TP-Link JetStream T1500-28PCT Скачать руководство пользователя страница 609 | Manualshive

Страница: 609 / 861

background image

User Guide

586

Configuring ACL

Overview

1

Overview

ACL (Access Control List) filters traffic as it passes through a switch, and permits or denies

packets crossing specified interfaces or VLANs. It accurately identifies and processes

the packets based on the ACL rules. In this way, ACL helps to limit network traffic, manage

network access behaviors, forward packets to specified ports and more.
To configure ACL, follow these steps:
1)  Configure a time range during which the ACL is in effect.
2)  Create an ACL and configure the rules to filter different packets.
3)  Bind the ACL to a port or VLAN to make it effective.

Configuration Guidelines

■

A packet “matches” an ACL rule when it meets the rule’s matching criteria. The resulting

action will be either to “permit” or “deny” the packet that matches the rule.

■

If no ACL rule is configured, the packets will be forwarded without being processed by

the ACL. If there is configured ACL rules and no matching rule is found, the packets will

be dropped.

Downloaded from

«
...
607
608
609
610
611
...
»

Содержание JetStream T1500-28PCT

Страница 1: ...User Guide Jetstream Smart Switches T1500G 8T TL SG2008 T1500 28PCT TL SL2428P TL SG2210MP TL SG2210P 1910012765 REV3 3 0 March 2020 Downloaded from ManualsNet com search engine...

Страница 2: ...Login 11 SSH Login 12 Disable Telnet Login 16 Disable SSH Login 17 Copy running config startup config 17 Change the Switch s IP Address and Default Gateway 18 Managing System System 20 Overview 20 Sup...

Страница 3: ...Configuring the Boot File 50 Restoring the Configuration of the Switch 52 Backing up the Configuration File 52 Upgrading the Firmware 53 Rebooting the switch 54 Reseting the Switch 55 Using the CLI 55...

Страница 4: ...eme 84 Using the GUI 84 Using the CLI 87 Appendix Default Parameters 88 Managing Physical Interfaces Physical Interface 92 Overview 92 Supported Features 92 Basic Parameters Configurations 93 Using th...

Страница 5: ...17 Configuring Static LAG or LACP 118 Configuration Example 122 Network Requirements 122 Configuration Scheme 122 Using the GUI 123 Using the CLI 124 Appendix Default Parameters 126 Managing MAC Addre...

Страница 6: ...guration Example 147 Network Requirements 147 Configuration Scheme 147 Network Topology 148 Using the GUI 148 Using the CLI 151 Appendix Default Parameters 154 Configuring MAC VLAN Overview 156 MAC VL...

Страница 7: ...ocol VLAN 178 Configuration Example 181 Network Requirements 181 Configuration Scheme 181 Using the GUI 183 Using the CLI 188 Appendix Default Parameters 193 Configuring GVRP Overview 195 GVRP Configu...

Страница 8: ...s 235 Configuring Hosts to Statically Join a Group 236 Using the CLI 236 Configuring MLD Snooping Globally 236 Configuring MLD Snooping for VLANs 237 Configuring MLD Snooping for Ports 242 Configuring...

Страница 9: ...rements 270 Configuration Scheme 270 Using the GUI 271 Using the CLI 273 Example for Configuring MVR 275 Network Requirements 275 Network Topology 275 Configuration Scheme 276 Using the GUI 276 Using...

Страница 10: ...ters 314 Enabling STP RSTP Globally 316 MSTP Configurations 318 Using the GUI 318 Configuring Parameters on Ports in CIST 318 Configuring the MSTP Region 321 Configuring MSTP Globally 325 Verifying th...

Страница 11: ...guring LLDP Globally 369 Configuring LLDP MED Globally 369 Configuring LLDP MED for Ports 370 Using the CLI 372 Global Config 372 Port Config 373 Viewing LLDP Settings 376 Using GUI 376 Viewing LLDP D...

Страница 12: ...409 Using the CLI 410 Enabling DHCP L2 Relay 410 Configuring Option 82 for Ports 411 Configuration Examples 414 Example for DHCP VLAN Relay 414 Network Requirements 414 Configuration Scheme 414 Using...

Страница 13: ...h Control Configuration 459 Using the GUI 459 Configuring Rate Limit 459 Configuring Storm Control 460 Using the CLI 461 Configuring Rate Limit 461 Configuring Storm Control 462 Voice VLAN Configurati...

Страница 14: ...he GUI 506 Configuring the Access Control Feature 506 Configuring the HTTP Function 509 Configuring the HTTPS Function 511 Configuring the SSH Feature 514 Configuring the Telnet Function 515 Using the...

Страница 15: ...ng the CLI 549 Appendix Default Parameters 552 Configuring 802 1x Overview 555 802 1x Configuration 556 Using the GUI 556 Configuring the RADIUS Server 556 Configuring 802 1x Globally 559 Configuring...

Страница 16: ...Configuring Combined ACL Rule 596 Configuring the IPv6 ACL Rule 601 Configuring ACL Binding 605 Using the CLI 606 Configuring Time Range 606 Configuring ACL 606 Configuring Policy 615 Configuring ACL...

Страница 17: ...he CLI 645 Adding IP MAC Binding Entries 645 Enabling ARP Detection 645 Configuring ARP Detection on Ports 646 Viewing ARP Statistics 648 IPv4 Source Guard Configuration 649 Using the GUI 649 Adding I...

Страница 18: ...es 675 ND Detection Configuration 676 Using the GUI 676 Adding IPv6 MAC Binding Entries 676 Enabling ND Detection 676 Configuring ND Detection on Ports 677 Viewing ND Statistics 677 Using the CLI 678...

Страница 19: ...ring Legal DHCPv4 Servers 698 Using the CLI 699 Configuring the Basic DHCPv4 Filter Parameters 699 Configuring Legal DHCPv4 Servers 701 DHCPv6 Filter Configuration 703 Using the GUI 703 Configuring th...

Страница 20: ...he CPU 726 Using the GUI 726 Using the CLI 726 Monitoring the Memory 728 Using the GUI 728 Using the CLI 728 Monitoring Traffic Traffic Monitor 731 Using the GUI 731 Using the CLI 735 Appendix Default...

Страница 21: ...or SNMP v3 762 Using the CLI 763 Enabling SNMP 763 Creating an SNMP View 765 Creating SNMP Communities For SNMP v1 v2c 766 Creating an SNMP Group For SNMPv3 767 Creating SNMP Users For SNMPv3 769 Noti...

Страница 22: ...CLI 815 Diagnosing the Network 816 Using the GUI 816 Troubleshooting with Ping Testing 816 Troubleshooting with Tracert Testing 817 Using the CLI 818 Configuring the Ping Test 818 Configuring the Trac...

Страница 23: ...Configuration Example 830 Network Requirements 830 Configuration Scheme 830 Using the GUI 830 Using the CLI 831 Appendix Default Parameters 832 Downloaded from ManualsNet com search engine...

Страница 24: ...power budget is not guaranteed and will vary as a result of client limitations and environmental factors The information in this document is subject to change without notice Every effort has been mad...

Страница 25: ...gress ingress rate is used to restrict ingress bandwidth bandwidth egress egress rate is used to restrict egress bandwidth bandwidth ingress ingress rate egress egress rate is used to restrict ingress...

Страница 26: ...Part 1 Accessing the Switch CHAPTERS 1 Determine the Management Method 2 Web Interface Access 3 Command Line Interface Access Downloaded from ManualsNet com search engine...

Страница 27: ...n the download center of our official website https www tp link com download center html Standalone Mode If you have a relatively small sized network and only one or just a small number of devices nee...

Страница 28: ...tch is available 2 Launch a web browser The supported web browsers include but are not limited to the following types IE 8 0 9 0 10 0 11 0 Firefox 26 0 27 0 Chrome 32 0 33 0 3 Enter the switch s IP ad...

Страница 29: ...figuration file and the start up configuration file After you perform configurations on the sub interfaces and click Apply the modifications will be saved in the running configuration file The configu...

Страница 30: ...switch to accss a network you can configure the default gateway of the switch Only the computers in the management VLAN can access the management interface of the switch By default VLAN 1 owning all t...

Страница 31: ...itch Web Interface Access Figure 2 7 Change the switch s IP address and default gateway 2 Enter the new IP address in the web browser to access the switch 3 Click to save the settings Downloaded from...

Страница 32: ...ort connected directly Hyper Terminal Telnet RJ 45 port CMD SSH RJ 45 port Putty 3 1 Console Login only for switch with console port Follow these steps to log in to the switch via the Console port 1 C...

Страница 33: ...r protect your network and devices 4 Enter enable to enter the User EXEC Mode to further configure the switch Figure 3 2 User EXEC Mode Note In Windows XP go to Start All Programs Accessories Communic...

Страница 34: ...witch and the PC are in the same LAN Local Area Network Click Start and type in cmd in the Search bar and press Enter Figure 3 3 Open the cmd Window 2 Type in telnet 192 168 0 1 in the cmd window and...

Страница 35: ...the following two modes Password Authentication Mode and Key Authentication Mode You can choose one according to your needs Password Authentication Mode Username and password are required which are bo...

Страница 36: ...password to log in to the switch and you can continue to configure the switch Figure 3 9 Log In to the Switch Note The first time you log in change the password to better protect your network and dev...

Страница 37: ...2 bits You can accelerate the key generation process by moving the mouse quickly and randomly in the Key section 2 After the keys are successfully generated click Save public key to save the public ke...

Страница 38: ...d with the type of the key file In the above CLI v1 corresponds to SSH 1 RSA and v2 corresponds to SSH 2 RSA and SSH 2 DSA The key downloading process cannot be interrupted 4 After the public key is d...

Страница 39: ...ame to log in If you can log in without entering the password the key authentication completed successfully Figure 3 15 Log In to the Switch Note The first time you log in change the password to bette...

Страница 40: ...SH Config disable the SSH server and click Apply Figure 3 17 Shut down SSH server Using the CLI Switch configure Switch config no ip ssh server 3 6 Copy running config startup config The switch s conf...

Страница 41: ...VLAN can access the management interface of the switch By default VLAN 1 owning all the ports is the management VLAN and you can access the switch via any port By default the system IP address is 192...

Страница 42: ...ement Configurations 4 System Tools Configurations 5 EEE Configuration 6 PoE Configurations Only for Certain Devices 7 SDM Template Configuration 8 Time Range Configuration 9 Example for PoE Configura...

Страница 43: ...re the configurations update the firmware reset the switch and reboot the switch EEE EEE Energy Efficient Ethernet is used to save power consumption of the switch during periods of low data activity Y...

Страница 44: ...ving power from the PSE for example IP phones and access points According to whether PDs comply with IEEE standard they can be classified into standard PDs and non standard PDs Only standard PDs can b...

Страница 45: ...mary Choose the menu SYSTEM System Info System Summary to load the System Summary page You can view the port status and system information of the switch Viewing the Port Status In the Port Status sect...

Страница 46: ...e SFP port is at the speed of 100Mbps You can move your cursor to a port to view the detailed information of the port Figure 2 2 Port Information Port Information Indication Port Displays the port num...

Страница 47: ...nfo Configurations Figure 2 3 Bnadwidth Utilization RX Displays the bandwidth utilization of receiving packets on this port TX Displays the bandwidth utilization of sending packets on this port Downlo...

Страница 48: ...itch You can edit it on the Device Description page Device Location Displays the location of the switch You can edit it on the Device Description page Contact Information Displays the contact informat...

Страница 49: ...ng Tree Displays whether Spanning Tree is enabled You can click Settings to jump to the Spanning Tree configuration page DHCP Relay Displays whether DHCP Relay is enabled You can click Settings to jum...

Страница 50: ...the System Time In the Time Info section you can view the current time information of the switch Current System Time Displays the current date and time of the switch Current Time Source Displays how t...

Страница 51: ...aylight Saving Time to load the following page Figure 2 7 Configuring the Daylight Saving Time Follow these steps to configure Daylight Saving Time 1 In the DST Config section enable the Daylight Savi...

Страница 52: ...If you select Date Mode specify an absolute time range for the Daylight Saving Time of the switch This configuration will be used only one time Offset Specify the time to set the clock forward by Star...

Страница 53: ...he interface Static Assign an IP address to the management interface DHCP Assign an IP address to the management interface through the DHCP server BOOTP Assign an IP address to the management interfac...

Страница 54: ...n the management VLAN can access the management interface of the switch By default VLAN 1 owning all the ports is the management VLAN and you can access the switch via any port IPv6 Enable Enable the...

Страница 55: ...a RA message With this option enabled the interface automatically generates a global address and other information according to the address prefix and other configuration parameters from the received...

Страница 56: ...lifetime is the length of time that an IPv6 address is in the valid state When the valid lifetime expires the address become invalid and can be no longer usable Status Displays the status of the link...

Страница 57: ...N A N A Disable Copper Gi1 0 3 LinkUp 1000M Full Disable Disable Copper Switch show system info System Description JetStream 48 Port Gigabit Smart Switch with 4 SFP Slots System Name T1500 28PCT Syst...

Страница 58: ...m information including system Description Device Name Device Location System Contact Hardware Version Firmware Version System Time Run Time and so on Step 6 end Return to privileged EXEC mode Step 7...

Страница 59: ...zone which ranges from UTC 12 00 to UTC 13 00 The detailed information of each time zone are displayed as follows UTC 12 00 TimeZone for International Date Line West UTC 11 00 TimeZone for Coordinate...

Страница 60: ...ver Specify the IP address of the primary NTP server backup ntp server Specify the IP address of the backup NTP server fetching rate Specify the interval fetching time from the NTP server Step 3 Use t...

Страница 61: ...following command to set the Daylight Saving Time in recurring mode system time dst recurring sweek sday smonth stime eweek eday emonth etime offset Specify the Daylight Saving Time in Recuring mode...

Страница 62: ...g Time which ranges from 1 to 31 etime Enter the end time of Daylight Saving Time in the format of HH MM eyear Enter the end year of Daylight Saving Time offset Enter the offset of Daylight Saving Tim...

Страница 63: ...AN ID Step 4 Automatically assign an IP Address and default gateway for the management interface via DHCP or BOOTP ip address alloc dhcp bootp Specify the IP Address assignment mode of the management...

Страница 64: ...255 255 0 gateway 192 168 0 100 The connection will be interrupted and you should telnet to the switch s new IP address 192 168 0 10 C Users Administrator telnet 192 168 0 10 User admin Password admi...

Страница 65: ...address via DHCPv6 server ipv6 address dhcp Enable the DHCPv6 Client function When this function is enabled the Layer 3 interface will try to obtain the IPv6 address from DHCPv6 server Manually config...

Страница 66: ...ess fe80 20a ebff fe13 237b NOR Global Address RA Disable Global Address DHCPv6 Enable Global unicast address es ff02 1 ff13 237b Joined group address es ff02 1 ICMP error messages limited to one ever...

Страница 67: ...You can also create more Admin accounts If you create Operator Power User or User accounts you need go to the AAA section to create an Enable Password If needed these types of users can use the Enabl...

Страница 68: ...w all the settings of different functions Operator Operator can edit modify and view most of the settings of different functions Power User Power User can edit modify and view some of the settings of...

Страница 69: ...ive privileges 3 2 Using the CLI There are four types of user accounts with different access levels Admin Operator Power User and User There is a default Admin account which cannot be deleted The defa...

Страница 70: ...ration file After the encrypted password is configured you should use the corresponding unencrypted password to reenter this mode Use the following command to create an account MD5 encrypted user name...

Страница 71: ...ric encrypted password with fixed length which you can copy from another switch s configuration file After the encrypted password is configured you should use the corresponding unencrypted password to...

Страница 72: ...privileges The following example shows how to create a uesr with the access level of Operator set the username as user1 and password as 123 and set the enable password as abc123 Switch configure Switc...

Страница 73: ...e Restore the configuration of the switch Back up the configuration file Upgrade the firmware Reboot the switch Reset the switch 4 1 Using the GUI 4 1 1 Configuring the Boot File Choose the menu SYSTE...

Страница 74: ...t Startup Config Displays the current startup configuration Next Startup Config Specify the next startup configuration When the switch is powered on it will try to start up with the next startup confi...

Страница 75: ...to reboot the switch after restoring is completed Only after the switch is rebooted will the imported configuration take effect 4 Click Import to import the configuration file Note It will take some t...

Страница 76: ...he system Image Name Displays the image to upgrade The operation will only affect the image displayed here Follow these steps to upgrade the firmware of the switch 1 Click Browse and select the proper...

Страница 77: ...hoose whether to save the current configuration before reboot 3 Click Reboot Configuring Reboot Schedule Choose the menu SYSTEM System Tools System Reboot Reboot Schedule to load the following page Fi...

Страница 78: ...h 1 In the System Reset section select the desired unit 2 Choose whether to maintain the IP address of selected unit when resetting 3 Click Reset After reset all configurations of the switch will be r...

Страница 79: ...e configuration file The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file...

Страница 80: ...h IP address 192 168 0 100 Switch enable Switch copy tftp startup config ip address 192 168 0 100 filename file1 Start to load user config file Operation OK Now rebooting system 4 2 3 Backing up the C...

Страница 81: ...ep 3 Enter Y to continue and then enter Y to reboot the switch with the backup image The following example shows how to upgrade the firmware using the configuration file named file3 bin The TFTP serve...

Страница 82: ...the format of DD MM YYYY The date should be within 30 days save_before_reboot Save the configuration file before the switch reboots If no date is specified the switch will reboot according to the tim...

Страница 83: ...ip To maintain the IP address when resetting the switch add this part to the command Follow these steps to disable the reset function of console port or reset button Step 1 configure Enter global con...

Страница 84: ...Enable or disable EEE on the selected port s 3 Click Apply 5 1 Using the CLI Follow these steps to configure EEE Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port ra...

Страница 85: ...figuration file The following example shows how to enable the EEE feature on port 1 0 1 Switch config Switch config interface gigabitEthernet 1 0 1 Switch config if eee Switch config if show interface...

Страница 86: ...ith the PoE feature you can Configure the PoE parameters manually Configure the PoE parameters using the profile You can configure the PoE parameters one by one via configuring the PoE parameters manu...

Страница 87: ...nfigure the basic PoE parameters 1 In the PoE Config section you can view the current PoE parameters System Power Limit W Displays the maximum power the PoE switch can supply System Power Consumption...

Страница 88: ...he maximum power that the port can supply automatically Class1 The maximum power that the port can supply is 4 W Class2 The maximum power that the port can supply is 7 W Class3 The maximum power that...

Страница 89: ...ys the port s real time power supply Current mA Displays the port s real time current Voltage V Displays the port s real time voltage PD Class Displays the class the linked PD belongs to Power Status...

Страница 90: ...The following options are provided High Middle and Low When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensure stable running of other PDs P...

Страница 91: ...profile to the corresponding ports 1 In the PoE Config section you can view the current PoE parameters System Power Limit W Displays the maximum power the PoE switch can supply System Power Consumptio...

Страница 92: ...power exceeds the system power limit the switch will power off PDs on low priority ports to ensure stable running of other PDs Power Limit Displays the maximum power the corresponding port can supply...

Страница 93: ...e PoE function By default it is enable Step 5 power inline priority low middle high Specify the PoE priority for the corresponding port low middle high Select the priority level for the corresponding...

Страница 94: ...pecify the list of Ethernet ports in the format of 1 0 1 3 1 0 5 Step 11 end Return to privileged EXEC mode Step 12 copy running config startup config Save the settings in the configuration file The f...

Страница 95: ...1 class2 class3 class4 Create a PoE profile for the switch In a profile the PoE status PoE priority and power limit are configured You can bind a profile to the corresponding port to quickly configure...

Страница 96: ...ow power profile Verify the defined PoE profile Step 8 show power inline configuration interface fastEthernet port port list gigabitEthernet port port list ten gigabitEthernet port port list Verify th...

Страница 97: ...gigabitEthernet 1 0 6 Switch config if power inline profile profile1 Switch config if show power inline configuration interface gigabitEthernet 1 0 6 Interface PoE Status PoE Prio Power Limit w Time R...

Страница 98: ...e reboot Select Next Template Select the template that will be effective after the next reboot Default Select the template of default It gives balance to the IP ACL rules and MAC ACL rules EnterpriseV...

Страница 99: ...ys the resource allocation of the default template enterpriseV4 Displays the resource allocation of the enterpriseV4 template enterpriseV6 Displays the resource allocation of the enterpriseV6 template...

Страница 100: ...f IPV6 ACL Rules 0 number of IPV4 Source Guard Entries 253 number of IPV6 Source Guard Entries 0 Switch config sdm prefer enterpriseV4 Switch to enterpriseV4 tempale Changes to the running SDM prefere...

Страница 101: ...to load the following page Figure 8 1 Configuring Time Range Follow these steps to add time range entries 1 In the Time Range Config section specify a name for the entry and select the Holiday mode N...

Страница 102: ...ow will pop up Figure 8 2 Adding Period Time Configure the following parameters and click Create Date Specify the start date and end date of this time range Time Specify the start time and end time of...

Страница 103: ...enu SYSTEM Time Range Holiday Config and click to load the following page Figure 8 4 Configuring Holiday Configure the following parameters and click Create to add a Holiday entry Holiday Name Specify...

Страница 104: ...d date of this time range start date Specify the start date in the format MM DD YYYY end date Specify the end date in the format MM DD YYYY Step 5 periodic start start time end end time day of the wee...

Страница 105: ...how time range Time range entry 12 Inactive Time range entry time1 Inactive holiday exclude number of time slice 1 01 10 01 2017 to 10 31 2017 08 00 to 20 00 on 1 2 Switch config time range end Switch...

Страница 106: ...to create a holiday entry and set the entry name as holiday1 and set start date and end date as 07 01 and 09 01 Switch config Switch config holiday holiday1 start date 07 01 end date 09 01 Switch conf...

Страница 107: ...P1 AP2 Switch A 9 2 Configuring Scheme To implement this requirement you can set a PoE time range as the office time for example from 08 30 to 18 00 on work days Then apply the settings to port 1 0 3...

Страница 108: ...s User Guide 85 Figure 9 2 Creating Time Range 2 Click and the following window will pop up Set Date Time and Day of Week as the following figure shows Click Create Figure 9 3 Creating a Periodic Time...

Страница 109: ...range Click Create Figure 9 4 Configuring Time Range 4 Choose the menu SYSTEM PoE PoE Config to load the following page Select port 1 0 3 and set the Time Range as OfficeTime Click Apply Figure 9 5 Co...

Страница 110: ...the basic parameters for the port 1 0 3 and bind the time range office time to the port Switch_A config interface gigabitEthernet 1 0 3 Switch_A config if power inline supply enable Switch_A config i...

Страница 111: ...le 10 3 Default Settings of Daylight Saving Time Configuration Parameter Default Setting DST status Disabled Default settings of User Management are listed in the following table Table 10 4 Default Se...

Страница 112: ...nfiguration Parameter Default Setting PoE Config System Power Limit 192 0 W For T1500 28PCT 150 0 W For TL SG2210MP 58 0 W For TL SG2210P Port Config PoE Status Enabled PoE Priority Low Power Limit 0...

Страница 113: ...endix Default Parameters Default settings of Time Range are listed in the following table Table 10 9 Default Settings of Time Range Configuration Parameter Default Setting Holiday Include Downloaded f...

Страница 114: ...es CHAPTERS 1 Physical Interface 2 Basic Parameters Configurations 3 Port Isolation Configurations 4 Loopback Detection Configuration 5 Configuration Examples 6 Appendix Default Parameters Downloaded...

Страница 115: ...This chapter introduces the configurations for physical interfaces 1 2 Supported Features The switch supports the following features about physical interfaces Basic Parameters You can configure port...

Страница 116: ...figure the size of jumbo frames By default it is 1518 bytes Generally the MTU Maximum Transmission Unit size of a normal frame is 1518 bytes If you want the switch supports to transmit frames of which...

Страница 117: ...ch gets overloaded it will send a PAUSE frame to notify the peer device to stop sending data for a specified period of time thus avoiding the packet loss caused by congestion By default it is disabled...

Страница 118: ...ull half Duplex mode of the port The device connected to the port should be in the same speed and duplex mode with the port When auto is selected the duplex mode will be determined by auto negotiation...

Страница 119: ...uplex auto Switch config if flow control Switch config if show interface configuration gigabitEthernet 1 0 1 Port State Speed Duplex FlowCtrl Description Gi1 0 1 Enable Auto Auto Enable router connect...

Страница 120: ...tted by a port The isolated port can only send packets to the ports specified in its Forwarding Port List Choose the menu L2 FEATURES Switching Port Port Isolation to load the following page Figure 3...

Страница 121: ...ommunicate with It is multi optional 3 Click Apply 3 2 Using the CLI Follow these steps to configure Port Isolation Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port...

Страница 122: ...t port ten gigabitEthernet port port channel port channel Verify the Port Isolation configuration of the specified port Step 5 end Return to privileged EXEC mode Step 6 copy running config startup con...

Страница 123: ...s enabled For detailed introductions about storm control refer to Configuring QoS Choose the menu L2 FEATURES Switching Port Loopback Detection to load the following page Figure 4 1 Configuring Loopba...

Страница 124: ...the port Operation Mode Select the operation mode when a loopback is detected on the port Alert The Loop Status will display whether there is a loop detected on the corresponding port It is the defau...

Страница 125: ...ten range gigabitEthernet port list port channel port channel range port channel port channel list Enter interface configuration mode Step 6 loopback detection Enable loopback detection for the port B...

Страница 126: ...ction global Loopback detection global status enable Loopback detection interval 30s Loopback detection recovery time 3 intervals Switch config if end Switch copy running config startup config The fol...

Страница 127: ...Host C Server 5 1 2 Configuration Scheme You can configure port isolation to implement the requirement Set port 1 0 4 as the only forwarding port for port 1 0 1 thus forbidding Host A to forward pack...

Страница 128: ...page to load the following page Select port 1 0 1 as the port to be isolated and select port 1 0 4 as the forwarding port Click Apply Figure 5 3 Port Isolation Configuration 3 Select port 1 0 4 as th...

Страница 129: ...nfig interface gigabitEthernet 1 0 1 Switch config if port isolation gi forward list 1 0 4 Switch config if exit Switch config interface gigabitEthernet 1 0 4 Switch config if port isolation gi forwar...

Страница 130: ...rading the network performance To reduce the impacts of broadcast storms users need to detect loops in the network via Switch A and timely block the port on which a loop is detected Figure 5 5 Network...

Страница 131: ...pply Figure 5 6 Global Configuration 3 In the Port Config section enable ports 1 0 1 3 select the operation mode as Port Based so that the port will be blocked when a loop is detected and keep the rec...

Страница 132: ...ection Switch config if range loopback detection config process mode port based recovery mode auto Switch config if range end Switch copy running config startup config Verify the Configuration Verify...

Страница 133: ...Type Copper For RJ45 Ports Fiber For SFP Ports Status Enabled Speed Auto For RJ45 Ports 1000M For SFP Ports Duplex Auto For RJ45 Ports Full For SFP Ports Flow Control Disabled Loopback Detection Loopb...

Страница 134: ...Part 4 Configuring LAG CHAPTERS 1 LAG 2 LAG Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 135: ...the connection reliability 1 2 Supported Features You can configure LAG in two ways static LAG and LACP Link Aggregation Control Protocol Static LAG The member ports are manually added to the LAG LACP...

Страница 136: ...nly If an active link fails the other active links share the bandwidth evenly One LACP LAG supports multiple member ports but at most eight of them can work simultaneously and the other member ports a...

Страница 137: ...he destination MAC addresses of the packets SRC MAC DST MAC The computation is based on the source and destination MAC addresses of the packets SRC IP The computation is based on the source IP address...

Страница 138: ...only one LAG mode Static LAG or LACP And make sure both ends of a link use the same LAG mode Configuring Static LAG Choose the menu L2 FEATURES Switching LAG Static LAG to load the following page Fig...

Страница 139: ...ue means a higher priority To keep active ports consistent at both ends you can set the system priority of one device to be higher than that of the other device The device with higher priority will de...

Страница 140: ...he port with a smaller port number has the higher priority Mode Select the LACP mode for the port In LACP the switch uses LACPDU Link Aggregation Control Protocol Data Unit to negotiate the parameters...

Страница 141: ...n is based on the source and destination IP addresses of the packets Step 3 show etherchannel load balance Verify the configuration of load balancing algorithm Step 4 end Return to privileged EXEC mod...

Страница 142: ...turn to privileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to add ports1 0 5 8 to LAG 2 and set the mode as stat...

Страница 143: ...Step 4 channel group num mode active passive Add the port to an LAG and set the mode as LACP num The group ID of the LAG mode LAG mode Here you need to select LACP mode active or passive In LACP the s...

Страница 144: ...DU sending mode as active Switch configure Switch config interface range gigabitEthernet 1 0 1 4 Switch config if range channel group 6 mode active Switch config if range show lacp internal Flags S De...

Страница 145: ...ackup To avoid traffic bottleneck between the servers and Switch B you also need to configure LAG on them to increase link bandwidth Here we mainly introduce the LAG configuration between the two swit...

Страница 146: ...on 2 Choose the menu L2 FEATURES Switching LAG LACP Config to load the following page In the Global Config section specify the system priority of Switch A as 0 and Click Apply Remember to ensure that...

Страница 147: ...ange lacp port priority 0 Switch config if range exit 4 Add port 1 0 9 to LAG 1 and set the mode as LACP Then specify the port priority as 1 to set it as a backup port When any of the active ports is...

Страница 148: ...el group 1 Port Flags State LACP Port Priority Admin Key Oper Key Port Number Port State Gi1 0 1 SA Down 0 0x1 0 0x1 0x45 Gi1 0 2 SA Down 0 0x1 0 0x2 0x45 Gi1 0 3 SA Down 0 0x1 0 0x3 0x45 Gi1 0 4 SA D...

Страница 149: ...ettings of Switching are listed in the following tables Table 4 1 Default Settings of LAG Parameter Default Setting LAG Table Hash Algorithm SRC MAC DST MAC LACP Config System Priority 32768 Admin Key...

Страница 150: ...Part 5 Managing MAC Address Table CHAPTERS 1 MAC Address Table 2 MAC Address Configurations 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 151: ...addresses and filtering addresses Address Configurations Dynamic address Dynamic addresses are addresses learned by the switch automatically and the switch regularly ages out those that are not in us...

Страница 152: ...s Entries You can add static MAC address entries by manually specifying the desired MAC address or binding dynamic MAC address entries Adding MAC Addresses Manually Choose the menu L2 FEATURES Switchi...

Страница 153: ...onnected port or the device has been changed the switch cannot forward the packets correctly Please reset the static address entry appropriately 2 Click Create Binding Dynamic Address Entries If some...

Страница 154: ...e steps to modify the aging time of dynamic address entries 1 In the Aging Config section enable Auto Aging and enter your desired length of time Auto Aging Enable Auto Aging then the switch automatic...

Страница 155: ...ss Specify the MAC address to be used by the switch to filter the received packets VLAN ID Specify an existing VLAN in which packets with the specific MAC address are dropped 2 Click Create Note In th...

Страница 156: ...id interface fastEthernet port gigabitEthernet port ten gigabitEthernet port Bind the MAC address VLAN and port together to add a static address to the VLAN mac addr Enter the MAC address and packets...

Страница 157: ...h MAC address 00 02 58 4f 6c 23 VLAN 10 and port 1 When a packet is received in VLAN 10 with this address as its destination the packet will be forwarded only to port 1 0 1 Switch configure Switch con...

Страница 158: ...sed or updated Switch configure Switch config mac address table aging time 500 Switch config show mac address table aging time Aging time is 500 sec Switch config end Switch copy running config startu...

Страница 159: ...iltering address 00 1e 4b 04 01 5d to VLAN 10 Then the switch will drop the packet that is received in VLAN 10 with this address as its source or destination Switch configure Switch config mac address...

Страница 160: ...n the following tables Table 3 1 Entries in the MAC Address Table Parameter Default Setting Static Address Entries None Dynamic Address Entries Auto learning Filtering Address Entries None Table 3 2 D...

Страница 161: ...Part 6 Configuring 802 1Q VLAN CHAPTERS 1 Overview 2 802 1Q VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 162: ...ithin its VLAN It reduces the influence of broadcast traffic in Layer 2 network to the whole network To enhance network security Devices from different VLANs cannot achieve Layer 2 communication and t...

Страница 163: ...n 2802 1Q VLAN Configuration To complete 802 1Q VLAN configuration follow these steps 1 Configure the VLAN including creating a VLAN and adding the desired ports to the VLAN 2 Configure port parameter...

Страница 164: ...Follow these steps to configure VLAN 1 Enter a VLAN ID and a description for identification to create a VLAN VLAN ID Enter a VLAN ID for identification with the values between 2 and 4094 VLAN Name Gi...

Страница 165: ...om 1 to 4094 It is used mainly in the following two ways When the port receives an untagged packet the switch inserts a VLAN tag to the packet based on the PVID Ingress Checking Enable or disable Ingr...

Страница 166: ...on Valid values are from 2 to 4094 for example 2 3 5 Step 3 name descript Optional Specify a VLAN description for identification descript The length of the description should be 1 to 16 characters Ste...

Страница 167: ...tagged untagged Add ports to the specified VLAN vlan list Specify the ID or ID list of the VLAN s that the port will be added to The ID ranges from 1 to 4094 tagged untagged Select the egress rule for...

Страница 168: ...de Step 3 switchport pvid vlan id Configure the PVID of the port s By default it is 1 vlan id The default VLAN ID of the port with the values between 1 and 4094 Step 4 switchport check ingress Enable...

Страница 169: ...5 Switch config if switchport pvid 2 Switch config if switchport check ingress Switch config if switchport acceptable frame all Switch config if show interface switchport gigabitEthernet 1 0 5 Port G...

Страница 170: ...h computers in the other department 3 2 Configuration Scheme Divide computers in Department A and Department B into two VLANs respectively so that computers can communicate with each other in the same...

Страница 171: ...8 on Switch 2 Figure 3 1 Network Topology VLAN 10 VLAN 20 Host A1 Host A2 Host B1 Host B2 Switch 1 Switch 2 Fa1 0 2 Fa1 0 3 Fa1 0 4 Fa1 0 6 Fa1 0 7 Fa1 0 8 Demonstrated with T1500 28PCT the following...

Страница 172: ...partment A 2 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 20 with the description of Department_B Add port 1 0 3 as an untagged port and po...

Страница 173: ...3 3 Creating VLAN 20 for Department B 3 Choose the menu L2 FEATURES VLAN 802 1Q VLAN Port Config to load the following page Set the PVID of port 1 0 2 as 10 and click Apply Set the PVID of port 1 0 3...

Страница 174: ...VLAN 20 for Department B and configure the description as Department B Switch_1 configure Switch_1 config vlan 10 Switch_1 config vlan name Department A Switch_1 config vlan exit Switch_1 config vlan...

Страница 175: ...2 Switch_1 config if switchport pvid 10 Switch_1 config if exit Switch_1 config interface fastEthernet 1 0 3 Switch_1 config if switchport pvid 20 Switch_1 config if end Switch_1 copy running config s...

Страница 176: ...onfig show interface switchport Port LAG Type PVID Acceptable frame type Ingress Checking Fa1 0 1 N A General 1 All Enable Fa1 0 2 N A General 10 All Enable Fa1 0 3 N A General 20 All Enable Fa1 0 4 N...

Страница 177: ...x Default Parameters Default settings of 802 1Q VLAN are listed in the following table Table 4 1 Default Settings of 802 1Q VLAN Parameter Default Setting VLAN ID 1 PVID 1 Ingress Checking Enabled Acc...

Страница 178: ...Part 7 Configuring MAC VLAN CHAPTERS 1 Overview 2 MAC VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 179: ...hen their access ports change The figure below shows a common application scenario of MAC VLAN Figure 1 1 Common Application Scenario of MAC VLAN Meeting Room 1 Laptop A Laptop B Meeting Room 2 Switch...

Страница 180: ...other VLANs such as the protocol VLAN If there is a match the switch will forward the data packet Otherwise the switch will process the data packet according to the processing rule of the 802 1 Q VLA...

Страница 181: ...lick Create Note One MAC address can be bound to only one VLAN 2 1 3 Enabling MAC VLAN for the Port By default MAC VLAN is disabled on all ports You need to enable MAC VLAN for your desired ports manu...

Страница 182: ...Enter the ID number of the 802 1Q VLAN that will be bound to the MAC VLAN descript Specify the MAC address description for identification with up to 8 characters Step 3 show mac vlan all mac address...

Страница 183: ...el port channel list Enter interface configuration mode Step 3 mac vlan Enable MAC VLAN for the port Step 4 show mac vlan interface Verify the configuration of MAC VLAN on each interface Step 5 end Re...

Страница 184: ...Room 1 Laptop A 00 19 56 8A 4C 71 Laptop B 00 19 56 82 3B 70 Meeting Room 2 Switch 3 Fa1 0 3 Fa1 0 2 Fa1 0 2 Fa1 0 2 Gi1 0 1 Fa1 0 1 Fa1 0 5 Fa1 0 4 Switch 1 Switch 2 Server B VLAN 20 Server A VLAN 1...

Страница 185: ...28PCT the following sections provide configuration procedure in two ways using the GUI and using the CLI 3 3 Using the GUI Configurations for Switch 1 and Switch 2 The configurations of Switch 1 and S...

Страница 186: ...Figure 3 2 Creating VLAN 10 2 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 20 and add untagged port 1 0 1 and tagged port 1 0 2 to VLAN 20...

Страница 187: ...cify the corresponding parameters and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20 Figure 3 4 Creating MAC VLAN 4 Choose the menu L2 FEAT...

Страница 188: ...Port 5 Click to save the settings Configurations for Switch 3 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 and add untagged port 1 0 4...

Страница 189: ...LAN Configuration Example Figure 3 6 Creating VLAN 10 2 Click Create to load the following page Create VLAN 20 and add untagged port 1 0 5 and tagged ports 1 0 2 3 to VLAN 20 Click Create Downloaded f...

Страница 190: ...Switch 1 and Switch 2 The configurations of Switch 1 and Switch 2 are the same The following introductions take Switch 1 as an example 1 Create VLAN 10 for Department A and create VLAN 20 for Departm...

Страница 191: ...nd bind the MAC address of Laptop B to VLAN 20 Switch_1 config mac vlan mac address 00 19 56 8A 4C 71 vlan 10 description PCA Switch_1 config mac vlan mac address 00 19 56 82 3B 70 vlan 20 description...

Страница 192: ...allowed vlan 10 untagged Switch_3 config if exit Switch_3 config interface fastEthernet 1 0 5 Switch_3 config if switchport general allowed vlan 20 untagged Switch_3 config if end Switch_3 copy runni...

Страница 193: ...tion Example VLAN Name Status Ports 1 System VLAN active Fa1 0 1 Fa1 0 2 Fa1 0 3 Fa1 0 4 Fa1 0 5 Fa1 0 6 Fa1 0 7 Fa1 0 8 10 DeptA active Fa1 0 2 Fa1 0 3 Fa1 0 4 20 DeptB active Fa1 0 2 Fa1 0 3 Fa1 0 5...

Страница 194: ...pendix Default Parameters Default settings of MAC VLAN are listed in the following table Table 4 1 Default Settings of MAC VLAN Parameter Default Setting MAC Address None Description None VLAN ID None...

Страница 195: ...Part 8 Configuring Protocol VLAN CHAPTERS 1 Overview 2 Protocol VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 196: ...Ns Since different applications and services use different protocols network administrators can use protocol VLAN to manage the network based on specific applications and services The figure below sho...

Страница 197: ...packet If there is a match the switch will insert the corresponding VLAN tag to the data packet and forward it within the VLAN Otherwise the switch will forward the data packet to the default VLAN bas...

Страница 198: ...template Frame Type Select the frame type of the new protocol template Ethernet II A common Ethernet frame format Select to specify the Frame Type by entering the Ether Type SNAP An Ethernet 802 3 fra...

Страница 199: ...f the frame 2 Click Create Note A protocol template that is bound to a VLAN cannot be deleted 2 1 3 Configuring Protocol VLAN Choose the menu L2 FEATURES VLAN Protocol VLAN Protocol VLAN Group and cli...

Страница 200: ...p 1 configure Enter global configuration mode Step 2 protocol vlan template name protocol name frame ether_2 ether type type snap ether type type llc dsap dsap_type ssap ssap_type Create a protocol te...

Страница 201: ...col VLAN Follow these steps to configure protocol VLAN Step 1 configure Enter global configuration mode Step 2 show protocol vlan template Check the index of each protocol template Step 3 protocol vla...

Страница 202: ...e settings in the configuration file The following example shows how to bind the IPv6 protocol template to VLAN 10 and add port 1 0 2 to protocol VLAN Switch configure Switch config show protocol vlan...

Страница 203: ...figuring Protocol VLAN Protocol VLAN Configuration Index Protocol Name VID Priority Member 1 IPv6 10 5 Gi1 0 2 Switch config if end Switch copy running config startup config Downloaded from ManualsNet...

Страница 204: ...sts access the network via Switch 1 Switch 2 is connected to two routers to access the IPv4 network and IPv6 network respectively The routers belong to VLAN 10 and VLAN 20 respectively Figure 3 1 Netw...

Страница 205: ...ch and create the IPv6 protocol template 3 Bind the protocol templates to the corresponding VLANs to form protocol groups and add port 1 0 1 to the groups For Switch 1 configure 802 1Q VLAN according...

Страница 206: ...nfigurations for Switch 1 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 and add untagged port 1 0 1 and untagged port 1 0 3 to VLAN 10...

Страница 207: ...l VLAN Configuration Example 2 Click to load the following page Create VLAN 20 and add untagged ports 1 0 2 3 to VLAN 20 Click Create Figure 3 3 Create VLAN 20 3 Click to save the settings Downloaded...

Страница 208: ...ions for Switch 2 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 and add tagged port 1 0 1 and untagged port 1 0 2 to VLAN 10 Click Crea...

Страница 209: ...otocol VLAN Configuration Example 2 Click to load the following page Create VLAN 20 and add tagged port 1 0 1 and untagged port 1 0 3 to VLAN 20 Click Create Figure 3 5 Create VLAN 20 Downloaded from...

Страница 210: ...rnet II frame type enter 86DD in the Ether Type field and click Create to create the IPv6 protocol template Tips The IPv4 protocol template is already provided by the switch You only need to create th...

Страница 211: ...ion Example Figure 3 8 Configure the IPv4 Protocol Group Figure 3 9 Configure the IPv6 Protocol Group 6 Click to save the settings 3 4 Using the CLI Configurations for Switch 1 1 Create VLAN 10 and VL...

Страница 212: ...0 2 Switch_1 config if switchport general allowed vlan 20 untagged Switch_1 config if exit Switch_1 config interface fastEthernet 1 0 3 Switch_1 config if switchport general allowed vlan 10 20 untagge...

Страница 213: ...vlan 20 untagged Switch_2 config if exit 3 Create the IPv6 protocol template Switch_2 config protocol vlan template name IPv6 frame ether_2 ether type 86dd Switch_2 config show protocol vlan template...

Страница 214: ...Switch 1 Verify 802 1Q VLAN configuration Switch_1 show vlan VLAN Name Status Ports 1 System VLAN active Fa1 0 1 Fa1 0 2 Fa1 0 3 Fa1 0 4 Gi1 0 25 Gi1 0 26 Gi1 0 27 Gi1 0 28 10 IPv4 active Fa1 0 1 Fa1...

Страница 215: ...Protocol VLAN Configuration Example Verify protocol group configuration Switch_2 show protocol vlan vlan Index Protocol Name VID Priority Member 1 IP 10 0 Fa1 0 1 2 IPv6 20 0 Fa1 0 1 Downloaded from M...

Страница 216: ...N are listed in the following table Table 4 1 Default Settings of Protocol VLAN Parameter Default Setting Protocol Template Table 1 IP Ethernet II ether type 0800 2 ARP Ethernet II ether type 0806 3 R...

Страница 217: ...Part 9 Configuring GVRP CHAPTERS 1 Overview 2 GVRP Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 218: ...s sent from Switch A in VLAN 10 only when the network administrator has manually created VLAN 10 on Switch B and Switch C Figure 1 1 VLAN Topology Switch A Switch B VLAN 10 Switch C The configuration...

Страница 219: ...gisters VLANs only when it receives GVRP messages As the messages can only be sent from one GVRP participant to another two way registration is required to configure a VLAN on all ports in a link To i...

Страница 220: ...GVRP configuration It is multi optional Status Enable or disable GVRP on the port By default it is disabled Registration Mode Select the GVRP registration mode for the port Normal In this mode the po...

Страница 221: ...registration A participant will send a Leave message if it wants other participants to deregister some of its attributes The participant receiving the message starts the Leave timer If the participant...

Страница 222: ...hat the participant restarts the LeaveAll timer join Join timer controls the sending of Join messages A GVRP participant starts the Join timer after sending the first Join message If the participant d...

Страница 223: ...ll should be greater than or equal to ten times the Leave value The value for Leave should be greater than or equal to two times the Join value The following example shows how to enable GVRP globally...

Страница 224: ...Gi1 0 1 Switch 4 Dept B VLAN 20 Gi1 0 1 3 2 Configuration Scheme To reduce manual configuration and maintenance workload GVRP can be enabled to implement dynamic VLAN registration and update on the s...

Страница 225: ...same as Switch 1 and Switch 4 are the same as Switch 2 Other switches share similar configurations The following configuration procedures take Switch 1 Switch 2 and Switch 5 as example Configurations...

Страница 226: ...as Enable and set Registration Mode as Fixed Keep the values of the timers as default Click Apply Figure 3 3 GVRP Configuration 3 Click to save the settings Configurations for Switch 2 1 Choose the m...

Страница 227: ...0 2 Choose the menu L2 FEATURES VLAN GVRP to load the following page Enable GVRP globally then click Apply Select port 1 0 1 set Status as Enable and set Registration Mode as Fixed Keep the values of...

Страница 228: ...ings Configurations for Switch 5 1 Choose the menu L2 FEATURES VLAN GVRP to load the following page Enable GVRP globally then click Apply Select ports 1 0 1 3 set Status as Enable and keep the Registr...

Страница 229: ...ilar configurations The following configuration procedures take Switch 1 Switch 2 and Switch 5 as example Configurations for Switch 1 1 Enable GVRP globally Switch_1 configure Switch_1 config gvrp 2 C...

Страница 230: ...artment_B Switch_2 config vlan exit 3 Add tagged port 1 0 1 to VLAN 20 Enable GVRP on the port and set the registration mode as Fixed Switch_2 config interface gigabitEthernet 1 0 1 Switch_2 config if...

Страница 231: ...1 0 1 Switch_1 show gvrp interface Port Status Reg Mode LeaveAll JoinIn Leave LAG Gi1 0 1 Enabled Fixed 1000 20 60 N A Gi1 0 2 Disabled Normal 1000 20 60 N A Switch 2 Verify the global GVRP configura...

Страница 232: ...Global Status Enabled Verify GVRP configuration for ports 1 0 1 3 Switch_5 show gvrp interface Port Status Reg Mode LeaveAll JoinIn Leave LAG Gi1 0 1 Enabled Normal 1000 20 60 N A Gi1 0 2 Enabled Norm...

Страница 233: ...P are listed in the following tables Table 4 1 Default Settings of GVRP Parameter Default Setting Global Config GVRP Disabled Port Config Status Disabled Registration Mode Normal LeaveAll Timer 1000 c...

Страница 234: ...icast 2 IGMP Snooping Configuration 3 MLD Snooping Configuration 4 MVR Configuration 5 Multicast Filtering Configuration 6 Viewing Multicast Snooping Information 7 Configuration Examples 8 Appendix De...

Страница 235: ...ogy not only transmits data with high efficiency but also saves a large bandwidth and reduces network load In practical applications Internet information provider can provide value added services such...

Страница 236: ...each attached network and a timer for each membership Normally only one device acts as querier per physical network If there are more than one multicast router in the network a querier election proce...

Страница 237: ...nts can dynamically join or leave the multicast VLAN without interfering with their relationships in other VLANs There are two types of MVR modes Compatible Mode In compatible mode the MVR switch does...

Страница 238: ...IGMP Snooping takes effect only when it is enabled globally in the corresponding VLAN and port at the same time 2 1 Using the GUI 2 1 1 Configuring IGMP Snooping Globally Choose the menu L2 FEATURES M...

Страница 239: ...ulticast MLD Snooping Global Config page at the same time Header Validation Enable or disable Header Validation By default it is disabled Generally for IGMP packets the TTL value should be 1 ToS field...

Страница 240: ...hat port with a configured interval Last Member Query Interval and wait for IGMP group membership reports If there are other receivers connecting to the switch they will response to the queries before...

Страница 241: ...oes not receive any IGMP general query message from a dynamic router port within the router port aging time the switch will no longer consider this port as a router port and delete it from the router...

Страница 242: ...nooping Querier enabled specify the number of group specific queries to be sent If specified count of group specific queries are sent and no report message is received the switch will delete the multi...

Страница 243: ...port IGMPv1 does not support fast leave Fast Leave can be enabled on a per port basis or per VLAN basis When enabled on a per port basis the switch will remove the port from the corresponding multicas...

Страница 244: ...rts of the multicast group Multicast IP Specify the address of the multicast group that the hosts need to join VLAN ID Specify the VLAN that the hosts are in Member Ports Select the ports that the hos...

Страница 245: ...sure MLD Snooping is enabled globally To enable MLD Snooping globally use the ipv6 mld snooping command in global configuration mode Step 5 ip igmp snooping header validation Optional Enable header va...

Страница 246: ...configure IGMP Snooping for VLANs Step 1 configure Enter global configuration mode Step 2 ip igmp snooping vlan config vlan id list mtime member time Enable IGMP Snooping for the specified VLANs and...

Страница 247: ...cond When the switch receives a leave message from a port to leave a multicast group it will wait for a leave time before removing the port from the multicast group During the period if the switch rec...

Страница 248: ...on a VLAN the switch will remove the Multicast Group Port VLAN entry from the multicast forwarding table before forwarding the leave message to the querier This helps to reduce bandwidth waste since...

Страница 249: ...interval Specify the interval between general query messages sent by the switch Valid values are from 10 to 300 seconds and the default value is 60 seconds ip addr Specify the source IP address of th...

Страница 250: ...VLAN 1 and configure the query interval as 100 seconds the maximum response time as 15 seconds the last member query interval as 2 seconds the last member query count as 3 and the general query source...

Страница 251: ...ave Optional Enable Fast Leave on the specified port Fast Leave can be enabled on a per port basis or per VLAN basis When enabled on a per port basis the switch will remove the port from the correspon...

Страница 252: ...ally join a group Step 1 configure Enter global configuration mode Step 2 ip igmp snooping vlan config vlan id list static ip interface fastEthernet port list gigabitEthernet port list ten gigabitEthe...

Страница 253: ...oping vlan config 2 static 239 1 2 3 interface gigabitEthernet 1 0 1 3 Switch config show ip igmp snooping groups static Multicast ip VLAN id Addr type Switch port 239 1 2 3 2 static Gi1 0 1 3 Switch...

Страница 254: ...g Globally Follow these steps to configure MLD Snooping globally 1 In the Global Config section enable MLD Snooping and configure the Unknown Multicast Groups feature globally MLD Snooping Enable or d...

Страница 255: ...nable MLD Snooping and configure the corresponding parameters for the VLANs that the router ports and the member ports are in Choose the menu L2 FEATURES Multicast MLD Snooping Global Config and click...

Страница 256: ...the querier This helps to reduce bandwidth waste since the switch no longer sends the corresponding multicast streams to the VLAN of the port as soon as the port receives a done message from the VLAN...

Страница 257: ...globally and in the VLAN Query Interval With MLD Snooping Querier enabled specify the interval between general query messages sent by the switch Maximum Response Time With MLD Snooping Querier enabled...

Страница 258: ...there is only one receiver connected to the port MLD Snooping Enable or disable MLD Snooping for the port Fast Leave Enable or disable Fast Leave for the port Fast Leave can be enabled on a per port...

Страница 259: ...1 Specify the multicast IP address VLAN ID Select the ports to be the static member ports of the multicast group Multicast IP Specify the IPv6 address of the multicast group that the hosts need to joi...

Страница 260: ...py running config startup config Save the settings in the configuration file The following example shows how to enable MLD Snooping globally and the way how the switch processes multicast streams that...

Страница 261: ...300 seconds Once the switch receives an MLD general query message from a port the switch adds this port to the router port list Router ports that are learned in this way are called dynamic router por...

Страница 262: ...ponding multicast group That is if there are other receivers connecting to the switch the one sent done message have to wait until the port ages out from the switch s forwarding list of the correspond...

Страница 263: ...fy the host s maximum response time to general query messages query interval interval Specify the interval between general query messages sent by the switch ip addr Specify the source IP address of th...

Страница 264: ...as 100 seconds the maximum response time as 15 seconds the last listener query interval as 2 seconds the last listener query count as 3 and the general query source IP as FE80 1 Switch configure Switc...

Страница 265: ...Leave can be enabled on a per port basis or per VLAN basis When enabled on a per port basis the switch will remove the port from the corresponding multicast group of all VLANs before forwarding the d...

Страница 266: ...ip interface fastEthernet port list gigabitEthernet port list ten gigabitEthernet port list port channel lag list vlan id list Specify the ID or the ID list of the VLAN s ip Specify the IP address of...

Страница 267: ...Layer 2 Multicast MLD Snooping Configuration Multicast ip VLAN id Addr type Switch port ff80 1234 01 2 static Gi1 0 1 3 Switch config end Switch copy running config startup config Downloaded from Man...

Страница 268: ...ls can be enabled on a port at the same time When both are enabled MVR listens to the report and leave messages only for the multicast groups configured in MVR All other multicast groups are managed b...

Страница 269: ...ticast VLAN Dynamic In this mode after receiving report or leave messages from the hosts the switch will forward them to the IGMP querier via the multicast VLAN with appropriate translation of the VLA...

Страница 270: ...of the multicast groups MVR Group IP MVR Group Count Specify the start IP address and the number of contiguous series of multicast groups Multicast data sent to the address specified here will be sen...

Страница 271: ...VR group is added successfully and the source port has received query messages from this multicast group Member Displays the member ports in this MVR group 4 1 4 Configuring MVR for the Port Choose th...

Страница 272: ...ort is physically up and in one or more VLANs Active NotInVLAN The port is physically up and not in any VLAN Inactive InVLAN The port is physically down and in one or more VLANs Inactive NotInVLAN The...

Страница 273: ...groups membership information from the switch You have to statically configure the IGMP querier to transmit all the required multicast streams to the switch via the multicast VLAN dynamic In this mod...

Страница 274: ...ctive Show all inactive multicast group active Show all active multicast group Step 8 end Return to privileged EXEC mode Step 9 copy running config startup config Save the settings in the configuratio...

Страница 275: ...port Step 4 mvr type source receiver Configure the MVR port type as receiver or source By default the port is a non MVR port If you attempt to configure a non MVR port with MVR characteristics the op...

Страница 276: ...of the specified interface s show mvr members Show the membership information of all MVR groups Step 8 end Return to privileged EXEC mode Step 9 copy running config startup config Save the settings i...

Страница 277: ...Gi1 0 2 Enable Receiver INACTIVE InVLAN Enable Gi1 0 3 Enable Receiver INACTIVE InVLAN Enable Gi1 0 7 Enable Source INACTIVE InVLAN Disable Switch config if range show mvr members MVR Group IP status...

Страница 278: ...iles for both IPv4 and IPv6 network With multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources The process for creating multicast profi...

Страница 279: ...9 Mode Select Permit or Deny as the filtering mode Permit Acts as a whitelist and only allows specific member ports to join specified multicast groups Deny Acts as a blacklist and prevents specific me...

Страница 280: ...configure the number of multicast groups a port can join and the overflow action The process for configuring multicast filtering for ports in IPv4 and IPv6 are similar The following introductions take...

Страница 281: ...icast groups the port has joined exceeds the maximum Drop Drop all subsequent membership report messages to prevent the port joining a new multicast groups Replace Replace the existing multicast group...

Страница 282: ...5 show ip igmp profile id Show the detailed IGMP profile configuration Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration file T...

Страница 283: ...be filtered start ip end ip Specify the start IP address and end IP address of the IP range Step 5 show ipv6 mld profile id Show the detailed MLD profile configuration Step 6 end Return to privileged...

Страница 284: ...e the maximum number of multicast groups the port can join maxgroup Specify the maximum number of multicast groups the port can join Valid values are from is 1 to 511 Step 5 ip igmp snooping max group...

Страница 285: ...s Gi1 0 2 Switch config if show ip igmp snooping interface gigabitEthernet 1 0 2 max groups Port Max Groups Overflow Action Gi1 0 2 50 Drops Switch config end Switch copy running config startup confi...

Страница 286: ...ed MLD profile configuration show ipv6 mld snooping interface fastEthernet port list gigabitEthernet port list ten gigabitEthernet port list port channel port channel list max groups Show the multicas...

Страница 287: ...ng Configuration Gi1 0 2 Switch config if show ipv6 mld snooping interface gigabitEthernet 1 0 2 max groups Port Max Groups Overflow Action Gi1 0 2 50 Drops Switch config end Switch copy running confi...

Страница 288: ...id Multicast IP VLAN Port entries Multicast IP Displays the multicast source IP address VLAN ID Displays the ID of the VLAN the multicast group belongs to Source Displays the source of the multicast e...

Страница 289: ...s on each port 1 To get the real time multicast statistics enable Auto Refresh or click Refresh Auto Refresh Enable or disable Auto Refresh When enabled the switch will automatically refresh the multi...

Страница 290: ...all valid Multicast IP VLAN Port entries Multicast IP Displays the multicast source IP address VLAN ID Displays the ID of the VLAN the multicast group belongs to Source Displays the source of the mult...

Страница 291: ...nable or disable Auto Refresh When enabled the switch will automatically refresh the multicast statistics Refresh Interval After Auto Refresh is enabled specify the time interval for the switch to ref...

Страница 292: ...t port list packet stat Displays the packet statistics on specified ports or all ports clear ip igmp snooping statistics Clear all statistics of all IGMP packets 6 2 2 Viewing IPv6 Multicast Snooping...

Страница 293: ...topology Host B Host C and Host D are connected to port 1 0 1 port 1 0 2 and port 1 0 3 respectively Port 1 0 4 is the router port connected to the multicast querier Figure 7 1 Network Topology for B...

Страница 294: ...d using the CLI 7 1 3 Using the GUI 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 and add Untagged port 1 0 1 3 and Tagged port 1 0 4 t...

Страница 295: ...e following page In the Global Config section enable IGMP Snooping globally Configure the IGMP version as v3 so that the switch can process IGMP messages of all versions Then click Apply Figure 7 4 Co...

Страница 296: ...cast IGMP Snooping Port Config to load the following page Enable IGMP Snooping for ports 1 0 1 4 Figure 7 6 Enable IGMP Snooping for the Ports 6 Click to save the settings 7 1 4 Using the CLI 1 Create...

Страница 297: ...tch config interface range fastEthernet 1 0 1 4 Switch config if range switchport pvid 10 Switch config if range exit 4 Enable IGMP Snooping globally Switch config ip igmp snooping 5 Enable IGMP Snoop...

Страница 298: ...e VLAN 10 7 2 Example for Configuring MVR 7 2 1 Network Requirements Host B Host C and Host D are in three different VLANs of the switch All of them want to receive multicast streams sent to multicast...

Страница 299: ...either MVR compatible mode or MVR dynamic mode When in compatible mode remember to statically configure the Querier to transmit the streams of multicast group 225 1 1 1 to the switch via the multicast...

Страница 300: ...7 8 VLAN Configurations for Port 1 0 1 3 Figure 7 9 PVID for Port 1 0 1 3 2 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 40 and add port 1...

Страница 301: ...t MVR MVR Config to load the following page Enable MVR globally and configure the MVR mode as Dynamic multicast VLAN ID as 40 Figure 7 11 Configure MVR Globally 4 Choose the menu L2 FEATURES Multicast...

Страница 302: ...the settings 7 2 5 Using the CLI 1 Create VLAN 10 VLAN 20 VLAN 30 and VLAN 40 Switch configure Switch config vlan 10 20 30 40 Switch config vlan exit 2 Add port 1 0 1 3 to VLAN 10 VLAN 20 and VLAN 30...

Страница 303: ...port pvid 40 Switch config if exit 3 Check whether port1 0 1 3 only belong to VLAN 10 VLAN 20 and VLAN 30 respectively If not delete them from the other VLANs By default all ports are in VLAN 1 so you...

Страница 304: ...config if range exit Switch config interface fastEthernet 1 0 4 Switch config if mvr Switch config if mvr type source Switch config if exit 6 Save the settings Switch config end Switch copy running c...

Страница 305: ...tch config show mvr members MVR Group IP Status Members 225 1 1 1 active Gi1 0 4 7 3 Example for Configuring Unknown Multicast and Fast Leave 7 3 1 Network Requirement A user experiences lag when he i...

Страница 306: ...nds a leave message about leaving the previous channel With Fast Leave enabled on port 1 0 2 the switch will then drop multicast data from the previous channel which ensures that Host B only receives...

Страница 307: ...TURES Multicast MLD Snooping Global Config page at the same time 3 In the IGMP VLAN Config section click in VLAN 10 to load the following page Enable IGMP Snooping for VLAN 10 Figure 7 16 Enable IGMP...

Страница 308: ...s Discard globally Switch config ip igmp snooping drop unknown 3 Enable IGMP Snooping on port 1 0 2 and enable Fast Leave On port 1 0 4 enable IGMP Snooping Switch config interface fastEthernet 1 0 2...

Страница 309: ...enable enable 7 4 Example for Configuring Multicast Filtering 7 4 1 Network Requirements Host B Host C and Host D are in the same subnet Host C and Host D only receive multicast data sent to 225 0 0...

Страница 310: ...LAN 10 Querier Source Gi1 0 4 Gi1 0 2 Gi1 0 3 Gi1 0 1 Demonstrated with T1500 28PCT this section provides configuration procedures in two ways using the GUI and using the CLI 7 4 4 Using the GUI 1 Cre...

Страница 311: ...ion Examples Figure 7 19 Enable IGMP Snooping Globally 3 In the IGMP VLAN Config section click in VLAN 10 to load the following page Enable IGMP Snooping for VLAN 10 Figure 7 20 Enable IGMP Snooping f...

Страница 312: ...le IGMP Snooping on the Port 5 Choose the menu L2 FEATURES Multicast Multicast Filtering IPv4 Profile and click to load the following page Create Profile 1 specify the mode as Permit bind the profile...

Страница 313: ...7 22 Configure Filtering Profile for Host C and Host D 6 Click again to load the following page Create Profile 2 specify the mode as Deny bind the profile to port 1 0 1 and specify the filtering mult...

Страница 314: ...igure Switch config vlan 10 Switch config vlan name vlan10 Switch config vlan exit 2 Add port 1 0 1 3 to VLAN 10 and set the link type as untagged Add port 1 0 4 to VLAN 10 and set the link type as ta...

Страница 315: ...gmp snooping Switch config if range exit 7 Create Profile 1 configure the mode as permit and add an IP range with both start IP and end IP being 225 0 0 1 Switch config ip igmp profile 1 Switch config...

Страница 316: ...artup config Verify the Configurations Show global settings of IGMP Snooping Switch config show ip igmp snooping IGMP Snooping Enable IGMP Version V3 Enable Port Gi1 0 1 4 Enable VLAN 10 Show all prof...

Страница 317: ...MP Snooping Disabled Fast Leave Disabled Report Suppression Disabled Member Port Aging Time 260 seconds Router Port Aging Time 300 seconds Leave Time 1 second IGMP Snooping Querier Disabled Query Inte...

Страница 318: ...abled Report Suppression Disabled Member Port Aging Time 260 seconds Router Port Aging Time 300 seconds Leave Time 1 second MLD Snooping Querier Disabled Query Interval 60 seconds Maximum Response Tim...

Страница 319: ...oup Settings MVR Group Entries None MVR Settings on the Port MVR Mode Disabled MVR Port Type None Fast Leave Disabled MVR Static Group Members MVR Static Group Member Entries None 8 4 Default Paramete...

Страница 320: ...anning Tree CHAPTERS 1 Spanning Tree 2 STP RSTP Configurations 3 MSTP Configurations 4 STP Security Configurations 5 Configuration Example for MSTP 6 Appendix Default Parameters Downloaded from Manual...

Страница 321: ...panning Tree Protocol provides the same features as STP Besides RSTP can provide much faster spanning tree convergence MSTP MSTP Multiple Spanning Tree Protocol also provides the fast spanning tree co...

Страница 322: ...wed to be configured manually on the switch and the switch with the lowest priority value will be elected as the root bridge If the priority of the switches are the same the switch with the smallest M...

Страница 323: ...ee function enabled Port Status Generally in STP the port status includes Blocking Listening Learning Forwarding and Disabled Blocking In this status the port receives and sends BPDUs The other packet...

Страница 324: ...ort is enabled with spanning tree function but not connected to any device Path Cost The path cost reflects the link speed of the port The smaller the value the higher link speed the port has The path...

Страница 325: ...to help determine the spanning tree topology 1 2 2 MSTP Concepts MSTP compatible with STP and RSTP has the same basic elements used in STP and RSTP Based on the networking topology this section will...

Страница 326: ...nstance but one VLAN can be mapped to only one instance As Figure 1 4 shows VLAN 3 is mapped to instance 1 VLAN 4 and VLAN 5 are mapped to instance 2 the other VLANs are mapped to the IST IST The Inte...

Страница 327: ...ay be lead to low speed links With root protect function enabled when the port receives higher priority BDPUs it will temporarily transit to blocking state After two times of forward delay if the port...

Страница 328: ...used to announce changes in the network topology If a user maliciously sends a large number of TC BPDUs to a switch in a short period the switch will be busy with removing MAC address entries which ma...

Страница 329: ...nning tree it s necessary to make clear the role that each switch plays in a spanning tree To avoid any possible network flapping caused by STP RSTP parameter changes it is recommended to enable STP R...

Страница 330: ...g is Auto which means the port calculates the internal path cost automatically according to the port s link speed This parameter is only used in MSTP and you need not to configure it if the spanning t...

Страница 331: ...with the root bridge Designated Port Indicates that the port is the designated port in the spanning tree It has the lowest path cost from the root bridge to this physical network segment and is used...

Страница 332: ...lected as the root bridge in CIST Hello Time Specify the interval between BPDUs sending The default value is 2 The root bridge sends configuration BPDUs at an interval of Hello Time It works with the...

Страница 333: ...orward Delay and Max Age conform to the following formulas 2 Hello Time 1 Max Age 2 Forward Delay 1 Max Age 2 In the Global Config section enable spanning tree function choose the STP mode as STP RSTP...

Страница 334: ...f the local bridge The local bridge is the current switch Root Bridge Displays the bridge ID of the root bridge External Path Cost Displays the root path cost from the switch to the root bridge Region...

Страница 335: ...ged 2 2 Using the CLI 2 2 1 Configuring STP RSTP Parameters on Ports Follow these steps to configure STP RSTP parameters on ports Step 1 configure Enter global configuration mode Step 2 interface fast...

Страница 336: ...t auto open close Select the status of the P2P Point to Point link to which the ports are connected During the regeneration of the spanning tree if the port of P2P link is elected as the root port or...

Страница 337: ...2 2 Configuring Global STP RSTP Parameters Follow these steps to configure global STP RSTP parameters of the switch Step 1 configure Enter global configuration mode Step 2 spanning tree priority pri...

Страница 338: ...e to test the link failures and maintain the spanning tree max age Specify the value of Max Age It is the maximum time that the switch can wait without receiving a BPDU before attempting to regenerate...

Страница 339: ...igure Enter global configuration mode Step 2 spanning tree mode stp rstp Configure the spanning tree mode as STP RSTP stp Specify the spanning tree mode as STP rstp Specify the spanning tree mode as R...

Страница 340: ...dge is the root bridge Designated Bridge Priority 32768 Address 00 0a eb 13 12 ba Local Bridge Priority 32768 Address 00 0a eb 13 12 ba Interface State Prio Ext Cost Int Cost Edge P2p Mode Gi1 0 16 En...

Страница 341: ...ing the spanning tree it s necessary to make clear the role that each switch plays in a spanning tree To avoid any possible network flapping caused by MSTP parameter changes it is recommended to enabl...

Страница 342: ...t indicates the path cost of the port in spanning tree The port with the lowest root path cost will be elected as the root port of the switch For MSTP external path cost indicates the path cost of the...

Страница 343: ...r that the MCheck status of the port will switch to Disabled Port Mode Displays the spanning tree mode of the port STP The spanning tree mode of the port is STP RSTP The spanning tree mode of the port...

Страница 344: ...he switches with the same region name the same revision level and the same VLAN Instance mapping are considered as in the same region Besides configure the priority of the switch the priority and path...

Страница 345: ...nstance ID Priority and corresponding VLAN ID Figure 3 4 Configuring the Instance Instance ID Enter the corresponding instance ID Priority Specify the priority for the switch in the corresponding inst...

Страница 346: ...LAGs for configuration Priority Specify the Priority for the port in the corresponding instance The value should be an integral multiple of 16 ranging from 0 to 240 The port with lower value has the h...

Страница 347: ...r master port Backup Port Indicates that the port is the backup port in the desired instance It is the backup of the designated port Master Port Indicates the port provides the lowest root path cost f...

Страница 348: ...he higher priority In STP RSTP CIST priority is the priority of the switch in spanning tree The switch with the highest priority will be elected as the root bridge In MSTP CISP priority is the priorit...

Страница 349: ...he new value When the hop reaches zero the switch will discard the BPDU This value can control the scale of the spanning tree in the MST region Note Max Hops is a parameter configured in MSTP You need...

Страница 350: ...mmary information of CIST Spanning Tree Displays the status of the spanning tree function Spanning Tree Mode Displays the spanning tree mode Local Bridge Displays the bridge ID of the local switch The...

Страница 351: ...ot Bridge Displays the bridge ID of the root bridge in the desired instance Internal Path Cost Displays the internal path cost It is the root path cost from the current switch to the regional root bri...

Страница 352: ...in MSTP For MSTP internal path cost is used to calculate the path cost in IST The port with the lowest root path cost will be elected as the root port of the switch in IST portfast enable disable Ena...

Страница 353: ...fig startup config Save the settings in the configuration file This example shows how to enable spanning tree function for port 1 0 3 and configure the port priority as 32 Switch configure Switch conf...

Страница 354: ...nfiguration mode as to configure the VLAN Instance mapping region name and revision level Step 4 name name Configure the region name of the region name Specify the region name used to identify an MST...

Страница 355: ...h config mst show spanning tree mst configuration Region Name R1 Revision 100 MST Instance Vlans Mapped 0 1 7 4094 5 2 6 Switch config mst end Switch copy running config startup config Configuring the...

Страница 356: ...oot path cost will be elected as the root port of the switch Step 4 show spanning tree mst configuration digest instance instance id interface fastEthernet port gigabitEthernet port port channel lagid...

Страница 357: ...lay Hello Time and Max Age forward time Specify the value of Forward Delay It is the interval between the port state transition from listening to learning The valid values are from 4 to 30 in seconds...

Страница 358: ...urn to privileged EXEC mode Step 8 copy running config startup config Save the settings in the configuration file Note To prevent frequent network flapping make sure that Hello Time Forward Delay and...

Страница 359: ...ormation of MSTP Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file This example shows how to configure the spanning tree m...

Страница 360: ...Gi 0 16 Enable 128 200000 200000 No Yes auto Mstp Altn Blk Gi 0 20 Enable 128 200000 200000 No Yes auto Mstp Root Fwd MST Instance 1 Root Bridge Priority 32768 Address 00 0a eb 13 12 ba Local bridge i...

Страница 361: ...unit or LAGs for configuration Loop Protect Enable or disable Loop Protect It is recommended to enable this function on root ports and alternate ports When there are link congestions or link failures...

Страница 362: ...er after receiving the first TC BPDU then it will restart timing BPDU Protect Enable or disable the BPDU Protect function It is recommended to enable this function on edge ports Edge ports in spanning...

Страница 363: ...ly transit to blocking state when it receives higher priority BDPUs After two forward delays if the port does not receive any other higher priority BDPUs it will transit to its normal state Step 5 spa...

Страница 364: ...id Specify the ID of the LAG Step 10 end Return to privileged EXEC mode Step 11 copy running config startup config Save the settings in the configuration file This example shows how to enable Loop Pro...

Страница 365: ...s the default path cost of the port is 200000 It is required that traffic in VLAN 101 VLAN 103 and traffic in VLAN 104 VLAN 106 should be transmitted along different paths Figure 5 1 Network Topology...

Страница 366: ...f Switch C as 0 to set it as the root bridge in instance 2 5 Configure the path cost to block the specified ports For instance 1 set the path cost of port 1 0 1 of Switch A to be greater than the defa...

Страница 367: ...ollowing page Enable spanning tree function on port 1 0 1 and port 1 0 2 Here we leave the values of the other parameters as default settings Click Apply Figure 5 4 Enable Spanning Tree Function on Po...

Страница 368: ...d set the priority as 32768 map VLAN104 VLAN106 to instance 2 and set the priority as 32768 Click Create Figure 5 6 Configuring the VLAN Instance Mapping 5 Choose the menu L2 FEATURES Spanning Tree MS...

Страница 369: ...owing page Enable MSTP function globally here we leave the values of the other global parameters as default settings Click Apply Figure 5 8 Configure the Global MSTP Parameters of the Switch 2 Choose...

Страница 370: ...g page Set the region name as 1 and the revision level as 100 Click Apply Figure 5 10 Configuring the Region 4 Choose the menu L2 FEATURES Spanning Tree MSTP Instance Instance Config Map VLAN101 VLAN1...

Страница 371: ...selected as the designated port Figure 5 12 Configure the Path Cost of Port 1 0 2 in Instance 2 6 Click to save the settings Configurations for Switch C 1 Choose the menu L2 FEATURES Spanning Tree STP...

Страница 372: ...tion on Ports 3 Choose the menu Spanning Tree MSTP Instance Region Config to load the following page Set the region name as 1 and the revision level as 100 Click Apply Figure 5 15 Configuring the Regi...

Страница 373: ...0000 Switch config if exit Switch config interface gigabitEthernet 1 0 2 Switch config if spanning tree Switch config if exit 3 Configure the region name as 1 the revision number as 100 map VLAN101 VL...

Страница 374: ...h B in instance 1 as 0 to set it as the root bridge in instance 1 Switch config spanning tree mst configuration Switch config mst name 1 Switch config mst revision 100 Switch config mst instance 1 vla...

Страница 375: ...ch config mst instance 1 vlan 101 103 Switch config mst instance 2 vlan 104 106 Switch config mst exit Switch config spanning tree mst instance 2 priority 0 Switch config end Switch copy running confi...

Страница 376: ...Priority 0 Address 3c 46 d8 9d 88 f7 Internal Cost 200000 Root Port 2 Designated Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Local Bridge Priority 32768 Address 00 0a eb 13 23 97 Interface Prio Cost...

Страница 377: ...Gi1 0 2 128 200000 Desg Fwd Verify the configurations of Switch B in instance 2 Switch config show spanning tree mst instance 2 MST Instance 2 Root Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Interna...

Страница 378: ...ted Bridge Priority 0 Address 00 0a eb 13 12 ba Local Bridge Priority 32768 Address 3c 46 d8 9d 88 f7 Interface Prio Cost Role Status Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128 200000 Root Fwd Verify the...

Страница 379: ...Spanning Tree Configuration Example for MSTP Local Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Interface Prio Cost Role Status Gi1 0 1 128 200000 Desg Fwd Gi1 0 2 128 200000 Desg Fwd Downloaded from M...

Страница 380: ...sabled Mode STP CIST Priority 32768 Hello Time 2 seconds Max Age 20 seconds Forward Delay 15 seconds Tx Hold Count 5 pps Max Hops 20 hops Table 6 2 Default Settings of the Port Parameters Parameter De...

Страница 381: ...g Priority 32768 Port Priority 128 Path Cost Auto Table 6 4 Default Settings of the STP Security Parameter Default Setting Loop Protect Disabled Root Protect Disabled TC Guard Disabled BPDU Protect Di...

Страница 382: ...LLDP CHAPTERS 1 LLDP 2 LLDP Configurations 3 LLDP MED Configurations 4 Viewing LLDP Settings 5 Viewing LLDP MED Settings 6 Configuration Example 7 Appendix Default Parameters Downloaded from ManualsNe...

Страница 383: ...ice to access the network VoIP devices can use LLDP MED for auto configuration to minimize the configuration effort 1 2 Supported Features The switch supports LLDP and LLDP MED LLDP allows the local d...

Страница 384: ...follow the steps 1 Configure the LLDP feature globally 2 Configure the LLDP feature for the port 2 1 Using the GUI 2 1 1 Configuring LLDP Globally Choose the L2 FEATURES LLDP LLDP Config Global Confi...

Страница 385: ...discarding it The default value is 4 TTL Hold Multiplier Transmit Interval Transmit Delay Specify the amount of delay from when Admin Status of ports becomes Disable until reinitialization will be att...

Страница 386: ...s and receives LLDP packets Rx_Only The port only receives LLDP packets Tx_Only The port only transmits LLDP packets Disable The port will not transmit LLDP packets or drop the received LLDP packets N...

Страница 387: ...of the VLAN which the port is in LA Used to advertise whether the link is capable of being aggregated whether the link is currently in an aggregation and the port ID when it is in an aggregation PS Us...

Страница 388: ...kets that are periodically sent from the local device to its neighbors tx delay Specify the amount of time that the local device waits before sending another LLDP packet to its neighbors The default i...

Страница 389: ...atus Notification Mode and the TLVs included in the LLDP packets Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port r...

Страница 390: ...ample shows how to configure the port 1 0 1 The port can receive and transmit LLDP packets its notification mode is enabled and the outgoing LLDP packets include all TLVs Switch configure Switch confi...

Страница 391: ...onfigurations Port VLAN ID Yes Protocol VLAN ID Yes VLAN Name Yes Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes Switch config if end Switch copy running config startup config Downlo...

Страница 392: ...onfigure the LLDP parametres for the ports For the details of LLDP configuration refer to LLDP Configuration 3 1 1 Configuring LLDP MED Globally Choose the menu L2 FEATURES LLDP Config LLDP MED Config...

Страница 393: ...2 FEATURES LLDP LLDP MED Config Port Config to load the following page Figure 3 2 LLDP MED Port Config Follow these steps to enable LLDP MED 1 Select the desired port and enable LLDP MED Click Apply 2...

Страница 394: ...ocation Identification Parameters section Extended Power Via MDI Used to advertise the detailed PoE information including power supply priority and supply status between LLDP MED Endpoint devices and...

Страница 395: ...l Specify the number of successive LLDP MED frames that the local device sends when fast start mechanism is activated When the fast start mechanism is activated the local device will send the specifie...

Страница 396: ...nfigure the LLDP MED TLVs included in the outgoing LLDP packets By default the outgoing LLDP packets include all TLVs If LLDP MED Location TLV is selected configure the parameters as follows lldp med...

Страница 397: ...med fast count 4 Switch config interface gigabitEthernet 1 0 1 Switch config if lldp med status Switch config if lldp med tlv select all Switch config if show lldp interface gigabitEthernet 1 0 1 LLDP...

Страница 398: ...uide 375 LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch config end Switch copy running config startup conf...

Страница 399: ...apter introduces how to view the LLDP settings on the local device 4 1 Using GUI 4 1 1 Viewing LLDP Device Info Viewing the Local Info Choose the menu L2 FEATURES LLDP LLDP Config Local Info to load t...

Страница 400: ...e local device System Description Displays the system description of the local device System Capabilities Supported Displays the supported capabilities of the local system System Capabilities Enabled...

Страница 401: ...vice OperMau Displays the OperMau Optional Mau field of the TLV configured by the local device Link Aggregation Supported Displays whether the local device supports link aggregation Link Aggregation E...

Страница 402: ...ording to your needs Click Apply 2 In the Neighbor Info section select the desired port and view its associated neighbor device information System Name Displays the system name of the neighbor device...

Страница 403: ...global statistics of the local device Last Update Displays the time when the statistics updated Total Inserts Displays the total number of neighbors during latest update time Total Deletes Displays t...

Страница 404: ...cards Displays the total number of the TLVs discarded by the port when receiving LLDP packets TLV Unknowns Displays the total number of the unknown TLVs included in the received LLDP packets 4 2 Using...

Страница 405: ...DP MED Settings 5Viewing LLDP MED Settings 5 1 Using GUI Choose the menu L2 FEATURES LLDP LLDP MED Config Local Info to load the following page Viewing the Local Info Figure 5 1 LLDP MED Local Info Do...

Страница 406: ...plays the Layer 2 priority used in the specific application Media Policy DSCP Displays the DSCP value used in the specific application Location Data Format Displays the Location ID data format of the...

Страница 407: ...Follow these steps to view LLDP MED neighgbor information 1 In the Auto Refresh section enable the Auto Refresh feature and set the Refresh Rate according to your needs Click Apply 2 In the Neighbor...

Страница 408: ...the ports on the local device Viewing the Neighbor Info show lldp neighbor information interface fastEthernet port gigabitEthernet port ten gigabitEthernet port Display the information of the neighbor...

Страница 409: ...DP Network Topology Fa1 0 1 Fa1 0 2 Switch A Switch B PC 6 3 Configuration Scheme LLDP can meet the network requirements Enable the LLDP feature globally on Switch A and Switch B Configure the related...

Страница 410: ...fig to load the following page Set the Admin Status of port Fa1 0 1 as Tx Rx enable Notification Mode and configure all the TLVs included in the outgoing LLDP packets Figure 6 3 LLDP Port Config 6 5 U...

Страница 411: ...ets Switch_A configure Switch_A config interface fastEthernet 1 0 1 Switch_A config if lldp receive Switch_A config if lldp transmit Switch_A config if lldp snmp trap Switch_A config if lldp tlv selec...

Страница 412: ...em Name Yes Management Address Yes Port VLAN ID Yes Protocol VLAN ID Yes VLAN Name Yes Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes LLDP MED Status Disabled TLV Status Network Poli...

Страница 413: ...gement address type ipv4 Management address 192 168 0 226 Management address interface type IfIndex Management address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLA...

Страница 414: ...ion type Reserved Unknown policy Yes Tagged No VLAN ID 0 Layer 2 Priority 0 DSCP 0 Location Data Format Civic Address LCI What Switch Country Code CN Power Type PSE Device Power Source Primary Power P...

Страница 415: ...JetStream 48 Port Gigabit Smart PoE Switch with 4 SFP Slots System capabilities supported Bridge Router System capabilities enabled Bridge Router Management address type ipv4 Management address 192 16...

Страница 416: ...393 Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Power port class PSE PSE power supported Yes PSE power enabled No PSE pairs control ability No Maximum frame size...

Страница 417: ...al 30 seconds Hold Multiplier 4 Transmit Delay 2 seconds Reinitialization Delay 2 seconds Notification Interval 5 seconds Fast Start Repeat Count 3 Table 7 2 Default LLDP Settings on the Port Paramete...

Страница 418: ...t 13 Configuring DHCP Service CHAPTERS 1 DHCP 2 DHCP Relay Configuration 3 DHCP L2 Relay Configuration 4 Configuration Examples 5 Appendix Default Parameters Downloaded from ManualsNet com search engi...

Страница 419: ...s in different LANs can share one DHCP server DHCP Relay includes three features Option 82 and DHCP VLAN Relay Option 82 Option 82 is called the DHCP Relay Agent Information Option It provides additio...

Страница 420: ...gs Type Hex Length Hex Value Format Remote ID Customization Normal TLV Disabled 00 06 Default remote ID Enabled 01 Length of the customized remote ID Customized remote ID Private Only the value Disabl...

Страница 421: ...lients and the VLANs that the clients belong to and the remote ID records the MAC address of the DHCP relay agent That is the two sub options together record the location of the clients To record the...

Страница 422: ...In DHCP L2 Relay in addition to normally assigning IP addresses to clients from the DHCP server the switch can inform the DHCP server of some specified information such as the location information of...

Страница 423: ...1 Using the GUI 2 1 1 Enabling DHCP Relay and Configuring Option 82 Choose the menu L3 FEATURES DHCP Service DHCP Relay DHCP Relay Config to load the following page Figure 2 1 Enable DHCP Relay and C...

Страница 424: ...that include the Option 82 field Keep The switch keeps the Option 82 field of the packets Replace The switch replaces the Option 82 field of the packets with a new one The switch presets a default cir...

Страница 425: ...faces Choose the menu L3 FEATURES DHCP Service DHCP Relay DHCP VLAN Relay to load the following page Figure 2 2 Configure DHCP VLAN Relay Follow these steps to specify DHCP Server for the specific VLA...

Страница 426: ...count is more than the value you set here the packet will be dropped hops Specify the maximum hops for DHCP packets Valid values are from the 1 to 16 and the default value is 4 Step 4 ip dhcp relay ti...

Страница 427: ...tch config ip dhcp relay time 10 DHCP relay state enabled DHCP relay hops 5 DHCP relay Time Threshold 10 seconds Switch config end Switch copy running config startup config 2 2 2 Optional Configuring...

Страница 428: ...ible with each other The default circuit ID is a 4 byte value which consists of 2 byte VLAN ID and 2 byte Port ID The VLAN ID indicates which VLAN the DHCP client belongs to and the Port ID indicates...

Страница 429: ...startup config 2 2 3 Configuring DHCP VLAN Relay Follow these steps to configure DHCP VLAN Relay Step 1 configure Enter Global Configuration Mode Step 2 Enter VLAN Interface Configuration Mode interfa...

Страница 430: ...d configure the DHCP server address as 192 168 1 8 on VLAN 10 Switch configure Switch config interface vlan 1 Switch config if ip dhcp relay default interface Switch config if exit Switch config ip dh...

Страница 431: ...Service DHCP L2 Relay Global Config to load the following page Figure 3 1 Enable DHCP L2 Relay Follow these steps to enable DHCP L2 Relay globally for the specified VLAN 1 In the Global Config section...

Страница 432: ...same DHCP server Option 82 Policy Select the operation for the switch to take when receiving DHCP packets that include the Option 82 field Keep The switch keeps the Option 82 field of the packets Rep...

Страница 433: ...mpatible with each other Remote ID Customization Enable or disable Remote ID Customization Enable it if you want to manually configure the remote ID Otherwise the switch uses its own MAC address as th...

Страница 434: ...cp l2relay information option Enable the Option 82 feature on the port Step 4 ip dhcp l2relay information strategy keep replace drop Specify the operation for the switch to take when receiving DHCP pa...

Страница 435: ...ver should be compatible with each other string Enter the remote ID with up to 64 characters Step 8 show ip dhcp l2relay information interface fastEthernet port gigabitEthernet port port channel port...

Страница 436: ...Configuring DHCP Service DHCP L2 Relay Configuration User Guide 413 Switch config if end Switch copy running config startup config Downloaded from ManualsNet com search engine...

Страница 437: ...pology for DHCP VLAN Relay DHCP Server 192 168 0 59 24 VLAN 20 VLAN 10 Marketing Dept R D Dept DHCP Relay Agent 192 168 0 1 Gi1 0 1 Gi1 0 2 4 1 2 Configuration Scheme In the given situation the DHCP s...

Страница 438: ...following sections provide configuration procedures in two ways using the GUI and using the CLI 4 1 3 Using the GUI Configuring the DHCP Server 1 Choose the menu L3 FEATURES DHCP Service DHCP Server D...

Страница 439: ...Ns on the Relay Agent 1 Choose the menu L2 FEATURES VLAN 802 1Q VLAN VLAN Config and click to load the following page Create VLAN 10 for the Marketing department and add port 1 0 1 as untagged port to...

Страница 440: ...DHCP VLAN Relay on the Relay Agent 1 Choose the menu L3 FEATURES DHCP Service DHCP Relay DHCP Relay Config to load the following page In the Global Config section enable DHCP Relay and click Apply Fi...

Страница 441: ...d VLAN 20 Figure 4 8 Specify DHCP Server for Interface VLAN 10 Figure 4 9 Specify DHCP Server for Interface VLAN 20 4 Click to save the settings 4 1 4 Using the CLI Configurting the DHCP Server 1 Enab...

Страница 442: ...witch config vlan 20 Switch config vlan name RD Switch config vlan exit Switch config interface gigabitEthernet 1 0 2 Switch config if switchport general allowed vlan 20 untagged Switch config if exit...

Страница 443: ...lan Helper address VLAN 10 192 168 0 59 VLAN 20 192 168 0 59 4 2 Example for Option 82 in DHCP Relay 4 2 1 Network Requirements As the following figure shows there are two groups of computers Group 1...

Страница 444: ...P addresses of different address pools to the computers in different groups The overview of the configurations are as follows 1 Configuring Switch A a Configure 802 1Q VLAN Add all computers to VLAN 2...

Страница 445: ...ure 4 11 Enable DHCP Relay 2 In the Option 82 Config section select port 1 0 1 and port 1 0 2 enable Option 82 Support and set Option 82 Policy as Replace You can configure other parameters according...

Страница 446: ...Follow these steps to configure DHCP relay and enable Option 82 in DHCP Relay on Switch A 1 Enable DHCP Relay Switch configure Switch config service dhcp relay 2 Enable Option 82 for port 1 0 1 and p...

Страница 447: ...config if exit 4 Specify the DHCP server for the interface VLAN 2 Switch config ip dhcp relay vlan 2 helper address 192 168 0 59 Switch config end Switch copy running config startup config 5 Verify th...

Страница 448: ...HCP classes to identify the Option 82 payloads of DHCP request packets from Group 1 and Group 2 respectively In this example the DHCP relay agent uses the default circuit ID and remote ID in TLV forma...

Страница 449: ...ters 192 168 0 1 option subnet mask 255 255 255 0 option domain name servers 192 168 0 59 option domain name example com default lease time 600 max lease time 7200 authoritative pool range 192 168 0 5...

Страница 450: ...e PCs in different groups The overview of the configurations are as follows 1 Configuring Switch A a Enable DHCP L2 Relay globally and on VLAN 1 b Configure Option 82 on ports 1 0 1 and 1 0 2 Demonstr...

Страница 451: ...click Apply Figure 4 16 Enabling DHCP L2 Relay 2 Choose the menu L3 FEATURES DHCP Service DHCP L2 Relay Port Config to load the following page Select port 1 0 1 enable Option 82 Support and select Op...

Страница 452: ...config ip dhcp l2relay vlan 1 2 On port 1 0 1 enable Option 82 and select Option 82 Policy as Replace You can configure other parameters according to your needs In this example keep Format as Normal a...

Страница 453: ...ernet 1 0 1 Interface Option 82 Status Operation Strategy Format Circuit ID Gi1 0 1 Enable Replace Normal Group1 Switch show ip dhcp l2relay information interface gigabitEthernet 1 0 1 Interface Optio...

Страница 454: ...f the Linux ISC DHCP Server is ddns update style interim ignore client updates Create two classes to match the pattern of Option 82 in DHCP request packets from Group 1 and Group 2 respectively The ag...

Страница 455: ...option domain name example com default lease time 600 max lease time 7200 authoritative pool range 192 168 10 100 192 168 10 150 allow members of Group1 pool range 192 168 10 151 192 168 10 200 allow...

Страница 456: ...y Time Threshold 0 Option 82 Configuration Option 82 Support Disabled Option 82 Policy Keep Format Normal Circuit ID Customization Disabled Circuit ID None Remote ID Customization Disabled Remote ID N...

Страница 457: ...s Parameter Default Setting VLAN Status Disabled Port Config Option 82 Support Disabled Option 82 Policy Keep Format Normal Circuit ID Customization Disabled Circuit ID None Remote ID Customization Di...

Страница 458: ...ERS 1 QoS 2 Class of Service Configuration 3 Bandwidth Control Configuration 4 Voice VLAN Configuration 5 Auto VoIP Configuration 6 Configuration Examples 7 Appendix Default Parameters Downloaded from...

Страница 459: ...erent priority queues and then forwards the packets according to specified scheduler settings to implement QoS function Priority Mode Three modes are supported Port Priority 802 1p Priority and DSCP P...

Страница 460: ...ures can be enabled on the ports that transmit voice traffic only or transmit both voice traffic and data traffic Voice VLAN can change the voice packets 802 1p priority and transmit the packets in de...

Страница 461: ...e from 0 to 7 802 1P priority determines the priority of packets based on the PRI value In this mode the switch only prioritizes packets with VLAN tag regardless of the IP header of the packets DSCP P...

Страница 462: ...ify the 802 1p priority and set the trust mode as Untrusted 802 1p Priority Specify the port to 802 1p mapping for the desired port The ingress packets from one port are first mapped to 802 1p priorit...

Страница 463: ...e 802 1p to Queue Mapping In the 802 1p to Queue Mapping section configure the mappings and click Apply 802 1p Priority Displays the number of 802 1p priority In QoS 802 1p priority is used to represe...

Страница 464: ...g the Trust Mode Follow these steps to configure the trust mode 1 Select the desired ports and set the trust mode as Trust 802 1p Trust Mode Select the Trust mode as Trust 802 1p In this mode the tagg...

Страница 465: ...2 1Q tag as PRI filed The PRI values are called 802 1p priority and used to represent the priority of the layer 2 packets This function requires packets with VLAN tags Queue Select the TC queue for th...

Страница 466: ...port to 802 1p mapping and will be forwarded according to the 802 1p to queue mapping 2 1 3 Configuring DSCP Priority Configuring the Trust Mode Choose the menu QoS Class of Service Port Priority to...

Страница 467: ...e 802 1p to Queue Mapping In the 802 1p to Queue Mapping section configure the mappings and click Apply 802 1p Priority Displays the number of 802 1p priority In QoS 802 1p priority is used to represe...

Страница 468: ...represent the priority of IP packets The DSCP values range from 0 to 63 802 1p Priority Specify the DSCP to 802 1p mapping The ingress packets are first mapped to 802 1p priority based on the DSCP to...

Страница 469: ...tion occurs Choose the menu QoS Class of Service Scheduler Settings to load the following page Figure 2 8 Specifying the Scheduler Settings Follow these steps to configure the schedule mode 1 In the S...

Страница 470: ...alues are from 1 to 127 Management Type Displays the Management Type for the queues The switch supports Taildrop mode When the traffic exceeds the limit the additional traffic will be dropped 3 Click...

Страница 471: ...t channel port channel id Verify the port to 802 1p mappings Step 7 end Return to privileged EXEC mode Step 8 copy running config startup config Save the settings in the configuration file Configuring...

Страница 472: ...h config qos cos map 1 3 Switch config show qos trust interface gigabitEthernet 1 0 1 Port Trust Mode LAG Gi1 0 1 untrust N A Switch config show qos port priority interface gigabitEthernet 1 0 1 Port...

Страница 473: ...ps to configure the 802 1p to queue mapping and 802 1p remap Step 1 configure Enter global configuration mode Step 2 qos cos map dot1p priority tc queue Specify the 802 1p to queue mapping The packets...

Страница 474: ...following example shows how to configure the trust mode of port 1 0 1 as dot1p map 802 1p priority 3 to TC4 and configure to map the original 802 1p 1 to 802 1p priority 3 Switch configure Switch conf...

Страница 475: ...os trust mode untrust dot1p dscp Select the trust mode for the port By default it is untrust Here we set the trust mode as dscp dscp Specify the ports trust mode as dscp In this mode the IP packets wi...

Страница 476: ...ping then to TC queues based on the 802 1p to queue mapping The untagged packets with the desired DSCP priority will be added an 802 1p priority value according to the DSCP to 802 1p mapping by defaul...

Страница 477: ...port 1 0 1 as dscp map 802 1p priority 3 to TC4 map DSCP priority 1 3 5 7 to 802 1p priority 3 and configure to map the original DSCP priority 9 to DSCP priority 5 Switch configure Switch config inte...

Страница 478: ...0 31 DSCP to 802 1P 3 3 3 3 3 3 3 3 DSCP 32 33 34 35 36 37 38 39 DSCP to 802 1P 4 4 4 4 4 4 4 4 DSCP 40 41 42 43 44 45 46 47 DSCP to 802 1P 5 5 5 5 5 5 5 5 DSCP 48 49 50 51 52 53 54 55 DSCP to 802 1P...

Страница 479: ...59 60 61 62 63 DSCP remap value 56 57 58 59 60 61 62 63 Switch config if end Switch copy running config startup config 2 2 4 Specifying the Scheduler Settings Follow these steps to specify the schedul...

Страница 480: ...idth that each traffic queue occupies will be allocated based on the queue weight weight Specify the queue weight for the desired queue This value can be set only in the wrr mode The valid values are...

Страница 481: ...ring QoS Class of Service Configuration TC1 Strict N A TC2 WRR 1 TC3 WRR 1 TC4 WRR 5 TC5 WRR 1 TC6 WRR 1 TC7 WRR 1 Switch config if end Switch copy running config startup config Downloaded from Manual...

Страница 482: ...ese steps to configure the Rate Limit function 1 Select the desired port and configure the upper rate limit to receive and send packets Ingress Rate 0 1 000 000Kbps Configure the upper rate limit for...

Страница 483: ...the specific kinds of traffic in kilo bits per second ratio The switch will limit the percentage of bandwidth utilization for specific kinds of traffic Broadcast Threshold 0 1 000 000 Specify the uppe...

Страница 484: ...l not recover to its normal state automatically and you can recover the port manually 2 Click Apply Note The member port of an LAG Link Aggregation Group follows the configuration of the LAG and not i...

Страница 485: ...itch config interface gigabitEthernet 1 0 5 Switch config if bandwidth ingress 5120 egress 1024 Switch config if show bandwidth interface gigabitEthernet 1 0 5 Port IngressRate Kbps EgressRate Kbps LA...

Страница 486: ...receiving unknown unicast frames The traffic exceeding the limit will be processed according to the Action configurations rate Enter the upper rate In kbps mode the valid values are from 1 to 1000000...

Страница 487: ...ollowing example shows how to configure the upper rate limit of broadcast packets as 1024 kbps Specify the action as shutdown and set the recover time as 10 for port 1 0 5 Switch configure Switch conf...

Страница 488: ...figuring 802 1Q VLAN VLAN 1 is a default VLAN and cannot be configured as the voice VLAN Only one VLAN can be set as the voice VLAN on the switch 4 1 Using the GUI 4 1 1 Configuring OUI Addresses The...

Страница 489: ...packet An OUI address is the first 24 bits of a MAC address and is assigned as a unique identifier by IEEE Institute of Electrical and Electronics Engineers to a device vendor If the source MAC addre...

Страница 490: ...alue means a higher priority This is an IEEE 802 1p priority and you can further configure its scheduler mode in Class of Service if needed 2 Click Apply 4 1 1 Adding Ports to Voice VLAN Choose the me...

Страница 491: ...OUI address to the table oui prefix Enter the OUI address for your voice device in the format of XX XX XX string Give an OUI address description for identification It contains 16 characters at most St...

Страница 492: ...lt SIEMENS 00 03 6B Default CISCO1 00 12 43 Default CISCO2 00 0F E2 Default H3C 00 60 B9 Default NITSUKO 00 D0 1E Default PINTEL 00 E0 75 Default VERILINK 00 E0 BB Default 3COM 00 04 0D Default AVAYA1...

Страница 493: ...iguring QoS Voice VLAN Configuration Gi1 0 3 enabled Up N A Gi1 0 4 disabled Down N A Gi1 0 5 disabled Down N A Switch config if end Switch copy running config startup config Downloaded from ManualsNe...

Страница 494: ...ic It can work with other features such as VLAN and Class of Service to process the voice packets with specific fields You can choose and configure Auto VoIP and other features according to your needs...

Страница 495: ...ue Enter the value of VLAN ID or 802 1p priority for the port according to the Interface Mode configurations CoS Override Mode Enable or disable the Class of Service override mode Enabled Enable CoS o...

Страница 496: ...as dot1p In this mode the voice devices will send voice packets with desired 802 1p priority If this mode is selected it is necessary to specify 802 1p priority The valid values are from 0 to 7 In ad...

Страница 497: ...enable the CoS override mode for port 1 0 3 Switch configure Switch config auto voip Switch config interface gigabitEthernet 1 0 3 Switch config if auto voip dot1p 4 Switch config if auto voip dscp 10...

Страница 498: ...erface Gi1 0 3 Auto VoIP Interface Mode Enabled Auto VoIP Priority 4 Auto VoIP COS Override True Auto VoIP DSCP Value 10 Auto VoIP Port Status Enabled Switch config if end Switch copy running config s...

Страница 499: ...RD Dept Marketing Dept Router Fa1 0 3 Fa1 0 1 Fa1 0 2 Switch A Internet 6 1 2 Configuration Scheme To implement this requirement you can configure Port Priority to put the packets from the Marketing...

Страница 500: ...riority to load the following page Set the trust mode of port 1 0 1 and 1 0 2 as untrusted Specify the 802 1p priority of port 1 0 1 as 1 and specify the 802 1p priority of port 1 0 2 as 0 Click Apply...

Страница 501: ...gs 3 Choose the menu QoS Class of Service Scheduler Settings to load the following page Select the port 1 0 3 and set the scheduler type of TC 0 and TC 1 as Weighted Specify the queue weight of TC 0 a...

Страница 502: ...if qos trust mode untrust Switch_A config if qos port priority 1 Switch_A config if exit 2 Set the trust mode of port 1 0 2 as untrusted and specify the 802 1p priority as 0 Switch_A config interface...

Страница 503: ...config if qos queue 1 mode wrr weight 5 Switch_A config if end Switch_A copy running config startup config Verify the configurations Verify the trust mode of the port Switch_A show qos trust interface...

Страница 504: ...1 0 3 LAG N A Queue Schedule Mode Weight TC0 WRR 1 TC1 WRR 5 TC2 WRR 1 TC3 WRR 1 TC4 WRR 1 TC5 WRR 1 TC6 WRR 1 TC7 WRR 1 6 2 Example for Voice VLAN 6 2 1 Network Requirements As shown below the compan...

Страница 505: ...on specify the priority to make the voice traffic can take precedence when the congestion occurs 1 Configure 802 1Q VLAN for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 2 Configure Voice VLAN feat...

Страница 506: ...uration Examples User Guide 483 Figure 6 6 Configuring VLAN 2 2 Click to load the following page Create VLAN 3 and add untagged port 1 0 3 and port 1 0 4 to VLAN 3 Click Create Downloaded from Manuals...

Страница 507: ...e 6 7 Configuring VLAN 3 3 Choose the menu L2 FEATURES VLAN 802 1Q VLAN Port Config to load the following page Disable the Ingress Checking feature on port 1 0 1 and port 1 0 2 and specify the PVID as...

Страница 508: ...nu QoS Voice VLAN OUI Config to load the following page Check the OUI table Figure 6 9 Checking the OUI Table 5 Choose the menu QoS Voice VLAN Global Config to load the following page Enable Voice VLA...

Страница 509: ...n Ports 7 Click to save the settings 6 2 4 Using the CLI 1 Create VLAN 2 and add untagged port 1 0 1 port 1 0 2 and port 1 0 4 to VLAN 2 Switch_A configure Switch_A config vlan 2 Switch_A config vlan...

Страница 510: ...nfig if exit Switch_A config interface fastEthernet 1 0 4 Switch_A config if switchport general allowed vlan 3 untagged Switch_A config if exit 3 Disable the Ingress Checking feature on port 1 0 1 and...

Страница 511: ...fastEthernet 1 0 1 Switch_A config if voice vlan Switch_A config if exit Switch_A config interface fastEthernet 1 0 2 Switch_A config if voice vlan Switch_A config if end Switch_A copy running config...

Страница 512: ...N A Fa1 0 2 enabled Up N A Fa1 0 3 disabled Down N A Fa1 0 4 disabled Down N A Fa1 0 5 disabled Down N A Gi1 0 28 disabled Down N A 6 3 Example for Auto VoIP 6 3 1 Network Requirements As shown below...

Страница 513: ...edence when congestion occurs 1 Enable the Auto VoIP feature and configure the DSCP value of ports 2 Configure Class of Service 3 Enable LLDP MED and configure the corresponding parameters Demonstrate...

Страница 514: ...ort Priority to load the following page Set the trust mode of port 1 0 1 as trust DSCP Click Apply Figure 6 14 Configuring Port Priority 3 Choose the menu QoS Class of Service DSCP Priority to load th...

Страница 515: ...s 5 for other DSCP priorities Click Apply Figure 6 16 Specifying the 802 1p priority for Other DSCP priorities 5 Choose the menu QoS Class of Service Scheduler Settings to load the following page Sele...

Страница 516: ...93 Figure 6 17 Configuring the TC 5 for the Port 6 Select port 1 0 2 Set the scheduler mode as weighted and specify the queue weight as 10 for TC 7 Click Apply Figure 6 18 Configuring the TC 7 for the...

Страница 517: ...f port1 0 1 to load the following page Check the boxes of all the TLVs Click Save Figure 6 19 Configuring the TLVs 8 Choose the menu L2 FEATURES LLDP LLDP MED Config Port Config to load the following...

Страница 518: ...de dscp Switch_A config if exit Switch_A config qos dscp map 63 7 Switch_A config qos dscp map 0 62 5 3 On port 1 0 1 set the scheduler mode as weighted and specify the queue weight as 1 for TC 5 Set...

Страница 519: ...erride False Auto VoIP DSCP Value 63 Auto VoIP Port Status Disabled Interface Fa1 0 2 Auto VoIP Interface Mode Disabled Auto VoIP COS Override False Auto VoIP DSCP Value 0 Auto VoIP Port Status Disabl...

Страница 520: ...1 12 13 14 15 DSCP to 802 1P 5 5 5 5 5 5 5 5 DSCP 16 17 18 19 20 21 22 23 DSCP to 802 1P 5 5 5 5 5 5 5 5 DSCP 24 25 26 27 28 29 30 31 DSCP to 802 1P 5 5 5 5 5 5 5 5 DSCP 32 33 34 35 36 37 38 39 DSCP t...

Страница 521: ...Disabled TLV Status Port Description Yes System Capability Yes System Description Yes System Name Yes Management Address Yes Port VLAN ID Yes Protocol VLAN ID Yes VLAN Name Yes Link Aggregation Yes MA...

Страница 522: ...Configuring QoS Configuration Examples User Guide 499 Inventory Management Yes Downloaded from ManualsNet com search engine...

Страница 523: ...ng 802 1P Priority 0 Trust Mode Untrusted Table 7 2 Default Settings of 802 1p to Queue Mapping 802 1p Priority Queues 8 0 TC1 1 TC0 2 TC2 3 TC3 4 TC4 5 TC5 6 TC6 7 TC7 Table 7 3 Default Settings of 8...

Страница 524: ...3 3 25 25 47 47 4 4 26 26 af31 011010 48 48 cs6 110000 5 5 27 27 49 49 6 6 28 28 af32 011100 50 50 7 7 29 29 51 51 8 8 cs1 001000 30 30 af33 011110 52 52 9 9 31 31 53 53 10 10 af11 001010 32 32 cs4 1...

Страница 525: ...Parameter Default Setting Ingress Rate 0 1 000 000Kbps 0 Egress Rate 0 1 000 000Kbps 0 Table 7 8 Default Settings of Storm Control Parameter Default Setting Rate Mode kbps Broadcast Threshold 0 1 000...

Страница 526: ...1 00 12 43 Default CISCO2 00 0F E2 Default H3C 00 60 B9 Default NITSUKO 00 D0 1E Default PINTEL 00 E0 75 Default VERILINK 00 E0 BB Default 3COM 00 04 0D Default AVAYA1 00 1B 4F Default AVAYA2 00 04 13...

Страница 527: ...Part 15 Configuring Access Security CHAPTERS 1 Access Security 2 Access Security Configurations 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 528: ...l It can allow or deny users to access the switch via a web browser HTTPS This function is based on the SSL or TLS protocol working in transport layer It supports a security access via a web browser S...

Страница 529: ...urity Access Control to load the following page Figure 2 1 Configuring the Access Control 1 In the Global Config section enable Access Control select one control mode and click Apply Control Mode Choo...

Страница 530: ...on to manage the network devices via NMS Telnet A connection type for users to remote login SSH A connection type based on SSH protocol HTTP A connection type based on HTTP protocol HTTPS A connection...

Страница 531: ...ress Enter the MAC address Only the users with this MAC address can access the switch via the specified interfaces When the Port based mode is selected the following window will pop up Figure 2 4 Conf...

Страница 532: ...In the Global Control section enable HTTP function specify the port using for HTTP and click Apply to enable the HTTP function HTTP HTTP function is based on the HTTP protocol It allows users to manag...

Страница 533: ...ime The total number of users should be no more than 16 Number of Admins Specify the maximum number of users whose access level is Admin Number of Operators Specify the maximum number of users whose a...

Страница 534: ...the menu SECURITY Access Security HTTPS Config to load the following page Figure 2 6 Configuring the HTTPS Function 1 In the Global Config section enable HTTPS function select the protocol version th...

Страница 535: ...time Port Specify the port number for HTTPS service 2 In the Cipher Suite Config section select the algorithm to be enabled and click Apply RSA_WITH_ RC4_128_MD5 128 bit RC4 encryption with MD5 messag...

Страница 536: ...users whose access level is Operator Number of Power Users Specify the maximum number of users whose access level is Power User Number of Users Specify the maximum number of users whose access level i...

Страница 537: ...ring the SSH Feature 1 In the Global Config section select Enable to enable SSH function and specify following parameters SSH Select Enable to enable the SSH function SSH is a protocol working in appl...

Страница 538: ...and click Apply 4 In Import Key File section select key type from the drop down list and click Browse to download the desired key file Key Type Select the key type The algorithm of the corresponding t...

Страница 539: ...C based user access control mac based mac addr snmp telnet ssh http https ping all Only the users with a certain MAC address can access the switch via the specified interfaces mac addr Specify the MAC...

Страница 540: ...cess control ip based 192 168 0 100 255 255 255 0 snmp telnet http https Switch config show user configuration User authentication mode IP based Index IP Address Access Interface 1 192 168 0 100 24 SN...

Страница 541: ...ow ip http configuration Verify the configuration information of the HTTP server including status session timeout access control max user number and the idle timeout etc Step 6 end Return to privilege...

Страница 542: ...rsion 1 2 as the protocol for HTTPS all Enable all the above protocols for HTTPS The HTTPS server and client will negotiate the protocol each time Step 4 ip http secure ciphersuite rc4 128 md5 rc4 128...

Страница 543: ...ess ip addr Download the desired certificate to the switch from TFTP server ssl cert Specify the name of the SSL certificate which ranges from 1 to 25 characters The certificate must be BASE64 encoded...

Страница 544: ...ttp secure server download certificate ca crt ip address 192 168 0 100 Start to download SSL certificate Download SSL certificate OK Switch config ip http secure server download key ca key ip address...

Страница 545: ...you set num Enter the number of the connections which ranges from 1 to 5 The default value is 5 Step 6 ip ssh algorithm AES128 CBC AES192 CBC AES256 CBC Blowfish CBC Cast128 CBC 3DES CBC HMAC SHA1 HMA...

Страница 546: ...ity algorithm Choose the key type as SSH 2 RSA DSA Switch config ip ssh server Switch config ip ssh version v1 Switch config ip ssh version v2 Switch config ip ssh timeout 100 Switch config ip ssh max...

Страница 547: ...ch config end Switch copy running config startup config 2 2 5 Configuring the Telnet Function Follow these steps enable the Telnet function Step 1 configure Enter global configuration mode Step 2 teln...

Страница 548: ...imeout 10 minutes Number Control Disabled Table 3 3 Default Settings of HTTPS Configuration Parameter Default Setting HTTPS Enabled Protocol Version All Port 443 RSA_WITH_RC4_128_MD5 Enabled RSA_WITH_...

Страница 549: ...ctions 5 Port 22 AES128 CBC Enabled AES192 CBC Enabled AES256 CBC Enabled Blowfish CBC Enabled Cast128 CBC Enabled 3DES CBC Enabled HMAC SHA1 Enabled HMAC MD5 Enabled Key Type SSH 2 RSA DSA Table 3 5...

Страница 550: ...Part 16 Configuring AAA CHAPTERS 1 Overview 2 AAA Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 551: ...ve privileges without the Enable password provided AAA provides a safe and efficient authentication method The authentication can be processed locally on the switch or centrally on the RADIUS TACACS s...

Страница 552: ...users in the order they are added The server that is first added to the group has the highest priority and is responsible for authentication under normal circumstances If the first one breaks down or...

Страница 553: ...ers act as backup servers in case the first one breaks down Adding RADIUS Server Choose the menu SECURITY AAA RADIUS Config and click to load the following page Figure 2 1 RADIUS Server Configuration...

Страница 554: ...y the NAS indicates the switch itself 2 Click Create to add the RADIUS server on the switch Adding TACACS Server Choose the menu SECURITY AAA TACACS Config and click to load the following page Figure...

Страница 555: ...configure a new server group 1 Click and the following window will pop up Figure 2 4 Add Server Group Configure the following parameters Server Group Specify a name for the server group Server Type S...

Страница 556: ...entication You can edit the default methods or follow these steps to add a new method 1 Click in the Authentication Login Method List section or Authentication Enable Method List section to add corres...

Страница 557: ...SECURITY AAA Global Config to load the following page Figure 2 7 Configure Application List Follow these steps to configure the AAA application list 1 In the AAA Application List section select an ac...

Страница 558: ...iew the configurations and some network information without the Enable password Some configuration principles on the server are as follows For Login authentication configuration more than one login ac...

Страница 559: ...e valid values are from 1 to 3 and the default setting is 2 nas id nas id Specify the name of the NAS Network Access Server to be contained in RADIUS packets for identification It ranges from 1 to 31...

Страница 560: ...server to reply before resending The valid values are from 1 to 9 seconds and the default setting is 5 seconds key 0 string 7 encrypted string Specify the shared key 0 and 7 represent the encryption...

Страница 561: ...these steps to add a server group Step 1 configure Enter global configuration mode Step 2 aaa group radius tacacs group name Create a server group radius tacacs Specify the group type group name Speci...

Страница 562: ...method3 method4 Configure a login method list method list Specify a name for the method list method1 method2 method3 method4 Specify the authentication methods in order The first method authenticates...

Страница 563: ...us local Switch config end Switch copy running config startup config The following example shows how to create an Enable method list named Enable1 and configure the method 1 as the default radius serv...

Страница 564: ...ethod list Step 5 show aaa global Verify the configuration of application list Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuratio...

Страница 565: ...d list Step 5 show aaa global Verify the configuration of application list Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration fi...

Страница 566: ...eturn to privileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to apply the existing Login method list named Login1...

Страница 567: ...y from the configuration file of another switch The key or encrypted key you configured here will be displayed in the encrypted form enable admin secret 0 password 5 encrypted password Set the Enable...

Страница 568: ...s enable and the Enable password is customizable All the users trying to get administrative privileges share this Enable password On TACACS server configure the value of enable 15 as the Enable passwo...

Страница 569: ...authentication system Figure 3 1 Network Topology RADIUS Server 1 192 168 0 10 24 Auth Port 1812 RADIUS Server 2 192 168 0 20 24 Auth Port 1812 Switch Administrator Management Network 3 2 Configuratio...

Страница 570: ...IP as 192 168 0 10 the Shared Key as 123456 the Authentication Port as 1812 and keep the other parameters as default Click Create to add RADIUS Server 1 on the switch Figure 3 2 Add RADIUS Server 1 2...

Страница 571: ...he menu SECURITY AAA Method List and click in the Authentication Login Method List section Specify the Method List Name as MethodLogin and select the Pri1 as RADIUS1 Click Create to set the method lis...

Страница 572: ...pplication List 7 Click to save the settings 3 4 Using the CLI 1 Add RADIUS Server 1 and RADIUS Server 2 on the switch Switch config radius server host 192 168 0 10 auth port 1812 key 123456 Switch co...

Страница 573: ...tion Method Enable Switch config line end Switch copy running config startup config Verify the Configuration Verify the configuration of the RADIUS servers Switch show radius server Server Ip Auth Por...

Страница 574: ...nable RADIUS1 Verify the status of the AAA feature and the configuration of the AAA application list Switch show aaa global Module Login List Enable List Telnet Method Login Method Enable SSH default...

Страница 575: ...None Shared Key None Auth Port 1812 Acct Port 1813 Retransmit 2 Timeout 5 seconds NAS Identifier The MAC address of the switch TACACS Config Server IP None Timeout 5 seconds Shared Key None Port 49 Se...

Страница 576: ...fault Parameters Parameter Default Setting AAA Application List telnet Login List default Enable List default ssh Login List default Enable List default http Login List default Enable List default Dow...

Страница 577: ...Part 17 Configuring 802 1x CHAPTERS 1 Overview 2 802 1x Configuration 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 578: ...1x authentication client software on the client hosts enabling them to request 802 1x authentication to access the LAN Authenticator An authenticator is usually a network device that supports 802 1x...

Страница 579: ...thentication and Port Security cannot be enabled at the same time Before enabling 802 1x authentication make sure that Port Security is disabled 2 1 Using the GUI 2 1 1 Configuring the RADIUS Server C...

Страница 580: ...server if the server does not respond The default setting is 2 Timeout Specify the time interval that the switch waits for the server to reply before resending The default setting is 5 seconds NAS Id...

Страница 581: ...Save Figure 2 4 Adding Server Group Configuring the Dot1x List Choose the menu SECURITY AAA Dot1x List to load the following page Figure 2 5 Configuring the Dot1x List Follow these steps to configure...

Страница 582: ...client The transmission of EAP Extensible Authentication Protocol packets is terminated at the switch and the EAP packets are converted to other protocol such as RADIUS packets and transmitted to the...

Страница 583: ...exists on the switch the switch will directly add the authenticated port to the related VLAN and change the PVID instead of creating a new VLAN If no VLAN is supplied by the RADIUS server or if 802 1x...

Страница 584: ...network only when it is authenticated Force Authorized If this option is selected the port can access the network without authentication Force Unauthorized If this option is selected the port can neve...

Страница 585: ...ddress of the first authenticated device wil be displayed with a suffix p PAE State Displays the current state of the authenticator PAE state machine Possible values are Initialize Disconnected Connec...

Страница 586: ...e server if the server does not respond The valid values are from 1 to 3 and the default setting is 2 nas id nas id Specify the name of the NAS Network Access Server to be contained in RADIUS packets...

Страница 587: ...onfiguration of RADIUS server Step 8 show aaa group group name Optional Verify the configuration of server group Step 9 show aaa authentication dot1x Optional Verify the authentication method list Ste...

Страница 588: ...Timeout Retransmit NAS Identifier Shared key 192 168 0 100 1812 1813 5 2 000AEB132397 123456 Switch config show aaa group radius1 192 168 0 100 Switch config show aaa authentication dot1x Methodlist p...

Страница 589: ...Link 802 1x Client and the switch Please disable Handshake feature if you are using other client softwares instead of TP Link 802 1x Client Step 6 dot1x vlan assignment Optional Enable or disable the...

Страница 590: ...ten gigabitEthernet port range ten gigabitEthernet port list Enter interface configuration mode port Enter the ID of the port to be configured Step 3 dot1x Enable 802 1x authentication for the port S...

Страница 591: ...other clients can access the LAN without authentication Step 8 dot1x max req times Specify the maximum number of attempts to send the authentication packet for the client times The maximum attempts fo...

Страница 592: ...port based Switch config if show dot1x interface gigabitEthernet 1 0 2 Port State MAB State GuestVLAN PortControl PortMethod Gi1 0 2 disabled disabled 0 auto port based MaxReq QuietPeriod SuppTimeout...

Страница 593: ...address Initialize the specific client To access the network the client needs to provide the correct information to pass the authentication again mac address Enter the MAC address of the client that w...

Страница 594: ...tion configure the control mode as auto and set the control type as MAC based Enable 802 1x authentication on the ports connected to clients Keep 802 1x authentication disabled on ports connected to t...

Страница 595: ...1812 Demonstrated with T1500 28PCT acting as the authenticator the following sections provide configuration procedure in two ways using the GUI and using the CLI 3 4 Using the GUI 1 Choose the menu SE...

Страница 596: ...r group for authentication and click Apply Figure 3 4 Configuring Authentication RADIUS Server 4 Choose the menu SECURITY 802 1x Global Config to load the following page Enable 802 1x authentication a...

Страница 597: ...up exit Switch_A config aaa authentication dot1x default RADIUS1 2 Globally enable 802 1x authentication and set the authentication protocol Switch_A config dot1x system auth control Switch_A config d...

Страница 598: ...x authentication Switch_A show dot1x global 802 1X State Enabled Authentication Protocol EAP Handshake State Enabled 802 1X Accounting State Disabled 802 1X VLAN Assignment State Disabled Verify the c...

Страница 599: ...of RADIUS Switch_A show aaa global Module Login List Enable List Telnet default default Ssh default default Http default default Switch_A show aaa authentication dot1x Methodlist pri1 pri2 pri3 pri4...

Страница 600: ...Authentication Method EAP Handshake Enabled Accounting Disabled VLAN Assignment Disabled Port Config 802 1x Status Disabled MAB Disabled Guest VLAN Disabled Port Control Auto Guest VLAN 0 Maximum Requ...

Страница 601: ...Part 18 Configuring Port Security CHAPTERS 1 Overview 2 Port Security Configuration 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 602: ...it the number of MAC addresses that can be learned on each port thus preventing the MAC address table from being exhausted by the attack packets In addtion the switch can send a notification if the nu...

Страница 603: ...mber of MAC Specify the maximum number of MAC addresses that can be learned on the port When the learned MAC address number reaches the limit the port will stop learning It ranges from 0 to 64 The def...

Страница 604: ...he limit the port will stop learning and discard the packets with the MAC addresses that have not been learned Forward When the number of learned MAC addresses reaches the limit the port will stop lea...

Страница 605: ...ed status Status of port security feature By default it is disabled drop When the number of learned MAC addresses reaches the limit the port will stop learning and discard the packets with the MAC add...

Страница 606: ...ed max learned enable mode permanent status drop Switch config if show mac address table max mac count interface gigabitEthernet 1 0 1 Port Max learn Current learn Exceed Max Limit Mode Status Gi1 0 1...

Страница 607: ...ngs of Port Security are listed in the following table Table 3 1 Default Parameters of Port Security Parameter Default Setting Max Learned Number of MAC 64 Current Learned Number 0 Exceed Max Learned...

Страница 608: ...Part 19 Configuring ACL CHAPTERS 1 Overview 2 ACL Configuration 3 Configuration Example for ACL 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 609: ...w these steps 1 Configure a time range during which the ACL is in effect 2 Create an ACL and configure the rules to filter different packets 3 Bind the ACL to a port or VLAN to make it effective Confi...

Страница 610: ...pe port number and so on MAC ACL MAC ACL uses source and destination MAC address for matching operations IP ACL IP ACL uses source and destination IP address IP protocols and so on for matching operat...

Страница 611: ...CL Config page Figure 2 2 Editing ACL Click Edit ACL in the Operation column Then you can configure rules for this ACL The following sections introduce how to configure MAC ACL IP ACL Combined ACL and...

Страница 612: ...the interval between rule IDs is 5 Operation Select an action to be taken when a packet matches the rule Permit To forward the matched packets Deny To discard the matched packets S MAC Mask Enter the...

Страница 613: ...tal Matched Counter in the ACL Rules Table to view the matching times 2 In the Policy section enable or disable the Mirroring feature for the matched packets With this option enabled choose a destinat...

Страница 614: ...rded 5 In the Policy section enable or disable the QoS Remark feature for the matched packets With this option enabled configure the related parameters and the remarked values will take effect in the...

Страница 615: ...ation Configuring IP ACL Rule Click Edit ACL for an IP ACL entry to load the following page Figure 2 9 Configuring the IP ACL Rule In ACL Rules Table section click and the following page will appear D...

Страница 616: ...any current rule ID in the same ACL If you select Auto Assign the rule ID will be assigned automatically and the interval between rule IDs is 5 Operation Select an action to be taken when a packet ma...

Страница 617: ...number with a mask Value Specify the port number Mask Specify the port mask with 4 hexadacimal numbers DSCP Specify a DSCP value to be matched between 0 and 63 The default is No Limit IP ToS Specify...

Страница 618: ...s will be copied to the destination port and the original forwarding will not be affected While in the Redirect feature the matched packets will be forwarded only on the destination port 4 In the Poli...

Страница 619: ...ark DSCP Specify the DSCP field for the matched packets The DSCP field of the packets will be changed to the specified one Local Priority Specify the local priority for the matched packets The local p...

Страница 620: ...L rule 1 In the Combined ACL Rule section configure the following parameters Rule ID Enter an ID number to identify the rule It should not be the same as any current rule ID in the same ACL If you sel...

Страница 621: ...will be matched IP Protocol Select a protocol type from the drop down list The default is No Limit which indicates that packets of all protocols will be matched You can also select User defined to cu...

Страница 622: ...the Mirroring feature for the matched packets With this option enabled choose a destination port to which the packets will be mirrored Figure 2 17 Configuring Mirroring 3 In the Policy section enable...

Страница 623: ...the matched packets With this option enabled configure the related parameters and the remarked values will take effect in the QoS processing on the switch Figure 2 20 Configuring QoS Remark DSCP Spec...

Страница 624: ...ACL Rule Click Edit ACL for an IPv6 ACL entry to load the following page Figure 2 21 Configuring the IPv6 ACL Rule In ACL Rules Table section click and the following page will appear Figure 2 22 Confi...

Страница 625: ...the rule A value of 1 in the mask indicates that the corresponding bit in the address will be matched IPv6 Destination IP Enter the destination IPv6 address to be matched All types of IPv6 address wil...

Страница 626: ...t to which the packets will be redirected Figure 2 24 Configuring Redirect Note In the Mirroring feature the matched packets will be copied to the destination port and the original forwarding will not...

Страница 627: ...of the packets will be changed to the specified one Local Priority Specify the local priority for the matched packets The local priority of the packets will be changed to the specified one 802 1p Pri...

Страница 628: ...Different types of ACLs cannot be bound to the same port or VLAN Multiple ACLs of the same type can be bound to the same port or VLAN The switch matches the received packets using the ACLs in order Th...

Страница 629: ...2 1 Configuring Time Range Some ACL based services or features may need to be limited to take effect only during a specified time period In this case you can configure a time range for the ACL For det...

Страница 630: ...If enable is selected the times that the rule is matched will be logged every 5 minutes With ACL Counter trap enabled a related trap will be generated if the matching times changes source mac Enter t...

Страница 631: ...ule 5 permit logging disable smac 00 34 A2 D4 34 B5 smask FF FF FF FF FF FF Switch config mac acl exit Switch config show access list 50 MAC access list 50 name ACL_50 rule 5 permit logging disable sm...

Страница 632: ...IP address This is required if a source IP address is entered dip address Enter the destination IP address dip address mask Enter the mask of the destination IP address This is required if a destinat...

Страница 633: ...600 rule 1 permit logging disable sip 192 168 1 100 sip mask 255 255 255 255 Switch config show access list 600 IP access list 600 name ACL_600 rule 1 permit logging disable sip 192 168 1 100 smask 25...

Страница 634: ...for the ACL rule If enable is selected the times that the rule is matched will be logged every 5 minutes With ACL Counter trap enabled a related trap will be generated if the matching times changes so...

Страница 635: ...ACK Acknowledge Flag PSH Push Flag RST Reset Flag SYN Synchronize Flag and FIN Finish Flag time range name The name of the time range The default is No Limit Step 4 end Return to privileged EXEC mode...

Страница 636: ...nges from 0 to 63 flow label value Specify a Flow Label value to be matched source ip address Enter the source IP address Enter the destination IPv6 address to be matched All types of IPv6 address wil...

Страница 637: ...the rules by providing a Start Rule ID and Step value Step 1 configure Enter global configuration mode Step 2 access list resequence acl id or name start start rule id step rule id step value Resequen...

Страница 638: ...o further process the matched packets through operations such as mirroring rate limiting redirecting or changing priority Follow the steps below to configure the policy actions for an ACL rule Step 1...

Страница 639: ...nd ranging from 1 to 128 osd Enter either none or discard as the action to be taken for the packets whose rate is beyond the specified rate The default is None qos remark dscp dscp priority pri dot1p...

Страница 640: ...gure Enter global configuration mode Step 2 access list bind acl id or name interface vlan vlan list fastEthernet port list gigabitEthernet port list ten gigabitEthernet port list Bind the ACL to a po...

Страница 641: ...startup config 2 2 5 Viewing ACL Counting You can use the following command to view the number of matched packets of each ACL in the privileged EXEC mode and any other configuration mode show access...

Страница 642: ...4 Fa1 0 2 It is required that The Marketing department can only access internal server group in the intranet The Marketing department can only visit http and https websites on the internet 3 2 Configu...

Страница 643: ...defined in the rule If no rules are matched the packet will be dropped Binding Configuration Bind the IP ACL to port 1 0 1 so that the ACL rules will apply to the Marketing department only Demonstrat...

Страница 644: ...with the source IP address 10 10 70 0 24 and destination IP address 10 10 80 0 24 Figure 3 5 Configuring Rule 1 5 In the same way configure rule 2 and rule 3 to permit packets with source IP 10 10 70...

Страница 645: ...User Guide 622 Configuring ACL Configuration Example for ACL Figure 3 6 Configuring Rule 2 Downloaded from ManualsNet com search engine...

Страница 646: ...Configuring ACL Configuration Example for ACL User Guide 623 Figure 3 7 Configuring Rule 3 Downloaded from ManualsNet com search engine...

Страница 647: ...n Example for ACL 6 In the same way configure rule 4 and rule 5 to permit packets with source IP 10 10 70 0 and with destination port TCP 53 or UDP 53 DNS service port Figure 3 8 Configuring Rule 4 Do...

Страница 648: ...uration Example for ACL User Guide 625 Figure 3 9 Configuring Rule 5 7 In the same way configure rule 6 to deny packets with source IP 10 10 70 0 Figure 3 10 Configuring Rule 6 Downloaded from Manuals...

Страница 649: ...255 0 dip 10 10 80 0 dmask 255 255 255 0 3 Configure rule 2 and Rule 3 to permit packets with source IP 10 10 70 0 24 and destination port TCP 80 http service port or TCP 443 https service port Switch...

Страница 650: ...nfigurations Verify the IP ACL 500 Switch show access list 500 rule 1 permit logging disable sip 10 10 70 0 smask 255 255 255 0 dip 10 10 80 0 dmask 255 255 255 0 rule 2 permit logging disable sip 10...

Страница 651: ...Permit User Priority No Limit Time Range No Limit Table 4 2 IP ACL Parameter Default Setting Operation Permit IP Protocol All DSCP No Limit IP ToS No Limit IP Pre No Limit Time Range No Limit Table 4...

Страница 652: ...ACL Appendix Default Parameters User Guide 629 Table 4 5 Policy Parameter Default Setting Mirroring Disabled Redirect Disabled Rate Limit Disabled QoS Remark Disabled Downloaded from ManualsNet com se...

Страница 653: ...4 IMPB CHAPTERS 1 IPv4 IMPB 2 IP MAC Binding Configuration 3 ARP Detection Configuration 4 IPv4 Source Guard Configuration 5 Configuration Examples 6 Appendix Default Parameters Downloaded from Manual...

Страница 654: ...Detection In an actual complex network there are high security risks during ARP implementation procedure The cheating attacks against ARP such as imitating gateway cheating gateway cheating terminal h...

Страница 655: ...Binding Table 2 1 Using the GUI 2 1 1 Binding Entries Manually You can manually bind the IP address MAC address VLAN ID and the Port number together on the condition that you have got the detailed inf...

Страница 656: ...applied to the IPv4 Source Guard feature Both This entry will be applied to both of the features 3 Enter or select the port that is connected to this host 4 Click Apply 2 1 2 Binding Entries via ARP...

Страница 657: ...Scan to scan the entries in the specified IP address range and VLAN Starting IP Address Ending IP Address Specify an IP range by entering a start and end IP address VLAN ID Specify a VLAN ID 2 In the...

Страница 658: ...tection This entry will be applied to the ARP Detection feature IP Source Guard This entry will be applied to the IP Source Guard feature Both This entry will be applied to both of the features 2 1 3...

Страница 659: ...ng 1 In the Global Config section globally enable DHCP Snooping Click Apply 2 In the VLAN Config section enable DHCP Snooping on a VLAN or range of VLANs Click Apply VLAN ID Displays the VLAN ID Statu...

Страница 660: ...o load the following page Figure 2 4 Binding Table You can specify the search criteria to search your desired entries Source Select the source of the entry and click Search All Displays the entries fr...

Страница 661: ...Source Guard feature Both This entry will be applied to both of the features Source Displays the source of the entry 2 2 Using the CLI Binding entries via ARP scanning is not supported by the CLI The...

Страница 662: ...applied to any feature arp detection indicates this entry will be applied to ARP Detection ip verify source indicates this entry will be applied to IPv4 Source Guard Step 3 show ip source binding Veri...

Страница 663: ...iguration mode Step 5 ip dhcp snooping max entries value Configure the maximum number of binding entries the port can learn via DHCP snooping value Enter the value of maximum number of entries The val...

Страница 664: ...h config if end Switch copy running config startup config 2 2 3 Viewing Binding Entries On privileged EXEC mode or any other configuration mode you can use the following command to view binding entrie...

Страница 665: ...e ARP packets based on the binding entries in the IP MAC Binding Table So before configuring ARP Detection you need to complete IP MAC Binding configuration For details refer to IP MAC Binding Configu...

Страница 666: ...he sender IP address of all ARP packets and the target IP address of ARP reply packets are legal The illegal ARP packets will be discarded including broadcast addresses multicast addresses Class E add...

Страница 667: ...for this time range the port will be shut down Status Displays the status of the ARP attack Normal The forwarding of ARP packets on the port is normal Down The transmission speed of the legal ARP pack...

Страница 668: ...n mode Step 2 ip arp inspection Globally enable the ARP Detection feature Step 3 ip arp inspection validate src mac dst mac ip Configure the switch to check the IP address or MAC address of the receiv...

Страница 669: ...globally and on VLAN 2 and enable the switch to check whether the source MAC address and the sender MAC address are the same when receiving an ARP packet Switch configure Switch config ip arp inspecti...

Страница 670: ...y a time range If the speed of received ARP packets reaches the limit for this time range the port will be shut down value Specify the time range The valid values are from 1 to 15 seconds and the defa...

Страница 671: ...ws how to restore the port 1 0 1 that is in Down status to Normal status Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if ip arp inspection recover Switch config if end...

Страница 672: ...MAC Binding Entries In IPv4 Source Guard the switch filters the packets that do not match the rules of IPv4 MAC Binding Table So before configuring ARP Detection you need to complete IP MAC Binding co...

Страница 673: ...rules can be processed otherwise the packet will be discarded SIP Only the packet with its source IP address and port number matching the IPv4 MAC binding rules can be processed otherwise the packet w...

Страница 674: ...source interface fastEthernet port gigabitEthernet port ten gigabitEthernet port port channel port channel id Verify the IP Source Guard configuration for IPv4 packets Step 5 end Return to privileged...

Страница 675: ...s to configure Switch A to prevent ARP attacks from the LAN Figure 5 1 Network Topology LAN WAN Fa1 0 3 Fa1 0 1 Fa1 0 2 Router User 2 88 A9 D4 54 FD C3 192 168 0 33 24 User 1 74 D3 45 32 B6 8D 192 168...

Страница 676: ...UI and using the CLI 5 1 3 Using the GUI 1 Choose the menu SECURITY IPv4 IMBP IP MAC Binding Manual Binding and click to load the following page Enter the host name IP address MAC address and VLAN ID...

Страница 677: ...stination MAC and Validate IP and click Apply Select VLAN 1 change Status as Enabled and click Apply Figure 5 4 Enable ARP Detection 4 Choose the menu SECURITY IPv4 IMBP ARP Detection Port Config to l...

Страница 678: ...1 0 1 arp detection Switch_A config ip source binding User1 192 168 0 32 88 a9 d4 54 fd c3 vlan 1 interface fastEthernet 1 0 2 arp detection 2 Enable ARP Detection globally and on VLAN 1 Switch_A con...

Страница 679: ...ARP D Manual Notice 1 Here ARP D for ARP Detection and IP V S for IP Verify Source Verify the global configuration of ARP Detection Switch_A show ip arp inspection Global Status Enable Verify SMAC En...

Страница 680: ...ng to access the network via ports 1 0 1 3 Figure 5 6 Network Topology Switch Fa1 0 2 Fa1 0 3 Fa1 0 1 Legal Host 192 168 0 100 74 D3 45 32 B5 6D Unknown Host Unknown Host 5 2 2 Configuration Scheme To...

Страница 681: ...ID of the legal host select the protect type as and select port 1 0 1 on the panel Click Apply Figure 5 7 Manual Binding 2 Choose the menu SECURITY IPv4 IMPB IPv4 Source Guard to load the following pa...

Страница 682: ...fig ip source binding legal host 192 168 0 100 74 d3 45 32 b5 6d vlan 1 interface fastEthernet 1 0 1 ip verify source 2 Enable the log feature and IP Source Guard on ports 1 0 1 3 Switch config ip ver...

Страница 683: ...5 32 b5 6d 1 Fa1 0 1 IP V S Manual Notice 1 Here ARP D for ARP Detection and IP V S for IP Verify Source Verify the configuration of IP Source Guard Switch show ip verify source IP Source Guard log En...

Страница 684: ...bled VLAN Config Status Disabled Port Config Maximum Entry 512 Default settings of ARP Detection are listed in the following table Table 6 2 ARP Detection Parameter Default Setting Global Config ARP D...

Страница 685: ...d ARP Statistics Auto Refresh Disabled Refresh Interval 5 seconds Default settings of IPv4 Source Guard are listed in the following table Table 6 3 ARP Detection Parameter Default Setting Global Confi...

Страница 686: ...6 IMPB CHAPTERS 1 IPv6 IMPB 2 IPv6 MAC Binding Configuration 3 ND Detection Configuration 4 IPv6 Source Guard Configuration 5 Configuration Examples 6 Appendix Default Parameters Downloaded from Manua...

Страница 687: ...the ND attacks The application topology of ND Detection is as the following figure shows The port that is connected to the gateway should be configured as trusted port and other ports should be config...

Страница 688: ...usted Port Switch Untrusted Port Untrusted Port Attacker User A Gateway Internet IPv6 Source Guard IPv6 Source Guard is used to filter the IPv6 packets based on the IPv6 MAC Binding table Only the pac...

Страница 689: ...Binding Table 2 1 Using the GUI 2 1 1 Binding Entries Manually You can manually bind the IPv6 address MAC address VLAN ID and the Port number together on the condition that you have got the detailed i...

Страница 690: ...ture IPv6 Source Guard This entry will be applied to the IPv6 Source Guard feature Both This entry will be applied to both of the features 3 Enter or select the port that is connected to this host 4 C...

Страница 691: ...a ND Snooping 1 In the ND Snooping section enable ND Snooping and click Apply 2 In the VLAN Config section select one or more VLANs and enable ND Snooping Click Apply VLAN ID Displays the VLAN ID Stat...

Страница 692: ...to SECURITY IPv6 IMPB IPv6 MAC Binding Binding Table to view or edit the entries 2 1 3 Binding Entries via DHCPv6 Snooping With DHCPv6 Snooping enabled the switch can monitor the IP address obtaining...

Страница 693: ...snooping Click Apply Port Displays the port number Maximum Entries Configure the maximum number of binding entries a port can learn via DHCPv6 snooping LAG Displays the LAG that the port is in 4 The...

Страница 694: ...ys the port number Protect Type Select the protect type for the entry The entry will be applied to to the specific feature The following options are provided None This entry will not be applied to any...

Страница 695: ...entry will not be applied to any feature nd detection indicates this entry will be applied to ND Detection ipv6 verify source indicates this entry will be applied to IP Source Guard both indicates th...

Страница 696: ...aximum number of ND binding entries a port can learn via ND snooping value Enter the maximum number of ND binding entries a port can learn via ND snooping The valid values are from 0 to 1024 and the d...

Страница 697: ...figuration mode Step 2 ipv6 dhcp snooping Globally enable DHCPv6 Snooping Step 3 ipv6 dhcp snooping vlan vlan range Enable DHCPv6 Snooping on the specified VLAN vlan range Enter the vlan range in the...

Страница 698: ...g interface gigabitEthernet 1 0 1 Switch config if ipv6 dhcp snooping max entries 100 Switch config if show ipv6 dhcp snooping Global Status Enable VLAN ID 5 Switch config if show ipv6 dhcp snooping i...

Страница 699: ...and filter out the illegal ND packets Before configuring ND Detection complete IPv6 MAC Binding configuration For details refer to IPv6 MAC Binding Configuration 3 1 2 Enabling ND Detection Choose th...

Страница 700: ...ese steps to configure ND Detection on ports 1 Select one or more ports and configure the parameters Port Displays the port number Trust Status Enable or disable this port to be a trusted port On a tr...

Страница 701: ...number of forwarded ND packets in this VLAN Dropped Displays the number of dropped ND packets in this VLAN 3 2 Using the CLI 3 2 1 Adding IPv6 MAC Binding Entries The ND Detection feature allows the s...

Страница 702: ...6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration file The following example shows how to enable ND Detection globally and on VLAN 1...

Страница 703: ...ction configuration of the port Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to confi...

Страница 704: ...MAC Binding Table and filter out the illegal ND packets Before configuring ND Detection complete IPv6 MAC Binding configuration For details refer to IPv6 MAC Binding Configuration 4 1 2 Configuring I...

Страница 705: ...ets based on the binding entries in the IPv6 MAC Binding Table and filter out the illegal ND packets Before configuring ND Detection complete IPv6 MAC Binding configuration For details refer to IPv6 M...

Страница 706: ...ode Step 6 copy running config startup config Save the settings in the configuration file The following example shows how to enable IPv6 Source Guard on port 1 0 1 Switch configure Switch config inter...

Страница 707: ...strator wants to configure Switch A to prevent ND attacks from the LAN Figure 5 1 Network Topology LAN WAN Fa1 0 3 Fa1 0 1 Fa1 0 2 Router User 2 88 A9 D4 54 FD C3 2001 6 User 1 74 D3 45 32 B6 8D 2001...

Страница 708: ...the menu SECURITY IPv6 IMBP IPv6 MAC Binding Manual Binding and click to load the following page Enter the host name IPv6 address MAC address and VLAN ID of User 1 select the protect type as ND Detect...

Страница 709: ...Detection and click Apply Select VLAN 1 change Status as Enabled and click Apply Figure 5 4 Enable ND Detection 4 Choose the menu SECURITY IPv6 IMBP ND Detection Port Config to load the following page...

Страница 710: ...config ip source binding User1 2001 6 88 a9 d4 54 fd c3 vlan 1 interface fastEthernet 1 0 2 nd detection 2 Enable ND Detection globally and on VLAN 1 Switch_A config ipv6 nd detection vlan 1 3 Config...

Страница 711: ...Verify the ND Detection configuration on VLAN Switch_A show ipv6 nd detection vlan VID Enable status Log Status 1 Enable Disable Verify the ND Detection configuration on ports Switch_A show ipv6 nd de...

Страница 712: ...view of configuration on the switch is as follows 1 Bind the MAC address IPv6 address connected port number and VLAN ID of the legal host with IPv6 MAC Binding 2 Enable IPv6 Source Guard on ports 1 0...

Страница 713: ...ual Binding 2 Choose the menu SECURITY IPv6 IMPB IPv6 Source Guard to load the following page Select ports 1 0 1 3 configure the Security Type as SIPv6 MAC and click Apply Figure 5 8 IPv6 Source Guard...

Страница 714: ...source Switch config interface range fastEthernet 1 0 1 3 Switch config if range ipv6 verify source sipv6 mac Switch config if range end Switch copy running config startup config Verify the Configurat...

Страница 715: ...g DHCPv6 Snooping Disabled VLAN Config Status Disabled Port Config Maximum Entry 512 Default settings of ND Detection are listed in the following table Table 6 2 ND Detection Parameter Default Setting...

Страница 716: ...MPB Appendix Default Parameters Default settings of IPv6 Source Guard are listed in the following table Table 6 3 ND Detection Parameter Default Setting Port Config Security Type Disabled Downloaded f...

Страница 717: ...Configuring DHCP Filter CHAPTERS 1 DHCP Filter 2 DHCPv4 Filter Configuration 3 DHCPv6 Filter Configuration 4 Configuration Examples 5 Appendix Default Parameters Downloaded from ManualsNet com search...

Страница 718: ...es that users get IP addresses only from the legal DHCP server and enhances the network security As the following figure shows there are both legal and illegal DHCP servers on the network You can conf...

Страница 719: ...guring DHCP Filter DHCP Filter DHCPv4 Filter DHCPv4 Filter is used for DHCPv4 servers and IPv4 clients DHCPv6 Filter DHCPv6 Filter is used for DHCPv6 servers and IPv6 clients Downloaded from ManualsNe...

Страница 720: ...he GUI 2 1 1 Configuring the Basic DHCPv4 Filter Parameters Choose the menu SECURITY DHCP Filter DHCPv4 Filter Basic Config to load the following page Figure 2 1 DHCPv4 Filter Basic Config Follow thes...

Страница 721: ...number of DHCPv4 packets that can be forwarded on the port per second The excessive DHCPv4 packets will be discarded Decline Protect Select to enable the decline protect feature and specify the maxim...

Страница 722: ...tEthernet port range ten gigabitEthernet port list interface port channel port channel id interface range port channel port channel id list Enter interface configuration mode Step 4 ip dhcp filter Ena...

Страница 723: ...eturn to privileged EXEC mode Step 11 copy running config startup config Save the settings in the configuration file Note The member port of an LAG Link Aggregation Group follows the configuration of...

Страница 724: ...MAC address of the DHCP Client The value all means all client mac addresses port list port channel id Specify the port that the legal DHCPv4 server is connected to Step 3 show ip dhcp filter server pe...

Страница 725: ...User Guide 702 Configuring DHCP Filter DHCPv4 Filter Configuration Switch config end Switch copy running config startup config Downloaded from ManualsNet com search engine...

Страница 726: ...nfiguring the Basic DHCPv6 Filter Parameters Choose the menu SECURITY DHCP Filter DHCPv6 Filter Basic Config to load the following page Figure 3 1 DHCPv6 Filter Basic Config Follow these steps to comp...

Страница 727: ...be discarded LAG Displays the LAG that the port is in 3 Click Apply Note The member port of an LAG Link Aggregation Group follows the configuration of the LAG and not its own The configurations of th...

Страница 728: ...sive DHCP packets will be discarded value Specify the limit rate value The following options are provided 0 5 10 15 20 25 and 30 packets second The default value is 0 which indicates disabling limit r...

Страница 729: ...hcp filter Global Status Enable Switch config if show ip dhcp filter interface gigabitEthernet 1 0 1 Interface state Limit Rate Dec rate LAG Gi1 0 1 Enable 10 20 N A Switch config if end Switch copy r...

Страница 730: ...to create an entry for the legal DHCPv6 server whose IPv6 address is 2001 54 and connected port number is 1 0 1 Switch configure Switch config ipv6 dhcp filter server permit entry server ip 2001 54 in...

Страница 731: ...re 4 1 Network Topology Fa1 0 1 DHCPv4 Client DHCPv4 Client Illegal DHCPv4 Server DHCPv4 Client Switch A Legal DHCPv4 Server 192 168 0 200 4 1 2 Configuration Scheme To meet the requirements you can c...

Страница 732: ...e Enable DHCPv4 Filter globally and click Apply Select all ports change Status as Enable and click Apply Figure 4 2 Basic Config 2 Choose the menu SECURITY DHCP Filter DHCPv4 Filter Legal DHCPv4 Serve...

Страница 733: ...if range ip dhcp filter Switch_A config interface range gigabitEthernet 1 0 25 28 Switch_A config if range ip dhcp filter Switch_A config if range exit 2 Create an entry for the legal DHCPv4 server S...

Страница 734: ...A Fa1 0 4 Enable Disable Disable Disable N A Verify the legal DHCPv4 server configuration Switch_A show ip dhcp filter server permit entry Server IP Client MAC Interface 192 168 0 200 all Fa1 0 1 4 2...

Страница 735: ...server The overview of configuration is as follows 1 Enable DHCPv6 Filter globally and on all ports 2 Create an entry for the legal DHCPv6 server Demonstrated with T1500 28PCT the following sections p...

Страница 736: ...SECURITY DHCP Filter DHCPv6 Filter Legal DHCPv6 Servers and click to load the following page Specify the IP address and connected port number of the legal DHCPv6 server Click Create Figure 4 3 Create...

Страница 737: ...ver Switch_A config ipv6 dhcp filter server permit entry server ip 2001 54 interface fastEthernet 1 0 1 Switch_A config end Switch_A copy running config startup config Verify the Configuration Verify...

Страница 738: ...User Guide 715 Configuring DHCP Filter Configuration Examples Switch_A show ipv6 dhcp filter server permit entry Server IP Interface 2001 54 Fa1 0 1 Downloaded from ManualsNet com search engine...

Страница 739: ...DHCPv4 Filter Parameter Default Setting Global Config DHCPv4 Filter Disabled Port Config Status Disabled MAC Verify Disabled Rate Limit Disabled Decline Protect Disabled Table 5 2 DHCPv6 Filter Parame...

Страница 740: ...Part 23 Configuring DoS Defend CHAPTERS 1 Overview 2 DoS Defend Configuration 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 741: ...abnormal service or breakdown of the network With DoS Defend feature the switch can analyze the specific fields of the IP packets distinguish the malicious DoS attack packets and discard them directl...

Страница 742: ...k The attacker sends a specific fake SYN synchronous packet to the destination host Because both of the source IP address and the destination IP address of the SYN packet are set to be the IP address...

Страница 743: ...nding SYN ACK packets If the attacker sends overflowing fake request packets the network resource will be occupied maliciously and the requests of the legal clients will be denied WinNuke Attack Becau...

Страница 744: ...f the attacked host is reduced because the Host circularly attempts to build a connection with the attacker ping flood The attacker floods the destination system with Ping packets creating a broadcast...

Страница 745: ...onfig ip dos prevent Switch config ip dos prevent type land Switch config show ip dos prevent DoS Prevention State Enabled Type Status Land Attack Enabled Scan SYNFIN Disabled Xmascan Disabled NULL Sc...

Страница 746: ...ppendix Default Parameters 3Appendix Default Parameters Default settings of Network Security are listed in the following tables Table 3 1 DoS Defend Parameter Default Setting DoS Defend Disabled Downl...

Страница 747: ...Part 24 Monitoring the System CHAPTERS 1 Overview 2 Monitoring the CPU 3 Monitoring the Memory Downloaded from ManualsNet com search engine...

Страница 748: ...ory utilization of the switch The CPU utilization should be always under 80 and excessive use may result in switch malfunctions For example the switch fails to respond to management requests ICMP ping...

Страница 749: ...the CPU Click Monitor to enable the switch to monitor and display its CPU utilization rate every five seconds 2 2 Using the CLI On privileged EXEC mode or any other configuration mode you can use the...

Страница 750: ...toring the CPU User Guide 727 The following example shows how to monitor the CPU Switch show cpu utilization Unit CPU Utilization No Five Seconds One Minute Five Minutes 1 13 13 13 Downloaded from Man...

Страница 751: ...o enable the switch to monitor and display its memory utilization rate every five seconds 3 2 Using the CLI On privileged EXEC mode or any other configuration mode you can use the following command to...

Страница 752: ...Monitoring the System Monitoring the Memory User Guide 729 Unit Current Memory Utilization 1 74 Downloaded from ManualsNet com search engine...

Страница 753: ...Part 25 Monitoring Traffic CHAPTERS 1 Traffic Monitor 2 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 754: ...summary of each port 1 To get the real time traffic summary enable Auto Refresh or click Refresh Auto Refresh With this option enabled the switch will automatically refresh the traffic summary Refres...

Страница 755: ...Octets Rx Displays the number of octets received on the port Error octets are counted Octets Tx Displays the number of octets transmitted on the port Error octets are counted To view a port s traffic...

Страница 756: ...s than 64 bytes long 64 Octets Packets Displays the number of the received packets including error packets that are 64 bytes long 65 to 127 Octects Packets Displays the number of the received packets...

Страница 757: ...ed on the port Error frames are not counted Unicast Displays the number of valid unicast packets transmitted on the port Error frames are not counted Pkts Displays the number of packets transmitted on...

Страница 758: ...rror frames are not counted Rx Alignment Displays the number of the received packets that have a Frame Check Sequence FCS with a non integral octet Alignment Error The size of the packet is between 64...

Страница 759: ...c Appendix Default Parameters 2Appendix Default Parameters Table 2 1 Traffic Statistics Monitoring Parameter Default Setting Traffic Summary Auto Refresh Disabled Refresh Rate 10 seconds Downloaded fr...

Страница 760: ...Part 26 Mirroring Traffic CHAPTERS 1 Mirroring 2 Configuration Examples 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 761: ...LAGs or the CPU to a destination port It does not affect the switching of network traffic on source ports LAGs or the CPU 1 1 Using the GUI Choose the menu MAINTENANCE Mirroring to load the following...

Страница 762: ...ired ports as the source interfaces The switch will send a copy of traffic passing through the port to the destination port LAGS Select the desired LAGs as the source interfaces The switch will send a...

Страница 763: ...ored interfaces session_num The monitor session number It can only be specified as 1 cpu_number The CPU number It can only be specified as 1 port list List of source ports It is multi optional mode Th...

Страница 764: ...g monitor session 1 source cpu 1 both Switch config show monitor session Monitor Session 1 Destination Port Gi1 0 10 Source Ports Ingress Gi1 0 1 3 Source Ports Egress Gi1 0 1 3 Source CPU Ingress cpu...

Страница 765: ...e Mirroring feature to copy the packets from ports 1 0 2 5 to port 1 0 1 The overview of configuration is as follows 1 Specify ports 1 0 2 5 as the source ports allowing the switch to copy the packets...

Страница 766: ...s 1 0 2 5 as the source ports and enable Ingress and Egress to allow the received and sent packets to be copied to the destination port Then click Apply Figure 2 4 Source Port Configuration 4 Click to...

Страница 767: ...ic Configuration Examples Verify the Configuration Switch show monitor session 1 Monitor Session 1 Destination Port Fa1 0 1 Source Ports Ingress Fa1 0 2 5 Source Ports Egress Fa1 0 2 5 Downloaded from...

Страница 768: ...User Guide 745 3Appendix Default Parameters Default settings of Switching are listed in th following tables Table 3 1 Configurations for Ports Parameter Default Setting Ingress Disabled Egress Disable...

Страница 769: ...Part 27 Configuring DLDP CHAPTERS 1 Overview 2 DLDP Configuration 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 770: ...link exists A unidirectional link occurs whenever traffic sent by a local device is received by its peer device but traffic from the peer device is not received by the local device Unidirectional lin...

Страница 771: ...le port of another switch To detect unidirectional links make sure DLDP is enabled on both sides of the links 2 1 Using the GUI Choose the menu MAINTENANCE DLDP to load the following page Figure 2 1 C...

Страница 772: ...ne or more ports enable DLDP and click Apply Then you can view the relevant DLDP information in the table DLDP Enable or disable DLDP on the port Protocol State Displays the DLDP protocol state Initia...

Страница 773: ...manual The switch displays an alert when a unidirectional link is detected Then the users can manually shut down the unidirectional link ports Step 4 interface fastEthernet port range fastEthernet por...

Страница 774: ...py running config startup config The following example shows how to enable DLDP on port 1 0 1 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if dldp Switch config if show...

Страница 775: ...of DLDP are listed in the following table Table 3 1 Default Settings of DLDP Parameter Default Setting Global Config DLDP State Disabled Advertisement Interval 5 seconds Shut Mode Auto Auto Refresh D...

Страница 776: ...guring SNMP RMON CHAPTERS 1 SNMP 2 SNMP Configurations 3 Notification Configurations 4 RMON 5 RMON Configurations 6 Configuration Example 7 Appendix Default Parameters Downloaded from ManualsNet com s...

Страница 777: ...NMP Agent Get or set MIB objects values Respond or send notifications SNMP Manager Host Running NMS Application Managed Device MIB 1 2 Basic Concepts The following basic concepts of SNMP will be intro...

Страница 778: ...fine private branches that include managed objects for their own products Figure 1 2 MIB Tree root iso 1 iso itu t 2 enterprise 1 tplink 11863 itu t 0 standard 0 dod 6 internet 1 directory 1 security...

Страница 779: ...engine ID to uniquely identify the SNMP entity within that administrative domain Notification Types Notifications are messages that the switch sends to the NMS host when important events occur Notific...

Страница 780: ...MPv1 SNMPv1 is applicable to small scale networks with simple networking good stability and low security requirements such as campus networks and small enterprise networks SNMPv2c SNMPv2c is applicabl...

Страница 781: ...v3 1 Enable SNMP 2 Create an SNMP view for managed objects 3 Create an SNMP group and specify the security level and accessible view 4 Create SNMP users and configure the authentication mode privacy m...

Страница 782: ...vice that receives Inform messages from the switch 2 Click Apply Note In SNMPv3 changing the value of the SNMP engine ID has important side effects A user s password is converted to an MD5 or SHA secu...

Страница 783: ...function of the device When a MIB Object ID is specified all its child Object IDs are specified For specific ID rules refer to the device related MIBs 2 Click Create 2 1 3 Creating SNMP Communities Fo...

Страница 784: ...vel and the read view write view and notify view Group Name Set the SNMP group name using 1 to 16 characters The identifier of a group consists of a group name security model and security level Groups...

Страница 785: ...group which the user belongs to Then configure the security level User Name Set the SNMP user name using 1 to 16 characters For different entries user names cannot be the same User Type Choose a user...

Страница 786: ...need to set corresponding Authentication Mode or Privacy Mode If not skip this step Authentication Mode With AuthNoPriv or AuthPriv selected configure the authentication mode and password for authenti...

Страница 787: ...mote device that receives inform messages from switch Note In SNMPv3 changing the value of the SNMP engine ID has important side effects A user s password is converted to an MD5 or SHA security digest...

Страница 788: ...Maximum packet size 1500 0 No such name errors 0 Bad value errors 0 General errors 0 Response PDUs 0 Trap PDUs Switch config show snmp server engineID Local engine ID 80002e5703000aeb13a23d Remote en...

Страница 789: ...ot be managed by the NMS Step 3 show snmp server view Displays the view table Step 4 end Return to Privileged EXEC Mode Step 5 copy running config startup config Save the settings in the configuration...

Страница 790: ...end Return to Privileged EXEC Mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to set an SNMP community Name the community as...

Страница 791: ...gorithm and a privacy algorithm are applied to check and encrypt packets read view Set the view to be the Read view Then the NMS can view parameters of the specified view write view Set the view to be...

Страница 792: ...vel as noAuthNoPriv For this level no authentication algorithm but a user name match is applied to check packets and no privacy algorithm is applied to encrypt them To create a user with the security...

Страница 793: ...ngs are asTable 2 1 Table 2 1 Security Settings for the User Parameter Value Security Level v3 Authentication Mode SHA Authentication Password 1234 Privacy Mode DES Privacy Password 5678 Switch config...

Страница 794: ...ps Configuration Guidelines To guarantee the communication between the switch and the NMS ensure the switch and the NMS can reach one another 3 1 Using the GUI 3 1 1 Configuring the Information of NMS...

Страница 795: ...ersion If you choose the Inform type you need to set retry times and timeout interval Type Choose a notification type for the NMS host For SNMPv1 the supported type is Trap For SNMPv2c and SNMPv3 you...

Страница 796: ...h running SNMP the trap can be triggered if you disable and then enable SNMP without changing any parameters Link Status Enable or disable Link Status Trap globally The trap includes the following two...

Страница 797: ...et LLDP The trap includes the following sub traps LLDP RemTablesChange Indicates that the switch senses an LLDP topology change The trap can be triggered when adding or removing a remote device and wh...

Страница 798: ...shutdown Triggered when the PSE chip overheats The switch will stop supplying power in this case IP MAC Binding Triggered in the following two situations the ARP Inspection feature is enabled and the...

Страница 799: ...ype for the NMS host For SNMPv1 the supported type is Trap For SNMPv2c and SNMPv3 you can configure the type as Trap or Inform Trap The switch will send Trap messages to the NMS host when certain even...

Страница 800: ...t 100 Switch config show snmp server host No Des IP UDP Name SecMode SecLev Type Retry Timeout 1 172 16 1 222 162 admin v3 authPriv inform 3 100 Switch config end Switch copy running config startup co...

Страница 801: ...and on all ports which means that the traps will be triggered when a device is connected to or disconnected from any port of the switch If you do not want to receive notification messages about some...

Страница 802: ...a endpoints The trap can be triggered when adding or removing a media endpoint that supports LLDP such as an IP Phone An LLDP Remtableschange trap will be also triggered every time LLDP Topologychange...

Страница 803: ...configure Switch config snmp server traps vlan Switch config end Switch copy running config startup config Enabling the SNMP Security Traps Globally Step 1 configure Enter Global Configuration Mode S...

Страница 804: ...k the matched ACL information every five minutes and send SNMP traps if there is any updated information Step 3 end Return to Privileged EXEC Mode Step 4 copy running config startup config Save the se...

Страница 805: ...are disabled over max pwr budget Triggered when the total power required by the connected PDs exceeds the maximum power the PoE switch can supply port pwr change Triggered when the total power requir...

Страница 806: ...umbers separated by commas or use a hyphen to indicates a range of port numbers For example 1 3 5 indicates port 1 2 3 5 Step 3 snmp server traps link status Enable Link Status Trap for the port By de...

Страница 807: ...MP protocol the NMS collects network data by communicating with Agents However the NMS cannot obtain every datum of RMON MIB because the device resources are limited Generally the NMS can only get inf...

Страница 808: ...Choose the menu MAINTENANCE SNMP RMON Statistics and click to load the following page Figure 5 1 Creating a Statistics Entry Follow these steps to configure the Statistics group 1 Specify the entry in...

Страница 809: ...a History entry and specify a port to be monitored Index Displays the index of History entries The switch supports up to 12 History entries Port Specify a port to be monitored 2 Set the sample interva...

Страница 810: ...menu MAINTENANCE SNMP RMON Event to load the following page Figure 5 3 Configuring the Event Entry Follow these steps to configure the Event group 1 Choose an Event entry and specify an SNMP User for...

Страница 811: ...3 Enter the owner name and set the status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters Status Enable or disable the entry Enable The entry is enabled Disabl...

Страница 812: ...18 Total number of packets of the specified size Statistics Associate the Alarm entry with a Statistics entry Then the switch monitors the specified variable of the Statistics entry 2 Set the sample t...

Страница 813: ...m is triggered only when the sampling value or the difference value exceeds the rising threshold Falling The alarm is triggered only when the sampling value or the difference value is below the fallin...

Страница 814: ...or a Statistics entry since the entry status is configured as valid Step 3 show rmon statistics index Displays the statistics entries and their configurations index Enter the index of statistics entry...

Страница 815: ...tory entry When the number of records exceeds the limit the earliest record will be overwritten The values are from 10 to 130 the default is 50 Step 3 show rmon history index Displays the specified Hi...

Страница 816: ...tify log notify Specify the action type of the event then the switch will take the specified action to deal with the event By default the type is none None indicates the switch takes no action log ind...

Страница 817: ...ich ranges from 1 to 12 To configure multiple indexes enter a list of indexes separated by commas or use a hyphen to indicates a range of indexes For example 1 3 5 indicates 1 2 3 5 sindex Specify the...

Страница 818: ...ifference value exceeds the rising threshold Fall indicates that the alarm is triggered only when the sampling value or difference value is below the falling threshold All indicates that the alarm is...

Страница 819: ...old 2000 falling event index 2 a type all interval 10 owner monitor Switch config show rmon alarm Index State 1 Enabled Statistics index 1 Alarm variable BPkt Sample Type Absolute RHold REvent 3000 1...

Страница 820: ...ch A and regularly collect and save data for follow up checks Specifically Switch A should notify the NMS when the number of packets transmitted and received on the ports during the sample interval ex...

Страница 821: ...3 Create an Alarm entry to monitor RecPackets Received Packets Configure the rising and falling thresholds Configure the rising event as the Notify event entry and the falling event as the Log event...

Страница 822: ...View Click Create Figure 6 4 Configuring an SNMP Group 4 Choose MAINTENANCE SNMP SNMP v3 SNMP User and click to load the following page Create a user named admin for the NMS set the user type as Remot...

Страница 823: ...s of the NMS host and the port of the host for transmitting notifications Specify the User as admin and choose the type as Inform Set the retry times as 3 with the timeout period as 100 seconds Click...

Страница 824: ...pectively Set the owner of the entries as monitor and the status as Valid Figure 6 8 Configuring Statistics Entry 1 Figure 6 9 Configuring Statistics Entry 2 2 Choose the menu MAINTENANCE SNMP RMON Hi...

Страница 825: ...ntries 4 Choose MAINTENANCE SNMP RMON Alarm to load the following page Configure entries 1 and 2 For entry 1 set the alarm variable as RecPackets related statistics entry ID as 1 bound to port 1 0 1 t...

Страница 826: ...lude 3 Create a group of SNMPv3 with the name of nms monitor Enable Auth Mode and Privacy Mode and set both the Read and Notify views as View Switch_A config snmp server group nms monitor smode v3 sle...

Страница 827: ...ner monitor buckets 50 3 Create Event entries 1 and 2 for the SNMP user admin Set entry 1 as the Notify type and its description as rising_notify Set entry 2 as the Log type and its description as fal...

Страница 828: ...kets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get requ...

Страница 829: ...o Name Sec Mode Sec Lev Read View Write View Notify View 1 nms monitor v3 authPriv View View Verify SNMP user configurations Switch_A config show snmp server user No U Name U Type G Name S Mode S Lev...

Страница 830: ...Enable Verify RMON event configurations Switch_A config show rmon event Index User Description Type Owner State 1 admin rising_notify Notify monitor Enable 2 admin falling_log Log monitor Enable Veri...

Страница 831: ...ion Example Index State 2 Enabled Statistics index 2 Alarm variable RevPkt Sample Type Absolute RHold REvent 3000 1 FHold FEvent 2000 2 Alarm startup All Interval 10 Owner monitor Downloaded from Manu...

Страница 832: ...t ID viewDefault Include 1 viewDefault Exclude 1 3 6 1 6 3 15 viewDefault Exclude 1 3 6 1 6 3 16 viewDefault Exclude 1 3 6 1 6 3 18 Table 7 3 Default SNMP v1 v2c Settings Parameter Default Setting Com...

Страница 833: ...Mode DES when Security Level is configured as AuthPriv Privacy Password None Default settings of Notification are listed in the following table Table 7 5 Default Notification Settings Parameter Defaul...

Страница 834: ...seconds Max Buckets 50 Owner monitor Status Disabled Table 7 8 Default Settings for Event Entries Parameter Default Setting User public Description None Type None Owner monitor Status Disabled Table...

Страница 835: ...User Guide 812 Appendix Default Parameters Parameter Default Setting Interval 1800 seconds Owner monitor Status Disabled Downloaded from ManualsNet com search engine...

Страница 836: ...Part 29 Diagnosing the Device Network CHAPTERS 1 Diagnosing the Device 2 Diagnosing the Network 3 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 837: ...onnection status cable length and fault location 1 1 Using the GUI Choose the menu MAINTENANCE Device Diagnostics to load the following page Figure 1 1 Diagnosing the Cable Follow these steps to diagn...

Страница 838: ...on status of the cable that is connected to the switch show cable diagnostics interface fastEthernet port gigabitEthernet port ten gigabitEthernet port View the cable diagnostics of the connected Ethe...

Страница 839: ...s from the switch to the destination With Network Diagnostics you can Troubleshoot with Ping testing Troubleshoot with Tracert testing 2 1 Using the GUI 2 1 1 Troubleshooting with Ping Testing You can...

Страница 840: ...request packets are sent It is recommended to keep the default value of 1000 milliseconds 2 In the Ping Result section check the test results 2 1 2 Troubleshooting with Tracert Testing You can use th...

Страница 841: ...e values are from 1 to 10 times the default is 4 times size Specify the size of the sending data for ping testing The values are from 1 to 1500 bytes the default is 64 bytes interval Specify the inter...

Страница 842: ...ert test should be IPv6 ip_addr Enter the IP address of the destination device If the parameter ip ipv6 is not selected both IPv4 and IPv6 addresses are supported such as 192 168 0 100 or fe80 1234 ma...

Страница 843: ...sted in the following tables Table 3 1 Default Settings of Ping Config Parameter Default Setting Destination IP 192 168 0 1 Ping Times 4 Data Size 64 bytes Interval 1000 milliseconds Table 3 2 Default...

Страница 844: ...Part 30 Configuring System Logs CHAPTERS 1 Overview 2 System Logs Configurations 3 Configuration Example 4 Appendix Default Parameters Downloaded from ManualsNet com search engine...

Страница 845: ...saved in various destinations such as the log buffer log file or remote log servers depending on your configuration Logs saved in the log buffer and log file are called local logs and logs saved in re...

Страница 846: ...y of the switch Alerts 1 Actions must be taken immediately The memory utilization reaches the limit Critical 2 Cause analysis or actions must be taken immediately The memory utilization reaches the wa...

Страница 847: ...og file will not be lost after the switch is restarted and can be exported on the MAINTENANCE Logs Back Up Logs page Severity Specify the severity level of the log messages that are saved to the selec...

Страница 848: ...server UDP Port Displays the UDP port used by the server to receive the log messages The switch uses standard port 514 to send log messages Severity Specify the severity level of the log messages sent...

Страница 849: ...e time the log event occurred To get the exact time when the log event occurs you need to configure the system time on the SYSTEM System Info System Time Web management page Module Select a module fro...

Страница 850: ...n in the log file will not be lost after the switch is restarted You can view the logs with show logging flash command Step 5 logging file flash frequency periodic periodic immediate Specify the frequ...

Страница 851: ...ng local config Channel Level Status Sync Periodic Buffer 5 enable Immediately Flash 2 enable 10 hour s Console 5 enable Immediately Monitor 5 enable Immediately Switch config end Switch copy running...

Страница 852: ...els 0 to 6 will be sent to the log server Step 3 show logging loghost index View the configuration information of the log server index Enter the index of the log server to view the corresponding confi...

Страница 853: ...sure the switch and the PC are reachable to each other configure a log server that complies with the syslog standard on the PC and set the PC as the log server Demonstrated with T1500 28PCT this chapt...

Страница 854: ...figure Switch config logging host index 1 1 1 0 1 5 Switch config end Switch copy running config startup config Verify the Configurations Switch show logging loghost Index Host IP Severity Status 1 1...

Страница 855: ...Logs Parameter Default Setting Status of Log Buffer Enabled Severity of Log Buffer Level_6 Sync Periodic of Log Buffer Immediately Status of Log File Disabled Severity of Log File Level_3 Sync Periodi...

Страница 856: ...d in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interferenc...

Страница 857: ...which case the user will be required to correct the interference at his own expense This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This devi...

Страница 858: ...peration is subject to the following two conditions 1 This device may not cause interference 2 This device must accept any interference including interference that may cause undesired operation of the...

Страница 859: ...disassemble repair or modify the device Place the device with its bottom surface downward Please read and follow the above safety information when operating the device We cannot guarantee that no acci...

Страница 860: ...symbol for Waste electrical and electronic equipment WEEE This means that this product must be handled pursuant to European directive 2012 19 EU in order to be recycled or dismantled to minimize its i...

Страница 861: ...stered trademarks of their respective holders No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation transformation or adaptatio...

Отзывы:

Нет отзывов

Похожие инструкции для JetStream T1500-28PCT

Бренд: CALIENT Страницы: 22

Бренд: PRO SIGNAL Страницы: 5

Бренд: OEM Страницы: 1

ETHERNET Accessories 852 852-0111

Бренд: WAGO Страницы: 38

Бренд: NTI Страницы: 69

Бренд: Hama Страницы: 56

Cordex HP CXRF 48-2.4kW

Бренд: Alpha Страницы: 56

Бренд: Pulsar Страницы: 5

Бренд: VigilLink Страницы: 24

SwitchMan USB-Combo SW4

Бренд: Raritan Страницы: 2

Бренд: AV Link Страницы: 2

Бренд: Gefen Страницы: 12

kontron KSwitch D3 UMP

Бренд: S&T Страницы: 36

Power Switch G0021

Бренд: G-Force Страницы: 2

Бренд: Foxun Страницы: 7

Бренд: Elk Products Страницы: 2

Бренд: Kramer Страницы: 4

Бренд: Dwyer Instruments Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды