manualshive.com logo in svg

TP-Link TL-SG2424, Configuration Manual

The TP-Link TL-SG2424 is a powerful managed switch ideal for small to medium businesses. Easily configure and optimize your network with the free Configuration Manual available for download from our website. This manual provides step-by-step instructions to help you get the most out of your device.

Share
Download
background image

Configuration Guide     616

Configuring Network Security

Configuration Examples

Verify the configurations of 802.1X authentication on the port:

Switch_A#show dot1x interface

Port            State         GuestVLAN    PortControl    PortMethod     Authorized     LAG

----               -----          ---------            -----------         ----------             ----------          ---

Gi1/0/1      enabled   disabled          auto                   mac-based        authorized      N/A

Gi1/0/2      disabled  disabled          auto                   mac-based        authorized      N/A

Gi1/0/3      disabled  disabled          auto                   mac-based        authorized      N/A

......

Verify the configurations of RADIUS :

Switch_A#show aaa global

 AAA global status:           Enable

 Module             Login List          Enable List

 Telnet             default             default

 Ssh                default             default

 Http               default             default

Switch_A#show aaa authentication dot1x

Methodlist      pri1            pri2            pri3            pri4

default             radius1       --                 --                  -- 

Switch_A#show aaa group radius1

192.168.0.10

8.3  Example for AAA

8.3.1  Network Requirements

As shown below, the switch needs to be managed remotely via Telnet. In addition, the 
senior administrator of the company wants to create an account for the less senior 
administrators, who can only view the configurations and some network information 
without the Enable password provided.

Two RADIUS servers are deployed in the network to provide a safer authenticate method 
for the administrators trying to log in or get administrative privileges. If RADIUS Server 1 

Summary of Contents for TL-SG2424

Page 1: ...Configuration Guide T1600G Series Switches T1600G 18TS T1600G 28TS TL SG2424 T1600G 52TS TL SG2452 T1600G 28PS TL SG2424P T1600G 52PS TL SG2452P 1910012255 REV2 1 1 Sept 2017...

Page 2: ...with console port 11 Telnet Login 13 SSH Login 14 Disable Telnet login 18 Disable SSH login 19 Copy running config startup config 19 Change the Switch s IP Address and Default Gateway 20 Managing Syst...

Page 3: ...Configuring the Reboot Schedule 48 Reseting the Switch 49 Using the CLI 49 Configuring the Boot File 49 Restoring the Configuration of the Switch 50 Backing up the Configuration File 51 Upgrading the...

Page 4: ...the GUI 82 Using the CLI 84 Port Security Configuration 86 Using the GUI 86 Using the CLI 87 Port Isolation Configurations 90 Using the GUI 90 Using the CLI 91 Loopback Detection Configuration 93 Usi...

Page 5: ...nfiguring Load balancing Algorithm 113 Configuring Static LAG or LACP 114 Configuration Example 118 Network Requirements 118 Configuration Scheme 118 Using the GUI 119 Using the CLI 120 Appendix Defau...

Page 6: ...C Addresses in VLANs 143 Using the CLI 144 Configuring MAC Notification Traps 144 Limiting the Number of MAC Addresses in VLANs 145 Example for Security Configurations 147 Network Requirements 147 Con...

Page 7: ...VLAN for the Port 170 Configuration Example 172 Network Requirements 172 Configuration Scheme 172 Using the GUI 173 Using the CLI 176 Appendix Default Parameters 179 Configuring Protocol VLAN Overvie...

Page 8: ...l STP RSTP Parameters 215 Enabling STP RSTP Globally 216 MSTP Configurations 218 Using the GUI 218 Configuring Parameters on Ports in CIST 218 Configuring the MSTP Region 220 Configuring MSTP Globally...

Page 9: ...IGMP Snooping Status 270 Configuring the Port s Basic IGMP Snooping Features 271 Enabling IGMP Snooping on the Port 271 Optional Configuring Fast Leave 271 Configuring IGMP Snooping in the VLAN 272 Co...

Page 10: ...arameters Globally 285 Configuring Report Message Suppression 285 Configuring Unknown Multicast 286 Configuring IGMP Snooping Parameters on the Port 287 Configuring Router Port Time and Member Port Ti...

Page 11: ...nooping Features 309 Enabling MLD Snooping on the Port 309 Optional Configuring Fast Leave 309 Configuring MLD Snooping in the VLAN 310 Configuring MLD Snooping Globally in the VLAN 310 Optional Confi...

Page 12: ...ing Last Listener Query 327 Configuring MLD Snooping Parameters in the VLAN 328 Configuring Router Port Time and Member Port Time 328 Configuring Static Router Port 329 Configuring Forbidden Router Po...

Page 13: ...for Configuring Unknown Multicast and Fast Leave 357 Network Requirement 357 Configuration Scheme 358 Using the GUI 358 Using the CLI 361 Example for Configuring Multicast Filtering 362 Network Requi...

Page 14: ...Routing Configuration 394 Using the GUI 394 Using the CLI 395 Viewing Routing Table 397 Using the GUI 397 Viewing IPv4 Routing Table 397 Viewing IPv6 Routing Table 398 Using the CLI 398 Viewing IPv4...

Page 15: ...eme 421 Using the GUI 422 Using the CLI 423 Appendix Default Parameters 425 Configuring ARP Overview 427 ARP Configurations 428 Using the GUI 428 Viewing the ARP Entries 428 Adding Static ARP Entries...

Page 16: ...464 Using the GUI 465 Configuring OUI Addresses 465 Configuring Voice VLAN Globally 466 Configuring Voice VLAN Mode on Ports 467 Using the CLI 468 Configuration Example 471 Network Requirements 471 Co...

Page 17: ...r PoE Configurations 504 Network Requirements 504 Configuring Scheme 504 Using the GUI 504 Using the CLI 506 Appendix Default Parameters 508 Configuring ACL ACL 510 Overview 510 Supported Features 510...

Page 18: ...52 Using the GUI 552 Enabling DHCP Snooping on VLAN 552 Configuring DHCP Snooping on Ports 553 Optional Configuring Option 82 554 Using the CLI 555 Enabling DHCP Snooping on VLAN 555 Configuring DHCP...

Page 19: ...figuring Login Account and Enable Password 591 Using the CLI 592 Globally Enabling AAA 592 Adding Servers 593 Configuring Server Groups 596 Configuring the Method List 597 Configuring the AAA Applicat...

Page 20: ...DP MED Configurations 637 Using the GUI 637 Global Config 637 Port Config 638 Using the CLI 640 Global Config 640 Port Config 641 Viewing LLDP Settings 644 Using GUI 644 Viewing LLDP Device Info 644 V...

Page 21: ...mory 675 Using the CLI 676 Monitoring the CPU 676 Monitoring the Memory 676 System Log Configurations 677 Using the GUI 678 Configuring the Local Log 678 Configuring the Remote Log 679 Backing up the...

Page 22: ...Group 697 Creating SNMP Users 699 Creating SNMP Communities 700 Using the CLI 701 Enabling SNMP 701 Creating an SNMP View 703 Creating an SNMP Group 704 Creating SNMP Users 706 Creating SNMP Communit...

Page 23: ...ory 725 Configuring Event 726 Configuring Alarm 728 Configuration Example 730 Network Requirements 730 Configuration Scheme 730 Network Topology 731 Using the GUI 731 Using the CLI 736 Appendix Defaul...

Page 24: ...r demonstration only The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all stat...

Page 25: ...s command can be used on three occasions bandwidth ingress ingress rate is used to restrict ingress bandwidth bandwidth egress egress rate is used to restrict egress bandwidth bandwidth ingress ingres...

Page 26: ...Part 1 Accessing the Switch CHAPTERS 1 Overview 2 Web Interface Access 3 Command Line Interface Access...

Page 27: ...nterface also called web interface in this text or using the CLI Command Line Interface There are equivalent functions in the web interface and the command line interface while web configuration is ea...

Page 28: ...and the switch is available 2 Launch a web browser The supported web browsers include but are not limited to the following types IE 8 0 9 0 10 0 11 0 Firefox 26 0 27 0 Chrome 32 0 33 0 3 Enter the swi...

Page 29: ...start up configuration file After you perform configurations on the sub interfaces and click Apply the modifications will be saved in the running configuration file The configurations will be lost wh...

Page 30: ...de 7 Figure 2 4 Save Config 2 3 Disable the Web Server You can shut down the HTTP server or HTTPS server to block any access to the web interface Go to System Access Security HTTP Config disable the H...

Page 31: ...ress of the VLAN which the access port belongs to Change the IP Address By default all the ports belong to VLAN 1 with the VLAN interface IP 192 168 0 1 The following example shows how to change the s...

Page 32: ...xample shows how to configure the switch s gateway By default the switch has no default gateway 1 Go to page Routing Static Routing IPv4 Static Routing Config Configure the parameters related to the s...

Page 33: ...e Access Distance Specify the distance as 1 2 Click Save Config to save the settings 3 Check the routing table to verify the default gateway you configured The entry marked in red box displays the val...

Page 34: ...s Table 3 1 Method list Method Using Port Typical Applications Console Console port connected directly Hyper Terminal Telnet RJ 45 port CMD SSH RJ 45 port Putty 3 1 Console Login only for switch with...

Page 35: ...LI Main Window 4 Enter enable to enter the User EXEC Mode to further configure the switch Figure 3 2 User EXEC Mode Note In Windows XP go to Start All Programs Accessories Communications Hyper Termina...

Page 36: ...are in the same LAN Local Area Network Click Start and type in cmd in the Search bar and press Enter Figure 3 3 Open the cmd Window 2 Type in telnet 192 168 0 1 in the cmd window and press Enter Figu...

Page 37: ...are required which are both admin by default Key Authentication Mode Recommended A public key for the switch and a private key for the client software PuTTY are required You can generate the public k...

Page 38: ...d you can continue to configure the switch Figure 3 9 Log In to the Switch Key Authentication Mode 1 Open the PuTTY Key Generator In the Parameters section select the key type and enter the key length...

Page 39: ...ould be between 512 and 3072 bits You can accelerate the key generation process by moving the mouse quickly and randomly in the Key section 2 After the keys are successfully generated click Save publi...

Page 40: ...bove CLI v1 corresponds to SSH 1 RSA and v2 corresponds to SSH 2 RSA and SSH 2 DSA The key downloading process cannot be interrupted 4 After the public key is downloaded open PuTTY and go to the Sessi...

Page 41: ...g in If you can log in without entering the password the key authentication completed successfully Figure 3 15 Log In to the Switch 3 4 Disable Telnet login You can shut down the Telnet function to bl...

Page 42: ...Switch config no ip ssh server 3 6 Copy running config startup config The switch s configuration files fall into two types the running configuration file and the start up configuration file After you...

Page 43: ...replace the switch s default access IP address 192 168 0 1 24 with 192 168 0 10 24 Switch configure Switch config interface vlan 1 Switch config if ip address 192 168 0 10 255 255 255 0 The connectio...

Page 44: ...ing System CHAPTERS 1 System 2 System Info Configurations 3 User Management Configurations 4 System Tools Configurations 5 Access Security Configurations 6 SDM Template Configuration 7 Appendix Defaul...

Page 45: ...figuration file of the switch With these tools you can configure the boot file of the switch backup and restore the configurations of the switch update the firmware reset the switch and reboot the swi...

Page 46: ...e function with SSH is similar to a telnet connection but SSH can provide information security and powerful authentication SDM Template The switch SDM Switch Database Management templates prioritize s...

Page 47: ...Viewing the System Summary Choose the menu System System Info System Summary to load the following page Figure 2 1 Viewing the System Summary Port Status Indication Indicates that the corresponding 10...

Page 48: ...ion Port Displays the port number of the switch Type Displays the type of the port Speed Displays the maximum transmission rate of the port Status Displays the connection status of the port Click a po...

Page 49: ...1 In the Device Description section specify the following information Device Name Enter the name of the switch Device Location Enter the location of the switch System Contact Enter the contact inform...

Page 50: ...he time of the system Get Time from NTP Server Set the system time by getting time from NTP server Make sure the NTP server is accessible on your network If the NTP server is on the Internet connect t...

Page 51: ...efined Mode If you select Predefined Mode choose a predefined DST schedule for the switch USA Select the Daylight Saving Time of the USA It is from 2 00 a m on the Second Sunday in March to 2 00 a m o...

Page 52: ...rval between start time and end time should be more than 1 day and less than 1 year 365 days End Time Specify the end time of Daylight Saving Time The interval between start time and end time should b...

Page 53: ...l Number Running Time 2 day 4 hour 55 min 36 sec 2 2 2 Specifying the Device Description Follow these steps to specify the device description Step 1 configure Enter global configuration mode Step 2 ho...

Page 54: ...evice name as Switch_A set the location as BEIJING and set the contact information as http www tp link com Switch configure Switch config hostname Switch_A Switch config location BEIJING Switch config...

Page 55: ...e valid value of the year ranges from 2000 to 2037 Use the following command to set the system time by getting time from the NTP server system time ntp timezone ntp server backup ntp server fetching r...

Page 56: ...Athens Bucharest Amman Beirut Jerusalem UTC 03 00 TimeZone for Kuwait Riyadh Baghdad UTC 03 30 TimeZone for Tehran UTC 04 00 TimeZone for Moscow St Petersburg Volgograd Tbilisi Port Louis UTC 04 30 T...

Page 57: ...how to set the system time by Get Time from NTP Server and set the time zone as UTC 08 00 set the NTP server as 133 100 9 2 set the backup NTP server as 139 78 100 163 and set the update rate as 11 S...

Page 58: ...week of Daylight Saving Time There are 5 values showing as follows first second third fourth last sday Enter the start day of Daylight Saving Time There are 7 values showing as follows Sun Mon Tue We...

Page 59: ...Saving Time in the format of HH MM eyear Enter the end year of Daylight Saving Time offset Enter the offset of Daylight Saving Time The default value is 60 Step 3 show system time dst Verify the DST i...

Page 60: ...1 Creating Admin Accounts Choose the menu System User Management User Config to load the following page Figure 3 1 Create Admin Accounts Follow these steps to create an Admin account 1 In the User In...

Page 61: ...symbols You can use digits English letters case sensitive underscore and sixteen special characters Confirm Password Retype the password 2 Click Create 3 1 2 Creating Accounts of Other Types You can c...

Page 62: ...ght to edit or modify Password Type a password for users login It is a string from 1 to 31 alphanumeric characters or symbols You can use digits English letters case sensitive underscore and sixteen s...

Page 63: ...nfiguration file symmetric encrypted encrypted password Enter a symmetric encrypted password with fixed length which you can copy from another switch s configuration file After the encrypted password...

Page 64: ...Save the settings in the configuration file 3 2 2 Creating Accounts of Other Types You can create accounts with the access level of Operator Power user and User here You also need to go to the AAA se...

Page 65: ...iguration file After the encrypted password is configured you should use the corresponding unencrypted password to reenter this mode Use the following command to create an account MD5 encrypted user n...

Page 66: ...ed enable admin secret 0 password 5 encrypted password Create an Enable Password It can change the users access level to Admin By default it is empty 0 Specify the encryption type 0 indicates that the...

Page 67: ...set the password as 123 Enable AAA function and set the enable password as abc123 Switch configure Switch config user name user1 privilege operator password 123 Switch config aaa enable Switch config...

Page 68: ...the configuration file Upgrade the firmware Reboot the switch Configure the reboot schedule Reset the switch 4 1 Using the GUI 4 1 1 Configuring the Boot File Choose the menu System System Tools Boot...

Page 69: ...rtup and backup image should not be the same 2 Click Apply 4 1 2 Restoring the Configuration of the Switch Choose the menu System System Tools Config Restore to load the following page Figure 4 2 Rest...

Page 70: ...grading the Firmware Choose the menu System System Tools Firmware Upgrade to load the following page Figure 4 4 Upgrading the Firmware In the Firmware Upgrade section select one file and click Upgrade...

Page 71: ...System Reboot section select the desired unit and click Reboot Target Unit Select the desired unit to reboot By default it is ALL Unit Save Config Select this option to save the configuration before...

Page 72: ...o reboot in the format of DD MM YYYY The date should be within 30 days Save Before Reboot Select to save the switch s configurations before it reboots 4 1 7 Reseting the Switch Choose the menu System...

Page 73: ...startup image as image 1 and set the backup image as image 2 Switch configure Switch config boot application filename image1 startup Switch config boot application filename image2 backup Switch config...

Page 74: ...Configuration File Follow these steps to back up the current configuration of the switch in a file Step 1 enable Enter privileged mode Step 2 copy startup config tftp ip address ip addr filename name...

Page 75: ...ue then enter Y to reboot The following example shows how to upgrade the firmware using the configuration file named file3 bin The TFTP server is 190 168 0 100 Switch enable Switch firmware upgrade ip...

Page 76: ...e format of DD MM YYYY The date should be within 30 days save_before_reboot Save the configuration file before the switch reboots If no date is specified the switch reboots according to the time you h...

Page 77: ...em Tools Configurations 4 2 7 Reseting the Switch Follow these steps to reset the switch Step 1 enable Enter privileged mode Step 2 reset Reset the switch Note After the system is reset configurations...

Page 78: ...Security Access Control to load the following page Figure 5 1 Configuring the Access Control 1 In the Access Control section select one control mode and specify the parameters Control Mode Select the...

Page 79: ...Address Mask If you select IP based mode enter the IP address and mask to specify an IP range Only the users within this IP range can access the switch MAC Address If you select MAC based mode specify...

Page 80: ...e Session Timeout and click Apply Session Timeout The system will log out automatically if users do nothing within the Session Timeout time 3 In the Access User Number section select Enable and specif...

Page 81: ...to load the following page Table 5 1 Configuring the HTTPS Function 1 In the Global Config section select Enable to enable HTTPS function and select the protocol the switch supports Click Apply HTTPS...

Page 82: ...e digest RSA_ WITH_3DES_ EDE_CBC_SHA Key exchange with 3DES and DES EDE3 CBC for message encryption and SHA for message digest 3 In the Session Config section specify the Session Timeout and click App...

Page 83: ...5 3 Configuring the SSH Feature 1 In the Global Config section select Enable to enable SSH function and specify other parameters SSH Select Enable to enable the SSH function SSH is a protocol working...

Page 84: ...orresponding type is used for both key generation and authentication Key File Select the desired public key to download to the switch The key length of the downloaded file ranges of 512 to 3072 bits N...

Page 85: ...to control the users access by limiting the ports connected to the users user access control port based interface fastEthernet port list gigabitEthernet port list ten gigabitEthernet port list snmp t...

Page 86: ...n num guest num Specify the maximum number of users that are allowed to connect to the HTTP server The total number of users should be no more than 16 For T1600G 18TS the number of Operator Power User...

Page 87: ...switch supports SSLv3 and TLSv1 ssl3 Enable the SSL version 3 protocol SSL is a transport protocol It can provide server authentication encryption and message integrity to allow secure HTTP connection...

Page 88: ...the SSL certificate which ranges from 1 to 25 characters The certificate must be BASE64 encoded The SSL certificate and key downloaded must match each other ip addr Specify the IP address of the TFTP...

Page 89: ...key OK Switch config show ip http secure server HTTPS Status Enabled SSL Protocol Level s ssl3 tls1 SSL CipherSuite 3des ede cbc sha HTTPS Session Timeout 15 HTTPS User Limitation Enabled HTTPS Max A...

Page 90: ...y the data integrity algorithm you want the switch supports Step 7 ip ssh download v1 v2 key file ip address ip addr Select the type of the key file and download the desired file to the switch from TF...

Page 91: ...download v2 publickey ip address 192 168 0 100 Start to download SSH key file Download SSH key file OK Switch config show ip ssh Global Config SSH Server Enabled Protocol V1 Enabled Protocol V2 Enabl...

Page 92: ...5 2 5 Enabling the Telnet Function Follow these steps enable the Telnet function Step 1 configure Enter global configuration mode Step 2 telnet enable Enable the telnet function By default it is enabl...

Page 93: ...SDM Template Function In Select Options section select one template and click Apply The setting will be effective after the reboot Current Template ID Displays the template currently in effect Next Te...

Page 94: ...al configuration mode Step 2 show sdm prefer used default enterpriseV4 enterpriseV6 View the template table to select the desired template used Displays the resource allocation of the current template...

Page 95: ...prefer enterpriseV4 enterpriseV4 template number of IP ACL Rules 120 number of MAC ACL Rules 84 number of Combined ACL Rules 0 number of IPV6 ACL Rules 0 number of IPV6 Source Guard Entries 0 number...

Page 96: ...ter Default Setting Time Source Manual System Time 2006 01 01 08 01 56 Sunday Table 7 3 Default Settings of Daylight Saving Time Configuration Parameter Default Setting DST status Disabled Default set...

Page 97: ...ble 7 8 Default Settings of HTTPS Configuration Parameter Default Setting HTTPS Enabled SSL Version 3 Enabled TLS Version 1 Enabled RSA_WITH_RC4_128_MD5 Enabled RSA_WITH_RC4_128_SHA Enabled RSA_WITH_D...

Page 98: ...Key Type SSH 2 RSA DSA Table 7 10 Default Settings of Telnet Configuration Parameter Default Setting Control Mode Enabled Default settings of SDM Template are listed in the following table Table 7 11...

Page 99: ...Interfaces CHAPTERS 1 Physical Interface 2 Basic Parameters Configurations 3 Port Mirror Configuration 4 Port Security Configuration 5 Port Isolation Configurations 6 Loopback Detection Configuration...

Page 100: ...ode duplex mode flow control and other basic parameters for ports Port Mirror This function allows the switch to forward packet copies of the monitored ports to a specific monitoring port Then you can...

Page 101: ...MTU Maximum Transmission Unit size for frames globally as needed The valid values are from 1518 to 9216 bytes and the default is 1518 bytes For other T1600G series switches you can enable or disable...

Page 102: ...device The default setting is Auto Flow Control With this option enabled the switch synchronizes the data transmission speed with the peer device thus avoiding the packet loss caused by congestion By...

Page 103: ...ice connected to the port should be in the same speed and duplex mode with the port When auto is selected the duplex mode will be determined by auto negotiation flow control Enable the switch to synch...

Page 104: ...fig if description router connection Switch config if speed auto Switch config if duplex auto Switch config if flow control Switch config if jumbo Switch config if show interface configuration gigabit...

Page 105: ...t Mirror Configuration 3 1 Using the GUI Choose the menu Switching Port Port Mirror to load the following page Figure 3 1 Mirror Session List The above page displays a mirror session and no more sessi...

Page 106: ...Source Port section select one or multiple monitored ports for configuration Then set the parameters and click Apply UNIT 1 LAGS Click 1 to select physical ports Click LAGS to select LAGs Ingress Wit...

Page 107: ...e Set the monitored ports session_num The monitor session number It can only be specified as 1 port list List of monitored port It is multi optional mode The monitor mode There are three options rx tx...

Page 108: ...cal Interfaces Port Mirror Configuration Configuration Guide 85 Destination Port Gi1 0 10 Source Ports Ingress Gi1 0 1 3 Source Ports Egress Gi1 0 1 3 Switch config if end Switch copy running config s...

Page 109: ...Select one or multiple ports for security configuration 2 Specify the maximum number of the MAC addresses that can be learned on the port and then select the learn mode of the MAC addresses Max Learn...

Page 110: ...n be selected Drop When the number of learned MAC addresses reaches the limit the port will stop learning and discard the packets with the MAC addresses that have not been learned Forward When the num...

Page 111: ...es reaches the limit the port will stop learning and discard the packets with the MAC addresses that have not been learned forward When the number of learned MAC addresses reaches the limit the port w...

Page 112: ...Managing Physical Interfaces Port Security Configuration Configuration Guide 89 Switch config if end Switch copy running config startup config...

Page 113: ...gurations 5 Port Isolation Configurations 5 1 Using the GUI Choose the menu Switching Port Port Isolation to load the following page Figure 5 1 Port Isolation List The above page displays the port iso...

Page 114: ...global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list Enter interface configuration mode Step 3 port isolation...

Page 115: ...hows how to add ports 1 0 1 3 and LAG 4 to the forward list of port 1 0 5 Switch configure Switch config interface gigabitEthernet 1 0 5 Switch config if port isolation gi forward list 1 0 1 3 po forw...

Page 116: ...Configuring QoS Choose the menu Switching Port Loopback Detection to load the following page Figure 6 1 Loopback Detection Follow these steps to configure loopback detection 1 In the Global Config sec...

Page 117: ...and generate an entry on the log file It is the default setting Port Based When a loop is detected the switch will send a trap message and generate an entry on the log file In addition the switch wil...

Page 118: ...here are two modes alert When a loop is detected the switch will send a trap message and generate an entry on the log file It is the default setting port based When a loop is detected the switch will...

Page 119: ...ollowing example shows how to enable loopback detection of port 1 0 3 and set the process mode as alert and recovery mode as auto Switch configure Switch config interface gigabitEthernet 1 0 3 Switch...

Page 120: ...Configuration Scheme To implement this requirement you can configure port mirror to copy the packets from ports 1 0 2 5 to port 1 0 1 The overview of configuration is as follows 1 Specify ports 1 0 2...

Page 121: ...ort section select port 1 0 1 as the monitoring port and click Apply Figure 7 3 Destination Port Configuration 3 In the Source Port section select ports 1 0 2 5 as the monitored ports and enable Ingre...

Page 122: ...h show monitor session 1 Monitor Session 1 Destination Port Gi1 0 1 Source Ports Ingress Gi1 0 2 5 Source Ports Egress Gi1 0 2 5 7 2 Example for Port Isolation 7 2 1 Network Requirements As shown belo...

Page 123: ...the other hosts Demonstrated with T1600G 52TS the following sections provide configuration procedure in two ways using the GUI and using the CLI 7 2 3 Using the GUI 1 Choose the menu Switching Port P...

Page 124: ...4 Using the CLI Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if port isolation gi forward list 1 0 4 Switch config if end Switch copy running config startup config Ver...

Page 125: ...port on which a loop is detected Figure 7 8 Network Topology Switch A Management Host Access layer Switches Gi1 0 1 Gi1 0 2 Loop Gi1 0 3 7 3 2 Configuration Scheme Enable loopback detection on ports...

Page 126: ...me Click Apply Figure 7 10 Port Configuration 4 Monitor the detection result on the above page The Loop status and Block status are displayed on the right side of ports 7 3 4 Using the CLI 1 Enable lo...

Page 127: ...nfiguration Verify the global configuration Switch show loopback detection global Loopback detection global status enable Loopback detection interval 30 s Loopback detection recovery time 90 s Verify...

Page 128: ...er Default Setting Port Config Type Copper Status Enable Speed Auto Duplex Auto Flow Control Disable Jumbo Disable Port Mirror Ingress Disable Egress Disable Port Security Max Learned MAC 64 Learned N...

Page 129: ...Configuration Guide 106 Managing Physical Interfaces Appendix Default Parameters Parameter Default Setting Port Status Disable Operation mode Alert Recovery mode Auto...

Page 130: ...Part 4 Configuring LAG CHAPTERS 1 LAG 2 LAG Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 131: ...ure the backup ports to enhance the connection reliability 1 2 Supported Features You can configure LAG in two ways static LAG and LACP Link Aggregation Control Protocol Static LAG The member ports ar...

Page 132: ...e LACP does not support half duplex links One static LAG supports up to eight member ports All the member ports share the traffic evenly If an active link fails the other active links share the traffi...

Page 133: ...MAC addresses of the packets SRC IP The computation is based on the source IP addresses of the packets DST IP The computation is based on the destination IP addresses of the packets SRC IP DST IP The...

Page 134: ...ame LAG mode Configuring Static LAG Choose the menu Switching LAG Static LAG to load the following page Figure 2 3 Static LAG Follow these steps to configure the static LAG 1 In the LAG Config section...

Page 135: ...gher priority will determine its active ports and the other device can select its active ports according to the selection result of the device with higher priority If the two ends have the same system...

Page 136: ...ne end of the link is configured as Active Status Enable the LACP function of the port By default it is disabled 2 2 Using the CLI 2 2 1 Configuring Load balancing Algorithm Follow these steps to conf...

Page 137: ...Load Balancing Addresses Used Per Protocol Non IP Source XOR Destination MAC address IPv4 Source XOR Destination MAC address IPv6 Source XOR Destination MAC address Switch config end Switch copy runn...

Page 138: ...config interface range gigabitEthernet 1 0 5 8 Switch config if range channel group 2 mode on Switch config if range show etherchannel 2 summary Flags D down P bundled in port channel U in use I stand...

Page 139: ...you need to select LACP mode active or passive In LACP the switch uses LACPDU Link Aggregation Control Protocol Data Unit to negotiate the parameters with the peer end In this way the two ends select...

Page 140: ...as active Switch configure Switch config interface range gigabitEthernet 1 0 1 4 Switch config if range channel group 6 mode active Switch config if range show lacp internal Flags S Device is requesti...

Page 141: ...o avoid traffic bottleneck between the servers and Switch B you also need to configure LAG on them to increase link bandwidth Here we mainly introduce the LAG configuration between the two switches Fi...

Page 142: ...as SRC MAC DST MAC Figure 3 2 Global Configuration 2 Choose the menu Switching LAG LACP Config to load the following page In the Global Config section specify the system priority of Switch A as 0 and...

Page 143: ...Switch configure Switch config port channel load balance src dst mac 2 Specify the system priority of Switch A as 0 Remember to ensure that the system priority value of Switch B is bigger than 0 Switc...

Page 144: ...e priority of this port is lower than port 1 0 9 Switch config interface gigabitEthernet 1 0 10 Switch config if channel group 1 mode active Switch config if lacp port priority 2 Switch config if end...

Page 145: ...uring LAG Configuration Example Gi1 0 5 SA Down 0 0x1 0 0x5 0x45 Gi1 0 6 SA Down 0 0x1 0 0x6 0x45 Gi1 0 7 SA Down 0 0x1 0 0x7 0x45 Gi1 0 8 SA Down 0 0x1 0 0x8 0x45 Gi1 0 9 SA Down 1 0x1 0 0x9 0x45 Gi1...

Page 146: ...Default Parameters Default settings of Switching are listed in the following tables Table 4 1 Default Settings of LAG Parameter Default Setting LAG Table Hash Algorithm SRC MAC DST MAC LACP Config Sys...

Page 147: ...Part 5 Monitoring Traffic CHAPTERS 1 Traffic Monitor 2 Appendix Default Parameters...

Page 148: ...ry to load the following page Figure 1 1 Traffic Summary Follow these steps to view the traffic summary of each port 1 To get the real time traffic summary enable auto refresh in the Auto Refresh sect...

Page 149: ...f octets transmitted on the port Error octets are counted in Statistics Click this button to view the detailed traffic statistics of the port 1 1 2 Viewing the Traffic Statistics in Detail Choose the...

Page 150: ...f the received packets including error packets that are 64 bytes long Pkts65to127Octets Displays the number of the received packets including error packets that are between 65 and 127 bytes long Pkts1...

Page 151: ...tted on the port Error frames are not counted in Alignment Errors Displays the number of the received packets that have a Frame Check Sequence FCS with a non integral octet Alignment Error The size of...

Page 152: ...Configuration Guide 129 2 Appendix Default Parameters Table 2 1 Traffic Statistics Monitoring Parameter Default Setting Traffic Summary Auto Refresh Disable Refresh Rate 10 seconds Traffic Statistics...

Page 153: ...Part 6 Managing MAC Address Table CHAPTERS 1 MAC Address Table 2 Address Configurations 3 Security Configurations 4 Example for Security Configurations 5 Appendix Default Parameters...

Page 154: ...an add or remove these entries to your needs Furthermore you can configure notification traps and limit the number of MAC addresses in a VLAN for traffic safety Address Configurations Dynamic address...

Page 155: ...the MAC address change activity For example you can configure the switch to send you notifications when new users access the network Limiting the Number of MAC Addresses in VLANs You can configure VL...

Page 156: ...sing the GUI 2 1 1 Adding Static MAC Address Entries You can add static MAC address entries by manually specifying the desired MAC address or binding dynamic MAC address entries Adding MAC Addresses M...

Page 157: ...2 Click Create Binding Dynamic Address Entries Choose the menu Switching MAC Address Dynamic Address to load the following page Figure 2 2 Binding Dynamic MAC Address Entries Follow these steps to bi...

Page 158: ...desired length of time Auto Aging Enable Auto Aging then the switch automatically updates the dynamic address table with the aging mechanism By default it is enabled Aging Time Set the length of time...

Page 159: ...Address Specify a MAC address to configure the switch to drop packets which include this MAC address as the source address or destination address VLAN ID Specify an existing VLAN in which packets with...

Page 160: ...address table static mac addr vid vid interface gigabitEthernet port Bind the MAC address VLAN and port together to add a static address to the VLAN mac addr Enter the MAC address and packets with th...

Page 161: ...tatic MAC address entry with MAC address 00 02 58 4f 6c 23 VLAN 10 and port 1 When a packet is received in VLAN 10 with this address as its destination the packet will be forwarded only to port 1 Swit...

Page 162: ...aging time to 500 seconds A dynamic entry remains in the MAC address table for 500 seconds after the entry is used or updated Switch configure Switch config mac address table aging time 500 Switch con...

Page 163: ...filtering addresses The following example shows how to add the MAC filtering address 00 1e 4b 04 01 5d to VLAN 10 Then the switch will drop the packet that is received in VLAN 10 with this address as...

Page 164: ...y configurations With security configurations of the MAC address table you can Configure MAC notification traps Limit the number of MAC addresses in VLANs 3 1 Using the GUI 3 1 1 Configuring MAC Notif...

Page 165: ...s notification traps You can enable these three types Learned Mode Change Exceed Max Learned and New MAC Learned Click Apply Learned Mode Change Enable Learned Mode Change and when the learned mode of...

Page 166: ...n control the available address table space by setting maximum learned MAC number for VLANs However an improper maximum number can cause unnecessary floods in the network or a waste of address table s...

Page 167: ...Ethernet port that you want to configure notification traps Step 6 mac address table notification learn mode change enable disable exceed max learned enable disable new mac learned enable disable Enab...

Page 168: ...onfig mac address table notification global status enable Switch config mac address table notification interval 10 Switch config interface gigabitEthernet 1 0 1 Switch config if mac address table noti...

Page 169: ...number of MAC addresses in the specified VLAN is exceeded forward Packets of new source MAC addresses will be forwarded but the addresses not learned when the maximum number of MAC addresses in the sp...

Page 170: ...rk with notifications of any new access users Figure 4 1 The Network Topology Gi1 0 1 Gi1 0 3 Gi1 0 2 R D Department VLAN 30 Marketing Department VLAN 10 Switch Internet 4 2 Configuration Scheme VLAN...

Page 171: ...the maximum number of MAC address in VLAN 10 as 100 choose drop mode and click Create Figure 4 2 Configuring VLAN Security 2 Choose the menu Switching MAC Address MAC Notification to load the followi...

Page 172: ...global status enable Switch config mac address table notification interval 10 Switch config interface gigabitEthernet 1 0 2 Switch config if mac address table notification new mac learned enable Switc...

Page 173: ...ltering Address Entries None Table 5 2 Default Settings of Dynamic Address Table Parameter Default Setting Auto Aging Enable Aging Time 300 seconds Table 5 3 Default Settings of MAC Notification Param...

Page 174: ...Part 7 Configuring 802 1Q VLAN CHAPTERS 1 Overview 2 802 1Q VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 175: ...d all VLAN traffic remains within its VLAN It reduces the influence of broadcast traffic in Layer 2 network to the whole network To enhance network security Devices from different VLANs cannot achieve...

Page 176: ...se steps 1 Configure PVID Port VLAN ID of the port 2 Configure the VLAN including creating a VLAN and adding the configured port to the VLAN 2 1 Using the GUI 2 1 1 Configuring the PVID of the Port Ch...

Page 177: ...ongs to VLAN Check details of the VLAN which the port is in 2 1 2 Configuring the VLAN Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Figure 2 2 Configuring V...

Page 178: ...he valid values are from 2 to 4094 for example 2 3 5 Step 3 name descript Optional Specify a VLAN description for identification descript The length of the description should be 1 to 16 characters Ste...

Page 179: ...The number or the list of the Ethernet port that you want to configure Step 3 switchport pvid vlan id Configure the PVID of the port s By default it is 1 vlan id The default VLAN ID of the port with...

Page 180: ...an list tagged untagged Add the port to the specified VLAN and specify its egress rule in this VLAN vlan id The default VLAN ID of the port with the values between 1 and 4094 tagged untagged Egress ru...

Page 181: ...Guide 158 Configuring 802 1Q VLAN 802 1Q VLAN Configuration Link Type General Member in VLAN Vlan Name Egress rule 1 System VLAN Untagged 2 rd Tagged Switch config if end Switch copy running config s...

Page 182: ...r department 3 2 Configuration Scheme Divide computers in Department A and Department B into two VLANs respectively so that computers can communicate with each other in the same department but not wit...

Page 183: ...witch 1 is connected to port 1 0 8 on Switch 2 Figure 3 1 Network Topology VLAN 10 VLAN 20 Host A1 Host A2 Host B1 Host B2 Switch 1 Switch 2 Gi1 0 2 Gi1 0 3 Gi1 0 4 Gi1 0 6 Gi1 0 7 Gi1 0 8 Demonstrate...

Page 184: ...for Department A 2 Click Create again to load the following page Create VLAN 20 with the description of Department B Add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to VLAN 20 Then...

Page 185: ...port mode of port 1 0 2 and port 1 0 3 as Untagged and then add port 1 0 2 to VLAN 10 and add port 1 0 3 to VLAN 20 Switch_1 config interface gigabitEthernet 1 0 2 Switch_1 config if switchport genera...

Page 186: ...ing 802 1Q VLAN Configuration Example Configuration Guide 163 Gi1 0 5 Gi1 0 6 Gi1 0 7 Gi1 0 8 Gi1 0 49 Gi1 0 50 Gi1 0 51 Gi1 0 52 10 Department A active Gi1 0 2 Gi1 0 4 20 Department B active Gi1 0 3...

Page 187: ...1Q VLAN Appendix Default Parameters 4 Appendix Default Parameters Default settings of 802 1Q VLAN are listed in the following table Table 4 1 Default Settings of 802 1Q VLAN Parameter Default Setting...

Page 188: ...Part 8 Configuring MAC VLAN CHAPTERS 1 Overview 2 MAC VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 189: ...even when their access ports change The figure below shows a common application scenario of MAC VLAN Figure 1 1 Common Application Scenario of MAC VLAN Meeting Room 1 Laptop A Laptop B Meeting Room 2...

Page 190: ...g to the data packet and forward it within the VLAN If no the switch will continue to match the data packet with the matching rules of other VLANs such as the protocol VLAN If there is a match the swi...

Page 191: ...er the VLAN ID to bind it to the VLAN MAC Address Enter the MAC address of the device The address should be in 00 00 00 00 00 01 format Description Give a MAC address description for identification wi...

Page 192: ...figuring MAC VLAN create an 802 1Q VLAN and set the port type according to network requirements For details refer to Configuring 802 1Q VLAN 2 2 2 Binding the MAC Address to the VLAN Follow these step...

Page 193: ...fig 2 2 3 Enabling MAC VLAN for the Port Follow these steps to enable MAC VLAN for the port Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port...

Page 194: ...mple shows how to enable MAC VLAN for port 1 0 1 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if mac vlan Switch config if show mac vlan interface Port STATUS Gi1 0 1 E...

Page 195: ...top A 00 19 56 8A 4C 71 Laptop B 00 19 56 82 3B 70 Meeting Room 2 Switch 3 Gi1 0 3 Gi1 0 2 Gi1 0 2 Gi1 0 2 Gi1 0 1 Gi1 0 1 Gi1 0 5 Gi1 0 4 Switch 1 Switch 2 Server B VLAN 20 Server A VLAN 10 3 2 Confi...

Page 196: ...UI and using the CLI 3 3 Using the GUI Configurations for Switch 1 and Switch 2 The configurations of Switch 1 and Switch 2 are similar The following introductions take Switch 1 as an example 1 Choose...

Page 197: ...to load the following page Enter MAC Address Description VLAN ID and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20 Figure 3 4 MAC VLAN Con...

Page 198: ...hoose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add port 1 0 4 as untagged port and ports 1 0 2 3 as tagged ports to VLAN 10 Click Apply Figu...

Page 199: ...take Switch 1 as an example 1 Create VLAN 10 for Department A and create VLAN 20 for Department B Switch_1 configure Switch_1 config vlan 10 Switch_1 config vlan name deptA Switch_1 config vlan exit...

Page 200: ...copy running config startup config Configurations for Switch 3 1 Create VLAN 10 for Department A and create VLAN 20 for Department B Switch_3 configure Switch_3 config vlan 10 Switch_3 config vlan nam...

Page 201: ...running config startup config Verify the Configurations Switch 1 Switch_1 show mac vlan all MAC Address Description VLAN 00 19 56 8A 4C 71 PCA 10 00 19 56 82 3B 70 PCB 20 Switch 2 Switch_2 show mac vl...

Page 202: ...Configuration Guide 179 4 Appendix Default Parameters Default settings of MAC VLAN are listed in the following table Table 4 1 Default Settings of MAC VLAN Parameter Default Setting MAC Address None D...

Page 203: ...Part 9 Configuring Protocol VLAN CHAPTERS 1 Overview 2 Protocol VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 204: ...corresponding VLANs Since different applications and services use different protocols network administrators can use protocol VLAN to manage the network based on specific applications and services of...

Page 205: ...for the protocol VLAN matching the protocol type value of the packet If MAC VLAN is also configured the switch will first process MAC VLAN If there is a match the switch will insert the corresponding...

Page 206: ...Frame Type Select the frame type of the new protocol template For T1600G 18TS the supported frame type is Ethernet II and cannot be configured Ether Type When the frame type is Ethernet II or SNAP ent...

Page 207: ...rotocol Name Select the protocol type VLAN ID Enter the ID of the 802 1Q VLAN to be bound to the protocol type 2 In the Protocol Group Member section select the port or LAG to add to the protocol grou...

Page 208: ...ssap_type Create a protocol template protocol name Specify the protocol name with 1 to 8 characters type Specify the Ethernet protocol type with 4 hexadecimal numbers It ranges from 0600 to FFFF dsap...

Page 209: ...D of the 802 1Q VLAN where the port with protocol VLAN enabled is index Protocol template index Step 4 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthern...

Page 210: ...T SNAP ether type 809B 6 IPv6 EthernetII ether type 86DD Switch config protocol vlan vlan 10 template 6 Switch config end Switch copy running config startup config The following example shows how to a...

Page 211: ...ngs to VLAN 20 and these hosts access the network via Switch 1 Switch 2 is connected to two routers to access the IPv4 network and IPv6 network respectively The routers belong to VLAN 10 and VLAN 20 r...

Page 212: ...VLANs to form protocol groups and add port 1 0 1 to the groups For Switch 1 configure 802 1Q VLAN according to the network topology Demonstrated with T1600G 28TS this chapter provides configuration p...

Page 213: ...guring Protocol VLAN Configuration Example 2 Click Create to load the following page Create VLAN 20 and add ports 1 0 2 3 as untagged ports to VLAN 20 Click Apply Figure 3 3 Create VLAN 20 3 Click Sav...

Page 214: ...n Guide 191 Configurations for Switch 2 1 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add port 1 0 1 as tagged port and port 1 0 2 as un...

Page 215: ...LAN 20 Click Apply Figure 3 5 Create VLAN 20 3 Choose the menu VLAN Protocol VLAN Protocol Template to load the following page Enter IPv6 in the protocol name select the Ethernet II frame type enter 8...

Page 216: ...te 4 Choose the menu VLAN Protocol VLAN Protocol Group to load the following page Select the IP protocol name that is the IPv4 protocol template enter VLAN ID 10 select port 1 and click Apply Select t...

Page 217: ...ng page Here you can view the protocol VLAN configuration Figure 3 9 Protocol VLAN configuration 6 Click Save Config to save the settings 3 4 Using the CLI Configurations for Switch 1 1 Create VLAN 10...

Page 218: ...witchport general allowed vlan 20 untagged Switch_1 config if exit Switch_1 config end Switch_1 copy running config startup config Configurations for Switch 2 1 Create VLAN 10 and VLAN 20 Switch_2 con...

Page 219: ...r type 0800 2 ARP EthernetII ether type 0806 3 RARP EthernetII ether type 8035 4 IPX SNAP ether type 8137 5 AT SNAP ether type 809b 6 IPv6 Ethernet II ether type 86dd 5 Configure the protocol groups S...

Page 220: ...6 Gi1 0 27 Gi1 0 28 10 IPv4 active Gi1 0 1 Gi1 0 3 20 IPv6 active Gi1 0 2 Gi1 0 3 Switch 2 Verify 802 1Q VLAN configuration Switch_2 show vlan VLAN Name Status Ports 1 System VLAN active Gi1 0 1 Gi1 0...

Page 221: ...ult settings of Protocol VLAN are listed in the following table Table 4 1 Default Settings of Protocol VLAN Parameter Default Setting Protocol Template Table 1 IP Ethernet II ether type 0800 2 ARP Eth...

Page 222: ...Part 10 Configuring Spanning Tree CHAPTERS 1 Spanning Tree 2 STP RSTP Configurations 3 MSTP Configurations 4 STP Security Configurations 5 Configuration Example for MSTP 6 Appendix Default Parameters...

Page 223: ...on STP RSTP RSTP Rapid Spanning Tree Protocol provides the same features as STP But RSTP also provides much faster spanning tree convergence MSTP MSTP Multiple Spanning Tree Protocol also provides the...

Page 224: ...of a 2 byte priority and a 6 byte MAC address The priority is allowed to be configured manually on the switch and the switch with the lowest priority value will be elected as the root bridge If the p...

Page 225: ...ected port with spanning tree function enabled Port Status Generally in STP the port status includes Blocking Listening Learning Forwarding and Disabled Blocking In this status the port receives and s...

Page 226: ...bled with spanning tree function but not connected to any device Path Cost The path cost reflects the link speed of the port The smaller the value the higher link speed the port has The path cost can...

Page 227: ...s section will introduce some concepts only exist in MSTP Figure 1 3 MSTP Topology region 1 region 3 region 4 CST IST Blocked Port region 2 MST Region An MST region consists of multiple interconnected...

Page 228: ...Internal Spanning Tree which is a special MST instance with an instance ID of 0 By default all the VLANs are mapped to IST CST The Common Spanning Tree which is the spanning tree connects all MST reg...

Page 229: ...y if the port does not receive any higher priority BDPUs it will transit to its normal state BPDU Protect BPDU Protect function is used to prevent the port from receiving BPUDs It is recommended to en...

Page 230: ...maliciously sends a large number of TC BPDUs to a switch in a short period the switch will be busy with removing MAC address entries which may decrease the performance and stability of the network Wi...

Page 231: ...ach switch plays in a spanning tree To avoid any possible network flapping caused by STP RSTP parameter changes you are suggested to enable STP RSTP function globally after configuring the relevant pa...

Page 232: ...onfigure it if the spanning tree mode is STP RSTP Edge Port Enable or disable Edge Port By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port i...

Page 233: ...ort is not participating in the spanning tree Port Status Displays the port status Forwarding The port receives and sends BPDUs and forwards user data Learning The port receives and sends BPDUs and dr...

Page 234: ...default value is 2 Max Age Specify the maximum time the switch can wait without receiving a BPDU before attempting to regenerate a spanning tree The valid values are from 6 to 40 in seconds and the d...

Page 235: ...STP MSTP Specify the spanning tree mode as MSTP 2 1 3 Verifying the STP RSTP Configurations Verify the STP RSTP information of your switch after all the configurations are finished Choose the menu Spa...

Page 236: ...not displayed when you choose the spanning tree mode as STP RSTP Designated Bridge Displays the bridge ID of the designated bridge The designated bridge is the switch that has designated ports Root P...

Page 237: ...disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an edge port point to point a...

Page 238: ...ward Delay The valid values are from 4 to 30 in seconds and the default value is 15 Forward Delay is the time for the port to transit its state after the network topology is changed hello time Specify...

Page 239: ...e State Mode Priority Hello Time Fwd Time Max Age Hold Count Max Hops Enable Rstp 36864 2 12 20 5 20 Switch config end Switch copy running config startup config 2 2 3 Enabling STP RSTP Globally Follow...

Page 240: ...is enabled Spanning tree s mode RSTP 802 1w Rapid Spanning Tree Protocol Latest topology change time 2006 01 02 10 04 02 Root Bridge Priority 32768 Address 00 0a eb 13 12 ba Local bridge is the root b...

Page 241: ...he role that each switch plays in a spanning tree To avoid any possible network flapping caused by MSTP parameter changes you are suggested to enable MSTP function globally after configuring the relev...

Page 242: ...ST Edge Port Enable or disable Edge Port By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is re...

Page 243: ...isplays the port status Forwarding The port receives and sends BPDUs and forwards user data Learning The port receives and sends BPDUs and drops the other packets Blocking The port only receives BPDUs...

Page 244: ...nstance Instance Config to load the following page Figure 3 3 Configuring the VLAN Instance Mapping Follow these steps to map VLANs to the corresponding instance and configure the priority of the swit...

Page 245: ...tch with the lower value has the higher priority and the switch with the highest priority will be elected as the root bridge in the desired instance VLAN ID Enter the VLAN ID mapped to the correspondi...

Page 246: ...g page Figure 3 4 Configuring Port Parameters in the Instance Follow these steps to configure port parameters in the instance 1 In the Instance ID Select section select the desired instance ID for its...

Page 247: ...will be elected as the root of the desired instance Port Role Displays the role that the port plays in the desired instance Root Port Indicates the port is the root port Designated Port Indicates the...

Page 248: ...ghest priority will be elected as the root bridge Hello Time Specify the interval to send BPDUs The valid values are from 1 to 10 in seconds and the default value is 2 Max Age Specify the maximum time...

Page 249: ...2 Forward Delay 1 Max Age 2 In the Global Config section enable Spanning Tree function and choose the STP mode as MSTP and click Apply Spanning Tree Enable or disable spanning tree function globally...

Page 250: ...formation of CIST Spanning Tree Displays the status of the spanning tree function Spanning Tree Mode Displays the spanning tree mode Local Bridge Displays the bridge ID of the local switch The local b...

Page 251: ...onal Root Bridge Displays the bridge ID of the root bridge in the desired instance Internal Path Cost Displays the internal path cost It is the root path cost from the current switch to the regional r...

Page 252: ...By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an edge por...

Page 253: ...Configuring the MST Region Follow these steps to configure the MST region and the priority of the switch in the instance Step 1 configure Enter global configuration mode Step 2 spanning tree mst inst...

Page 254: ...instance instance id interface fastEthernet port gigabitEthernet port port channel lagid Optional View the related information of MSTP Instance digest Display digest calculated by instance vlan map in...

Page 255: ...o 240 which are divisible by 16 and the default value is 128 The port with the lower value has the higher priority In the same condition the port with the highest priority will be elected as the root...

Page 256: ...able 32 Auto Auto No No auto N A N A LnkDwn MST Instance 5 Interface Prio Cost Role Status Gi1 0 3 144 200 N A LnkDwn Switch config if end Switch copy running config startup config 3 2 3 Configuring G...

Page 257: ...m number of BPDU packets transmitted per Hello Time interval value Specify the maximum number of BPDU packets transmitted per Hello Time interval The valid values are from 1 to 20 pps and the default...

Page 258: ...globally Step 1 configure Enter global configuration mode Step 2 spanning tree mode mstp Configure the spanning tree mode as MSTP mstp Specify the spanning tree mode as MSTP Step 3 spanning tree Enabl...

Page 259: ...ss 00 0a eb 13 23 97 Regional Root Bridge Priority 36864 Address 00 0a eb 13 12 ba Local bridge is the regional root bridge Local Bridge Priority 36864 Address 00 0a eb 13 12 ba Interface State Prio E...

Page 260: ...P Configurations Configuration Guide 237 Priority 32768 Address 00 0a eb 13 12 ba Interface Prio Cost Role Status Gi 0 16 128 200000 Altn Blk Gi 0 20 128 200000 Mstr Fwd Switch config end Switch copy...

Page 261: ...the Loop Protect function Configure the Root Protect function Configure the TC Protect function Configure the BPDU Protect function Configure the BPDU Filter function 4 1 Using the GUI 4 1 1 Configur...

Page 262: ...e this function on the ports of non root switches For T1600G 18TS with TC protect function enabled when the switch receives TC BPDUs it will not process the TC BPDUs at once The switch will wait for 5...

Page 263: ...1 to 10 to specify the TC Protect Cycle The default value is 5 4 2 Using the CLI 4 2 1 Configuring the STP Security Follow these steps to configure the Root protect feature BPDU protect feature and BP...

Page 264: ...spanning tree bpduguard Optional Enable the BPDU Protect function on the port It is It is recommended to enable this function on edge ports BPDU Protect function is used to prevent the edge port from...

Page 265: ...s By default it is 5 Step 3 interface fastEthernet port gigabitEthernet port range gigabitEthernet port list port channel port channel range port channel port channel list Enter interface configuratio...

Page 266: ...Switch config interface gigabitEthernet 1 0 3 Switch config if spanning tree guard tc Switch config if show spanning tree interface security gigabitEthernet 1 0 3 Interface BPDU Filter BPDU Guard Loop...

Page 267: ...een the switches is 100Mb s the default path cost of the port is 200000 It is required that traffic in VLAN 101 VLAN 103 and traffic in VLAN 104 VLAN 106 should be transmitted along different paths Fi...

Page 268: ...t is as the root bridge in instance 1 configure the priority of Switch C as 0 to set is as the root bridge in instance 2 4 Configure the path cost to block the specified ports For instance 1 set the p...

Page 269: ...hoose the menu Spanning Tree MSTP Instance Region Config to load the following page Set the region name as 1 and the revision level as 100 Figure 5 4 Configuring the MST Region 3 Choose the menu Spann...

Page 270: ...Example for MSTP Configuration Guide 247 Figure 5 5 Configuring the VLAN Instance Mapping 4 Choose the menu Spanning Tree MSTP Instance Instance Port Config to load the following page Set the path cos...

Page 271: ...xample for MSTP Figure 5 6 Configure the Path Cost of Port 1 0 1 In Instance 1 5 Choose the menu Spanning Tree STP Config STP Config to load the following page Enable MSTP function globally here we le...

Page 272: ...B 1 Choose the menu Spanning Tree STP Config Port Config to load the following page Enable the spanning tree function on port 1 0 1 and port 1 0 2 Here we leave the values of the other parameters as...

Page 273: ...MSTP Instance Instance Config to load the following page Map VLAN101 VLAN103 to instance 1 map VLAN104 VLAN106 to instance 2 Figure 5 10 Configuring the VLAN Instance Mapping 4 Choose the menu Spannin...

Page 274: ...for MSTP Configuration Guide 251 Figure 5 11 Configuring the Priority of Switch B in Instance 1 5 Choose the menu Spanning Tree MSTP Instance Instance Port Config to load the following page Set the p...

Page 275: ...ample for MSTP Figure 5 12 Configure the Path Cost of Port 1 0 2 in Instance 2 6 Choose the menu Spanning Tree STP Config STP Config to load the following page Enable MSTP function globally Here we le...

Page 276: ...e the menu Spanning Tree STP Config Port Config to load the following page Enable the spanning tree function on port 1 0 1 and port 1 0 2 Here we leave the values of the other parameters as default se...

Page 277: ...MSTP Instance Instance Config to load the following page Map VLAN101 VLAN103 to instance 1 map VLAN104 VLAN106 to instance 2 Figure 5 16 Configuring the VLAN Instance Mapping 4 Choose the menu Spanni...

Page 278: ...Priority of Switch C in Instance 2 5 Choose the menu Spanning Tree STP Instance STP Config to load the following page Enable MSTP function globally here we leave the values of the other global parame...

Page 279: ...on name as 1 the revision number as 100 map VLAN101 VLAN103 to instance 1 map VLAN104 VLAN106 to instance 2 Switch config spanning tree mst configuration Switch config mst name 1 Switch config mst rev...

Page 280: ...vlan 101 103 Switch config mst instance 2 vlan 104 106 Switch config mst exit Switch config spanning tree mst instance 1 priority 0 3 Configure the spanning tree mode as MSTP then enable spanning tre...

Page 281: ...e mode as MSTP then enable spanning tree function globally Switch config spanning tree mode mstp Switch config spanning tree Switch config end Switch copy running config startup config Verify the Conf...

Page 282: ...MST Instance 2 Root Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Internal Cost 200000 Root Port 2 Designated Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Local Bridge Priority 32768 Address 00 0a eb 13...

Page 283: ...Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128 200000 Desg Fwd Verify the configurations of Switch B in instance 2 Switch config show spanning tree mst instance 2 MST Instance 2 Root Bridge Priority 0 Addres...

Page 284: ...200000 Root Port 2 Designated Bridge Priority 0 Address 00 0a eb 13 12 ba Local Bridge Priority 32768 Address 3c 46 d8 9d 88 f7 Interface Prio Cost Role Status Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128...

Page 285: ...tion Guide 262 Configuring Spanning Tree Configuration Example for MSTP Local Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Interface Prio Cost Role Status Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128 200000...

Page 286: ...Default Setting Spanning tree Disable Mode STP CIST Priority 32768 Hello Time 2 seconds Max Age 20 seconds Forward Delay 15 seconds TxHoldCount 5 pps Max Hops 20 hops Table 6 2 Default Settings of the...

Page 287: ...Configuration Guide 264 Configuring Spanning Tree Appendix Default Parameters Parameter Default Setting Port Priority 128 Path Cost Auto...

Page 288: ...iguring Layer 2 Multicast CHAPTERS 1 Layer 2 Multicast 2 IGMP Snooping Configurations 3 Configuring MLD Snooping 4 Viewing Multicast Snooping Configurations 5 Configuration Examples 6 Appendix Default...

Page 289: ...oint to multipoint network multicast technology not only transmits data with high efficiency but also saves a large bandwidth and reduces network load In practical applications Internet information pr...

Page 290: ...ast packets 1 2 Supported Layer 2 Multicast Protocols Layer 2 Multicast protocol for IPv4 IGMP Snooping On the Layer 2 device IGMP Snooping transmits data on demand on data link layer by analyzing IGM...

Page 291: ...the following page Figure 2 1 IGMP Snooping Global Config Enabling IGMP Snooping Globally Before configuring functions related to IGMP Snooping enable IGMP Snooping globally first 1 Select Enable to...

Page 292: ...eport message to Layer 3 devices and suppress subsequent IGMP report messages from the same multicast group during one query interval which reduces the number of IGMP packets 2 Click Apply Configuring...

Page 293: ...an IGMP leave message the switch obtains the address of the multicast group that the host wants to leave from the message Then the switch sends out MASQs to this multicast group through the port rece...

Page 294: ...port 1 Select the port to be configured and select Enable under the IGMP Snooping column 2 Click Apply Optional Configuring Fast Leave With Fast Leave enabled on a port the switch will remove this po...

Page 295: ...ring IGMP Snooping in the VLAN Choose the menu Multicast IGMP Snooping VLAN Config to load the following page Figure 2 3 IGMP Snooping in VLAN Configuring IGMP Snooping Globally in the VLAN In the VLA...

Page 296: ...VLAN 1 Configure the router ports in the designate VLAN VLAN ID Specify the VLAN to be configured Static Router Ports Select one or more ports to be the static router ports in the VLAN All multicast d...

Page 297: ...figuring 802 1Q VLAN 2 Enable Multicast VLAN configure the specific VLAN to be the multicast VLAN and configure the Router Port Time and Member Port Time Multicast VLAN Select Enable to enable multica...

Page 298: ...w source IP address The switch will replace the source IP in the IGMP multicast data sent by the multicast VLAN with the IP address you enter 2 Click Apply Viewing Dynamic Router Ports in the Multicas...

Page 299: ...gure the querier 1 Specify a VLAN and configure the querier on this VLAN VLAN ID Specify the VLAN to be configured Query Interval Enter the interval between general query messages sent by the querier...

Page 300: ...to create a profile and configure its filtering mode 1 Create a profile and configure its filtering mode Profile ID Enter a profile ID between 1 and 999 Mode Select Permit or Deny as the filtering mo...

Page 301: ...er ports to join specific multicast groups Deny similar to a blacklist means that the switch disallows specific member ports to join specific multicast groups Start IP Specify the Start IP of the mult...

Page 302: ...t the port to be bound Port Displays the port number Profile ID Enter the profile ID you create to bind the profile to the port One port can only be bound to one profile ClearBinding Click to clear th...

Page 303: ...group Drop Drop all subsequent membership report messages and the port will not join any new multicast groups Replace Replace the existing multicast group owning the lowest multicast MAC address with...

Page 304: ...led enter the interval between each refresh The valid values are from 3 to 300 seconds 2 Click Apply Viewing IGMP Statistics The IGMP Statistics table displays all kinds of IGMP statistics of all the...

Page 305: ...ng 2 Click Apply Configuring IGMP Authentication on the Port To use this function you should also enable AAA globally and configure RADIUS server on the switch Follow these steps to enable IGMP Authen...

Page 306: ...t the static member is in VLAN ID Specify the VLAN that the static member is in Forward Port Specify one or more ports to be the static member port in the multicast group Without aging the static memb...

Page 307: ...tep 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list port channel port channel id range...

Page 308: ...fig startup config 2 2 3 Configuring IGMP Snooping Parameters Globally Configuring Report Message Suppression Step 1 configure Enter global configuration mode Step 2 ip igmp snooping report suppressio...

Page 309: ...tication Accounting Disable Enable Port Enable VLAN Switch config if end Switch copy running config startup config Configuring Unknown Multicast Step 1 configure Enter global configuration mode Step 2...

Page 310: ...w ip igmp snooping IGMP Snooping Enable Unknown Multicast Discard Last Query Times 2 Last Query Interval 1 Global Member Age Time 260 Global Router Age Time 300 Global Report Suppression Disable Globa...

Page 311: ...me 200 Switch config ip igmp snooping mtime 200 Switch config show ip igmp snooping IGMP Snooping Enable Unknown Multicast Pass Last Query Times 2 Last Query Interval 1 Global Member Age Time 200 Glob...

Page 312: ...in the configuration file The following example shows how to enable Fast Leave on port 1 0 3 Switch configure Switch config ip igmp snooping Switch config interface gigabitEternet 1 0 3 Switch config...

Page 313: ...n the specified port s or of all the ports Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration file The following example shows h...

Page 314: ...copy running config startup config Save the settings in the configuration file The following example shows how to configure the last listener query count as 5 and the last listener query interval as...

Page 315: ...an vlan id Show the basic IGMP snooping configuration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration f...

Page 316: ...orts in the specified VLAN Step 3 show ip igmp snooping vlan vlan id Show the basic IGMP snooping configuration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running conf...

Page 317: ...onfiguration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to en...

Page 318: ...the static IGMP snooping configuration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how...

Page 319: ...C mode Step 4 copy running config startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast VLAN set the router port time as 500 s...

Page 320: ...copy running config startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast VLAN and set port 1 0 5 as the static router port Sw...

Page 321: ...tep 5 copy running config startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast VLAN and set port 1 0 6 as the forbidden route...

Page 322: ...fig startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast VLAN and replace the source IP in the IGMP packets sent by the switc...

Page 323: ...igmp snooping querier VLAN 4 Maximum Response Time 10 Query Interval 60 General Query Source IP 192 168 0 1 Switch config end Switch copy running config startup config Configuring Query Interval Max R...

Page 324: ...ral query source IP as 192 168 0 1 Switch configure Switch config ip igmp snooping Switch config ip igmp snooping querier vlan 4 query interval 100 Switch config ip igmp snooping querier vlan 4 max re...

Page 325: ...ctively Step 5 show ip igmp profile id Show the detailed IGMP profile configuration Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configu...

Page 326: ...copy running config startup config Save the settings in the configuration file The following example shows how to bind Profile 1 to port 1 0 2 so that port 1 0 2 filters multicast data sent to 226 0...

Page 327: ...ooping interface gigabitEthernet port authentication Show the IGMP authentication status of the specified port or of all the ports Step 6 end Return to privileged EXEC mode Step 5 copy running config...

Page 328: ...Step 1 configure Enter global configuration mode Step 2 ip igmp snooping accounting Enable IGMP Accounting globally Step 3 show ip igmp snooping Show the global IGMP snooping configuration Step 4 end...

Page 329: ...fig Figure 3 1 MLD Snooping Global Config Enabling MLD Snooping Globally Before configuring functions related to MLD Snooping enable MLD Snooping globally first 1 Select Enable to enable MLD Snooping...

Page 330: ...yer 3 devices and suppress subsequent MLD report messages from the same multicast group during one query interval which reduces the number of MLD packets 2 Click Apply Configuring Router Port Time and...

Page 331: ...an MLD leave message the switch obtains the address of the multicast group that the host wants to leave from the message Then the switch sends out MASQs to this multicast group through the port receiv...

Page 332: ...ort 1 Select the port to be configured and select Enable under the MLD Snooping column 2 Click Apply Optional Configuring Fast Leave With Fast Leave enabled on a port the switch will remove this port...

Page 333: ...uring MLD Snooping in the VLAN Choose the menu Multicast MLD Snooping VLAN Config to load the following page Figure 3 3 MLD Snooping in VLAN Configuring MLD Snooping Globally in the VLAN In the VLAN C...

Page 334: ...N 1 Configure the router ports in the designate VLAN VLAN ID Specify the VLAN to be configured Static Router Ports Select one or more ports to be the static router ports in the VLAN All multicast data...

Page 335: ...guring 802 1Q VLAN 2 Enable Multicast VLAN configure the specific VLAN to be the multicast VLAN and configure the Router Port Time and Member Port Time Multicast VLAN Select Enable to enable multicast...

Page 336: ...source IP address The switch will replace the source IP in the MLD multicast data sent by the multicast VLAN with the IP address you enter 2 Click Apply Viewing Dynamic Router Ports in the Multicast V...

Page 337: ...ure the querier 1 Specify a VLAN and configure the querier on this VLAN VLAN ID Specify the VLAN to be configured Query Interval Enter the interval between general query messages sent by the querier T...

Page 338: ...create a profile and configure its filtering mode 1 Create a profile and configure its filtering mode Profile ID Enter a profile ID between 1 and 999 Mode Select Permit or Deny as the filtering mode...

Page 339: ...s to edit profile mode and its IP range 1 Click Edit in the MLD Profile Info table Edit its IP range and click Add to save the settings Figure 3 7 Add IP range 2 In the IP range Table you can select a...

Page 340: ...g to load the following page Figure 3 8 Profile Binding Binding Profile and Member Ports Follow these steps to bind the profile to the port 1 Select the port to be bound and enter the Profile ID in th...

Page 341: ...rt to be configured Max Group Enter the number of multicast groups the port can join The valid values are from 0 to 1000 Overflow Action Select the action towards the new multicast group when the numb...

Page 342: ...figuring Auto Refresh Follow these steps to configure auto refresh 1 Enable or disable Auto Refresh Auto Refresh If Auto Refresh is enabled statistics of MLD packets on this page will refresh automati...

Page 343: ...1 Enter the Multicast IP and VLAN ID Specify the Static Member Port Multicast IP Specify the multicast group that the static member is in VLAN ID Specify the VLAN that the static member is in Forward...

Page 344: ...ter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list port channel port channel id range port channe port c...

Page 345: ...ssion Step 1 configure Enter global configuration mode Step 2 ipv6 mld snooping report suppression Enable Report Message Suppression globally If this function is enabled the switch will only forward t...

Page 346: ...drop unknown Configure the way how the switch processes the multicast data from unknown multicast groups as Discard Unknown multicast groups are multicast groups whose destination multicast address i...

Page 347: ...MLD Snooping Parameters on the Port Configuring Router Port Time and Member Port Time Step 1 configure Enter global configuration mode Step 2 ipv6 mld snooping rtime rtime ipv6 mld snooping mtime mtim...

Page 348: ...rt list gigabitEthernet port range gigabitEthernet port list port channel port channel id range port channe port channel list Enter interface configuration mode Step 3 ipv6 mld snooping immediate leav...

Page 349: ...gigabitEthernet port range gigabitEthernet port list port channel port channel id range port channe port channel list Enter interface configuration mode Step 3 ipv6 mld snooping max groups maxgroup E...

Page 350: ...ace gigabitEthernet 1 0 3 max groups Port Max Groups Overflow Action Gi1 0 3 500 Drop Switch config if end Switch copy running config startup config 3 2 5 Configuring MLD Snooping Last Listener Query...

Page 351: ...l Router Age Time 300 Global Report Suppression Disable Enable Port Enable VLAN Switch config end Switch copy running config startup config 3 2 6 Configuring MLD Snooping Parameters in the VLAN Config...

Page 352: ...2 3 mtime 400 Switch config show ipv6 mld snooping vlan 2 Vlan Id 2 Router Time 500 Member Time 400 Static Router Port None Dynamic Router Port None Forbidden Router Port None Switch config show ipv6...

Page 353: ...port interface gigabitEthernet 1 0 2 Switch config show ipv6 mld snooping vlan 2 Vlan Id 2 Router Time 0 Member Time 0 Static Router Port Gi1 0 2 Dynamic Router Port None Forbidden Router Port None Sw...

Page 354: ...r Time 0 Member Time 0 Static Router Port None Dynamic Router Port None Forbidden Router Port Gi1 0 4 6 Switch config end Switch copy running config startup config Configuring Static Multicast Multica...

Page 355: ...nd Switch copy running config startup config 3 2 7 Configuring MLD Snooping Parameters in the Multicast VLAN Configuring Router Port Time and Member Port Time Step 1 configure Enter global configurati...

Page 356: ...lace Source IP Static Router Port None Dynamic Router Port None Forbidden Router Port None Switch config end Switch copy running config startup config Configuring Static Router Port Step 1 configure E...

Page 357: ...outer Port None Forbidden Router Port None Switch config end Switch copy running config startup config Configuring Forbidden Router Port Step 1 configure Enter global configuration mode Step 2 ipv6 ml...

Page 358: ...t None Dynamic Router Port None Forbidden Router Port Gi1 0 6 Switch config end Switch copy running config startup config Configuring Replace Source IP Step 1 configure Enter global configuration mode...

Page 359: ...cast Vlan Enable Vlan Id 5 Router Time 300 Member Time 260 Replace Source IP fe80 2ff ffff fe00 1 Static Router Port None Dynamic Router Port None Forbidden Router Port None Switch config end Switch c...

Page 360: ...response time general query source ip ip addr vlan id specifies the VLAN where the querier is interval is the interval between general query messages sent by the querier response time is the host s ma...

Page 361: ...config startup config 3 2 9 Configuring Multicast Filtering Creating Profile Step 1 configure Enter global configuration mode Step 2 ipv6 mld profile id Create a new profile and enter profile configu...

Page 362: ...234 8 Switch config mld profile show ipv6 mld profile MLD Profile 1 deny range ff01 1234 5 ff01 1234 8 Switch config end Switch copy running config startup config Binding Profile to the Port Step 1 co...

Page 363: ...mld snooping Switch config ipv6 mld profile 1 Switch config mld profile deny Switch config mld profile range ff01 1234 5 ff01 1234 8 Switch config mld profile exit Switch config interface gigabitEthe...

Page 364: ...ticast Multicast Table IPv4 Multicast Table to view all valid Multicast IP VLAN Port entries Figure 4 1 IPv4 Multicast Table Search Option Search Option Search for specific multicast entries by using...

Page 365: ...tat Displays settings of IGMP Snooping on the port s port port list specifies the port s to display basic config max groups packet stat displays the related IGMP configuration information show ip igmp...

Page 366: ...tics of all IGMP packets 4 2 2 Viewing IPv6 Multicast Snooping Configurations show ipv6 mld snooping Displays global settings of MLD Snooping show ipv6 mld snooping interface fastEthernet port port li...

Page 367: ...dynamic displays information of all dynamic multicast groups dynamic count displays the number of dynamic multicast groups static displays information of all static multicast groups static count displ...

Page 368: ...n in the following topology Host B Host C and Host D are connected to port 1 0 1 port 1 0 2 and port 1 0 3 respectively Port 1 0 4 is the router port connected to the multicast querier Figure 5 1 Netw...

Page 369: ...he GUI and using the CLI 5 1 3 Using the GUI 1 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Enable IGMP Snooping globally and keep the default values in the Route...

Page 370: ...Configuration Guide 347 Figure 5 3 Enable IGMP Snooping on the Ports 3 Choose the menu VLAN 802 1Q VLAN VLAN Config to load the following page Create VLAN 10 and add Untagged port 1 0 1 3 and Tagged...

Page 371: ...to load the following page Configure the PVID of port 1 0 1 4 as 10 Figure 5 5 Create VLAN and Add Member Ports 5 Choose the menu Multicast IGMP Snooping VLAN Config to load the following page Enable...

Page 372: ...ping on port 1 0 1 4 Switch config interface range gigabitEthernet 1 0 1 4 Switch config if range ip igmp snooping Switch config if range exit 3 Create VLAN 10 Switch config vlan 10 Switch config vlan...

Page 373: ...in VLAN 10 Switch config ip igmp snooping vlan config 10 7 Save the settings Switch config end Switch copy running config startup config Verify the Configurations Show members in the VLAN Switch confi...

Page 374: ...roup 225 1 1 1 5 2 2 Configuration Scheme Create a multicast VLAN and add the router port and ports connected to multicast members to the multicast VLAN In this case all multicast data will only be pr...

Page 375: ...40 Querier Source Gi1 0 4 Gi1 0 2 Gi1 0 3 Gi1 0 1 Demonstrated with T1600G 52TS this section provides configuration procedures in two ways using the GUI and using the CLI 5 2 4 Using the GUI 1 Choose...

Page 376: ...Examples Configuration Guide 353 Figure 5 8 Configure IGMP Snooping Globally 2 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Enable IGMP Snooping on port 1 0 1 4...

Page 377: ...1Q VLAN VLAN Config to load the following page Create VLAN 40 and add Untagged port 1 0 1 4 to VLAN 40 Figure 5 10 Configure Link Type 4 Choose the menu VLAN 802 1Q VLAN Port Config to load the follo...

Page 378: ...ticast VLAN to load the following page Enable Multicast VLAN and configure VLAN 40 as the multicast VLAN Keep Router Port Time and Member Port Time as 0 Figure 5 12 Create Multicast VLAN 6 Click Save...

Page 379: ...al allowed vlan 10 untagged Switch config if range exit Switch config interface gigabitEthernet 1 0 4 Switch config if switchport general allowed vlan 10 tagged Switch config if exit 5 Set the PVID of...

Page 380: ...val 1 Global Member Age Time 260 Global Router Age Time 300 Global Report Suppression Disable Global Authentication Accounting Disable Enable Port Gi1 0 1 4 Enable VLAN Multicast VLAN 10 5 3 Example f...

Page 381: ...o avoid Host B from receiving irrelevant multicast data the user can enable Fast Leave on port 1 0 2 and enable Unknown Multicast globally To change channel Host B sends a leave message about leaving...

Page 382: ...ng and MLD Snooping share the setting of Unknown Multicast so you have to enable MLD Snooping globally on the Multicast MLD Snooping Snooping Config page at the same time 2 Choose the menu Multicast I...

Page 383: ...r 2 Multicast Configuration Examples Figure 5 15 Configure IGMP Snooping Globally 3 Choose the menu Multicast IGMP Snooping VLAN Config to load the following page Enable IGMP Snooping in VLAN 10 Figur...

Page 384: ...igabitEthernet 1 0 2 Switch config if ip igmp snooping Switch config if ip igmp snooping immediate leave Switch config if exit Switch config interface gigabitEthernet 1 0 4 Switch config if ip igmp sn...

Page 385: ...t D only receive multicast data sent to 225 0 0 1 while Host B receives all multicast data except the one sent from 225 0 0 2 5 4 2 Configuration Scheme With the functions for managing multicast group...

Page 386: ...AN 10 Querier Source Gi1 0 4 Gi1 0 2 Gi1 0 3 Gi1 0 1 Demonstrated with T1600G 52TS this section provides configuration procedures in two ways using the GUI and using the CLI 5 4 4 Using the GUI 1 Choo...

Page 387: ...nfiguring Layer 2 Multicast Configuration Examples Figure 5 18 Configure IGMP Snooping Globally 2 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Figure 5 19 Enable...

Page 388: ...e menu VLAN 802 1Q VLAN VLAN Config to load the following page Create VLAN 10 and add Untagged port 1 0 1 3 and Tagged port 1 0 4 to VLAN 10 Figure 5 20 Configure Link Type 4 Choose the menu VLAN 802...

Page 389: ...n Examples Figure 5 21 Create VLAN and Add Member Ports 5 Choose the menu Multicast IGMP Snooping VLAN Config to load the following page Enable IGMP Snooping in VLAN 10 Keep 0 as the Router Port Time...

Page 390: ...6 Specify the multicast data that Host C and Host D can receive a Choose the menu Multicast IGMP Snooping Profile Config to load the following page Create Profile 1 select Permit as the Mode and clic...

Page 391: ...the following page Select port 1 0 2 and port 1 0 3 enter 1 in the Profile ID field and click Apply to bind Profile 1 to these ports Figure 5 25 Bind Profile 1 to Port 1 0 2 and Port 1 0 3 7 Specify...

Page 392: ...ollowing page In the IGMP Profile Info table click Edit in the Profile 2 entry enter 225 0 0 2 in both Start IP and End IP fields and click Add Figure 5 27 Edit Add IP range in Profile 2 c Choose the...

Page 393: ...igmp snooping 2 Enable IGMP Snooping on port 1 0 1 4 Switch config interface range gigabitEthernet 1 0 1 4 Switch config if range ip igmp snooping Switch config if range exit 3 Create VLAN 10 Switch c...

Page 394: ...mode as permit and add an IP range with both start IP and end IP being 225 0 0 1 Switch config ip igmp profile 1 Switch config igmp profile permit Switch config igmp profile range 225 0 0 1 225 0 0 1...

Page 395: ...g IGMP Snooping Enable Unknown Multicast Pass Last Query Times 2 Last Query Interval 1 Global Member Age Time 260 Global Router Age Time 300 Global Report Suppression Disable Global Authentication Acc...

Page 396: ...0 seconds Last Listener Query Interval 1 second Last Listener Query Count 2 IGMP Snooping Settings on the Port IGMP Snooping Disabled Fast Leave Disabled IGMP Snooping Settings in the VLAN Enable or N...

Page 397: ...of IGMP Snooping MLD Snooping Disabled Unknown Multicast Forward Report Message Suppression Disabled Router Port Time 300 seconds Member Port Time 260 seconds Last Listener Query Interval 1 second Las...

Page 398: ...endix Default Parameters Configuration Guide 375 Function Parameter Default Setting IGMP Snooping Querier Enable or Not Disabled Query Interval 60 seconds Max Response Time 10 seconds General Query So...

Page 399: ...Part 12 Configuring Logical Interfaces CHAPTERS 1 Overview 2 Logical Interfaces Configurations 3 Appendix Default Parameters...

Page 400: ...o not physically exist such as loopback interfaces and routing interfaces This chapter introduces the configurations for logical interfaces The supported types of logical interfaces are shown as below...

Page 401: ...tion follow these steps 1 Create a Layer 3 interface 2 Configure IPv6 parameters of the created interface 3 View detailed information of the created interface 2 1 Using the GUI 2 1 1 Creating a Layer...

Page 402: ...face s Layer 3 capabilities Interface Name Optional Enter the name of the interface 2 In the Interface List section you can view the corresponding interface entry you create 2 1 2 Configuring IPv4 Par...

Page 403: ...Admin Status Enable or disable the interface s Layer 3 capabilities Interface Name Optional Enter the name of the interface 2 In the Secondary IP Create section configure the secondary IP for the spe...

Page 404: ...the interface ID IPv6 Enable or disable IPv6 function on the interface of switch 2 Configure the IPv6 link local address of the interface manually or automatically in the Link local Address Config sec...

Page 405: ...t message Via DHCPv6 Server Enable global address auto configuration via DHCPv6 Server With this option enabled the switch will try to obtain the global address from the DHCPv6 Server Manually Address...

Page 406: ...bal address 2 1 4 Viewing Detail Information of the Interface In Figure 2 1 you can view the corresponding interface entry you create in the Interface List section On the corresponding interface entry...

Page 407: ...rnet ports for example 1 0 1 3 1 0 5 no switchport Switch the Layer 2 port into the Layer 3 routed port Create a port channel interface interface range port channel port channel list port channel list...

Page 408: ...n an IP Address for the interface ip address ip addr mask secondary Configure the IP address and subnet mask for the specified interface manually ip addr Specify thse IP address of the Layer 3 interfa...

Page 409: ...uding fastEthernet gigabitEthernet ten gigabitEthernet loopback and VLAN interface number Number of the interface Step 3 ipv6 enable Enable the IPv6 function on the speicified Layer 3 interface By def...

Page 410: ...pv6 addr eui 64 Specify a global IPv6 address with an extended unique identifier EUI in the low order 64 bits of the IPv6 address Specify only the network prefix the last 64 bits are automatically com...

Page 411: ...s ICMP error messages limited to one every 1000 milliseconds ICMP redirects are enable MTU is 1500 bytes ND DAD is enable number of DAD attempts 1 ND retrans timer is 1000 milliseconds ND reachable ti...

Page 412: ...ters of the Interface Parameter Default Setting Interface ID VLAN IP Address Mode None Admin Status Enable Recovery mode Auto Table 3 2 Configuring the IPv6 Parameters of the Interface Parameter Defau...

Page 413: ...13 Configuring Static Routing CHAPTERS 1 Overview 2 IPv4 Static Routing Configuration 3 IPv6 Static Routing Configuration 4 Viewing Routing Table 5 Example for Static Routing 6 Appendix Default Param...

Page 414: ...ng data packets to the specific destination On a simple network with a small number of devices you only need to configure static routes to ensure that the devices from different subnets can communicat...

Page 415: ...address of the packets Subnet Mask Specify the subnet mask of the destination IPv4 address Next Hop Specify the IPv4 gateway address to which the packet should be sent next Distance Specify the admin...

Page 416: ...cols have routes to the same destination only the route that has the shortest distance will be recorded in the IP routing table The valid values are from 1 to 255 and the default value is 1 Step 3 sho...

Page 417: ...In the IPv6 Static Routing Config section configure corresponding parameters to add an IPv6 static route Then click Create IPv6 Address Specify the destination IPv6 address of the packets Prefix Lengt...

Page 418: ...strative distance which is a rating of the trustworthiness of the routing information A higher value means a lower trust rating When more than one routing protocols have routes to the same destination...

Page 419: ...Configuration Guide 396 Configuring Static Routing IPv6 Static Routing Configuration Switch config end Switch copy running config startup config...

Page 420: ...n Summary section Protocol Displays the type of the route entry Destination Network Displays the destination IP address and subnet mask Next Hop Displays the IPv4 gateway address to which the packet s...

Page 421: ...a rating of the trustworthiness of a routing information A higher value means a lower trust rating When more than one routing protocols have routes to the same destination only the route which has th...

Page 422: ...EC mode or any other configuration mode you can use the following command to view IPv6 routing table show ipv6 route static connected View the IPv6 route entries of the specified type If not specified...

Page 423: ...A as 10 1 1 1 24 the default gateway of host B as 10 1 2 1 24 and configure IPv4 static routes on Switch A and Switch B so that hosts on different network segments can communicate with each other Demo...

Page 424: ...the subnet mask as 255 255 255 0 and the next hop as 10 1 10 2 For switch B add a static route entry with the destination as 10 1 1 0 the subnet mask as 255 255 255 0 and the next hop as 10 1 10 1 Fig...

Page 425: ...he destination as 10 1 2 0 the subnet mask as 255 255 255 0 and the next hop as 10 1 10 2 For switch B add a static route entry with the destination as 10 1 1 0 the subnet mask as 255 255 255 0 and th...

Page 426: ...h B Run the ping command on switch A to verify the connectivity Switch_A ping 10 1 2 1 Pinging 10 1 2 1 with 64 bytes of data Reply from 10 1 2 1 bytes 64 time 16ms TTL 64 Reply from 10 1 2 1 bytes 64...

Page 427: ...guring Static Routing Appendix Default Parameter 6 Appendix Default Parameter Default setting of static routing is listed in the following table Table 6 1 Configuring Static Routing Parameter Default...

Page 428: ...Part 14 Configuring DHCP CHAPTERS 1 DHCP 2 DHCP Client Configuration 3 DHCP Relay Configuration 4 Configuration Examples 5 Appendix Default Parameters...

Page 429: ...ement As the following figure shows the switch acts as a DHCP client and dynamically obtain IP address from the DHCP server Figure 1 1 Application Scenario of DHCP Client Switch DHCP Client DHCP Serve...

Page 430: ...192 168 2 1 24 and for the routed port Gi1 0 1 is 192 168 3 1 24 With DHCP Interface VLAN configured the switch uses IP address of VLAN 20 192 168 2 1 24 when applying for IP addresses for clients in...

Page 431: ...dresses for clients in both VLAN 10 and VLAN 20 As a result the DHCP server will assign IP addresses on 192 168 2 0 24 the same subnet with the IP address of the default agent interface to clients in...

Page 432: ...Select DHCP or BOOTP as the IP Address Mode Set the Admin Status as Enable and enter the Interface Name optional Interface ID Select an interface type and enter the ID of the interface If you select...

Page 433: ...port channel pid Specify the ID of the port channel Step 3 ip address alloc dhcp bootp Enable DHCP or BOOTP IP address mode dhcp The specified Layer 3 interface can request the DHCP server to dynamic...

Page 434: ...e gigabitEthernet 1 0 5 Switch config if no switchport Switch config if ip address alloc dhcp Switch config if show ip interface brief Interface IP Address Method Status Protocol Shutdown Gi1 0 5 192...

Page 435: ...page Figure 3 1 Enable DHCP Relay and Configure Option 82 Follow these steps to enable DHCP Relay and configure Option 82 1 In the Global Config section enable DHCP Relay 2 Optional In the Option 82...

Page 436: ...4 characters The circuit ID configurations of the switch and the DHCP server should be compatible with each other Remote ID Enter the customized remote ID which contains up to 64 characters The remote...

Page 437: ...erface that needs to be configured as the default relay agent interface Then click Apply Interface ID Specify the type and ID of the interface that needs to be configured as the default relay agent in...

Page 438: ...to enable DHCP Relay Step 1 configure Enter global configuration mode Step 2 service dhcp relay Enable DHCP Relay Step 3 show ip dhcp relay Verify the configuration of DHCP Relay Step 4 end Return to...

Page 439: ...formation circuit id circuit id If the Customization feature is enabled specify the circuit ID circuit id Specify the circuit ID with 1 to 63 characters including digits English letters and underlines...

Page 440: ...lobal configuration mode Step 2 Enter Layer 3 interface configuration mode interface vlan vid Enter VLAN interface configuration mode vid Specify the ID of the VLAN that will be configured as a DHCP r...

Page 441: ...n VLAN interface 66 Switch configure Switch config interface vlan 66 Switch config if ip helper address 192 168 1 7 Switch config if show ip dhcp relay DHCP relay helper address is configured on the f...

Page 442: ...el lagid Enter Port channel configuration mode lagid Specify the ID of the LAG that will be configured as the default relay agent interface Step 3 ip dhcp relay default interface Set the interface as...

Page 443: ...1 8 on VLAN 10 Switch configure Switch config interface gigabitEthernet 1 0 2 Switch config if ip dhcp relay default interface Switch config if exit Switch config ip dhcp relay vlan 10 helper address...

Page 444: ...ool The network topology is as the following figure shows Computers in the marketing department belong to VLAN 10 which is connected to the switch via port 1 0 8 The interface address of VLAN 10 is 19...

Page 445: ...lay and add DHCP server address to each VLAN When these configurations are finished the DHCP server can assign IP addresses to computers in the two departments with each department on one subnet Demon...

Page 446: ...ce Relay 1 Enable DHCP Relay Switch configure Switch config service dhcp relay 2 Specify the DHCP server for the interface VLAN 10 Switch config interface vlan 10 Switch config if ip helper address 19...

Page 447: ...tion Guide 424 Configuring DHCP Configuration Examples DHCP relay is enabled DHCP relay helper address is configured on the following interfaces Interface Helper address VLAN10 192 168 0 59 VLAN20 192...

Page 448: ...Setting DHCP Relay DHCP Relay Disable Option 82 Support Disable Existed Option 82 field Keep Customization Disable Circuit ID None Remote ID None DHCP Interface Relay Interface ID None Server Address...

Page 449: ...Part 15 Configuring ARP CHAPTERS 1 Overview 2 ARP Configurations...

Page 450: ...ide 427 1 Overview ARP Address Resolution Protocol is used to map IP addresses to MAC addresses Taking an IP address as input ARP learns the associated MAC address and stores the IP MAC address associ...

Page 451: ...will be deleted after aging time Static Entry Added manually and will be remained unless modified or deleted manually Choose the menu Routing ARP ARP Table to load the following page Figure 2 1 Viewin...

Page 452: ...add static ARP Entries In the ARP Config section enter the IP address and MAC address and click Create IP address Specify the IP address MAC address Specify the MAC address 2 2 Using the CLI 2 2 1 Con...

Page 453: ...rp 192 168 0 1 00 11 22 33 44 55 arpa Switch config show arp 192 168 0 1 Interface Address Hardware Addr Type Vlan1 192 168 0 1 00 11 22 33 44 55 STATIC Switch config end Switch copy running config st...

Page 454: ...for VLAN interface 2 Switch configure Switch config interface vlan 2 Switch config if arp timeout 1000 Switch config if end Switch copy running config startup config Clearing dynamic entries Step 1 e...

Page 455: ...nfigurations show ip arp gigabitEthernet port port channel lagid vlan id Verify the active ARP entries associated with a Layer 3 interface port Specify the number of the routed port lagid Specify the...

Page 456: ...Part 16 Configuring QoS CHAPTERS 1 QoS 2 DiffServ Configuration 3 Bandwidth Control Configuration 4 Configuration Example 5 Appendix Default Parameters...

Page 457: ...k performance and bandwidth utilization DiffServ The switch classifies the ingress packets maps the packets to different priority queues and then forwards the packets according to specified scheduling...

Page 458: ...Priority DSCP priority determines the priority of packets based on the ToS Type of Service field in their IP header RFC2474 re defines the ToS field in the IP packet header as DS field The first six b...

Page 459: ...P Priority to load the following page Figure 2 1 802 1P CoS Mapping Follow these steps to configure the 802 1P Priority 1 Enable 802 1P Priority and click Apply 802 1P Priority Enable the 802 1P Prior...

Page 460: ...a TC queue that you want the Tag id or CoS id to be mapped to The switch supports 8 TC queues from TC0 for the lowest priority to TC 7 for the highest priority 3 Click Apply Configuring DSCP Priority...

Page 461: ...ge may indicate the DSCP value included in the packets or the redefined DSCP value by the ACL Remark feature Priority Select a CoS that the DSCP priority will be mapped to The packets are firstly mapp...

Page 462: ...the port will be mapped to The packets are firstly mapped to CoS then to TC queues according to the CoS id TC mapping relations LAG Displays the aggregation group which the port is in 2 Click Apply No...

Page 463: ...atio of TC0 to TC7 is 1 2 4 127 SP WRR Mode Strict Priority Weight Round Robin Mode In this mode the switch provides two scheduling groups SP group and WRR group When scheduling queues the switch allo...

Page 464: ...ect feature the switch maps all the packets that meet the configured ACL rules to the new TC queue regardless of the mapping relations configured in this section 2 2 Using CLI 2 2 1 Configuring Priori...

Page 465: ...e following example shows how to map CoS2 to TC0 and keep other CoS id TC as default Switch configure Switch config qos queue cos map 2 0 Switch config show qos status 802 1p priority is enabled DSCP...

Page 466: ...stly mapped to CoS then to TC queues according to the CoS id TC mapping relations dscp list Enter one or more DSCP values which range from 0 to 63 Enter the multiple values in the format of 1 3 5 7 co...

Page 467: ...1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list port channel lagid range port channel...

Page 468: ...the settings in the configuration file Note All the ports in the same LAG should be assigned with the same port priority The following example shows how to map port 1 3 to TC1 and keep other mapping r...

Page 469: ...ually The weight value ratio of all the queues is 1 1 1 1 It is the default schedule mode Step 3 qos queue weight tc id weight value Optional Configure the weight value of each queue after the Schedul...

Page 470: ...le mode as WRR with the weight values of TC0 to TC7 as 4 7 10 13 16 19 22 25 Switch configure Switch config qos queue mode wrr Switch config qos queue weight 0 4 Switch config qos queue weight 1 7 Swi...

Page 471: ...each port to avoid network broadcast storm by configuring the Storm Control function 3 1 Using the GUI 3 1 1 Configuring Rate Limit Choose the menu QoS Bandwidth Control Rate Limit to load the follow...

Page 472: ...ntrol to load the following page Figure 3 2 Storm Control Follow these steps to configure the Storm Control function 1 Select the port s and configure the upper rate limit for forwarding broadcast pac...

Page 473: ...Specify the upper rate limit in kilo bits per second which ranges from 1 to 1000000 kbps This mode is invalid if PPS is enabled ratio Specify the upper rate limit as a percentage of the bandwidth whic...

Page 474: ...ant to configure Step 3 bandwidth ingress ingress rate egress egress rate Configure the upper rate limit for the port to receive and send packets ingress rate Configure the upper rate limit for receiv...

Page 475: ...Control Configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames Step 1 configure Enter global configuration mode Step 2 interface fast...

Page 476: ...pps mode is disabled on the port storm control broadcast multicast unicast kbps ratio rate broadcast multicast unicast Enable broadcast packets rate limit multicast packets rate limit or unknown unica...

Page 477: ...rol interface gigabitEthernet 1 0 5 Port BcRate Mcate UlRate LAG Gi1 0 5 pps 148800 pps 0 pps 0 N A Switch config if end Switch copy running config startup config The following example shows how to co...

Page 478: ...ffic from the Admin is completely forwarded will the traffic from Host A be forwarded The figure below shows the network topology Figure 4 1 QoS Application Topology Server Gi1 0 3 Gi1 0 1 Gi1 0 2 Swi...

Page 479: ...load the following page and check the corresponding CoS id of TC0 and TC1 Figure 4 2 CoS TC Mapping relations 2 Choose QoS DiffServ Port Priority to load the following page and set the priority for p...

Page 480: ...e settings 4 4 Using the CLI 1 Check the corresponding CoS id of TC0 and TC1 Switch show qos cos map Tag 0 1 2 3 4 5 6 7 TC TC1 TC0 TC2 TC3 TC4 TC5 TC6 TC7 2 Set the priority for port 1 0 1 to CoS 0 m...

Page 481: ...ttings Switch config qos queue mode sp Switch config exit Switch copy running config startup config Verify the configuration Verify the port CoS mapping Switch config show qos interface Port CoS Value...

Page 482: ...Tag id CoS id TC mapping relations For other switches it is enabled See Table 5 2 for Tag id CoS id TC mapping relations DSCP Priority Disabled For T1600G 18TS see Table 5 4 for DSCP TC mapping relat...

Page 483: ...ters DSCP CoS id 56 63 CoS 7 Table 5 4 DSCP TC Mapping DSCP TC Queues 8 0 7 TC0 8 15 TC1 16 23 TC2 24 31 TC3 32 39 TC4 40 47 TC5 48 55 TC6 56 63 TC7 Bandwidth Control Table 5 5 Bandwidth Control Param...

Page 484: ...Part 17 Configuring Voice VLAN CHAPTERS 1 Overview 2 Voice VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Page 485: ...mode is applicable when the switch port forwards voice traffic only You manually add ports connecting IP phones to the voice VLAN then the switch will apply priority rules to ensure the high priority...

Page 486: ...r a packet is a voice packet An OUI address is the first 24 bits of a MAC address and is assigned as a unique identifier by IEEE Institute of Electrical and Electronics Engineers to a device vendor If...

Page 487: ...hoose the mode according to your needs and configure the port as the following table shows Table 2 1 Voice VLAN mode and Link Type of the Port Traffic on One Port Voice Traffic Type Suggested Mode Sug...

Page 488: ...page Figure 2 1 Configuring OUI Addresses Follow these steps to add OUI addresses 1 Enter an OUI address and the corresponding mask and give a description about the OUI address OUI Enter the OUI addr...

Page 489: ...or the voice VLAN Aging Time Specify the length of time that a port remains in the voice VLAN after the port receives a voice packet Aging time works only for ports in automatic voice VLAN mode The ra...

Page 490: ...ports to the voice VLAN Auto When a port receives a voice packet whose resource MAC address matches an OUI address the switch automatically adds the port to the voice VLAN If you choose the Auto mode...

Page 491: ...ce VLAN If necessary make sure the security mode is disabled 3 Click Apply 2 2 Using the CLI Follow these steps to configure the voice VLAN Step 1 configure Enter global configuration mode Step 2 show...

Page 492: ...specified ports to the voice VLAN when the ports receive voice packets If you choose the auto mode for the specified ports make sure traffic from your voice device is tagged manual You need to manuall...

Page 493: ...fig vlan 10 Switch config vlan name VoiceVLAN Switch config vlan exit Switch config voice vlan priority 5 Switch config voice vlan 10 Switch config interface gigabitEthernet 1 0 1 Switch config if swi...

Page 494: ...nd traffic with the voice VLAN tag Voice traffic is transmitted in the voice VLAN and data traffic is transmitted in the default VLAN Set ports that are connected to IP phones in automatic voice VLAN...

Page 495: ...0 Switch B Gi1 0 2 Gi1 0 1 Gi1 0 1 Switch C Switch A Gi1 0 2 Gi1 0 3 Gi1 0 4 PC 20 Meeting Room Gi1 0 1 Gi1 0 2 Gi1 0 3 IP Phone 10 PC 10 Office Area Demonstrated with T1600G 28TS this chapter provide...

Page 496: ...3 3 Configuring Voice VLAN Globally 3 Choose the menu QoS Voice VLAN Port Config to load the following page Select port 1 0 1 choose auto mode and enable security mode Select port 1 0 2 and choose ma...

Page 497: ...Configuring Voice VLAN Configuration Example Figure 3 5 Configuring Voice VLAN Mode on Port 1 0 2 4 Choose the menu VLAN 802 1Q VLAN VLAN Config and edit VLAN 10 to load the following page Add port 1...

Page 498: ...0 2 to the Voice VLAN 5 Choose the menu LLDP Basic Config Global Config to load the following page Enable LLDP globally Figure 3 7 Enabling LLDP Globally 6 Choose the menu LLDP LLDP MED Global Config...

Page 499: ...to load the following page Enable LLDP MED on port 1 0 1 Figure 3 9 Configuring LLDP MED on Ports Click Detail of port1 0 1 to load the following page Configure the TLV information which will be carri...

Page 500: ...LLDP 8 Click Save Config to save the settings Configurations for Switch B 1 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 Figure 3 11 Creatin...

Page 501: ...menu QoS Voice VLAN Port Config to load the following page Select ports 1 0 1 3 choose manual mode and enable security mode Click Apply Figure 3 13 Configuring Voice VLAN Mode on Ports 4 Choose the m...

Page 502: ...e 3 14 Adding Ports to the Voice VLAN 5 Click Save Config to save the settings Configurations for Switch C 1 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Cr...

Page 503: ...g vlan 10 Switch_A config vlan name VoiceVLAN Switch_A config vlan exit 2 Configure the aging time as 1440 minutes for port in automatic voice VLAN mode and set the 802 1p priority of voice packets as...

Page 504: ...0 1 Switch_A config interface gigabitEthernet 1 0 1 Switch_A config if lldp med status 7 Select all MED TLVs to be carried in LLDP frames and sent out by port 1 0 1 Switch_A config if lldp med tlv se...

Page 505: ...nge exit Switch_B config interface gigabitEthernet 1 0 3 Switch_B config if switchport general allowed vlan 10 tagged Switch_B config if end Switch_B copy running config startup config Configurations...

Page 506: ...Auto Disabled Inactive N A Switch B Verify the global configuration of voice VLAN Switch_B show voice vlan Voice VLAN status Enabled VLAN ID 10 Aging Time 1440 Voice Priority 6 Verify the voice VLAN...

Page 507: ...Configuration Guide 484 Configuring Voice VLAN Configuration Example VLAN Name Status Ports 10 VoiceVlan active Gi1 0 1 Gi1 0 2 Gi1 0...

Page 508: ...Configuring Voice VLAN Configuration Guide 485...

Page 509: ...Default Settings of Port Configuration Parameter Default Setting Port Mode Auto Security Mode Disable Member State Inactive Table 4 3 Entries in the OUI Table OUI MASK Description 00 01 e3 00 00 00 f...

Page 510: ...Part 18 Configuring PoE CHAPTERS 1 PoE 2 PoE Power Management Configurations 3 Time Range Function Configurations 4 Example for PoE Configurations 5 Appendix Default Parameters...

Page 511: ...power administration disconnect detection and optional power device power classification PSE Power sourcing equipment PSE is a device that provides power for PDs on the Ethernet for example the PoE s...

Page 512: ...u can also set a profile with the desired parameters and bind the profile to the corresponding ports to quickly configure the PoE parameters 2 1 Using the GUI 2 1 1 Configuring the PoE Parameters Manu...

Page 513: ...witch will allocate a value as the maximum power that the port can supply automatically Class1 The maximum power that the port can supply is 4W Class2 The maximum power that the port can supply is 7W...

Page 514: ...iority level for the PoE profile The following options are provided High Middle and Low When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensu...

Page 515: ...ystem remaining power of the PoE switch 2 In the Port Config section select a profile and bind it to the corresponding ports Click Apply Port Select Specify the port number and click Select to quick s...

Page 516: ...disable Specify the PoE status for the corresponding port enable disable Enable or disable the PoE function By default it is enable Step 5 power inline priority low middle high Specify the PoE priori...

Page 517: ...list of Ethernet ports in the format of 1 0 1 3 1 0 5 Step 10 end Return to privileged EXEC mode Step 11 copy running config startup config Save the settings in the configuration file The following ex...

Page 518: ...rity level for the profile When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensure stable running of other PDs power limit auto class1 class2...

Page 519: ...6 Switch configure Switch config power profile profile1 supply enable priority middle consumption class2 Switch config show power profile Index Name Status Priority Power Limit w 1 profile1 Enable Mi...

Page 520: ...urce We recommend that you use Network Time Protocol NTP to synchronize the switch clock For details refer to System Info Configurations in Managing System 3 1 Using the GUI 3 1 1 Creating a Time Rang...

Page 521: ...ick Add When the Absolute mode is selected the following section will be shown Figure 3 2 Absolute Mode Type Select Absolute time to configure From Time Specify the starting time of the absolute mode...

Page 522: ...ify the time Holiday Name Specify a name for the holiday time Start Date Specify the starting time of the holiday End Date Specify the ending time of the holiday 2 Click Apply 3 1 3 Viewing the Time R...

Page 523: ...include Step 4 Use the following command to create a absolute time range absolute from start date to end date Specify the time range in absolute mode start date Specify the starting time of the time...

Page 524: ...ed if the name is not specified Step 9 end Return to privileged EXEC mode Step 10 copy running config startup config Save the settings in the configuration file The following example shows how to crea...

Page 525: ...s If the name contains spaces enclose the name in double quotes start date Specify the starting time of the holiday in the format of MM DD end date Specify the ending time of the holiday in the format...

Page 526: ...ime range desired It ranges from 1 to 16 characters If the name contains spaces enclose the name in double quotes All PoE time range configurations will be displayed if the name is not specified The f...

Page 527: ...ce time for example from 08 30 to 18 00 You can also set a holiday and make the time range settings not be affected on holiday Then apply the settings to port 1 0 3 and 1 0 4 Port 1 0 1 and 1 0 2 need...

Page 528: ...Time Range Holiday Config to load the following page Specify a name for the holiday and set the starting date and ending date Figure 4 3 Configure the Holiday 3 Choose the menu PoE PoE Config PoE Con...

Page 529: ...day exclude Switch_A config time range periodic start 08 30 end 23 00 day of the week 1 5 Switch_A config time range exit 2 Create a holiday Switch_A config power holiday Christmas start date 12 22 en...

Page 530: ...ation of the time range Switch_A config show power time range Time range entry office time Active holiday exclude number of absolute time 0 01 01 2000 00 00 to 12 31 2099 24 00 by default number of pe...

Page 531: ...Time Range No Limit PoE Profile None Table 5 2 Default Settings of PoE Profile Parameter Default Setting Profile Name None PoE Status Enable PoE Priority High Power Limit Auto Table 5 3 Default Setti...

Page 532: ...Part 19 Configuring ACL CHAPTERS 1 ACL 2 ACL Configurations 3 Configuration Example for ACL 4 Appendix Default Parameters...

Page 533: ...nsures security and high service quality of networks ACL helps to Prevent various network attacks such as attacks caused by IP Internet Protocol and TCP Transmission Control Protocol Manage network ac...

Page 534: ...s permit or deny If no ACL rule is configured or no matching rule is found the packets will be forwarded without being processed by the ACL 2 1 Using the GUI 2 1 1 Creating an ACL You can create diffe...

Page 535: ...2 Configuring ACL Rules Add rules to the ACL For details refer to Configuring the MAC ACL Rule Configuring the Standard IP ACL Rule Configuring the Extend IP ACL Rule and Configuring the IPv6 ACL Rule...

Page 536: ...corresponding bit in the address will be matched D MAC Mask Enter the destination IP address with a mask A value of 1 in the mask indicates that the corresponding bit in the address will be matched 3...

Page 537: ...sponding bit in the address will be matched 3 Click Apply Configuring the Extend IP ACL Rule Choose the menu ACL ACL Config Extend IP ACL to load the following page Figure 2 4 Creating the Extend IP A...

Page 538: ...fault is All which indicates that packets of all protocols will be matched S Port D Port Enter the TCP UDP source and destination port if TCP UDP protocol is selected The port number ranges from 0 to...

Page 539: ...ion IPv6 address with a mask D IP Enter the destination IPv6 address to be matched All types of IPv6 address will be checked You may enter a complete 128 bit IPv6 address but only the first 64 bits wi...

Page 540: ...cy Creating a Policy Choose th menu ACL Policy Config Policy Create to load the following page Figure 2 7 Creating a Policy Follow these steps to create a policy Enter a Policy Name and click Apply Po...

Page 541: ...according to your needs An ACL or Policy takes effect only after it is bound to a port or VLAN Configuring the ACL Binding You can bind the ACL to a port or a VLAN The received packets will then be m...

Page 542: ...a VLAN Select the ACL and enter the VLAN ID and click Apply ACL ID Select an ACL from the drop down list VLAN ID Enter the VLAN ID Configuring the Policy Binding You can bind the Policy to a port or...

Page 543: ...e menu ACL Policy Binding VLAN Binding to load the following page Figure 2 12 Binding the Policy to a VLAN Follow these steps to bind the Policy to a VLAN Select the ACL and enter the VLAN ID and clic...

Page 544: ...following page Figure 2 13 Verifying the ACL Binding Verifying the Policy Binding You can view both port binding and VLAN binding entries in the table You can also delete existing entries if needed C...

Page 545: ...es from 0 to 999 It should not be the same as any existing MAC ACL rule IDs deny permit Specify the operation to be performed with the packets that match the rule By default it is set to permit The pa...

Page 546: ...ep 3 access list standard acl id rule rule id deny permit sip source ip smask source ip mask dip destination ip dmask destination ip mask Add a rule to the ACL acl id The ID number of the ACL you have...

Page 547: ...68 1 100 Switch configure Switch config access list create 600 Switch config rule 1 permit sip 192 168 1 100 smask 255 255 255 255 Switch config show access list 600 Standard IP access list 600 rule 1...

Page 548: ...k of the destination IP address This is required if a destination IP address is entered s port Enter the TCP UDP source port if TCP UDP protocol is selected d port Enter the TCP UDP destination port i...

Page 549: ...he destination IPv6 address to be matched All types of IPv6 address will be checked You may enter a complete 128 bit IPv6 address but only the first 64 bits will be valid source ip mask Enter the sour...

Page 550: ...75 1111 3900 2020 sip mask ffff ff ff ffff ffff Switch config end Switch copy running config startup config 2 2 2 Configuring Policy Follow the steps below to create a policy and configure the policy...

Page 551: ...AN ACL Binding You can bind the ACL to a port or a VLAN The received packets will then be matched and processed according to the ACL rules Step 1 configure Enter global configuration mode Step 2 inter...

Page 552: ...g if access list bind acl 1 Switch config if exit Switch config interface vlan 4 Switch config if access list bind acl 2 Switch config if show access list bind Index Policy Name Interface VID Directio...

Page 553: ...bind policy name The name of the policy Step 3 show access list bind Optional View the configuration of binding Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save...

Page 554: ...he Marketing department are connected to the switch via port 1 0 1 and the server group is connected to the switch via port 1 0 2 Figure 3 1 Network Topology Internet Port1 0 1 Marketing IP 10 10 70 0...

Page 555: ...packet matches a rule the switch stops the matching process Binding Configuration Apply the Extend IP ACL to a Policy and bind the Policy to port 1 0 1 so that the ACL rules will apply to the Marketin...

Page 556: ...Rule 1 3 Choose the menu ACL ACL Config Extend ACL to load the the following page Configure rule 2 and rule 3 to permit packets with source IP 10 10 70 0 and destination port TCP 80 http service port...

Page 557: ...wing page Configure Rule 4 and Rule 5 to permit packets with source IP 10 10 70 0 and with destination port TCP 53 or UDP 53 DNS service port Figure 3 6 Configuring Rule 4 Figure 3 7 Configuring Rule...

Page 558: ...ollowing page Then create Policy Market Figure 3 9 Creating the Policy 7 Choose the menu ACL Policy Config Action Create to load the the following page Then apply ACL 1600 to Policy Market Figure 3 10...

Page 559: ...ets with source IP 10 10 70 0 and destination port TCP 80 http service port or TCP 443 HTTPS service port Switch config access list extended 1600 rule 2 permit sip 10 10 70 0 smask 255 255 255 0 proto...

Page 560: ...g startup config Verify the Configurations Verify the configurations Switch config show access list 1600 Extended IP access list 1600 rule 1 permit sip 10 10 70 0 smask 255 255 255 0 dip 10 10 80 0 dm...

Page 561: ...ndix Default Parameters For MAC ACL Parameter Default Setting Operation Permit For Standard IP ACL Parameter Default Setting Operation Permit For Extend IP ACL Parameter Default Setting Operation Perm...

Page 562: ...ERS 1 Network Security 6 802 1X Configuration 2 IP MAC Binding Configurations 7 AAA Configuration 3 DHCP Snooping Configuration 8 Configuration Examples 4 ARP Inspection Configurations 9 Appendix Defa...

Page 563: ...ng DHCP Snooping DHCP Snooping supports the basic DHCP security feature and the Option 82 feature Basic DHCP Security During the working process of DHCP generally there is no authentication mechanism...

Page 564: ...erver Administrators can check the location of the DHCP client via option 82 The DHCP server supporting option 82 can also set the distribution policy of IP addresses and the other parameters providin...

Page 565: ...alicious DoS attack packets and discard them directly Also DoS Defend feature can limit the transmission rate of legal packets When the number of legal packets exceeds the threshold value and may incu...

Page 566: ...orts but denies the unauthenticated clients Authentication Server The authentication server is usually the host running the RADIUS server program It stores information of clients confirms whether a cl...

Page 567: ...Configuration Guide 544 Configuring Network Security Network Security Figure 1 3 Network Topology of AAA RADIUS Server Users Switches...

Page 568: ...Binding Table 2 1 Using the GUI 2 1 1 Binding Entries Manually You can manually bind the IP address MAC address VLAN ID and the Port number together on the condition that you have got the related inf...

Page 569: ...to any feature ARP Detection This entry will be applied to the ARP Detection feature 3 Select the port that is connected to this host 4 Click Bind 2 1 2 Binding Entries Dynamically The binding entries...

Page 570: ...t IP Address End IP Address Specify an IP range by entering a start and end IP address VLAN ID Specify a VLAN ID 2 In the Scanning Result section select one or more entries and configure the relevant...

Page 571: ...nd DHCP Snooping DHCP Snooping With DHCP Snooping enabled the switch can monitor the IP address obtaining process of the host and record the IP address MAC address VLAN ID and the connected port numbe...

Page 572: ...dress and all the collision entries are valid This kind of collision may be caused by the MSTP function Critical The collision entries have the same IP address but different MAC addresses For the coll...

Page 573: ...rotect type for the entry None indicates this entry will not be applied to ARP Detection arp detection indicates this entry will be applied to ARP Detection arp scanning dhcp snooping Change the sourc...

Page 574: ...o types of collision status Warning and Critical Warning The collision entries have the same IP address and MAC address and all the collision entries are valid This kind of collision may be caused by...

Page 575: ...oping after step 1 and step 2 are completed By default the binding entries are applied to ARP Detection Configuration Guidelines DHCP Snooping and DHCP Relay cannot be used at the same time on the swi...

Page 576: ...Apply 3 1 2 Configuring DHCP Snooping on Ports Choose the menu Network Security DHCP Snooping Port Config to load the following page Figure 3 2 Port Config Follow these steps to configure DHCP Snoopi...

Page 577: ...pecify the maximum number of DHCP Decline packets that can be forwarded on the port per second The excessive DHCP Decline packets will be discarded LAG Displays the LAG that the port is in 2 Click App...

Page 578: ...circuit ID configurations of the switch and the DHCP server should be compatible with each other Circuit ID Enter the customized circuit ID which contains up to 64 characters Remote ID Customization...

Page 579: ...Ethernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list interface port channel port channel id interface range port channel port channel id list Enter interface...

Page 580: ...0 packets second The default value is 0 which indicates disabling this feature Step 7 show ip dhcp snooping interface gigabitEthernet port port channel port channel id Verify the DHCP Snooping configu...

Page 581: ...on for the Option 82 field of the DHCP request packets from the Host The following options are provided keep Indicates keeping the Option 82 field of the packets replace Indicates replacing the Option...

Page 582: ...1 Switch configure Switch config interface gigabitEthernet 1 0 7 Switch config if ip dhcp snooping information option Switch config if ip dhcp snooping information strategy replace Switch config if ip...

Page 583: ...the illegal ARP packets Before configuring ARP Detection complete IP MAC Binding configuration For details refer to IP MAC Binding Configurations Choose the menu Network Security ARP Inspection ARP De...

Page 584: ...o configure ARP Defend 1 Select one or more ports and configure the parameters Defend Enable the ARP Defend feature Speed 10 100 pps Specify the maximum number of the ARP packets that can be received...

Page 585: ...3 Viewing ARP Statistics You can view the number of the illegal ARP packets received on each port which facilitates you to locate the network malfunction and take the related protection measures Choos...

Page 586: ...low these steps to configure ARP Detection Step 1 configure Enter global configuration mode Step 2 ip arp inspection Globally enable the ARP Detection feature Step 3 interface fastEthernet port range...

Page 587: ...l ARP packet on the port exceeds the defined value so as to avoid ARP Attack flood Follow these steps to configure ARP Defend Step 1 configure Enter global configuration mode Step 2 interface fastEthe...

Page 588: ...interface gigabitEthernet 1 0 2 Switch config if ip arp inspection Switch config if ip arp inspection limit rate 20 Switch config if show ip arp inspection interface gigabitEthernet 1 0 2 Port OverSp...

Page 589: ...config if end Switch copy running config startup config 4 2 3 Viewing ARP Statistics On privileged EXEC mode or any other configuration mode you can use the following command to view ARP statistics s...

Page 590: ...se both of the source IP address and the destination IP address of the SYN packet are set to be the IP address of the host the host will be trapped in an endless circle of building the initial connect...

Page 591: ...se the Operation System with bugs cannot correctly process the URG Urgent Pointer of TCP packets the attacker sends this type of packets to the TCP port139 NetBIOS of the host with the Operation Syste...

Page 592: ...d host is reduced because the Host circularly attempts to build a connection with the attacker ping flood The attacker floods the destination system with Ping packets creating a broadcast storm that m...

Page 593: ...ve the settings in the configuration file The following example shows how to enable the DoS Defend type named land Switch configure Switch config ip dos prevent Switch config ip dos prevent type land...

Page 594: ...curity cannot be enabled at the same time Before enabling 802 1X authentication make sure that Port Security is disabled 6 1 Using the GUI 6 1 1 Configuring the RADIUS Server Enable AAA function on th...

Page 595: ...exchange responses Auth Port Specify the UDP destination port on the RADIUS server for authentication requests The default setting is 1812 Acct Port Specify the UDP destination port on the RADIUS ser...

Page 596: ...Add New Server Group section specify the name and server type for the new server group and click Add Server Group Specify the name of the new server group Server Type Select the type of the server gro...

Page 597: ...Configuring the Dot1x List Follow these steps to configure RADIUS server groups for 802 1X authentication and accounting 1 In the Authentication Dot1x Method List section select an existing RADIUS ser...

Page 598: ...EAP Extensible Authentication Protocol packets is terminated at the switch and the EAP packets are converted to other protocol such as RADIUS packets and transmitted to the authentication server EAP T...

Page 599: ...ion enable Quiet configure the Quiet timer and click Apply Quiet Enable or disable the Quiet timer Quiet Period Specify the Quiet Period It ranges from 1 to 999 seconds and the default time is 10 seco...

Page 600: ...t is Auto Auto If this option is selected the port can access the network only when it is authenticated Force Authorized If this option is selected the port can access the network without authenticati...

Page 601: ...is 1813 Generally the accounting feature is not used in the authentication account management timeout time Specify the time interval that the switch waits for the server to reply before resending The...

Page 602: ...ctively for authentication and accounting Step 8 show aaa global Optional Verify the global configuration of AAA Step 9 show radius server Optional Verify the configuration of RADIUS server Step 10 sh...

Page 603: ...Switch config show radius server Server Ip Auth Port Acct Port Timeout Retransmit Shared key 192 168 0 100 1812 1813 5 2 123456 Switch config show aaa group radius1 192 168 0 100 Switch config show aa...

Page 604: ...cify the ID of the VLAN to be configured as the guest VLAN It must be an existing VLAN with the ID ranging from 2 to 4094 Clients in the guest VLAN can only access resources from specific VLANs Step 5...

Page 605: ...igure Switch config dot1x system auth control Switch config dot1x auth method pap Switch config show dot1x global 802 1X State Enabled Authentication Method PAP Handshake State Enabled Guest VLAN Stat...

Page 606: ...6 dot1x port control auto authorized force unauthorized force Configure the control mode for the port By default it is auto auto If this option is selected the port can access the network only when it...

Page 607: ...f dot1x Switch config if dot1x port method port based Switch config if dot1x port control auto Switch config if show dot1x interface gigabitEthernet 1 0 2 Port State GuestVLAN PortControl PortMethod A...

Page 608: ...the users in the order they are added The server that is first added to the group has the highest priority and is responsible for authentication under normal circumstances If the first one breaks dow...

Page 609: ...Global Configuration Follow these steps to globally enable AAA 1 In the Global Config section enable AAA 2 Click Apply 7 1 2 Adding Servers You can add one or more RADIUS TACACS servers on the switch...

Page 610: ...The default setting is 1813 Usually it is used in the 802 1X feature Retransmit Specify the number of times a request is resent to the server if the server does not respond The default setting is 2 T...

Page 611: ...The servers running the same protocol are automatically added to the default server group You can add new server groups as needed Choose the menu Network Security AAA Server Group to load the followin...

Page 612: ...t Then click Add to add this server to the server group Figure 7 6 Add Server to Group 7 1 4 Configuring the Method List A method list describes the authentication methods and their sequence to authen...

Page 613: ...method List Type Select the authentication type The following options are provided Authentication Login and Authentication Enable Pri1 Pri4 Specify the authentication methods in order The method with...

Page 614: ...users trying to log in to the switch Enable List Select a previously configured Enable method list This method list will authenticate the users trying to get administrative privileges 2 Click Apply 7...

Page 615: ...US server the user name should be set as enable and the Enable password is customizable All the users trying to get administrative privileges share this Enable password On TACACS server configure the...

Page 616: ...nation port on the RADIUS server for authentication requests The default setting is 1812 acct port port id Specify the UDP destination port on the RADIUS server for accounting requests The default set...

Page 617: ...e server as 192 168 0 10 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 Switch configure Switch config radius server host 192 168 0 10...

Page 618: ...length will follow By default the encryption type is 0 string is the shared key for the switch and the server which contains 31 characters at most encrypted string is a symmetric encrypted key with a...

Page 619: ...pe group name Specify a name for the group Step 3 server ip address Add the existing servers to the server group ip address Specify IP address of the server to be added to the group Step 4 show aaa gr...

Page 620: ...if the previous method does not respond and so on The default methods include radius tacacs local and none None means no authentication is used for login Step 3 aaa authentication enable method list m...

Page 621: ...fig show aaa authentication enable Methodlist pri1 pri2 pri3 pri4 default local Enable1 radius local Switch config end Switch copy running config startup config 7 2 5 Configuring the AAA Application L...

Page 622: ...hows how to apply the existing Login method list named Login1 and Enable method list named Enable1 for the application Telnet Switch configure Switch config line telnet Switch config line login authen...

Page 623: ...d EXEC mode Step 7 copy running config startup config Save the settings in the configuration file The following example shows how to apply the existing Login method list named Login1 and Enable method...

Page 624: ...vileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to apply the existing Login method list named Login1 and Enable...

Page 625: ...cret 0 password 5 encrypted password Set the Enable password This command uses MD5 encryption 0 and 5 are the encryption type 0 indicates that an unencrypted key will follow 5 indicates that an MD5 en...

Page 626: ...onfigure the value of enable 15 as the Enable password in the configuration file All the users trying to get administrative privileges share this Enable password Tips The logged in guests can get admi...

Page 627: ...Figure 8 1 Network Topology Gi1 0 4 Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 5 User 3 88 A9 D4 54 FD C3 192 168 0 33 24 User 1 74 D3 45 32 B6 8D Attacker Illegal DHCP Server User 2 76 D9 33 56 78 A3 Switch A Le...

Page 628: ...l ARP packets on each port thus to prevent ARP flooding attacks Demonstrated with T1600G 52TS the following sections provide configuration procedure in two ways using the GUI and using the CLI 8 1 3 U...

Page 629: ...e following page Enter the host name IP address MAC address and VLAN ID of User 3 select ARP Detection as the protect type and select port 1 0 3 on the panel Click Bind Figure 8 4 Manual Binding 4 Cho...

Page 630: ...the menu Network Security ARP Inspection ARP Detect to load the following page Enable ARP Detection and set ports 1 0 4 as trusted port Click Apply Figure 8 6 ARP Detect 6 Choose the menu Network Secu...

Page 631: ...igure port 1 0 4 as a trusted port Switch_A config interface gigabitEthernet 1 0 4 Switch_A config if ip dhcp snooping trust Switch_A config if exit 3 Manually bind the entry for User 3 Switch_A confi...

Page 632: ...fy the configuration of DHCP Snooping Switch_A show ip dhcp snooping Global Status Enable VLAN ID 1 Switch_A show ip dhcp snooping interface Interface Trusted MAC Verify Limit Rate Dec rate LAG Gi1 0...

Page 633: ...i1 0 2 Enabled 15 N A Normal N A Gi1 0 3 Enabled 15 N A Normal N A Gi1 0 4 Disabled 15 N A N A N A 8 2 Example for 802 1X 8 2 1 Network Requirements The network administrator wants to control access f...

Page 634: ...r and port 1 0 3 is connected to the Internet Figure 8 8 Network Topology Internet Switch A Authenticator Client Client Gi1 0 1 Gi1 0 2 Gi1 0 3 Client RADIUS Server 192 168 0 10 24 Auth Port 1812 Demo...

Page 635: ...up Figure 8 11 Create Server Group 4 On the same page select the newly created server group and click edit to load the following page Select 192 168 0 10 from the drop down list and click Add to add t...

Page 636: ...nfigure the Authentication Method as EAP Enable the Quiet feature and then keep the default authentication settings Figure 8 14 Global Config 7 Choose the menu Network Security 802 1X Authentication P...

Page 637: ...rt 1812 key 123456 Switch_A config aaa group radius radius1 Switch_A aaa group server 192 168 0 10 Switch_A aaa group exit Switch_A config aaa authentication dot1x default radius1 Switch_A config end...

Page 638: ...config if no dot1x Switch_A config if exit Switch_A config interface gigabitEthernet 1 0 1 Switch_A config if dot1x Switch_A config if dot1x port method mac based Switch_A config if dot1x port contro...

Page 639: ...ist Telnet default default Ssh default default Http default default Switch_A show aaa authentication dot1x Methodlist pri1 pri2 pri3 pri4 default radius1 Switch_A show aaa group radius1 192 168 0 10 8...

Page 640: ...h The IP addresses of the two RADIUS servers are 192 168 0 10 24 and 192 168 0 20 24 the authentication port number is 1812 the shared key is 123456 The overview of configuration on the switch is as f...

Page 641: ...ADIUS Server 1 on the switch Figure 8 18 Add RADIUS Server 1 3 On the same page configure the Server IP as 192 168 0 20 the Shared Key as 123456 the Auth Port as 1812 and keep the other parameters as...

Page 642: ...d RADIUS Server 1 to the group Then select 192 168 0 20 from the drop down list and click Add to add RADIUS Server 2 to the group Figure 8 21 Add Servers to Server Group 6 Choose the menu Network Secu...

Page 643: ...select telnet and configure the Login List as Method Login and Enable List as Method Enable Then click Apply Figure 8 24 Configure AAA Application List 9 Click Save Config to save the settings 8 3 4...

Page 644: ...authentication method for the Telnet application Switch config line telnet Switch config line login authentication Method Login Switch config line enable authentication Method Enable Switch config li...

Page 645: ...hod Login RADIUS1 Authentication Enable Methodlist Methodlist pri1 pri2 pri3 pri4 default none Method Enable RADIUS1 Verify the status of the AAA feature and the configuration of the AAA application l...

Page 646: ...tect Type For Manual Binding None For ARP Scanning None For DHCP Snooping All Table 9 2 DHCP Snooping Parameter Default Setting Global Config DHCP Snooping Disable VLAN ID Disable Port Config Trusted...

Page 647: ...Defend Disable Speed 15 pps ARP Statistics Auto Refresh Disable Refresh Interval 5 seconds Table 9 4 DoS Defend Parameter Default Setting DoS Defend Disable Table 9 5 802 1X Parameter Default Setting...

Page 648: ...de Auto Control Type MAC Based Dot1X List Authentication Dot1x Method List List Name default Pri1 radius Accounting Dot1x Method List List Name default Pri1 radius Table 9 6 AAA Parameter Defualt Sett...

Page 649: ...e two default server groups radius and tacacs Method List Authentication Login Method List List name default Pri1 local Authentication Enable Method List List name default Pri1 none AAA Application Li...

Page 650: ...Part 21 Configuring LLDP CHAPTERS 1 LLDP 2 LLDP Configurations 3 LLDP MED Configurations 4 Viewing LLDP Settings 5 Viewing LLDP MED Settings 6 Configuration Example 7 Appendix Default Parameters...

Page 651: ...et Protocol device to access the network VoIP devices can use LLDP MED for auto configuration to minimize the configuration effort 1 2 Supported Features The switch supports LLDP and LLDP MED LLDP all...

Page 652: ...figurations you can 1 Enable the LLDP feature on the switch 2 Optional Configure the LLDP feature globally 3 Optional Configure the LLDP feature for the interface 2 1 Using the GUI 2 1 1 Global Config...

Page 653: ...e will send LLDP packets to inform its neighbors If frequent changes occur to the local device LLDP packets will flood After specifying a transmit delay time the local device will wait for a delay tim...

Page 654: ...port will transmit LLDP packets and process the received LLDP packets Rx_Only The port will only process the received LLDP packets but not transmit LLDP packets Tx_Only The port will only transmit LLD...

Page 655: ...VLAN which the port is in LA Used to advertise whether the link is capable of being aggregated whether the link is currently in an aggregation and the port ID when it is in an aggregation PS Used to a...

Page 656: ...hbors The default is 2 seconds reinit delay Specify the amount of time that the local device waits before sending another LLDP packet to its neighbors The default is 2 seconds notify interval Enter th...

Page 657: ...list ten gigabitEthernet port range ten gigabitEthernet port list Enter interface configuration mode Step 3 lldp receive Optional Set the mode for the port to receive LLDP packets It is enabled by def...

Page 658: ...ransmit LLDP packets its notification mode is enabled and the outgoing LLDP packets include all TLVs Switch configure Switch config lldp Switch config interface gigabitEthernet 1 0 1 Switch config if...

Page 659: ...Configuration Guide 636 Configuring LLDP LLDP Configurations Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes Switch config if end Switch copy running config startup config...

Page 660: ...to load the following page Figure 3 1 LLDP MED Parameters Config Configure the Fast Start Count and view the current device class Click Apply Fast Start Count Specify the number of successive LLDP ME...

Page 661: ...3 2 LLDP MED Port Config Follow these steps to enable LLDP MED 1 Select the desired port and enble LLDP MED Click Apply 2 Click Detail to enter the following page Configure the TLVs included in the ou...

Page 662: ...e Endpoint device in the Location Identification Parameters section Extended Power Via MDI Used to advertise the detailed PoE information including power supply priority and supply status between LLDP...

Page 663: ...ed fast count count Optional Specify the number of successive LLDP MED frames that the local device sends when fast start mechanism is activated When the fast start mechanism is activated the local de...

Page 664: ...management all Optional Configure the LLDP MED TLVs included in the outgoing LLDP packets By default the outgoing LLDP packets include all TLVs If LLDP MED Location TLV is selected configure the para...

Page 665: ...ig lldp Switch config lldp med fast count 4 Switch config interface gigabitEthernet 1 0 1 Switch config if lldp med status Switch config if lldp med tlv select all Switch config if show lldp interface...

Page 666: ...figurations Configuration Guide 643 LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch config end Switch copy...

Page 667: ...s 4 Viewing LLDP Settings This chapter introduces how to view the LLDP settings on the local device 4 1 Using GUI 4 1 1 Viewing LLDP Device Info Viewing the Local Info Choose the menu LLDP Device Info...

Page 668: ...the value of the Chassis ID Port ID Subtype Displays the Port ID type Port ID Displays the value of the Port ID TTL Specify the amount of time the neighbor device should hold the received information...

Page 669: ...et the Refresh Rate according to your needs Click Apply 2 In the Local Info section select the desired port and view its associated neighbor device information System Name Displays the system name of...

Page 670: ...In the Global Statistics section view the global statistics of the local device Last Update Displays the time when the statistics updated Total Inserts Displays the latest number of neighbors the loc...

Page 671: ...ort when receiving LLDP packets TLV Unknowns Displays the total number of the unknown TLVs included in the received LLDP packets 4 2 Using CLI Viewing the Local Info show lldp local information interf...

Page 672: ...se steps to view LLDP MED local information 1 In the Auto Refresh section enable the Auto Refresh feature and set the Refresh Rate according to your needs Click Apply 2 In the LLDP MED Local Info sect...

Page 673: ...Media Policy Layer 2 Priority Displays the Layer 2 priority used in the specific application Media Policy DSCP Displays the DSCP value used in the specific application Viewing the Neighbor Info Figure...

Page 674: ...al Info show lldp local information interface fastEthernet port gigabitEthernet port ten gigabitEthernet port View the LLDP details of a specific port or all the ports on the local device Viewing the...

Page 675: ...he device information using the NMS Figure 6 1 LLDP Network Topology Gi1 0 1 Gi1 0 2 Switch A Switch B PC 6 1 3 Configuration Scheme LLDP can meet the network requirements Enable the LLDP feature glob...

Page 676: ...ad the following page Set the Admin Status of port Gi1 0 1 to Tx Rx enable Notification Mode and configure all the TLVs included in the outgoing LLDP packets Figure 6 3 LLDP Port Config 6 1 5 Using CL...

Page 677: ...dp transmit Switch_A config if lldp snmp trap Switch_A config if lldp tlv select all Switch_A config if end Switch_A copy running config startup config Verify the Configurations View LLDP settings glo...

Page 678: ...Yes Max Frame Size Yes Power Yes LLDP MED Status Disabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes View the Local Info Switch_A sh...

Page 679: ...gement address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port and protocol VLAN supported Yes Port and protocol VLAN enabled No VLAN name of VLAN 1...

Page 680: ...0G 28TS 2 0 Firmware Revision Reserved Software Revision 2 0 0 Build 20160905 Rel 74744 s Serial Number Reserved Manufacturer Name TP Link Model Name T1600G 28TS 2 0 Asset ID unknown View the Neighbor...

Page 681: ...ss interface type IfIndex Management address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port and protocol VLAN supported Yes Port and protocol VLAN e...

Page 682: ...t Configure the port which the IP phone is connected with then IP phone can automatically finish its Voice VLAN configuration using the received LLDP MED packets and send tagged voice packets to the s...

Page 683: ...reate VLAN 10 and name it as Voice VLAN Figure 6 5 Creating a VLAN 2 Enable and configure the Voice VLAN Choose the menu QoS Voice VLAN Global Config enable Voice VLAN and set the VLAN ID to 10 Figure...

Page 684: ...Configuring LLDP Configuration Example Configuration Guide 661 Figure 6 7 Configuring Voice VLAN Mode on Port 1 0 1 Figure 6 8 Configuring Voice VLAN Mode on Port 1 0 2...

Page 685: ...Voice VLAN 3 Choose the LLDP Basic Config Global Config to load the following page and enable LLDP globally Figure 6 10 LLDP Global Config 4 Choose the LLDP LLDP MED Global Config to load the followin...

Page 686: ...12 LLDP MED Port Config Click Detail in the Port 1 0 1 entry to configure TLVs included in the outgoing LLDP MED packets Figure 6 13 LLDP MED Port Config Detail In the Location Identification Paramet...

Page 687: ...Voice VLAN Switch_A config vlan 10 Switch_A config vlan name Voice_VLAN Switch_A config voice vlan 10 2 Configure the Voice VLAN mode on port Gi1 0 1 as Auto Switch_A config interface gigabitEthernet...

Page 688: ...Configure the LLDP MED TLVs included in the outgoing LLDP packets Switch_A config if lldp med tlv select all 8 Configure the detailed address of the IP phone Switch_A config if lldp med location civi...

Page 689: ...VLAN ID Yes Protocol VLAN ID Yes VLAN Name Yes Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Exten...

Page 690: ...pe ipv4 Management address 192 168 0 226 Management address interface type IfIndex Management address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port...

Page 691: ...ID 0 Layer 2 Priority 0 DSCP 0 Location Data Format Civic Address LCI What Switch Country Code CN Language chinese Province State Guangdong County Parish District China City Township Shenzhen Street K...

Page 692: ...e SEP64A0E714DC54 System description Cisco IP Phone 7931G V4 term default System capabilities supported Bridge Telephone System capabilities enabled Bridge Telephone Management address type ipv4 Manag...

Page 693: ...Endpoint Class III Application type Voice Unknown policy No Tagged No VLAN ID 4095 Layer 2 Priority 5 DSCP 46 Application type Voice Signaling Unknown policy No Tagged No VLAN ID 4095 Layer 2 Priority...

Page 694: ...DP Forward Message Disable Transmit Interval 30 seconds Hold Multiplier 4 Transmit Delay 2 seconds Reinit Delay 2 seconds Notification Interval 5 seconds Fast Start Times 3 Table 7 2 Default LLDP Sett...

Page 695: ...figuring Maintenance CHAPTERS 1 Maintenance 2 Monitoring the System 3 System Log Configurations 4 Diagnosing the Device 5 Diagnosing the Network 6 Example for Configuring Remote Log 7 Appendix Default...

Page 696: ...ou can monitor the memory and the CPU utilizations of the switch Log You can check system messages for debugging and network management Device Diagnose You can test the cable connection status cable l...

Page 697: ...d memory utilizations should be always under 80 and excessive use may result in switch malfunctions For example the switch fails to respond to management requests In similar situations you can monitor...

Page 698: ...itor and display its CPU utilization rate every four seconds 2 1 2 Monitoring the Memory Choose the menu Maintenance System Monitor Memory Monitor to load the following page Figure 2 2 Monitoing the M...

Page 699: ...es The following example shows how to monitor the CPU Switch show cpu utilization Unit CPU Utilization No Five Seconds One Minute Five Minutes 1 13 13 13 2 2 2 Monitoring the Memory On privileged EXEC...

Page 700: ...ions affect the functionality of the switch Alerts 1 Actions must be taken immediately The memory utilization reaches the limit Critical 2 Cause analysis or actions must be taken immediately The memor...

Page 701: ...Log Table page It will be lost when the switch is restarted Log File indicates the flash sector for saving system log The information in the log file will not be lost after the switch is restarted and...

Page 702: ...nd severity Host IP Specify an IP address for the log host UDP Port Displays the UDP port that receives and sends the log information And the switch uses the standard port 514 Severity Specify the sev...

Page 703: ...the exact time when the log event occurs you need to configure the system time on the System System Info System Time Web management page Module Select a module from the drop down list to display the...

Page 704: ...he frequency ranging from 1 to 48 hours By default the synchronization process takes place every 24 hours immediate The system log file in the buffer will be synchronized to the flash immediately This...

Page 705: ...y monitor the settings and operation status of other devices through the log host idx Enter the index of the log host The switch supports 4 log hosts at most host ip Specify the IP address for the log...

Page 706: ...its IP address as 192 168 0 148 and allow logs of levels 0 to 5 to be sent to the host Switch configure Switch config logging host index 2 192 168 0 148 5 Switch config show logging loghost Index Host...

Page 707: ...interval between two cable tests for one port must be more than 3 seconds Pair Displays the Pair number Status Displays the cable status Test results include normal close open and crosstalk Normal The...

Page 708: ...e diagnostics of the connected Ethernet Port port Enter the port number in 1 0 1 format to check the result of the cable test show cable diagnostics careful interface gigabitEthernet port View the cab...

Page 709: ...the Ping Test Choose the menu Maintenance Network Diagnose Ping to load the following page Figure 5 1 Configuring the Ping Test Follow these steps to test the connectivity between the switch and anoth...

Page 710: ...milliseconds 2 In the Ping Result section check the test results 5 1 2 Configuring the Tracert Test Choose the menu Maintenance Network Diagnose Tracert to load the following page Figure 5 2 Configuri...

Page 711: ...testing The values are from 1 to 10 times the default is 4 times l count Specify the size of the sending data for ping testing The values are from 1 to 1500 bytes the default is 64 bytes i count Spec...

Page 712: ...ipv6 The type of the IP address for tracert test should be IPv6 ip_addr Enter the IP address of the destination device If the parameter ip ipv6 is not selected both IPv4 and IPv6 addresses are support...

Page 713: ...the remote log to receive system logs from monitored devices Make sure the switch and the PC are reachable to each other configure a log server that complies with the syslog standard on the PC and set...

Page 714: ...re the remote log host Switch configure Switch config logging host index 1 1 1 0 1 5 Switch config end Switch copy running config startup config Verify the Configurations Switch show logging loghost I...

Page 715: ...Log Buffer Immediately Status of Log File Disabled Severity of Log File Level_3 Sync Periodic of Log File 24 hours Table 7 2 Default Settings of Remote Log Parameter Default Setting Host IP 0 0 0 0 UD...

Page 716: ...Part 23 Configuring SNMP RMON CHAPTERS 1 SNMP Overview 2 SNMP Configurations 3 Notification Configurations 4 RMON Overview 5 RMON Configurations 6 Configuration Example 7 Appendix Default Parameters...

Page 717: ...uthentication and Privacy Based on Community Name Based on Community Name Supported authentication and privacy modes are as follows Authentication MD5 SHA Privacy DES Trap Supported Supported Supporte...

Page 718: ...reate an SNMP group and specify the access rights 4 Create SNMP users and configure the authentication mode privacy mode and corresponding passwords Choose SNMPv1 or SNMPv2c 1 Enable SNMP 2 Create an...

Page 719: ...NMP engine on the switch 3 In the Remote Engine section configure the remote engine ID Click Apply Remote Engine ID Set the ID of the remote SNMP manager with 10 to 64 hexadecimal digits If no remote...

Page 720: ...IB objects that have the same view name MIB Object ID Enter a MIB Object ID to specify a specific function of the device For specific ID rules refer to the device related MIBs View Type Set the view t...

Page 721: ...e group is SNMPv1 In this mode community name match is used for authentication You can configure the community name on the SNMP community page v2c The security model of the group is SNMPv2 In this mod...

Page 722: ...hese steps to create an SNMP user 1 Specify the user name user type and the group which the user belongs to Set the security model according to the related parameters of the specified group If you cho...

Page 723: ...rivacy mode are applied to check and encrypt packets 2 If you have chosen authNoPriv or authPriv as the security level you need to set corresponding Auth Mode or Privacy Mode If not skip the step Auth...

Page 724: ...MPv1 and SNMPv2c the community name match is used for authentication Access Specify the access right to the related view The default is read only read only The NMS can view but not modify parameters o...

Page 725: ...receives inform messages from Switch Note that the switch will automatically generate a local engine ID if the ID is not set or is deleted Step 4 show snmp server Displays the global settings of SNMP...

Page 726: ...e view to determine objects to be managed Step 1 configure Enter global configuration mode Step 2 snmp server view name mib oid include exclude Configure the view name Enter a view name with 1 to 16 c...

Page 727: ...ig show snmp server view No View Name Type MOID 1 viewDefault include 1 2 viewDefault exclude 1 3 6 1 6 3 15 3 viewDefault exclude 1 3 6 1 6 3 16 4 viewDefault exclude 1 3 6 1 6 3 18 5 View include 1...

Page 728: ...evel cannot be configured read view Set the view as read only And then the NMS can view parameters of the specified view write view Set the view as write only And then the NMS can modify parameters of...

Page 729: ...noAuthNoPriv Please note that if you have chosen v1 or v2c as the security mode security level cannot be configured none MD5 SHA Choose an authentication algorithm which is only for the user of SNMPv3...

Page 730: ...ssword Step 1 configure Enter global configuration mode Step 2 snmp server community name read only read write mib view Configure the community name Enter a group name with 1 to 16 characters read onl...

Page 731: ...ON SNMP Configurations Switch config snmp server community nms monitor read write View Switch config show snmp server community Index Name Type MIB View 1 nms monitor read write View Switch config end...

Page 732: ...Optional Enabling the DDM Trap and Optional Enabling the Link status Trap 3 1 Using the GUI Choose the menu SNMP Notification Notification Config to load the following page Figure 3 1 Notification Con...

Page 733: ...the SNMP version If you choose the Inform type you need to set retry times and timeout interval Type Choose a notification type for the NMS that uses SNMPv2c or SNMPv3 the default type is Trap Trap Se...

Page 734: ...zation and no encryption authNoPriv authorization and no encryption authPriv authorization and encryption The defaut is noAuthNoPriv Please note that if you have chosen v1 or v2c as the security mode...

Page 735: ...2 snmp server traps snmp linkup linkdown warmstart coldstart auth failure Configure parameters of basic traps supported on the switch linkup When a port status changes from linkdown to linkup the swit...

Page 736: ...artup config Save the settings in the configuration file The following example shows how to configure the switch to send linkup traps Switch configure Switch config snmp server traps snmp linkup Switc...

Page 737: ...stems table maintenance polls lldp topologychange A notification generated by the local device to sense the change in the topology that indicates a new remote device attached to a local port or a remo...

Page 738: ...running config startup config Optional Enabling the DDM Trap Step 1 configure Enter global configuration mode Step 2 snmp server traps ddm temperature voltage bias_current tx_power rx_power Enable SNM...

Page 739: ...Trap Step 1 configure Enter global configuration mode Step 2 snmp server traps security dhcp snoop Enable illegal DHCP server trap to send SNMP trap message when untrusted port has received DHCP Serve...

Page 740: ...rnet ports that you desire to configure notification traps Step 3 snmp server traps link status Enable SNMP extended linkup and linkdown traps By default it is disabled Step 4 end Return to privileged...

Page 741: ...ork device The NMS is usually a host that runs the management software to manage Agents of network devices And the Agent is usually a switch or router that collects traffic statistics such as total pa...

Page 742: ...ory group Configuring the event group Configuring the alarm group Configuration Guidelines To ensure that the NMS receives notifications normally please complete configurations of SNMP and SNMP Notifi...

Page 743: ...Set the entry as valid or underCreation By default it is valid Valid The entry is created and valid underCreation The entry is created but invalid 5 1 2 Configuring History Choose the menu SNMP RMON H...

Page 744: ...set the status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters By default it is monitor Status Enable or disable the entry By default it is disabled Enable Th...

Page 745: ...status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters By default it is monitor Status Enable or disable the entry By default it is disabled Enable The entry...

Page 746: ...t the sample type the rising and falling threshold the corresponding event action and the alarm type of the entry Sample Type Set the sampling method of the specified variable the default is absolute...

Page 747: ...ing the CLI 5 2 1 Configuring Statistics Step 1 configure Enter global configuration mode Step 2 rmon statistics index interface gigabitEthernet port ten gigabitEthernet port owner owner name status u...

Page 748: ...fig end Switch copy running config startup config 5 2 2 Configuring History Step 1 configure Enter global configuration mode Step 2 rmon history index interface fastEthernet port gigabitEthernet port...

Page 749: ...settings in the configuration file The following example shows how to create a history entry on the switch to monitor port 1 0 1 Set the sample interval as 100 seconds max buckets as 50 and the owner...

Page 750: ...notifications to the NMS and log notify indicates the switch records the event and sends notifications to the NMS owner name Enter the owner name of the entry with 1 to 16 characters The default name...

Page 751: ...ns occur collision means the collision times in the network segment 64 65 127 128 255 256 511 512 1023 1024 10240 means total packets of the specified size absolute delta Choose the sampling mode The...

Page 752: ...e type as Absolute the rising threshold as 3000 the related rising event entry index as 1 the falling threshold as 2000 the related falling event index as 2 the alarm type as all the notification inte...

Page 753: ...number of packets transmitted and received is below the threshold 6 2 Configuration Scheme 1 Set a limit on the rate of the specified ports and then enable SNMP on Switch A Configure SNMP and Notifica...

Page 754: ...to reach one another Figure 6 1 Network Topology Gi1 0 1 NMS Switch B Switch A IP 172 168 1 222 Gi1 0 2 Gi1 0 3 Demonstrated with T1600G 28TS this chapter provides configuration procedures in two way...

Page 755: ...SNMP view as View set MIB Object ID as 1 which means all functions and set the view type as Include Click Create Figure 6 3 SNMP View Configuration 3 Choose SNMP SNMP Config SNMP Group to load the fo...

Page 756: ...hose of the group nms monitor Choose SHA authentication algorithm and DES privacy algorithm and set corresponding passwords Click Create Figure 6 5 User Config 5 Choose SNMP Notification Notification...

Page 757: ...ng commands under the CLI configuration mode Switch enable Enter Privileged EXEC Mode Switch config Enter global configuration mode Switch config snmp server traps bandwidth control Enable Bandwitch c...

Page 758: ...val as 100 seconds Max Buckets as 50 the owner of the entries as monitor and the status as Enable Figure 6 9 History Configuration 3 Choose the menu SNMP RMON Event to load the following page Configur...

Page 759: ...entry ID as 1 which is the notify type the falling threshold as 2000 the associated falling event entry ID as 2 which is the log type the alarm type as all the interval as 10 seconds the owner name as...

Page 760: ...slev authPriv cmode SHA cpwd 1234 emode DES epwd 1234 5 To configure Notification specify the IP address of the NMS host and UDP port Set the User Security Model and Security Level according to confi...

Page 761: ...ed falling event entry ID as 2 the log type the alarm type as all the interval as 10 seconds and the owner name as monitor For entry 2 set the associated statistics entry ID as 2 bound to port 1 0 2 w...

Page 762: ...ote engine ID 123456789a Verify SNMP view configurations Switch config show snmp server view No View Name Type MOID 1 viewDefault include 1 2 viewDefault exclude 1 3 6 1 6 3 15 3 viewDefault exclude 1...

Page 763: ...hPriv inform 3 100 Verify RMON statistics configurations Switch config show rmon statistics Index Port Owner State 1 Gi1 0 1 monitor valid 2 Gi1 0 2 monitor valid Verify RMON history configurations Sw...

Page 764: ...Index State 1 Enabled Statistics index 1 Alarm variable BPkt Sample Type Absolute RHold REvent 3000 1 FHold FEvent 2000 2 Alarm startup All Interval 10 Owner monitor Index State 2 Enabled Statistics i...

Page 765: ...Table 7 2 Default SNMP View Settings Parameter Default Setting View Name None MIB Object ID None View Type Include Table 7 3 Default SNMP View Table Settings View Name View Type MIB Object ID viewDefa...

Page 766: ...Privacy Password None Table 7 6 Default Community Settings Parameter Default Setting Community Name None Access read only MIB View viewDefault Default settings of Notification are listed in the follow...

Page 767: ...0 1 Interval 1800 seconds Max Buckets 50 Owner monitor Status Disable Table 7 10 Default Settings for Event Entries Parameter Default Setting User public Description None Type None Owner monitor Statu...

Page 768: ...Configuring SNMP RMON Appendix Default Parameters Configuration Guide 745 Parameter Default Setting Status Disable...

Page 769: ...ent This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications...

Page 770: ...on t disassemble the product or make repairs yourself You run the risk of electric shock and voiding the limited warranty If you ne ed service please contact us Avoid water and wet locations CE DOC TP...

Page 771: ...ctrical and electronic equipment WEEE This means that this product must be handled pursuant to European directive 2012 19 EU in order to be recycled or dismantled to minimize its impact on the environ...

Reviews:

No comments

Related manuals for TL-SG2424

IBM 11a Quick Start Manual preview
11a
Brand: IBM Pages: 32
Profile LS901-E1 Instruction Manual preview
LS901-E1
Brand: Profile Pages: 6
IBM BladeCenter Management Module Installation And User Manual preview
BladeCenter Management Module
Brand: IBM Pages: 184
3Com NJ220 - IntelliJack Switch User Manual preview
NJ220 - IntelliJack Switch
Brand: 3Com Pages: 82
B&B Electronics Conel UR5i v2 Libratum User Manual preview
Conel UR5i v2 Libratum
Brand: B&B Electronics Pages: 32
SyChip WLAN6065SD User Manual preview
WLAN6065SD
Brand: SyChip Pages: 24
Supermicro AOC-MGP-i2 User Manual preview
AOC-MGP-i2
Brand: Supermicro Pages: 27
Digisol DG-SR2004 User Manual preview
DG-SR2004
Brand: Digisol Pages: 73
Tripp Lite SmartRack SR42UBEXPKD Assembly Instructions Manual preview
SmartRack SR42UBEXPKD
Brand: Tripp Lite Pages: 8
Cabletron Systems TRXMIM-24A User Manual preview
TRXMIM-24A
Brand: Cabletron Systems Pages: 56
Linksys EFG20 User Manual preview
EFG20
Brand: Linksys Pages: 37
Planet GS-4210-16P2S User Manual preview
GS-4210-16P2S
Brand: Planet Pages: 431
Enterasys Matrix 6H303-48 Hardware Installation Manual preview
Matrix 6H303-48
Brand: Enterasys Pages: 90
Oracle Database Appliance X6-2-HA Deployment And User'S Manual preview
Database Appliance X6-2-HA
Brand: Oracle Pages: 473
Edimax BR-6524n Manual preview
BR-6524n
Brand: Edimax Pages: 161
NAVI R330g Quick Setup Manual preview
R330g
Brand: NAVI Pages: 18
Cambium Networks PTP 820C HP Installation Manual preview
PTP 820C HP
Brand: Cambium Networks Pages: 227
Crestron CNXIRP Installation Instructions preview
CNXIRP
Brand: Crestron Pages: 2

Brands by name

Popular brands

Load more brands