TP-Link JetStream TL-SG3216 Скачать руководство пользователя страница 142 | Manualshive

Страница: 142 / 232

background image

3 Configure

for

requirement 2
and 4

On

ACL

→

ACL Config

→

ACL Create

page, create ACL 100.

On

ACL

→

ACL Config

→

Standard-IP ACL

page, select ACL 100,

create Rule 1, configure operation as Deny, configure S-IP as
172.31.70.1 and mask as 255.255.255.0, configure D-IP as
172.31.50.1 and mask as 255.255.255.0, configure the time-range as
No Limit.
On

ACL

→

ACL Config

→

Standard-IP ACL

page, select ACL 100,

create Rule 2, configure operation as Deny, configure S-IP as
172.31.70.1 and mask as 255.255.255.0, configure D-IP as
172.31.88.5 and mask as 255.255.255.255, configure the time-range
as No Limit.
On

ACL

→

ACL Config

→

Standard-IP ACL

page, select ACL 100,

create Rule 3, configure operation as Permit, configure S-IP as
172.31.70.1 and mask as 255.255.255.0, configure D-IP as
172.31.88.5 and mask as 255.255.255.0, configure the time-range as
work_time.
On

ACL

→

Policy Config

→

Action Create

page, add ACL 100 to Policy

limit1.
On

ACL

→

Policy Binding

→

Port Binding

page, select Policy limit1 to

bind to port 3.

4 Configure

for

requirement 3
and 4

On

ACL

→

ACL Config

→

ACL Create

page, create ACL 101.

On

ACL

→

ACL Config

→

Standard-IP ACL

page, select ACL 101,

create Rule 1, configure operation as Deny, configure S-IP as
172.31.70.1 and mask as 255.255.255.0, configure D-IP as
172.31.50.1 and mask as 255.255.255.0, configure the time-range as
No Limit.
On

ACL

→

ACL Config

→

Standard-IP ACL

page, select ACL 101,

create Rule 2, configure operation as Deny, configure S-IP as
172.31.70.1 and mask as 255.255.255.0, configure D-IP as
172.31.88.5 and mask as 255.255.255.255, configure the time-range
as No Limit.
On

ACL

→

Policy Config

→

Policy Create

page, create a policy named

limit2.
On

ACL

→

Policy Config

→

Action Create

page, add ACL 101 to Policy

limit1.
On

ACL

→

Policy Binding

→

Port Binding

page, select Policy limit2 to

bind to port 4.

Return to CONTENTS

135

«
...
140
141
142
143
144
...
»

Содержание JetStream TL-SG3216

Страница 1: ...TL SG3216 TL SG3424 JetStream L2 Lite Managed Switch Rev 1 0 2 1910010512...

Страница 2: ...led and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference...

Страница 3: ...Login 9 3 2 Configuration 9 Chapter 4 System 11 4 1 System Info 11 4 1 1 System Summary 11 4 1 2 Device Description 13 4 1 3 System Time 13 4 1 4 System IP 15 4 2 User Manage 16 4 2 1 User Table 16 4...

Страница 4: ...Q VLAN 49 6 1 1 VLAN Config 51 6 1 2 Port Config 53 6 2 MAC VLAN 55 6 3 Protocol VLAN 56 6 3 1 Protocol Group Table 59 6 3 2 Protocol Group 59 6 3 3 Protocol Template 60 6 4 Application Example for 80...

Страница 5: ...nge 103 8 3 2 Port Filter 104 8 4 Packet Statistics 105 Chapter 9 QoS 107 9 1 DiffServ 110 9 1 1 Port Priority 110 9 1 2 Schedule Mode 111 9 1 3 802 1P Priority 112 9 1 4 DSCP Priority 112 9 2 Bandwid...

Страница 6: ...MAC Binding 136 11 1 1 Binding Table 136 11 1 2 Manual Binding 137 11 1 3 ARP Scanning 139 11 1 4 DHCP Snooping 140 11 2 ARP Inspection 146 11 2 1 ARP Detect 150 11 2 2 ARP Defend 151 11 2 3 ARP Stat...

Страница 7: ...ample for Cluster Function 192 Chapter 14 Maintenance 195 14 1 System Monitor 195 14 1 1 CPU Monitor 195 14 1 2 Memory Monitor 196 14 2 Log 197 14 2 1 Log Table 198 14 2 2 Local Log 198 14 2 3 Remote...

Страница 8: ...ne console cable Two mounting brackets and other fittings Installation Guide Resource CD for TL SG3216 TL SG3424 Switch including This User Guide Other Helpful Information Note Make sure that the pack...

Страница 9: ...SG3424 just differ in the number of LED indicators and ports and all figures in this guide are of TL SG3216 Menu Name Submenu Name Tab page indicates the menu structure System System Info System Summa...

Страница 10: ...changing the 802 1Q VLAN configuration z Protocol VLAN Create VLANs in application layer to make some special data transmitted in the specified VLAN z GVRP GVRP allows the switch to automatically add...

Страница 11: ...ule is used to configure the multiple protection measures for the network security Here mainly introduces z IP MAC Binding Bind the IP address MAC address VLAN ID and the connected Port number of the...

Страница 12: ...e connected device are available z Network Diagnose Test if the destination is reachable and the account of router hops from the switch to the destination Appendix A Specifications Lists the hardware...

Страница 13: ...ilability Link aggregation LACP increases aggregated bandwidth optimizing the transport of business critical data IEEE 802 1s Multiple Spanning Tree provides high link availability in multiple VLAN en...

Страница 14: ...ex mode on Switching Port Port Config page For 100M module please select 100MFD while select 1000MFD for gigabit module By default the Speed and Duplex mode of SFP port is 1000MFD Console Port Designe...

Страница 15: ...gure 2 2 Rear Panel Grounding Terminal TL SG3216 TL SG3424 already comes with Lightning Protection Mechanism You can also ground the Switch through the PE Protecting Earth cable of AC cord or with Gro...

Страница 16: ...IP address is 192 168 0 x x is any number from 2 to 254 Subnet Mask is 255 255 255 0 For the detailed instructions as to how to do this please refer to Appendix B 2 After a moment a login window will...

Страница 17: ...ve before the switch is rebooted If you want to keep the configurations effective even the switch is rebooted please click Saving Config You are suggested to click Saving Config before cutting off the...

Страница 18: ...can view the port connection status and the system information The port status diagram shows the working status of 16 10 100 1000Mbps RJ45 ports and 2 SFP ports of the switch The ports labeled as numb...

Страница 19: ...type of the port Rate Displays the maximum transmission rate of the port Status Displays the connection status of the port Click a port to display the bandwidth utilization on this port The actual rat...

Страница 20: ...ollowing entries are displayed on this screen Device Description Device Name Enter the name of the switch Device Location Enter the location of the switch System Contact Enter your contact information...

Страница 21: ...t GMT When this option is selected you can configure the time zone and the IP Address for the NTP Server The switch will get GMT automatically if it has connected to a NTP Server z Time Zone Select yo...

Страница 22: ...lowing page Figure 4 6 System IP The following entries are displayed on this screen IP Config MAC Address Displays MAC Address of the switch IP Address Mode Select the mode to obtain IP Address for th...

Страница 23: ...to the Web management page with a certain access level so as to protect the settings of the switch from being randomly changed The User Manage function can be implemented on User Table and User Config...

Страница 24: ...ssword for users login Confirm Password Retype the password User Table Select Select the desired entry to delete the corresponding user information It is multi optional The current user information ca...

Страница 25: ...Restore Restore Config Click the Restore Config button to restore the backup configuration file It will take effect after the switch automatically reboots Note 1 It will take a few minutes to restore...

Страница 26: ...he configuration Please wait without any operation 4 3 3 Firmware Upgrade The switch system can be upgraded via the Web management page To upgrade the system is to get more functions and better perfor...

Страница 27: ...Reset On this page you can reset the switch to the default All the settings will be cleared after the switch is reset Choose the menu System System Tools System Reset to load the following page Figur...

Страница 28: ...ed Select this option to limit the ports for login IP Address Mask These fields can be available for configuration only when IP based mode is selected Only the current host and the users within the IP...

Страница 29: ...to the correct users and servers 2 Encrypt the data transmission to prevent the data being intercepted 3 Maintain the integrality of the data to prevent the data being altered in the transmission Adop...

Страница 30: ...ured connection using https please enter https into the URL field of the browser 4 It may take more time for https connection than that for http connection because https connection involves authentica...

Страница 31: ...ssfully downloaded the certificate authentication will be preferred for SSH access to the switch Choose the menu System Access Seurity SSH Config to load the following page Figure 4 16 SSH Config The...

Страница 32: ...d file will result in the SSH access to the switch via Password authentication Application Example 1 for SSH Network Requirements 1 Log on to the switch via password authentication using SSH and the S...

Страница 33: ...ient software is recommended Configuration Procedure 1 Select the key type and key length and generate SSH key Note 1 The key length is in the range of 256 to 3072 bits 2 During the key generation ran...

Страница 34: ...tch download the public key file saved in the computer to the switch Note 1 The key type should accord with the type of the key file 2 The SSH key downloading can not be interrupted 4 Download the pri...

Страница 35: ...on to the interface of PuTTY and enter the IP address for login After successful authentication please enter the login user name If you log on to the switch without entering password it indicates tha...

Страница 36: ...the packets on the port will be discarded Disabling the port which is vacant for a long time can reduce the power consumption effectively And you can enable the port when it is in need The parameters...

Страница 37: ...Note 1 The switch can not be managed through the disabled port Please enable the port which is used to manage the switch 2 The parameters of the port members in a LAG should be set as the same 3 When...

Страница 38: ...group Click Edit to display the following figure Figure 5 3 Mirroring Port The following entries are displayed on this screen Mirror Group Number Select the mirror group number you want to configure...

Страница 39: ...tch will broadcast the packets to all the ports At this moment the attacker can obtain the network information via various sniffers and attacks When the MAC Address Table is full the packets traffic w...

Страница 40: ...rom the LAG will the Port Security function be available for the port 2 The Port Security function is disabled when the 802 1X function is enabled 5 2 LAG LAG Link Aggregation Group is to combine a nu...

Страница 41: ...mplemented on the LAG Table Static LAG and LACP Config configuration pages 5 2 1 LAG Table On this page you can view the information of the current LAG of the switch Choose the menu Switching LAG LAG...

Страница 42: ...LAG Click the Detail button for the detailed information of your selected LAG Figure 5 6 Detail Information 5 2 2 Static LAG On this page you can manually configure the LAG The LACP feature is disabl...

Страница 43: ...cal link which will highly extend the bandwidth and flexibly balance the load With the LACP feature enabled the port will notify its partner of the aggregation ID consist of System Priority system MAC...

Страница 44: ...tional Port Displays the port number Admin Key Specify an Admin Key for the port The member ports in a dynamic aggregation group must have the same Admin Key System Priority Specify a System Priority...

Страница 45: ...itoring the traffic of each port is implemented on the Traffic Summary and Traffic Statistics pages 5 3 1 Traffic Summary Traffic Summary screen displays the traffic information of each port which fac...

Страница 46: ...Displays the number of octets received on the port The error octets are counted in Octets Tx Displays the number of octets transmitted on the port Statistics Click the Statistics button to view the d...

Страница 47: ...error packets that are less than 64 bytes long Pkts64Octets Displays the number of the received packets including error packets that are 64 bytes long Pkts65to127Octets Displays the number of the rece...

Страница 48: ...ion is saved Relationship between the bound MAC address and the port Static Address Table Manually configuring No Yes The bound MAC address can not be learned by the other ports in the same VLAN Dynam...

Страница 49: ...of your desired entry Type Select the type of your desired entry z All This option allows the address table to display all the address entries z Static This option allows the address table to display...

Страница 50: ...MAC address entries can facilitate the switch to reduce broadcast packets and remarkably enhance the efficiency of packets forwarding without learning the address The static MAC address learned by the...

Страница 51: ...rrectly Please reset the static address entry appropriately 2 If the MAC address of a device has been added to the Static Address Table connecting the device to another port will cause its address not...

Страница 52: ...he Aging Time for the dynamic address Search Option Search Option Select a Search Option from the pull down list and click the Search button to find your desired entry in the Dynamic Address Table MAC...

Страница 53: ...g excessive invalid MAC address entries maintained by the switch may fill up the MAC address table This prevents the MAC address table from updating with network changes in time If the aging time is t...

Страница 54: ...ber of your desired entry Filtering Address Table Select Select the entry to delete the corresponding filtering address It is multi optional MAC Address Displays the filtering MAC Address VLAN ID Disp...

Страница 55: ...packets are limited in a VLAN Hosts in the same VLAN communicate with one another via Ethernet whereas hosts in different VLANs communicate with one another through the Internet devices such as Router...

Страница 56: ...ty Priority is a 3 bit field referring to 802 1p priority Refer to section QoS QoS profile for details 3 CFI CFI is a 1 bit field indicating whether the MAC address is encapsulated in the standard for...

Страница 57: ...mines the default broadcast domain of the port i e when the port receives UL packets or broadcast packets the port will broadcast the packets in its default VLAN Different packets tagged or untagged w...

Страница 58: ...he following entries are displayed on this screen VLAN Table VLAN ID Select Click the Select button to quick select the corresponding entry based on the VLAN ID number you entered Select Select the de...

Страница 59: ...ck the Check button to check whether the VLAN ID you entered is valid or not VLAN Members Port Select Click the Select button to quick select the corresponding entry based on the port number you enter...

Страница 60: ...VLAN please acquaint yourself with all the devices connected to the switch in order to configure the ports properly Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Figure 6 5 8...

Страница 61: ...VLAN Click the Detail button to view the information of the VLAN to which the port belongs Click the Detail button to view the information of the corresponding VLAN Figure 6 6 View the Current VLAN of...

Страница 62: ...ches the packet with the current MAC VLAN If the packet is matched the switch will add a corresponding MAC VLAN tag to it If no MAC VLAN is matched the switch will add a tag to the packet according to...

Страница 63: ...he device in a MAC VLAN it s required to set its connected port of switch to be a member of this VLAN so as to ensure the normal communication 6 3 Protocol VLAN Protocol VLAN is another way to classif...

Страница 64: ...without other fields Currently only IPX protocol supports 802 3 raw encapsulation format The last two bytes of the Length field in 802 3 raw encapsulation is 0xFFFF z 802 2LLC Logic Link Control encap...

Страница 65: ...protocol and the protocol templates are for reference Meanwhile some protocol templates has been preset in the switch you can create protocol VLAN according to the corresponding protocol template Enca...

Страница 66: ...2 1Q VLAN so as to ensure the packets forwarded normally 6 3 1 Protocol Group Table On this page you can create Protocol VLAN and view the information of the current defined Protocol VLANs Choose the...

Страница 67: ...ress port belongs to Protocol Group Member Select your desired port for Protocol VLAN Group 6 3 3 Protocol Template The Protocol Template should be created before configuring the Protocol VLAN By defa...

Страница 68: ...page set the link type for the port based on its connected device 2 Create VLAN Required On the VLAN 802 1Q VLAN VLAN Config page click the Create button to create a VLAN Enter the VLAN ID and the des...

Страница 69: ...2 1Q VLAN VLAN Config page create a VLAN with its VLANID as 10 owning Port 2 and Port 3 3 Create VLAN20 Required On VLAN 802 1Q VLAN VLAN Config page create a VLAN with its VLANID as 20 owning Port 3...

Страница 70: ...Procedure z Configure Switch A Step Operation Description 1 Configure the Link Type of the ports Required On VLAN 802 1Q VLAN Port Config page configure the link type of Port 11 and Port 12 as GENERAL...

Страница 71: ...reate MAC VLAN10 with the MAC address as 00 19 56 82 3B 70 z Configure Switch C Step Operation Description 1 Configure the Link Type of the ports Required On VLAN 802 1Q VLAN Port Config page configur...

Страница 72: ...n Description 1 Configure the Link Type of the ports Required On VLAN 802 1Q VLAN Port Config page configure the link type of Port 4 and Port 5 as ACCESS and configure the link type of Port 3 as GENER...

Страница 73: ...e in order to be registered by the other GARP entities Leave Message When a GARP entity expects other switches to deregister certain attribute information of its own it sends out a Leave message And w...

Страница 74: ...mation to other switches so that all the switching devices in the same switched network can have the same VLAN information The VLAN registration information includes not only the static registration i...

Страница 75: ...ort Select Click the Select button to quick select the corresponding entry based on the port number you entered Select Select the desired port for configuration It is multi optional Port Displays the...

Страница 76: ...e two sending operations of each Join message The Join Timer ranges from 20 to 1000 centiseconds Leave Timer Once the Leave Timer is set the GARP port receiving a Leave message will start its Leave ti...

Страница 77: ...e designated bridge The switch with the lowest bridge ID will be chosen as the designated bridge Root Path Cost Indicates the sum of the path cost of the root port and the path cost of all the switche...

Страница 78: ...is the new root port and the designated port begins to forward data after twice forward delay which ensures the new configuration BPDUs are spread in the whole network BPDU Comparing Principle in STP...

Страница 79: ...ost the switch generates a designated port BPDU for each of its ports z Root ID is replaced with that of the root port z Root path is replaced with the sum of the root path cost of the root port and t...

Страница 80: ...o be forwarded along their respective paths so as to provide redundant links with a better load balancing mechanism Features of MSTP z MSTP combines VLANs and spanning tree together via VLAN to instan...

Страница 81: ...his status the port can only receive BPDU packets z Disconnected In this status the port is not participating in the STP Port Roles In an MSTP the following roles exist z Root Port Indicates the port...

Страница 82: ...n the switch can be implemented on STP Config and STP Summary pages 7 1 1 STP Config Before configuring spanning trees you should make clear the roles each switch plays in each spanning tree instance...

Страница 83: ...to 20 to set the maximum number of BPDU packets transmitted per Hello Time interval The default value is 5pps Max Hops Enter a value from 1 to 40 to set the maximum number of hops that occur in a spe...

Страница 84: ...value is recommended 7 1 2 STP Summary On this page you can view the related parameters for Spanning Tree function Choose the menu Spanning Tree STP Config STP Summary to load the following page Figur...

Страница 85: ...ing the root port The lower value has the higher priority IntPath IntPath Cost is used to choose the path and calculate the path costs of ports in an MST region It is an important criterion on determi...

Страница 86: ...edge ports and enable the BPDU protection function as well This not only enables these ports to transit to forwarding state rapidly but also secures your network 2 All the links of ports in a LAG can...

Страница 87: ...r MST region identification 7 3 2 Instance Config Instance Configuration a property of MST region is used to describe the VLAN to Instance mapping configuration You can assign VLAN to different instan...

Страница 88: ...ID The cleared VLAN ID will be automatically mapped to the CIST VLAN Instance Mapping VLAN ID Enter the desired VLAN ID After modification here the new VLAN ID will be added to the corresponding insta...

Страница 89: ...ays the port number of the switch Priority Enter the priority of the port in the instance It is an important criterion on determining if the port connected to this port will be chosen as the root port...

Страница 90: ...ny malicious attack against STP features The STP Security function can be implemented on Port Protect and TC Protect pages Port Protect function is to prevent the devices from any malicious attack aga...

Страница 91: ...ount number of the received TC BPDUs exceeds the maximum number you set in the TC threshold field the switch will not performs the removing operation in the TC protect cycle Such a mechanism prevents...

Страница 92: ...ulating STP because of link failures and network congestions Root Protect Root Protect is to prevent wrong network topology change caused by the role change of the current legal root bridge TC Protect...

Страница 93: ...ault value is 20 TC Protect Cycle Enter a value from 1 to 10 to specify the TC Protect Cycle The default value is 5 7 5 Application Example for STP Function Network Requirements z Switch A B C D and E...

Страница 94: ...ion 1 Configure ports On VLAN 802 1Q VLAN page configure the link type of the related ports as Trunk and add the ports to VLAN 101 and VLAN 106 The detailed instructions can be found in the section 80...

Страница 95: ...nstance 2 On Spanning Tree MSTP Instance Instance Config page configure the priority of Instance 2 to be 0 z Configure Switch D Step Operation Description 1 Configure ports On VLAN 802 1Q VLAN page co...

Страница 96: ...estion for Configuration z Enable TC Protect function for all the ports of switches z Enable Root Protect function for all the ports of root bridges z Enable Loop Protect function for the non edge por...

Страница 97: ...e for networks with sparsely users whereas broadcast is suitable for networks with densely distributed users When the number of users requiring this information is not certain unicast and broadcast de...

Страница 98: ...hip is described as Figure 8 2 Figure 8 2 Mapping relationship between multicast IP address and multicast MAC address The high order 4 bits of the IP multicast address are 1110 identifying the multica...

Страница 99: ...message from the host within a period of time IGMP Messages The switch running IGMP Snooping processes the IGMP messages of different types as follows 1 IGMP Query Message IGMP query message sent by t...

Страница 100: ...connected to a multicast group member 2 Timers Router Port Time Within the time if the switch does not receive IGMP query message from the router port it will consider this port is not a router port...

Страница 101: ...lticast Select the operation for the switch to process unknown multicast Forward or Discard IGMP Snooping Status Description Displays IGMP Snooping status Member Displays the member of the correspondi...

Страница 102: ...port the Switch will immediately remove this port from the multicast group upon receiving IGMP leave messages LAG Displays the LAG number which the port belongs to Note 1 Fast Leave on the port is eff...

Страница 103: ...ber port Within this time if the switch doesn t receive IGMP report message from the member port it will consider this port is not a member port any more Leave Time Specify the interval between the sw...

Страница 104: ...ulticast transmission mode when users in different VLANs apply for join the same multicast group the multicast router will duplicate this multicast information and deliver each VLAN owning a receiver...

Страница 105: ...eave message from a host and the switch removing the host from the multicast groups Static Router Port Select the static router port which is mainly used in the network with stable topology Note 1 The...

Страница 106: ...figuration If it is successfully configured the VLAN ID of the multicast VLAN will be displayed in the IGMP Snooping Status table on the Multicast IGMP Snooping Snooping Config page Application Exampl...

Страница 107: ...oping function Enable IGMP Snooping function globally on Multicast IGMP Snooping Snooping Config page Enable IGMP Snooping function for port 3 port4 and port 5 on Multicast IGMP Snooping Port Config p...

Страница 108: ...c Displays all static multicast IP entries z Dynamic Displays all dynamic multicast IP entries Multicast IP Table Multicast IP Displays multicast IP address VLAN ID Displays the VLAN ID of the multica...

Страница 109: ...tries quickly z All Displays all static multicast IP entries z Multicast IP Enter the multicast IP address the desired entry must carry z VLAN ID Enter the VLAN ID the desired entry must carry z Port...

Страница 110: ...1 IP Range On this page you can figure the desired IP ranges to be filtered Choose the menu Multicast Multicast Filter IP Range to load the following page Figure 8 10 Multicast Filter The following e...

Страница 111: ...r Config Port Select Click the Select button to quick select the corresponding port based on the port number you entered Select Select the desired port for multicast filtering It is multi optional Por...

Страница 112: ...s can be bound to one port Configuration Procedure Step Operation Description 1 Configure IP Range Required Configure IP Range to be filtered on Multicast Multicast Filter IP Range page 2 Configure mu...

Страница 113: ...r you entered Port Displays the port number of the switch Query Packet Displays the number of query packets the port received Report Packet V1 Displays the number of IGMPv1 report packets the port rec...

Страница 114: ...ackets to different priority queues based on the priority modes This switch implements three priority modes based on port on 802 1P and on DSCP z Queue scheduling algorithm When the network is congest...

Страница 115: ...ent page you can configure different DS field mapping to the corresponding priority levels Non IP datagram with 802 1Q tag are mapped to different priority levels based on 802 1P priority mode the unt...

Страница 116: ...The default weight value ratio of TC0 TC1 TC2 and TC3 is 1 2 4 8 Figure 9 5 WRR Mode 3 SP WRR Mode Strict Priority Weight Round Robin Mode In this mode this switch provides two scheduling groups SP g...

Страница 117: ...hms The port priorities are labeled as CoS0 CoS1 CoS7 The DiffServ function can be implemented on Port Priority Schedule Mode 802 1P Priority and DSCP Priority pages 9 1 1 Port Priority On this page y...

Страница 118: ...edule Mode Config SP Mode Strict Priority Mode In this mode the queue with higher priority will occupy the whole bandwidth Packets in the queue with lower priority are sent only when the queue with hi...

Страница 119: ...TC1 TC2 and TC3 Configuration Procedure Step Operation Description 1 Configure the mapping relation between the 802 1P priority and TC Required On QoS DiffServ 802 1P Priority page configure the mapp...

Страница 120: ...CoS0 CoS7 Configuration Procedure Step Operation Description 1 Configure the mapping relation between the DSCP priority and 802 1P priority Required On QoS DiffServ DSCP Priority page enable DSCP Pri...

Страница 121: ...ed and utilized Choose the menu QoS Bandwitdth Control Rate Limit to load the following page Figure 9 10 Rate Limit The following entries are displayed on this screen Rate Limit Config Port Select Cli...

Страница 122: ...rame in the network If the transmission rate of the three kind packets exceeds the set bandwidth the packets will be automatically discarded to avoid network broadcast storm Choose the menu QoS Bandwi...

Страница 123: ...ce VLANs you can perform QoS related configuration for voice data ensuring the transmission priority of voice data stream and voice quality OUI Address Organizationally unique identifier address The s...

Страница 124: ...UNK Supported The default VLAN of the port can not be voice VLAN TAG voice stream GENERAL Supported The default VLAN of the port can not be voice VLAN and the egress rule of the access port in the def...

Страница 125: ...the device to deal with the packet is determined by whether the port permits the VLAN or not independent of voice VLAN security mode Table 9 3 Security mode and packets processing mode Note Don t tran...

Страница 126: ...o enable voice VLAN function for the LAG member port please ensure its member state accords with its port mode If a port is a member port of voice VLAN changing its port mode to be Auto will make the...

Страница 127: ...ice VLAN LAG Displays the LAG number which the port belongs to 9 3 3 OUI Config The switch supports OUI create and add the MAC address of the special voice device to the OUI table of the switch The sw...

Страница 128: ...type of ports of the voice device 2 Create VLAN Required On VLAN 802 1Q VLAN Port Config page click the Create button to create a VLAN 3 Add OUI address Optional On QoS Voice VLAN OUI Config page you...

Страница 129: ...ime range data packets can be filtered by differentiating the time ranges On this switch absolute time week time and holiday can be configured Configure an absolute time section in the form of the sta...

Страница 130: ...The ACL rule based on this time range takes effect only when the system time is within the holiday Absolute Select Absolute to configure absolute time range The ACL rule based on this time range takes...

Страница 131: ...ate of the holiday End Date Specify the end date of the holiday Holiday Name Enter the name of the holiday Holiday Table Select Select the desired entry to delete the corresponding holiday Index Displ...

Страница 132: ...d the following page Figure 10 4 ACL Summary The following entries are displayed on this screen Search Option Select ACL Select the ACL you have created ACL Type Displays the type of the ACL you selec...

Страница 133: ...eate MAC Rule The following entries are displayed on this screen Create MAC ACL ACL ID Select the desired MAC ACL for configuration Rule ID Enter the rule ID Operation Select the operation for the swi...

Страница 134: ...d IP ACL ACL ID Select the desired Standard IP ACL for configuration Rule ID Enter the rule ID Operation Select the operation for the switch to process packets which match the rules z Permit Forward p...

Страница 135: ...IP address contained in the rule D IP Enter the destination IP address contained in the rule Mask Enter IP address mask If it is set to 1 it must strictly match the address IP Protocol Select IP proto...

Страница 136: ...CL and the corresponding operations in the policy Choose the menu ACL Policy Config Policy Summary to load the following page Figure 10 9 Policy Summary The following entries are displayed on this scr...

Страница 137: ...lowing entries are displayed on this screen Create Policy Policy Name Enter the name of the policy 10 3 3 Action Create On this page you can add ACLs and create corresponding actions for the policy Ch...

Страница 138: ...QoS Remark to forward the data packets based on the QoS settings z DSCP Specify the DSCP region for the data packets those match the corresponding ACL z Local Priority Specify the local priority for...

Страница 139: ...ACL Policy Binding Port Binding to load the following page Figure 10 13 Bind the policy to the port The following entries are displayed on this screen Port Bind Config Policy Name Select the name of...

Страница 140: ...configuration pages configure ACL rules to match packets 3 Configure Policy Required On ACL Policy Config configuration pages configure the policy to control the data packets those match the correspon...

Страница 141: ...8 00 18 00 2 Configure for requirement 1 On ACL ACL Config ACL Create page create ACL 11 On ACL ACL Config MAC ACL page select ACL 11 create Rule 1 configure the operation as Permit configure the S MA...

Страница 142: ...e the time range as work_time On ACL Policy Config Action Create page add ACL 100 to Policy limit1 On ACL Policy Binding Port Binding page select Policy limit1 to bind to port 3 4 Configure for requir...

Страница 143: ...connected port number of the Hosts in the LAN via the ARP Scanning function and bind them conveniently You are only requested to enter the range of the IP address on the ARP Scanning page for the sca...

Страница 144: ...plays the MAC Address of the Host VLAN ID Displays the VLAN ID here Port Displays the number of port connected to the Host Protect Type Allows you to view and modify the Protect Type of the entry Sour...

Страница 145: ...Binding Table Select Select the desired entry to be deleted It is multi optional Host Name Displays the Host Name here IP Address Displays the IP Address of the Host MAC Address Displays the MAC Addre...

Страница 146: ...try related to the IP address of Host B exists If yes Host A will directly send the packets to Host B If the corresponding MAC address is not found in the ARP Table Host A will broadcast ARP request p...

Страница 147: ...LAN ID Displays the VLAN ID here Port Displays the number of port connected to the Host Protect Type Displays the Protect Type of the entry Collision Displays the Collision status of the entry Warning...

Страница 148: ...gure 11 5 Network diagram for DHCP snooping implementation For different DHCP Clients DHCP Server provides three IP address assigning methods 1 Manually assign the IP address Allows the administrator...

Страница 149: ...e DHCP ACK packet back to the Client Otherwise the Server will send the DHCP NAK packet to refuse assigning this IP address to the Client Option 82 The DHCP packets are classified into 8 types with th...

Страница 150: ...mistake 2 Hacker exhausted the IP addresses of the normal DHCP server and then pretended to be a legal DHCP server to assign the IP addresses and the other parameters to Clients For example hacker us...

Страница 151: ...d the following page Figure 11 8 DHCP Snooping Note If you want to enable the DHCP Snooping feature for the member port of LAG please ensure the parameters of all the member ports are the same The fol...

Страница 152: ...tch defined one Drop Indicates to discard the packets including the Option 82 field Customization Enable Disable the switch to define the Option 82 Circuit ID Enter the sub option Circuit ID for the c...

Страница 153: ...of a forged Gateway to Host and then the Host will automatically update the ARP table after receiving the ARP response packets which causes that the Host can not access the network normally The ARP A...

Страница 154: ...N it will encapsulate this false destination MAC address for packets which results in a breakdown of the normal communication Cheating Terminal Hosts The attacker sends the false IP address to MAC add...

Страница 155: ...e Middle Attack The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the Hosts maintain the wrong ARP table When the Hosts in LAN communicate with one another they w...

Страница 156: ...p a normal appearing communication 5 The attacker continuously sends the false ARP packets to the Host A and Host B so as to make the Hosts always maintain the wrong ARP table In the view of Host A an...

Страница 157: ...network from ARP attacks such as the Network Gateway Spoofing and Man In The Middle Attack etc Choose the menu Network Security ARP Inspection ARP Detect to load the following page Figure 11 13 ARP D...

Страница 158: ...y 3 Specify the trusted port Required On the Network Security ARP Inspection ARP Detect page specify the trusted port The specific ports such as up linked port routing port and LAG port should be set...

Страница 159: ...ARP packets Status Displays the status of the ARP attack LAG Displays the LAG to which the port belongs to Operation Click the Recover button to restore the port to the normal status The ARP Defend f...

Страница 160: ...rvice Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host which incurs an abnormal service or even breakdo...

Страница 161: ...h its source port less than 1024 The attacker sends the illegal packet with its TCP SYN field set to 1 and source port less than 1024 Blat Attack The attacker sends the illegal packet with its source...

Страница 162: ...e network and block the unnecessary network services 3 Enhance the network security via the protection devices such as the hardware firewall 11 4 802 1X The 802 1X protocol was developed by IEEE802 LA...

Страница 163: ...orization To ensure a stable authentication system an alternate authentication server can be specified If the main authentication server is in trouble the alternate authentication server can substitut...

Страница 164: ...AP MD5 authentication procedure Figure 11 18 EAP MD5 Authentication Procedure 1 A supplicant system launches an 802 1X client program via its registered user name and password to initiate an access re...

Страница 165: ...ort state from accepted to rejected 2 EAP Terminating Mode In this mode packet transmission is terminated at authenticator systems and the EAP packets are mapped into RADIUS packets Authentication and...

Страница 166: ...esources After passing the authentication the ports will be removed from the Guest VLAN and be allowed to access the other resources With the Guest VLAN function enabled users can access the Guest VLA...

Страница 167: ...ts to be transmitted to the authentication server PAP IEEE 802 1X authentication system uses extensible authentication protocol EAP to exchange information between the switch and the client The transm...

Страница 168: ...for the switch to wait for the response from authentication server before resending a request to the authentication server 11 4 2 Port Config On this page you can configure the 802 1X features for the...

Страница 169: ...for access Port Based All the clients connected to the port can access the network on the condition that any one of the clients has passed the 802 1X Authentication Authorized Displays the authenticat...

Страница 170: ...t connected to the authentication server In addition the authentication parameters of the switch and the authentication server should be the same Configuration Procedure Step Operation Description 1 C...

Страница 171: ...is the server software operated on network devices with the responsibility of receiving and processing the request packets from SNMP Management Station In the meanwhile Agent will inform the SNMP Mana...

Страница 172: ...ssages SNMP adopts the hierarchical architecture to identify the managed objects It is like a tree and each tree node represents a managed object as shown in the following figure Thus the object can b...

Страница 173: ...on please configure the SNMP function globally on this page Choose the menu SNMP SNMP Config Global Config to load the following page Figure 12 3 Global Config The following entries are displayed on t...

Страница 174: ...en View Config View Name Give a name to the View for identification Each View can include several entries with the same name MIB Object ID Enter the Object Identifier OID for the entry of View View Ty...

Страница 175: ...this model the Community Name is used for authentication SNMP v1 can be configured on the SNMP Community page directly v2c SNMPv2c is defined for the group In this model the Community Name is used for...

Страница 176: ...del Displays the Security Model of the group Security Level Displays the Security Level of the group Read View Displays the Read View name in the entry Write View Displays the Write View name in the e...

Страница 177: ...curity Level Security Model Select the Security Model for the User Security Level Select the Security Level for the SNMP v3 User Auth Mode Select the Authentication Mode for the SNMP v3 User None No a...

Страница 178: ...Modify button to apply Note The SNMP User and its Group should have the same Security Model and Security Level 12 1 5 SNMP Community SNMP v1 and SNMP v2c adopt community name authentication The commu...

Страница 179: ...viewDefault Configuration Procedure z If SNMPv3 is employed please take the following steps Step Operation Description 1 Enable SNMP function globally Required On the SNMP SNMP Config Global Config pa...

Страница 180: ...on With the Notification function enabled the switch can initiatively report to the management station about the important events that occur on the Views e g the managed device is rebooted which allow...

Страница 181: ...re used authNoPriv Only the authentication security level is used authPriv Both the authentication and the privacy security levels are used Type Select the type for the notifications Trap Indicates tr...

Страница 182: ...rk so as to enable the network administrator to take the protection measures in time to avoid any network malfunction In addition RMON MIB records network statistics information of network performance...

Страница 183: ...screen History Control Table Select Select the desired entry for configuration Index Displays the index number of the entry Port Specify the port from which the history samples were taken Interval Spe...

Страница 184: ...type which determines the act way of the network device in response to an event None No processing Log Logging the event Notify Sending trap messages to the management station Log Notify Logging the...

Страница 185: ...o the threshold Rising Threshold Enter the rising counter value that triggers the Rising Threshold alarm Rising Event Select the index of the corresponding event which will be triggered if the sampled...

Страница 186: ...onding alarm entry Note When alarm variables exceed the Threshold on the same direction continuously for several times an alarm event will only be generated on the first time that is the Rising Alarm...

Страница 187: ...e commander of the cluster and the others are member switches The typical topology is as follows Figure 13 1 Cluster topology Cluster Role According to their functions and status in a cluster switches...

Страница 188: ...mainly used for cluster management configuration including three submenus NDP NTDP and Cluster 13 1 NDP NDP Neighbor Discovery Protocol is used to get the information of the directly connected neighbo...

Страница 189: ...Remote Port Displays the port number of the neighbor switch which is connected to the corresponding port Device Name Displays the name of the neighbor switch Device MAC Displays MAC address of the ne...

Страница 190: ...P packets Port Status Port Displays the port number of the switch NDP Displays the NDP status enabled or disabled for the current port Send NDP Packets Displays the count of currently sent NDP packets...

Страница 191: ...Hello Time Enter the interval to send NDP packets Port Config Select Select the desired port to configure its NDP status Port Displays the port number of the switch NDP Displays NDP status of the curr...

Страница 192: ...port delay Indicates the time between the port forwarding NTDP request packets and its adjacent port forwarding NTDP request packets over The NTDP function can be implemented on Device Table NTDP Summ...

Страница 193: ...Collect Topology button to collect NTDP information of the switch so as to collect the latest network topology Click the Detail button to view the complete information of this device and its neighbor...

Страница 194: ...collects NTDP Hop Delay Displays the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time NTDP Port Delay Displays the time between...

Страница 195: ...ects The default is 3 hops NTDP Hop Delay Enter the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time The default is 200 millisec...

Страница 196: ...IP address assigned by the commander switch You can manage and configure the member switch via the commander switch The Cluster function can be implemented on Cluster Summary and Cluster Config pages...

Страница 197: ...he commander switch z For an individual switch the following page is displayed Figure 13 11 Cluster Summary for Individual Switch The following entries are displayed on this screen Global Config Clust...

Страница 198: ...role of the switch to be individual switch z For a member switch the following page is displayed Figure 13 13 Cluster Configuration for Member Switch The following entries are displayed on this screen...

Страница 199: ...ple for Cluster Function Network Requirements Three switches form cluster one commander switch Here take TP LINK TL SL5428E as an example and two member switches Here take TP LINK TL SG3216 as an exam...

Страница 200: ...tion z Configure the commander switch Step Operation Description 1 Enable NDP function on the switch and for port 1 port 2 and port 3 On Cluster NDP NDP Config page enable NDP function 2 Enable NTDP f...

Страница 201: ...witch and click the Manage button to log on to its Web management page Or On Cluster Cluster Cluster Topology page double click the switch icon to view its detailed information click the switch icon a...

Страница 202: ...device are available 5 Network Diagnose Test whether the destination device is reachable and detect the route hops from the switch to the destination device 14 1 System Monitor System Monitor functio...

Страница 203: ...Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds 14 1 2 Memory Monitor Choose the menu Maintenance System Monitor Memory Monitor to load...

Страница 204: ...ork administrator to monitor network operation and diagnose malfunction The Logs of switch are classified into the following eight levels Severity Level Description emergencies 0 The system is unusabl...

Страница 205: ...onfigure on the System System Info System Time Web management page Module Displays the module which the log information belongs to You can select a module from the drop down list to display the corres...

Страница 206: ...r for saving system log The inforamtion in the log file will not be lost after the switch is restarted and can be exported on the Backup Log page Severity Specify the severity level of the log informa...

Страница 207: ...rity level value will be sent to the corresponding log host Status Enable Disable the log host Note The Log Server software is not provided If necessary please download it on the Internet 14 2 4 Backu...

Страница 208: ...acilitates you to locate and diagnose the trouble spot of the network Choose the menu Maintenance Device Diagnose Cable Test to load the following page Figure 14 7 Cable Test The following entries are...

Страница 209: ...Loopback The following entries are displayed on this screen Loopback Type Internal Select Internal to test whether the port is available External Select External to test whether the device connected...

Страница 210: ...ded Data Size Enter the size of the sending data during Ping testing The default value is recommended Interval Specify the interval to send ICMP request packets The default value is recommended 14 4 2...

Страница 211: ...lowing entries are displayed on this screen Tracert Config Destination IP Enter the IP address of the destination device Max Hop Specify the maximum number of the route hops the test data can pass thr...

Страница 212: ...2000Mbps FD 10Base T UTP STP of Cat 3 or above 100Base TX UTP STP of Cat 5 or above 100Base FX MMF or SMF SFP Module Optional 1000Base T 4 pair UTP 100m of Cat 5 Cat 5e Cat 6 or above Transmission Me...

Страница 213: ...r s manual if necessary 1 On the Windows taskbar click the Start button and then click Control Panel 2 Click the Network and Internet Connections icon and then click on the Network Connections tab in...

Страница 214: ...Figure B 2 5 The following TCP IP Properties window will display and the IP Address tab is open on this window by default 207...

Страница 215: ...ss And the following items will be available If the switch s IP address is 192 168 0 1 specify IP address as 192 168 0 x x is from 2 to 254 and the Subnet mask as 255 255 255 0 Now Click OK to save yo...

Страница 216: ...IP network for files transfer 1 Hardware Installation Figure C 1 1 Connect FTP server to port 1 of the switch 2 Connect the Console port of the PC to the switch 3 Save the firmware of the switch in t...

Страница 217: ...nal 2 The Connection Description Window will prompt shown as Figure C 3 Enter a name into the Name field and click OK Figure C 3 Connection Description 3 Select the port to connect in the following fi...

Страница 218: ...otUtil menu To download firmware to the switch via FTP function you need to enter into the bootUtil menu of the switch and take the following steps 1 Connect the console port of the PC to the console...

Страница 219: ...an example IP address is 172 31 70 146 the user name and password for login to the FTP server are both 123 the name of the upgrade firmware is tl_sg3216_up bin The detailed command is shown as the fo...

Страница 220: ...TP LINK start Start User Access Login User Return to CONTENTS 213...

Страница 221: ...t provided on the attached CD for the supplicant Client 1 Installation Guide 1 Insert the provided CD into your CD ROM drive Open the file folder and double click the icon to load the following figure...

Страница 222: ...llowing screen Figure D 4 Choose Destination Location By default the installation files are saved on the Program Files folder of system disk Click the Change button to modify the destination location...

Страница 223: ...tall the Program 6 The InstallShield Wizard is installing TpSupplicant V2 0 shown as the following screen Please wait Figure D 6 Setup Status 7 On the following screen click Finish to complete the ins...

Страница 224: ...go to http www winpcap org to download the latest version of WinPcap for installation 2 Uninstall Software If you want to remove the TpSupplicant please take the following steps 1 On the Windows taskb...

Страница 225: ...the application from your PC Figure D 10 Uninstall the Application 4 Click Finish to complete Figure D 11 Uninstall Complete 3 Configuration 1 After completing installation double click the icon to ru...

Страница 226: ...t will send the EAPOL Start packets to the switch via multicast and send the 802 1X authentication packets via unicast Obtain an IP address automatically Select this option if the Client automatically...

Страница 227: ...D 14 Authentication Dialog 4 When passing the authentication the following screen will appear Figure D 15 Successfully Authenticated 5 Double click the icon on the right corner of desktop and then th...

Страница 228: ...on and run the client software again Q2 Is this TP LINK 802 1X Client Software compliable with the switches of the other manufacturers A2 No This TP LINK 802 1X Client Software is customized for TP LI...

Страница 229: ...mic Host Control Protocol DHCP Provides a framework for passing configuration information to hosts on a TCP IP network DHCP is based on the Bootstrap Protocol BOOTP adding the capability of automatic...

Страница 230: ...802 3x Defines Ethernet frame start stop requests and timers used for flow control on full duplex links Now incorporated in IEEE 802 3 2002 Internet Group Management Protocol IGMP A protocol through...

Страница 231: ...to national time standards via wire or radio Port Authentication See IEEE 802 1X Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic a...

Страница 232: ...IP Transmission Control Protocol Internet Protocol TCP IP Protocol suite that includes TCP as the primary transport protocol and IP as the network layer protocol Trivial File Transfer Protocol TFTP A...

Отзывы:

Нет отзывов

Похожие инструкции для JetStream TL-SG3216

Бренд: Panasonic Страницы: 24

Бренд: Panasonic Страницы: 2

BB-HCM381A - Network Camera

Бренд: Panasonic Страницы: 28

BB-HCM381A - Network Camera

Бренд: Panasonic Страницы: 2

Ray 3 Plus Client

Бренд: Sun Microsystems Страницы: 6

Бренд: Paradyne Страницы: 2

Бренд: H3C Страницы: 400

LinkSmart KW6515

Бренд: Kasda Страницы: 31

Бренд: RAIDAGE Страницы: 60

Бренд: Eneo Страницы: 68

ELITENAS EN104L+(B)

Бренд: Sans Digital Страницы: 9

Бренд: Talent Страницы: 18

Бренд: PRIZM Страницы: 8

McDATA Eclipse 1620

Бренд: Sun Microsystems Страницы: 9

Бренд: ATCOM Страницы: 18

AT-WR4500 Series

Бренд: Allied Telesis Страницы: 264

Westermo Ibex-RT-330-5G Series

Бренд: IBEX Страницы: 36

Бренд: Billion Страницы: 12

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды