manualshive.com logo in svg

TP-Link JetStream TL-SL5428E, User Manual

The TP-Link JetStream TL-SL5428E, an advanced network switch, offers exceptional performance and versatility for your networking needs. Seamlessly connect multiple devices with ease and efficiency. Access the comprehensive user manual for this product, available for free download at manualshive.com, to maximize your experience and unleash the switch's full potential.

Share
Download
background image

 

55

 

The following entries are displayed on this screen: 

¾

 

Create Filtering Address 

MAC Address: 

Enter the MAC Address to be filtered.     

VLAN ID: 

Enter the corresponding VLAN ID of the MAC address. 

¾

 

Search Option 

Search Option:

 

Select a Search Option from the pull-down list and click the Search 
button to find your desired entry in the Filtering Address Table. 

 

MAC: 

Enter the MAC address of your desired entry. 

 

VLAN ID: 

Enter the VLAN ID number of your desired entry.

 

¾

 

Filtering Address Table 

Select: 

Select the entry to delete the corresponding filtering address. It is
multi-optional. 

MAC Address: 

Displays the filtering MAC Address. 

VLAN ID: 

Displays the corresponding VLAN ID. 

Port: 

Here the symbol “__” indicates no specified port. 

Type: 

Displays the Type of the MAC address. 

Aging Status: 

Displays the Aging Status of the MAC address. 

Note: 

1.  The MAC address in the Filtering Address Table can not be added to the Static Address Table 

or bound to a port dynamically. 

2.  This MAC address filtering function is not available if the 802.1X feature is enabled. 

Return to CONTENTS 

 

Summary of Contents for JetStream TL-SL5428E

Page 1: ...TL SL5428E 24 Port 10 100Mbps 4 Port Gigabit L2 Managed Switch Rev 1 0 2 1910010340 ...

Page 2: ...nstalled and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 Th...

Page 3: ...tions 9 3 2 Installation 9 3 2 1 Desktop Installation 10 3 2 2 Rack Installation 10 3 3 Connect to Ground 11 Chapter 4 Connection 14 4 1 Ethernet Ports 14 4 2 SFP Ports 14 4 3 Console Port 15 4 4 Power On 16 Chapter 5 Login to the Switch 17 5 1 Login 17 5 2 Configuration 17 Chapter 6 System 19 6 1 System Info 19 6 1 1 System Summary 19 6 1 2 Device Description 21 6 1 3 System Time 22 6 1 4 System ...

Page 4: ...7 2 1 LAG Table 42 7 2 2 Static LAG 43 7 2 3 LACP Config 44 7 3 Traffic Monitor 46 7 3 1 Traffic Summary 46 7 3 2 Traffic Statistics 47 7 4 MAC Address 48 7 4 1 Address Table 49 7 4 2 Static Address 51 7 4 3 Dynamic Address 52 7 4 4 Filtering Address 54 Chapter 8 VLAN 56 8 1 802 1Q VLAN 57 8 1 1 VLAN Config 59 8 1 2 Port Config 61 8 2 MAC VLAN 63 8 2 1 MAC VLAN 63 8 2 2 Port Enable 64 8 3 Protocol...

Page 5: ...ct 93 9 5 Application Example for STP Function 94 Chapter 10 Multicast 98 10 1 IGMP Snooping 100 10 1 1 Snooping Config 101 10 1 2 Port Config 102 10 1 3 VLAN Config 103 10 1 4 Multicast VLAN 105 10 2 Multicast IP 108 10 2 1 Multicast IP Table 109 10 2 2 Static Multicast IP 109 10 3 Multicast Filter 110 10 3 1 IP Range 111 10 3 2 Port Filter 112 10 4 Packet Statistics 113 Chapter 11 QoS 115 11 1 D...

Page 6: ...135 12 2 4 Standard IP ACL 136 12 2 5 Extend IP ACL 137 12 3 Policy Config 138 12 3 1 Policy Summary 138 12 3 2 Policy Create 139 12 3 3 Action Create 139 12 4 Policy Binding 141 12 4 1 Binding Table 141 12 4 2 Port Binding 141 12 4 3 VLAN Binding 142 Chapter 13 Network Security 146 13 1 IP MAC Binding 146 13 1 1 Binding Table 146 13 1 2 Manual Binding 147 13 1 3 ARP Scanning 149 13 1 4 DHCP Snoop...

Page 7: ...3 1 History Control 188 14 3 2 Event Config 188 14 3 3 Alarm Config 189 Chapter 15 Cluster 192 15 1 NDP 193 15 1 1 Neighbor Info 193 15 1 2 NDP Summary 194 15 1 3 NDP Config 196 15 2 NTDP 197 15 2 1 Device Table 197 15 2 2 NTDP Summary 198 15 2 3 NTDP Config 200 15 3 Cluster 201 15 3 1 Cluster Summary 201 15 3 2 Cluster Config 204 15 3 3 Member Config 206 15 3 4 Cluster Topology 207 15 4 Applicati...

Page 8: ...217 16 3 Device Diagnose 218 16 3 1 Cable Test 218 16 3 2 Loopback 219 16 4 Network Diagnose 219 16 4 1 Ping 219 16 4 2 Tracert 220 Chapter 17 System Maintenance via FTP 222 Appendix A Specifications 227 Appendix B Configuring the PCs 228 Appendix C 802 1X Client Software 231 Appendix D Glossary 239 ...

Page 9: ...console cable Two mounting brackets and other fittings Quick Installation Guide Resource CD for TL SL5428E switch including This User Guide Other Helpful Information Note Make sure that the package contains the above items If any of the listed items are damaged or missing please contact with your distributor ...

Page 10: ...ystem Summary page under the System Info menu option that is located under the System menu Bold font indicates a button a toolbar icon menu or menu item Symbols in this Guide Symbol Description Note Ignoring this type of note might result in a malfunction or damage to the device Tips This format indicates important information that helps you make better use of your device 1 3 Overview of This Guid...

Page 11: ...s used to configure VLANs to control broadcast in LANs Here mainly introduces z 802 1Q VLAN Configure port based VLAN z MAC VLAN Configure MAC based VLAN without changing the 802 1Q VLAN configuration z Protocol VLAN Create VLANs in application layer to make some special data transmitted in the specified VLAN z VLAN VPN VLAN VPN allows the packets with VLAN tags of private networks to be encapsula...

Page 12: ... Configure voice VLAN to transmit voice data stream within the specified VLAN so as to ensure the transmission priority of voice data stream and voice quality Chapter 12 ACL This module is used to configure match rules and process policies of packets to filter packets in order to control the access of the illegal users to the network Here mainly introduces z Time Range Configure the effective time...

Page 13: ...ion to establish and maintain cluster Chapter 16 Maintenance This module is used to assemble the commonly used system tools to manage the switch Here mainly introduces z System Monitor Monitor the memory and CPU of the switch z Log View configuration parameters on the switch z Cable Test Test the connection status of the cable connected to the switch z Loopback Test if the port of the switch and t...

Page 14: ...formance 2 2 Main Features Resiliency and Availability Link aggregation LACP increases aggregated bandwidth optimizing the transport of business critical data IEEE 802 1s Multiple Spanning Tree provides high link availability in multiple VLAN environments Multicast snooping automatically prevents flooding of IP multicast traffic Root Guard protects root bridge from malicious attack or configuratio...

Page 15: ...7 and SFP shares the same LED with Port 28 Console Port Designed to connect with the serial port of a computer or terminal for monitoring and configuring the Switch LEDs Name Status Indication On Power is on Flashing Power supply is abnormal PWR Off Power is off or power supply is abnormal On The Switch is working abnormally Flashing The Switch is working normally SYS Off The Switch is working abn...

Page 16: ...u can also ground the Switch through the PE Protecting Earth cable of AC cord or with Ground Cable For detail information please refer to section 2 3 Connect to Ground AC Power Socket Connect the female connector of the power cord here and the male connector to the AC power outlet Please make sure the voltage of the power supply meets the requirement of the input voltage 100 240V 50 60Hz 0 6A Retu...

Page 17: ...witch 2 Location Requirements When you choose a location for the Switch please follow these guidelines Install the Switch on a flat and stable surface that can support the entire weight of the Switch with all fittings Locate the Switch far from strong electromagnetic field generators such as motors vibration dust and direct exposure to sunlight To ensure adequate air flow around the Switch At leas...

Page 18: ... bottom at each corner of the Switch Figure 3 1 Attaching Rubber Feet 4 Upturn the Switch and connect it to the network devices while keep enough ventilation space around 5 Connect the Switch to power source with the provided power cord Note Please avoid any heavy thing placed on the Switch 3 2 2Rack Installation To install the Switch in an EIA standard sized 19 inch rack follow the instructions d...

Page 19: ...er cord 3 3 Connect to Ground Connecting the Switch to ground is to quickly release the lightning over voltage and over current of the Switch which is also a necessary measure to protect the body from electric shock In different environments the Switch may be grounded differently The following will instruct you to connect the Switch to the ground in two ways connecting to the Grounding Bar or conn...

Page 20: ...ommended to connect the Switch to the Grounding Bar as shown in the following figure Figure 3 4 Tips The Grounding Bar is not provided with our product Connecting to the Ground via the power supply If the Switch is installed in the normal environment the Switch can be grounded via the PE Protecting Earth cable of the AC power supply as shown in the following figure ...

Page 21: ...n your situation will comply with the regulation in your country so they may differ from the figure above Tips If you intend to connect the Switch to the ground via the PE Protecting Earth cable of AC power cord please make sure the PE Protecting Earth cable in the electrical outlet is well grounded in advance Return to CONTENTS ...

Page 22: ... figure shown Figure 4 1 Connecting the RJ45 Port 4 2 SFP Ports The Switch features two SFP Small Form Factor Pluggable transceiver slots that are shared with two associated 1000Base T RJ45 ports If an SFP transceiver purchased separately is installed in a slot and has a valid link on the port the associated RJ45 port will be disabled and cannot be used Tips TL SL5428E supports 100 1000Base FX SFP...

Page 23: ...ommand Line Interface Note The serial port of the computer doesn t support plug and play feature please make sure the Switch is powered off before connecting the console cable to the computer Connect the console port of the Switch and your computer with a console cable as shown in Figure 4 3 Figure 4 3 Connecting the Console Port ...

Page 24: ...he regulation in your country so they may differ from the figure above Powering on the Switch it will automatically initialize and its LED indicators will respond as follows 1 All of the 10 100Mbps and 1000Mbps LED indicators will flash momentarily and then turn off which represents a resetting of the system 2 The PWR LED indicator will light on all the time 3 The SYS LED indicator will flash whic...

Page 25: ... The IP address is 192 168 0 x x is any number from 2 to 254 Subnet Mask is 255 255 255 0 For the detailed instructions as to how to do this please refer to Appendix B 2 After a moment a login window will appear as shown in Figure 5 2 Enter admin for the User Name and Password both in lower case letters Then click the OK button or press the Enter key Figure 5 2 Login 5 2 Configuration After a succ...

Page 26: ...ective before the switch is rebooted If you want to keep the configurations effective even the switch is rebooted please click Saving Config You are suggested to click Saving Config before cutting off the power or rebooting the switch to avoid losing the new configurations Return to CONTENTS ...

Page 27: ...d the system information The port status diagram shows the working status of 24 10 100Mbps RJ45 ports 4 10 100 1000Mbps RJ45 ports and 2 SFP ports of the switch The ports labeled as numbers are 10 100Mbps ports the ports labeled as G are 10 100 1000Mbps ports the ports labeled as SFP are SFP ports Choose the menu System System Info System Summary to load the following page Figure 6 1 System Summar...

Page 28: ...e port will be displayed Figure 6 2 Port Information Port Info Port Displays the port number of the switch Type Displays the type of the port Rate Displays the maximum transmission rate of the port Status Displays the connection status of the port Click a port to display the bandwidth utilization on this port The actual rate divided by theoretical maximum rate is the bandwidth utilization Figure 1...

Page 29: ...f sending packets on this port 6 1 2 Device Description On this page you can configure the description of the switch including device name device location and system contact Choose the menu System System Info Device Description to load the following page Figure 6 4 Device Description The following entries are displayed on this screen Device Description Device Name Enter the name of the switch ...

Page 30: ...nually set the system time get GMT automatically if it has connected to a NTP server or synchronize with PC s clock as the system time Choose the menu System System Info System Time to load the following page Figure 6 5 System Time The following entries are displayed on this screen Time Info Current System Date Displays the current date and time of the switch Current Time Mode Displays the current...

Page 31: ... network possesses a unique IP Address You can log on to the Web management page to operate the switch using this IP Address The switch supports three modes to obtain an IP address Static IP DHCP and BOOTP The IP address obtained using a new mode will replace the original IP address On this page you can configure the system IP of the switch Choose the menu System System Info System IP to load the ...

Page 32: ...ddress subnet mask and default gateway can not be configured 5 By default the default IP address is 192 168 0 1 6 2 User Manage User Manage functions to configure the user name and password for users to log on to the Web management page with a certain access level so as to protect the settings of the switch from being randomly changed The User Manage function can be implemented on User Table and U...

Page 33: ...a password for users login Confirm Password Retype the password User Table Select Select the desired entry to delete the corresponding user information It is multi optional The current user information can t be deleted User ID Name Access Level and status Displays the current user ID user name access level and user status Operation Click the Edit button of the desired entry and you can edit the co...

Page 34: ...nfig Restore Restore Config Click the Restore Config button to restore the backup configuration file It will take effect after the switch automatically reboots Note 1 It will take a few minutes to restore the configuration Please wait without any operation 2 To avoid any damage please don t power down the switch while being restored 3 After being restored the current settings of the switch will be...

Page 35: ...up the configuration Please wait without any operation 6 3 3 Firmware Upgrade The switch system can be upgraded via the Web management page To upgrade the system is to get more functions and better performance Go to http www tp link com to download the updated firmware Choose the menu System System Tools Firmware Upgrade to load the following page Figure 6 11 Firmware Upgrade Note 1 Don t interrup...

Page 36: ...stem Reset On this page you can reset the switch to the default All the settings will be cleared after the switch is reset Choose the menu System System Tools System Reset to load the following page Figure 6 13 System Reset Note After the system is reset the switch will be reset to the default and all the settings will be cleared 6 4 Access Security Access Security provides different security meas...

Page 37: ... z Port based Select this option to limit the ports for login IP Address Mask These fields can be available for configuration only when IP based mode is selected Only the current host and the users within the IP range you set here are allowed for login MAC Address The field can be available for configuration only when MAC based mode is selected Only the current host and the user with this MAC Addr...

Page 38: ...ransmitted to the correct users and servers 2 Encrypt the data transmission to prevent the data being intercepted 3 Maintain the integrality of the data to prevent the data being altered in the transmission Adopting asymmetrical encryption technology SSL uses key pair to encrypt decrypt information A key pair refers to a public key contained in the certificate and its corresponding private key By ...

Page 39: ... secured connection using https please enter https into the URL field of the browser 4 It may take more time for https connection than that for http connection because https connection involves authentication encryption and decryption etc 6 4 3 SSH Config As stipulated by IFTF Internet Engineering Task Force SSH Secure Shell is a security protocol established on application and transport layers SS...

Page 40: ...uccessfully downloaded the certificate authentication will be preferred for SSH access to the switch Choose the menu System Access Seurity SSH Config to load the following page Figure 6 16 SSH Config The following entries are displayed on this screen Global Config SSH Select Enable Disable SSH function Protocol V1 Select Enable Disable SSH V1 to be the supported protocol Protocol V2 Select Enable ...

Page 41: ...ded file will result in the SSH access to the switch via Password authentication Application Example 1 for SSH Network Requirements 1 Log on to the switch via password authentication using SSH and the SSH function is enabled on the switch 2 PuTTY client software is recommended Configuration Procedure 1 Open the software to log on to the interface of PuTTY Enter the IP address of the switch into Ho...

Page 42: ...Y client software is recommended Configuration Procedure 1 Select the key type and key length and generate SSH key Note 1 The key length is in the range of 256 to 3072 bits 2 During the key generation randomly moving the mouse quickly can accelerate the key generation 2 After the key is successfully generated please save the public key and private key to the computer ...

Page 43: ... switch download the public key file saved in the computer to the switch Note 1 The key type should accord with the type of the key file 2 The SSH key downloading can not be interrupted 4 Download the private key file to SSH client software ...

Page 44: ... log on to the interface of PuTTY and enter the IP address for login After successful authentication please enter the login user name If you log on to the switch without entering password it indicates that the key has been successfully downloaded Return to CONTENTS ...

Page 45: ... on the port will be discarded Disabling the port which is vacant for a long time can reduce the power consumption effectively And you can enable the port when it is in need The parameters will affect the working mode of the port please set the parameters appropriate to your needs Choose the menu Switching Port Port Config to load the following page Figure 7 1 Port Config Here you can view and con...

Page 46: ... synchronize the speed with its peer to avoid the packet loss caused by congestion LAG Displays the LAG number which the port belongs to Note 1 The switch can not be managed through the disabled port Please enable the port which is used to manage the switch 2 The parameters of the port members in a LAG should be set as the same 7 1 2 Port Mirror Port Mirror the packets obtaining technology functio...

Page 47: ...ered Select Select the desired port as a mirrored port It is multi optional Port Displays the port number Ingress Select Enable Disable the Ingress feature When the Ingress is enabled the incoming packets received by the mirrored port will be copied to the mirroring port Egress Select Enable Disable the Egress feature When the Egress is enabled the outgoing packets sent by the mirrored port will b...

Page 48: ... switch will broadcast the packets to all the ports At this moment the attacker can obtain the network information via various sniffers and attacks When the MAC Address Table is full the packets traffic will flood to all the ports which results in overload lower speed packets drop and even breakdown of the system Port Security is to protect the switch from the malicious MAC Address Attack by limit...

Page 49: ... is disabled for the LAG port member Only the port is removed from the LAG will the Port Security function be available for the port 2 The Port Security function is disabled when the 802 1X function is enabled 7 2 LAG LAG Link Aggregation Group is to combine a number of ports together to make a single high bandwidth data path so as to implement the traffic load sharing among the member ports in th...

Page 50: ...nt aggregation modes aggregation groups fall into two types Static LAG and LACP Config The LAG function is implemented on the LAG Table Static LAG and LACP Config configuration pages 7 2 1 LAG Table On this page you can view the information of the current LAG of the switch Choose the menu Switching LAG LAG Table to load the following page Figure 7 4 LAG Table The following entries are displayed on...

Page 51: ...s of the LAG Detail Click to get the information of the LAG Click the Detail button for the detailed information of your selected LAG Figure 7 5 Detail Information 7 2 2 Static LAG On this page you can manually configure the LAG The LACP feature is disabled for the member ports of the manually added Static LAG Choose the menu Switching LAG Static LAG to load the following page ...

Page 52: ...egation and disaggregation by exchanging LACP packets with its partner The switch can dynamically group similarly configured ports into a single logical link which will highly extend the bandwidth and flexibly balance the load With the LACP feature enabled the port will notify its partner of the aggregation ID consist of System Priority system MAC address and the Admin Key A dynamic aggregation gr...

Page 53: ...e displayed on this screen Global Config LACP Enable Disable the LACP feature here LACP Config Port Select Click the Select button to quick select the corresponding port based on the port number you entered Select Select the desired port for LACP configuration It is multi optional Port Displays the port number Admin Key Specify an Admin Key for the port The member ports in a dynamic aggregation gr...

Page 54: ...port number is preferred Status Enable Disable the LACP feature for your selected port LAG Displays the LAG number which the port belongs to 7 3 Traffic Monitor The Traffic Monitor function monitoring the traffic of each port is implemented on the Traffic Summary and Traffic Statistics pages 7 3 1 Traffic Summary Traffic Summary screen displays the traffic information of each port which facilitate...

Page 55: ... counted in Packets Tx Displays the number of packets transmitted on the port Octets Rx Displays the number of octets received on the port The error octets are counted in Octets Tx Displays the number of octets transmitted on the port Statistics Click the Statistics button to view the detailed traffic statistics of the port 7 3 2 Traffic Statistics Traffic Statistics screen displays the detailed t...

Page 56: ... with a non integral octet Alignment Error The length of the packet is between 64 bytes and 1518 bytes UndersizePkts Displays the number of the received packets excluding error packets that are less than 64 bytes long Pkts64Octets Displays the number of the received packets including error packets that are 64 bytes long Pkts65to127Octets Displays the number of the received packets including error ...

Page 57: ...s and the features of the MAC Address Table are listed as the following Type Configuration Way Aging out Being kept after reboot if the configuration is saved Relationship between the bound MAC address and the port Static Address Table Manually configuring No Yes The bound MAC address can not be learned by the other ports in the same VLAN Dynamic Address Table Automatically learning Yes No The bou...

Page 58: ...mber of your desired entry Type Select the type of your desired entry z All This option allows the address table to display all the address entries z Static This option allows the address table to display the static address entries only z Dynamic This option allows the address table to display the dynamic address entries only z Filtering This option allows the address table to display the filterin...

Page 59: ...tic MAC address entries can facilitate the switch to reduce broadcast packets and remarkably enhance the efficiency of packets forwarding without learning the address The static MAC address learned by the port with Port Security enabled in the static learning mode will be displayed in the Static Address Table Choose the menu Switching MAC Address Static Address to load the following page Figure 7 ...

Page 60: ...s correctly Please reset the static address entry appropriately 2 If the MAC address of a device has been added to the Static Address Table connecting the device to another port will cause its address not to be recognized dynamically by the switch Therefore please ensure the entries in the Static Address Table are correct and valid 3 The MAC address in the Static Address Table can not be added to ...

Page 61: ...er the Aging Time for the dynamic address Search Option Search Option Select a Search Option from the pull down list and click the Search button to find your desired entry in the Dynamic Address Table MAC Enter the MAC address of your desired entry VLAN ID Enter the VLAN ID number of your desired entry Port Enter the Port number of your desired entry Dynamic Address Table ...

Page 62: ... long excessive invalid MAC address entries maintained by the switch may fill up the MAC address table This prevents the MAC address table from updating with network changes in time If the aging time is too short the switch may remove valid MAC address entries This decreases the forwarding performance of the switch It is recommended to keep the default value 7 4 4 Filtering Address The filtering a...

Page 63: ... number of your desired entry Filtering Address Table Select Select the entry to delete the corresponding filtering address It is multi optional MAC Address Displays the filtering MAC Address VLAN ID Displays the corresponding VLAN ID Port Here the symbol __ indicates no specified port Type Displays the Type of the MAC address Aging Status Displays the Aging Status of the MAC address Note 1 The MA...

Page 64: ...packets are limited in a VLAN Hosts in the same VLAN communicate with one another via Ethernet whereas hosts in different VLANs communicate with one another through the Internet devices such as Router the Lay3 Switch and etc The following figure illustrates a VLAN implementation Figure 8 1 VLAN implementation Compared with the traditional Ethernet VLAN enjoys the following advantages 1 Broadcasts ...

Page 65: ...2 1p priority Refer to section QoS QoS profile for details 3 CFI CFI is a 1 bit field indicating whether the MAC address is encapsulated in the standard format in different transmission media This field is not described in detail in this chapter 4 VLAN ID VLAN ID is a 12 bit field indicating the ID of the VLAN to which this packet belongs It is in the range of 0 to 4 095 Generally 0 and 4 095 is n...

Page 66: ...ets or broadcast packets the port will broadcast the packets in its default VLAN Different packets tagged or untagged will be processed in different ways after being received by ports of different link types which is illustrated in the following table Receiving Packets Port Type Untagged Packets Tagged Packets Forwarding Packets Access If the VID of packet is the same as the PVID of the port the p...

Page 67: ... this screen VLAN Table VLAN ID Select Click the Select button to quick select the corresponding entry based on the VLAN ID number you entered Select Select the desired entry to delete the corresponding VLAN It is multi optional VLAN ID Displays the ID number of VLAN Description Displays the user defined description of VLAN Members Displays the port members in the VLAN Operation Allows you to view...

Page 68: ... Click the Check button to check whether the VLAN ID you entered is valid or not VLAN Members Port Select Click the Select button to quick select the corresponding entry based on the port number you entered Select Select the desired port to be a member of VLAN or leave it blank It s multi optional Port Displays the port number Link Type Displays the Link Type of the port It can be reset on Port Co...

Page 69: ... 1Q VLAN please acquaint yourself with all the devices connected to the switch in order to configure the ports properly Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Figure 8 5 802 1Q VLAN Port Config The following entries are displayed on this screen VLAN Port Config Port Select Click the Select button to quick select the corresponding entry based on the port number you ...

Page 70: ...s the LAG to which the port belongs VLAN Click the Detail button to view the information of the VLAN to which the port belongs Click the Detail button to view the information of the corresponding VLAN Figure 8 6 View the Current VLAN of Port The following entries are displayed on this screen VLAN of Port VLAN ID Select Click the Select button to quick select the corresponding entry based on the VL...

Page 71: ...wing way 1 When receiving an untagged packet the switch matches the packet with the current MAC VLAN If the packet is matched the switch will add a corresponding MAC VLAN tag to it If no MAC VLAN is matched the switch will add a tag to the packet according to the PVID of the received port Thus the packet is assigned automatically to the corresponding VLAN for transmission 2 When receiving tagged p...

Page 72: ...Displays the corresponding VLAN ID of the MAC address Operation Click the Edit button to modify the settings of the entry And click the Modify button to apply your settings 8 2 2 Port Enable On this page you can enable the port for the MAC VLAN feature Only the port is enabled can the configured MAC VLAN take effect Choose the menu VLAN MAC VLAN Port Enable to load the following page Figure 8 8 En...

Page 73: ...ns and services effectively This switch can classify VLANs basing on the common protocol types listed in the following table Please create the Protocol VLAN to your actual need Protocol Type Type value ARP 0x0806 IP 0x0800 MPLS 0x8847 0x8848 IPX 0x8137 IS IS 0x8000 LACP 0x8809 802 1X 0x888E Table 8 2 Protocol types in common use The packet in Protocol VLAN is processed in the following way 1 When ...

Page 74: ...l VLAN Table Select Select the desired entry It is multi optional Protocol Displays the protocol template of the VLAN Ether Type Displays the Ethernet protocol type field in the protocol template VLAN ID Displays the corresponding VLAN ID of the protocol Operation Click the Edit button to modify the settings of the entry And click the Modify button to apply your settings 8 3 2 Protocol Template Th...

Page 75: ...lays the name of the protocol template Ether Type Displays the Ethernet protocol type field in the protocol template Note The Protocol Template bound to VLAN can not be deleted 8 3 3 Port Enable On this page you can enable the port for the Protocol VLAN feature Only the port is enabled can the configured Protocol VLAN take effect Choose the menu VLAN Protocol VLAN Port Enable to load the following...

Page 76: ...hnology is developed and used to establish the private network through the operators backbone networks VLAN VPN Virtual Private Network function the implement of a simple and flexible Layer 2 VPN technology allows the packets with VLAN tags of private networks to be encapsulated with VLAN tags of public networks at the network access terminal of the Internet Service Provider And these packets will...

Page 77: ... type values listed in Table 1 1as the TPID value Protocol type Value ARP 0x0806 IP 0x0800 MPLS 0x8847 0x8848 IPX 0x8137 IS IS 0x8000 LACP 0x8809 802 1X 0x888E Table 8 3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented on the VPN Config VLAN Mapping and Port Enable pages 8 4 1 VPN Config This page allows you to enable the VPN function adjust the global TPI...

Page 78: ...e 8 4 2 VLAN Mapping VLAN Mapping function allows the VLAN TAG of the packets to be replaced with the new VLAN TAG according to the VLAN Mapping entries And these packets can be forwarded in the new VLAN If VLAN VPN function is enabled a received packet already carrying a VLAN tag will be tagged basing on the VLAN Mapping entries and becomes a double tagged packet to be forwarded in the new VLAN C...

Page 79: ...nction Only the port is enabled can the configured VLAN Mapping function take effect Figure 8 14 Enable VLAN Mapping for Port Select your desired port for VLAN Mapping function All the ports are disabled for VLAN Mapping function by default Note When VPN mode is globally enabled VPN function takes effect on all ports If VPN mode is disabled VLAN Mapping function can be enabled by selecting your de...

Page 80: ... switches without having to individually configure each VLAN GARP GARP provides the mechanism to assist the switch members in LAN to deliver propagate and register the information among the members GARP itself does not work as the entity among the devices The application complied with GARP is called GARP implementation and GVRP is the implementation of GARP When GARP is implemented on a port of de...

Page 81: ...the LeaveAll timer to begin a new cycle GVRP GVRP as an implementation of GARP maintains dynamic VLAN registration information and propagates the information to other switches by adopting the same mechanism of GARP After the GVRP feature is enabled on a switch the switch receives the VLAN registration information from other switches to dynamically update the local VLAN registration information inc...

Page 82: ...ig Port Select Click the Select button to quick select the corresponding entry based on the port number you entered Select Select the desired port for configuration It is multi optional Port Displays the port number Status Enable Disable the GVRP feature for the port The port type should be set to TRUNK before enabling the GVRP feature Registration Mode Select the Registration Mode for the port No...

Page 83: ... the two sending operations of each Join message The Join Timer ranges from 20 to 1000 centiseconds Leave Timer Once the Leave Timer is set the GARP port receiving a Leave message will start its Leave timer and deregister the attribute information if it does not receive a Join message again before the timer times out The Leave Timer ranges from 60 to 3000 centiseconds LAG Displays the LAG to which...

Page 84: ...nt through the designated bridge The switch with the lowest bridge ID will be chosen as the designated bridge Root Path Cost Indicates the sum of the path cost of the root port and the path cost of all the switches that packets pass through The root path cost of the root bridge is 0 Bridge Priority The bridge priority can be set to a value in the range of 0 32768 The lower value priority has the h...

Page 85: ...whole network at once the temporal loop will occur if the port transits its state immediately Therefore STP adopts a state transit mechanism that is the new root port and the designated port begins to forward data after twice forward delay which ensures the new configuration BPDUs are spread in the whole network BPDU Comparing Principle in STP mode Assuming two BPDUs BPDU X and BPDU Y If the root ...

Page 86: ...ing way Step Operation 1 For each switch except the one chosen as the root bridge in a network the port that receives the BPDU with the highest priority is chosen as the root port of the switch 2 Using the root port BPDU and the root path cost the switch generates a designated port BPDU for each of its ports z Root ID is replaced with that of the root port z Root path is replaced with the sum of t...

Page 87: ...s standard not only enables spanning trees to converge rapidly but also enables packets of different VLANs to be forwarded along their respective paths so as to provide redundant links with a better load balancing mechanism Features of MSTP z MSTP combines VLANs and spanning tree together via VLAN to instance mapping table It binds several VLANs to an instance to save communication cost and networ...

Page 88: ...In this status the port can only receive BPDU packets z Disconnected In this status the port is not participating in the STP Port Roles In an MSTP the following roles exist z Root Port Indicates the port that has the lowest path cost from this bridge to the Root Bridge and forwards packets to the root z Designated Port Indicates the port that forwards packets to a downstream network segment or swi...

Page 89: ...panning trees on the switch can be implemented on STP Config and STP Summary pages 9 1 1 STP Config Before configuring spanning trees you should make clear the roles each switch plays in each spanning tree instance Only one switch can be the root bridge in each spanning tree instance On this page you can globally configure the spanning tree function and related parameters Choose the menu Spanning ...

Page 90: ... The default value is 32768 and should be exact divisor of 4096 Hello Time Enter a value from 1 to 10 in seconds to specify the interval to send BPDU packets It is used to test the links 2 Hello Time 1 Max Age The default value is 2 seconds Max Age Enter a value from 6 to 40 in seconds to specify the maximum time the switch can wait without receiving a BPDU before attempting to reconfigure The def...

Page 91: ...result in duplicated configuration being sent frequently which increases the network load of the switches and wastes network resources The default value is recommended 3 A too small max age parameter may result in the switches regenerating spanning trees frequently and cause network congestions to be falsely regarded as link problems A too large max age parameter result in the switches unable to f...

Page 92: ...84 Figure 9 5 STP Summary 9 2 Port Config On this page you can configure the parameters of the ports for CIST Choose the menu Spanning Tree Port Config to load the following page ...

Page 93: ...s an important criterion on determining the root port The lower value has the higher priority IntPath IntPath Cost is used to choose the path and calculate the path costs of ports in an MST region It is an important criterion on determining the root port The lower value has the higher priority Edge Port Select Enable Disable Edge Port The edge port can transit its state from blocking to forwarding...

Page 94: ...s connected directly to terminals as edge ports and enable the BPDU protection function as well This not only enables these ports to transit to forwarding state rapidly but also secures your network 2 All the links of ports in a LAG can be configured as point to point links 3 When the link of a port is configured as a point to point link the spanning tree instances owning this port are configured ...

Page 95: ...5 for MST region identification 9 3 2 Instance Config Instance Configuration a property of MST region is used to describe the VLAN to Instance mapping configuration You can assign VLAN to different instances appropriate to your needs Every instance is a VLAN group independent of other instances and CIST Choose the menu Spanning Tree MSTP Instance Instance Config to load the following page Figure 9...

Page 96: ...nce ID The cleared VLAN ID will be automatically mapped to the CIST VLAN Instance Mapping VLAN ID Enter the desired VLAN ID After modification here the new VLAN ID will be added to the corresponding instance ID and the previous VLAN ID won t be replaced Instance ID Enter the corresponding instance ID Note In a network with both GVRP and MSTP enabled GVRP packets are forwarded along the CIST If you...

Page 97: ...isplays the port number of the switch Priority Enter the priority of the port in the instance It is an important criterion on determining if the port connected to this port will be chosen as the root port Path Cost Path Cost is used to choose the path and calculate the path costs of ports in an MST region It is an important criterion on determining the root port The lower value has the higher prio...

Page 98: ...om any malicious attack against STP features The STP Security function can be implemented on Port Protect and TC Protect pages Port Protect function is to prevent the devices from any malicious attack against STP features 9 4 1 Port Protect On this page you can configure loop protect feature root protect feature TC protect feature BPDU protect feature and BPDU filter feature for ports You are sugg...

Page 99: ... account number of the received TC BPDUs exceeds the maximum number you set in the TC threshold field the switch will not performs the removing operation in the TC protect cycle Such a mechanism prevents the switch from frequently removing MAC address entries BPDU Protect Ports of the switch directly connected to PCs or servers are configured as edge ports to rapidly transit their states When thes...

Page 100: ...calculating STP because of link failures and network congestions Root Protect Root Protect is to prevent wrong network topology change caused by the role change of the current legal root bridge TC Protect TC Protect is to prevent the decrease of the performance and stability of the switch brought by continuously removing MAC address entries upon receiving TC BPDUs in the STP network BPDU Protect B...

Page 101: ...STP Security TC Protect to load the following page Figure 9 11 TC Protect The following entries are displayed on this screen TC Protect TC Threshold Enter a number from 1 to 100 It is the maximum number of the TC BPDUs received by the switch in a TC Protect Cycle The default value is 20 TC Protect Cycle Enter a value from 1 to 10 to specify the TC Protect Cycle The default value is 5 ...

Page 102: ...on 1 Configure ports On VLAN 802 1Q VLAN page configure the link type of the related ports as Trunk and add the ports to VLAN 101 and VLAN 106 The detailed instructions can be found in the section 802 1Q VLAN 2 Enable STP function On Spanning Tree STP Config STP Config page enable STP function and select MSTP version On Spanning Tree STP Config Port Config page enable MSTP function for the port 3 ...

Page 103: ...nce 2 On Spanning Tree MSTP Instance Instance Config page configure the priority of Instance 2 to be 4096 z Configure Switch C Step Operation Description 1 Configure ports On VLAN 802 1Q VLAN page configure the link type of the related ports as Trunk and add the ports to VLAN 101 and VLAN 106 The detailed instructions can be found in the section 802 1Q VLAN 2 Enable STP function On Spanning Tree S...

Page 104: ...gion Config page configure the region as TP LINK and keep the default revision setting 4 Configure VLAN to Instance mapping table of the MST region On Spanning Tree MSTP Instance Instance Config page configure VLAN to Instance mapping table Map VLAN 101 103 and 105 to Instance 1 map VLAN 102 104 and 106 to Instance 2 z The configuration procedure for switch E and F is the same with that for switch...

Page 105: ...he ports of switches z Enable Root Protect function for all the ports of root bridges z Enable Loop Protect function for the non edge ports Enable BPDU Protect function or BPDU Filter function for the edge ports which are connected to the PC and server Return to CONTENTS ...

Page 106: ...table for networks with sparsely users whereas broadcast is suitable for networks with densely distributed users When the number of users requiring this information is not certain unicast and broadcast deliver a low efficiency Multicast solves this problem It can deliver a high efficiency to send data in the point to multi point service which can save large bandwidth and reduce the network load In...

Page 107: ...ionship is described as Figure 1 2 Figure 10 2 Mapping relationship between multicast IP address and multicast MAC address The high order 4 bits of the IP multicast address are 1110 identifying the multicast group Only 23 bits of the remaining low order 28 bits are mapped to a multicast MAC address In that way 5 bits of the IP multicast address is not utilized As a result 32 IP multicast addresses...

Page 108: ...port message from the host within a period of time IGMP Messages The switch running IGMP Snooping processes the IGMP messages of different types as follows 1 IGMP Query Message IGMP query message sent by the router falls into two types IGMP general query message and IGMP group specific query message The router regularly sends IGMP general message to query if the multicast groups contain any member...

Page 109: ...port connected to a multicast group member 2 Timers Router Port Time Within the time if the switch does not receive IGMP query message from the router port it will consider this port is not a router port any more The default value is 300 seconds Member Port Time Within the time if the switch does not receive IGMP report message from the member port it will consider this port is not a member port a...

Page 110: ...n Multicast Select the operation for the switch to process unknown multicast Forward or Discard IGMP Snooping Status Description Displays IGMP Snooping status Member Displays the member of the corresponding status 10 1 2 Port Config On this page you can configure the IGMP feature for ports of the switch Choose the menu Multicast IGMP Snooping Port Config to load the following page ...

Page 111: ...desired port If Fast Leave is enabled for a port the Switch will immediately remove this port from the multicast group upon receiving IGMP leave messages LAG Displays the LAG number which the port belongs to Note 1 Fast Leave on the port is effective only when the host supports IGMPv2 or IGMPv3 2 When both Fast Leave feature and Unknown Multicast Discard feature are enabled the leaving of a user c...

Page 112: ... is not a router port any more Member Port Time Specify the aging time of the member port Within this time if the switch doesn t receive IGMP report message from the member port it will consider this port is not a member port any more Leave Time Specify the interval between the switch receiving a leave message from a host and the switch removing the host from the multicast groups Static Router Por...

Page 113: ...broadcasted 10 1 4 Multicast VLAN In old multicast transmission mode when users in different VLANs apply for join the same multicast group the multicast router will duplicate this multicast information and deliver each VLAN owning a receiver one copy This mode wastes a lot of bandwidth The problem above can be solved by configuring a multicast VLAN By adding switch ports to the multicast VLAN and ...

Page 114: ...receiving a leave message from a host and the switch removing the host from the multicast groups Static Router Port Select the static router port which is mainly used in the network with stable topology Note 1 The router port should be in the multicast VLAN otherwise the member ports can not receive multicast streams 2 The Multicast VLAN won t take effect unless you first complete the configuratio...

Page 115: ...over the configuration If it is successfully configured the VLAN ID of the multicast VLAN will be displayed in the IGMP Snooping Status table on the Multicast IGMP Snooping Snooping Config page Application Example for Multicast VLAN Network Requirements Multicast source sends multicast streams via the router and the streams are transmitted to user A and user B through the switch Router Its WAN por...

Page 116: ... Snooping function Enable IGMP Snooping function globally on Multicast IGMP Snooping Snooping Config page Enable IGMP Snooping function for port 3 port4 and port 5 on Multicast IGMP Snooping Port Config page 4 Enable Multicast VLAN Enable Multicast VLAN configure the VLAN ID of a multicast VLAN as 3 and keep the other parameters as default on Multicast IGMP Snooping Multicast VLAN page 5 Check Mul...

Page 117: ... Static Displays all static multicast IP entries z Dynamic Displays all dynamic multicast IP entries Multicast IP Table Multicast IP Displays multicast IP address VLAN ID Displays the VLAN ID of the multicast group Forward Port Displays the forward port of the multicast group Type Displays the type of the multicast IP Note If the configuration on VLAN Config page and multicast VLAN page is changed...

Page 118: ...ed entries quickly z All Displays all static multicast IP entries z Multicast IP Enter the multicast IP address the desired entry must carry z VLAN ID Enter the VLAN ID the desired entry must carry z Port Enter the port number the desired entry must carry Static Multicast IP Table Select Select the desired entry to delete the corresponding static multicast IP It is multi optional Multicast IP Disp...

Page 119: ... 10 3 1 IP Range On this page you can figure the desired IP ranges to be filtered Choose the menu Multicast Multicast Filter IP Range to load the following page Figure 10 10 Multicast Filter The following entries are displayed on this screen Create IP Range IP Range ID Enter the IP range ID Start Multicast IP Enter start multicast IP of the IP range you set End Multicast IP Enter end multicast IP ...

Page 120: ... Filter Config Port Select Click the Select button to quick select the corresponding port based on the port number you entered Select Select the desired port for multicast filtering It is multi optional Port Displays the port number Filter Select Enable Disable multicast filtering feature on the port Action Mode Select the action mode to process multicast packets when the multicast IP is in the fi...

Page 121: ...anges can be bound to one port Configuration Procedure Step Operation Description 1 Configure IP Range Required Configure IP Range to be filtered on Multicast Multicast Filter IP Range page 2 Configure multicast filter rules for ports Optional Configure multicast filter rules for ports on Multicast Multicast Filter Port Filter page 10 4 Packet Statistics On this page you can view the multicast dat...

Page 122: ...number you entered Port Displays the port number of the switch Query Packet Displays the number of query packets the port received Report Packet V1 Displays the number of IGMPv1 report packets the port received Report Packet V2 Displays the number of IGMPv2 report packets the port received Report Packet V3 Displays the number of IGMPv3 report packets the port received Leave Packet Displays the num...

Page 123: ...ess packets to different priority queues based on the priority modes This switch implements three priority modes based on port on 802 1P and on DSCP z Queue scheduling algorithm When the network is congested the problem that many packets complete for resources must be solved usually in the way of queue scheduling The switch supports four schedule modes SP WRR SP WRR and Equ Priority Mode This swit...

Page 124: ...can configure different DS field mapping to the corresponding priority levels Non IP datagram with 802 1Q tag are mapped to different priority levels based on 802 1P priority mode if 8021 1P Priority mode is enabled the untagged non IP datagram are mapped based on port priority mode Schedule Mode When the network is congested the problem that many packets complete for resources must be solved usua...

Page 125: ...se of The default weight value ratio of TC0 TC1 TC2 and TC3 is 1 2 4 8 Figure 9 5 WRR Mode 3 SP WRR Mode Strict Priority Weight Round Robin Mode In this mode this switch provides two scheduling groups SP group and WRR group Queues in SP group and WRR group are scheduled strictly based on strict priority mode while the queues inside WRR group follow the WRR mode In SP WRR mode TC3 is in the SP grou...

Page 126: ...duling algorithms The port priorities are labeled as CoS0 CoS1 CoS7 The DiffServ function can be implemented on Port Priority Schedule Mode 802 1P Priority and DSCP Priority pages 11 1 1 Port Priority On this page you can configure the port priority Choose the menu QoS DiffServ Port Priority to load the following page Figrue 11 1 Port Priority Config The following entries are displayed on this scr...

Page 127: ...ackets complete for resources must be solved usually in the way of queue scheduling The switch will control the forwarding sequence of the packets according to the priority queues and scheduling algorithms you set On this switch the priority levels are labeled as TC0 TC1 TC3 Choose the menu QoS DiffServ Schedule Mode to load the following page Figure 11 2 Schedule Mode The following entries are di...

Page 128: ... equally The weight value ratio of all the queues is 1 1 1 1 11 1 3 802 1P Priority On this page you can configure 802 1P priority 802 1P gives the Pri field in 802 1Q tag a recommended definition This field is used to divide packets into 8 priorities When 802 1P Priority is enabled the packets with 802 1Q tag are mapped to different priority levels based on 802 1P priority mode The untagged packe...

Page 129: ...elect a schedule mode Required Log on to the Schedule Mode page to select a schedule mode 11 1 4 DSCP Priority On this page you can configure DSCP priority DSCP DiffServ Code Point is a new definition to IP ToS field given by IEEE This field is used to divide IP datagram into 64 priorities When DSCP Priority is enabled IP datagram are mapped to different priority levels based on DSCP priority mode...

Page 130: ...63 Priority Level Indicates the priority level the packets with tag are mapped to The priority levels are labeled as TC 0 TC1 TC2 and TC3 Note To complete QoS function configuration you have to go to the Schedule Mode page to select a schedule mode after the configuration is finished on this page Configuration Procedure Step Operation Description 1 Log on to the DSCP Priority page 2 Enable DP prio...

Page 131: ...and Storm Control pages 11 2 1 Rate Limit Rate limit functions to control the ingress egress traffic rate on each port via configuring the available bandwidth of each port In this way the network bandwidth can be reasonably distributed and utilized Choose the menu QoS Bandwitdth Control Rate Limit to load the following page Figure 11 7 Rate Limit The following entries are displayed on this screen ...

Page 132: ...te limit feature is enabled for one or more ports you are suggested to disable the flow control on each port to ensure the switch works normally 11 2 2 Storm Control Storm Control function allows the switch to filter broadcast multicast and UL frame in the network If the transmission rate of the three kind packets exceeds the set bandwidth the packets will be automatically discarded to avoid netwo...

Page 133: ...te limit feature will be disabled for this port 11 3 Voice VLAN Voice VLANs are configured specially for voice data stream By configuring Voice VLANs and adding the ports with voice devices attached to voice VLANs you can perform QoS related configuration for voice data ensuring the transmission priority of voice data stream and voice quality OUI Address Organizationally unique identifier address ...

Page 134: ...the port voice VLAN mode is configured according to the type of packets sent out from voice device and the link type of the port The following table shows the detailed information Port Voice VLAN Mode Voice Stream Type Link type of the port and processing mode ACCESS Not supported TRUNK Supported The default VLAN of the port can not be voice VLAN TAG voice stream GENERAL Supported The default VLAN...

Page 135: ...hether the port permits the VLAN or not independent of voice VLAN security mode UNTAG packet Packet with voice VLAN TAG Do not check the source MAC address of the packet and all the packets can be transmitted in the voice VLAN Disable Packet with other VLAN TAG The processing mode for the device to deal with the packet is determined by whether the port permits the VLAN or not independent of voice ...

Page 136: ...VLAN function is enabled the parameters of the ports in the voice VLAN should be configured on this page Choose the menu QoS Voice VLAN Port Config to load the following page Figure11 10 Port Config Note To enable voice VLAN function for the LAG member port please ensure its member state accords with its port mode If a port is a member port of voice VLAN changing its port mode to be Auto will make...

Page 137: ...for forwarding packets z Enable All packets are forwarded z Disable Only voice data are forwarded Member State Displays the state of the port in the current voice VLAN LAG Displays the LAG number which the port belongs to 11 3 3 OUI Config The switch supports OUI create and add the MAC address of the special voice device to the OUI table of the switch The switch determines whether a received packe...

Page 138: ...LAN Port Config page configure the link type of ports of the voice device 2 Create VLAN Required On VLAN 802 1Q VLAN Port Config page click the Create button to create a VLAN 3 Add OUI address Optional On QoS Voice VLAN OUI Config page you can check whether the switch is supporting the OUI template or not If not please add the OUI address 4 Configure the parameters of the ports in voice VLAN Requi...

Page 139: ...ied time range data packets can be filtered by differentiating the time ranges On this switch absolute time week time and holiday can be configured Configure an absolute time section in the form of the start date to the end date to make ACLs effective configure a week time section to make ACLs effective on the fixed days of the week configure a holiday section to make ACLs effective on some specia...

Page 140: ...Holiday you set as a time range The ACL rule based on this time range takes effect only when the system time is within the holiday Absolute Select Absolute to configure absolute time range The ACL rule based on this time range takes effect only when the system time is within the absolute time range Week Select Week to configure week time range The ACL rule based on this time range takes effect onl...

Page 141: ... The following entries are displayed on this screen Create Holiday Start Date Specify the start date of the holiday End Date Specify the end date of the holiday Holiday Name Enter the name of the holiday Holiday Table Select Select the desired entry to delete the corresponding holiday Index Displays the index of the holiday Holiday Name Displays the name of the holiday Start Date Displays the star...

Page 142: ...an view the current ACLs configured in the switch Choose the menu ACL ACL Config ACL Summary to load the following page Figure 12 4 ACL Summary The following entries are displayed on this screen Search Option Select ACL Select the ACL you have created ACL Type Displays the type of the ACL you select Rule Order Displays the rule order of the ACL you select Rule Table Here you can view the informati...

Page 143: ... ACL Config MAC ACL to load the following page Figure12 6 Create MAC Rule The following entries are displayed on this screen Create MAC ACL ACL ID Select the desired MAC ACL for configuration Rule ID Enter the rule ID Operation Select the operation for the switch to process packets which match the rules z Permit Forward packets z Deny Discard Packets 1 S MAC Enter the source MAC address contained ...

Page 144: ...te Standard IP Rule The following entries are displayed on this screen Create Standard IP ACL ACL ID Select the desired Standard IP ACL for configuration Rule ID Enter the rule ID Operation Select the operation for the switch to process packets which match the rules z Permit Forward packets z Deny Discard Packets Fragment Select if the rule will take effect on the fragment When the fragment is sel...

Page 145: ... Figure12 8 Create Extend IP Rule The following entries are displayed on this screen Create Extend IP ACL ACL ID Select the desired Extend IP ACL for configuration Rule ID Enter the rule ID Operation Select the operation for the switch to process packets which match the rules z Permit Forward packets z Deny Discard Packets 1 Fragment Select if the rule will take effect on the fragment packets When...

Page 146: ...rom the pull down list of IP Protocol DSCP Enter the DSCP information contained in the rule IP ToS Enter the IP ToS contained in the rule IP Pre Enter the IP Precedence contained in the rule Time Range Select the time range for the rule to take effect 12 3 Policy Config A Policy is used to control the data packets those match the corresponding ACL rules by configuring ACLs and actions together for...

Page 147: ...lays the source condition added to the policy Redirect Displays the redirect added to the policy QoS Remark Displays the QoS remark added to the policy 12 3 2 Policy Create On this page you can create the policy Choose the menu ACL Policy Config Policy Create to load the following page Figure 12 10 Create Policy The following entries are displayed on this screen Create Policy Policy Name Enter the...

Page 148: ...he transmission rate of the data packets in the policy z Rate Specify the forwarding rate of the data packets those match the corresponding ACL z Out of Band Specify the disposal way of the data packets those are transmitted beyond the rate Redirect Select Redirect to change the forwarding direction of the data packets in the policy z Destination Port Forward the data packets those match the corre...

Page 149: ...nd to the port VLAN The Policy Binding can be implemented on Binding Table Port Binding and VLAN Binding pages 12 4 1 Binding Table On this page view the policy bound to port VLAN Choose the menu ACL Policy Binding Binding Table to load the following page Figure 12 12 Binding Table The following entries are displayed on this screen Search Option Show Mode Select a show mode appropriate to your nee...

Page 150: ...f the binding policy Policy Name Displays the name of the binding policy Port Displays the number of the port bound to the corresponding policy Direction Displays the binding direction 12 4 3 VLAN Binding On this page you can bind a policy to a VLAN Choose the menu ACL Policy Binding VLAN Binding to load the following page Figure12 14 Bind the policy to the VLAN The following entries are displayed...

Page 151: ...ckets those match the corresponding ACL rules 11 Bind the policy to the port VLAN Required On ACL Policy Binding configuration pages bind the policy to the port VLAN to make the policy effective on the corresponding port VLAN Application Example for VLAN Binding Network Requirements 1 The manager of the RD department can access to the forum of the company and the Internet without any forbiddance T...

Page 152: ...f port 18 as GENERAL and its PVID as 8 The IP range of VLAN 8 is 172 31 50 0 2 Configure Time range On ACL Time Range page create a time range named work_time Select Week mode and configure the week time from Monday to Friday Add a time slice 08 00 18 00 3 Configure for requirement 1 On ACL ACL Config ACL Create page create ACL 11 On ACL ACL Config MAC ACL page select ACL 11 create Rule 1 configur...

Page 153: ...igure the time range as work_time On ACL Policy Config Action Create page add ACL 100 to Policy limit1 On ACL Policy Binding Port Binding page select Policy limit1 to bind to port 16 5 Configure for requirement 4 and 5 On ACL ACL Config ACL Create page create ACL 101 On ACL ACL Config Standard IP ACL page select ACL 101 create Rule 1 configure operation as Deny configure S IP as 172 31 70 1 and ma...

Page 154: ...AC address VLAN ID and the connected port number of the Hosts in the LAN via the ARP Scanning function and bind them conveniently You are only requested to enter the IP address on the ARP Scanning page for the scanning 3 DHCP Snooping You can use DHCP Snooping functions to monitor the process of the Host obtaining the IP address from DHCP server and record the IP address MAC address VLAN and the c...

Page 155: ...s Displays the MAC Address of the Host VLAN ID Displays the VLAN ID here Port Displays the number of port connected to the Host Protect Type Allows you to view and modify the Protect Type of the entry Source Displays the Source of the entry Collision Displays the Collision status of the entry Warning Indicates that the collision may be caused by the MSTP function Critical Indicates that the entry ...

Page 156: ...nual Binding Table Select Select the desired entry to be deleted It is multi optional Host Name Displays the Host Name here IP Address Displays the IP Address of the Host MAC Address Displays the MAC Address of the Host VLAN ID Displays the VLAN ID here Port Displays the number of port connected to the Host Protect Type Displays the Protect Type of the entry Collision Displays the Collision status...

Page 157: ...RP entry related to the IP address of Host B exists If yes Host A will directly send the packets to Host B If the corresponding MAC address is not found in the ARP Table Host A will broadcast ARP request packet which contains the IP address of Host B the IP address of Host A and the MAC address of Host A in the LAN 2 Since the ARP request packet is broadcasted all hosts in the LAN can receive it H...

Page 158: ...ost VLAN ID Displays the VLAN ID here Port Displays the number of port connected to the Host Protect Type Displays the Protect Type of the entry Collision Displays the Collision status of the entry Warning Indicates that the collision may be caused by the MSTP function Critical Indicates that the entry has a collision with the other entries 13 1 4 DHCP Snooping Nowadays the network is getting larg...

Page 159: ...ure Figure 13 5 Network diagram for DHCP snooping implementation For different DHCP Clients DHCP Server provides three IP address assigning methods 1 Manually assign the IP address Allows the administrator to bind the static IP address to the specific Client e g WWW Server via the DHCP Server 2 Automatically assign the IP address DHCP Server assigns the IP address without an expiration time limita...

Page 160: ...d the DHCP ACK packet back to the Client Otherwise the Server will send the DHCP NAK packet to refuse assigning this IP address to the Client Option 82 The DHCP packets are classified into 8 types with the same format basing on the format of BOOTP packet The difference between DHCP packet and BOOTP packet is the Option field The Option field of the DHCP packet is used to expand the function for ex...

Page 161: ...stake 2 Hacker exhausted the IP addresses of the normal DHCP server and then pretended to be a legal DHCP server to assign the IP addresses and the other parameters to Clients For example hacker used the pretended DHCP server to assign a modified DNS server address to users so as to induce the users to the evil financial website or electronic trading website and cheat the users of their accounts a...

Page 162: ...o load the following page Figure 13 8 DHCP Snooping Note If you want to enable the DHCP Snooping feature for the member port of LAG please ensure the parameters of all the member ports are the same The following entries are displayed on this screen DHCP Snooping Config ...

Page 163: ...e switch defined one Drop Indicates to discard the packets including the Option 82 field Customization Enable Disable the switch to define the Option 82 Circuit ID Enter the sub option Circuit ID for the customized Option 82 Remote ID Enter the sub option Remote ID for the customized Option 82 Port Config Port Select Click the Select button to quick select the corresponding port based on the port ...

Page 164: ...dress of a forged Gateway to Host and then the Host will automatically update the ARP table after receiving the ARP response packets which causes that the Host can not access the network normally The ARP Attack implemented by imitating Gateway is illustrated in the following figure Figure 13 9 ARP Attack Imitating Gateway As the above figure shown the attacker sends the fake ARP packets with a for...

Page 165: ...in LAN it will encapsulate this false destination MAC address for packets which results in a breakdown of the normal communication Cheating Terminal Hosts The attacker sends the false IP address to MAC address mapping entries of terminal Host Server to another terminal Host which causes that the two terminal Hosts in the same network segment can not communicate with each other normally The ARP Att...

Page 166: ...In The Middle Attack The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the Hosts maintain the wrong ARP table When the Hosts in LAN communicate with one another they will send the packets to the attacker according to the wrong ARP table Thus the attacker can get and process the packets before forwarding them During the procedure the communication packets infor...

Page 167: ...B keep a normal appearing communication 5 The attacker continuously sends the false ARP packets to the Host A and Host B so as to make the Hosts always maintain the wrong ARP table In the view of Host A and Host B their packets are directly sent to each other But in fact there is a Man In The Middle stolen the packets information during the communication procedure This kind of ARP attack is called...

Page 168: ...llegal ARP packets so as to prevent the network from ARP attacks such as the Network Gateway Spoofing and Man In The Middle Attack etc Choose the menu Network Security ARP Inspection ARP Detect to load the following page Figure 13 13 ARP Detect The following entries are displayed on this screen ARP Detect ARP Detect Enable Disable the ARP Detect function and click the Apply button to apply Trusted...

Page 169: ...ed port Required On the Network Security ARP Inspection ARP Detect page specify the trusted port The specific ports such as up linked port routing port and LAG port should be set as Trusted Port 4 Enable ARP Detect feature Required On the Network Security ARP Inspection ARP Detect page enable the ARP Detect feature 13 2 2 ARP Defend With the ARP Defend enabled the switch can terminate receiving th...

Page 170: ...the received ARP packets Status Displays the status of the ARP attack LAG Displays the LAG to which the port belongs to Operation Click the Recover button to restore the port to the normal status The ARP Defend for this port will be re enabled Note It s not recommended to enable the ARP Defend feature for the LAG member port 13 2 3 ARP Statistics ARP Statistics feature displays the number of the i...

Page 171: ... Displays the port number Trusted Port Indicates the port is an ARP Trusted Port or not Illegal ARP Packet Displays the number of the received illegal ARP packets 13 3 IP Source Guard IP Source Guard is to filter the IP packets based on the IP MAC Binding entries Only the packets matched to the IP MAC Binding rules can be processed which can enhance the bandwidth utility Choose the menu Network Se...

Page 172: ... Only the packets with its source IP address and port number matched to the IP MAC binding rules can be processed SIP MAC Only the packets with its source IP address source MAC address and port number matched to the IP MAC binding rules can be processed LAG Displays the LAG to which the port belongs to 13 4 DoS Defend DoS Denial of Service Attack is to occupy the network bandwidth maliciously by t...

Page 173: ...h its TCP SYN field set to 1 and source port less than 1024 Smurf Attack By pretending to be a Host the attacker broadcasts request packets for ICMP response in the LAN When receiving the request packet all the Hosts in the LAN will respond and send the reply packets to the actual Host which will causes this Host to be attacked Blat Attack The attacker sends the illegal packet with its source port...

Page 174: ...d SYN Limiting Specify the transmission rate of the SYN SYN ACK packets when the Defend Type SYN SYN ACK Flooding is enabled Defend Table Select Select the entry to enable the corresponding Defend Type Defend Type Displays the Defend Type name Attack Count Displays the count of the corresponding attack 13 4 2 DoS Detect DoS Detect functions to detect the details of the DoS attack packets based on ...

Page 175: ...of the network and block the unnecessary network services 5 Enhance the network security via the protection devices such as the hardware firewall 13 5 802 1X The 802 1X protocol was developed by IEEE802 LAN WAN committee to deal with the security issues of wireless LANs It was then used in Ethernet as a common access control mechanism for LAN ports to solve mainly authentication and security probl...

Page 176: ...stitute it to provide normal authentication service The Mechanism of an 802 1X Authentication System IEEE 802 1X authentication system uses EAP Extensible Authentication Protocol to exchange information between the supplicant system and the authentication server 1 EAP protocol packets transmitted between the supplicant system and the authenticator system are encapsulated as EAPOL packets 2 EAP pro...

Page 177: ...L Start packet to the switch The 802 1X client program then forwards the packet to the switch to start the authentication process 2 Upon receiving the authentication request packet the switch sends an EAP Request Identity packet to ask the 802 1X client program for the user name 3 The 802 1X client program responds by sending an EAP Response Identity packet to the switch with the user name include...

Page 178: ...ed through RADIUS protocol In this mode PAP or CHAP is employed between the switch and the RADIUS server This switch supports the PAP terminating mode The authentication procedure of PAP is illustrated in the following figure Figure 13 21 PAP Authentication Procedure In PAP mode the switch encrypts the password and sends the user name the randomly generated key and the supplicant system encrypted ...

Page 179: ...lowed to access the other resources With the Guest VLAN function enabled users can access the Guest VLAN to install 802 1X client program or upgrade their 802 1x clients without being authenticated If there is no supplicant past the authentication on the port in a certain time the switch will add the port to the Guest VLAN With 802 1X function enabled and Guest VLAN configured after the maximum nu...

Page 180: ...packets to be transmitted to the authentication server PAP IEEE 802 1X authentication system uses extensible authentication protocol EAP to exchange information between the switch and the client The transmission of EAP packets is terminated at the switch and the EAP packets are converted to the other protocol such as RADIUS packets for transmission Guest VLAN Enable Disable the Guest VLAN feature ...

Page 181: ...time for the switch to wait for the response from authentication server before resending a request to the authentication server 13 5 2 Port Config On this page you can configure the 802 1X features for the ports basing on the actual network Choose the menu Network Security 802 1X Port Config to load the following page Figure 13 23 Port Config The following entries are displayed on this screen Port...

Page 182: ...tion for access Port Based All the clients connected to the port can access the network on the condition that any one of the clients has passed the 802 1X Authentication Authorized Displays the authentication status of the port LAG Displays the LAG to which the port belongs to 13 5 3 Radius Server RADIUS Remote Authentication Dial In User Service server provides the authentication service for the ...

Page 183: ...e port connected to the authentication server In addition the authentication parameters of the switch and the authentication server should be the same Configuration Procedure Step Operation Description 1 Connect an authentication server to the switch and do some configuration Required Record the information of the client in the LAN to the authentication server and configure the corresponding authe...

Page 184: ...gent is the server software operated on network devices with the responsibility of receiving and processing the request packets from SNMP Management Station In the meanwhile Agent will inform the SNMP Management Station of the events whenever the device status changes or the device encounters any abnormalities such as restarting the device MIB MIB is the set of the managed objects MIB defines a fe...

Page 185: ...MP messages SNMP adopts the hierarchical architecture to identify the managed objects It is like a tree and each tree node represents a managed object as shown in the following figure Thus the object can be identified with the unique path starting from the root and indicated by a string of numbers The number string is the Object Identifier of the managed object In the following figure the OID of t...

Page 186: ...unction please configure the SNMP function globally on this page Choose the menu SNMP SNMP Config Global Config to load the following page Figure 14 3 Global Config The following entries are displayed on this screen Global Config SNMP Enable Disable the SNMP function Local Engine Local Engine ID Specify the switch s Engine ID for the remote clients The Engine ID is a unique alphanumeric string use...

Page 187: ... screen View Config View Name Give a name to the View for identification Each View can include several entries with the same name MIB Object ID Enter the Object Identifier OID for the entry of View View Type Select the type for the view entry Include The view entry can be managed by the SNMP management station Exclude The view entry can not be managed by the SNMP management station View Table Sele...

Page 188: ...p In this model the Community Name is used for authentication SNMP v1 can be configured on the SNMP Community page directly v2c SNMPv2c is defined for the group In this model the Community Name is used for authentication SNMP v2c can be configured on the SNMP Community page directly v3 SNMPv3 is defined for the group In this model the USM mechanism is used for authentication If SNMPv3 is enabled t...

Page 189: ...ty Model Displays the Security Model of the group Security Level Displays the Security Level of the group Read View Displays the Read View name in the entry Write View Displays the Write View name in the entry Notify View Displays the Notify View name in the entry Operation Click the Edit button to modify the Views in the entry and click the Modify button to apply Note Every Group should contain a...

Page 190: ...nd Security Level Security Model Select the Security Model for the User Security Level Select the Security Level for the SNMP v3 User Auth Mode Select the Authentication Mode for the SNMP v3 User None No authentication method is used MD5 The port authentication is performed via HMAC MD5 algorithm SHA The port authentication is performed via SHA Secure Hash Algorithm This authentication mode has a ...

Page 191: ...k the Modify button to apply Note The SNMP User and its Group should have the same Security Model and Security Level 14 1 5 SNMP Community SNMP v1 and SNMP v2c adopt community name authentication The community name can limit access to the SNMP agent from SNMP network management station functioning as a password If SNMP v1 or SNMP v2c is employed you can directly configure the SNMP Community on thi...

Page 192: ... is viewDefault Configuration Procedure z If SNMPv3 is employed please take the following steps Step Operation Description 1 Enable SNMP function globally Required On the SNMP SNMP Config Global Config page enable SNMP function globally 2 Create SNMP View Required On the SNMP SNMP Config SNMP View page create SNMP View of the management agent The default View Name is viewDefault and the default OI...

Page 193: ...ication With the Notification function enabled the switch can initiatively report to the management station about the important events that occur on the Views e g the managed device is rebooted which allows the management station to monitor and process the events in time The notification information includes the following two types Trap Trap is the information that the managed device initiatively ...

Page 194: ...vel are used authNoPriv Only the authentication security level is used authPriv Both the authentication and the privacy security levels are used Type Select the type for the notifications Trap Indicates traps are sent Inform Indicates informs are sent The Inform type has a higher security than the Trap type Retry Specify the amount of times the switch resends an inform request The switch will rese...

Page 195: ...trator to take the protection measures in time to avoid any network malfunction In addition RMON MIB records network statistics information of network performance and malfunction periodically based on which the management station can monitor network at any time effectively RMON is helpful for network administrator to manage the large scale network since it reduces the communication traffic between...

Page 196: ...lect the desired entry for configuration Index Displays the index number of the entry Port Specify the port from which the history samples were taken Interval Specify the interval to take samplings from the port Owner Enter the name of the device or user that defined the entry Status Select Enable Disable the corresponding sampling entry 14 3 2 Event Config On this page you can configure the RMON ...

Page 197: ...event type which determines the act way of the network device in response to an event None No processing Log Logging the event Notify Sending trap messages to the management station Log Notify Logging the event and sending trap messages to the management station Owner Enter the name of the device or user that defined the entry Status Select Enable Disable the corresponding event entry 14 3 3 Alarm...

Page 198: ...red to the threshold Rising Threshold Enter the rising counter value that triggers the Rising Threshold alarm Rising Event Select the index of the corresponding event which will be triggered if the sampled value is larger than the Rising Threshold Falling Threshold Enter the falling counter value that triggers the Falling Threshold alarm Falling Event Select the index of the corresponding event wh...

Page 199: ...rresponding alarm entry Note When alarm variables exceed the Threshold on the same direction continuously for several times an alarm event will only be generated on the first time that is the Rising Alarm and Falling Alarm are triggered alternately for that the alarm following to Rising Alarm is certainly a Falling Alarm and vice versa Return to CONTENTS ...

Page 200: ...e others are member switches The typical topology is as follows Figure 13 1 Cluster topology Cluster Role According to their functions and status in a cluster switches in the cluster play different roles You can specify the role a switch plays There are three roles Commander Switch Indicates the device that can configure and manage all the devices in a cluster It discovers adn determins the candid...

Page 201: ... NDP NDP Neighbor Discovery Protocol is used to get the information of the directly connected neighbor devices to support cluster establishing An NDP enabled device sends NDP packets regularly to neighbor devices as well as receives NDP packets from neighbor devices An NDP packet carries the NDP information including the device name MAC address firmware version and so on A switch keeps and maintai...

Page 202: ...t Displays the port number of the neighbor switch which is connected to the corresponding port Device Name Displays the name of the neighbor switch Device MAC Displays MAC address of the neighbor switch Firmware Version Displays the firmware version of the neighbor switch Aging Time Displays the period for the switch s to keep the NDP packets from the neighbor switch 15 1 2 NDP Summary On this pag...

Page 203: ...witch Hello Time Displays the interval to send NDP packets Port Status Port Displays the port number of the switch NDP Displays the NDP status enabled or disabled for the current port Send NDP Packets Displays the count of currently sent NDP packets Receive NDP Packets Displays the count of currently received NDP packets Error NDP Packets Displays the count of currently received error NDP packets ...

Page 204: ...ter NDP NDP Config to load the following page Figure 15 4 NDP Config The following entries are displayed on this screen Global Cofig NDP Select Enable Disable NDP function globally Aging Time Enter the period for the neighbor switch to keep the NDP packets from this switch Hello Time Enter the interval to send NDP packets Port Config Select Select the desired port to configure its NDP status ...

Page 205: ...commander switch After the commander switch sends out NTDP request packets lots of switches receive the request packets and send out response packets at the same time which may result in network congestion and the commander switch overload To avoid the above problem two time parameters are designed to control the spread speed of NTDP request packets z NTDP hop delay Indicates the time between the ...

Page 206: ...ded to a cluster z Individual Indicates the device with cluster feature disabled Hops Displays the hop count from this device to the switch Neighbor Info Click the Detail button to view the complete information of this device and its neighbors Collect Topology Click the Collect Topology button to collect NTDP information of the switch so as to collect the latest network topology Click the Detail b...

Page 207: ...terval to collect topology information NTDP Hops Displays the hop count the switch topology collects NTDP Hop Delay Displays the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time NTDP Port Delay Displays the time between the port forwarding NTDP request packets and its adjacent port forwarding NTDP request packets over Port Sta...

Page 208: ...se the menu Cluster NTDP NTDP Config to load the following page Figure 15 8 NTDP Config The following entries are displayed on this screen Global Config NTDP Select Enable Disable NTDP for the switch globally NTDP Interval Time Enter the interval to collect topology information The default is 1 minute NTDP Hops Enter the hop count the switch topology collects The default is 3 hops ...

Page 209: ...ote NTDP function is effective only when NTDP function is enabled globally and for the port 15 3 Cluster A commander switch can recognize and add the candidate switch to a cluster automatically based NDP and NTDP You can manually add the candidate switch to a cluster If the candidate switch is successfully added to the cluster it will get a private IP address assigned by the commander switch You c...

Page 210: ...uster Displays the cluster status enabled or disabled of the switch Cluster Role Displays the role the switch plays in the cluster Cluster Name Displays the name of the current cluster the switch belongs to Cluster Config IP Pool Mask Displays the private IP range of the member switches in the cluster Hold Time Displays the time for the commander switch to keep the cluster information Interval Tim...

Page 211: ...h to the commander switch z For a member switch the following page is displayed Figure 15 11 Cluster Summary for Member Switch The following entries are displayed on this screen Global Config Cluster Displays the cluster status enabled or disabled of the switch Cluster Role Displays the role the switch plays in the cluster Cluster Name Displays the name of the current cluster the switch belongs to...

Page 212: ...isplayed Figure 15 13 Cluster Configuration for Candidate Switch The following entries are displayed on this screen Current Role Role Displays the role the current switch plays in the cluster Role Change Individual Select this option to change the role of the switch to be individual switch Commander Select this option to change the role of the switch to be commander switch and then configure the c...

Page 213: ...t this option to change the role of the switch to be candidate switch Cluster Config Cluster Name Enter the name of the cluster Hold Time Enter the time for the switch to keep the cluster information Interval Time Enter the interval to send handshake packets z For a member switch the following page is displayed Figure 15 15 Cluster Configuration for Member Switch The following entries are displaye...

Page 214: ...his screen Current Role Role Displays the role the current switch plays in the cluster Role Change Candidate Select this option to change the role of the switch to be candidate switch 15 3 3 Member Config When this switch is the commander switch of the cluster via the commander switch you can manually add a candidate switch to the cluster as well as remove the designated member switch from the clu...

Page 215: ...r switch Role Displays the role the switch plays currently Online Time Displays the time when the member switch is added to the cluster Hops Displays the hop count from the member switch to the commander switch Manage Click the Manage button after selecting the desired entry to log on to the Web management page of the corresponding member switch 15 3 4 Cluster Topology On this page you can see the...

Page 216: ...elected device is a member switch in the cluster you can click the Manage button to log on to Web management page of the corresponding switch Global configuration procedure of the Cluster function Before configuring a cluster you should make clear the role each device will play in the cluster in advance and make sure the devices in the cluster can communicate with each other If the switch is a com...

Page 217: ...or configuration If the switch is a member switch in the cluster please take the following steps Step Operation Description 1 Enable the NDP function globally and for the port and then configure NDP parameters Optional On Cluster NDP NDP Config page enable the NDP function on the switch 2 Enable the NTDP function globally and for the port and then configure NTDP parameters Optional On Cluster NTDP...

Page 218: ... function 2 Enable NTDP function on the switch and for port 1 On Cluster NTDP NTDP Config page enable NTDP function z Configure the commander switch Step Operation Description 1 Enable NDP function on the switch and for port 1 port 2 and port 3 On Cluster NDP NDP Config page enable NDP function 2 Enable NTDP function on the switch and for port 1 port 2 and port 3 On Cluster NTDP NTDP Config page e...

Page 219: ...ber switch and click the Manage button to log on to its Web management page Or On Cluster Cluster Cluster Topology page double click the switch icon to view its detailed information click the switch icon and click the Manage button to log on to the Web management page Return to CONTENTS ...

Page 220: ... peer device are available 5 Network Diagnose Test whether the destination device is reachable and detect the route hops from the switch to the destination device 16 1 System Monitor System Monitor functions to display the utilization status of the memory and the CPU of switch via the data graph The CPU utilization rate and the memory utilization rate should fluctuate stably around a specific valu...

Page 221: ...itor Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds 16 1 2 Memory Monitor Choose the menu Maintenance System Monitor Memory Monitor to load the following page ...

Page 222: ... network administrator to monitor network operation and diagnose malfunction The Logs of switch are classified into the following eight levels Severity Level Description emergencies 0 The system is unusable alerts 1 Action must be taken immediately critical 2 Critical conditions errors 3 Error conditions warnings 4 Warnings conditions notifications 5 Normal but significant conditions informational...

Page 223: ... correct time after you configure on the System System Info System Time Web management page Module Displays the module which the log information belongs to You can select a module from the drop down list to display the corresponding log information Severity Displays the severity level of the log information You can select a severity level to display the log information whose severity level value i...

Page 224: ...Indicates the flash sector for saving system log The inforamtion in the log file will not be lost after the switch is restarted and can be exported on the Backup Log page Severity Specify the severity level of the log information output to each channel Only the log with the same or smaller severity level value will be output Status Enable Disable the channel 16 2 3 Remote Log Remote log feature en...

Page 225: ... or smaller severity level value will be sent to the corresponding log host Status Enable Disable the log host Note The Log Server software is not provided If necessary please download it on the Internet 16 2 4 Backup Log Backup Log feature enables the system logs saved in the switch to be output as a file for device diagnosis and statistics analysis When a critical error results in the breakdown ...

Page 226: ...switch which facilitates you to locate and diagnose the trouble spot of the network Choose the menu Maintenance Device Diagnose Cable Test to load the following page Figure 16 7 Cable Test The following entries are displayed on this screen Cable Test Port Select the port for cable testing Pair Displays the Pair number Status Displays the connection status of the cable connected to the port The tes...

Page 227: ... 8 Loopback The following entries are displayed on this screen Loopback Type Internal Select Internal to test whether the port is available External Select External to test whether the device connected to the port of the switch is available Loopback Port Loopback Port Select the desired port for loopback test Test Click the Test button to start the loopback test for the port 16 4 Network Diagnose ...

Page 228: ...recommended Data Size Enter the size of the sending data during Ping testing The default value is recommended Interval Specify the interval to send ICMP request packets The default value is recommended 16 4 2 Tracert Tracert test function is used to test the connectivity of the gateways during its journey from the source to destination of the test data When malfunctions occur to the network you ca...

Page 229: ...e following entries are displayed on this screen Tracert Config Destination IP Enter the IP address of the destination device Max Hop Specify the maximum number of the route hops the test data can pass through Return to CONTENTS ...

Page 230: ...aunched the firmware can be downloaded to the switch again via FTP function 1 Hardware Installation Figure 16 1 1 Connect FTP server to port 1 of the switch 2 Connect the Console port of the PC to the switch 3 Save the firmware of the switch in the shared file of FTP server Please write down the user name password and the firmware name 2 Configure the Hyper Terminal After the hardware installation...

Page 231: ... Hyper Terminal 2 The Connection Description Window will prompt shown as Figure 16 3 Enter a name into the Name field and click OK Figure 16 3 Connection Description 3 Select the port to connect in Figure 16 4 and click OK ...

Page 232: ...rmware via bootrom menu To download firmware to the switch via FTP function you need to enter into the bootrom menu of the switch and take the following steps 1 Connect the console port of the PC to the console port of the switch and open hyper terminal Connect FTP server to port 1 of the switch 2 Power off and restart the switch When you are prompted that Press CTRL B to enter the bootrom in the ...

Page 233: ...er xxxxx pwd xxxxx file xxxxxx bin Here take the following parameters of the FTP server as an example IP address is 172 31 70 146 the user name and password for login to the FTP server are both 123 the name of the upgrade firmware is tl_sl5428e_up bin The detailed command is shown as the following figure Enter the command and press Enter 5 Enter the upgrade command and press Enter to upgrade the f...

Page 234: ...nd When you forget the login user name and password you can enter reset command after entering into bootrom menu to reset the system The system will be restored to the factory default settings and the default login user name and password are both admin Return to CONTENTS ...

Page 235: ...nsmission Rate Gigabit Ethernet 2000Mbps FD 10Base T UTP STP of Cat 3 or above 100Base TX UTP STP of Cat 5 100Base FX MMF or SMF SFP Module Optional 1000Base T 4 pair UTP 100m of Cat 5 or above Transmission Medium 1000Base X MMF or SMF SFP Module Optional LED PWR SYS 10 100Mbps LEDs 1000Mbps LEDs Transmission Method Store and Forward Packets Forwarding Rate 10BASE T 14881pps port 100BASE TX 148810...

Page 236: ... if necessary 1 Configure TCP IP component 1 On the Windows taskbar click the Start button and then click Control Panel 2 Click the Network and Internet Connections icon and then click on the Network Connections tab in the appearing window 3 Right click the icon that showed below select Properties on the prompt page Figure B 1 4 In the prompt page that showed below double click on the Internet Pro...

Page 237: ...229 Figure B 2 5 The following TCP IP Properties window will display and the IP Address tab is open on this window by default ...

Page 238: ...address And the following items will be available If the switch s IP address is 192 168 0 1 specify IP address as 192 168 0 x x is from 2 to 254 and the Subnet mask as 255 255 255 0 Now Click OK to save your settings Return to CONTENTS ...

Page 239: ...icant provided on the attached CD for the supplicant Client 1 1 Installation Guide 1 Insert the provided CD into your CD ROM drive Open the file folder and double click the icon to load the following figure Choose the proper language and click Next to continue Figure C 1 Choose Setup Language 2 Please wait for the InstallShield Wizard preparing the setup shown as the following screen Figure C 2 Pr...

Page 240: ...he following screen Figure C 4 Choose Destination Location By default the installation files are saved on the Program Files folder of system disk Click the Change button to modify the destination location proper to your need 5 Till now The Wizard is ready to begin the installation Click Install to start the installation on the following screen ...

Page 241: ...5 Install the Program 6 The InstallShield Wizard is installing TpSupplicant V2 0 shown as the following screen Please wait Figure C 6 Setup Status 7 On the following screen click Finish to complete the installation ...

Page 242: ...ended to go to http www winpcap org to download the latest version of WinPcap for installation 1 2 Uninstall Software If you want to remove the TpSupplicant please take the following steps 1 On the Windows taskbar click the Start button point to All ProgramsÆTP LINK ÆTpSupplicant V2 0 and then click Uninstall TP LINK 802 1X shown as the following figure 2 Then the following screen will appear If y...

Page 243: ...ove the application from your PC Figure C 9 Uninstall the Application 4 Click Finish to complete Figure C 10 Uninstall Complete 1 3 Configuration 1 After completing installation double click the icon to run the TP LINK 802 1X Client Software The following screen will appear ...

Page 244: ...the Client will send the EAPOL Start packets to the switch via multicast and send the 802 1X authentication packets via unicast Obtain an IP address automatically Select this option if the Client automatically obtains the IP address from DHCP server After passing the authentication the Client can be assigned the IP address by DHCP server The Client can access the network after getting the new IP a...

Page 245: ... to prompt that the Radius server is being searched Figure C 13 Authentication Dialog 4 When passing the authentication the following screen will appear Figure C 14 Successfully Authenticated 5 Double click the icon on the right corner of desktop and then the following connection status screen will pop up Figure C 15 Connection Status ...

Page 246: ...ad WinPcap 4 0 2 or the higher version for installation and run the client software again Q2 Is this TP LINK 802 1X Client Software compliable with the switches of the other manufacturers A2 No This TP LINK 802 1X Client Software is customized for TP LINK switches Q3 Is it safe to set the password being automatically saved A3 Yes The password saved in the configuration files is encrypted Return to...

Page 247: ...framework for passing configuration information to hosts on a TCP IP network DHCP is based on the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options Extensible Authentication Protocol over LAN EAPOL EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device t...

Page 248: ...l duplex links Now incorporated in IEEE 802 3 2002 Internet Group Management Protocol IGMP A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch router on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership IGMP Snooping Listening to IGMP Query and ...

Page 249: ...Port Authentication See IEEE 802 1X Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe This allows data on the target port to be studied unobstructively Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower s...

Page 250: ...P IP Transmission Control Protocol Internet Protocol TCP IP Protocol suite that includes TCP as the primary transport protocol and IP as the network layer protocol Trivial File Transfer Protocol TFTP A TCP IP protocol commonly used for software downloads User Datagram Protocol UDP UDP provides a datagram mode for packet switched communications It uses IP as the underlying transport mechanism to pr...

Reviews:

No comments

Related manuals for JetStream TL-SL5428E

IDEM SAFETY SWITCHES KLM-P2L Operating Instructions preview
KLM-P2L
Brand: IDEM SAFETY SWITCHES Pages: 2
LOVATO ELECTRIC ATL900 Instruction Manual preview
ATL900
Brand: LOVATO ELECTRIC Pages: 37
Hama 00047693 Operating Instructions preview
00047693
Brand: Hama Pages: 2
GE Digital Energy STS-400-25-3 Installation And Operating Manual preview
Digital Energy STS-400-25-3
Brand: GE Pages: 49
H3C S5120-EI Series Configuration Commands preview
S5120-EI Series
Brand: H3C Pages: 29
Lantech IPES-5222T Series User Manual preview
IPES-5222T Series
Brand: Lantech Pages: 30
BERNSTEIN CSMS-M-R-H-KA Installation And Operating Instructions Manual preview
CSMS-M-R-H-KA
Brand: BERNSTEIN Pages: 38
serverLink SL-271-H Quick Installation Manual preview
SL-271-H
Brand: serverLink Pages: 2
QSFPTEK S5300-48T4X Quick Start Manual preview
S5300-48T4X
Brand: QSFPTEK Pages: 8
Lantech IPES/IES-5416T Series User Manual preview
IPES/IES-5416T Series
Brand: Lantech Pages: 27
ALFAtron SC121D-TN User Manual preview
SC121D-TN
Brand: ALFAtron Pages: 32
PTN WVG2AL USB User Manual preview
WVG2AL USB
Brand: PTN Pages: 12
Theben SEL 173 DCF Operating Instructions Manual preview
SEL 173 DCF
Brand: Theben Pages: 31
SWEEX KS001 Manual preview
KS001
Brand: SWEEX Pages: 4
Gefen DVI-422N User Manual preview
DVI-422N
Brand: Gefen Pages: 9
3Com 3C17205-US - Corp SUPERSTACK 3 SWITCH 4400... Implementation Manual preview
3C17205-US - Corp SUPERSTACK 3 SWITCH 4400...
Brand: 3Com Pages: 153
Mo-vis P030-11 Installation Manual preview
P030-11
Brand: Mo-vis Pages: 25
CYP CP-290 Operation Manual preview
CP-290
Brand: CYP Pages: 8

Brands by name

Popular brands

Load more brands