 1 Configure the Link Type of the ports Required On VLAN 802 1Q VLAN Port Config page configur...

Page 72: ...n Description 1 Configure the Link Type of the ports Required On VLAN 802 1Q VLAN Port Config page configure the link type of Port 4 and Port 5 as ACCESS and configure the link type of Port 3 as GENER...

Page 73: ...e in order to be registered by the other GARP entities Leave Message When a GARP entity expects other switches to deregister certain attribute information of its own it sends out a Leave message And w...

Page 74: ...mation to other switches so that all the switching devices in the same switched network can have the same VLAN information The VLAN registration information includes not only the static registration i...

Page 75: ...ort Select Click the Select button to quick select the corresponding entry based on the port number you entered Select Select the desired port for configuration It is multi optional Port Displays the...

Page 76: ...e two sending operations of each Join message The Join Timer ranges from 20 to 1000 centiseconds Leave Timer Once the Leave Timer is set the GARP port receiving a Leave message will start its Leave ti...

Page 77: ...e designated bridge The switch with the lowest bridge ID will be chosen as the designated bridge Root Path Cost Indicates the sum of the path cost of the root port and the path cost of all the switche...

Page 78: ...is the new root port and the designated port begins to forward data after twice forward delay which ensures the new configuration BPDUs are spread in the whole network BPDU Comparing Principle in STP...

Page 79: ...ost the switch generates a designated port BPDU for each of its ports z Root ID is replaced with that of the root port z Root path is replaced with the sum of the root path cost of the root port and t...

Page 80: ...o be forwarded along their respective paths so as to provide redundant links with a better load balancing mechanism Features of MSTP z MSTP combines VLANs and spanning tree together via VLAN to instan...

Page 81: ...his status the port can only receive BPDU packets z Disconnected In this status the port is not participating in the STP Port Roles In an MSTP the following roles exist z Root Port Indicates the port...

Page 82: ...n the switch can be implemented on STP Config and STP Summary pages 7 1 1 STP Config Before configuring spanning trees you should make clear the roles each switch plays in each spanning tree instance...

Page 83: ...to 20 to set the maximum number of BPDU packets transmitted per Hello Time interval The default value is 5pps Max Hops Enter a value from 1 to 40 to set the maximum number of hops that occur in a spe...

Page 84: ...value is recommended 7 1 2 STP Summary On this page you can view the related parameters for Spanning Tree function Choose the menu Spanning Tree STP Config STP Summary to load the following page Figur...

Page 85: ...ing the root port The lower value has the higher priority IntPath IntPath Cost is used to choose the path and calculate the path costs of ports in an MST region It is an important criterion on determi...

Page 86: ...edge ports and enable the BPDU protection function as well This not only enables these ports to transit to forwarding state rapidly but also secures your network 2 All the links of ports in a LAG can...

Page 87: ...r MST region identification 7 3 2 Instance Config Instance Configuration a property of MST region is used to describe the VLAN to Instance mapping configuration You can assign VLAN to different instan...

Page 88: ...ID The cleared VLAN ID will be automatically mapped to the CIST VLAN Instance Mapping VLAN ID Enter the desired VLAN ID After modification here the new VLAN ID will be added to the corresponding insta...

Page 89: ...ays the port number of the switch Priority Enter the priority of the port in the instance It is an important criterion on determining if the port connected to this port will be chosen as the root port...

Page 90: ...ny malicious attack against STP features The STP Security function can be implemented on Port Protect and TC Protect pages Port Protect function is to prevent the devices from any malicious attack aga...

Page 91: ...ount number of the received TC BPDUs exceeds the maximum number you set in the TC threshold field the switch will not performs the removing operation in the TC protect cycle Such a mechanism prevents...

Page 92: ...ulating STP because of link failures and network congestions Root Protect Root Protect is to prevent wrong network topology change caused by the role change of the current legal root bridge TC Protect...

Page 93: ...ault value is 20 TC Protect Cycle Enter a value from 1 to 10 to specify the TC Protect Cycle The default value is 5 7 5 Application Example for STP Function Network Requirements z Switch A B C D and E...

Page 94: ...ion 1 Configure ports On VLAN 802 1Q VLAN page configure the link type of the related ports as Trunk and add the ports to VLAN 101 and VLAN 106 The detailed instructions can be found in the section 80...

Page 95: ...nstance 2 On Spanning Tree MSTP Instance Instance Config page configure the priority of Instance 2 to be 0 z Configure Switch D Step Operation Description 1 Configure ports On VLAN 802 1Q VLAN page co...

Page 96: ...estion for Configuration z Enable TC Protect function for all the ports of switches z Enable Root Protect function for all the ports of root bridges z Enable Loop Protect function for the non edge por...

Page 97: ...e for networks with sparsely users whereas broadcast is suitable for networks with densely distributed users When the number of users requiring this information is not certain unicast and broadcast de...

Page 98: ...hip is described as Figure 8 2 Figure 8 2 Mapping relationship between multicast IP address and multicast MAC address The high order 4 bits of the IP multicast address are 1110 identifying the multica...

Page 99: ...message from the host within a period of time IGMP Messages The switch running IGMP Snooping processes the IGMP messages of different types as follows 1 IGMP Query Message IGMP query message sent by t...

Page 100: ...connected to a multicast group member 2 Timers Router Port Time Within the time if the switch does not receive IGMP query message from the router port it will consider this port is not a router port...

Page 101: ...lticast Select the operation for the switch to process unknown multicast Forward or Discard IGMP Snooping Status Description Displays IGMP Snooping status Member Displays the member of the correspondi...

Page 102: ...port the Switch will immediately remove this port from the multicast group upon receiving IGMP leave messages LAG Displays the LAG number which the port belongs to Note 1 Fast Leave on the port is eff...

Page 103: ...ber port Within this time if the switch doesn t receive IGMP report message from the member port it will consider this port is not a member port any more Leave Time Specify the interval between the sw...

Page 104: ...ulticast transmission mode when users in different VLANs apply for join the same multicast group the multicast router will duplicate this multicast information and deliver each VLAN owning a receiver...

Page 105: ...eave message from a host and the switch removing the host from the multicast groups Static Router Port Select the static router port which is mainly used in the network with stable topology Note 1 The...

Page 106: ...figuration If it is successfully configured the VLAN ID of the multicast VLAN will be displayed in the IGMP Snooping Status table on the Multicast IGMP Snooping Snooping Config page Application Exampl...

Page 107: ...oping function Enable IGMP Snooping function globally on Multicast IGMP Snooping Snooping Config page Enable IGMP Snooping function for port 3 port4 and port 5 on Multicast IGMP Snooping Port Config p...

Page 108: ...c Displays all static multicast IP entries z Dynamic Displays all dynamic multicast IP entries Multicast IP Table Multicast IP Displays multicast IP address VLAN ID Displays the VLAN ID of the multica...

Page 109: ...tries quickly z All Displays all static multicast IP entries z Multicast IP Enter the multicast IP address the desired entry must carry z VLAN ID Enter the VLAN ID the desired entry must carry z Port...

Page 110: ...1 IP Range On this page you can figure the desired IP ranges to be filtered Choose the menu Multicast Multicast Filter IP Range to load the following page Figure 8 10 Multicast Filter The following e...

Page 111: ...r Config Port Select Click the Select button to quick select the corresponding port based on the port number you entered Select Select the desired port for multicast filtering It is multi optional Por...

Page 112: ...s can be bound to one port Configuration Procedure Step Operation Description 1 Configure IP Range Required Configure IP Range to be filtered on Multicast Multicast Filter IP Range page 2 Configure mu...

Page 113: ...r you entered Port Displays the port number of the switch Query Packet Displays the number of query packets the port received Report Packet V1 Displays the number of IGMPv1 report packets the port rec...

Page 114: ...ackets to different priority queues based on the priority modes This switch implements three priority modes based on port on 802 1P and on DSCP z Queue scheduling algorithm When the network is congest...

Page 115: ...ent page you can configure different DS field mapping to the corresponding priority levels Non IP datagram with 802 1Q tag are mapped to different priority levels based on 802 1P priority mode the unt...

Page 116: ...The default weight value ratio of TC0 TC1 TC2 and TC3 is 1 2 4 8 Figure 9 5 WRR Mode 3 SP WRR Mode Strict Priority Weight Round Robin Mode In this mode this switch provides two scheduling groups SP g...

Page 117: ...hms The port priorities are labeled as CoS0 CoS1 CoS7 The DiffServ function can be implemented on Port Priority Schedule Mode 802 1P Priority and DSCP Priority pages 9 1 1 Port Priority On this page y...

Page 118: ...edule Mode Config SP Mode Strict Priority Mode In this mode the queue with higher priority will occupy the whole bandwidth Packets in the queue with lower priority are sent only when the queue with hi...

Page 119: ...TC1 TC2 and TC3 Configuration Procedure Step Operation Description 1 Configure the mapping relation between the 802 1P priority and TC Required On QoS DiffServ 802 1P Priority page configure the mapp...

Page 120: ...CoS0 CoS7 Configuration Procedure Step Operation Description 1 Configure the mapping relation between the DSCP priority and 802 1P priority Required On QoS DiffServ DSCP Priority page enable DSCP Pri...

Page 121: ...ed and utilized Choose the menu QoS Bandwitdth Control Rate Limit to load the following page Figure 9 10 Rate Limit The following entries are displayed on this screen Rate Limit Config Port Select Cli...

Page 122: ...rame in the network If the transmission rate of the three kind packets exceeds the set bandwidth the packets will be automatically discarded to avoid network broadcast storm Choose the menu QoS Bandwi...

Page 123: ...ce VLANs you can perform QoS related configuration for voice data ensuring the transmission priority of voice data stream and voice quality OUI Address Organizationally unique identifier address The s...

Page 124: ...UNK Supported The default VLAN of the port can not be voice VLAN TAG voice stream GENERAL Supported The default VLAN of the port can not be voice VLAN and the egress rule of the access port in the def...

Page 125: ...the device to deal with the packet is determined by whether the port permits the VLAN or not independent of voice VLAN security mode Table 9 3 Security mode and packets processing mode Note Don t tran...

Page 126: ...o enable voice VLAN function for the LAG member port please ensure its member state accords with its port mode If a port is a member port of voice VLAN changing its port mode to be Auto will make the...

Page 127: ...ice VLAN LAG Displays the LAG number which the port belongs to 9 3 3 OUI Config The switch supports OUI create and add the MAC address of the special voice device to the OUI table of the switch The sw...

Page 128: ...type of ports of the voice device 2 Create VLAN Required On VLAN 802 1Q VLAN Port Config page click the Create button to create a VLAN 3 Add OUI address Optional On QoS Voice VLAN OUI Config page you...

Page 129: ...ime range data packets can be filtered by differentiating the time ranges On this switch absolute time week time and holiday can be configured Configure an absolute time section in the form of the sta...

Page 130: ...The ACL rule based on this time range takes effect only when the system time is within the holiday Absolute Select Absolute to configure absolute time range The ACL rule based on this time range takes...

Page 131: ...ate of the holiday End Date Specify the end date of the holiday Holiday Name Enter the name of the holiday Holiday Table Select Select the desired entry to delete the corresponding holiday Index Displ...

Page 132: ...d the following page Figure 10 4 ACL Summary The following entries are displayed on this screen Search Option Select ACL Select the ACL you have created ACL Type Displays the type of the ACL you selec...

Page 133: ...eate MAC Rule The following entries are displayed on this screen Create MAC ACL ACL ID Select the desired MAC ACL for configuration Rule ID Enter the rule ID Operation Select the operation for the swi...

Page 134: ...d IP ACL ACL ID Select the desired Standard IP ACL for configuration Rule ID Enter the rule ID Operation Select the operation for the switch to process packets which match the rules z Permit Forward p...

Page 135: ...IP address contained in the rule D IP Enter the destination IP address contained in the rule Mask Enter IP address mask If it is set to 1 it must strictly match the address IP Protocol Select IP proto...

Page 136: ...CL and the corresponding operations in the policy Choose the menu ACL Policy Config Policy Summary to load the following page Figure 10 9 Policy Summary The following entries are displayed on this scr...

Page 137: ...lowing entries are displayed on this screen Create Policy Policy Name Enter the name of the policy 10 3 3 Action Create On this page you can add ACLs and create corresponding actions for the policy Ch...

Page 138: ...QoS Remark to forward the data packets based on the QoS settings z DSCP Specify the DSCP region for the data packets those match the corresponding ACL z Local Priority Specify the local priority for...

Page 139: ...ACL Policy Binding Port Binding to load the following page Figure 10 13 Bind the policy to the port The following entries are displayed on this screen Port Bind Config Policy Name Select the name of...

Page 140: ...configuration pages configure ACL rules to match packets 3 Configure Policy Required On ACL Policy Config configuration pages configure the policy to control the data packets those match the correspon...

Page 141: ...8 00 18 00 2 Configure for requirement 1 On ACL ACL Config ACL Create page create ACL 11 On ACL ACL Config MAC ACL page select ACL 11 create Rule 1 configure the operation as Permit configure the S MA...

Page 142: ...e the time range as work_time On ACL Policy Config Action Create page add ACL 100 to Policy limit1 On ACL Policy Binding Port Binding page select Policy limit1 to bind to port 3 4 Configure for requir...

Page 143: ...connected port number of the Hosts in the LAN via the ARP Scanning function and bind them conveniently You are only requested to enter the range of the IP address on the ARP Scanning page for the sca...

Page 144: ...plays the MAC Address of the Host VLAN ID Displays the VLAN ID here Port Displays the number of port connected to the Host Protect Type Allows you to view and modify the Protect Type of the entry Sour...

Page 145: ...Binding Table Select Select the desired entry to be deleted It is multi optional Host Name Displays the Host Name here IP Address Displays the IP Address of the Host MAC Address Displays the MAC Addre...

Page 146: ...try related to the IP address of Host B exists If yes Host A will directly send the packets to Host B If the corresponding MAC address is not found in the ARP Table Host A will broadcast ARP request p...

Page 147: ...LAN ID Displays the VLAN ID here Port Displays the number of port connected to the Host Protect Type Displays the Protect Type of the entry Collision Displays the Collision status of the entry Warning...

Page 148: ...gure 11 5 Network diagram for DHCP snooping implementation For different DHCP Clients DHCP Server provides three IP address assigning methods 1 Manually assign the IP address Allows the administrator...

Page 149: ...e DHCP ACK packet back to the Client Otherwise the Server will send the DHCP NAK packet to refuse assigning this IP address to the Client Option 82 The DHCP packets are classified into 8 types with th...

Page 150: ...mistake 2 Hacker exhausted the IP addresses of the normal DHCP server and then pretended to be a legal DHCP server to assign the IP addresses and the other parameters to Clients For example hacker us...

Page 151: ...d the following page Figure 11 8 DHCP Snooping Note If you want to enable the DHCP Snooping feature for the member port of LAG please ensure the parameters of all the member ports are the same The fol...

Page 152: ...tch defined one Drop Indicates to discard the packets including the Option 82 field Customization Enable Disable the switch to define the Option 82 Circuit ID Enter the sub option Circuit ID for the c...

Page 153: ...of a forged Gateway to Host and then the Host will automatically update the ARP table after receiving the ARP response packets which causes that the Host can not access the network normally The ARP A...

Page 154: ...N it will encapsulate this false destination MAC address for packets which results in a breakdown of the normal communication Cheating Terminal Hosts The attacker sends the false IP address to MAC add...

Page 155: ...e Middle Attack The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the Hosts maintain the wrong ARP table When the Hosts in LAN communicate with one another they w...

Page 156: ...p a normal appearing communication 5 The attacker continuously sends the false ARP packets to the Host A and Host B so as to make the Hosts always maintain the wrong ARP table In the view of Host A an...

Page 157: ...network from ARP attacks such as the Network Gateway Spoofing and Man In The Middle Attack etc Choose the menu Network Security ARP Inspection ARP Detect to load the following page Figure 11 13 ARP D...

Page 158: ...y 3 Specify the trusted port Required On the Network Security ARP Inspection ARP Detect page specify the trusted port The specific ports such as up linked port routing port and LAG port should be set...

Page 159: ...ARP packets Status Displays the status of the ARP attack LAG Displays the LAG to which the port belongs to Operation Click the Recover button to restore the port to the normal status The ARP Defend f...

Page 160: ...rvice Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host which incurs an abnormal service or even breakdo...

Page 161: ...h its source port less than 1024 The attacker sends the illegal packet with its TCP SYN field set to 1 and source port less than 1024 Blat Attack The attacker sends the illegal packet with its source...

Page 162: ...e network and block the unnecessary network services 3 Enhance the network security via the protection devices such as the hardware firewall 11 4 802 1X The 802 1X protocol was developed by IEEE802 LA...

Page 163: ...orization To ensure a stable authentication system an alternate authentication server can be specified If the main authentication server is in trouble the alternate authentication server can substitut...

Page 164: ...AP MD5 authentication procedure Figure 11 18 EAP MD5 Authentication Procedure 1 A supplicant system launches an 802 1X client program via its registered user name and password to initiate an access re...

Page 165: ...ort state from accepted to rejected 2 EAP Terminating Mode In this mode packet transmission is terminated at authenticator systems and the EAP packets are mapped into RADIUS packets Authentication and...

Page 166: ...esources After passing the authentication the ports will be removed from the Guest VLAN and be allowed to access the other resources With the Guest VLAN function enabled users can access the Guest VLA...

Page 167: ...ts to be transmitted to the authentication server PAP IEEE 802 1X authentication system uses extensible authentication protocol EAP to exchange information between the switch and the client The transm...

Page 168: ...for the switch to wait for the response from authentication server before resending a request to the authentication server 11 4 2 Port Config On this page you can configure the 802 1X features for the...

Page 169: ...for access Port Based All the clients connected to the port can access the network on the condition that any one of the clients has passed the 802 1X Authentication Authorized Displays the authenticat...

Page 170: ...t connected to the authentication server In addition the authentication parameters of the switch and the authentication server should be the same Configuration Procedure Step Operation Description 1 C...

Page 171: ...is the server software operated on network devices with the responsibility of receiving and processing the request packets from SNMP Management Station In the meanwhile Agent will inform the SNMP Mana...

Page 172: ...ssages SNMP adopts the hierarchical architecture to identify the managed objects It is like a tree and each tree node represents a managed object as shown in the following figure Thus the object can b...

Page 173: ...on please configure the SNMP function globally on this page Choose the menu SNMP SNMP Config Global Config to load the following page Figure 12 3 Global Config The following entries are displayed on t...

Page 174: ...en View Config View Name Give a name to the View for identification Each View can include several entries with the same name MIB Object ID Enter the Object Identifier OID for the entry of View View Ty...

Page 175: ...this model the Community Name is used for authentication SNMP v1 can be configured on the SNMP Community page directly v2c SNMPv2c is defined for the group In this model the Community Name is used for...

Page 176: ...del Displays the Security Model of the group Security Level Displays the Security Level of the group Read View Displays the Read View name in the entry Write View Displays the Write View name in the e...

Page 177: ...curity Level Security Model Select the Security Model for the User Security Level Select the Security Level for the SNMP v3 User Auth Mode Select the Authentication Mode for the SNMP v3 User None No a...

Page 178: ...Modify button to apply Note The SNMP User and its Group should have the same Security Model and Security Level 12 1 5 SNMP Community SNMP v1 and SNMP v2c adopt community name authentication The commu...

Page 179: ...viewDefault Configuration Procedure z If SNMPv3 is employed please take the following steps Step Operation Description 1 Enable SNMP function globally Required On the SNMP SNMP Config Global Config pa...

Page 180: ...on With the Notification function enabled the switch can initiatively report to the management station about the important events that occur on the Views e g the managed device is rebooted which allow...

Page 181: ...re used authNoPriv Only the authentication security level is used authPriv Both the authentication and the privacy security levels are used Type Select the type for the notifications Trap Indicates tr...

Page 182: ...rk so as to enable the network administrator to take the protection measures in time to avoid any network malfunction In addition RMON MIB records network statistics information of network performance...

Page 183: ...screen History Control Table Select Select the desired entry for configuration Index Displays the index number of the entry Port Specify the port from which the history samples were taken Interval Spe...

Page 184: ...type which determines the act way of the network device in response to an event None No processing Log Logging the event Notify Sending trap messages to the management station Log Notify Logging the...

Page 185: ...o the threshold Rising Threshold Enter the rising counter value that triggers the Rising Threshold alarm Rising Event Select the index of the corresponding event which will be triggered if the sampled...

Page 186: ...onding alarm entry Note When alarm variables exceed the Threshold on the same direction continuously for several times an alarm event will only be generated on the first time that is the Rising Alarm...

Page 187: ...e commander of the cluster and the others are member switches The typical topology is as follows Figure 13 1 Cluster topology Cluster Role According to their functions and status in a cluster switches...

Page 188: ...mainly used for cluster management configuration including three submenus NDP NTDP and Cluster 13 1 NDP NDP Neighbor Discovery Protocol is used to get the information of the directly connected neighbo...

Page 189: ...Remote Port Displays the port number of the neighbor switch which is connected to the corresponding port Device Name Displays the name of the neighbor switch Device MAC Displays MAC address of the ne...

Page 190: ...P packets Port Status Port Displays the port number of the switch NDP Displays the NDP status enabled or disabled for the current port Send NDP Packets Displays the count of currently sent NDP packets...

Page 191: ...Hello Time Enter the interval to send NDP packets Port Config Select Select the desired port to configure its NDP status Port Displays the port number of the switch NDP Displays NDP status of the curr...

Page 192: ...port delay Indicates the time between the port forwarding NTDP request packets and its adjacent port forwarding NTDP request packets over The NTDP function can be implemented on Device Table NTDP Summ...

Page 193: ...Collect Topology button to collect NTDP information of the switch so as to collect the latest network topology Click the Detail button to view the complete information of this device and its neighbor...

Page 194: ...collects NTDP Hop Delay Displays the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time NTDP Port Delay Displays the time between...

Page 195: ...ects The default is 3 hops NTDP Hop Delay Enter the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time The default is 200 millisec...

Page 196: ...IP address assigned by the commander switch You can manage and configure the member switch via the commander switch The Cluster function can be implemented on Cluster Summary and Cluster Config pages...

Page 197: ...he commander switch z For an individual switch the following page is displayed Figure 13 11 Cluster Summary for Individual Switch The following entries are displayed on this screen Global Config Clust...

Page 198: ...role of the switch to be individual switch z For a member switch the following page is displayed Figure 13 13 Cluster Configuration for Member Switch The following entries are displayed on this screen...

Page 199: ...ple for Cluster Function Network Requirements Three switches form cluster one commander switch Here take TP LINK TL SL5428E as an example and two member switches Here take TP LINK TL SG3216 as an exam...

Page 200: ...tion z Configure the commander switch Step Operation Description 1 Enable NDP function on the switch and for port 1 port 2 and port 3 On Cluster NDP NDP Config page enable NDP function 2 Enable NTDP f...

Page 201: ...witch and click the Manage button to log on to its Web management page Or On Cluster Cluster Cluster Topology page double click the switch icon to view its detailed information click the switch icon a...

Page 202: ...device are available 5 Network Diagnose Test whether the destination device is reachable and detect the route hops from the switch to the destination device 14 1 System Monitor System Monitor functio...

Page 203: ...Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds 14 1 2 Memory Monitor Choose the menu Maintenance System Monitor Memory Monitor to load...

Page 204: ...ork administrator to monitor network operation and diagnose malfunction The Logs of switch are classified into the following eight levels Severity Level Description emergencies 0 The system is unusabl...

Page 205: ...onfigure on the System System Info System Time Web management page Module Displays the module which the log information belongs to You can select a module from the drop down list to display the corres...

Page 206: ...r for saving system log The inforamtion in the log file will not be lost after the switch is restarted and can be exported on the Backup Log page Severity Specify the severity level of the log informa...

Page 207: ...rity level value will be sent to the corresponding log host Status Enable Disable the log host Note The Log Server software is not provided If necessary please download it on the Internet 14 2 4 Backu...

Page 208: ...acilitates you to locate and diagnose the trouble spot of the network Choose the menu Maintenance Device Diagnose Cable Test to load the following page Figure 14 7 Cable Test The following entries are...

Page 209: ...Loopback The following entries are displayed on this screen Loopback Type Internal Select Internal to test whether the port is available External Select External to test whether the device connected...

Page 210: ...ded Data Size Enter the size of the sending data during Ping testing The default value is recommended Interval Specify the interval to send ICMP request packets The default value is recommended 14 4 2...

Page 211: ...lowing entries are displayed on this screen Tracert Config Destination IP Enter the IP address of the destination device Max Hop Specify the maximum number of the route hops the test data can pass thr...

Page 212: ...2000Mbps FD 10Base T UTP STP of Cat 3 or above 100Base TX UTP STP of Cat 5 or above 100Base FX MMF or SMF SFP Module Optional 1000Base T 4 pair UTP 100m of Cat 5 Cat 5e Cat 6 or above Transmission Me...

Page 213: ...r s manual if necessary 1 On the Windows taskbar click the Start button and then click Control Panel 2 Click the Network and Internet Connections icon and then click on the Network Connections tab in...

Page 214: ...Figure B 2 5 The following TCP IP Properties window will display and the IP Address tab is open on this window by default 207...

Page 215: ...ss And the following items will be available If the switch s IP address is 192 168 0 1 specify IP address as 192 168 0 x x is from 2 to 254 and the Subnet mask as 255 255 255 0 Now Click OK to save yo...

Page 216: ...IP network for files transfer 1 Hardware Installation Figure C 1 1 Connect FTP server to port 1 of the switch 2 Connect the Console port of the PC to the switch 3 Save the firmware of the switch in t...

Page 217: ...nal 2 The Connection Description Window will prompt shown as Figure C 3 Enter a name into the Name field and click OK Figure C 3 Connection Description 3 Select the port to connect in the following fi...

Page 218: ...otUtil menu To download firmware to the switch via FTP function you need to enter into the bootUtil menu of the switch and take the following steps 1 Connect the console port of the PC to the console...

Page 219: ...an example IP address is 172 31 70 146 the user name and password for login to the FTP server are both 123 the name of the upgrade firmware is tl_sg3216_up bin The detailed command is shown as the fo...

Page 220: ...TP LINK start Start User Access Login User Return to CONTENTS 213...

Page 221: ...t provided on the attached CD for the supplicant Client 1 Installation Guide 1 Insert the provided CD into your CD ROM drive Open the file folder and double click the icon to load the following figure...

Page 222: ...llowing screen Figure D 4 Choose Destination Location By default the installation files are saved on the Program Files folder of system disk Click the Change button to modify the destination location...

Page 223: ...tall the Program 6 The InstallShield Wizard is installing TpSupplicant V2 0 shown as the following screen Please wait Figure D 6 Setup Status 7 On the following screen click Finish to complete the ins...

Page 224: ...go to http www winpcap org to download the latest version of WinPcap for installation 2 Uninstall Software If you want to remove the TpSupplicant please take the following steps 1 On the Windows taskb...

Page 225: ...the application from your PC Figure D 10 Uninstall the Application 4 Click Finish to complete Figure D 11 Uninstall Complete 3 Configuration 1 After completing installation double click the icon to ru...

Page 226: ...t will send the EAPOL Start packets to the switch via multicast and send the 802 1X authentication packets via unicast Obtain an IP address automatically Select this option if the Client automatically...

Page 227: ...D 14 Authentication Dialog 4 When passing the authentication the following screen will appear Figure D 15 Successfully Authenticated 5 Double click the icon on the right corner of desktop and then th...

Page 228: ...on and run the client software again Q2 Is this TP LINK 802 1X Client Software compliable with the switches of the other manufacturers A2 No This TP LINK 802 1X Client Software is customized for TP LI...

Page 229: ...mic Host Control Protocol DHCP Provides a framework for passing configuration information to hosts on a TCP IP network DHCP is based on the Bootstrap Protocol BOOTP adding the capability of automatic...

Page 230: ...802 3x Defines Ethernet frame start stop requests and timers used for flow control on full duplex links Now incorporated in IEEE 802 3 2002 Internet Group Management Protocol IGMP A protocol through...

Page 231: ...to national time standards via wire or radio Port Authentication See IEEE 802 1X Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic a...

Page 232: ...IP Transmission Control Protocol Internet Protocol TCP IP Protocol suite that includes TCP as the primary transport protocol and IP as the network layer protocol Trivial File Transfer Protocol TFTP A...

Reviews:

No comments

Related manuals for JetStream TL-SG3216

Barco MatrixPRO-II DVI 16x16 User Manual preview
MatrixPRO-II DVI 16x16
Brand: Barco Pages: 43
Barco matrixpro-II Information Manual preview
matrixpro-II
Brand: Barco Pages: 5
Patton electronics 4520 Specification Sheet preview
4520
Brand: Patton electronics Pages: 2
Patton electronics 4520 Getting Started Manual preview
4520
Brand: Patton electronics Pages: 86
H3C S12500R-2L Installation, Quick Start preview
S12500R-2L
Brand: H3C Pages: 26
PairGain PG-FLEX RT FRL-752 Manual preview
PG-FLEX RT FRL-752
Brand: PairGain Pages: 6
Klark Teknik DN9650 Operator'S Manual preview
DN9650
Brand: Klark Teknik Pages: 50
Pakedge Device & Software RK-1 Quick Start Manual preview
RK-1
Brand: Pakedge Device & Software Pages: 14
C&H Technologies EM405-8 User Manual preview
EM405-8
Brand: C&H Technologies Pages: 50
Parker Sporlan Division SCS-PB Series Installation And Operating Instructions Manual preview
Sporlan Division SCS-PB Series
Brand: Parker Pages: 10
Williams Sound DW SY 1 User Manual preview
DW SY 1
Brand: Williams Sound Pages: 2
Patton electronics 593/25, 593/45, 593/TB, RS-422, RS-485 User Manual preview
593/25, 593/45, 593/TB, RS-422, RS-485
Brand: Patton electronics Pages: 8
D-Link DES-1016D - Switch Quick Installation Manual preview
DES-1016D - Switch
Brand: D-Link Pages: 32
D-Link Amplifi DIR-657 Technical Specifications preview
Amplifi DIR-657
Brand: D-Link Pages: 3
D-Link DES-1005P Manual preview
DES-1005P
Brand: D-Link Pages: 16
D-Link DES-1005F Quick Installation Manual preview
DES-1005F
Brand: D-Link Pages: 35
D-Link DES-1004 User Manual preview
DES-1004
Brand: D-Link Pages: 46
D-Link DES-1008PA Quick Installation Manual preview
DES-1008PA
Brand: D-Link Pages: 40

Brands by name

Popular brands

Load more brands