manualshive.com logo in svg

TP-Link T2500G-10MPS, User Manual

Share
Download
TP-Link T2500G-10MPS User Manual Download Page 644

Configuration Guide     620

Configuring Network Security

AAA Configuration

Switch#configure

Switch(config)#aaa enable

Switch(config)#show aaa global

AAA global status:           Enable

......

Switch(config)#end

Switch#copy running-config startup-config

8.2.2  Adding Servers

You can add one or more RADIUS/ servers on the switch for authentication. If 
multiple servers are added, the server with the highest priority authenticates the users 
trying to access the switch, and the others act as backup servers in case the first one 
breaks down.

 

Adding RADIUS Server

Follow these steps to add RADIUS server on the switch:

Step 1

configure

Enter global configuration mode.

Step 2

radius-server host 

ip-address

 [ auth-port 

port-id

 ] [ acct-port 

port-id

 ] [ timeout 

time 

] [ 

retransmit

 number 

] [ key {

 [ 0 ] 

string 

7

 

encrypted-string 

} ] 

Add the RADIUS server and configure the related parameters as needed.

host

 

ip-address

:

 

Enter the IP address of the server running the RADIUS protocol. 

auth-port

 

port-id

:

 

Specify the UDP destination port on the RADIUS server for authentication 

requests. The default setting is 1812.

acct-port 

port-id: 

Specify the UDP destination port on the RADIUS server for accounting 

requests. The default setting is 1813. Usually, it is used in the 802.1X feature.

timeout

 

time

:

 

Specify the time interval that the switch waits for the server to reply before 

resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds.

retransmit

 number

:

 

Specify the number of times a request is resent to the server if the 

server does not respond. The valid values are from 1 to 3 and the default setting is 2.

key {

 [ 0 ] 

string 

7

 

encrypted-string 

}

:

 Specify the shared key. 0 and 7 represent the 

encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a 

symmetric encrypted key with a fixed length will follow. By default, the encryption type is 0. 

string

 is the shared key for the switch and the server, which contains 31 characters at most. 

encrypted-string

 is a symmetric encrypted key with a fixed length, which you can copy from 

the configuration file of another switch. The key or encrypted-key you configure here will be 

displayed in the encrypted form. 

Summary of Contents for T2500G-10MPS

Page 1: ...User Guide T2500G 10MPS 1910012405 REV1 0 1 April 2018...

Page 2: ...ith console port 9 Telnet Login 11 SSH Login 12 Disable Telnet login 16 Disable SSH login 17 Copy running config startup config 17 Change the Switch s IP Address and Default Gateway 18 Managing System...

Page 3: ...iguration File 46 Upgrading the Firmware 46 Configuring Auto Install Function 47 Rebooting the switch 48 Configuring the Reboot Schedule 48 Reseting the Switch 49 Using the CLI 49 Configuring the Boot...

Page 4: ...6 Using the CLI 77 Port Mirror Configuration 80 Using the GUI 80 Using the CLI 82 Port Security Configuration 84 Using the GUI 84 Using the CLI 85 Port Isolation Configurations 88 Using the GUI 88 Usi...

Page 5: ...r LACP 109 Using the CLI 111 Configuring Load balancing Algorithm 111 Configuring Static LAG or LACP 112 Configuration Example 116 Network Requirements 116 Configuration Scheme 116 Using the GUI 117 U...

Page 6: ...ber of MAC Addresses in VLANs 139 Using the CLI 140 Configuring MAC Notification Traps 140 Limiting the Number of MAC Addresses in VLANs 142 Example for Security Configurations 144 Network Requirement...

Page 7: ...Using the GUI 169 Using the CLI 170 Configuration Example 173 Network Requirements 173 Configuration Scheme 173 Using the GUI 173 Using the CLI 174 Appendix Default Parameters 176 Configuring 802 1Q...

Page 8: ...197 Configuration Example 199 Network Requirements 199 Configuration Scheme 199 Using the GUI 200 Using the CLI 205 Appendix Default Parameters 209 Configuring Protocol VLAN Overview 211 Protocol VLA...

Page 9: ...nfiguring Up link Ports 236 Flexible VLAN VPN Configuration 239 Using the GUI 239 Using the CLI 240 Configuration Example 242 Network Requirements 242 Configuration Scheme 242 Using the GUI 243 Using...

Page 10: ...Using the GUI 287 Configuring Parameters on Ports in CIST 287 Configuring the MSTP Region 289 Configuring MSTP Globally 293 Verifying the MSTP Configurations 295 Using the CLI 296 Configuring Paramete...

Page 11: ...35 Configuring IGMP Snooping Globally in the VLAN 335 Optional Configuring the Static Router Ports in the VLAN 336 Optional Configuring the Forbidden Router Ports in the VLAN 336 Configuring the Multi...

Page 12: ...w Action on the Port 352 Configuring IGMP Snooping Last Listener Query 353 Configuring IGMP Snooping Parameters in the VLAN 354 Configuring Router Port Time and Member Port Time 354 Configuring Static...

Page 13: ...orbidden Router Ports in the VLAN 372 Configuring the Multicast VLAN 373 Creating Multicast VLAN and Configuring Basic Settings 373 Optional Creating Replace Source IP 374 Viewing Dynamic Router Ports...

Page 14: ...P and Forward Port 392 Configuring MLD Snooping Parameters in the Multicast VLAN 393 Configuring Router Port Time and Member Port Time 393 Configuring Static Router Port 394 Configuring Forbidden Rout...

Page 15: ...g 422 Network Requirements 422 Configuration Scheme 422 Network Topology 422 Using the GUI 423 Using the CLI 428 Appendix Default Parameters 431 Default Parameters for IGMP Snooping 431 Default Parame...

Page 16: ...ol 457 Using the CLI 458 Configuring Rate Limit on Port 458 Configuring Storm Control 459 Configuration Examples 461 Example for Configuring SP Mode 461 Network Requirements 461 Configuration Scheme 4...

Page 17: ...figuring the PoE Parameters Using the Profile 511 Using the CLI 513 Configuring the PoE Parameters Manually 513 Configuring the PoE Parameters Using the Profile 515 Time Range Function Configurations...

Page 18: ...ACL 546 Configuring Policy 551 ACL Binding and Policy Binding 553 Configuration Example for ACL 556 Network Requirements 556 Network Topology 556 Configuration Scheme 556 Using the GUI 557 Using the...

Page 19: ...587 Using the CLI 588 Configuring ARP Detection 588 Configuring ARP Defend 589 Viewing ARP Statistics 591 DoS Defend Configuration 592 Using the GUI 592 Using the CLI 593 802 1X Configuration 596 Usi...

Page 20: ...Examples 632 Example for DHCP Snooping and ARP Detection 632 Network Requirements 632 Configuration Scheme 632 Using the GUI 633 Using the CLI 636 Example for 802 1X 638 Network Requirements 638 Confi...

Page 21: ...ing CLI 675 Viewing LLDP MED Settings 677 Using GUI 677 Using CLI 679 Configuration Example 680 Example for Configuring LLDP 680 Network Requirements 680 Network Topology 680 Configuration Scheme 680...

Page 22: ...I 707 Configuring the Local Log 707 Configuring the Remote Log 709 Diagnosing the Device 711 Using the GUI 711 Using the CLI 712 Diagnosing the Network 713 Using the GUI 713 Configuring the Ping Test...

Page 23: ...SNMP Communities 739 Notification Configurations 741 Using the GUI 741 Using the CLI 743 Configuring the Host 743 Enabling SNMP Notification 744 RMON Overview 749 RMON Configurations 750 Using the GU...

Page 24: ...Using the CLI 767 Appendix Default Parameters 773...

Page 25: ...t to ensure accuracy of the contents but all statements information and recommendations in this document do not constitute the warranty of any kind express or implied Users must take full responsibili...

Page 26: ...d to restrict ingress bandwidth bandwidth egress egress rate is used to restrict egress bandwidth bandwidth ingress ingress rate egress egress rate is used to restrict ingress and egress bandwidth Mor...

Page 27: ...Part 1 Accessing the Switch CHAPTERS 1 Overview 2 Web Interface Access 3 Command Line Interface Access...

Page 28: ...nterface also called web interface in this text or using the CLI Command Line Interface There are equivalent functions in the web interface and the command line interface while web configuration is ea...

Page 29: ...and the switch is available 2 Launch a web browser The supported web browsers include but are not limited to the following types IE 8 0 9 0 10 0 11 0 Firefox 26 0 27 0 Chrome 32 0 33 0 3 Enter the swi...

Page 30: ...start up configuration file After you perform configurations on the sub interfaces and click Apply the modifications will be saved in the running configuration file The configurations will be lost whe...

Page 31: ...de 7 Figure 2 4 Save Config 2 3 Disable the Web Server You can shut down the HTTP server or HTTPS server to block any access to the web interface Go to System Access Security HTTP Config disable the H...

Page 32: ...2 7 Change the default IP address IP Address Mode Choose the IP address mode as Static IP Management VLAN This is the only VLAN through which you can get access to the switch By default all the ports...

Page 33: ...s Table 3 1 Method list Method Using Port Typical Applications Console Console port connected directly Hyper Terminal Telnet RJ 45 port CMD SSH RJ 45 port Putty 3 1 Console Login only for switch with...

Page 34: ...LI Main Window 4 Enter enable to enter the User EXEC Mode to further configure the switch Figure 3 2 User EXEC Mode Note In Windows XP go to Start All Programs Accessories Communications Hyper Termina...

Page 35: ...are in the same LAN Local Area Network Click Start and type in cmd in the Search bar and press Enter Figure 3 3 Open the cmd Window 2 Type in telnet 192 168 0 1 in the cmd window and press Enter Figu...

Page 36: ...are required which are both admin by default Key Authentication Mode Recommended A public key for the switch and a private key for the client software PuTTY are required You can generate the public k...

Page 37: ...d you can continue to configure the switch Figure 3 9 Log In to the Switch Key Authentication Mode 1 Open the PuTTY Key Generator In the Parameters section select the key type and enter the key length...

Page 38: ...ould be between 512 and 3072 bits You can accelerate the key generation process by moving the mouse quickly and randomly in the Key section 2 After the keys are successfully generated click Save publi...

Page 39: ...bove CLI v1 corresponds to SSH 1 RSA and v2 corresponds to SSH 2 RSA and SSH 2 DSA The key downloading process cannot be interrupted 4 After the public key is downloaded open PuTTY and go to the Sessi...

Page 40: ...g in If you can log in without entering the password the key authentication completed successfully Figure 3 15 Log In to the Switch 3 4 Disable Telnet login You can shut down the Telnet function to bl...

Page 41: ...Switch config no ip ssh server 3 6 Copy running config startup config The switch s configuration files fall into two types the running configuration file and the start up configuration file After you...

Page 42: ...replace the switch s default access IP address 192 168 0 1 24 with 192 168 0 10 24 Switch configure Switch config interface vlan 1 Switch config if ip address 192 168 0 10 255 255 255 0 The connectio...

Page 43: ...Part 2 Managing System CHAPTERS 1 System 2 System Info Configurations 3 User Management Configurations 4 System Tools Configurations 5 Access Security Configurations 6 Appendix Default Parameters...

Page 44: ...anage the configuration file of the switch With these tools you can configure the boot file of the switch backup and restore the configurations of the switch update the firmware reset the switch and r...

Page 45: ...g in transport layer It supports a security access via a web browser SSH Config function is based on the SSH protocol a security protocol established on application and transport layers The function w...

Page 46: ...igurations you can View the system summary Specify the device description Set the system time Set the daylight saving time Specify the Serial Port Parameter 2 1 Using the GUI 2 1 1 Viewing the System...

Page 47: ...ps or 100Mbps Indicates that the corresponding SFP port is not connected to a device Indicates the SFP port is at the speed of 1000Mbps Move the cursor to the port to view the detailed information of...

Page 48: ...tion of sending packets on this port 2 1 2 Specifying the Device Description Choose the menu System System Info Device Description to load the following page Figure 2 4 Specifying the Device Descripti...

Page 49: ...the current time information of the switch Current System Time Displays the current date and time of the switch Current Time Source Displays the current time source of the switch In the Time Config s...

Page 50: ...ver Update Rate Specify the interval the switch fetching time from NTP server which ranges from 1 to 24 hours The default value is 12 hours Synchronize with PC s Clock Synchronize the system time of t...

Page 51: ...every year Offset Specify the time to set the clock forward by Start Time Specify the start time of Daylight Saving Time The interval between start time and end time should be more than 1 day and les...

Page 52: ...gabitEthernet port View status of the interface port Enter the number of the Ethernet port show system info View the system information including system Description Device Name Device Location System...

Page 53: ...location location Specify the system location of the switch location Enter the device location It should consist of no more than 32 characters By default it is SHENZHEN Step 4 contact info contact in...

Page 54: ...time Step 1 configure Enter global configuration mode Step 2 Use the following command to set the system time manually system time manual time Configure the system time manually time Specify the date...

Page 55: ...Athens Bucharest Amman Beirut Jerusalem UTC 03 00 TimeZone for Kuwait Riyadh Baghdad UTC 03 30 TimeZone for Tehran UTC 04 00 TimeZone for Moscow St Petersburg Volgograd Tbilisi Port Louis UTC 04 30 T...

Page 56: ...how to set the system time by Get Time from NTP Server and set the time zone as UTC 08 00 set the NTP server as 133 100 9 2 set the backup NTP server as 139 78 100 163 and set the update rate as 11 S...

Page 57: ...week of Daylight Saving Time There are 5 values showing as follows first second third fourth last sday Enter the start day of Daylight Saving Time There are 7 values showing as follows Sun Mon Tue We...

Page 58: ...ving Time offset Enter the offset of Daylight Saving Time The default value is 60 Step 3 show system time dst Verify the DST information of the switch Step 4 end Return to privileged EXEC mode Step 5...

Page 59: ...t value is 38400 bps Step 3 end Return to privileged EXEC mode Step 4 copy running config startup config Save the settings in the configuration file The following example shows how to set the baud rat...

Page 60: ...1 Creating Admin Accounts Choose the menu System User Management User Config to load the following page Figure 3 1 Create Admin Accounts Follow these steps to create an Admin account 1 In the User In...

Page 61: ...symbols You can use digits English letters case sensitive underscore and sixteen special characters Confirm Password Retype the password 2 Click Create 3 1 2 Creating Accounts of Other Types You can c...

Page 62: ...ght to edit or modify Password Type a password for users login It is a string from 1 to 31 alphanumeric characters or symbols You can use digits English letters case sensitive underscore and sixteen s...

Page 63: ...nfiguration file symmetric encrypted encrypted password Enter a symmetric encrypted password with fixed length which you can copy from another switch s configuration file After the encrypted password...

Page 64: ...Save the settings in the configuration file 3 2 2 Creating Accounts of Other Types You can create accounts with the access level of Operator Power user and User here You also need to go to the AAA se...

Page 65: ...iguration file After the encrypted password is configured you should use the corresponding unencrypted password to reenter this mode Use the following command to create an account MD5 encrypted user n...

Page 66: ...ed enable admin secret 0 password 5 encrypted password Create an Enable Password It can change the users access level to Admin By default it is empty 0 Specify the encryption type 0 indicates that the...

Page 67: ...set the password as 123 Enable AAA function and set the enable password as abc123 Switch configure Switch config user name user1 privilege operator password 123 Switch config aaa enable Switch config...

Page 68: ...file Upgrade the firmware Configure the Auto Install Function Reboot the switch Configure the reboot schedule Reset the switch 4 1 Using the GUI 4 1 1 Configuring the Boot File Choose the menu System...

Page 69: ...rtup and backup image should not be the same 2 Click Apply 4 1 2 Restoring the Configuration of the Switch Choose the menu System System Tools Config Restore to load the following page Figure 4 2 Rest...

Page 70: ...grading the Firmware Choose the menu System System Tools Firmware Upgrade to load the following page Figure 4 4 Upgrading the Firmware In the Firmware Upgrade section select one file and click Upgrade...

Page 71: ...uto Install Mode Select Start to enable the Auto Install function and the switch will download the configuration file and the backup image automatically Auto Install Persistent Mode Specify the Auto I...

Page 72: ...menu System System Tools System Reboot to load the following page Figure 4 6 Rebooting the switch In the System Reboot section select the desired unit and click Reboot Target Unit Select the desired u...

Page 73: ...o reboot in the format of DD MM YYYY The date should be within 30 days Save Before Reboot Select to save the switch s configurations before it reboots 4 1 8 Reseting the Switch Choose the menu System...

Page 74: ...startup image as image 1 and set the backup image as image 2 Switch configure Switch config boot application filename image1 startup Switch config boot application filename image2 backup Switch config...

Page 75: ...Configuration File Follow these steps to back up the current configuration of the switch in a file Step 1 enable Enter privileged mode Step 2 copy startup config tftp ip address ip addr filename name...

Page 76: ...Reboot with the backup image Y N Y 4 2 5 Configuring Auto Install Function Note You should configure the DHCP server and the TFTP server first before configuring the Auto Install function Follow thes...

Page 77: ...ress on the DHCP server IF the Auto Install process is failed the switch will restart the process every 10 minutes You can stop the process manually The following example shows how to configure the Au...

Page 78: ...eboot schedule time Specify the time for the switch to reboot in the format of HH MM date Specify the date for the switch to reboot in the format of DD MM YYYY The date should be within 30 days save_b...

Page 79: ...Yes Switch config end Switch copy running config startup config 4 2 8 Reseting the Switch Follow these steps to reset the switch Step 1 enable Enter privileged mode Step 2 reset Reset the switch Note...

Page 80: ...Security Access Control to load the following page Figure 5 1 Configuring the Access Control 1 In the Access Control section select one control mode and specify the parameters Control Mode Select the...

Page 81: ...Address Mask If you select IP based mode enter the IP address and mask to specify an IP range Only the users within this IP range can access the switch MAC Address If you select MAC based mode specify...

Page 82: ...pply Session Timeout The system will log out automatically if users do nothing within the Session Timeout time 3 In the Access User Number section select Enable and specify the parameters Number Contr...

Page 83: ...Configuring the HTTPS Function Choose the menu System Access Security HTTPS Config to load the following page Table 5 1 Configuring the HTTPS Function 1 In the Global Config section select Enable to e...

Page 84: ...8_SHA Key exchange with RC4 128 bit encryption and SHA for message digest RSA_WITH_ DES_CBC_SHA Key exchange with DES CBC for message encryption and SHA for message digest RSA_ WITH_3DES_ EDE_CBC_SHA...

Page 85: ...nloaded must match each other otherwise the HTTPS connection will not work 5 1 4 Configuring the SSH Feature Choose the menu System Access Security SSH Config to load the following page Figure 5 3 Con...

Page 86: ...e drop down list and select the desired key file to down Key Type Select the key type The algorithm of the corresponding type is used for both key generation and authentication Key File Select the des...

Page 87: ...types for users accessing By default these types are all enabled Use the following command to control the users access by limiting the ports connected to the users user access control port based inter...

Page 88: ...Specify the timeout time which ranges from 5 to 30 minutes The default value is 10 Step 4 ip http max users admin num operator num poweruser num user num Specify the maximum number of users that are a...

Page 89: ...r 5 HTTP Max Users as User 4 Switch config end Switch copy running config startup config 5 2 3 Configuring the HTTPS Function Follow these steps to configure the HTTPS function Step 1 configure Enter...

Page 90: ...an 16 admin num Enter the maximum number of users whose access level is Admin The valid values are from 1 to 16 operator num Enter the maximum number of users whose access level is Operator The valid...

Page 91: ...itch config ip http secure server Switch config ip http secure protocol ssl3 tls1 Switch config ip http secure ciphersuite 3des ede cbc sha Switch config ip http secure session timeout 15 Switch confi...

Page 92: ...ot be established when the number of the connections reaches the maximum number you set num Enter the number of the connections which ranges from 1 to 5 The default value is 5 Step 6 ip ssh algorithm...

Page 93: ...encryption algorithm Enable the HMAC MD5 data integrity algorithm Choose the key type as SSH 2 RSA DSA Switch config ip ssh server Switch config ip ssh version v1 Switch config ip ssh version v2 Swit...

Page 94: ...DSA Key File BEGIN SSH2 PUBLIC KEY Comment dsa key 20160711 Switch config end Switch copy running config startup config 5 2 5 Enabling the Telnet Function Follow these steps enable the Telnet function...

Page 95: ...ink com Table 6 2 Default Settings of Daylight Saving Time Configuration Parameter Default Setting DST status Disabled Default settings of User Management are listed in the following table Table 6 3 D...

Page 96: ...ble 6 7 Default Settings of HTTPS Configuration Parameter Default Setting HTTPS Enabled SSL Version 3 Enabled TLS Version 1 Enabled RSA_WITH_RC4_128_MD5 Enabled RSA_WITH_RC4_128_SHA Enabled RSA_WITH_D...

Page 97: ...Default Parameters Configuration Guide 73 Parameter Default Setting HMAC SHA1 Enabled HMAC MD5 Enabled Key Type SSH 2 RSA DSA Table 6 9 Default Settings of Telnet Configuration Parameter Default Sett...

Page 98: ...Interfaces CHAPTERS 1 Physical Interface 2 Basic Parameters Configurations 3 Port Mirror Configuration 4 Port Security Configuration 5 Port Isolation Configurations 6 Loopback Detection Configuration...

Page 99: ...ed mode duplex mode flow control and other basic parameters for ports Port Mirror This function allows the switch to forward packet copies of the monitored ports to a specific monitoring port Then you...

Page 100: ...Transmission Unit size for frames received and sent on all ports is 1518 bytes A higher value means allowing the port to send jumbo frames The valid value ranges from 1518 to 9216 bytes 2 Select and c...

Page 101: ...th the connected device The default setting is Auto Flow Control With this option enabled the switch synchronizes the data transmission speed with the peer device thus avoiding the packet loss caused...

Page 102: ...o the port should be in the same speed and duplex mode with the port When auto is selected the duplex mode will be determined by auto negotiation flow control Enable the switch to synchronize the data...

Page 103: ...escription router connection Switch config if speed auto Switch config if duplex auto Switch config if flow control Switch config if jumbo Switch config if show interface configuration gigabitEthernet...

Page 104: ...t Mirror Configuration 3 1 Using the GUI Choose the menu Switching Port Port Mirror to load the following page Figure 3 1 Mirror Session List The above page displays a mirror session and no more sessi...

Page 105: ...fy a monitoring port for the mirror session and click Apply 2 In the Source Port section select one or multiple monitored ports for configuration Then set the parameters and click Apply UNIT 1 LAGS Cl...

Page 106: ...ce interface fastEthernet port list gigabitEthernet port list port channel port channel id mode Set the monitored ports session_num The monitor session number It can only be specified as 1 port list L...

Page 107: ...Configuration Configuration Guide 83 Switch config show monitor session Monitor Session 1 Destination Port Gi1 0 10 Source Ports Ingress Gi1 0 1 3 Source Ports Egress Gi1 0 1 3 Switch config if end S...

Page 108: ...Select one or multiple ports for security configuration 2 Specify the maximum number of the MAC addresses that can be learned on the port and then select the learn mode of the MAC addresses Max Learn...

Page 109: ...n be selected Drop When the number of learned MAC addresses reaches the limit the port will stop learning and discard the packets with the MAC addresses that have not been learned Forward When the num...

Page 110: ...es reaches the limit the port will stop learning and discard the packets with the MAC addresses that have not been learned forward When the number of learned MAC addresses reaches the limit the port w...

Page 111: ...Managing Physical Interfaces Port Security Configuration Configuration Guide 87 Switch config if end Switch copy running config startup config...

Page 112: ...gurations 5 Port Isolation Configurations 5 1 Using the GUI Choose the menu Switching Port Port Isolation to load the following page Figure 5 1 Port Isolation List The above page displays the port iso...

Page 113: ...ep 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list Enter interface configuration mode S...

Page 114: ...e following example shows how to add ports 1 0 1 3 and LAG 4 to the forward list of port 1 0 5 Switch configure Switch config interface gigabitEthernet 1 0 5 Switch config if port isolation gi forward...

Page 115: ...Configuring QoS Choose the menu Switching Port Loopback Detection to load the following page Figure 6 1 Loopback Detection Follow these steps to configure loopback detection 1 In the Global Config sec...

Page 116: ...e operation mode when a loopback is detected on the port Alert The switch will display alerts It is the default setting Port Based In addition to displaying alerts the switch will block the port on wh...

Page 117: ...y mode auto manual Set the process mode when a loopback is detected on the port There are two modes alert The switch will only display alerts when a loopback is detected It is the default setting port...

Page 118: ...ple shows how to enable loopback detection of port 1 0 3 and set the process mode as alert and recovery mode as auto Switch configure Switch config interface gigabitEthernet 1 0 3 Switch config if loo...

Page 119: ...5 Gi1 0 1 7 1 2 Configuration Scheme To implement this requirement you can configure port mirror to copy the packets from ports 1 0 2 5 to port 1 0 1 The overview of configuration is as follows 1 Spec...

Page 120: ...ort section select port 1 0 1 as the monitoring port and click Apply Figure 7 3 Destination Port Configuration 3 In the Source Port section select ports 1 0 2 5 as the monitored ports and enable Ingre...

Page 121: ...h show monitor session 1 Monitor Session 1 Destination Port Gi1 0 1 Source Ports Ingress Gi1 0 2 5 Source Ports Egress Gi1 0 2 5 7 2 Example for Port Isolation 7 2 1 Network Requirements As shown belo...

Page 122: ...ward packets to the other hosts The following sections provide configuration procedure in two ways using the GUI and using the CLI 7 2 3 Using the GUI 1 Choose the menu Switching Port Port Isolation t...

Page 123: ...4 Using the CLI Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if port isolation gi forward list 1 0 4 Switch config if end Switch copy running config startup config Veri...

Page 124: ...imely block the port on which a loop is detected Figure 7 8 Network Topology Switch A Management Host Access layer Switches Gi1 0 1 Gi1 0 2 Loop Gi1 0 3 7 3 2 Configuration Scheme Enable loopback dete...

Page 125: ...ry time Click Apply Figure 7 10 Port Configuration 4 Monitor the detection result on the above page The Loop status and Block status are displayed on the right side of ports 7 3 4 Using the CLI 1 Enab...

Page 126: ...g if loopback detection Switch config if loopback detection config process mode port based recovery mode auto Switch config if end Switch copy running config startup config Verify the Configuration Ve...

Page 127: ...fault Setting Port Config Type Copper Status Enable Speed Auto Duplex Auto Flow Control Disable Jumbo 1518 Bytes Port Mirror Ingress Disable Egress Disable Port Security Max Learned MAC 64 Learned Num...

Page 128: ...Configuration Guide 104 Managing Physical Interfaces Appendix Default Parameters Parameter Default Setting Port Status Disable Operation mode Alert Recovery mode Auto...

Page 129: ...Part 4 Configuring LAG CHAPTERS 1 LAG 2 LAG Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 130: ...ure the backup ports to enhance the connection reliability 1 2 Supported Features You can configure LAG in two ways static LAG and LACP Link Aggregation Control Protocol Static LAG The member ports ar...

Page 131: ...does not support half duplex links One static LAG supports up to eight member ports All the member ports share the traffic evenly If an active link fails the other active links share the traffic evenl...

Page 132: ...on is based on the source and destination MAC addresses of the packets SRC IP The computation is based on the source IP addresses of the packets DST IP The computation is based on the destination IP a...

Page 133: ...ame LAG mode Configuring Static LAG Choose the menu Switching LAG Static LAG to load the following page Figure 2 3 Static LAG Follow these steps to configure the static LAG 1 In the LAG Config section...

Page 134: ...ith higher priority If the two ends have the same system priority value the end with a smaller MAC address has the higher priority 2 Select member ports for the LAG and configure the related parameter...

Page 135: ...load balancing algorithm Step 1 configure Enter global configuration mode Step 2 port channel load balance src mac dst mac src dst mac src ip dst ip src dst ip Select the Hash Algorithm The switch wil...

Page 136: ...ss IPv6 Source XOR Destination MAC address Switch config end Switch copy running config startup config 2 2 2 Configuring Static LAG or LACP You can choose only one LAG mode for a port Static LAG or LA...

Page 137: ...channel Protocol Ports 2 Po2 S Gi1 0 5 D Gi1 0 6 D Gi1 0 7 D Gi1 0 8 D Switch config if range end Switch copy running config startup config Configuring LACP Follow these steps to configure LACP Step...

Page 138: ...tive The port will take the initiative to send LACPDU Note For successful LACP negotiation make sure at least one end of the link is configured as Active Step 5 lacp port priority pri Specify the Port...

Page 139: ...ge channel group 6 mode active Switch config if range show lacp internal Flags S Device is requesting Slow LACPDUs F Device is requesting Fast LACPDUs A Device is in active mode P Device is in passive...

Page 140: ...o avoid traffic bottleneck between the servers and Switch B you also need to configure LAG on them to increase link bandwidth Here we mainly introduce the LAG configuration between the two switches Fi...

Page 141: ...al Configuration 2 Choose the menu Switching LAG LACP Config to load the following page In the Global Config section specify the system priority of Switch A as 0 and Click Apply Remember to ensure tha...

Page 142: ...e active Switch config if range lacp port priority 0 Switch config if range exit 4 Add port 1 0 9 to LAG 1 and set the mode as LACP Then specify the port priority as 1 to set it as a backup port When...

Page 143: ...ce is in passive mode Channel group 1 Port Flags State LACP Port Priority Admin Key Oper Key Port Number Port State Gi1 0 1 SA Down 0 0x1 0 0x1 0x45 Gi1 0 2 SA Down 0 0x1 0 0x2 0x45 Gi1 0 3 SA Down 0...

Page 144: ...Default Parameters Default settings of Switching are listed in the following tables Table 4 1 Default Settings of LAG Parameter Default Setting LAG Table Hash Algorithm SRC MAC DST MAC LACP Config Sys...

Page 145: ...Part 5 Monitoring Traffic CHAPTERS 1 Traffic Monitor 2 Appendix Default Parameters...

Page 146: ...Summary Follow these steps to view the traffic summary of each port 1 To get the real time traffic summary enable auto refresh in the Auto Refresh section or click Refresh at the bottom of the page A...

Page 147: ...detailed traffic statistics of the port 1 1 2 Viewing the Traffic Statistics in Detail Choose the menu Switching Traffic Monitor Traffic Statistics to load the following page Figure 1 2 Traffic Statis...

Page 148: ...e 64 bytes long Pkts65to127Octets Displays the number of the received packets including error packets that are between 65 and 127 bytes long Pkts128to255Octets Displays the number of the received pack...

Page 149: ...tted on the port Error frames are not counted in Alignment Errors Displays the number of the received packets that have a Frame Check Sequence FCS with a non integral octet Alignment Error The size of...

Page 150: ...endix Default Parameters 2 Appendix Default Parameters Table 2 1 Traffic Statistics Monitoring Parameter Default Setting Traffic Summary Auto Refresh Disable Refresh Rate 10 seconds Traffic Statistics...

Page 151: ...Part 6 Managing MAC Address Table CHAPTERS 1 MAC Address Table 2 Address Configurations 3 Security Configurations 4 Example for Security Configurations 5 Appendix Default Parameters...

Page 152: ...an add or remove these entries to your needs Furthermore you can configure notification traps and limit the number of MAC addresses in a VLAN for traffic safety Address Configurations Dynamic address...

Page 153: ...the MAC address change activity For example you can configure the switch to send you notifications when new users access the network Limiting the Number of MAC Addresses in VLANs You can configure VL...

Page 154: ...Add filtering address entries View address table entries 2 1 Using the GUI 2 1 1 Adding Static MAC Address Entries You can add static MAC address entries by manually specifying the desired MAC address...

Page 155: ...s correctly Please reset the static address entry appropriately 2 Click Create Binding Dynamic Address Entries Choose the menu Switching MAC Address Dynamic Address to load the following page Figure 2...

Page 156: ...desired length of time Auto Aging Enable Auto Aging then the switch automatically updates the dynamic address table with the aging mechanism By default it is enabled Aging Time Set the length of time...

Page 157: ...Address Specify a MAC address to configure the switch to drop packets which include this MAC address as the source address or destination address VLAN ID Specify an existing VLAN in which packets with...

Page 158: ...address table static mac addr vid vid interface gigabitEthernet port Bind the MAC address VLAN and port together to add a static address to the VLAN mac addr Enter the MAC address and packets with th...

Page 159: ...tatic MAC address entry with MAC address 00 02 58 4f 6c 23 VLAN 10 and port 1 When a packet is received in VLAN 10 with this address as its destination the packet will be forwarded only to port 1 Swit...

Page 160: ...aging time to 500 seconds A dynamic entry remains in the MAC address table for 500 seconds after the entry is used or updated Switch configure Switch config mac address table aging time 500 Switch con...

Page 161: ...filtering addresses The following example shows how to add the MAC filtering address 00 1e 4b 04 01 5d to VLAN 10 Then the switch will drop the packet that is received in VLAN 10 with this address as...

Page 162: ...sses in VLANs 3 1 Using the GUI 3 1 1 Configuring MAC Notification Traps Choose the menu Switching MAC Address MAC Notification to load the following page Figure 3 1 Configuring MAC Notification Traps...

Page 163: ...host Exceed Max Learned Enable Exceed Max Learned and when the maximum number of learned MAC addresses on the specified port is exceeded a notification will be generated and sent to the management hos...

Page 164: ...ts of new source MAC addresses in the VLAN will be dropped when the maximum number of MAC addresses in the specified VLAN is exceeded Forward Packets of new source MAC addresses will be forwarded but...

Page 165: ...s on the specified port is exceeded a notification will be generated and sent to the management host For Exceed Max Learned notification you need to enable Port Security and set the maximum number of...

Page 166: ...f MAC addresses in the specific VLAN It ranges from 0 to 16383 drop forward disable The mode that the switch adopts when the maximum number of MAC addresses in the specified VLAN is exceeded drop Pack...

Page 167: ...Managing MAC Address Table Security Configurations Configuration Guide 143 VlanId Max learn Current learn Status 10 100 0 Drop Switch config end Switch copy running config startup config...

Page 168: ...ising the network with notifications of any new access users Figure 4 1 The Network Topology Gi1 0 1 Gi1 0 3 Gi1 0 2 R D Department VLAN 30 Marketing Department VLAN 10 Switch Internet 4 2 Configurati...

Page 169: ...ick Create Figure 4 2 Configuring VLAN Security 2 Choose the menu Switching MAC Address MAC Notification to load the following page Enable Global Status set notification interval as 10 seconds and cli...

Page 170: ...0 Switch config interface gigabitEthernet 1 0 2 Switch config if mac address table notification new mac learned enable Switch config if end Switch copy running config startup config 3 Configure SNMP a...

Page 171: ...ltering Address Entries None Table 5 2 Default Settings of Dynamic Address Table Parameter Default Setting Auto Aging Enable Aging Time 300 seconds Table 5 3 Default Settings of MAC Notification Param...

Page 172: ...Part 7 Configuring DDM CHAPTERS 1 Overview 2 DDM Configuration 3 Appendix Default Parameters...

Page 173: ...r to monitor the status of the SFP modules inserted into the SFP ports on the switch The user can choose to shut down the monitored SFP port automatically when the specified parameter exceeds the alar...

Page 174: ...low these steps to configure DDM s global parameters 1 In the Port Config section configure DDM parameters on the SFP ports DDM Status Enable or disable DDM feature on the port Shutdown Specify whethe...

Page 175: ...hreshold for the alarm When the operating parameter falls below this value action associated with the alarm will be taken The valid values are from 128 to 127 996 High Warning Specify the high thresho...

Page 176: ...ls below this value action associated with the warning will be taken The valid values are from 0 to 6 5535 LAG Displays the LAG number which the port belongs to 2 Click Apply 2 1 4 Configuring the Bia...

Page 177: ...cify the high threshold for the alarm When the operating parameter rises above this value action associated with the alarm will be taken The valid values are from 0 to 6 5535 Low Alarm Specify the low...

Page 178: ...ify the low threshold for the alarm When the operating parameter falls below this value action associated with the alarm will be taken The valid values are from 0 to 6 5535 High Warning Specify the hi...

Page 179: ...l SFP module signal loss The values are True and False Transmit Fault Reports remote SFP module signal loss The values are True False and No Signal 2 2 Using the CLI To complete DDM configuration foll...

Page 180: ...n the alarm threshold or warning threshold is exceeded Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigab...

Page 181: ...abitEthernet port list Enter interface configuration mode Step 3 ddm temperature_threshold high_alarm high_warning low_alarm low warning value high_alarm Specify the high threshold for the alarm When...

Page 182: ...nterface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list ten gigabitEthernet port range ten gigabitEthernet port list Enter interface configuration...

Page 183: ...g if ddm vlotage_threshold high_alarm 5 Switch config if show ddm configuration voltage Voltage Threshold V High Alarm Low Alarm High Warning Low Warning Gi1 0 9 5 000000 Gi1 0 10 Switch config if end...

Page 184: ...r the warning When the operating parameter falls below this value action associated with the warning will be taken value Enter the threshold value in mA The valid values are from 0 to 131 Step 4 show...

Page 185: ...n associated with the warning will be taken low_alarm Specify the low threshold for the alarm When the operating parameter falls below this value action associated with the alarm will be taken low_war...

Page 186: ...hold for the warning When the operating parameter rises above this value action associated with the warning will be taken low_alarm Specify the low threshold for the alarm When the operating parameter...

Page 187: ...temperature Displays the threshold of the DDM temperature value voltage Displays the threshold of the DDM voltage value bias_current Displays the threshold of the DDM bias current value tx_power Disp...

Page 188: ...ch s SFP ports Step 1 configure Enter global configuration mode Step 2 show ddm status Displays all the monitoring status of SFP modules Step 3 end Return to Privileged EXEC Mode The following example...

Page 189: ...arameters Default settings of DDM are listed in the following table Table 3 1 Default Settings of DDM Parameter Default Setting DDM Status Enable All the SFP ports are being monitored Threshold Action...

Page 190: ...Part 8 Configuring L2PT CHAPTERS 1 Overview 2 L2PT Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 191: ...PDUs between them must be transmitted through the ISP network to perform layer 2 protocol calculation for example calculating a spanning tree Generally the PDUs of the same layer 2 protocol use the sa...

Page 192: ...irectly forwards it to the other end 3 PE2 receives the PDU via its NNI port and restores the destination MAC address of the PDU to its original destination MAC address With L2PT feature configured ac...

Page 193: ...Port Config section configure the port that is connected to the customer network as a UNI port and specify your desired protocols on the port In addition you can also set the threshold for packets pe...

Page 194: ...he threshold is exceeded the port drops the specified layer 2 protocol packets This value ranges from 0 to 1000 packets second 0 indicates that the threshold feature is disabled LAG Displays the link...

Page 195: ...unneling for the STP packets all All the above layer 2 protocols are supported for tunneling threshold Set a threshold which determines the maximum number of packets to be processed for the specified...

Page 196: ...face gigabitEthernet 1 0 1 Switch config if l2protocol tunnel type uni gvrp threshold 1000 Switch config if show l2protocol tunnel interface gigabitEthernet 1 0 1 Interface Type Protocol Threshold LAG...

Page 197: ...switches Switch A and Switch B With the L2PT feature the STP packets can be encapsulated as normal data packets and sent to the other side without being processed by the devices in the ISP network The...

Page 198: ...is as follows Figure 3 2 Global Config 3 Click Save Config to save the settings 3 4 Using the CLI The configurations of Switch A and Switch B are similar The following introductions take Switch A as...

Page 199: ...al l2protocol tunnel State Enable Verify the configuration on port 1 0 1 Switch_A show l2protocol tunnel interface gigabitEthernet 1 0 1 Interface Type Protocol Threshold LAG Gi1 0 1 nni N A Verify th...

Page 200: ...ameters 4 Appendix Default Parameters Default settings of L2PT are listed in the following table Table 4 1 Default Settings of L2PT Parameter Defualt Setting Global Config Layer 2 Protocol Tunneling D...

Page 201: ...Part 9 Configuring 802 1Q VLAN CHAPTERS 1 Overview 2 802 1Q VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 202: ...d all VLAN traffic remains within its VLAN It reduces the influence of broadcast traffic in Layer 2 network to the whole network To enhance network security Devices from different VLANs cannot achieve...

Page 203: ...se steps 1 Configure PVID Port VLAN ID of the port 2 Configure the VLAN including creating a VLAN and adding the configured port to the VLAN 2 1 Using the GUI 2 1 1 Configuring the PVID of the Port Ch...

Page 204: ...in its allowed VLAN list The port drops the tagged frames if the frames VLAN ID are not in its allowed VLAN list When forwarding frames Normally the port forwards the frames with tags If the frames V...

Page 205: ...er a VLAN ID and a description for identification to create a VLAN VLAN ID Enter a VLAN ID for identification with the values between 2 and 4094 Name Give a VLAN description for identification with up...

Page 206: ...ptional Specify a VLAN description for identification descript The length of the description should be 1 to 16 characters Step 4 show vlan id vlan list Show the global information of the specified VLA...

Page 207: ...the port access trunk general The link type By default it is Access Step 4 switchport pvid vlan id Configure the PVID of the port s By default it is 1 vlan id The default VLAN ID of the port with the...

Page 208: ...switchport general allowed vlan vlan list tagged untagged Add Access Trunk General port to the specified VLAN vlan id vlan list Specify the ID or ID list of the VLAN s that the port will be added to T...

Page 209: ...2 1Q VLAN Configuration Configuration Guide 185 PVID 2 Member in LAG N A Link Type General Member in VLAN Vlan Name Egress rule 1 System VLAN Untagged 2 rd Tagged Switch config if end Switch copy runn...

Page 210: ...her department 3 2 Configuration Scheme Divide computers in Department A and Department B into two VLANs respectively so that computers can communicate with each other in the same department but not w...

Page 211: ...n Switch 2 respectively Port 1 0 4 on Switch 1 is connected to port 1 0 8 on Switch 2 Figure 3 1 Network Topology VLAN 10 VLAN 20 Host A1 Host A2 Host B1 Host B2 Switch 1 Switch 2 Gi1 0 2 Gi1 0 3 Gi1...

Page 212: ...or Department A 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 with the description of Department_A Add port 1 0 2 as an untagged port and po...

Page 213: ...Click Save Config to save the settings 3 5 Using the CLI The configurations of Switch 1 and Switch 2 are similar The following introductions take Switch 1 as an example 1 Create VLAN 10 for Departmen...

Page 214: ...1 config if switchport mode access Switch_1 config if switchport access vlan 20 Switch_1 config if exit 3 Set the link type of port 1 0 4 as Trunk and then add it to both VLAN 10 and VLAN 20 Switch_1...

Page 215: ...ult Parameters Configuration Guide 191 4 Appendix Default Parameters Default settings of 802 1Q VLAN are listed in the following table Table 4 1 Default Settings of 802 1Q VLAN Parameter Default Setti...

Page 216: ...Part 10 Configuring MAC VLAN CHAPTERS 1 Overview 2 MAC VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 217: ...even when their access ports change The figure below shows a common application scenario of MAC VLAN Figure 1 1 Common Application Scenario of MAC VLAN Meeting Room 1 Laptop A Laptop B Meeting Room 2...

Page 218: ...g to the data packet and forward it within the VLAN If no the switch will continue to match the data packet with the matching rules of other VLANs such as the protocol VLAN If there is a match the swi...

Page 219: ...er the VLAN ID to bind it to the VLAN MAC Address Enter the MAC address of the device The address should be in 00 00 00 00 00 01 format Description Give a MAC address description for identification wi...

Page 220: ...Using the CLI 2 2 1 Configuring 802 1Q VLAN Before configuring MAC VLAN create an 802 1Q VLAN and set the port type according to network requirements For details refer to Configuring 802 1Q VLAN 2 2 2...

Page 221: ...vlan 10 description Dept A Switch config show mac vlan vlan 10 MAC Addr Name VLAN ID 00 19 56 8A 4C 71 Dept A 10 Switch config end Switch copy running config startup config 2 2 3 Enabling MAC VLAN fo...

Page 222: ...in the configuration file The following example shows how to enable MAC VLAN for port 1 0 1 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if mac vlan Switch config if sh...

Page 223: ...top A 00 19 56 8A 4C 71 Laptop B 00 19 56 82 3B 70 Meeting Room 2 Switch 3 Gi1 0 3 Gi1 0 2 Gi1 0 2 Gi1 0 2 Gi1 0 1 Gi1 0 1 Gi1 0 5 Gi1 0 4 Switch 1 Switch 2 Server B VLAN 20 Server A VLAN 10 3 2 Confi...

Page 224: ...ure in two ways using the GUI and using the CLI 3 3 Using the GUI Configurations for Switch 1 and Switch 2 The configurations of Switch 1 and Switch 2 are similar The following introductions take Swit...

Page 225: ...guration Guide 201 Figure 3 3 VLAN 10 Configuration 3 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 20 and add port 1 0 1 as untagged port and po...

Page 226: ...to load the following page Enter MAC Address Description VLAN ID and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20 Figure 3 5 MAC VLAN Con...

Page 227: ...itch 3 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of port1 0 2 5 as General and click Apply Figure 3 7 Port Configuration 2 Choose the menu VLAN 802 1Q...

Page 228: ...onfiguring MAC VLAN Configuration Example Figure 3 8 VLAN 10 Configuration 3 Click Create to load the following page Create VLAN 20 and add port 1 0 5 as untagged port and ports 1 0 2 3 as tagged port...

Page 229: ...tch 2 are the same The following introductions take Switch 1 as an example 1 Create VLAN 10 for Department A and create VLAN 20 for Department B Switch_1 configure Switch_1 config vlan 10 Switch_1 con...

Page 230: ...VLAN 10 and bind the MAC address of Laptop B to VLAN 20 Switch_1 config mac vlan mac address 00 19 56 8A 4C 71 vlan 10 description PCA Switch_1 config mac vlan mac address 00 19 56 82 3B 70 vlan 20 de...

Page 231: ...4 Switch_3 config if switchport mode general Switch_3 config if switchport general allowed vlan 10 untagged Switch_3 config if exit Switch_3 config interface gigabitEthernet 1 0 5 Switch_3 config if...

Page 232: ...guration Example Switch 3 Switch_3 show vlan VLAN Name Status Ports 1 System VLAN active Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 4 Gi1 0 5 Gi1 0 6 Gi1 0 7 Gi1 0 8 Gi1 0 9 Gi1 0 10 10 DeptA active Gi1 0 2 Gi1 0...

Page 233: ...Configuration Guide 209 4 Appendix Default Parameters Default settings of MAC VLAN are listed in the following table Table 4 1 Default Settings of MAC VLAN Parameter Default Setting MAC Address None D...

Page 234: ...Part 11 Configuring Protocol VLAN CHAPTERS 1 Overview 2 Protocol VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 235: ...corresponding VLANs Since different applications and services use different protocols network administrators can use protocol VLAN to manage the network based on specific applications and services of...

Page 236: ...for the protocol VLAN matching the protocol type value of the packet If MAC VLAN is also configured the switch will first process MAC VLAN If there is a match the switch will insert the corresponding...

Page 237: ...her your desired template already exists in the Protocol Template Table section If not create it in the Create Protocol Template section Protocol Name Enter the name of the new protocol template Ether...

Page 238: ...rotocol Name Select the protocol type VLAN ID Enter the ID of the 802 1Q VLAN to be bound to the protocol type 2 In the Protocol Group Member section select the port or LAG to add to the protocol grou...

Page 239: ...tocol vlan template Verify the protocol templates Step 4 end Return to Privileged EXEC Mode Step 5 copy running config startup config Save the settings in the configuration file The following example...

Page 240: ...nge gigabitEthernet port list ten gigabitEthernet port range ten gigabitEthernet port list Enter interface configuration mode Step 5 show protocol vlan vlan Check the protocol VLAN index entry id of e...

Page 241: ...startup config The following example shows how to add port 1 0 2 to the IPv6 protocol group Switch configure Switch config interface gigabitEthernet 1 0 2 Switch config if show protocol vlan vlan Ind...

Page 242: ...ngs to VLAN 20 and these hosts access the network via Switch 1 Switch 2 is connected to two routers to access the IPv4 network and IPv6 network respectively The routers belong to VLAN 10 and VLAN 20 r...

Page 243: ...to the corresponding VLANs to form protocol groups and add port 1 0 1 to the groups For Switch 1 configure 802 1Q VLAN according to the network topology Demonstrated with T2500G 10MPS this chapter pr...

Page 244: ...tocol VLAN Configuration Example 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add port 1 0 1 and port 1 0 3 as untagged ports to VLAN 1...

Page 245: ...figuration Example Configuration Guide 221 3 Click Create to load the following page Create VLAN 20 and add ports 1 0 2 3 as untagged ports to VLAN 20 Click Apply Figure 3 4 Create VLAN 20 4 Click Sav...

Page 246: ...mple Configurations for Switch 2 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of ports 1 0 1 3 as General and respectively set the PVID of port 1 0 2 and...

Page 247: ...e Configuration Guide 223 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add port 1 0 1 as tagged port and port 1 0 2 as untagged port to...

Page 248: ...ntagged port to VLAN 20 Click Apply Figure 3 7 Create VLAN 20 4 Choose the menu VLAN Protocol VLAN Protocol Template to load the following page Enter IPv6 in the protocol name enter 86DD in the Ether...

Page 249: ...te 5 Choose the menu VLAN Protocol VLAN Protocol Group to load the following page Select the IP protocol name that is the IPv4 protocol template enter VLAN ID 10 select port 1 and click Apply Select t...

Page 250: ...ng page Here you can view the protocol VLAN configuration Figure 3 11 Protocol VLAN configuration 7 Click Save Config to save the settings 3 4 Using the CLI Configurations for Switch 1 1 Create VLAN 1...

Page 251: ...ral set the egress rule as Untagged and add it to both VLAN 10 and VLAN 20 Switch_1 config interface gigabitEthernet 1 0 3 Switch_1 config if switchport mode general Switch_1 config if switchport gene...

Page 252: ...chport mode general Switch_2 config if switchport pvid 20 Switch_2 config if switchport general allowed vlan 20 untagged Switch_2 config if exit 4 Create the IPv6 protocol template Switch_2 config pro...

Page 253: ...ch_2 copy running config startup config Verify the Configurations Switch 1 Verify 802 1Q VLAN configuration Switch_1 show vlan VLAN Name Status Ports 1 System VLAN active Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0...

Page 254: ...g Protocol VLAN Configuration Example 10 IPv4 active Gi1 0 1 Gi1 0 2 20 IPv6 active Gi1 0 1 Gi1 0 3 Verify protocol group configuration Switch_2 show protocol vlan vlan Index Protocol Name VID Member...

Page 255: ...ult settings of Protocol VLAN are listed in the following table Table 4 1 Default Settings of Protocol VLAN Parameter Default Setting Protocol Template Table 1 IP Ethernet II ether type 0800 2 ARP Eth...

Page 256: ...Part 12 Configuring VLAN VPN CHAPTERS 1 VLAN VPN 2 Basic VLAN VPN Configuration 3 Flexible VLAN VPN Configuration 4 Configuration Example 5 Appendix Default Parameters...

Page 257: ...of the ISP network while the inner VLAN tag is treated as part of the payload When forwarding packets from the ISP network to the customer network the switch remove the outer VLAN tag of the packets T...

Page 258: ...n the ISP network Flexible VLAN VPN You can configure different VLANs in the customer network to map to different VLANs in the ISP network When the switch receives a packet with the customer network t...

Page 259: ...nd forwarded by devices of other manufacturers 2 1 Using the GUI 2 1 1 Configuring 802 1Q VLAN Before configuring VLAN VPN set the link type of ports according to network requirements and create an 80...

Page 260: ...VPN up link ports are usually connected to the ISP network and packets sent out from these ports will be tagged with the outer VLAN tag of the ISP network Note The member pot of an LAG Link Aggregati...

Page 261: ...switchport dot1q tunnel mode nni Set ports that are connected to the ISP network as VPN up link ports nni Set ports that are connected to the ISP network as VPN up link ports Step 5 show dot1q tunnel...

Page 262: ...ws how to set port 1 0 2 as the VPN up link port Switch configure Switch config interface gigabitEthernet 1 0 2 Switch config if switchport dot1q tunnel mode nni Switch config if show dot1q tunnel int...

Page 263: ...VPN port receives a packet with the customer network tag the switch will check the VLAN Mapping List If a match is found the switch encapsulates the packet with the corresponding VLAN tag of the ISP...

Page 264: ...exible VLAN VPN Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list Enter interface co...

Page 265: ...241 Switch config interface gigabitEthernet 1 0 3 Switch config if switchport dot1q tunnel mapping 15 1040 mapping1 Switch config if show dot1q tunnel mapping Port C VLAN SP VLAN Name Gi1 0 3 15 1040...

Page 266: ...N 200 Switch 1 Uplink Port Gi1 0 1 General Gi1 0 2 General Gi1 0 2 General Uplink Port Gi1 0 1 General Switch 2 TPID 0x9100 VLAN 1050 4 2 Configuration Scheme Users can configure VLAN VPN on Switch 1...

Page 267: ...hoose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of ports 1 0 1 2 as General and modify PVID of the two ports as 1050 Then click Apply Figure 4 2 Setting Link T...

Page 268: ...VPN Configuration Example Figure 4 3 Creating VLAN 1050 3 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 100 and add port 1 0 2 tagged to the VLAN...

Page 269: ...owing page Create VLAN 200 and add port 1 0 2 tagged to the VLAN Click Apply Figure 4 5 Creating VLAN 200 5 Choose the menu VLAN VLAN VPN VPN Config to load the following page Enable VPN globally set...

Page 270: ...et the port as VPN up link port Switch_1 config interface gigabitEthernet 1 0 1 Switch_1 config if switchport mode general Switch_1 config if switchport general allowed vlan 1050 tagged Switch_1 confi...

Page 271: ...PN Mode Enabled Global TPID 0X9100 Mapping Mode Disabled Verify the configurations of VPN up link port Switch_1 show dot1q tunnel interface Port Type Member NNI Gi1 0 1 Verify the port configuration S...

Page 272: ...e 248 Configuring VLAN VPN Configuration Example Member in LAG N A Link Type General Member in VLAN Vlan Name Egress rule 1 System VLAN Untagged 100 Client_VLAN100 Tagged 200 Client_VLAN200 Tagged 105...

Page 273: ...s Configuration Guide 249 5 Appendix Default Parameters Default settings of VLAN VPN are listed in the following table Table 5 1 Default Settings of VLAN VPN Parameter Default Setting Global VLAN VPN...

Page 274: ...Part 13 Configuring GVRP CHAPTERS 1 Overview 2 GVRP Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 275: ...itch C can receive messages sent from Switch A in VLAN 10 only when the network administrator has manually created VLAN 10 on Switch B and Switch C Figure 1 1 VLAN Topology Switch A Switch B VLAN 10 S...

Page 276: ...messages As the messages can only be sent from one GVRP participant to another two way registration is required to configure a VLAN on all ports in a link To implement two way registration you need t...

Page 277: ...or selected ports the link type must be set as Trunk or the system will prompt error when applying the configuration Status Enable or disable GVRP on the port By default it is disabled Registration Mo...

Page 278: ...tarts the Leave timer If the participant does not receive any Join message of the corresponding attribute before the Leave timer expires the participant deregisters the attribute The range is 60 to 30...

Page 279: ...ibutes join Join timer controls the sending of Join messages After sending the first Join message a participant starts the Join timer If the participant does not receive any JoinIn message it sends th...

Page 280: ...than or equal to two times the Join value The following example shows how to enable GVRP globally and on trunk port 1 0 1 configure the GVRP registration mode as fixed and keep the values of timers a...

Page 281: ...cheme To reduce manual configuration and maintenance workload GVRP can be enabled to implement dynamic VLAN registration and update on the switches When configuring GVRP please note the following Befo...

Page 282: ...ns The following configuration procedures take Switch 1 Switch 2 and Switch 5 as example Configurations for Switch 1 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the l...

Page 283: ...N Configuration 3 Choose the menu VLAN GVRP GVRP Config to load the following page Enable GVRP globally then click Apply Select port 1 0 1 set Status as Enable and set Registration Mode as Fixed Keep...

Page 284: ...onfigurations for Switch 2 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of port 1 0 1 as Trunk Figure 3 5 Set Link Type for the Port 2 Choose the menu VL...

Page 285: ...N Configuration 3 Choose the menu VLAN GVRP GVRP Config to load the following page Enable GVRP globally then click Apply Select port 1 0 1 set Status as Enable and set Registration Mode as Fixed Keep...

Page 286: ...1Q VLAN Port Config to load the following page Set the link type of ports 1 0 1 3 as Trunk Figure 3 8 Set Link Type for the Port 2 Choose the menu VLAN GVRP GVRP Config to load the following page Enab...

Page 287: ...lar configurations The following configuration procedures take Switch 1 Switch 2 and Switch 5 as example Configurations for Switch 1 1 Enable GVRP globally Switch_1 configure Switch_1 config gvrp 2 Cr...

Page 288: ...2 config vlan exit 3 For port 1 0 1 set the link type as Trunk and add it to VLAN 20 Enable GVRP and set the registration mode as Fixed Switch_2 config interface gigabitEthernet 1 0 1 Switch_2 config...

Page 289: ...figuration Switch_1 show gvrp global GVRP Global Status Enabled Verify GVRP configuration for port 1 0 1 Switch_1 show gvrp interface Port Status Reg Mode LeaveAll JoinIn Leave LAG Gi1 0 1 Enabled Fix...

Page 290: ...Normal 1000 20 60 N A Switch 5 Verify global GVRP configuration GVRP Global Status Enabled Verify GVRP configuration for ports 1 0 1 3 Switch_5 show gvrp interface Port Status Reg Mode LeaveAll JoinIn...

Page 291: ...meters Default settings of GVRP are listed in the following tables Table 4 1 Default Settings of GVRP Parameter Default Setting Global Config GVRP Disable Port Config Status Disable Registration Mode...

Page 292: ...Part 14 Configuring Spanning Tree CHAPTERS 1 Spanning Tree 2 STP RSTP Configurations 3 MSTP Configurations 4 STP Security Configurations 5 Configuration Example for MSTP 6 Appendix Default Parameters...

Page 293: ...on STP RSTP RSTP Rapid Spanning Tree Protocol provides the same features as STP But RSTP also provides much faster spanning tree convergence MSTP MSTP Multiple Spanning Tree Protocol also provides the...

Page 294: ...of a 2 byte priority and a 6 byte MAC address The priority is allowed to be configured manually on the switch and the switch with the lowest priority value will be elected as the root bridge If the p...

Page 295: ...ected port with spanning tree function enabled Port Status Generally in STP the port status includes Blocking Listening Learning Forwarding and Disabled Blocking In this status the port receives and s...

Page 296: ...bled with spanning tree function but not connected to any device Path Cost The path cost reflects the link speed of the port The smaller the value the higher link speed the port has The path cost can...

Page 297: ...s section will introduce some concepts only exist in MSTP Figure 1 3 MSTP Topology region 1 region 3 region 4 CST IST Blocked Port region 2 MST Region An MST region consists of multiple interconnected...

Page 298: ...Internal Spanning Tree which is a special MST instance with an instance ID of 0 By default all the VLANs are mapped to IST CST The Common Spanning Tree which is the spanning tree connects all MST reg...

Page 299: ...y if the port does not receive any higher priority BDPUs it will transit to its normal state BPDU Protect BPDU Protect function is used to prevent the port from receiving BPDUs It is recommended to en...

Page 300: ...maliciously sends a large number of TC BPDUs to a switch in a short period the switch will be busy with removing MAC address entries which may decrease the performance and stability of the network Wi...

Page 301: ...e To avoid any possible network flapping caused by STP RSTP parameter changes you are suggested to enable STP RSTP function globally after configuring the relevant parameters 2 1 Using the GUI 2 1 1 C...

Page 302: ...ode is STP RSTP Edge Port Enable or disable Edge Port By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like...

Page 303: ...ort is not participating in the spanning tree Port Status Displays the port status Forwarding The port receives and sends BPDUs and forwards user data Learning The port receives and sends BPDUs and dr...

Page 304: ...default value is 2 Max Age Specify the maximum time the switch can wait without receiving a BPDU before attempting to regenerate a spanning tree The valid values are from 6 to 40 in seconds and the d...

Page 305: ...STP MSTP Specify the spanning tree mode as MSTP 2 1 3 Verifying the STP RSTP Configurations Verify the STP RSTP information of your switch after all the configurations are finished Choose the menu Spa...

Page 306: ...not displayed when you choose the spanning tree mode as STP RSTP Designated Bridge Displays the bridge ID of the designated bridge The designated bridge is the switch that has designated ports Root P...

Page 307: ...disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an edge port point to point a...

Page 308: ...ward Delay The valid values are from 4 to 30 in seconds and the default value is 15 Forward Delay is the time for the port to transit its state after the network topology is changed hello time Specify...

Page 309: ...e State Mode Priority Hello Time Fwd Time Max Age Hold Count Max Hops Enable Rstp 36864 2 12 20 5 20 Switch config end Switch copy running config startup config 2 2 3 Enabling STP RSTP Globally Follow...

Page 310: ...e is enabled Spanning tree s mode RSTP 802 1w Rapid Spanning Tree Protocol Latest topology change time 2006 01 02 10 04 02 Root Bridge Priority 32768 Address 00 0a eb 13 12 ba Local bridge is the root...

Page 311: ...a spanning tree To avoid any possible network flapping caused by MSTP parameter changes you are suggested to enable MSTP function globally after configuring the relevant parameter 3 1 Using the GUI 3...

Page 312: ...e Port By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an ed...

Page 313: ...isplays the port status Forwarding The port receives and sends BPDUs and forwards user data Learning The port receives and sends BPDUs and drops the other packets Blocking The port only receives BPDUs...

Page 314: ...nstance Instance Config to load the following page Figure 3 3 Configuring the VLAN Instance Mapping Follow these steps to map VLANs to the corresponding instance and configure the priority of the swit...

Page 315: ...apped to the corresponding instance ID After the modification the previous VLAN will be cleared and mapped to the CIST Show All Click the Show All to show all VLANs mapped to the instance Clear All Cl...

Page 316: ...It is the path cost of the port in the desired instance The port with the lowest path cost will be elected as the root of the desired instance Port Role Displays the role that the port plays in the d...

Page 317: ...ghest priority will be elected as the root bridge Hello Time Specify the interval to send BPDUs The valid values are from 1 to 10 in seconds and the default value is 2 Max Age Specify the maximum time...

Page 318: ...2 Forward Delay 1 Max Age 2 In the Global Config section enable Spanning Tree function and choose the STP mode as MSTP and click Apply Spanning Tree Enable or disable spanning tree function globally...

Page 319: ...formation of CIST Spanning Tree Displays the status of the spanning tree function Spanning Tree Mode Displays the spanning tree mode Local Bridge Displays the bridge ID of the local switch The local b...

Page 320: ...onal Root Bridge Displays the bridge ID of the root bridge in the desired instance Internal Path Cost Displays the internal path cost It is the root path cost from the current switch to the regional r...

Page 321: ...By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an edge por...

Page 322: ...Configuring the MST Region Follow these steps to configure the MST region and the priority of the switch in the instance Step 1 configure Enter global configuration mode Step 2 spanning tree mst inst...

Page 323: ...instance instance id interface fastEthernet port gigabitEthernet port port channel lagid Optional View the related information of MSTP Instance digest Display digest calculated by instance vlan map in...

Page 324: ...o 240 which are divisible by 16 and the default value is 128 The port with the lower value has the higher priority In the same condition the port with the highest priority will be elected as the root...

Page 325: ...able 32 Auto Auto No No auto N A N A LnkDwn MST Instance 5 Interface Prio Cost Role Status Gi1 0 3 144 200 N A LnkDwn Switch config if end Switch copy running config startup config 3 2 3 Configuring G...

Page 326: ...m number of BPDU packets transmitted per Hello Time interval value Specify the maximum number of BPDU packets transmitted per Hello Time interval The valid values are from 1 to 20 pps and the default...

Page 327: ...globally Step 1 configure Enter global configuration mode Step 2 spanning tree mode mstp Configure the spanning tree mode as MSTP mstp Specify the spanning tree mode as MSTP Step 3 spanning tree Enabl...

Page 328: ...ess 00 0a eb 13 23 97 Regional Root Bridge Priority 36864 Address 00 0a eb 13 12 ba Local bridge is the regional root bridge Local Bridge Priority 36864 Address 00 0a eb 13 12 ba Interface State Prio...

Page 329: ...TP Configurations Configuration Guide 305 Priority 32768 Address 00 0a eb 13 12 ba Interface Prio Cost Role Status Gi 0 6 128 200000 Altn Blk Gi 0 8 128 200000 Mstr Fwd Switch config end Switch copy r...

Page 330: ...nfigure the TC Protect function Configure the BPDU Protect function Configure the BPDU Filter function 4 1 Using the GUI 4 1 1 Configuring the STP Security Choose the menu Spanning Tree STP Security P...

Page 331: ...mmended to enable this function on the ports of non root switches TC Protect function is used to prevent the switch from frequently removing MAC address entries With TC protect function enabled if the...

Page 332: ...receive any higher priority BDPUs it will transit to its normal state Step 5 spanning tree guard tc Enable the TC Protect function on the port TC Protect is to prevent the decrease of the performance...

Page 333: ...tch configure Switch config interface gigabitEthernet 1 0 3 Switch config if spanning tree guard loop Switch config if spanning tree guard root Switch config if spanning tree bpdufilter Switch config...

Page 334: ...een the switches is 100Mb s the default path cost of the port is 200000 It is required that traffic in VLAN 101 VLAN 103 and traffic in VLAN 104 VLAN 106 should be transmitted along different paths Fi...

Page 335: ...to instance 2 3 Configure the priority of Switch B as 0 to set is as the root bridge in instance 1 configure the priority of Switch C as 0 to set is as the root bridge in instance 2 4 Configure the pa...

Page 336: ...name as 1 and the revision level as 100 Figure 5 4 Configuring the MST Region 3 Choose the menu Spanning Tree MSTP Instance Instance Config to load the following page Map VLAN101 VLAN103 to instance 1...

Page 337: ...f Port 1 0 1 In Instance 1 5 Choose the menu Spanning Tree STP Config STP Config to load the following page Enable MSTP function globally here we leave the values of the other global parameters as def...

Page 338: ...Here we leave the values of the other parameters as default settings Figure 5 8 Enable Spanning Tree Function on Ports 2 Choose the menu Spanning Tree MSTP Instance Region Config to load the followin...

Page 339: ...Tree MSTP Instance Instance Config to load the following page Configure the priority of Switch B as 0 to set it as the root bridge in instance 1 Figure 5 11 Configuring the Priority of Switch B in Ins...

Page 340: ...Path Cost of Port 1 0 2 in Instance 2 6 Choose the menu Spanning Tree STP Config STP Config to load the following page Enable MSTP function globally Here we leave the values of the other global parame...

Page 341: ...Here we leave the values of the other parameters as default settings Figure 5 14 Enable Spanning Tree Function on Ports 2 Choose the menu Spanning Tree MSTP Instance Region Config to load the followin...

Page 342: ...Instance Config to load the following page Configure the priority of Switch C as 0 to set it as the root bridge in instance 2 Figure 5 17 Configuring the Priority of Switch C in Instance 2 5 Choose th...

Page 343: ...tance 1 as 400000 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if spanning tree Switch config if spanning tree mst instance 1 cost 400000 Switch config if exit Switch c...

Page 344: ...bitEthernet 1 0 2 Switch config if spanning tree Switch config if spanning tree mst instance 2 cost 400000 Switch config if exit Switch config interface gigabitEthernet 1 0 1 Switch config if spanning...

Page 345: ...LAN106 to instance 2 configure the priority of Switch C in instance 2 as 0 to set it as the root bridge in instance 2 Switch config spanning tree mst configuration Switch config mst name 1 Switch conf...

Page 346: ...Local Bridge Priority 32768 Address 00 0a eb 13 23 97 Interface Prio Cost Role Status LAG Gi1 0 1 128 400000 Root Fwd N A Gi1 0 2 128 200000 Altn Blk N A Verify the configurations of Switch A in insta...

Page 347: ...e 1 Switch config show spanning tree mst instance 1 MST Instance 1 Root Bridge Priority 0 Address 00 0a eb 13 12 ba Local bridge is the root bridge Designated Bridge Priority 0 Address 00 0a eb 13 12...

Page 348: ...ress 00 0a eb 13 12 ba Interface Prio Cost Role Status Gi1 0 1 128 200000 Altn Blk Gi1 0 2 128 200000 Root Fwd Switch C Verify the configurations of Switch C in instance 1 Switch config show spanning...

Page 349: ...configurations of Switch C in instance 2 Switch config show spanning tree mst instance 2 MST Instance 2 Root Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Local bridge is the root bridge Designated Bri...

Page 350: ...Default Setting Spanning tree Disable Mode STP CIST Priority 32768 Hello Time 2 seconds Max Age 20 seconds Forward Delay 15 seconds TxHoldCount 5 pps Max Hops 20 hops Table 6 2 Default Settings of the...

Page 351: ...Configuring Spanning Tree Appendix Default Parameters Configuration Guide 327 Parameter Default Setting Port Priority 128 Path Cost Auto...

Page 352: ...iguring Layer 2 Multicast CHAPTERS 1 Layer 2 Multicast 2 IGMP Snooping Configurations 3 Configuring MLD Snooping 4 Viewing Multicast Snooping Configurations 5 Configuration Examples 6 Appendix Default...

Page 353: ...oint to multipoint network multicast technology not only transmits data with high efficiency but also saves a large bandwidth and reduces network load In practical applications Internet information pr...

Page 354: ...ast packets 1 2 Supported Layer 2 Multicast Protocols Layer 2 Multicast protocol for IPv4 IGMP Snooping On the Layer 2 device IGMP Snooping transmits data on demand on data link layer by analyzing IGM...

Page 355: ...the following page Figure 2 1 IGMP Snooping Global Config Enabling IGMP Snooping Globally Before configuring functions related to IGMP Snooping enable IGMP Snooping globally first 1 Select Enable to...

Page 356: ...eport message to Layer 3 devices and suppress subsequent IGMP report messages from the same multicast group during one query interval which reduces the number of IGMP packets 2 Click Apply Configuring...

Page 357: ...an IGMP leave message the switch obtains the address of the multicast group that the host wants to leave from the message Then the switch sends out MASQs to this multicast group through the port rece...

Page 358: ...h Fast Leave enabled on a port the switch will remove this port from the forwarding list of the corresponding multicast group once the port receives a leave message Once deleted the switch will no lon...

Page 359: ...D Specify the VLAN to enable IGMP Snooping Router Port Time Specify the aging time of the router ports in the VLAN If the router port does not receive any IGMP general query message within the router...

Page 360: ...1 Configure the forbidden router ports in the designate VLAN VLAN ID Specify the VLAN to be configured Forbidden Router Ports Select the ports to forbid them from being router ports in the VLAN 2 Clic...

Page 361: ...LAN configure the specific VLAN to be the multicast VLAN and configure the Router Port Time and Member Port Time Multicast VLAN Select Enable to enable multicast VLAN function VLAN ID Specify the 802...

Page 362: ...w source IP address The switch will replace the source IP in the IGMP multicast data sent by the multicast VLAN with the IP address you enter 2 Click Apply Viewing Dynamic Router Ports in the Multicas...

Page 363: ...gure the querier 1 Specify a VLAN and configure the querier on this VLAN VLAN ID Specify the VLAN to be configured Query Interval Enter the interval between general query messages sent by the querier...

Page 364: ...to create a profile and configure its filtering mode 1 Create a profile and configure its filtering mode Profile ID Enter a profile ID between 1 and 999 Mode Select Permit or Deny as the filtering mo...

Page 365: ...er ports to join specific multicast groups Deny similar to a blacklist means that the switch disallows specific member ports to join specific multicast groups Start IP Specify the Start IP of the mult...

Page 366: ...er Profile ID Enter the profile ID you create to bind the profile to the port One port can only be bound to one profile ClearBinding Click to clear the binding between the profile and the port 2 Click...

Page 367: ...owest multicast MAC address with the new multicast group 2 Click Apply 2 1 8 Viewing IGMP Statistics on Each Port Choose the menu Multicast IGMP Snooping Packet Statistic to load the following page Fi...

Page 368: ...enu Multicast IGMP Snooping IGMP Authentication to load the following page Figure 2 10 IGMP Accounting and Authentication Configuring IGMP Accounting Globally To use this function you should also enab...

Page 369: ...entication IGMP Authentication Select one or more ports and select Enable in the IGMP Authentication column 2 Click Apply 2 1 10 Configuring Static Member Port This function allows you to specify a po...

Page 370: ...ption Static Multicast IP Table displays details of all IGMP static multicast groups 2 2 Using the CLI 2 2 1 Enabling IGMP Snooping Globally Step 1 configure Enter global configuration mode Step 2 ip...

Page 371: ...xample shows how to enable IGMP Snooping globally and enable IGMP Snooping on port 1 0 3 Switch configure Switch config ip igmp snooping Switch config interface gigabitEthernet 1 0 3 Switch config if...

Page 372: ...terval which reduces the number of IGMP packets Step 3 end Return to privileged EXEC mode Step 4 show ip igmp snooping Show the basic IGMP snooping configuration Step 5 copy running config startup con...

Page 373: ...e basic IGMP snooping configuration Step 5 copy running config startup config Save the settings in the configuration file For switches that support MLD Snooping IGMP Snooping and MLD Snooping share th...

Page 374: ...aging time of member ports ranging from 60 to 600 seconds Step 3 end Return to privileged EXEC mode Step 4 show ip igmp snooping Show the basic IGMP snooping configuration Step 5 copy running config...

Page 375: ...will delete the port multicast group entry from the multicast forwarding table once the port receives a leave message You should only use this function when there is a single receiver present on the...

Page 376: ...place Specify the action towards the new multicast group when the number of multicast groups the port joined exceeds max group drop Drop all subsequent membership report messages and the port join no...

Page 377: ...MASQs sent by the switch The valid values are from 1 to 5 seconds Step 3 ip igmp snooping last listener query count num num determines the number of MASQs sent by the switch The valid values are from...

Page 378: ...time router time is the aging time of the router ports in the specified VLAN ranging from 60 to 600 seconds member time is the aging time of the member ports in the specified VLAN ranging from 60 to 6...

Page 379: ...config Configuring Static Router Port Step 1 configure Enter global configuration mode Step 2 ip igmp snooping vlan config vlan id list rport interface gigabitEthernet port list port channel port cha...

Page 380: ...interface gigabitEthernet port list port channel port channel id port list and port channel id are the ports that cannot become router ports in the specified VLAN Step 3 show ip igmp snooping vlan vl...

Page 381: ...fies the static multicast IP address port list and port channel id specify the forward ports member ports bound to the static multicast IP address in the specified VLAN Step 3 show ip igmp snooping gr...

Page 382: ...mber time is the aging time of the member ports in the multicast VLAN ranging from 60 to 600 seconds Step 3 show ip igmp snooping multi vlan Show the IGMP snooping configuration in the multicast VLAN...

Page 383: ...he static router ports in the multicast VLAN Step 3 show ip igmp snooping multi vlan Show the IGMP snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy ru...

Page 384: ...ticast VLAN Step 3 show ip igmp snooping multi vlan Show the IGMP snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save...

Page 385: ...the IGMP snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following exa...

Page 386: ...leged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to enable IGMP Snooping and IGMP Querier in VLAN 4 Switch configur...

Page 387: ...id Show the detailed IGMP querier configuration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example sh...

Page 388: ...join specific multicast groups Step 4 range start ip end ip Configure the range of multicast IP to be filtered start ip end ip are the start IP and end IP of the IP range respectively Step 5 show ip i...

Page 389: ...ecified port Step 4 show ip igmp profile id Show the detailed IGMP profile configuration Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the co...

Page 390: ...e Step 3 ip igmp snooping authentication Enable IGMP Authentication on the specified port Step 4 show ip igmp snooping interface gigabitEthernet port authentication Show the IGMP authentication status...

Page 391: ...is enabled and RADIUS server is configured Enabling IGMP Accounting Globally Step 1 configure Enter global configuration mode Step 2 ip igmp snooping accounting Enable IGMP Accounting globally Step 3...

Page 392: ...functions related to MLD Snooping enable MLD Snooping globally first 1 Select Enable to enable MLD Snooping globally 2 Click Apply Optional Configuring Unknown Multicast Unknown Multicast decides how...

Page 393: ...the router ports and the member ports 1 Specify the aging time of the router ports Router Port Time Router ports are ports connected to Layer 3 devices on the switch The router port ages if the switc...

Page 394: ...etween MASQs The valid values are from 1 to 5 seconds 2 Specify the number of MASQs to be sent Last Listener Query Count When the switch receives an MLD leave message the switch obtains the address of...

Page 395: ...ce deleted the switch will no longer send MASQs to this port to verify if there are other members of this multicast group Follow these steps to configure fast leave 1 Select the port to be configured...

Page 396: ...ts in the VLAN If the member port does not receive any MLD membership report message from the multicast group within the member port time the switch will no longer consider this port as a member port...

Page 397: ...nly need to send one piece of multicast data to a Layer 2 device and the Layer 2 device will send the data to all member ports of the VLAN In this way Multicast VLAN saves bandwidth and reduces networ...

Page 398: ...is port as a member port and delete it from the multicast forwarding table The valid values are from 60 to 600 seconds When the member port time is 0 the VLAN uses the global time 3 Click Apply Option...

Page 399: ...AN will be processed in this multicast VLAN 3 1 5 Optional Configuring the Querier MLD Snooping Querier sends general query packets regularly to maintain the multicast forwarding table Choose the menu...

Page 400: ...an define a blacklist or whitelist of multicast addresses so as to filter multicast sources Choose the menu Multicast MLD Snooping Profile Config to load the following page Figure 3 6 Profile Create C...

Page 401: ...e Info table Editing IP Range of the Profile Follow these steps to edit profile mode and its IP range 1 Click Edit in the MLD Profile Info table Edit its IP range and click Add to save the settings Fi...

Page 402: ...d the profile to the port 1 Select the port to be bound and enter the Profile ID in the Profile ID column Select Select the port to be bound Port Displays the port number Profile ID Enter the profile...

Page 403: ...sages and the port will not join any new multicast groups Replace Replace the existing multicast group owning the lowest multicast MAC address with the new multicast group 2 Click Apply 3 1 8 Viewing...

Page 404: ...9 Configuring Static Member Port This function allows you to specify a port as a static member port in the multicast group Choose the menu Multicast Multicast Table Static IPv6 Multicast Table to loa...

Page 405: ...CLI 3 2 1 Enabling MLD Snooping Globally Step 1 configure Enter global configuration mode Step 2 ipv6 mld snooping Enable MLD Snooping Globally Step 3 show ipv6 mld snooping Show the basic MLD snoopi...

Page 406: ...ch configure Switch config ipv6 mld snooping Switch config interface gigabitEthernet 1 0 3 Switch config if ipv6 mld snooping Switch config if show ipv6 mld snooping MLD Snooping Enable Unknown Multic...

Page 407: ...uration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to enable Report Message Suppres...

Page 408: ...artup config Save the settings in the configuration file IGMP Snooping and MLD Snooping share the setting of Unknown Multicast so you have to enable IGMP Snooping globally at the same time The followi...

Page 409: ...ing Show the basic MLD snooping configuration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example show...

Page 410: ...u should only use this function when there is a single receiver present on the port Step 4 show ipv6 mld snooping interface fastEthernet port port list gigabitEthernet port port list basic config Show...

Page 411: ...nd the port join no more new multicast groups replace Replace the existing multicast group with the lowest multicast MAC address with the new multicast group Step 5 show ipv6 mld snooping interface fa...

Page 412: ...re from 1 to 5 Step 4 show ipv6 mld snooping Show the basic MLD snooping configuration Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the conf...

Page 413: ...VLAN ranging from 60 to 600 seconds Step 3 show ipv6 mld snooping vlan vlan id Show the basic MLD snooping configuration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy run...

Page 414: ...ort channel id port list and port channel id are the static router ports in the specified VLAN Step 3 show ipv6 mld snooping vlan vlan id Show the basic MLD snooping configuration in the specified VLA...

Page 415: ...mld snooping vlan vlan id Show the basic MLD snooping configuration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the c...

Page 416: ...atic multicast IP address in the specified VLAN Step 3 show ipv6 mld snooping groups static Show the static MLD snooping configuration Step 4 end Return to privileged EXEC mode Step 5 copy running con...

Page 417: ...seconds Step 3 show ipv6 mld snooping multi vlan Show the MLD snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the...

Page 418: ...the MLD snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following exam...

Page 419: ...ng configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how t...

Page 420: ...LAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast...

Page 421: ...XEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to enable MLD Snooping and MLD Querier in VLAN 4 Switch configure Switch...

Page 422: ...iled MLD querier configuration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to enable...

Page 423: ...specific multicast groups Step 4 range start ip end ip Configure the range of multicast IP to be filtered start ip end ip are the start IP and end IP of the IP range respectively Step 5 end Return to...

Page 424: ...fied port Step 4 show ipv6 MLD profile id Show the detailed MLD profile configuration Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the confi...

Page 425: ...Configuration Guide 401 Configuring Layer 2 Multicast Configuring MLD Snooping range ff01 1234 5 ff01 1234 8 Binding Port s Gi1 0 2 Switch config end Switch copy running config startup config...

Page 426: ...ticast Multicast Table IPv4 Multicast Table to view all valid Multicast IP VLAN Port entries Figure 4 1 IPv4 Multicast Table Search Option Search Option Search for specific multicast entries by using...

Page 427: ...tat Displays settings of IGMP Snooping on the port s port port list specifies the port s to display basic config max groups packet stat displays the related IGMP configuration information show ip igmp...

Page 428: ...tics of all IGMP packets 4 2 2 Viewing IPv6 Multicast Snooping Configurations show ipv6 mld snooping Displays global settings of MLD Snooping show ipv6 mld snooping interface fastEthernet port port li...

Page 429: ...dynamic displays information of all dynamic multicast groups dynamic count displays the number of dynamic multicast groups static displays information of all static multicast groups static count displ...

Page 430: ...ng topology Host B Host C and Host D are connected to port 1 0 1 port 1 0 2 and port 1 0 3 respectively Port 1 0 4 is the router port connected to the multicast querier Figure 5 1 Network Topology for...

Page 431: ...ng the CLI 5 1 3 Using the GUI 1 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Enable IGMP Snooping globally and keep the default values in the Router Port Time an...

Page 432: ...u VLAN 802 1Q VLAN Port Config to load the following page For port 1 0 1 4 configure the link type as General and the PVID as 10 Figure 5 4 Configure Link Type and PVID 4 Choose the menu VLAN 802 1Q V...

Page 433: ...0 as the Router Port Time and Member Port Time which means the global settings will be used Figure 5 6 Enable IGMP Snooping in the VLAN 6 Click Save Config to save the settings 5 1 4 Using the CLI 1...

Page 434: ...untagged Switch config if range exit 5 For port 1 0 4 set the link type as General and the PVID as 10 Then add the ports to VLAN 10 as tagged ports Switch config interface gigabitEthernet 1 0 4 Switc...

Page 435: ...rk Requirements Host B Host C and Host D are in three different VLANs of the switch All of them want to receive multicast data sent to multicast group 225 1 1 1 5 2 2 Configuration Scheme Create a mul...

Page 436: ...0 Querier Source Gi1 0 4 Gi1 0 2 Gi1 0 3 Gi1 0 1 Demonstrated with T2500G 10MPS this section provides configuration procedures in two ways using the GUI and using the CLI 5 2 4 Using the GUI 1 Choose...

Page 437: ...Snooping Snooping Config to load the following page Enable IGMP Snooping on port 1 0 1 4 Figure 5 9 Configure IGMP Snooping Globally 3 Choose the menu VLAN 802 1Q VLAN Port Config to load the followi...

Page 438: ...4 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 40 and add port 1 0 1 4 to VLAN 40 as untagged ports Create VLAN 10 20 and 30 Add port 1 0 1 to V...

Page 439: ...e as 0 Figure 5 13 Create Multicast VLAN 6 Click Save Config to save the settings 5 2 5 Using the CLI 1 Enable IGMP Snooping Globally Switch configure Switch config ip igmp snooping 2 Enable IGMP Snoo...

Page 440: ...nterface range gigabitEthernet 1 0 2 Switch config if switchport mode general Switch config if switchport pvid 20 Switch config if switchport general allowed vlan 20 40 untagged Switch config if exit...

Page 441: ...VLAN active Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 4 Gi1 0 9 Gi1 0 10 10 vlan10 active Gi1 0 1 20 vlan20 active Gi1 0 2 30 vlan30 active Gi1 0 3 40 m vlan active Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 4 Show status of...

Page 442: ...ion Scheme After the channel is changed the client Host B still receives irrelevant multicast data the data from the previous channel and possibly other unknown multicast data which increases the netw...

Page 443: ...following page Enable IGMP Snooping globally and configure Unknown Multicast as Discard Figure 5 15 Configure IGMP Snooping Globally Note IGMP Snooping and MLD Snooping share the setting of Unknown M...

Page 444: ...4 Click Save Config to save the settings 5 3 4 Using the CLI 1 Enable IGMP Snooping Globally Switch configure Switch config ip igmp snooping 2 Configure Unknown Multicast as Discard globally Switch co...

Page 445: ...g Verify the Configurations Show global settings of IGMP Snooping Switch config show ip igmp snooping IGMP Snooping Enable Unknown Multicast Discard Last Query Times 2 Last Query Interval 1 Global Mem...

Page 446: ...echanism profile binding the switch can only allow specific member ports to join specific multicast groups or forbid specific member ports to join specific multicast groups You can achieve this filter...

Page 447: ...ng the CLI 5 4 4 Using the GUI 1 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Enable IGMP Snooping globally and keep the default values in the Router Port Time an...

Page 448: ...u VLAN 802 1Q VLAN Port Config to load the following page For port 1 0 1 4 configure the link type as General and the PVID as 10 Figure 5 21 Configure Link Type and PVID 4 Choose the menu VLAN 802 1Q...

Page 449: ...Router Port Time and Member Port Time which means the global settings will be used Figure 5 23 Enable IGMP Snooping in the VLAN 6 Specify the multicast data that Host C and Host D can receive a Choose...

Page 450: ...the following page Select port 1 0 2 and port 1 0 3 enter 1 in the Profile ID field and click Apply to bind Profile 1 to these ports Figure 5 26 Bind Profile 1 to Port 1 0 2 and Port 1 0 3 7 Specify...

Page 451: ...ollowing page In the IGMP Profile Info table click Edit in the Profile 2 entry enter 225 0 0 2 in both Start IP and End IP fields and click Add Figure 5 28 Edit Add IP range in Profile 2 c Choose the...

Page 452: ...ce range gigabitEthernet 1 0 1 4 Switch config if range ip igmp snooping Switch config if range exit 3 Create VLAN 10 Switch config vlan 10 Switch config vlan name vlan10 Switch config vlan exit 4 For...

Page 453: ...IP and end IP being 225 0 0 1 Switch config ip igmp profile 1 Switch config igmp profile permit Switch config igmp profile range 225 0 0 1 225 0 0 1 Switch config igmp profile exit 8 Bind Profile 1 to...

Page 454: ...ble Unknown Multicast Pass Last Query Times 2 Last Query Interval 1 Global Member Age Time 260 Global Router Age Time 300 Global Report Suppression Disable Global Authentication Accounting Disable Ena...

Page 455: ...0 seconds Last Listener Query Interval 1 second Last Listener Query Count 2 IGMP Snooping Settings on the Port IGMP Snooping Disabled Fast Leave Disabled IGMP Snooping Settings in the VLAN Enable or N...

Page 456: ...of IGMP Snooping MLD Snooping Disabled Unknown Multicast Forward Report Message Suppression Disabled Router Port Time 300 seconds Member Port Time 260 seconds Last Listener Query Interval 1 second Las...

Page 457: ...ng Layer 2 Multicast Appendix Default Parameters Function Parameter Default Setting IGMP Snooping Querier Enable or Not Disabled Query Interval 60 seconds Max Response Time 10 seconds General Query So...

Page 458: ...Part 16 Configuring DHCP VLAN Relay CHAPTERS 1 DHCP VLAN Relay 2 DHCP VLAN Relay Configuration 3 Appendix Default Parameters...

Page 459: ...lient and the DHCP server are not in the same VLAN the switch will forward the client s requests to the DHCP server through the default agent interface and forward the DHCP server s response to the cl...

Page 460: ...ng page Figure 2 1 Enable DHCP Relay and Configure Option 82 Follow these steps to enable DHCP Relay and configure Option 82 1 In the Global Config section enable DHCP Relay 2 Optional In the Option 8...

Page 461: ...customized circuit ID which contains up to 64 characters The circuit ID configurations of the switch and the DHCP server should be compatible with each other Remote ID Enter the customized remote ID...

Page 462: ...ss Enter the IP address of the DHCP server 2 2 Using the CLI 2 2 1 Enabling DHCP Relay Follow these steps to enable DHCP Relay Step 1 configure Enter global configuration mode Step 2 service dhcp rela...

Page 463: ...ion feature of Option 82 Step 5 ip dhcp relay information circuit id circuit id If the Customization feature is enabled specify the circuit ID circuit id Specify the circuit ID with 1 to 63 characters...

Page 464: ...nfiguration mode Step 2 interface vlan vid Enter management VLAN interface Step 3 ip dhcp relay default interface Set management VLAN interface as the default relay agent interface Step 4 exit Return...

Page 465: ...rver address as 192 168 1 8 on VLAN 10 Switch configure Switch config interface vlan 1 Switch config if ip dhcp relay default interface Switch config if exit Switch config ip dhcp relay vlan 10 helper...

Page 466: ...ngs of DHCP Relay are listed in the following table Table 3 1 Default Settings of DHCP Relay Parameter Default Setting DHCP Relay DHCP Relay Disable Option 82 Support Disable Existed Option 82 field K...

Page 467: ...Part 17 Configuring QoS CHAPTERS 1 QoS 2 DiffServ Configuration 3 Bandwidth Control Configuration 4 Configuration Examples 5 Appendix Default Parameters...

Page 468: ...k performance and bandwidth utilization DiffServ The switch classifies the ingress packets maps the packets to different priority queues and then forwards the packets according to specified scheduling...

Page 469: ...Priority DSCP priority determines the priority of packets based on the ToS Type of Service field in their IP header RFC2474 re defines the ToS field in the IP packet header as DS field The first six b...

Page 470: ...y 1 Configure the Tag id CoS id TC mapping relations Tag id CoS id Select the desired Tag id CoS id to configure Tag id indicates the PRI field in 802 1Q tag It comprises 3 bits and the valid values a...

Page 471: ...the DSCP TC mapping relations DSCP Select the desired DSCP priority DSCP priority represents the DSCP field in the IP packet header It comprises 6 bits and the valid values are from 0 to 63 Note The D...

Page 472: ...he TC queue that the port will be mapped to The switch supports 8 TC queues from TC0 for the lowest priority to TC 7 for the highest priority LAG Displays the aggregation group which the port is in 2...

Page 473: ...atio of TC0 to TC7 is 1 2 4 127 SP WRR Mode Strict Priority Weight Round Robin Mode In this mode the switch provides two scheduling groups SP group and WRR group When scheduling queues the switch allo...

Page 474: ...6 are 1 2 4 8 16 32 and 64 respectively while the value of TC7 is 0 and non configurable 3 Click Apply Note With ACL Redirect feature the switch maps all the packets that meet the configured ACL rules...

Page 475: ...SCP priority is disabled Switch config show qos cos map Tag 0 1 2 3 4 5 6 7 TC TC1 TC0 TC0 TC3 TC4 TC5 TC6 TC7 Switch config end Switch copy running config startup config Configuring DSCP Priority Ste...

Page 476: ...es 10 14 to TC1 and keep other mapping relations as default Switch configure Switch config qos queue dscp map 10 14 0 Switch config show qos status 802 1p priority is disabled DSCP priority is enabled...

Page 477: ...TC queues of all ports port list The list of Ethernet ports lagid list The list of LAGs Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the con...

Page 478: ...ually The weight value ratio of all the queues is 1 1 1 1 It is the default schedule mode Step 3 qos queue weight tc id weight value Optional Configure the weight value of each queue after the Schedul...

Page 479: ...le mode as WRR with the weight values of TC0 to TC7 as 4 7 10 13 16 19 22 25 Switch configure Switch config qos queue mode wrr Switch config qos queue weight 0 4 Switch config qos queue weight 1 7 Swi...

Page 480: ...sing the GUI 3 1 1 Configuring Rate Limit Choose the menu QoS Bandwidth Control Rate Limit to load the following page Figure 3 1 Rate Limit Follow these steps to configure the Rate Limit function 1 Co...

Page 481: ...de and specify the upper rate limit for receiving broadcast packets in the Broadcast field The packet traffic exceeding the rate will be discarded The switch supports the following three rate modes kb...

Page 482: ...Frame rate mode and specify the upper rate limit for receiving UL Frames in the UL Frame field The packet traffic exceeding the rate will be discarded The switch supports the following three rate mod...

Page 483: ...t list Verify the ingress egress rate limit for forwarding packets on the port If no port is specified it displays the upper ingress egress rate limit for all ports Step 5 end Return to privileged EXE...

Page 484: ...exceeding the rate will be discarded For kbps the valid rate values are from 1 to 1000000 kbps for ratio the valid rate values are from 1 to 100 percent Step 4 show storm control interface fastEthern...

Page 485: ...can be treated preferentially when congestion occurs Only when the traffic from the Admin is completely forwarded will the traffic from Host A be forwarded The figure below shows the network topology...

Page 486: ...d priority for port 1 0 2 to TC0 Figure 4 2 Configure Port Priority 2 Choose QoS DiffServ Schedule Mode to load the following page and select SP Mode as the schedule mode Click Apply Figure 4 3 Config...

Page 487: ...h copy running config startup config Verify the configuration Verify the port TC mapping Switch config show qos interface Port TC Value LAG Gi1 0 1 1 N A Gi1 0 2 0 N A Verify the schedule mode Switch...

Page 488: ...ver 10 10 88 5 24 RD Dept 10 10 10 0 24 Marketing Dept 10 10 20 0 24 Router Gi1 0 3 Gi1 0 1 Gi1 0 1 VLAN 10 VLAN 20 Gi1 0 2 Gi1 0 2 Switch B Switch A 4 2 2 Configuration Scheme Configure Switch A to a...

Page 489: ...Q VLAN Port Config change the type of port 1 0 1 3 to General Figure 4 5 Configure the Port 2 Choose VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 with the de...

Page 490: ...nfiguration Examples Figure 4 6 Configure VLAN 10 3 Click Create again to load the following page Create VLAN 20 with the description of Marketing Add port 1 0 2 as an untagged port and port 1 0 3 as...

Page 491: ...Figure 4 7 Configure VLAN 20 4 Click save config to save the settings Configurations for Switch B 1 Choose VLAN 802 1Q VLAN Port Config to load the following page For port 1 0 1 set the Link Type as T...

Page 492: ...amples Figure 4 8 Configure the Port 2 Choose VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and VLAN 20 and add port 1 0 1 to the two VLANs create VLAN 30 and...

Page 493: ...Configuring QoS Configuration Examples Configuration Guide 469 Figure 4 10 Configure VLAN 20 Figure 4 11 Configure VLAN30...

Page 494: ...e Select ACL 10 specify the Rule ID as 1 and the Operation as Permit Click Apply Figure 4 13 Create Rule 1 4 Create Policy RD and bind it to ACL 10 select QoS Remark and set Local Priority to TC1 Choo...

Page 495: ...d set Local Priority to TC0 Choose ACL Policy Config Policy Create to load the following page Create a policy with the Policy Name Marketing and click Apply Figure 4 16 Create Policy Marketing Choose...

Page 496: ...nfiguration Examples Figure 4 17 Action Create 6 Choose ACL Policy Binding VLAN Binding Bind Policy RD and Policy Marketing to VLAN10 and VLAN 20 respectively Figure 4 18 Bind Policy RD to VLAN 10 Fig...

Page 497: ...able to each other Configurations for Switch A 1 Create VLAN 10 with the name RD and VLAN 20 with the name Marketing Switch_A configure Switch_A config vlan 10 Switch_A config vlan name RD Switch_A co...

Page 498: ...t 1 0 1 as Trunk and add it to the two VLANs Switch_B configure Switch_B config vlan 10 Switch_B config vlan name RD Switch_B config vlan exit Switch_B config vlan 20 Switch_B config vlan name Marketi...

Page 499: ...licy Marketing and bind it to ACL 10 enable QoS Remark and set Local Priority to TC0 Switch_B config access list policy name Marketing Switch_B config access list policy action Marketing 10 Switch_B c...

Page 500: ...i1 0 52 10 RD active Gi1 0 1 Gi1 0 3 20 Marketing active Gi1 0 2 Gi1 0 3 Switch B Verify ACL configuration Switch_B show access list Mac access list 10 1 permit Verify Policy and Action configuration...

Page 501: ...Configuring QoS Configuration Examples Configuration Guide 477 Verify the schedule mode Switch_B show qos queue mode Scheduler Mode WRR...

Page 502: ...ame TC queue 802 1P Priority Enabled See Table 5 3 for Tag id CoS id TC mapping relations DSCP Priority Disabled See Table 5 4 for DSCP CoS id mapping relations Schedule Mode Equ Mode Table 5 2 Tag id...

Page 503: ...Configuring QoS Appendix Default Parameters Configuration Guide 479 Bandwidth Control Table 5 4 Bandwidth Control Parameter Default Setting Rate Limit Disabled Storm Control Disabled...

Page 504: ...Part 18 Configuring Voice VLAN CHAPTERS 1 Overview 2 Voice VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 505: ...mode is applicable when the switch port forwards voice traffic only You manually add ports connecting IP phones to the voice VLAN then the switch will apply priority rules to ensure the high priority...

Page 506: ...r a packet is a voice packet An OUI address is the first 24 bits of a MAC address and is assigned as a unique identifier by IEEE Institute of Electrical and Electronics Engineers to a device vendor If...

Page 507: ...choose the mode according to your needs and configure the port as the following table shows Table 2 1 Voice VLAN mode and Link Type of the Port Traffic on One Port Voice Traffic Type Suggested Mode Su...

Page 508: ...page Figure 2 1 Configuring OUI Addresses Follow these steps to add OUI addresses 1 Enter an OUI address and the corresponding mask and give a description about the OUI address OUI Enter the OUI addr...

Page 509: ...or the voice VLAN Aging Time Specify the length of time that a port remains in the voice VLAN after the port receives a voice packet Aging time works only for ports in automatic voice VLAN mode The ra...

Page 510: ...ports to the voice VLAN Auto When a port receives a voice packet whose resource MAC address matches an OUI address the switch automatically adds the port to the voice VLAN If you choose the Auto mode...

Page 511: ...ce VLAN If necessary make sure the security mode is disabled 3 Click Apply 2 2 Using the CLI Follow these steps to configure the voice VLAN Step 1 configure Enter global configuration mode Step 2 show...

Page 512: ...ts to the voice VLAN when the ports receive voice packets If you choose the auto mode for the specified ports make sure traffic from your voice device is tagged manual You need to manually add the spe...

Page 513: ...fig vlan 10 Switch config vlan name VoiceVLAN Switch config vlan exit Switch config voice vlan priority 5 Switch config voice vlan 10 Switch config interface gigabitEthernet 1 0 1 Switch config if swi...

Page 514: ...nd traffic with the voice VLAN tag Voice traffic is transmitted in the voice VLAN and data traffic is transmitted in the default VLAN Set ports that are connected to IP phones in automatic voice VLAN...

Page 515: ...default VLAN for data traffic Voice traffics from Switch A and Switch B are forwarded to voice gateway and Internet through Switch C Figure 3 1 Network Topology Internet IP Phone 20 IP Phone 30 Switc...

Page 516: ...A 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of port1 0 1 2 as General and click Apply Figure 3 2 Configuring the Link Type of port 1 0 1 2 2 Choose t...

Page 517: ...lowing page Enable voice VLAN enter 10 in the VLAN ID field and set aging time as 1440 minutes and priority as 6 Then click Apply Figure 3 4 Configuring Voice VLAN Globally 4 Choose the menu QoS Voice...

Page 518: ...nfiguration Example Figure 3 5 Configuring Voice VLAN Mode on Port 1 0 1 Figure 3 6 Configuring Voice VLAN Mode on Port 1 0 2 5 Choose the menu VLAN 802 1Q VLAN VLAN Config and edit VLAN 10 to load th...

Page 519: ...0 2 to the Voice VLAN 6 Choose the menu LLDP Basic Config Global Config to load the following page Enable LLDP globally Figure 3 8 Enabling LLDP Globally 7 Choose the menu LLDP LLDP MED Global Config...

Page 520: ...o load the following page Enable LLDP MED on port 1 0 1 Figure 3 10 Configuring LLDP MED on Ports Click Detail of port1 0 1 to load the following page Configure the TLV information which will be carri...

Page 521: ...3 11 Configuring TLVs For details about LLDP MED please refer to Configuring LLDP 9 Click Save Config to save the settings Configurations for Switch B 1 Choose the menu VLAN 802 1Q VLAN Port Config to...

Page 522: ...k Type of port 1 0 1 3 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 Figure 3 13 Creating a VLAN 3 Choose the menu QoS Voice VLAN Global Con...

Page 523: ...menu QoS Voice VLAN Port Config to load the following page Select ports 1 0 1 3 choose manual mode and enable security mode Click Apply Figure 3 15 Configuring Voice VLAN Mode on Ports 5 Choose the m...

Page 524: ...n Example Figure 3 16 Adding Ports to the Voice VLAN 6 Click Save Config to save the settings Configurations for Switch C 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Conf...

Page 525: ...he Link Type of port 1 0 1 3 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add ports 1 0 1 3 as tagged ports to the VLAN Click Apply Fig...

Page 526: ...g voice vlan aging 1440 Switch_A config voice vlan priority 6 Switch_A config voice vlan 10 4 Configure port 1 0 1 to automatic voice VLAN mode and enable security mode Switch_A config interface gigab...

Page 527: ...10 Switch_B config vlan name VoiceVLAN Switch_B config vlan exit 2 Set the 802 1p priority of voice packets as 6 and VLAN 10 as the voice VLAN Switch_B config voice vlan priority 6 Switch_B config voi...

Page 528: ...ports 1 0 1 3 set the link type as General and the egress rule as Tagged and add them to the Voice VLAN Switch_C config interface range gigabitEthernet 1 0 1 3 Switch_C config if range switchport mode...

Page 529: ...e vlan Voice VLAN status Enabled VLAN ID 10 Aging Time 1440 Voice Priority 6 Verify the voice VLAN configuration on the ports Switch_B show voice vlan switchport Port Auto mode Security State LAG Gi1...

Page 530: ...Default Settings of Port Configuration Parameter Default Setting Port Mode Auto Security Mode Disable Member State Inactive Table 4 3 Entries in the OUI Table OUI MASK Description 00 01 e3 00 00 00 f...

Page 531: ...Part 19 Configuring PoE CHAPTERS 1 PoE 2 PoE Power Management Configurations 3 Time Range Function Configurations 4 Example for PoE Configurations 5 Appendix Default Parameters...

Page 532: ...ct detection and optional power device power classification PSE Power sourcing equipment PSE is a device that provides power for PDs on the Ethernet for example the PoE switch PSE can detect the PDs a...

Page 533: ...ponding ports to quickly configure the PoE parameters 2 1 Using the GUI 2 1 1 Configuring the PoE Parameters Manually Choose the menu PoE PoE Config PoE Config to load the following page Figure 2 1 Co...

Page 534: ...Class1 The maximum power that the port can supply is 4W Class2 The maximum power that the port can supply is 7W Class3 The maximum power that the port can supply is 15 4W Class4 The maximum power that...

Page 535: ...iority level for the PoE profile The following options are provided High Middle and Low When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensu...

Page 536: ...power of the PoE switch 2 In the Port Config section select a profile and bind it to the corresponding ports Click Apply Port Select Specify the port number and click Select to quick select the corres...

Page 537: ...able the PoE function By default it is enable Step 5 power inline priority low middle high Specify the PoE priority for the corresponding port low middle high Select the priority level for the corresp...

Page 538: ...of 1 0 1 3 1 0 5 Step 10 end Return to privileged EXEC mode Step 11 copy running config startup config Save the settings in the configuration file The following example shows how to set the system pow...

Page 539: ...ority level for the profile When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensure stable running of other PDs power limit auto class1 class...

Page 540: ...6 Switch configure Switch config power profile profile1 supply enable priority middle consumption class2 Switch config show power profile Index Name Status Priority Power Limit w 1 profile1 Enable Mi...

Page 541: ...urce We recommend that you use Network Time Protocol NTP to synchronize the switch clock For details refer to System Info Configurations in Managing System 3 1 Using the GUI 3 1 1 Creating a Time Rang...

Page 542: ...ick Add When the Absolute mode is selected the following section will be shown Figure 3 2 Absolute Mode Type Select Absolute time to configure From Time Specify the starting time of the absolute mode...

Page 543: ...ify the time Holiday Name Specify a name for the holiday time Start Date Specify the starting time of the holiday End Date Specify the ending time of the holiday 2 Click Apply 3 1 3 Viewing the Time R...

Page 544: ...include Step 4 Use the following command to create a absolute time range absolute from start date to end date Specify the time range in absolute mode start date Specify the starting time of the time...

Page 545: ...ed if the name is not specified Step 9 end Return to privileged EXEC mode Step 10 copy running config startup config Save the settings in the configuration file The following example shows how to crea...

Page 546: ...s If the name contains spaces enclose the name in double quotes start date Specify the starting time of the holiday in the format of MM DD end date Specify the ending time of the holiday in the format...

Page 547: ...the time range desired It ranges from 1 to 16 characters If the name contains spaces enclose the name in double quotes All PoE time range configurations will be displayed if the name is not specified...

Page 548: ...ce time for example from 08 30 to 18 00 You can also set a holiday and make the time range settings not be affected on holiday Then apply the settings to port 1 0 3 and 1 0 4 Port 1 0 1 and 1 0 2 need...

Page 549: ...Time Range Holiday Config to load the following page Specify a name for the holiday and set the starting date and ending date Figure 4 3 Configure the Holiday 3 Choose the menu PoE PoE Config PoE Con...

Page 550: ...30 end 23 00 day of the week 1 5 Switch_A config time range exit 2 Create a holiday Switch_A config power holiday Christmas start date 12 22 end date 12 31 3 Enable the PoE function on the port 1 0 3...

Page 551: ...entry office time Active holiday exclude number of absolute time 0 01 01 2000 00 00 to 12 31 2099 24 00 by default number of periodic time 1 1 08 30 to 23 00 on 1 2 3 4 5 Verify the configuration of...

Page 552: ...Time Range No Limit PoE Profile None Table 5 2 Default Settings of PoE Profile Parameter Default Setting Profile Name None PoE Status Enable PoE Priority High Power Limit Auto Table 5 3 Default Setti...

Page 553: ...Part 20 Configuring ACL CHAPTERS 1 Overview 2 ACL Configuration 3 Configuration Example for ACL 4 Appendix Default Parameters...

Page 554: ...situations To prevent various network attacks such as attacks on IP Internet Protocol TCP Transmission Control Protocol and ICMP Internet Control Message Protocol packets To manage network access beh...

Page 555: ...nfigure a time range during which the ACL takes effect 2 Create an ACL and configure the rules to filter different packets 3 Create a Policy and configure the policy action for packets that match the...

Page 556: ...range in Holiday mode In this mode the corresponding ACL rule takes effect only when the system date falls within the specified holiday time For details refer to Configuring Holiday Absolute Configure...

Page 557: ...name to the holiday Start Date End Date Specify the start and end date of the holiday 2 Click Apply to make the settings effective 2 1 3 Creating an ACL You can create different types of ACL and defin...

Page 558: ...fy the ACL 2 Click Apply to make the settings effective Note The supported ACL type and ID range varies on different switch models Please refer to the on screen information 2 1 4 Configuring ACL Rules...

Page 559: ...at the corresponding bit in the address will be matched D MAC Mask Enter the destination IP address with a mask A value of 1 in the mask indicates that the corresponding bit in the address will be mat...

Page 560: ...packet matching criteria S IP Mask Specify the source IP address with a mask A value of 1 in the mask indicates that the corresponding bit in the address will be matched D IP Mask Specify the destina...

Page 561: ...e from the drop down list The default is All which indicates that packets of all protocols will be matched TCP Flag If TCP protocol is selected you can configure the TCP Flag to be used for the rule s...

Page 562: ...can also delete an ACL or an ACL rule or change the matching order if needed Choose the menu ACL ACL Config ACL Summary to load the following page Figure 2 7 ACL Information 2 1 5 Configuring Policy P...

Page 563: ...st Select ACL Select an ACL to be applied to the policy 2 Configure the actions to be taken for the matched packets S Mirror Configure port mirroring for the matched packets Enter a destination port t...

Page 564: ...nd Policy Binding You can select ACL binding or Policy binding according to your needs An ACL or policy takes effect only after it is bound to a port or VLAN Configuring the ACL Binding You can bind t...

Page 565: ...Binding VLAN Binding to load the following page Figure 2 11 Binding the ACL to a VLAN Follow these steps to bind the ACL to a VLAN Select the ACL and enter the VLAN ID and click Apply ACL ID Select an...

Page 566: ...ding to this policy Binding the Policy to a Port Figure 2 12 Binding the policy to a Port Follow these steps to bind the policy to a Port Select the policy and the port to be bound and click Apply Pol...

Page 567: ...LAN ID Enter the VLAN ID Verifying the Binding Configuration Verifying the ACL Binding You can view both port binding and VLAN binding entries in the table You can also delete existing entries if need...

Page 568: ...the CLI 2 2 1 Configuring Time Range Some services or features that use ACL need to be limited to a specified time period In this case you can configure time range for the ACL Step 1 configure Enter g...

Page 569: ...icates every day off day indicates Saturday and Sunday and working day indicates Monday to Friday By default Week mode is disabled time slice Add a time slice in HH MM HH MM format You can add a maxim...

Page 570: ...eriodic time slice 08 30 18 00 periodic week day 1 2 3 4 5 Switch config end Switch copy running config startup config 2 2 2 Configuring ACL Follow the steps to create different types of ACL and confi...

Page 571: ...k Enter the mask of the destination MAC address This is required if a destination MAC address is entered The format is FF FF FF FF FF FF vlan id The VLAN ID ranges from 1 to 4094 ethernet type Specify...

Page 572: ...he packets that match the rule Deny means to discard permit means to forward By default it is set to permit source ip Enter the source IP address source ip mask Enter the mask of the source IP address...

Page 573: ...255 255 Switch config show access list 600 Standard IP access list 600 rule 1 permit sip 192 168 1 100 smask 255 255 255 255 Switch config end Switch copy running config startup config Extend IP ACL...

Page 574: ...disable matching of fragmented packets The default is disable When enabled the rule will apply to all fragmented packets and always permit to forward the last fragment of a packet dscp Specify the DSC...

Page 575: ...ets through operations such as mirroring rate limiting redirecting or changing priority Follow the steps below to create a policy and configure the policy actions Step 1 configure Enter global configu...

Page 576: ...for the packets whose rate is beyond the specified rate The default is None qos remark dscp dscp priority pri dot1p pri Optional Define the policy to remark priority for the matched packets dscp Spec...

Page 577: ...ange ten gigabitEthernet port list access list bind policy name Optional Enter layer 2 interface configuration mode and bind the policy to the port port The port to which the policy will bind policy n...

Page 578: ...atched and processed according to the ACL rules Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port gigabitEthernet port ten gigabitEthernet port access list bind acl a...

Page 579: ...ure Switch config interface gigabitEthernet 1 0 3 Switch config if access list bind acl 1 Switch config if exit Switch config interface vlan 4 Switch config if access list bind acl 2 Switch config if...

Page 580: ...department can only visit http and https websites on the internet 3 2 Network Topology As is shown below computers in the Marketing department are connected to the switch via port 1 0 1 and the intern...

Page 581: ...matches the packets with the rules in order starting with Rule 1 If a packet matches a rule the switch stops the matching process and initiates the action defined in the rule Binding Configuration Ap...

Page 582: ...Rule 1 3 Choose the menu ACL ACL Config Extend IP ACL to load the the following page Select the Extend IP ACL 1600 configure rule 2 and rule 3 to permit packets with source IP 10 10 70 0 and destinati...

Page 583: ...nfiguring Rule 3 4 Choose the menu ACL ACL Config Extend IP ACL to load the following page Select the Extend IP ACL 1600 configure Rule 4 and Rule 5 to permit packets with source IP 10 10 70 0 and wit...

Page 584: ...5 Choose the menu ACL ACL Config Extend IP ACL to load the following page Select the Extend IP ACL 1600 configure Rule 6 to deny packets with source IP 10 10 70 0 Figure 3 8 Configuring Rule 6 6 Choos...

Page 585: ...y 7 Choose the menu ACL Policy Config Action Create to load the the following page Then apply ACL 1600 to Policy Market Figure 3 10 Applying the ACL to the Policy 8 Choose the menu ACL Policy Binding...

Page 586: ...ule 2 and Rule 3 to permit packets with source IP 10 10 70 0 and destination port TCP 80 http service port or TCP 443 https service port Switch config access list extended 1600 rule 2 permit sip 10 10...

Page 587: ...itch config if exit Switch config end Switch copy running config startup config Verify the Configurations Verify the Extended IP access list 1600 rule 1 permit sip 10 10 70 0 smask 255 255 255 0 dip 1...

Page 588: ...arameter Default Setting Operation Permit User Priority No Limit Time Range No Limit For Standard IP ACL Parameter Default Setting Operation Permit Time Range No Limit For Extend IP ACL Parameter Defa...

Page 589: ...rity 2 IP MAC Binding Configurations 3 DHCP Snooping Configuration 4 ARP Inspection Configurations 5 DoS Defend Configuration 6 802 1X Configuration 7 PPPoE ID Insertion Configuration 8 AAA Configurat...

Page 590: ...ng DHCP Snooping DHCP Snooping supports the basic DHCP security feature and the Option 82 feature Basic DHCP Security During the working process of DHCP generally there is no authentication mechanism...

Page 591: ...erver Administrators can check the location of the DHCP client via option 82 The DHCP server supporting option 82 can also set the distribution policy of IP addresses and the other parameters providin...

Page 592: ...alicious DoS attack packets and discard them directly Also DoS Defend feature can limit the transmission rate of legal packets When the number of legal packets exceeds the threshold value and may incu...

Page 593: ...ients confirms whether a client is legal and informs the authenticator whether a client is authenticated PPPoE ID Insertion In common PPPoE dialup mode when users dial up through PPPoE they can access...

Page 594: ...accounts and an Enable password for other users The guests do not have administrative privileges without the Enable password provided AAA provides a safe and efficient authentication method The authen...

Page 595: ...Binding Table 2 1 Using the GUI 2 1 1 Binding Entries Manually You can manually bind the IP address MAC address VLAN ID and the Port number together on the condition that you have got the related inf...

Page 596: ...ies Dynamically The binding entries can be dynamically learned from ARP Scanning and DHCP Snooping ARP Scanning With ARP Scanning the switch sends the ARP request packets of the specified IP field to...

Page 597: ...Warning The collision entries have the same IP address and MAC address and all the collision entries are valid This kind of collision may be caused by the MSTP function Critical The collision entries...

Page 598: ...oping Displays the binding entries learned from DHCP Snooping IP Enter an IP address and click Search to search the specific entry In the Binding Table section you can view the searched entries Additi...

Page 599: ...anually bind the IP address MAC address VLAN ID and the Port number together on the condition that you have got the related information of the hosts Follow these steps to manually bind entries Step 1...

Page 600: ...nd Switch copy running config startup config 2 2 2 Viewing Binding Entries On privileged EXEC mode or any other configuration mode you can use the following command to view binding entries show ip sou...

Page 601: ...oping after step 1 and step 2 are completed By default the binding entries are applied to ARP Detection Configuration Guidelines DHCP Snooping and DHCP Relay cannot be used at the same time on the swi...

Page 602: ...arameters Trusted Port Select Enable to set the port that is connected to the DHCP server as a trusted port Select Disable to set the other ports as untrusted ports MAC Verify Enable or disable the MA...

Page 603: ...addresses and other parameters providing a more flexible address distribution way Choose the menu Network Security DHCP Snooping Option 82 Config to load the following page Figure 3 3 Option 82 Config...

Page 604: ...ter the customized remote ID which contains up to 64 characters LAG Displays the LAG that the port is in 2 Click Apply 3 2 Using the CLI 3 2 1 Enabling DHCP Snooping on VLAN Follow these steps to glob...

Page 605: ...4 ip dhcp snooping mac verify Enable the MAC Verify feature There are two fields in the DHCP packet that contain the MAC address of the host The MAC Verify feature compares the two fields of a DHCP p...

Page 606: ...snooping mac verify Switch config if ip dhcp snooping limit rate 10 Switch config if ip dhcp snooping decline rate 20 Switch config if show ip dhcp snooping interface gigabitEthernet 1 0 1 Interface T...

Page 607: ...es the DHCP Request packets drop Indicates discarding the packets that include the Option 82 field Step 5 ip dhcp snooping information circuit id string Configure the circuit ID The circuit ID configu...

Page 608: ...dhcp snooping information circut id VLAN20 Switch config if ip dhcp snooping information remote id Host1 Switch config if show ip dhcp snooping information interface gigabitEthernet 1 0 7 Interface O...

Page 609: ...the illegal ARP packets Before configuring ARP Detection complete IP MAC Binding configuration For details refer to IP MAC Binding Configurations Choose the menu Network Security ARP Inspection ARP De...

Page 610: ...le the ARP Defend feature Speed 10 100 pps Specify the maximum number of the ARP packets that can be received on the port per second The valid values are from 10 to 100 pps packet second and the defau...

Page 611: ...u Network Security ARP Inspection ARP Statistics to load the following page Figure 4 3 ARP Statistics In the Auto Refresh section you can enable the auto refresh feature and specify the refresh interv...

Page 612: ...fastEthernet port list gigabitEthernet port range gigabitEthernet port list Enter interface configuration mode Step 4 ip arp inspection trust Configure the port as a trusted port on which the ARP Det...

Page 613: ...gigabitEthernet port range gigabitEthernet port list Enter interface configuration mode Step 3 ip arp inspection Enable the ARP defend feature on the port Step 4 ip arp inspection limit rate value Sp...

Page 614: ...Gi1 0 2 Enabled 20 N A Normal N A Switch config if end Switch copy running config startup config The following example shows how to restore the port 1 0 1 that is in Discard status to Normal status Sw...

Page 615: ...g ARP Statistics On privileged EXEC mode or any other configuration mode you can use the following command to view ARP statistics show ip arp inspection statistics View the ARP statistics on each port...

Page 616: ...DoS attack Land Attack The attacker sends a specific fake SYN synchronous packet to the destination host Because both of the source IP address and the destination IP address of the SYN packet are set...

Page 617: ...packets If the attacker sends overflowing fake request packets the network resource will be occupied maliciously and the requests of the legal clients will be denied WinNuke Attack Because the Operat...

Page 618: ...d host is reduced because the Host circularly attempts to build a connection with the attacker ping flood The attacker floods the destination system with Ping packets creating a broadcast storm that m...

Page 619: ...ve the settings in the configuration file The following example shows how to enable the DoS Defend type named land Switch configure Switch config ip dos prevent Switch config ip dos prevent type land...

Page 620: ...curity cannot be enabled at the same time Before enabling 802 1X authentication make sure that Port Security is disabled 6 1 Using the GUI 6 1 1 Configuring the RADIUS Server Enable AAA function on th...

Page 621: ...exchange responses Auth Port Specify the UDP destination port on the RADIUS server for authentication requests The default setting is 1812 Acct Port Specify the UDP destination port on the RADIUS ser...

Page 622: ...Add New Server Group section specify the name and server type for the new server group and click Add Server Group Specify the name of the new server group Server Type Select the type of the server gro...

Page 623: ...Configuring the Dot1x List Follow these steps to configure RADIUS server groups for 802 1X authentication and accounting 1 In the Authentication Dot1x Method List section select an existing RADIUS ser...

Page 624: ...EAP Extensible Authentication Protocol packets is terminated at the switch and the EAP packets are converted to other protocol such as RADIUS packets and transmitted to the authentication server EAP T...

Page 625: ...et Period Specify the Quiet Period It ranges from 1 to 999 seconds and the default time is 10 seconds The quiet period starts after the authentication fails During the quiet period the switch does not...

Page 626: ...nticated Control Type Select the Control Type for the port By default it is MAC Based MAC Based All clients connected to the port need to be authenticated Port Based If a client connected to the port...

Page 627: ...the shared key 0 and 7 prevent the encryption type 0 indicates that an unencrypted key will follow 7 indicates that a symmetric encrypted key with a fixed length will follow By default the encryption...

Page 628: ...file The following example shows how to enable AAA add a RADIUS server to the server group named radius1 and apply this server group to the 802 1X authentication The IP address of the RADIUS server is...

Page 629: ...ected the 802 1X authentication system uses EAP Extensible Authentication Protocol packets to exchange information between the switch and the client The transmission of EAP packets is terminated at th...

Page 630: ...the client within the specified time it will resend the request Step 7 dot1x max reauth req times Specify the maximum number of attempts to send the authentication packet for the client times The maxi...

Page 631: ...method mac based port based Configure the control type for the port By default it is mac based mac based All clients connected to the port need to be authenticated port based If a client connected to...

Page 632: ...g startup config Save the settings in the configuration file The following example shows how to enable 802 1X authentication on port 1 0 2 configure the control type as port based and configure the co...

Page 633: ...eature With this option enabled the switch will insert a Circuit ID to the received PPPoE Discovery packet on this port Circuit ID Type Select the type of the Circuit ID The following options are prov...

Page 634: ...Discovery packet on this port Step 5 pppoe circuit id type mac ip udf Value udf only Value Specify the type of the Circuit ID The following options are provided mac The source MAC address of the pack...

Page 635: ...port 1 0 1 and configure the Circuit ID as 123 without other information and Remote ID as host1 Switch configure Switch config pppoe id insertion Switch config if interface gigabitEthernet 1 0 1 Switc...

Page 636: ...the users in the order they are added The server that is first added to the group has the highest priority and is responsible for authentication under normal circumstances If the first one breaks dow...

Page 637: ...8 1 Global Configuration Follow these steps to globally enable AAA 1 In the Global Config section enable AAA 2 Click Apply 8 1 2 Adding Servers You can add one or more RADIUS TACACS servers on the sw...

Page 638: ...The default setting is 1813 Usually it is used in the 802 1X feature Retransmit Specify the number of times a request is resent to the server if the server does not respond The default setting is 2 T...

Page 639: ...The servers running the same protocol are automatically added to the default server group You can add new server groups as needed Choose the menu Network Security AAA Server Group to load the followin...

Page 640: ...t Then click Add to add this server to the server group Figure 8 6 Add Server to Group 8 1 4 Configuring the Method List A method list describes the authentication methods and their sequence to authen...

Page 641: ...method List Type Select the authentication type The following options are provided Authentication Login and Authentication Enable Pri1 Pri4 Specify the authentication methods in order The method with...

Page 642: ...the users trying to log in to the switch Enable List Select a previously configured Enable method list This method list will authenticate the users trying to get administrative privileges 2 Click App...

Page 643: ...US server the user name should be set as enable and the Enable password is customizable All the users trying to get administrative privileges share this Enable password On TACACS server configure the...

Page 644: ...nation port on the RADIUS server for authentication requests The default setting is 1812 acct port port id Specify the UDP destination port on the RADIUS server for accounting requests The default set...

Page 645: ...e server as 192 168 0 10 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 Switch configure Switch config radius server host 192 168 0 10...

Page 646: ...length will follow By default the encryption type is 0 string is the shared key for the switch and the server which contains 31 characters at most encrypted string is a symmetric encrypted key with a...

Page 647: ...pe group name Specify a name for the group Step 3 server ip address Add the existing servers to the server group ip address Specify IP address of the server to be added to the group Step 4 show aaa gr...

Page 648: ...if the previous method does not respond and so on The default methods include radius tacacs local and none None means no authentication is used for login Step 3 aaa authentication enable method list m...

Page 649: ...tion enable Methodlist pri1 pri2 pri3 pri4 default local Enable1 radius local Switch config end Switch copy running config startup config 8 2 5 Configuring the AAA Application List You can configure a...

Page 650: ...st Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration file The following example shows how to apply the existing Login method li...

Page 651: ...e application Telnet method list Specify the name of the Enable method list Step 5 show aaa global Verify the configuration of application list Step 6 end Return to privileged EXEC mode Step 7 copy ru...

Page 652: ...ep 4 enable authentication method list Apply the Enable method list for the application SSH method list Specify the name of the Enable method list Step 5 show aaa global Verify the configuration of ap...

Page 653: ...e Login method list Step 3 ip http enable authentication method list Apply the Enable method list for the application HTTP method list Specify the name of the Enable method list Step 4 show aaa global...

Page 654: ...represent the encryption type 0 indicates that an unencrypted key will follow 7 indicates that a symmetric encrypted key with a fixed length will follow By default the encryption type is 0 password is...

Page 655: ...e login account can be created on the server Besides both the user name and password can be customized For Enable password configuration On RADIUS server the user name should be set as enable and the...

Page 656: ...Figure 9 1 Network Topology Gi1 0 4 Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 5 User 3 88 A9 D4 54 FD C3 192 168 0 33 24 User 1 74 D3 45 32 B6 8D Attacker Illegal DHCP Server User 2 76 D9 33 56 78 A3 Switch A Le...

Page 657: ...ARP packets on each port thus to prevent ARP flooding attacks Demonstrated with T2500G 10MPS the following sections provide configuration procedure in two ways using the GUI and using the CLI 9 1 3 U...

Page 658: ...e following page Enter the host name IP address MAC address and VLAN ID of User 3 select ARP Detection as the protect type and select port 1 0 3 on the panel Click Bind Figure 9 4 Manual Binding 4 Cho...

Page 659: ...twork Security ARP Inspection ARP Detect to load the following page Enable ARP Detection and set ports 1 0 4 as trusted port Click Apply Figure 9 6 ARP Detect 6 Choose the menu Network Security ARP In...

Page 660: ...ng User3 192 168 0 33 88 a9 d4 54 fd c3 vlan 1 interface gigabitEthernet 1 0 3 arp detection 4 Enable ARP Detection globally and set port 1 0 4 as a trusted port Switch_A config ip arp inspection Swit...

Page 661: ...0 0 N A Verify the IP MAC Binding entries Switch_A show ip source binding U No Host IP Addr MAC Addr VID Port ACL Col 1 1 User1 192 168 0 20 74 d3 45 32 6b 8d 1 Gi1 0 1 ARP D 1 2 User2 192 168 0 21 76...

Page 662: ...at only the authenticated clients can access the Internet 9 2 2 Configuration Scheme To authenticate clients separately enable 802 1X authentication configure the control mode as auto and set the cont...

Page 663: ...h T2500G 10MPS acting as the authenticator the following sections provide configuration procedure in two ways using the GUI and using the CLI 9 2 4 Using the GUI 1 Choose the menu Network Security AAA...

Page 664: ...up Figure 9 11 Create Server Group 4 On the same page select the newly created server group and click edit to load the following page Select 192 168 0 10 from the drop down list and click Add to add t...

Page 665: ...d as EAP Enable the Quiet feature and then keep the default authentication settings Figure 9 14 Global Config 7 Choose the menu Network Security 802 1X Authentication Port Config to load the following...

Page 666: ...ethod enable the quiet feature and configure relevant parameters Switch_A configure Switch_A config dot1x system auth control Switch_A config dot1x auth method eap Switch_A config dot1x quiet period 3...

Page 667: ...Timer 10 sec Max Retry times For RADIUS Packet 3 Supplicant Timeout 3 sec Verify the configurations of 802 1X authentication on the port Switch_A show dot1x interface Port State GuestVLAN PortControl...

Page 668: ...twork to provide a safer authenticate method for the administrators trying to log in or get administrative privileges If RADIUS Server 1 breaks down and doesn t respond to the authentication request R...

Page 669: ...ways using the GUI and using the CLI 9 3 3 Using the GUI 1 Choose the menu Network Security AAA Global Config to load the following page In the Global Config section enable AAA and click Apply Figure...

Page 670: ...pecify the group name as RADIUS1 and the server type as RADIUS Click Add to create the server group Figure 9 20 Create Server Group 5 On the same page select the newly created server group and click e...

Page 671: ...for the Login authentication Figure 9 22 Configure Login Method List 7 On the same page specify the Method List Name as Method Enable select the List Type as Authentication Enable and select the Pri1...

Page 672: ...o RADIUS servers to the server group Switch config aaa group radius RADIUS1 Switch aaa group server 192 168 0 10 Switch aaa group server 192 168 0 20 Switch aaa group exit 4 Create two method lists Me...

Page 673: ...1813 5 2 123456 Verify the configuration of server group RADIUS1 Switch show aaa group RADIUS1 192 168 0 10 192 168 0 20 Verify the configuration of the method lists Switch show aaa authentication Aut...

Page 674: ...nfiguration Guide 650 Configuring Network Security Configuration Examples Module Login List Enable List Console default default Telnet Method Login Method Enable Ssh default default Http default defau...

Page 675: ...otect Type For Manual Binding None For ARP Scanning None For DHCP Snooping All Table 10 2 DHCP Snooping Parameter Default Setting Global Config DHCP Snooping Disable VLAN ID Disable Port Config Truste...

Page 676: ...Defend Disable Speed 15 pps ARP Statistics Auto Refresh Disable Refresh Interval 5 seconds Table 10 4 DoS Defend Parameter Default Setting DoS Defend Disable Table 10 5 802 1X Parameter Default Setti...

Page 677: ...Type MAC Based Dot1X List Authentication Dot1x Method List List Name default Pri1 radius Accounting Dot1x Method List List Name default Pri1 radius Table 10 6 PPPoE ID Insertion Parameter Default Sett...

Page 678: ...nfig Server IP None Timeout 5 seconds Shared Key None Port 49 Server Group There are two default server groups radius and tacacs Method List Authentication Login Method List List name default Pri1 loc...

Page 679: ...Configuration Guide 655 Configuring Network Security Appendix Default Parameters Parameter Defualt Setting http Login List default Enable List default...

Page 680: ...Part 22 Configuring LLDP CHAPTERS 1 LLDP 2 LLDP Configurations 3 LLDP MED Configurations 4 Viewing LLDP Settings 5 Viewing LLDP MED Settings 6 Configuration Example 7 Appendix Default Parameters...

Page 681: ...et Protocol device to access the network VoIP devices can use LLDP MED for auto configuration to minimize the configuration effort 1 2 Supported Features The switch supports LLDP and LLDP MED LLDP all...

Page 682: ...figurations you can 1 Enable the LLDP feature on the switch 2 Optional Configure the LLDP feature globally 3 Optional Configure the LLDP feature for the interface 2 1 Using the GUI 2 1 1 Global Config...

Page 683: ...fter specifying a transmit delay time the local device will wait for a delay time to send LLDP packets when changes occur to avoid frequent LLDP packet forwarding The default is 2 seconds Reinit Delay...

Page 684: ...port will transmit LLDP packets and process the received LLDP packets Rx_Only The port will only process the received LLDP packets but not transmit LLDP packets Tx_Only The port will only transmit LLD...

Page 685: ...t VA Used to advertise the name of the VLAN which the port is in LA Used to advertise whether the link is capable of being aggregated whether the link is currently in an aggregation and the port ID wh...

Page 686: ...ime that the local device waits before sending another LLDP packet to its neighbors The default is 2 seconds notify interval Enter the interval between successive Trap messages that are periodically s...

Page 687: ...guration mode Step 3 lldp receive Optional Set the mode for the port to receive LLDP packets It is enabled by default Step 4 lldp transmit Optional Set the mode for the port to send LLDP packets It is...

Page 688: ...lldp receive Switch config if lldp transmit Switch config if lldp snmp trap Switch config if lldp tlv select all Switch config if show lldp interface gigabitEthernet 1 0 1 LLDP interface config gigabi...

Page 689: ...to load the following page Figure 3 1 LLDP MED Parameters Config Configure the Fast Start Count and view the current device class Click Apply Fast Start Count Specify the number of successive LLDP ME...

Page 690: ...3 2 LLDP MED Port Config Follow these steps to enable LLDP MED 1 Select the desired port and enble LLDP MED Click Apply 2 Click Detail to enter the following page Configure the TLVs included in the ou...

Page 691: ...e Endpoint device in the Location Identification Parameters section Extended Power Via MDI Used to advertise the detailed PoE information including power supply priority and supply status between LLDP...

Page 692: ...ed fast count count Optional Specify the number of successive LLDP MED frames that the local device sends when fast start mechanism is activated When the fast start mechanism is activated the local de...

Page 693: ...management all Optional Configure the LLDP MED TLVs included in the outgoing LLDP packets By default the outgoing LLDP packets include all TLVs If LLDP MED Location TLV is selected configure the para...

Page 694: ...ig lldp Switch config lldp med fast count 4 Switch config interface gigabitEthernet 1 0 1 Switch config if lldp med status Switch config if lldp med tlv select all Switch config if show lldp interface...

Page 695: ...figurations Configuration Guide 671 LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch config end Switch copy...

Page 696: ...Info to load the following page Figure 4 1 Local Info Follow these steps to view the local information 1 In the Auto Refresh section enable the Auto Refresh feature and set the Refresh Rate according...

Page 697: ...Displays the system name of the local device System Description Displays the system description of the local device System Capabilities Supported Displays the supported capabilities of the local syste...

Page 698: ...ys the system name of the neighbor device Chassis ID Displays the Chassis ID of the neighbor device System Description Displays the system description of the neighbor device Neighbor Port Displays the...

Page 699: ...er of the LLDP packets sent via the port Receive Total Displays the total number of the LLDP packets received via the port Discards Displays the total number of the LLDP packets discarded by the port...

Page 700: ...6 Configuring LLDP Viewing LLDP Settings Viewing LLDP Statistics show lldp traffic interface fastEthernet port gigabitEthernet port tengigabitEthernet port View the statistics of the corresponding por...

Page 701: ...se steps to view LLDP MED local information 1 In the Auto Refresh section enable the Auto Refresh feature and set the Refresh Rate according to your needs Click Apply 2 In the LLDP MED Local Info sect...

Page 702: ...Media Policy Layer 2 Priority Displays the Layer 2 priority used in the specific application Media Policy DSCP Displays the DSCP value used in the specific application Viewing the Neighbor Info Figure...

Page 703: ...al Info show lldp local information interface fastEthernet port gigabitEthernet port ten gigabitEthernet port View the LLDP details of a specific port or all the ports on the local device Viewing the...

Page 704: ...ator can view the device information using the NMS Figure 6 1 LLDP Network Topology Gi1 0 1 Gi1 0 2 Switch A Switch B PC 6 1 3 Configuration Scheme LLDP can meet the network requirements Enable the LL...

Page 705: ...g Port Config to load the following page Set the Admin Status of port Gi1 0 1 to Tx Rx enable Notification Mode and configure all the TLVs included in the outgoing LLDP packets Figure 6 3 LLDP Port Co...

Page 706: ...lldp receive Switch_A config if lldp transmit Switch_A config if lldp snmp trap Switch_A config if lldp tlv select all Switch_A config if end Switch_A copy running config startup config Verify the Co...

Page 707: ...Yes Max Frame Size Yes Power Yes LLDP MED Status Disabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes View the Local Info Switch_A sh...

Page 708: ...rt VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port and protocol VLAN supported Yes Port and protocol VLAN enabled No VLAN name of VLAN 1 System VLAN Protocol identity Auto negotiation supported...

Page 709: ...ision 2 0 0 Build 20160905 Rel 74744 s Serial Number Reserved Manufacturer Name TP Link Model Name T2500G 10MPS 2 0 Asset ID unknown View the Neighbor Info Switch_A show lldp neighbor information inte...

Page 710: ...otocol identity Auto negotiation supported Yes Auto negotiation enabled Yes OperMau speed 1000 duplex Full Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Power port c...

Page 711: ...AN while other traffic will be transmitted in the default VLAN Please note that the PVID of the port which the IP phone is connected with cannot be the same as the VLAN ID of the Voice VLAN Refer to C...

Page 712: ...ice VLAN Global Config enable Voice VLAN and set the VLAN ID to 10 Figure 6 6 Configuring Voice VLAN Globally Choose the menu QoS Voice VLAN Port Config set the Voice VLAN mode on Gi1 0 1 and Gi1 0 2...

Page 713: ...ing Voice VLAN Mode on Port 1 0 2 Choose the menu VLAN 802 1Q VLAN VLAN Config to load the following page Add port 1 0 2 to the Voice VLAN Figure 6 9 Adding Port 1 0 2 to the Voice VLAN 3 Choose the L...

Page 714: ...e 6 11 LLDP MED Global Config 5 Choose th menu LLDP LLDP MED Policy Config to load the following page Select port 1 0 1 and enable LLDP MED Figure 6 12 LLDP MED Port Config Click Detail in the Port 1...

Page 715: ...Voice VLAN Switch_A config vlan 10 Switch_A config vlan name Voice_VLAN Switch_A config voice vlan 10 2 Configure the Voice VLAN mode on port Gi1 0 1 as Auto Switch_A config interface gigabitEthernet...

Page 716: ...us 7 Configure the LLDP MED TLVs included in the outgoing LLDP packets Switch_A config if lldp med tlv select all 8 Configure the detailed address of the IP phone Switch_A config if lldp med location...

Page 717: ...N ID Yes VLAN Name Yes Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inv...

Page 718: ...192 168 0 226 Management address interface type IfIndex Management address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port and protocol VLAN support...

Page 719: ...s LCI What Switch Country Code CN Language chinese Province State Guangdong County Parish District China City Township Shenzhen Street Keyuan Road Name South Building No 5 Postal Zip Code 518057 Hardw...

Page 720: ...ult System capabilities supported Bridge Telephone System capabilities enabled Bridge Telephone Management address type ipv4 Management address 192 168 1 117 Management address interface type UnKnown...

Page 721: ...Application type Voice Unknown policy No Tagged No VLAN ID 4095 Layer 2 Priority 5 DSCP 46 Application type Voice Signaling Unknown policy No Tagged No VLAN ID 4095 Layer 2 Priority 4 DSCP 32 Power Ty...

Page 722: ...LDP Disable Transmit Interval 30 seconds Hold Multiplier 4 Transmit Delay 2 seconds Reinit Delay 2 seconds Notification Interval 5 seconds Fast Start Times 3 Table 7 2 Default LLDP Settings on the Por...

Page 723: ...ntenance CHAPTERS 1 Maintenance 2 Monitoring the System 3 System Log Configurations 4 Diagnosing the Device 5 Diagnosing the Network 6 DLDP Configuration 7 Configuration Example for Remote Log 8 Appen...

Page 724: ...se function includes Ping test and Tracert test With them you can test the connectivity between the switch and one node of the network or the connectivity of the gateways on the path from the source t...

Page 725: ...d memory utilizations should be always under 80 and excessive use may result in switch malfunctions For example the switch fails to respond to management requests In similar situations you can monitor...

Page 726: ...itor and display its CPU utilization rate every four seconds 2 1 2 Monitoring the Memory Choose the menu Maintenance System Monitor Memory Monitor to load the following page Figure 2 2 Monitoing the M...

Page 727: ...es The following example shows how to monitor the CPU Switch show cpu utilization Unit CPU Utilization No Five Seconds One Minute Five Minutes 1 13 13 13 2 2 2 Monitoring the Memory On privileged EXEC...

Page 728: ...ions affect the functionality of the switch Alerts 1 Actions must be taken immediately The memory utilization reaches the limit Critical 2 Cause analysis or actions must be taken immediately The memor...

Page 729: ...Log Table page It will be lost when the switch is restarted Log File indicates the flash sector for saving system log The information in the log file will not be lost after the switch is restarted and...

Page 730: ...nd severity Host IP Specify an IP address for the log host UDP Port Displays the UDP port that receives and sends the log information And the switch uses the standard port 514 Severity Specify the sev...

Page 731: ...the exact time when the log event occurs you need to configure the system time on the System System Info System Time Web management page Module Select a module from the drop down list to display the...

Page 732: ...he frequency ranging from 1 to 48 hours By default the synchronization process takes place every 24 hours immediate The system log file in the buffer will be synchronized to the flash immediately This...

Page 733: ...y monitor the settings and operation status of other devices through the log host idx Enter the index of the log host The switch supports 4 log hosts at most host ip Specify the IP address for the log...

Page 734: ...its IP address as 192 168 0 148 and allow logs of levels 0 to 5 to be sent to the host Switch configure Switch config logging host index 2 192 168 0 148 5 Switch config show logging loghost Index Host...

Page 735: ...iagnose Cable Test to load the following page Figure 4 1 Diagnosing the Device 1 In the Port section select your desired port for the test 2 In the Result section click Apply and check the test result...

Page 736: ...atus is short close or crosstalk here displays the length from the port to the trouble spot The value makes sense only when the cable is longer than 30m 4 2 Using the CLI On privileged EXEC mode or an...

Page 737: ...the Ping Test Choose the menu Maintenance Network Diagnose Ping to load the following page Figure 5 1 Configuring the Ping Test Follow these steps to test the connectivity between the switch and anoth...

Page 738: ...milliseconds 2 In the Ping Result section check the test results 5 1 2 Configuring the Tracert Test Choose the menu Maintenance Network Diagnose Tracert to load the following page Figure 5 2 Configuri...

Page 739: ...testing The values are from 1 to 10 times the default is 4 times l count Specify the size of the sending data for ping testing The values are from 1 to 1500 bytes the default is 64 bytes i count Spec...

Page 740: ...ipv6 The type of the IP address for tracert test should be IPv6 ip_addr Enter the IP address of the destination device If the parameter ip ipv6 is not selected both IPv4 and IPv6 addresses are support...

Page 741: ...the following page Figure 6 1 DLDP Config Follow these steps to configure DLDP 1 In the Global Config section enable DLDP and configure the relevant parameters Click Apply DLDP State Enable or disable...

Page 742: ...ormation in the table DLDP State Enable or disable DLDP on the port Protocol State Displays the DLDP protocol state Initial DLDP is disabled Inactive DLDP is enabled but the link is down Active DLDP i...

Page 743: ...a unidirectional link is detected It is the default setting manual The switch displays an alert when a unidirectional link is detected Then the users can manually shut down the unidirectional link po...

Page 744: ...to Switch config end Switch copy running config startup config The following example shows how to enable DLDP on port 1 0 1 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config...

Page 745: ...receive system logs from monitored devices Make sure the switch and the PC are reachable to each other configure a log server that complies with the syslog standard on the PC and set the PC as the log...

Page 746: ...ure the remote log host Switch configure Switch config logging host index 1 1 1 0 1 5 Switch config end Switch copy running config startup config Verify the Configurations Switch show logging loghost...

Page 747: ...File Disabled Severity of Log File Level_3 Sync Periodic of Log File 24 hours Table 8 2 Default Settings of Remote Log Parameter Default Setting Host IP 0 0 0 0 UDP Port 514 Severity Level_6 Status Di...

Page 748: ...Configuring Maintenance Appendix Default Parameters Parameter Default Setting DLDP State Disable Adver Interval 5 seconds Shut Mode Auto Web Refresh State Disable Web Refresh Interval 5 seconds Port C...

Page 749: ...Part 24 Configuring SNMP RMON CHAPTERS 1 SNMP Overview 2 SNMP Configurations 3 Notification Configurations 4 RMON Overview 5 RMON Configurations 6 Configuration Example 7 Appendix Default Parameters...

Page 750: ...uthentication and Privacy Based on Community Name Based on Community Name Supported authentication and privacy modes are as follows Authentication MD5 SHA Privacy DES Trap Supported Supported Supporte...

Page 751: ...reate an SNMP group and specify the access rights 4 Create SNMP users and configure the authentication mode privacy mode and corresponding passwords Choose SNMPv1 or SNMPv2c 1 Enable SNMP 2 Create an...

Page 752: ...meric string used to identify the SNMP engine on the switch 3 In the Remote Engine section configure the remote engine ID Click Apply Remote Engine ID Set the ID of the remote SNMP manager with 10 to...

Page 753: ...s A complete view consists of all MIB objects that have the same view name MIB Object ID Enter a MIB Object ID to specify a specific function of the device For specific ID rules refer to the device re...

Page 754: ...e group is SNMPv1 In this mode community name match is used for authentication You can configure the community name on the SNMP community page v2c The security model of the group is SNMPv2 In this mod...

Page 755: ...hese steps to create an SNMP user 1 Specify the user name user type and the group which the user belongs to Set the security model according to the related parameters of the specified group If you cho...

Page 756: ...rivacy mode are applied to check and encrypt packets 2 If you have chosen authNoPriv or authPriv as the security level you need to set corresponding Auth Mode or Privacy Mode If not skip the step Auth...

Page 757: ...MPv1 and SNMPv2c the community name match is used for authentication Access Specify the access right to the related view The default is read only read only The NMS can view but not modify parameters o...

Page 758: ...eceives inform messages from Switch Note that the switch will automatically generate a local engine ID if the ID is not set or is deleted Step 4 show snmp server Displays the global settings of SNMP S...

Page 759: ...e view to determine objects to be managed Step 1 configure Enter global configuration mode Step 2 snmp server view name mib oid include exclude Configure the view name Enter a view name with 1 to 16 c...

Page 760: ...ig show snmp server view No View Name Type MOID 1 viewDefault include 1 2 viewDefault exclude 1 3 6 1 6 3 15 3 viewDefault exclude 1 3 6 1 6 3 16 4 viewDefault exclude 1 3 6 1 6 3 18 5 View include 1...

Page 761: ...evel cannot be configured read view Set the view as read only And then the NMS can view parameters of the specified view write view Set the view as write only And then the NMS can modify parameters of...

Page 762: ...noAuthNoPriv Please note that if you have chosen v1 or v2c as the security mode security level cannot be configured none MD5 SHA Choose an authentication algorithm which is only for the user of SNMPv3...

Page 763: ...ssword Step 1 configure Enter global configuration mode Step 2 snmp server community name read only read write mib view Configure the community name Enter a group name with 1 to 16 characters read onl...

Page 764: ...ON SNMP Configurations Switch config snmp server community nms monitor read write View Switch config show snmp server community Index Name Type MIB View 1 nms monitor read write View Switch config end...

Page 765: ...abling the SNMP Extend Trap Optional Enabling the DDM Trap and Optional Enabling the Link status Trap 3 1 Using the GUI Choose the menu SNMP Notification Notification Config to load the following page...

Page 766: ...o check and encrypt packets 3 Choose a notification type based on the SNMP version If you choose the Inform type you need to set retry times and timeout interval Type Choose a notification type for th...

Page 767: ...zation and no encryption authNoPriv authorization and no encryption authPriv authorization and encryption The defaut is noAuthNoPriv Please note that if you have chosen v1 or v2c as the security mode...

Page 768: ...2 snmp server traps snmp linkup linkdown warmstart coldstart auth failure Configure parameters of basic traps supported on the switch linkup When a port status changes from linkdown to linkup the swit...

Page 769: ...pply port pwr change Enable PoE port power change trap The trap can be triggered when a PoE port starts to supply power or stops supplying power port pwr deny Enable PoE port power deny trap When the...

Page 770: ...her the flash is modified And the trap is disabled by default The trap can be triggered when the flash is modified by saving configurations factory resetting upgrading and importing configurations lld...

Page 771: ...tch temperature Enable DDM Temperature trap It is sent when the DDM temperature value exceeds the alarm threshold or warning threshold voltage Enable DDM Voltage trap It is sent when the DDM voltage v...

Page 772: ...s on the specified ports port port list The number or the list of the Ethernet ports that you desire to configure notification traps Step 3 snmp server traps link status Enable SNMP extended linkup an...

Page 773: ...ork device The NMS is usually a host that runs the management software to manage Agents of network devices And the Agent is usually a switch or router that collects traffic statistics such as total pa...

Page 774: ...ory group Configuring the event group Configuring the alarm group Configuration Guidelines To ensure that the NMS receives notifications normally please complete configurations of SNMP and SNMP Notifi...

Page 775: ...Set the entry as valid or underCreation By default it is valid Valid The entry is created and valid underCreation The entry is created but invalid 5 1 2 Configuring History Choose the menu SNMP RMON H...

Page 776: ...set the status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters By default it is monitor Status Enable or disable the entry By default it is disabled Enable Th...

Page 777: ...status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters By default it is monitor Status Enable or disable the entry By default it is disabled Enable The entry...

Page 778: ...t the sample type the rising and falling threshold the corresponding event action and the alarm type of the entry Sample Type Set the sampling method of the specified variable the default is absolute...

Page 779: ...ing the CLI 5 2 1 Configuring Statistics Step 1 configure Enter global configuration mode Step 2 rmon statistics index interface gigabitEthernet port ten gigabitEthernet port owner owner name status u...

Page 780: ...fig end Switch copy running config startup config 5 2 2 Configuring History Step 1 configure Enter global configuration mode Step 2 rmon history index interface fastEthernet port gigabitEthernet port...

Page 781: ...settings in the configuration file The following example shows how to create a history entry on the switch to monitor port 1 0 1 Set the sample interval as 100 seconds max buckets as 50 and the owner...

Page 782: ...notifications to the NMS and log notify indicates the switch records the event and sends notifications to the NMS owner name Enter the owner name of the entry with 1 to 16 characters The default name...

Page 783: ...ns occur collision means the collision times in the network segment 64 65 127 128 255 256 511 512 1023 1024 10240 means total packets of the specified size absolute delta Choose the sampling mode The...

Page 784: ...e type as Absolute the rising threshold as 3000 the related rising event entry index as 1 the falling threshold as 2000 the related falling event index as 2 the alarm type as all the notification inte...

Page 785: ...number of packets transmitted and received is below the threshold 6 2 Configuration Scheme 1 Set a limit on the rate of the specified ports and then enable SNMP on Switch A Configure SNMP and Notifica...

Page 786: ...to reach one another Figure 6 1 Network Topology Gi1 0 1 NMS Switch B Switch A IP 172 168 1 222 Gi1 0 2 Gi1 0 3 Demonstrated with T2500G 10MPS this chapter provides configuration procedures in two way...

Page 787: ...SNMP view as View set MIB Object ID as 1 which means all functions and set the view type as Include Click Create Figure 6 3 SNMP View Configuration 3 Choose SNMP SNMP Config SNMP Group to load the fo...

Page 788: ...g 5 Choose SNMP Notification Notification Config to load the following page Specify the IP address of the NMS host and the port of the host for transmitting notifications Set the User Security Model a...

Page 789: ...and bind them to ports 1 0 1 and 1 0 2 respectively Set the owner of the entries as monitor and the status as valid Figure 6 7 Configuring Entry 1 Figure 6 8 Configuring Entry 2 2 Choose the menu SNMP...

Page 790: ...s falling log owner as monitor and status as Enable Figure 6 10 Event Configuration 4 Choose SNMP RMON Alarm to load the following page Configure entries 1 and 2 For entry 1 set the alarm variable as...

Page 791: ...Create a view with the name View set the MIB Object ID as 1 which represents all functions and the view type as Include Switch config snmp server view View 1 include 3 Create a group of SNMPv3 with t...

Page 792: ...0 1 interval 100 owner monitor buckets 50 Switch config rmon history 2 interface gigabitEthernet 1 0 2 interval 100 owner monitor buckets 50 3 Create two event entries named admin which is the SNMP us...

Page 793: ...er SNMP agent is enabled 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Num...

Page 794: ...Switch config show snmp server group No Name Sec Mode Sec Lev Read View Write View Notify View 1 nms monitor v3 authPriv View View Verify SNMP user configurations Switch config show snmp server user...

Page 795: ...able 2 Gi1 0 2 100 50 monitor Enable Verify RMON event configurations Switch config show rmon event Index User Description Type Owner State 1 admin rising notify Notify monitor Enable 2 admin falling...

Page 796: ...uration Guide 772 Configuring SNMP RMON Configuration Example Statistics index 2 Alarm variable BPkt Sample Type Absolute RHold REvent 3000 1 FHold FEvent 2000 2 Alarm startup All Interval 10 Owner mo...

Page 797: ...Table 7 2 Default SNMP View Settings Parameter Default Setting View Name None MIB Object ID None View Type Include Table 7 3 Default SNMP View Table Settings View Name View Type MIB Object ID viewDefa...

Page 798: ...Privacy Password None Table 7 6 Default Community Settings Parameter Default Setting Community Name None Access read only MIB View viewDefault Default settings of Notification are listed in the follow...

Page 799: ...0 1 Interval 1800 seconds Max Buckets 50 Owner monitor Status Disable Table 7 10 Default Settings for Event Entries Parameter Default Setting User public Description None Type None Owner monitor Statu...

Page 800: ...Configuration Guide 776 Configuring SNMP RMON Appendix Default Parameters Parameter Default Setting Status Disable...

Page 801: ...com This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection aga...

Page 802: ...is device complies with Industry Canada license exempt RSSs Operation is subject to the following two conditions 1 This device may not cause interference and 2 This device must accept any interference...

Page 803: ...BSMI Notice Pb Cd Hg CrVI PBB PBDE PCB 1 2...

Page 804: ...use of the device Please use this product with care and operate at your own risk A VCCI A Explanation of the symbols on the product label Symbol Explanation AC voltage Indoor use only RECYCLING This p...

Reviews:

No comments

Brands by name

Popular brands

Load more brands