TP-Link T2500G-10MPS Скачать руководство пользователя страница 617

Страница: 617 / 804

Configuration Guide 593

Configuring Network Security

DoS Defend Configuration

NULL Scan

The attacker sends the illegal packet with its TCP index and all the control fields

set to 0. During the TCP connection and data transmission, the packets with all

control fields set to 0 are considered illegal.

SYN sPort less

1024

The attacker sends the illegal packet with its TCP SYN field set to 1 and source

port smaller than 1024.

Blat Attack

The attacker sends the illegal packet with the same source port and destination

port on Layer 4 and with its URG field set to 1. Similar to the Land Attack, the

system performance of the attacked host is reduced because the Host circularly

attempts to build a connection with the attacker.

Ping Flooding

The attacker floods the destination system with Ping packets, creating a

broadcast storm that makes it impossible for the system to respond to legal

communication.

SYN/SYN-ACK

Flooding

The attacker uses a fake IP address to send TCP request packets to the server.

Upon receiving the request packets, the server responds with SYN-ACK packets.

Since the IP address is fake, no response will be returned. The server will keep

on sending SYN-ACK packets. If the attacker sends overflowing fake request

packets, the network resource will be occupied maliciously and the requests of

the legal clients will be denied.

WinNuke Attack

Because the Operation System with bugs cannot correctly process the URG

(Urgent Pointer) of TCP packets, the attacker sends this type of packets to the

TCP port139 (NetBIOS) of the host with the Operation System bugs, which will

cause the host with a blue screen.

Smurf Attack

The attacker broadcasts large numbers of Internet Control Message Protocol

(ICMP) packets with the intended victim’s spoofed source IP to a computer

network using an IP broadcast address. Most devices on a network will respond

to this by sending a reply to the source IP address. If the number of devices on

the network that receive and respond to these packets is very large, the victim’s

host will be flooded with traffic, which can slow down the victim’s host and cause

the host impossible to work on.

Ping Of Death

The attacker sends an improperly large Internet Control Message Protocol (ICMP)

echo request packet, or a ping packet, with the purpose of overflowing the input

buffers of the destination host and causing the host to crash.

3) Click

Apply

5.2 Using the CLI

Follow these steps to configure DoS Defend:

Step 1

configure

Enter global configuration mode.

Step 2

ip dos-prevent

Globally enable the DoS defend feature.

Содержание T2500G-10MPS

Страница 1: ...User Guide T2500G 10MPS 1910012405 REV1 0 1 April 2018...

Страница 2: ...ith console port 9 Telnet Login 11 SSH Login 12 Disable Telnet login 16 Disable SSH login 17 Copy running config startup config 17 Change the Switch s IP Address and Default Gateway 18 Managing System...

Страница 3: ...iguration File 46 Upgrading the Firmware 46 Configuring Auto Install Function 47 Rebooting the switch 48 Configuring the Reboot Schedule 48 Reseting the Switch 49 Using the CLI 49 Configuring the Boot...

Страница 4: ...6 Using the CLI 77 Port Mirror Configuration 80 Using the GUI 80 Using the CLI 82 Port Security Configuration 84 Using the GUI 84 Using the CLI 85 Port Isolation Configurations 88 Using the GUI 88 Usi...

Страница 5: ...r LACP 109 Using the CLI 111 Configuring Load balancing Algorithm 111 Configuring Static LAG or LACP 112 Configuration Example 116 Network Requirements 116 Configuration Scheme 116 Using the GUI 117 U...

Страница 6: ...ber of MAC Addresses in VLANs 139 Using the CLI 140 Configuring MAC Notification Traps 140 Limiting the Number of MAC Addresses in VLANs 142 Example for Security Configurations 144 Network Requirement...

Страница 7: ...Using the GUI 169 Using the CLI 170 Configuration Example 173 Network Requirements 173 Configuration Scheme 173 Using the GUI 173 Using the CLI 174 Appendix Default Parameters 176 Configuring 802 1Q...

Страница 8: ...197 Configuration Example 199 Network Requirements 199 Configuration Scheme 199 Using the GUI 200 Using the CLI 205 Appendix Default Parameters 209 Configuring Protocol VLAN Overview 211 Protocol VLA...

Страница 9: ...nfiguring Up link Ports 236 Flexible VLAN VPN Configuration 239 Using the GUI 239 Using the CLI 240 Configuration Example 242 Network Requirements 242 Configuration Scheme 242 Using the GUI 243 Using...

Страница 10: ...Using the GUI 287 Configuring Parameters on Ports in CIST 287 Configuring the MSTP Region 289 Configuring MSTP Globally 293 Verifying the MSTP Configurations 295 Using the CLI 296 Configuring Paramete...

Страница 11: ...35 Configuring IGMP Snooping Globally in the VLAN 335 Optional Configuring the Static Router Ports in the VLAN 336 Optional Configuring the Forbidden Router Ports in the VLAN 336 Configuring the Multi...

Страница 12: ...w Action on the Port 352 Configuring IGMP Snooping Last Listener Query 353 Configuring IGMP Snooping Parameters in the VLAN 354 Configuring Router Port Time and Member Port Time 354 Configuring Static...

Страница 13: ...orbidden Router Ports in the VLAN 372 Configuring the Multicast VLAN 373 Creating Multicast VLAN and Configuring Basic Settings 373 Optional Creating Replace Source IP 374 Viewing Dynamic Router Ports...

Страница 14: ...P and Forward Port 392 Configuring MLD Snooping Parameters in the Multicast VLAN 393 Configuring Router Port Time and Member Port Time 393 Configuring Static Router Port 394 Configuring Forbidden Rout...

Страница 15: ...g 422 Network Requirements 422 Configuration Scheme 422 Network Topology 422 Using the GUI 423 Using the CLI 428 Appendix Default Parameters 431 Default Parameters for IGMP Snooping 431 Default Parame...

Страница 16: ...ol 457 Using the CLI 458 Configuring Rate Limit on Port 458 Configuring Storm Control 459 Configuration Examples 461 Example for Configuring SP Mode 461 Network Requirements 461 Configuration Scheme 4...

Страница 17: ...figuring the PoE Parameters Using the Profile 511 Using the CLI 513 Configuring the PoE Parameters Manually 513 Configuring the PoE Parameters Using the Profile 515 Time Range Function Configurations...

Страница 18: ...ACL 546 Configuring Policy 551 ACL Binding and Policy Binding 553 Configuration Example for ACL 556 Network Requirements 556 Network Topology 556 Configuration Scheme 556 Using the GUI 557 Using the...

Страница 19: ...587 Using the CLI 588 Configuring ARP Detection 588 Configuring ARP Defend 589 Viewing ARP Statistics 591 DoS Defend Configuration 592 Using the GUI 592 Using the CLI 593 802 1X Configuration 596 Usi...

Страница 20: ...Examples 632 Example for DHCP Snooping and ARP Detection 632 Network Requirements 632 Configuration Scheme 632 Using the GUI 633 Using the CLI 636 Example for 802 1X 638 Network Requirements 638 Confi...

Страница 21: ...ing CLI 675 Viewing LLDP MED Settings 677 Using GUI 677 Using CLI 679 Configuration Example 680 Example for Configuring LLDP 680 Network Requirements 680 Network Topology 680 Configuration Scheme 680...

Страница 22: ...I 707 Configuring the Local Log 707 Configuring the Remote Log 709 Diagnosing the Device 711 Using the GUI 711 Using the CLI 712 Diagnosing the Network 713 Using the GUI 713 Configuring the Ping Test...

Страница 23: ...SNMP Communities 739 Notification Configurations 741 Using the GUI 741 Using the CLI 743 Configuring the Host 743 Enabling SNMP Notification 744 RMON Overview 749 RMON Configurations 750 Using the GU...

Страница 24: ...Using the CLI 767 Appendix Default Parameters 773...

Страница 25: ...t to ensure accuracy of the contents but all statements information and recommendations in this document do not constitute the warranty of any kind express or implied Users must take full responsibili...

Страница 26: ...d to restrict ingress bandwidth bandwidth egress egress rate is used to restrict egress bandwidth bandwidth ingress ingress rate egress egress rate is used to restrict ingress and egress bandwidth Mor...

Страница 27: ...Part 1 Accessing the Switch CHAPTERS 1 Overview 2 Web Interface Access 3 Command Line Interface Access...

Страница 28: ...nterface also called web interface in this text or using the CLI Command Line Interface There are equivalent functions in the web interface and the command line interface while web configuration is ea...

Страница 29: ...and the switch is available 2 Launch a web browser The supported web browsers include but are not limited to the following types IE 8 0 9 0 10 0 11 0 Firefox 26 0 27 0 Chrome 32 0 33 0 3 Enter the swi...

Страница 30: ...start up configuration file After you perform configurations on the sub interfaces and click Apply the modifications will be saved in the running configuration file The configurations will be lost whe...

Страница 31: ...de 7 Figure 2 4 Save Config 2 3 Disable the Web Server You can shut down the HTTP server or HTTPS server to block any access to the web interface Go to System Access Security HTTP Config disable the H...

Страница 32: ...2 7 Change the default IP address IP Address Mode Choose the IP address mode as Static IP Management VLAN This is the only VLAN through which you can get access to the switch By default all the ports...

Страница 33: ...s Table 3 1 Method list Method Using Port Typical Applications Console Console port connected directly Hyper Terminal Telnet RJ 45 port CMD SSH RJ 45 port Putty 3 1 Console Login only for switch with...

Страница 34: ...LI Main Window 4 Enter enable to enter the User EXEC Mode to further configure the switch Figure 3 2 User EXEC Mode Note In Windows XP go to Start All Programs Accessories Communications Hyper Termina...

Страница 35: ...are in the same LAN Local Area Network Click Start and type in cmd in the Search bar and press Enter Figure 3 3 Open the cmd Window 2 Type in telnet 192 168 0 1 in the cmd window and press Enter Figu...

Страница 36: ...are required which are both admin by default Key Authentication Mode Recommended A public key for the switch and a private key for the client software PuTTY are required You can generate the public k...

Страница 37: ...d you can continue to configure the switch Figure 3 9 Log In to the Switch Key Authentication Mode 1 Open the PuTTY Key Generator In the Parameters section select the key type and enter the key length...

Страница 38: ...ould be between 512 and 3072 bits You can accelerate the key generation process by moving the mouse quickly and randomly in the Key section 2 After the keys are successfully generated click Save publi...

Страница 39: ...bove CLI v1 corresponds to SSH 1 RSA and v2 corresponds to SSH 2 RSA and SSH 2 DSA The key downloading process cannot be interrupted 4 After the public key is downloaded open PuTTY and go to the Sessi...

Страница 40: ...g in If you can log in without entering the password the key authentication completed successfully Figure 3 15 Log In to the Switch 3 4 Disable Telnet login You can shut down the Telnet function to bl...

Страница 41: ...Switch config no ip ssh server 3 6 Copy running config startup config The switch s configuration files fall into two types the running configuration file and the start up configuration file After you...

Страница 42: ...replace the switch s default access IP address 192 168 0 1 24 with 192 168 0 10 24 Switch configure Switch config interface vlan 1 Switch config if ip address 192 168 0 10 255 255 255 0 The connectio...

Страница 43: ...Part 2 Managing System CHAPTERS 1 System 2 System Info Configurations 3 User Management Configurations 4 System Tools Configurations 5 Access Security Configurations 6 Appendix Default Parameters...

Страница 44: ...anage the configuration file of the switch With these tools you can configure the boot file of the switch backup and restore the configurations of the switch update the firmware reset the switch and r...

Страница 45: ...g in transport layer It supports a security access via a web browser SSH Config function is based on the SSH protocol a security protocol established on application and transport layers The function w...

Страница 46: ...igurations you can View the system summary Specify the device description Set the system time Set the daylight saving time Specify the Serial Port Parameter 2 1 Using the GUI 2 1 1 Viewing the System...

Страница 47: ...ps or 100Mbps Indicates that the corresponding SFP port is not connected to a device Indicates the SFP port is at the speed of 1000Mbps Move the cursor to the port to view the detailed information of...

Страница 48: ...tion of sending packets on this port 2 1 2 Specifying the Device Description Choose the menu System System Info Device Description to load the following page Figure 2 4 Specifying the Device Descripti...

Страница 49: ...the current time information of the switch Current System Time Displays the current date and time of the switch Current Time Source Displays the current time source of the switch In the Time Config s...

Страница 50: ...ver Update Rate Specify the interval the switch fetching time from NTP server which ranges from 1 to 24 hours The default value is 12 hours Synchronize with PC s Clock Synchronize the system time of t...

Страница 51: ...every year Offset Specify the time to set the clock forward by Start Time Specify the start time of Daylight Saving Time The interval between start time and end time should be more than 1 day and les...

Страница 52: ...gabitEthernet port View status of the interface port Enter the number of the Ethernet port show system info View the system information including system Description Device Name Device Location System...

Страница 53: ...location location Specify the system location of the switch location Enter the device location It should consist of no more than 32 characters By default it is SHENZHEN Step 4 contact info contact in...

Страница 54: ...time Step 1 configure Enter global configuration mode Step 2 Use the following command to set the system time manually system time manual time Configure the system time manually time Specify the date...

Страница 55: ...Athens Bucharest Amman Beirut Jerusalem UTC 03 00 TimeZone for Kuwait Riyadh Baghdad UTC 03 30 TimeZone for Tehran UTC 04 00 TimeZone for Moscow St Petersburg Volgograd Tbilisi Port Louis UTC 04 30 T...

Страница 56: ...how to set the system time by Get Time from NTP Server and set the time zone as UTC 08 00 set the NTP server as 133 100 9 2 set the backup NTP server as 139 78 100 163 and set the update rate as 11 S...

Страница 57: ...week of Daylight Saving Time There are 5 values showing as follows first second third fourth last sday Enter the start day of Daylight Saving Time There are 7 values showing as follows Sun Mon Tue We...

Страница 58: ...ving Time offset Enter the offset of Daylight Saving Time The default value is 60 Step 3 show system time dst Verify the DST information of the switch Step 4 end Return to privileged EXEC mode Step 5...

Страница 59: ...t value is 38400 bps Step 3 end Return to privileged EXEC mode Step 4 copy running config startup config Save the settings in the configuration file The following example shows how to set the baud rat...

Страница 60: ...1 Creating Admin Accounts Choose the menu System User Management User Config to load the following page Figure 3 1 Create Admin Accounts Follow these steps to create an Admin account 1 In the User In...

Страница 61: ...symbols You can use digits English letters case sensitive underscore and sixteen special characters Confirm Password Retype the password 2 Click Create 3 1 2 Creating Accounts of Other Types You can c...

Страница 62: ...ght to edit or modify Password Type a password for users login It is a string from 1 to 31 alphanumeric characters or symbols You can use digits English letters case sensitive underscore and sixteen s...

Страница 63: ...nfiguration file symmetric encrypted encrypted password Enter a symmetric encrypted password with fixed length which you can copy from another switch s configuration file After the encrypted password...

Страница 64: ...Save the settings in the configuration file 3 2 2 Creating Accounts of Other Types You can create accounts with the access level of Operator Power user and User here You also need to go to the AAA se...

Страница 65: ...iguration file After the encrypted password is configured you should use the corresponding unencrypted password to reenter this mode Use the following command to create an account MD5 encrypted user n...

Страница 66: ...ed enable admin secret 0 password 5 encrypted password Create an Enable Password It can change the users access level to Admin By default it is empty 0 Specify the encryption type 0 indicates that the...

Страница 67: ...set the password as 123 Enable AAA function and set the enable password as abc123 Switch configure Switch config user name user1 privilege operator password 123 Switch config aaa enable Switch config...

Страница 68: ...file Upgrade the firmware Configure the Auto Install Function Reboot the switch Configure the reboot schedule Reset the switch 4 1 Using the GUI 4 1 1 Configuring the Boot File Choose the menu System...

Страница 69: ...rtup and backup image should not be the same 2 Click Apply 4 1 2 Restoring the Configuration of the Switch Choose the menu System System Tools Config Restore to load the following page Figure 4 2 Rest...

Страница 70: ...grading the Firmware Choose the menu System System Tools Firmware Upgrade to load the following page Figure 4 4 Upgrading the Firmware In the Firmware Upgrade section select one file and click Upgrade...

Страница 71: ...uto Install Mode Select Start to enable the Auto Install function and the switch will download the configuration file and the backup image automatically Auto Install Persistent Mode Specify the Auto I...

Страница 72: ...menu System System Tools System Reboot to load the following page Figure 4 6 Rebooting the switch In the System Reboot section select the desired unit and click Reboot Target Unit Select the desired u...

Страница 73: ...o reboot in the format of DD MM YYYY The date should be within 30 days Save Before Reboot Select to save the switch s configurations before it reboots 4 1 8 Reseting the Switch Choose the menu System...

Страница 74: ...startup image as image 1 and set the backup image as image 2 Switch configure Switch config boot application filename image1 startup Switch config boot application filename image2 backup Switch config...

Страница 75: ...Configuration File Follow these steps to back up the current configuration of the switch in a file Step 1 enable Enter privileged mode Step 2 copy startup config tftp ip address ip addr filename name...

Страница 76: ...Reboot with the backup image Y N Y 4 2 5 Configuring Auto Install Function Note You should configure the DHCP server and the TFTP server first before configuring the Auto Install function Follow thes...

Страница 77: ...ress on the DHCP server IF the Auto Install process is failed the switch will restart the process every 10 minutes You can stop the process manually The following example shows how to configure the Au...

Страница 78: ...eboot schedule time Specify the time for the switch to reboot in the format of HH MM date Specify the date for the switch to reboot in the format of DD MM YYYY The date should be within 30 days save_b...

Страница 79: ...Yes Switch config end Switch copy running config startup config 4 2 8 Reseting the Switch Follow these steps to reset the switch Step 1 enable Enter privileged mode Step 2 reset Reset the switch Note...

Страница 80: ...Security Access Control to load the following page Figure 5 1 Configuring the Access Control 1 In the Access Control section select one control mode and specify the parameters Control Mode Select the...

Страница 81: ...Address Mask If you select IP based mode enter the IP address and mask to specify an IP range Only the users within this IP range can access the switch MAC Address If you select MAC based mode specify...

Страница 82: ...pply Session Timeout The system will log out automatically if users do nothing within the Session Timeout time 3 In the Access User Number section select Enable and specify the parameters Number Contr...

Страница 83: ...Configuring the HTTPS Function Choose the menu System Access Security HTTPS Config to load the following page Table 5 1 Configuring the HTTPS Function 1 In the Global Config section select Enable to e...

Страница 84: ...8_SHA Key exchange with RC4 128 bit encryption and SHA for message digest RSA_WITH_ DES_CBC_SHA Key exchange with DES CBC for message encryption and SHA for message digest RSA_ WITH_3DES_ EDE_CBC_SHA...

Страница 85: ...nloaded must match each other otherwise the HTTPS connection will not work 5 1 4 Configuring the SSH Feature Choose the menu System Access Security SSH Config to load the following page Figure 5 3 Con...

Страница 86: ...e drop down list and select the desired key file to down Key Type Select the key type The algorithm of the corresponding type is used for both key generation and authentication Key File Select the des...

Страница 87: ...types for users accessing By default these types are all enabled Use the following command to control the users access by limiting the ports connected to the users user access control port based inter...

Страница 88: ...Specify the timeout time which ranges from 5 to 30 minutes The default value is 10 Step 4 ip http max users admin num operator num poweruser num user num Specify the maximum number of users that are a...

Страница 89: ...r 5 HTTP Max Users as User 4 Switch config end Switch copy running config startup config 5 2 3 Configuring the HTTPS Function Follow these steps to configure the HTTPS function Step 1 configure Enter...

Страница 90: ...an 16 admin num Enter the maximum number of users whose access level is Admin The valid values are from 1 to 16 operator num Enter the maximum number of users whose access level is Operator The valid...

Страница 91: ...itch config ip http secure server Switch config ip http secure protocol ssl3 tls1 Switch config ip http secure ciphersuite 3des ede cbc sha Switch config ip http secure session timeout 15 Switch confi...

Страница 92: ...ot be established when the number of the connections reaches the maximum number you set num Enter the number of the connections which ranges from 1 to 5 The default value is 5 Step 6 ip ssh algorithm...

Страница 93: ...encryption algorithm Enable the HMAC MD5 data integrity algorithm Choose the key type as SSH 2 RSA DSA Switch config ip ssh server Switch config ip ssh version v1 Switch config ip ssh version v2 Swit...

Страница 94: ...DSA Key File BEGIN SSH2 PUBLIC KEY Comment dsa key 20160711 Switch config end Switch copy running config startup config 5 2 5 Enabling the Telnet Function Follow these steps enable the Telnet function...

Страница 95: ...ink com Table 6 2 Default Settings of Daylight Saving Time Configuration Parameter Default Setting DST status Disabled Default settings of User Management are listed in the following table Table 6 3 D...

Страница 96: ...ble 6 7 Default Settings of HTTPS Configuration Parameter Default Setting HTTPS Enabled SSL Version 3 Enabled TLS Version 1 Enabled RSA_WITH_RC4_128_MD5 Enabled RSA_WITH_RC4_128_SHA Enabled RSA_WITH_D...

Страница 97: ...Default Parameters Configuration Guide 73 Parameter Default Setting HMAC SHA1 Enabled HMAC MD5 Enabled Key Type SSH 2 RSA DSA Table 6 9 Default Settings of Telnet Configuration Parameter Default Sett...

Страница 98: ...Interfaces CHAPTERS 1 Physical Interface 2 Basic Parameters Configurations 3 Port Mirror Configuration 4 Port Security Configuration 5 Port Isolation Configurations 6 Loopback Detection Configuration...

Страница 99: ...ed mode duplex mode flow control and other basic parameters for ports Port Mirror This function allows the switch to forward packet copies of the monitored ports to a specific monitoring port Then you...

Страница 100: ...Transmission Unit size for frames received and sent on all ports is 1518 bytes A higher value means allowing the port to send jumbo frames The valid value ranges from 1518 to 9216 bytes 2 Select and c...

Страница 101: ...th the connected device The default setting is Auto Flow Control With this option enabled the switch synchronizes the data transmission speed with the peer device thus avoiding the packet loss caused...

Страница 102: ...o the port should be in the same speed and duplex mode with the port When auto is selected the duplex mode will be determined by auto negotiation flow control Enable the switch to synchronize the data...

Страница 103: ...escription router connection Switch config if speed auto Switch config if duplex auto Switch config if flow control Switch config if jumbo Switch config if show interface configuration gigabitEthernet...

Страница 104: ...t Mirror Configuration 3 1 Using the GUI Choose the menu Switching Port Port Mirror to load the following page Figure 3 1 Mirror Session List The above page displays a mirror session and no more sessi...

Страница 105: ...fy a monitoring port for the mirror session and click Apply 2 In the Source Port section select one or multiple monitored ports for configuration Then set the parameters and click Apply UNIT 1 LAGS Cl...

Страница 106: ...ce interface fastEthernet port list gigabitEthernet port list port channel port channel id mode Set the monitored ports session_num The monitor session number It can only be specified as 1 port list L...

Страница 107: ...Configuration Configuration Guide 83 Switch config show monitor session Monitor Session 1 Destination Port Gi1 0 10 Source Ports Ingress Gi1 0 1 3 Source Ports Egress Gi1 0 1 3 Switch config if end S...

Страница 108: ...Select one or multiple ports for security configuration 2 Specify the maximum number of the MAC addresses that can be learned on the port and then select the learn mode of the MAC addresses Max Learn...

Страница 109: ...n be selected Drop When the number of learned MAC addresses reaches the limit the port will stop learning and discard the packets with the MAC addresses that have not been learned Forward When the num...

Страница 110: ...es reaches the limit the port will stop learning and discard the packets with the MAC addresses that have not been learned forward When the number of learned MAC addresses reaches the limit the port w...

Страница 111: ...Managing Physical Interfaces Port Security Configuration Configuration Guide 87 Switch config if end Switch copy running config startup config...

Страница 112: ...gurations 5 Port Isolation Configurations 5 1 Using the GUI Choose the menu Switching Port Port Isolation to load the following page Figure 5 1 Port Isolation List The above page displays the port iso...

Страница 113: ...ep 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list Enter interface configuration mode S...

Страница 114: ...e following example shows how to add ports 1 0 1 3 and LAG 4 to the forward list of port 1 0 5 Switch configure Switch config interface gigabitEthernet 1 0 5 Switch config if port isolation gi forward...

Страница 115: ...Configuring QoS Choose the menu Switching Port Loopback Detection to load the following page Figure 6 1 Loopback Detection Follow these steps to configure loopback detection 1 In the Global Config sec...

Страница 116: ...e operation mode when a loopback is detected on the port Alert The switch will display alerts It is the default setting Port Based In addition to displaying alerts the switch will block the port on wh...

Страница 117: ...y mode auto manual Set the process mode when a loopback is detected on the port There are two modes alert The switch will only display alerts when a loopback is detected It is the default setting port...

Страница 118: ...ple shows how to enable loopback detection of port 1 0 3 and set the process mode as alert and recovery mode as auto Switch configure Switch config interface gigabitEthernet 1 0 3 Switch config if loo...

Страница 119: ...5 Gi1 0 1 7 1 2 Configuration Scheme To implement this requirement you can configure port mirror to copy the packets from ports 1 0 2 5 to port 1 0 1 The overview of configuration is as follows 1 Spec...

Страница 120: ...ort section select port 1 0 1 as the monitoring port and click Apply Figure 7 3 Destination Port Configuration 3 In the Source Port section select ports 1 0 2 5 as the monitored ports and enable Ingre...

Страница 121: ...h show monitor session 1 Monitor Session 1 Destination Port Gi1 0 1 Source Ports Ingress Gi1 0 2 5 Source Ports Egress Gi1 0 2 5 7 2 Example for Port Isolation 7 2 1 Network Requirements As shown belo...

Страница 122: ...ward packets to the other hosts The following sections provide configuration procedure in two ways using the GUI and using the CLI 7 2 3 Using the GUI 1 Choose the menu Switching Port Port Isolation t...

Страница 123: ...4 Using the CLI Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if port isolation gi forward list 1 0 4 Switch config if end Switch copy running config startup config Veri...

Страница 124: ...imely block the port on which a loop is detected Figure 7 8 Network Topology Switch A Management Host Access layer Switches Gi1 0 1 Gi1 0 2 Loop Gi1 0 3 7 3 2 Configuration Scheme Enable loopback dete...

Страница 125: ...ry time Click Apply Figure 7 10 Port Configuration 4 Monitor the detection result on the above page The Loop status and Block status are displayed on the right side of ports 7 3 4 Using the CLI 1 Enab...

Страница 126: ...g if loopback detection Switch config if loopback detection config process mode port based recovery mode auto Switch config if end Switch copy running config startup config Verify the Configuration Ve...

Страница 127: ...fault Setting Port Config Type Copper Status Enable Speed Auto Duplex Auto Flow Control Disable Jumbo 1518 Bytes Port Mirror Ingress Disable Egress Disable Port Security Max Learned MAC 64 Learned Num...

Страница 128: ...Configuration Guide 104 Managing Physical Interfaces Appendix Default Parameters Parameter Default Setting Port Status Disable Operation mode Alert Recovery mode Auto...

Страница 129: ...Part 4 Configuring LAG CHAPTERS 1 LAG 2 LAG Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 130: ...ure the backup ports to enhance the connection reliability 1 2 Supported Features You can configure LAG in two ways static LAG and LACP Link Aggregation Control Protocol Static LAG The member ports ar...

Страница 131: ...does not support half duplex links One static LAG supports up to eight member ports All the member ports share the traffic evenly If an active link fails the other active links share the traffic evenl...

Страница 132: ...on is based on the source and destination MAC addresses of the packets SRC IP The computation is based on the source IP addresses of the packets DST IP The computation is based on the destination IP a...

Страница 133: ...ame LAG mode Configuring Static LAG Choose the menu Switching LAG Static LAG to load the following page Figure 2 3 Static LAG Follow these steps to configure the static LAG 1 In the LAG Config section...

Страница 134: ...ith higher priority If the two ends have the same system priority value the end with a smaller MAC address has the higher priority 2 Select member ports for the LAG and configure the related parameter...

Страница 135: ...load balancing algorithm Step 1 configure Enter global configuration mode Step 2 port channel load balance src mac dst mac src dst mac src ip dst ip src dst ip Select the Hash Algorithm The switch wil...

Страница 136: ...ss IPv6 Source XOR Destination MAC address Switch config end Switch copy running config startup config 2 2 2 Configuring Static LAG or LACP You can choose only one LAG mode for a port Static LAG or LA...

Страница 137: ...channel Protocol Ports 2 Po2 S Gi1 0 5 D Gi1 0 6 D Gi1 0 7 D Gi1 0 8 D Switch config if range end Switch copy running config startup config Configuring LACP Follow these steps to configure LACP Step...

Страница 138: ...tive The port will take the initiative to send LACPDU Note For successful LACP negotiation make sure at least one end of the link is configured as Active Step 5 lacp port priority pri Specify the Port...

Страница 139: ...ge channel group 6 mode active Switch config if range show lacp internal Flags S Device is requesting Slow LACPDUs F Device is requesting Fast LACPDUs A Device is in active mode P Device is in passive...

Страница 140: ...o avoid traffic bottleneck between the servers and Switch B you also need to configure LAG on them to increase link bandwidth Here we mainly introduce the LAG configuration between the two switches Fi...

Страница 141: ...al Configuration 2 Choose the menu Switching LAG LACP Config to load the following page In the Global Config section specify the system priority of Switch A as 0 and Click Apply Remember to ensure tha...

Страница 142: ...e active Switch config if range lacp port priority 0 Switch config if range exit 4 Add port 1 0 9 to LAG 1 and set the mode as LACP Then specify the port priority as 1 to set it as a backup port When...

Страница 143: ...ce is in passive mode Channel group 1 Port Flags State LACP Port Priority Admin Key Oper Key Port Number Port State Gi1 0 1 SA Down 0 0x1 0 0x1 0x45 Gi1 0 2 SA Down 0 0x1 0 0x2 0x45 Gi1 0 3 SA Down 0...

Страница 144: ...Default Parameters Default settings of Switching are listed in the following tables Table 4 1 Default Settings of LAG Parameter Default Setting LAG Table Hash Algorithm SRC MAC DST MAC LACP Config Sys...

Страница 145: ...Part 5 Monitoring Traffic CHAPTERS 1 Traffic Monitor 2 Appendix Default Parameters...

Страница 146: ...Summary Follow these steps to view the traffic summary of each port 1 To get the real time traffic summary enable auto refresh in the Auto Refresh section or click Refresh at the bottom of the page A...

Страница 147: ...detailed traffic statistics of the port 1 1 2 Viewing the Traffic Statistics in Detail Choose the menu Switching Traffic Monitor Traffic Statistics to load the following page Figure 1 2 Traffic Statis...

Страница 148: ...e 64 bytes long Pkts65to127Octets Displays the number of the received packets including error packets that are between 65 and 127 bytes long Pkts128to255Octets Displays the number of the received pack...

Страница 149: ...tted on the port Error frames are not counted in Alignment Errors Displays the number of the received packets that have a Frame Check Sequence FCS with a non integral octet Alignment Error The size of...

Страница 150: ...endix Default Parameters 2 Appendix Default Parameters Table 2 1 Traffic Statistics Monitoring Parameter Default Setting Traffic Summary Auto Refresh Disable Refresh Rate 10 seconds Traffic Statistics...

Страница 151: ...Part 6 Managing MAC Address Table CHAPTERS 1 MAC Address Table 2 Address Configurations 3 Security Configurations 4 Example for Security Configurations 5 Appendix Default Parameters...

Страница 152: ...an add or remove these entries to your needs Furthermore you can configure notification traps and limit the number of MAC addresses in a VLAN for traffic safety Address Configurations Dynamic address...

Страница 153: ...the MAC address change activity For example you can configure the switch to send you notifications when new users access the network Limiting the Number of MAC Addresses in VLANs You can configure VL...

Страница 154: ...Add filtering address entries View address table entries 2 1 Using the GUI 2 1 1 Adding Static MAC Address Entries You can add static MAC address entries by manually specifying the desired MAC address...

Страница 155: ...s correctly Please reset the static address entry appropriately 2 Click Create Binding Dynamic Address Entries Choose the menu Switching MAC Address Dynamic Address to load the following page Figure 2...

Страница 156: ...desired length of time Auto Aging Enable Auto Aging then the switch automatically updates the dynamic address table with the aging mechanism By default it is enabled Aging Time Set the length of time...

Страница 157: ...Address Specify a MAC address to configure the switch to drop packets which include this MAC address as the source address or destination address VLAN ID Specify an existing VLAN in which packets with...

Страница 158: ...address table static mac addr vid vid interface gigabitEthernet port Bind the MAC address VLAN and port together to add a static address to the VLAN mac addr Enter the MAC address and packets with th...

Страница 159: ...tatic MAC address entry with MAC address 00 02 58 4f 6c 23 VLAN 10 and port 1 When a packet is received in VLAN 10 with this address as its destination the packet will be forwarded only to port 1 Swit...

Страница 160: ...aging time to 500 seconds A dynamic entry remains in the MAC address table for 500 seconds after the entry is used or updated Switch configure Switch config mac address table aging time 500 Switch con...

Страница 161: ...filtering addresses The following example shows how to add the MAC filtering address 00 1e 4b 04 01 5d to VLAN 10 Then the switch will drop the packet that is received in VLAN 10 with this address as...

Страница 162: ...sses in VLANs 3 1 Using the GUI 3 1 1 Configuring MAC Notification Traps Choose the menu Switching MAC Address MAC Notification to load the following page Figure 3 1 Configuring MAC Notification Traps...

Страница 163: ...host Exceed Max Learned Enable Exceed Max Learned and when the maximum number of learned MAC addresses on the specified port is exceeded a notification will be generated and sent to the management hos...

Страница 164: ...ts of new source MAC addresses in the VLAN will be dropped when the maximum number of MAC addresses in the specified VLAN is exceeded Forward Packets of new source MAC addresses will be forwarded but...

Страница 165: ...s on the specified port is exceeded a notification will be generated and sent to the management host For Exceed Max Learned notification you need to enable Port Security and set the maximum number of...

Страница 166: ...f MAC addresses in the specific VLAN It ranges from 0 to 16383 drop forward disable The mode that the switch adopts when the maximum number of MAC addresses in the specified VLAN is exceeded drop Pack...

Страница 167: ...Managing MAC Address Table Security Configurations Configuration Guide 143 VlanId Max learn Current learn Status 10 100 0 Drop Switch config end Switch copy running config startup config...

Страница 168: ...ising the network with notifications of any new access users Figure 4 1 The Network Topology Gi1 0 1 Gi1 0 3 Gi1 0 2 R D Department VLAN 30 Marketing Department VLAN 10 Switch Internet 4 2 Configurati...

Страница 169: ...ick Create Figure 4 2 Configuring VLAN Security 2 Choose the menu Switching MAC Address MAC Notification to load the following page Enable Global Status set notification interval as 10 seconds and cli...

Страница 170: ...0 Switch config interface gigabitEthernet 1 0 2 Switch config if mac address table notification new mac learned enable Switch config if end Switch copy running config startup config 3 Configure SNMP a...

Страница 171: ...ltering Address Entries None Table 5 2 Default Settings of Dynamic Address Table Parameter Default Setting Auto Aging Enable Aging Time 300 seconds Table 5 3 Default Settings of MAC Notification Param...

Страница 172: ...Part 7 Configuring DDM CHAPTERS 1 Overview 2 DDM Configuration 3 Appendix Default Parameters...

Страница 173: ...r to monitor the status of the SFP modules inserted into the SFP ports on the switch The user can choose to shut down the monitored SFP port automatically when the specified parameter exceeds the alar...

Страница 174: ...low these steps to configure DDM s global parameters 1 In the Port Config section configure DDM parameters on the SFP ports DDM Status Enable or disable DDM feature on the port Shutdown Specify whethe...

Страница 175: ...hreshold for the alarm When the operating parameter falls below this value action associated with the alarm will be taken The valid values are from 128 to 127 996 High Warning Specify the high thresho...

Страница 176: ...ls below this value action associated with the warning will be taken The valid values are from 0 to 6 5535 LAG Displays the LAG number which the port belongs to 2 Click Apply 2 1 4 Configuring the Bia...

Страница 177: ...cify the high threshold for the alarm When the operating parameter rises above this value action associated with the alarm will be taken The valid values are from 0 to 6 5535 Low Alarm Specify the low...

Страница 178: ...ify the low threshold for the alarm When the operating parameter falls below this value action associated with the alarm will be taken The valid values are from 0 to 6 5535 High Warning Specify the hi...

Страница 179: ...l SFP module signal loss The values are True and False Transmit Fault Reports remote SFP module signal loss The values are True False and No Signal 2 2 Using the CLI To complete DDM configuration foll...

Страница 180: ...n the alarm threshold or warning threshold is exceeded Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigab...

Страница 181: ...abitEthernet port list Enter interface configuration mode Step 3 ddm temperature_threshold high_alarm high_warning low_alarm low warning value high_alarm Specify the high threshold for the alarm When...

Страница 182: ...nterface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list ten gigabitEthernet port range ten gigabitEthernet port list Enter interface configuration...

Страница 183: ...g if ddm vlotage_threshold high_alarm 5 Switch config if show ddm configuration voltage Voltage Threshold V High Alarm Low Alarm High Warning Low Warning Gi1 0 9 5 000000 Gi1 0 10 Switch config if end...

Страница 184: ...r the warning When the operating parameter falls below this value action associated with the warning will be taken value Enter the threshold value in mA The valid values are from 0 to 131 Step 4 show...

Страница 185: ...n associated with the warning will be taken low_alarm Specify the low threshold for the alarm When the operating parameter falls below this value action associated with the alarm will be taken low_war...

Страница 186: ...hold for the warning When the operating parameter rises above this value action associated with the warning will be taken low_alarm Specify the low threshold for the alarm When the operating parameter...

Страница 187: ...temperature Displays the threshold of the DDM temperature value voltage Displays the threshold of the DDM voltage value bias_current Displays the threshold of the DDM bias current value tx_power Disp...

Страница 188: ...ch s SFP ports Step 1 configure Enter global configuration mode Step 2 show ddm status Displays all the monitoring status of SFP modules Step 3 end Return to Privileged EXEC Mode The following example...

Страница 189: ...arameters Default settings of DDM are listed in the following table Table 3 1 Default Settings of DDM Parameter Default Setting DDM Status Enable All the SFP ports are being monitored Threshold Action...

Страница 190: ...Part 8 Configuring L2PT CHAPTERS 1 Overview 2 L2PT Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 191: ...PDUs between them must be transmitted through the ISP network to perform layer 2 protocol calculation for example calculating a spanning tree Generally the PDUs of the same layer 2 protocol use the sa...

Страница 192: ...irectly forwards it to the other end 3 PE2 receives the PDU via its NNI port and restores the destination MAC address of the PDU to its original destination MAC address With L2PT feature configured ac...

Страница 193: ...Port Config section configure the port that is connected to the customer network as a UNI port and specify your desired protocols on the port In addition you can also set the threshold for packets pe...

Страница 194: ...he threshold is exceeded the port drops the specified layer 2 protocol packets This value ranges from 0 to 1000 packets second 0 indicates that the threshold feature is disabled LAG Displays the link...

Страница 195: ...unneling for the STP packets all All the above layer 2 protocols are supported for tunneling threshold Set a threshold which determines the maximum number of packets to be processed for the specified...

Страница 196: ...face gigabitEthernet 1 0 1 Switch config if l2protocol tunnel type uni gvrp threshold 1000 Switch config if show l2protocol tunnel interface gigabitEthernet 1 0 1 Interface Type Protocol Threshold LAG...

Страница 197: ...switches Switch A and Switch B With the L2PT feature the STP packets can be encapsulated as normal data packets and sent to the other side without being processed by the devices in the ISP network The...

Страница 198: ...is as follows Figure 3 2 Global Config 3 Click Save Config to save the settings 3 4 Using the CLI The configurations of Switch A and Switch B are similar The following introductions take Switch A as...

Страница 199: ...al l2protocol tunnel State Enable Verify the configuration on port 1 0 1 Switch_A show l2protocol tunnel interface gigabitEthernet 1 0 1 Interface Type Protocol Threshold LAG Gi1 0 1 nni N A Verify th...

Страница 200: ...ameters 4 Appendix Default Parameters Default settings of L2PT are listed in the following table Table 4 1 Default Settings of L2PT Parameter Defualt Setting Global Config Layer 2 Protocol Tunneling D...

Страница 201: ...Part 9 Configuring 802 1Q VLAN CHAPTERS 1 Overview 2 802 1Q VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 202: ...d all VLAN traffic remains within its VLAN It reduces the influence of broadcast traffic in Layer 2 network to the whole network To enhance network security Devices from different VLANs cannot achieve...

Страница 203: ...se steps 1 Configure PVID Port VLAN ID of the port 2 Configure the VLAN including creating a VLAN and adding the configured port to the VLAN 2 1 Using the GUI 2 1 1 Configuring the PVID of the Port Ch...

Страница 204: ...in its allowed VLAN list The port drops the tagged frames if the frames VLAN ID are not in its allowed VLAN list When forwarding frames Normally the port forwards the frames with tags If the frames V...

Страница 205: ...er a VLAN ID and a description for identification to create a VLAN VLAN ID Enter a VLAN ID for identification with the values between 2 and 4094 Name Give a VLAN description for identification with up...

Страница 206: ...ptional Specify a VLAN description for identification descript The length of the description should be 1 to 16 characters Step 4 show vlan id vlan list Show the global information of the specified VLA...

Страница 207: ...the port access trunk general The link type By default it is Access Step 4 switchport pvid vlan id Configure the PVID of the port s By default it is 1 vlan id The default VLAN ID of the port with the...

Страница 208: ...switchport general allowed vlan vlan list tagged untagged Add Access Trunk General port to the specified VLAN vlan id vlan list Specify the ID or ID list of the VLAN s that the port will be added to T...

Страница 209: ...2 1Q VLAN Configuration Configuration Guide 185 PVID 2 Member in LAG N A Link Type General Member in VLAN Vlan Name Egress rule 1 System VLAN Untagged 2 rd Tagged Switch config if end Switch copy runn...

Страница 210: ...her department 3 2 Configuration Scheme Divide computers in Department A and Department B into two VLANs respectively so that computers can communicate with each other in the same department but not w...

Страница 211: ...n Switch 2 respectively Port 1 0 4 on Switch 1 is connected to port 1 0 8 on Switch 2 Figure 3 1 Network Topology VLAN 10 VLAN 20 Host A1 Host A2 Host B1 Host B2 Switch 1 Switch 2 Gi1 0 2 Gi1 0 3 Gi1...

Страница 212: ...or Department A 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 with the description of Department_A Add port 1 0 2 as an untagged port and po...

Страница 213: ...Click Save Config to save the settings 3 5 Using the CLI The configurations of Switch 1 and Switch 2 are similar The following introductions take Switch 1 as an example 1 Create VLAN 10 for Departmen...

Страница 214: ...1 config if switchport mode access Switch_1 config if switchport access vlan 20 Switch_1 config if exit 3 Set the link type of port 1 0 4 as Trunk and then add it to both VLAN 10 and VLAN 20 Switch_1...

Страница 215: ...ult Parameters Configuration Guide 191 4 Appendix Default Parameters Default settings of 802 1Q VLAN are listed in the following table Table 4 1 Default Settings of 802 1Q VLAN Parameter Default Setti...

Страница 216: ...Part 10 Configuring MAC VLAN CHAPTERS 1 Overview 2 MAC VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 217: ...even when their access ports change The figure below shows a common application scenario of MAC VLAN Figure 1 1 Common Application Scenario of MAC VLAN Meeting Room 1 Laptop A Laptop B Meeting Room 2...

Страница 218: ...g to the data packet and forward it within the VLAN If no the switch will continue to match the data packet with the matching rules of other VLANs such as the protocol VLAN If there is a match the swi...

Страница 219: ...er the VLAN ID to bind it to the VLAN MAC Address Enter the MAC address of the device The address should be in 00 00 00 00 00 01 format Description Give a MAC address description for identification wi...

Страница 220: ...Using the CLI 2 2 1 Configuring 802 1Q VLAN Before configuring MAC VLAN create an 802 1Q VLAN and set the port type according to network requirements For details refer to Configuring 802 1Q VLAN 2 2 2...

Страница 221: ...vlan 10 description Dept A Switch config show mac vlan vlan 10 MAC Addr Name VLAN ID 00 19 56 8A 4C 71 Dept A 10 Switch config end Switch copy running config startup config 2 2 3 Enabling MAC VLAN fo...

Страница 222: ...in the configuration file The following example shows how to enable MAC VLAN for port 1 0 1 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if mac vlan Switch config if sh...

Страница 223: ...top A 00 19 56 8A 4C 71 Laptop B 00 19 56 82 3B 70 Meeting Room 2 Switch 3 Gi1 0 3 Gi1 0 2 Gi1 0 2 Gi1 0 2 Gi1 0 1 Gi1 0 1 Gi1 0 5 Gi1 0 4 Switch 1 Switch 2 Server B VLAN 20 Server A VLAN 10 3 2 Confi...

Страница 224: ...ure in two ways using the GUI and using the CLI 3 3 Using the GUI Configurations for Switch 1 and Switch 2 The configurations of Switch 1 and Switch 2 are similar The following introductions take Swit...

Страница 225: ...guration Guide 201 Figure 3 3 VLAN 10 Configuration 3 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 20 and add port 1 0 1 as untagged port and po...

Страница 226: ...to load the following page Enter MAC Address Description VLAN ID and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20 Figure 3 5 MAC VLAN Con...

Страница 227: ...itch 3 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of port1 0 2 5 as General and click Apply Figure 3 7 Port Configuration 2 Choose the menu VLAN 802 1Q...

Страница 228: ...onfiguring MAC VLAN Configuration Example Figure 3 8 VLAN 10 Configuration 3 Click Create to load the following page Create VLAN 20 and add port 1 0 5 as untagged port and ports 1 0 2 3 as tagged port...

Страница 229: ...tch 2 are the same The following introductions take Switch 1 as an example 1 Create VLAN 10 for Department A and create VLAN 20 for Department B Switch_1 configure Switch_1 config vlan 10 Switch_1 con...

Страница 230: ...VLAN 10 and bind the MAC address of Laptop B to VLAN 20 Switch_1 config mac vlan mac address 00 19 56 8A 4C 71 vlan 10 description PCA Switch_1 config mac vlan mac address 00 19 56 82 3B 70 vlan 20 de...

Страница 231: ...4 Switch_3 config if switchport mode general Switch_3 config if switchport general allowed vlan 10 untagged Switch_3 config if exit Switch_3 config interface gigabitEthernet 1 0 5 Switch_3 config if...

Страница 232: ...guration Example Switch 3 Switch_3 show vlan VLAN Name Status Ports 1 System VLAN active Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 4 Gi1 0 5 Gi1 0 6 Gi1 0 7 Gi1 0 8 Gi1 0 9 Gi1 0 10 10 DeptA active Gi1 0 2 Gi1 0...

Страница 233: ...Configuration Guide 209 4 Appendix Default Parameters Default settings of MAC VLAN are listed in the following table Table 4 1 Default Settings of MAC VLAN Parameter Default Setting MAC Address None D...

Страница 234: ...Part 11 Configuring Protocol VLAN CHAPTERS 1 Overview 2 Protocol VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 235: ...corresponding VLANs Since different applications and services use different protocols network administrators can use protocol VLAN to manage the network based on specific applications and services of...

Страница 236: ...for the protocol VLAN matching the protocol type value of the packet If MAC VLAN is also configured the switch will first process MAC VLAN If there is a match the switch will insert the corresponding...

Страница 237: ...her your desired template already exists in the Protocol Template Table section If not create it in the Create Protocol Template section Protocol Name Enter the name of the new protocol template Ether...

Страница 238: ...rotocol Name Select the protocol type VLAN ID Enter the ID of the 802 1Q VLAN to be bound to the protocol type 2 In the Protocol Group Member section select the port or LAG to add to the protocol grou...

Страница 239: ...tocol vlan template Verify the protocol templates Step 4 end Return to Privileged EXEC Mode Step 5 copy running config startup config Save the settings in the configuration file The following example...

Страница 240: ...nge gigabitEthernet port list ten gigabitEthernet port range ten gigabitEthernet port list Enter interface configuration mode Step 5 show protocol vlan vlan Check the protocol VLAN index entry id of e...

Страница 241: ...startup config The following example shows how to add port 1 0 2 to the IPv6 protocol group Switch configure Switch config interface gigabitEthernet 1 0 2 Switch config if show protocol vlan vlan Ind...

Страница 242: ...ngs to VLAN 20 and these hosts access the network via Switch 1 Switch 2 is connected to two routers to access the IPv4 network and IPv6 network respectively The routers belong to VLAN 10 and VLAN 20 r...

Страница 243: ...to the corresponding VLANs to form protocol groups and add port 1 0 1 to the groups For Switch 1 configure 802 1Q VLAN according to the network topology Demonstrated with T2500G 10MPS this chapter pr...

Страница 244: ...tocol VLAN Configuration Example 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add port 1 0 1 and port 1 0 3 as untagged ports to VLAN 1...

Страница 245: ...figuration Example Configuration Guide 221 3 Click Create to load the following page Create VLAN 20 and add ports 1 0 2 3 as untagged ports to VLAN 20 Click Apply Figure 3 4 Create VLAN 20 4 Click Sav...

Страница 246: ...mple Configurations for Switch 2 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of ports 1 0 1 3 as General and respectively set the PVID of port 1 0 2 and...

Страница 247: ...e Configuration Guide 223 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add port 1 0 1 as tagged port and port 1 0 2 as untagged port to...

Страница 248: ...ntagged port to VLAN 20 Click Apply Figure 3 7 Create VLAN 20 4 Choose the menu VLAN Protocol VLAN Protocol Template to load the following page Enter IPv6 in the protocol name enter 86DD in the Ether...

Страница 249: ...te 5 Choose the menu VLAN Protocol VLAN Protocol Group to load the following page Select the IP protocol name that is the IPv4 protocol template enter VLAN ID 10 select port 1 and click Apply Select t...

Страница 250: ...ng page Here you can view the protocol VLAN configuration Figure 3 11 Protocol VLAN configuration 7 Click Save Config to save the settings 3 4 Using the CLI Configurations for Switch 1 1 Create VLAN 1...

Страница 251: ...ral set the egress rule as Untagged and add it to both VLAN 10 and VLAN 20 Switch_1 config interface gigabitEthernet 1 0 3 Switch_1 config if switchport mode general Switch_1 config if switchport gene...

Страница 252: ...chport mode general Switch_2 config if switchport pvid 20 Switch_2 config if switchport general allowed vlan 20 untagged Switch_2 config if exit 4 Create the IPv6 protocol template Switch_2 config pro...

Страница 253: ...ch_2 copy running config startup config Verify the Configurations Switch 1 Verify 802 1Q VLAN configuration Switch_1 show vlan VLAN Name Status Ports 1 System VLAN active Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0...

Страница 254: ...g Protocol VLAN Configuration Example 10 IPv4 active Gi1 0 1 Gi1 0 2 20 IPv6 active Gi1 0 1 Gi1 0 3 Verify protocol group configuration Switch_2 show protocol vlan vlan Index Protocol Name VID Member...

Страница 255: ...ult settings of Protocol VLAN are listed in the following table Table 4 1 Default Settings of Protocol VLAN Parameter Default Setting Protocol Template Table 1 IP Ethernet II ether type 0800 2 ARP Eth...

Страница 256: ...Part 12 Configuring VLAN VPN CHAPTERS 1 VLAN VPN 2 Basic VLAN VPN Configuration 3 Flexible VLAN VPN Configuration 4 Configuration Example 5 Appendix Default Parameters...

Страница 257: ...of the ISP network while the inner VLAN tag is treated as part of the payload When forwarding packets from the ISP network to the customer network the switch remove the outer VLAN tag of the packets T...

Страница 258: ...n the ISP network Flexible VLAN VPN You can configure different VLANs in the customer network to map to different VLANs in the ISP network When the switch receives a packet with the customer network t...

Страница 259: ...nd forwarded by devices of other manufacturers 2 1 Using the GUI 2 1 1 Configuring 802 1Q VLAN Before configuring VLAN VPN set the link type of ports according to network requirements and create an 80...

Страница 260: ...VPN up link ports are usually connected to the ISP network and packets sent out from these ports will be tagged with the outer VLAN tag of the ISP network Note The member pot of an LAG Link Aggregati...

Страница 261: ...switchport dot1q tunnel mode nni Set ports that are connected to the ISP network as VPN up link ports nni Set ports that are connected to the ISP network as VPN up link ports Step 5 show dot1q tunnel...

Страница 262: ...ws how to set port 1 0 2 as the VPN up link port Switch configure Switch config interface gigabitEthernet 1 0 2 Switch config if switchport dot1q tunnel mode nni Switch config if show dot1q tunnel int...

Страница 263: ...VPN port receives a packet with the customer network tag the switch will check the VLAN Mapping List If a match is found the switch encapsulates the packet with the corresponding VLAN tag of the ISP...

Страница 264: ...exible VLAN VPN Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port range fastEthernet port list gigabitEthernet port range gigabitEthernet port list Enter interface co...

Страница 265: ...241 Switch config interface gigabitEthernet 1 0 3 Switch config if switchport dot1q tunnel mapping 15 1040 mapping1 Switch config if show dot1q tunnel mapping Port C VLAN SP VLAN Name Gi1 0 3 15 1040...

Страница 266: ...N 200 Switch 1 Uplink Port Gi1 0 1 General Gi1 0 2 General Gi1 0 2 General Uplink Port Gi1 0 1 General Switch 2 TPID 0x9100 VLAN 1050 4 2 Configuration Scheme Users can configure VLAN VPN on Switch 1...

Страница 267: ...hoose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of ports 1 0 1 2 as General and modify PVID of the two ports as 1050 Then click Apply Figure 4 2 Setting Link T...

Страница 268: ...VPN Configuration Example Figure 4 3 Creating VLAN 1050 3 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 100 and add port 1 0 2 tagged to the VLAN...

Страница 269: ...owing page Create VLAN 200 and add port 1 0 2 tagged to the VLAN Click Apply Figure 4 5 Creating VLAN 200 5 Choose the menu VLAN VLAN VPN VPN Config to load the following page Enable VPN globally set...

Страница 270: ...et the port as VPN up link port Switch_1 config interface gigabitEthernet 1 0 1 Switch_1 config if switchport mode general Switch_1 config if switchport general allowed vlan 1050 tagged Switch_1 confi...

Страница 271: ...PN Mode Enabled Global TPID 0X9100 Mapping Mode Disabled Verify the configurations of VPN up link port Switch_1 show dot1q tunnel interface Port Type Member NNI Gi1 0 1 Verify the port configuration S...

Страница 272: ...e 248 Configuring VLAN VPN Configuration Example Member in LAG N A Link Type General Member in VLAN Vlan Name Egress rule 1 System VLAN Untagged 100 Client_VLAN100 Tagged 200 Client_VLAN200 Tagged 105...

Страница 273: ...s Configuration Guide 249 5 Appendix Default Parameters Default settings of VLAN VPN are listed in the following table Table 5 1 Default Settings of VLAN VPN Parameter Default Setting Global VLAN VPN...

Страница 274: ...Part 13 Configuring GVRP CHAPTERS 1 Overview 2 GVRP Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 275: ...itch C can receive messages sent from Switch A in VLAN 10 only when the network administrator has manually created VLAN 10 on Switch B and Switch C Figure 1 1 VLAN Topology Switch A Switch B VLAN 10 S...

Страница 276: ...messages As the messages can only be sent from one GVRP participant to another two way registration is required to configure a VLAN on all ports in a link To implement two way registration you need t...

Страница 277: ...or selected ports the link type must be set as Trunk or the system will prompt error when applying the configuration Status Enable or disable GVRP on the port By default it is disabled Registration Mo...

Страница 278: ...tarts the Leave timer If the participant does not receive any Join message of the corresponding attribute before the Leave timer expires the participant deregisters the attribute The range is 60 to 30...

Страница 279: ...ibutes join Join timer controls the sending of Join messages After sending the first Join message a participant starts the Join timer If the participant does not receive any JoinIn message it sends th...

Страница 280: ...than or equal to two times the Join value The following example shows how to enable GVRP globally and on trunk port 1 0 1 configure the GVRP registration mode as fixed and keep the values of timers a...

Страница 281: ...cheme To reduce manual configuration and maintenance workload GVRP can be enabled to implement dynamic VLAN registration and update on the switches When configuring GVRP please note the following Befo...

Страница 282: ...ns The following configuration procedures take Switch 1 Switch 2 and Switch 5 as example Configurations for Switch 1 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the l...

Страница 283: ...N Configuration 3 Choose the menu VLAN GVRP GVRP Config to load the following page Enable GVRP globally then click Apply Select port 1 0 1 set Status as Enable and set Registration Mode as Fixed Keep...

Страница 284: ...onfigurations for Switch 2 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of port 1 0 1 as Trunk Figure 3 5 Set Link Type for the Port 2 Choose the menu VL...

Страница 285: ...N Configuration 3 Choose the menu VLAN GVRP GVRP Config to load the following page Enable GVRP globally then click Apply Select port 1 0 1 set Status as Enable and set Registration Mode as Fixed Keep...

Страница 286: ...1Q VLAN Port Config to load the following page Set the link type of ports 1 0 1 3 as Trunk Figure 3 8 Set Link Type for the Port 2 Choose the menu VLAN GVRP GVRP Config to load the following page Enab...

Страница 287: ...lar configurations The following configuration procedures take Switch 1 Switch 2 and Switch 5 as example Configurations for Switch 1 1 Enable GVRP globally Switch_1 configure Switch_1 config gvrp 2 Cr...

Страница 288: ...2 config vlan exit 3 For port 1 0 1 set the link type as Trunk and add it to VLAN 20 Enable GVRP and set the registration mode as Fixed Switch_2 config interface gigabitEthernet 1 0 1 Switch_2 config...

Страница 289: ...figuration Switch_1 show gvrp global GVRP Global Status Enabled Verify GVRP configuration for port 1 0 1 Switch_1 show gvrp interface Port Status Reg Mode LeaveAll JoinIn Leave LAG Gi1 0 1 Enabled Fix...

Страница 290: ...Normal 1000 20 60 N A Switch 5 Verify global GVRP configuration GVRP Global Status Enabled Verify GVRP configuration for ports 1 0 1 3 Switch_5 show gvrp interface Port Status Reg Mode LeaveAll JoinIn...

Страница 291: ...meters Default settings of GVRP are listed in the following tables Table 4 1 Default Settings of GVRP Parameter Default Setting Global Config GVRP Disable Port Config Status Disable Registration Mode...

Страница 292: ...Part 14 Configuring Spanning Tree CHAPTERS 1 Spanning Tree 2 STP RSTP Configurations 3 MSTP Configurations 4 STP Security Configurations 5 Configuration Example for MSTP 6 Appendix Default Parameters...

Страница 293: ...on STP RSTP RSTP Rapid Spanning Tree Protocol provides the same features as STP But RSTP also provides much faster spanning tree convergence MSTP MSTP Multiple Spanning Tree Protocol also provides the...

Страница 294: ...of a 2 byte priority and a 6 byte MAC address The priority is allowed to be configured manually on the switch and the switch with the lowest priority value will be elected as the root bridge If the p...

Страница 295: ...ected port with spanning tree function enabled Port Status Generally in STP the port status includes Blocking Listening Learning Forwarding and Disabled Blocking In this status the port receives and s...

Страница 296: ...bled with spanning tree function but not connected to any device Path Cost The path cost reflects the link speed of the port The smaller the value the higher link speed the port has The path cost can...

Страница 297: ...s section will introduce some concepts only exist in MSTP Figure 1 3 MSTP Topology region 1 region 3 region 4 CST IST Blocked Port region 2 MST Region An MST region consists of multiple interconnected...

Страница 298: ...Internal Spanning Tree which is a special MST instance with an instance ID of 0 By default all the VLANs are mapped to IST CST The Common Spanning Tree which is the spanning tree connects all MST reg...

Страница 299: ...y if the port does not receive any higher priority BDPUs it will transit to its normal state BPDU Protect BPDU Protect function is used to prevent the port from receiving BPDUs It is recommended to en...

Страница 300: ...maliciously sends a large number of TC BPDUs to a switch in a short period the switch will be busy with removing MAC address entries which may decrease the performance and stability of the network Wi...

Страница 301: ...e To avoid any possible network flapping caused by STP RSTP parameter changes you are suggested to enable STP RSTP function globally after configuring the relevant parameters 2 1 Using the GUI 2 1 1 C...

Страница 302: ...ode is STP RSTP Edge Port Enable or disable Edge Port By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like...

Страница 303: ...ort is not participating in the spanning tree Port Status Displays the port status Forwarding The port receives and sends BPDUs and forwards user data Learning The port receives and sends BPDUs and dr...

Страница 304: ...default value is 2 Max Age Specify the maximum time the switch can wait without receiving a BPDU before attempting to regenerate a spanning tree The valid values are from 6 to 40 in seconds and the d...

Страница 305: ...STP MSTP Specify the spanning tree mode as MSTP 2 1 3 Verifying the STP RSTP Configurations Verify the STP RSTP information of your switch after all the configurations are finished Choose the menu Spa...

Страница 306: ...not displayed when you choose the spanning tree mode as STP RSTP Designated Bridge Displays the bridge ID of the designated bridge The designated bridge is the switch that has designated ports Root P...

Страница 307: ...disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an edge port point to point a...

Страница 308: ...ward Delay The valid values are from 4 to 30 in seconds and the default value is 15 Forward Delay is the time for the port to transit its state after the network topology is changed hello time Specify...

Страница 309: ...e State Mode Priority Hello Time Fwd Time Max Age Hold Count Max Hops Enable Rstp 36864 2 12 20 5 20 Switch config end Switch copy running config startup config 2 2 3 Enabling STP RSTP Globally Follow...

Страница 310: ...e is enabled Spanning tree s mode RSTP 802 1w Rapid Spanning Tree Protocol Latest topology change time 2006 01 02 10 04 02 Root Bridge Priority 32768 Address 00 0a eb 13 12 ba Local bridge is the root...

Страница 311: ...a spanning tree To avoid any possible network flapping caused by MSTP parameter changes you are suggested to enable MSTP function globally after configuring the relevant parameter 3 1 Using the GUI 3...

Страница 312: ...e Port By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an ed...

Страница 313: ...isplays the port status Forwarding The port receives and sends BPDUs and forwards user data Learning The port receives and sends BPDUs and drops the other packets Blocking The port only receives BPDUs...

Страница 314: ...nstance Instance Config to load the following page Figure 3 3 Configuring the VLAN Instance Mapping Follow these steps to map VLANs to the corresponding instance and configure the priority of the swit...

Страница 315: ...apped to the corresponding instance ID After the modification the previous VLAN will be cleared and mapped to the CIST Show All Click the Show All to show all VLANs mapped to the instance Clear All Cl...

Страница 316: ...It is the path cost of the port in the desired instance The port with the lowest path cost will be elected as the root of the desired instance Port Role Displays the role that the port plays in the d...

Страница 317: ...ghest priority will be elected as the root bridge Hello Time Specify the interval to send BPDUs The valid values are from 1 to 10 in seconds and the default value is 2 Max Age Specify the maximum time...

Страница 318: ...2 Forward Delay 1 Max Age 2 In the Global Config section enable Spanning Tree function and choose the STP mode as MSTP and click Apply Spanning Tree Enable or disable spanning tree function globally...

Страница 319: ...formation of CIST Spanning Tree Displays the status of the spanning tree function Spanning Tree Mode Displays the spanning tree mode Local Bridge Displays the bridge ID of the local switch The local b...

Страница 320: ...onal Root Bridge Displays the bridge ID of the root bridge in the desired instance Internal Path Cost Displays the internal path cost It is the root path cost from the current switch to the regional r...

Страница 321: ...By default it is disabled The edge port can transit its state from blocking to forwarding directly If the port is connected to an end device like a PC it is recommended to set the port as an edge por...

Страница 322: ...Configuring the MST Region Follow these steps to configure the MST region and the priority of the switch in the instance Step 1 configure Enter global configuration mode Step 2 spanning tree mst inst...

Страница 323: ...instance instance id interface fastEthernet port gigabitEthernet port port channel lagid Optional View the related information of MSTP Instance digest Display digest calculated by instance vlan map in...

Страница 324: ...o 240 which are divisible by 16 and the default value is 128 The port with the lower value has the higher priority In the same condition the port with the highest priority will be elected as the root...

Страница 325: ...able 32 Auto Auto No No auto N A N A LnkDwn MST Instance 5 Interface Prio Cost Role Status Gi1 0 3 144 200 N A LnkDwn Switch config if end Switch copy running config startup config 3 2 3 Configuring G...

Страница 326: ...m number of BPDU packets transmitted per Hello Time interval value Specify the maximum number of BPDU packets transmitted per Hello Time interval The valid values are from 1 to 20 pps and the default...

Страница 327: ...globally Step 1 configure Enter global configuration mode Step 2 spanning tree mode mstp Configure the spanning tree mode as MSTP mstp Specify the spanning tree mode as MSTP Step 3 spanning tree Enabl...

Страница 328: ...ess 00 0a eb 13 23 97 Regional Root Bridge Priority 36864 Address 00 0a eb 13 12 ba Local bridge is the regional root bridge Local Bridge Priority 36864 Address 00 0a eb 13 12 ba Interface State Prio...

Страница 329: ...TP Configurations Configuration Guide 305 Priority 32768 Address 00 0a eb 13 12 ba Interface Prio Cost Role Status Gi 0 6 128 200000 Altn Blk Gi 0 8 128 200000 Mstr Fwd Switch config end Switch copy r...

Страница 330: ...nfigure the TC Protect function Configure the BPDU Protect function Configure the BPDU Filter function 4 1 Using the GUI 4 1 1 Configuring the STP Security Choose the menu Spanning Tree STP Security P...

Страница 331: ...mmended to enable this function on the ports of non root switches TC Protect function is used to prevent the switch from frequently removing MAC address entries With TC protect function enabled if the...

Страница 332: ...receive any higher priority BDPUs it will transit to its normal state Step 5 spanning tree guard tc Enable the TC Protect function on the port TC Protect is to prevent the decrease of the performance...

Страница 333: ...tch configure Switch config interface gigabitEthernet 1 0 3 Switch config if spanning tree guard loop Switch config if spanning tree guard root Switch config if spanning tree bpdufilter Switch config...

Страница 334: ...een the switches is 100Mb s the default path cost of the port is 200000 It is required that traffic in VLAN 101 VLAN 103 and traffic in VLAN 104 VLAN 106 should be transmitted along different paths Fi...

Страница 335: ...to instance 2 3 Configure the priority of Switch B as 0 to set is as the root bridge in instance 1 configure the priority of Switch C as 0 to set is as the root bridge in instance 2 4 Configure the pa...

Страница 336: ...name as 1 and the revision level as 100 Figure 5 4 Configuring the MST Region 3 Choose the menu Spanning Tree MSTP Instance Instance Config to load the following page Map VLAN101 VLAN103 to instance 1...

Страница 337: ...f Port 1 0 1 In Instance 1 5 Choose the menu Spanning Tree STP Config STP Config to load the following page Enable MSTP function globally here we leave the values of the other global parameters as def...

Страница 338: ...Here we leave the values of the other parameters as default settings Figure 5 8 Enable Spanning Tree Function on Ports 2 Choose the menu Spanning Tree MSTP Instance Region Config to load the followin...

Страница 339: ...Tree MSTP Instance Instance Config to load the following page Configure the priority of Switch B as 0 to set it as the root bridge in instance 1 Figure 5 11 Configuring the Priority of Switch B in Ins...

Страница 340: ...Path Cost of Port 1 0 2 in Instance 2 6 Choose the menu Spanning Tree STP Config STP Config to load the following page Enable MSTP function globally Here we leave the values of the other global parame...

Страница 341: ...Here we leave the values of the other parameters as default settings Figure 5 14 Enable Spanning Tree Function on Ports 2 Choose the menu Spanning Tree MSTP Instance Region Config to load the followin...

Страница 342: ...Instance Config to load the following page Configure the priority of Switch C as 0 to set it as the root bridge in instance 2 Figure 5 17 Configuring the Priority of Switch C in Instance 2 5 Choose th...

Страница 343: ...tance 1 as 400000 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config if spanning tree Switch config if spanning tree mst instance 1 cost 400000 Switch config if exit Switch c...

Страница 344: ...bitEthernet 1 0 2 Switch config if spanning tree Switch config if spanning tree mst instance 2 cost 400000 Switch config if exit Switch config interface gigabitEthernet 1 0 1 Switch config if spanning...

Страница 345: ...LAN106 to instance 2 configure the priority of Switch C in instance 2 as 0 to set it as the root bridge in instance 2 Switch config spanning tree mst configuration Switch config mst name 1 Switch conf...

Страница 346: ...Local Bridge Priority 32768 Address 00 0a eb 13 23 97 Interface Prio Cost Role Status LAG Gi1 0 1 128 400000 Root Fwd N A Gi1 0 2 128 200000 Altn Blk N A Verify the configurations of Switch A in insta...

Страница 347: ...e 1 Switch config show spanning tree mst instance 1 MST Instance 1 Root Bridge Priority 0 Address 00 0a eb 13 12 ba Local bridge is the root bridge Designated Bridge Priority 0 Address 00 0a eb 13 12...

Страница 348: ...ress 00 0a eb 13 12 ba Interface Prio Cost Role Status Gi1 0 1 128 200000 Altn Blk Gi1 0 2 128 200000 Root Fwd Switch C Verify the configurations of Switch C in instance 1 Switch config show spanning...

Страница 349: ...configurations of Switch C in instance 2 Switch config show spanning tree mst instance 2 MST Instance 2 Root Bridge Priority 0 Address 3c 46 d8 9d 88 f7 Local bridge is the root bridge Designated Bri...

Страница 350: ...Default Setting Spanning tree Disable Mode STP CIST Priority 32768 Hello Time 2 seconds Max Age 20 seconds Forward Delay 15 seconds TxHoldCount 5 pps Max Hops 20 hops Table 6 2 Default Settings of the...

Страница 351: ...Configuring Spanning Tree Appendix Default Parameters Configuration Guide 327 Parameter Default Setting Port Priority 128 Path Cost Auto...

Страница 352: ...iguring Layer 2 Multicast CHAPTERS 1 Layer 2 Multicast 2 IGMP Snooping Configurations 3 Configuring MLD Snooping 4 Viewing Multicast Snooping Configurations 5 Configuration Examples 6 Appendix Default...

Страница 353: ...oint to multipoint network multicast technology not only transmits data with high efficiency but also saves a large bandwidth and reduces network load In practical applications Internet information pr...

Страница 354: ...ast packets 1 2 Supported Layer 2 Multicast Protocols Layer 2 Multicast protocol for IPv4 IGMP Snooping On the Layer 2 device IGMP Snooping transmits data on demand on data link layer by analyzing IGM...

Страница 355: ...the following page Figure 2 1 IGMP Snooping Global Config Enabling IGMP Snooping Globally Before configuring functions related to IGMP Snooping enable IGMP Snooping globally first 1 Select Enable to...

Страница 356: ...eport message to Layer 3 devices and suppress subsequent IGMP report messages from the same multicast group during one query interval which reduces the number of IGMP packets 2 Click Apply Configuring...

Страница 357: ...an IGMP leave message the switch obtains the address of the multicast group that the host wants to leave from the message Then the switch sends out MASQs to this multicast group through the port rece...

Страница 358: ...h Fast Leave enabled on a port the switch will remove this port from the forwarding list of the corresponding multicast group once the port receives a leave message Once deleted the switch will no lon...

Страница 359: ...D Specify the VLAN to enable IGMP Snooping Router Port Time Specify the aging time of the router ports in the VLAN If the router port does not receive any IGMP general query message within the router...

Страница 360: ...1 Configure the forbidden router ports in the designate VLAN VLAN ID Specify the VLAN to be configured Forbidden Router Ports Select the ports to forbid them from being router ports in the VLAN 2 Clic...

Страница 361: ...LAN configure the specific VLAN to be the multicast VLAN and configure the Router Port Time and Member Port Time Multicast VLAN Select Enable to enable multicast VLAN function VLAN ID Specify the 802...

Страница 362: ...w source IP address The switch will replace the source IP in the IGMP multicast data sent by the multicast VLAN with the IP address you enter 2 Click Apply Viewing Dynamic Router Ports in the Multicas...

Страница 363: ...gure the querier 1 Specify a VLAN and configure the querier on this VLAN VLAN ID Specify the VLAN to be configured Query Interval Enter the interval between general query messages sent by the querier...

Страница 364: ...to create a profile and configure its filtering mode 1 Create a profile and configure its filtering mode Profile ID Enter a profile ID between 1 and 999 Mode Select Permit or Deny as the filtering mo...

Страница 365: ...er ports to join specific multicast groups Deny similar to a blacklist means that the switch disallows specific member ports to join specific multicast groups Start IP Specify the Start IP of the mult...

Страница 366: ...er Profile ID Enter the profile ID you create to bind the profile to the port One port can only be bound to one profile ClearBinding Click to clear the binding between the profile and the port 2 Click...

Страница 367: ...owest multicast MAC address with the new multicast group 2 Click Apply 2 1 8 Viewing IGMP Statistics on Each Port Choose the menu Multicast IGMP Snooping Packet Statistic to load the following page Fi...

Страница 368: ...enu Multicast IGMP Snooping IGMP Authentication to load the following page Figure 2 10 IGMP Accounting and Authentication Configuring IGMP Accounting Globally To use this function you should also enab...

Страница 369: ...entication IGMP Authentication Select one or more ports and select Enable in the IGMP Authentication column 2 Click Apply 2 1 10 Configuring Static Member Port This function allows you to specify a po...

Страница 370: ...ption Static Multicast IP Table displays details of all IGMP static multicast groups 2 2 Using the CLI 2 2 1 Enabling IGMP Snooping Globally Step 1 configure Enter global configuration mode Step 2 ip...

Страница 371: ...xample shows how to enable IGMP Snooping globally and enable IGMP Snooping on port 1 0 3 Switch configure Switch config ip igmp snooping Switch config interface gigabitEthernet 1 0 3 Switch config if...

Страница 372: ...terval which reduces the number of IGMP packets Step 3 end Return to privileged EXEC mode Step 4 show ip igmp snooping Show the basic IGMP snooping configuration Step 5 copy running config startup con...

Страница 373: ...e basic IGMP snooping configuration Step 5 copy running config startup config Save the settings in the configuration file For switches that support MLD Snooping IGMP Snooping and MLD Snooping share th...

Страница 374: ...aging time of member ports ranging from 60 to 600 seconds Step 3 end Return to privileged EXEC mode Step 4 show ip igmp snooping Show the basic IGMP snooping configuration Step 5 copy running config...

Страница 375: ...will delete the port multicast group entry from the multicast forwarding table once the port receives a leave message You should only use this function when there is a single receiver present on the...

Страница 376: ...place Specify the action towards the new multicast group when the number of multicast groups the port joined exceeds max group drop Drop all subsequent membership report messages and the port join no...

Страница 377: ...MASQs sent by the switch The valid values are from 1 to 5 seconds Step 3 ip igmp snooping last listener query count num num determines the number of MASQs sent by the switch The valid values are from...

Страница 378: ...time router time is the aging time of the router ports in the specified VLAN ranging from 60 to 600 seconds member time is the aging time of the member ports in the specified VLAN ranging from 60 to 6...

Страница 379: ...config Configuring Static Router Port Step 1 configure Enter global configuration mode Step 2 ip igmp snooping vlan config vlan id list rport interface gigabitEthernet port list port channel port cha...

Страница 380: ...interface gigabitEthernet port list port channel port channel id port list and port channel id are the ports that cannot become router ports in the specified VLAN Step 3 show ip igmp snooping vlan vl...

Страница 381: ...fies the static multicast IP address port list and port channel id specify the forward ports member ports bound to the static multicast IP address in the specified VLAN Step 3 show ip igmp snooping gr...

Страница 382: ...mber time is the aging time of the member ports in the multicast VLAN ranging from 60 to 600 seconds Step 3 show ip igmp snooping multi vlan Show the IGMP snooping configuration in the multicast VLAN...

Страница 383: ...he static router ports in the multicast VLAN Step 3 show ip igmp snooping multi vlan Show the IGMP snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy ru...

Страница 384: ...ticast VLAN Step 3 show ip igmp snooping multi vlan Show the IGMP snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save...

Страница 385: ...the IGMP snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following exa...

Страница 386: ...leged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to enable IGMP Snooping and IGMP Querier in VLAN 4 Switch configur...

Страница 387: ...id Show the detailed IGMP querier configuration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example sh...

Страница 388: ...join specific multicast groups Step 4 range start ip end ip Configure the range of multicast IP to be filtered start ip end ip are the start IP and end IP of the IP range respectively Step 5 show ip i...

Страница 389: ...ecified port Step 4 show ip igmp profile id Show the detailed IGMP profile configuration Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the co...

Страница 390: ...e Step 3 ip igmp snooping authentication Enable IGMP Authentication on the specified port Step 4 show ip igmp snooping interface gigabitEthernet port authentication Show the IGMP authentication status...

Страница 391: ...is enabled and RADIUS server is configured Enabling IGMP Accounting Globally Step 1 configure Enter global configuration mode Step 2 ip igmp snooping accounting Enable IGMP Accounting globally Step 3...

Страница 392: ...functions related to MLD Snooping enable MLD Snooping globally first 1 Select Enable to enable MLD Snooping globally 2 Click Apply Optional Configuring Unknown Multicast Unknown Multicast decides how...

Страница 393: ...the router ports and the member ports 1 Specify the aging time of the router ports Router Port Time Router ports are ports connected to Layer 3 devices on the switch The router port ages if the switc...

Страница 394: ...etween MASQs The valid values are from 1 to 5 seconds 2 Specify the number of MASQs to be sent Last Listener Query Count When the switch receives an MLD leave message the switch obtains the address of...

Страница 395: ...ce deleted the switch will no longer send MASQs to this port to verify if there are other members of this multicast group Follow these steps to configure fast leave 1 Select the port to be configured...

Страница 396: ...ts in the VLAN If the member port does not receive any MLD membership report message from the multicast group within the member port time the switch will no longer consider this port as a member port...

Страница 397: ...nly need to send one piece of multicast data to a Layer 2 device and the Layer 2 device will send the data to all member ports of the VLAN In this way Multicast VLAN saves bandwidth and reduces networ...

Страница 398: ...is port as a member port and delete it from the multicast forwarding table The valid values are from 60 to 600 seconds When the member port time is 0 the VLAN uses the global time 3 Click Apply Option...

Страница 399: ...AN will be processed in this multicast VLAN 3 1 5 Optional Configuring the Querier MLD Snooping Querier sends general query packets regularly to maintain the multicast forwarding table Choose the menu...

Страница 400: ...an define a blacklist or whitelist of multicast addresses so as to filter multicast sources Choose the menu Multicast MLD Snooping Profile Config to load the following page Figure 3 6 Profile Create C...

Страница 401: ...e Info table Editing IP Range of the Profile Follow these steps to edit profile mode and its IP range 1 Click Edit in the MLD Profile Info table Edit its IP range and click Add to save the settings Fi...

Страница 402: ...d the profile to the port 1 Select the port to be bound and enter the Profile ID in the Profile ID column Select Select the port to be bound Port Displays the port number Profile ID Enter the profile...

Страница 403: ...sages and the port will not join any new multicast groups Replace Replace the existing multicast group owning the lowest multicast MAC address with the new multicast group 2 Click Apply 3 1 8 Viewing...

Страница 404: ...9 Configuring Static Member Port This function allows you to specify a port as a static member port in the multicast group Choose the menu Multicast Multicast Table Static IPv6 Multicast Table to loa...

Страница 405: ...CLI 3 2 1 Enabling MLD Snooping Globally Step 1 configure Enter global configuration mode Step 2 ipv6 mld snooping Enable MLD Snooping Globally Step 3 show ipv6 mld snooping Show the basic MLD snoopi...

Страница 406: ...ch configure Switch config ipv6 mld snooping Switch config interface gigabitEthernet 1 0 3 Switch config if ipv6 mld snooping Switch config if show ipv6 mld snooping MLD Snooping Enable Unknown Multic...

Страница 407: ...uration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to enable Report Message Suppres...

Страница 408: ...artup config Save the settings in the configuration file IGMP Snooping and MLD Snooping share the setting of Unknown Multicast so you have to enable IGMP Snooping globally at the same time The followi...

Страница 409: ...ing Show the basic MLD snooping configuration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example show...

Страница 410: ...u should only use this function when there is a single receiver present on the port Step 4 show ipv6 mld snooping interface fastEthernet port port list gigabitEthernet port port list basic config Show...

Страница 411: ...nd the port join no more new multicast groups replace Replace the existing multicast group with the lowest multicast MAC address with the new multicast group Step 5 show ipv6 mld snooping interface fa...

Страница 412: ...re from 1 to 5 Step 4 show ipv6 mld snooping Show the basic MLD snooping configuration Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the conf...

Страница 413: ...VLAN ranging from 60 to 600 seconds Step 3 show ipv6 mld snooping vlan vlan id Show the basic MLD snooping configuration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy run...

Страница 414: ...ort channel id port list and port channel id are the static router ports in the specified VLAN Step 3 show ipv6 mld snooping vlan vlan id Show the basic MLD snooping configuration in the specified VLA...

Страница 415: ...mld snooping vlan vlan id Show the basic MLD snooping configuration in the specified VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the c...

Страница 416: ...atic multicast IP address in the specified VLAN Step 3 show ipv6 mld snooping groups static Show the static MLD snooping configuration Step 4 end Return to privileged EXEC mode Step 5 copy running con...

Страница 417: ...seconds Step 3 show ipv6 mld snooping multi vlan Show the MLD snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the...

Страница 418: ...the MLD snooping configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following exam...

Страница 419: ...ng configuration in the multicast VLAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how t...

Страница 420: ...LAN Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to configure VLAN 5 as the multicast...

Страница 421: ...XEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to enable MLD Snooping and MLD Querier in VLAN 4 Switch configure Switch...

Страница 422: ...iled MLD querier configuration Step 4 end Return to privileged EXEC mode Step 5 copy running config startup config Save the settings in the configuration file The following example shows how to enable...

Страница 423: ...specific multicast groups Step 4 range start ip end ip Configure the range of multicast IP to be filtered start ip end ip are the start IP and end IP of the IP range respectively Step 5 end Return to...

Страница 424: ...fied port Step 4 show ipv6 MLD profile id Show the detailed MLD profile configuration Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the confi...

Страница 425: ...Configuration Guide 401 Configuring Layer 2 Multicast Configuring MLD Snooping range ff01 1234 5 ff01 1234 8 Binding Port s Gi1 0 2 Switch config end Switch copy running config startup config...

Страница 426: ...ticast Multicast Table IPv4 Multicast Table to view all valid Multicast IP VLAN Port entries Figure 4 1 IPv4 Multicast Table Search Option Search Option Search for specific multicast entries by using...

Страница 427: ...tat Displays settings of IGMP Snooping on the port s port port list specifies the port s to display basic config max groups packet stat displays the related IGMP configuration information show ip igmp...

Страница 428: ...tics of all IGMP packets 4 2 2 Viewing IPv6 Multicast Snooping Configurations show ipv6 mld snooping Displays global settings of MLD Snooping show ipv6 mld snooping interface fastEthernet port port li...

Страница 429: ...dynamic displays information of all dynamic multicast groups dynamic count displays the number of dynamic multicast groups static displays information of all static multicast groups static count displ...

Страница 430: ...ng topology Host B Host C and Host D are connected to port 1 0 1 port 1 0 2 and port 1 0 3 respectively Port 1 0 4 is the router port connected to the multicast querier Figure 5 1 Network Topology for...

Страница 431: ...ng the CLI 5 1 3 Using the GUI 1 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Enable IGMP Snooping globally and keep the default values in the Router Port Time an...

Страница 432: ...u VLAN 802 1Q VLAN Port Config to load the following page For port 1 0 1 4 configure the link type as General and the PVID as 10 Figure 5 4 Configure Link Type and PVID 4 Choose the menu VLAN 802 1Q V...

Страница 433: ...0 as the Router Port Time and Member Port Time which means the global settings will be used Figure 5 6 Enable IGMP Snooping in the VLAN 6 Click Save Config to save the settings 5 1 4 Using the CLI 1...

Страница 434: ...untagged Switch config if range exit 5 For port 1 0 4 set the link type as General and the PVID as 10 Then add the ports to VLAN 10 as tagged ports Switch config interface gigabitEthernet 1 0 4 Switc...

Страница 435: ...rk Requirements Host B Host C and Host D are in three different VLANs of the switch All of them want to receive multicast data sent to multicast group 225 1 1 1 5 2 2 Configuration Scheme Create a mul...

Страница 436: ...0 Querier Source Gi1 0 4 Gi1 0 2 Gi1 0 3 Gi1 0 1 Demonstrated with T2500G 10MPS this section provides configuration procedures in two ways using the GUI and using the CLI 5 2 4 Using the GUI 1 Choose...

Страница 437: ...Snooping Snooping Config to load the following page Enable IGMP Snooping on port 1 0 1 4 Figure 5 9 Configure IGMP Snooping Globally 3 Choose the menu VLAN 802 1Q VLAN Port Config to load the followi...

Страница 438: ...4 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 40 and add port 1 0 1 4 to VLAN 40 as untagged ports Create VLAN 10 20 and 30 Add port 1 0 1 to V...

Страница 439: ...e as 0 Figure 5 13 Create Multicast VLAN 6 Click Save Config to save the settings 5 2 5 Using the CLI 1 Enable IGMP Snooping Globally Switch configure Switch config ip igmp snooping 2 Enable IGMP Snoo...

Страница 440: ...nterface range gigabitEthernet 1 0 2 Switch config if switchport mode general Switch config if switchport pvid 20 Switch config if switchport general allowed vlan 20 40 untagged Switch config if exit...

Страница 441: ...VLAN active Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 4 Gi1 0 9 Gi1 0 10 10 vlan10 active Gi1 0 1 20 vlan20 active Gi1 0 2 30 vlan30 active Gi1 0 3 40 m vlan active Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 4 Show status of...

Страница 442: ...ion Scheme After the channel is changed the client Host B still receives irrelevant multicast data the data from the previous channel and possibly other unknown multicast data which increases the netw...

Страница 443: ...following page Enable IGMP Snooping globally and configure Unknown Multicast as Discard Figure 5 15 Configure IGMP Snooping Globally Note IGMP Snooping and MLD Snooping share the setting of Unknown M...

Страница 444: ...4 Click Save Config to save the settings 5 3 4 Using the CLI 1 Enable IGMP Snooping Globally Switch configure Switch config ip igmp snooping 2 Configure Unknown Multicast as Discard globally Switch co...

Страница 445: ...g Verify the Configurations Show global settings of IGMP Snooping Switch config show ip igmp snooping IGMP Snooping Enable Unknown Multicast Discard Last Query Times 2 Last Query Interval 1 Global Mem...

Страница 446: ...echanism profile binding the switch can only allow specific member ports to join specific multicast groups or forbid specific member ports to join specific multicast groups You can achieve this filter...

Страница 447: ...ng the CLI 5 4 4 Using the GUI 1 Choose the menu Multicast IGMP Snooping Snooping Config to load the following page Enable IGMP Snooping globally and keep the default values in the Router Port Time an...

Страница 448: ...u VLAN 802 1Q VLAN Port Config to load the following page For port 1 0 1 4 configure the link type as General and the PVID as 10 Figure 5 21 Configure Link Type and PVID 4 Choose the menu VLAN 802 1Q...

Страница 449: ...Router Port Time and Member Port Time which means the global settings will be used Figure 5 23 Enable IGMP Snooping in the VLAN 6 Specify the multicast data that Host C and Host D can receive a Choose...

Страница 450: ...the following page Select port 1 0 2 and port 1 0 3 enter 1 in the Profile ID field and click Apply to bind Profile 1 to these ports Figure 5 26 Bind Profile 1 to Port 1 0 2 and Port 1 0 3 7 Specify...

Страница 451: ...ollowing page In the IGMP Profile Info table click Edit in the Profile 2 entry enter 225 0 0 2 in both Start IP and End IP fields and click Add Figure 5 28 Edit Add IP range in Profile 2 c Choose the...

Страница 452: ...ce range gigabitEthernet 1 0 1 4 Switch config if range ip igmp snooping Switch config if range exit 3 Create VLAN 10 Switch config vlan 10 Switch config vlan name vlan10 Switch config vlan exit 4 For...

Страница 453: ...IP and end IP being 225 0 0 1 Switch config ip igmp profile 1 Switch config igmp profile permit Switch config igmp profile range 225 0 0 1 225 0 0 1 Switch config igmp profile exit 8 Bind Profile 1 to...

Страница 454: ...ble Unknown Multicast Pass Last Query Times 2 Last Query Interval 1 Global Member Age Time 260 Global Router Age Time 300 Global Report Suppression Disable Global Authentication Accounting Disable Ena...

Страница 455: ...0 seconds Last Listener Query Interval 1 second Last Listener Query Count 2 IGMP Snooping Settings on the Port IGMP Snooping Disabled Fast Leave Disabled IGMP Snooping Settings in the VLAN Enable or N...

Страница 456: ...of IGMP Snooping MLD Snooping Disabled Unknown Multicast Forward Report Message Suppression Disabled Router Port Time 300 seconds Member Port Time 260 seconds Last Listener Query Interval 1 second Las...

Страница 457: ...ng Layer 2 Multicast Appendix Default Parameters Function Parameter Default Setting IGMP Snooping Querier Enable or Not Disabled Query Interval 60 seconds Max Response Time 10 seconds General Query So...

Страница 458: ...Part 16 Configuring DHCP VLAN Relay CHAPTERS 1 DHCP VLAN Relay 2 DHCP VLAN Relay Configuration 3 Appendix Default Parameters...

Страница 459: ...lient and the DHCP server are not in the same VLAN the switch will forward the client s requests to the DHCP server through the default agent interface and forward the DHCP server s response to the cl...

Страница 460: ...ng page Figure 2 1 Enable DHCP Relay and Configure Option 82 Follow these steps to enable DHCP Relay and configure Option 82 1 In the Global Config section enable DHCP Relay 2 Optional In the Option 8...

Страница 461: ...customized circuit ID which contains up to 64 characters The circuit ID configurations of the switch and the DHCP server should be compatible with each other Remote ID Enter the customized remote ID...

Страница 462: ...ss Enter the IP address of the DHCP server 2 2 Using the CLI 2 2 1 Enabling DHCP Relay Follow these steps to enable DHCP Relay Step 1 configure Enter global configuration mode Step 2 service dhcp rela...

Страница 463: ...ion feature of Option 82 Step 5 ip dhcp relay information circuit id circuit id If the Customization feature is enabled specify the circuit ID circuit id Specify the circuit ID with 1 to 63 characters...

Страница 464: ...nfiguration mode Step 2 interface vlan vid Enter management VLAN interface Step 3 ip dhcp relay default interface Set management VLAN interface as the default relay agent interface Step 4 exit Return...

Страница 465: ...rver address as 192 168 1 8 on VLAN 10 Switch configure Switch config interface vlan 1 Switch config if ip dhcp relay default interface Switch config if exit Switch config ip dhcp relay vlan 10 helper...

Страница 466: ...ngs of DHCP Relay are listed in the following table Table 3 1 Default Settings of DHCP Relay Parameter Default Setting DHCP Relay DHCP Relay Disable Option 82 Support Disable Existed Option 82 field K...

Страница 467: ...Part 17 Configuring QoS CHAPTERS 1 QoS 2 DiffServ Configuration 3 Bandwidth Control Configuration 4 Configuration Examples 5 Appendix Default Parameters...

Страница 468: ...k performance and bandwidth utilization DiffServ The switch classifies the ingress packets maps the packets to different priority queues and then forwards the packets according to specified scheduling...

Страница 469: ...Priority DSCP priority determines the priority of packets based on the ToS Type of Service field in their IP header RFC2474 re defines the ToS field in the IP packet header as DS field The first six b...

Страница 470: ...y 1 Configure the Tag id CoS id TC mapping relations Tag id CoS id Select the desired Tag id CoS id to configure Tag id indicates the PRI field in 802 1Q tag It comprises 3 bits and the valid values a...

Страница 471: ...the DSCP TC mapping relations DSCP Select the desired DSCP priority DSCP priority represents the DSCP field in the IP packet header It comprises 6 bits and the valid values are from 0 to 63 Note The D...

Страница 472: ...he TC queue that the port will be mapped to The switch supports 8 TC queues from TC0 for the lowest priority to TC 7 for the highest priority LAG Displays the aggregation group which the port is in 2...

Страница 473: ...atio of TC0 to TC7 is 1 2 4 127 SP WRR Mode Strict Priority Weight Round Robin Mode In this mode the switch provides two scheduling groups SP group and WRR group When scheduling queues the switch allo...

Страница 474: ...6 are 1 2 4 8 16 32 and 64 respectively while the value of TC7 is 0 and non configurable 3 Click Apply Note With ACL Redirect feature the switch maps all the packets that meet the configured ACL rules...

Страница 475: ...SCP priority is disabled Switch config show qos cos map Tag 0 1 2 3 4 5 6 7 TC TC1 TC0 TC0 TC3 TC4 TC5 TC6 TC7 Switch config end Switch copy running config startup config Configuring DSCP Priority Ste...

Страница 476: ...es 10 14 to TC1 and keep other mapping relations as default Switch configure Switch config qos queue dscp map 10 14 0 Switch config show qos status 802 1p priority is disabled DSCP priority is enabled...

Страница 477: ...TC queues of all ports port list The list of Ethernet ports lagid list The list of LAGs Step 5 end Return to privileged EXEC mode Step 6 copy running config startup config Save the settings in the con...

Страница 478: ...ually The weight value ratio of all the queues is 1 1 1 1 It is the default schedule mode Step 3 qos queue weight tc id weight value Optional Configure the weight value of each queue after the Schedul...

Страница 479: ...le mode as WRR with the weight values of TC0 to TC7 as 4 7 10 13 16 19 22 25 Switch configure Switch config qos queue mode wrr Switch config qos queue weight 0 4 Switch config qos queue weight 1 7 Swi...

Страница 480: ...sing the GUI 3 1 1 Configuring Rate Limit Choose the menu QoS Bandwidth Control Rate Limit to load the following page Figure 3 1 Rate Limit Follow these steps to configure the Rate Limit function 1 Co...

Страница 481: ...de and specify the upper rate limit for receiving broadcast packets in the Broadcast field The packet traffic exceeding the rate will be discarded The switch supports the following three rate modes kb...

Страница 482: ...Frame rate mode and specify the upper rate limit for receiving UL Frames in the UL Frame field The packet traffic exceeding the rate will be discarded The switch supports the following three rate mod...

Страница 483: ...t list Verify the ingress egress rate limit for forwarding packets on the port If no port is specified it displays the upper ingress egress rate limit for all ports Step 5 end Return to privileged EXE...

Страница 484: ...exceeding the rate will be discarded For kbps the valid rate values are from 1 to 1000000 kbps for ratio the valid rate values are from 1 to 100 percent Step 4 show storm control interface fastEthern...

Страница 485: ...can be treated preferentially when congestion occurs Only when the traffic from the Admin is completely forwarded will the traffic from Host A be forwarded The figure below shows the network topology...

Страница 486: ...d priority for port 1 0 2 to TC0 Figure 4 2 Configure Port Priority 2 Choose QoS DiffServ Schedule Mode to load the following page and select SP Mode as the schedule mode Click Apply Figure 4 3 Config...

Страница 487: ...h copy running config startup config Verify the configuration Verify the port TC mapping Switch config show qos interface Port TC Value LAG Gi1 0 1 1 N A Gi1 0 2 0 N A Verify the schedule mode Switch...

Страница 488: ...ver 10 10 88 5 24 RD Dept 10 10 10 0 24 Marketing Dept 10 10 20 0 24 Router Gi1 0 3 Gi1 0 1 Gi1 0 1 VLAN 10 VLAN 20 Gi1 0 2 Gi1 0 2 Switch B Switch A 4 2 2 Configuration Scheme Configure Switch A to a...

Страница 489: ...Q VLAN Port Config change the type of port 1 0 1 3 to General Figure 4 5 Configure the Port 2 Choose VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 with the de...

Страница 490: ...nfiguration Examples Figure 4 6 Configure VLAN 10 3 Click Create again to load the following page Create VLAN 20 with the description of Marketing Add port 1 0 2 as an untagged port and port 1 0 3 as...

Страница 491: ...Figure 4 7 Configure VLAN 20 4 Click save config to save the settings Configurations for Switch B 1 Choose VLAN 802 1Q VLAN Port Config to load the following page For port 1 0 1 set the Link Type as T...

Страница 492: ...amples Figure 4 8 Configure the Port 2 Choose VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and VLAN 20 and add port 1 0 1 to the two VLANs create VLAN 30 and...

Страница 493: ...Configuring QoS Configuration Examples Configuration Guide 469 Figure 4 10 Configure VLAN 20 Figure 4 11 Configure VLAN30...

Страница 494: ...e Select ACL 10 specify the Rule ID as 1 and the Operation as Permit Click Apply Figure 4 13 Create Rule 1 4 Create Policy RD and bind it to ACL 10 select QoS Remark and set Local Priority to TC1 Choo...

Страница 495: ...d set Local Priority to TC0 Choose ACL Policy Config Policy Create to load the following page Create a policy with the Policy Name Marketing and click Apply Figure 4 16 Create Policy Marketing Choose...

Страница 496: ...nfiguration Examples Figure 4 17 Action Create 6 Choose ACL Policy Binding VLAN Binding Bind Policy RD and Policy Marketing to VLAN10 and VLAN 20 respectively Figure 4 18 Bind Policy RD to VLAN 10 Fig...

Страница 497: ...able to each other Configurations for Switch A 1 Create VLAN 10 with the name RD and VLAN 20 with the name Marketing Switch_A configure Switch_A config vlan 10 Switch_A config vlan name RD Switch_A co...

Страница 498: ...t 1 0 1 as Trunk and add it to the two VLANs Switch_B configure Switch_B config vlan 10 Switch_B config vlan name RD Switch_B config vlan exit Switch_B config vlan 20 Switch_B config vlan name Marketi...

Страница 499: ...licy Marketing and bind it to ACL 10 enable QoS Remark and set Local Priority to TC0 Switch_B config access list policy name Marketing Switch_B config access list policy action Marketing 10 Switch_B c...

Страница 500: ...i1 0 52 10 RD active Gi1 0 1 Gi1 0 3 20 Marketing active Gi1 0 2 Gi1 0 3 Switch B Verify ACL configuration Switch_B show access list Mac access list 10 1 permit Verify Policy and Action configuration...

Страница 501: ...Configuring QoS Configuration Examples Configuration Guide 477 Verify the schedule mode Switch_B show qos queue mode Scheduler Mode WRR...

Страница 502: ...ame TC queue 802 1P Priority Enabled See Table 5 3 for Tag id CoS id TC mapping relations DSCP Priority Disabled See Table 5 4 for DSCP CoS id mapping relations Schedule Mode Equ Mode Table 5 2 Tag id...

Страница 503: ...Configuring QoS Appendix Default Parameters Configuration Guide 479 Bandwidth Control Table 5 4 Bandwidth Control Parameter Default Setting Rate Limit Disabled Storm Control Disabled...

Страница 504: ...Part 18 Configuring Voice VLAN CHAPTERS 1 Overview 2 Voice VLAN Configuration 3 Configuration Example 4 Appendix Default Parameters...

Страница 505: ...mode is applicable when the switch port forwards voice traffic only You manually add ports connecting IP phones to the voice VLAN then the switch will apply priority rules to ensure the high priority...

Страница 506: ...r a packet is a voice packet An OUI address is the first 24 bits of a MAC address and is assigned as a unique identifier by IEEE Institute of Electrical and Electronics Engineers to a device vendor If...

Страница 507: ...choose the mode according to your needs and configure the port as the following table shows Table 2 1 Voice VLAN mode and Link Type of the Port Traffic on One Port Voice Traffic Type Suggested Mode Su...

Страница 508: ...page Figure 2 1 Configuring OUI Addresses Follow these steps to add OUI addresses 1 Enter an OUI address and the corresponding mask and give a description about the OUI address OUI Enter the OUI addr...

Страница 509: ...or the voice VLAN Aging Time Specify the length of time that a port remains in the voice VLAN after the port receives a voice packet Aging time works only for ports in automatic voice VLAN mode The ra...

Страница 510: ...ports to the voice VLAN Auto When a port receives a voice packet whose resource MAC address matches an OUI address the switch automatically adds the port to the voice VLAN If you choose the Auto mode...

Страница 511: ...ce VLAN If necessary make sure the security mode is disabled 3 Click Apply 2 2 Using the CLI Follow these steps to configure the voice VLAN Step 1 configure Enter global configuration mode Step 2 show...

Страница 512: ...ts to the voice VLAN when the ports receive voice packets If you choose the auto mode for the specified ports make sure traffic from your voice device is tagged manual You need to manually add the spe...

Страница 513: ...fig vlan 10 Switch config vlan name VoiceVLAN Switch config vlan exit Switch config voice vlan priority 5 Switch config voice vlan 10 Switch config interface gigabitEthernet 1 0 1 Switch config if swi...

Страница 514: ...nd traffic with the voice VLAN tag Voice traffic is transmitted in the voice VLAN and data traffic is transmitted in the default VLAN Set ports that are connected to IP phones in automatic voice VLAN...

Страница 515: ...default VLAN for data traffic Voice traffics from Switch A and Switch B are forwarded to voice gateway and Internet through Switch C Figure 3 1 Network Topology Internet IP Phone 20 IP Phone 30 Switc...

Страница 516: ...A 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Set the link type of port1 0 1 2 as General and click Apply Figure 3 2 Configuring the Link Type of port 1 0 1 2 2 Choose t...

Страница 517: ...lowing page Enable voice VLAN enter 10 in the VLAN ID field and set aging time as 1440 minutes and priority as 6 Then click Apply Figure 3 4 Configuring Voice VLAN Globally 4 Choose the menu QoS Voice...

Страница 518: ...nfiguration Example Figure 3 5 Configuring Voice VLAN Mode on Port 1 0 1 Figure 3 6 Configuring Voice VLAN Mode on Port 1 0 2 5 Choose the menu VLAN 802 1Q VLAN VLAN Config and edit VLAN 10 to load th...

Страница 519: ...0 2 to the Voice VLAN 6 Choose the menu LLDP Basic Config Global Config to load the following page Enable LLDP globally Figure 3 8 Enabling LLDP Globally 7 Choose the menu LLDP LLDP MED Global Config...

Страница 520: ...o load the following page Enable LLDP MED on port 1 0 1 Figure 3 10 Configuring LLDP MED on Ports Click Detail of port1 0 1 to load the following page Configure the TLV information which will be carri...

Страница 521: ...3 11 Configuring TLVs For details about LLDP MED please refer to Configuring LLDP 9 Click Save Config to save the settings Configurations for Switch B 1 Choose the menu VLAN 802 1Q VLAN Port Config to...

Страница 522: ...k Type of port 1 0 1 3 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 Figure 3 13 Creating a VLAN 3 Choose the menu QoS Voice VLAN Global Con...

Страница 523: ...menu QoS Voice VLAN Port Config to load the following page Select ports 1 0 1 3 choose manual mode and enable security mode Click Apply Figure 3 15 Configuring Voice VLAN Mode on Ports 5 Choose the m...

Страница 524: ...n Example Figure 3 16 Adding Ports to the Voice VLAN 6 Click Save Config to save the settings Configurations for Switch C 1 Choose the menu VLAN 802 1Q VLAN Port Config to load the following page Conf...

Страница 525: ...he Link Type of port 1 0 1 3 2 Choose the menu VLAN 802 1Q VLAN VLAN Config and click Create to load the following page Create VLAN 10 and add ports 1 0 1 3 as tagged ports to the VLAN Click Apply Fig...

Страница 526: ...g voice vlan aging 1440 Switch_A config voice vlan priority 6 Switch_A config voice vlan 10 4 Configure port 1 0 1 to automatic voice VLAN mode and enable security mode Switch_A config interface gigab...

Страница 527: ...10 Switch_B config vlan name VoiceVLAN Switch_B config vlan exit 2 Set the 802 1p priority of voice packets as 6 and VLAN 10 as the voice VLAN Switch_B config voice vlan priority 6 Switch_B config voi...

Страница 528: ...ports 1 0 1 3 set the link type as General and the egress rule as Tagged and add them to the Voice VLAN Switch_C config interface range gigabitEthernet 1 0 1 3 Switch_C config if range switchport mode...

Страница 529: ...e vlan Voice VLAN status Enabled VLAN ID 10 Aging Time 1440 Voice Priority 6 Verify the voice VLAN configuration on the ports Switch_B show voice vlan switchport Port Auto mode Security State LAG Gi1...

Страница 530: ...Default Settings of Port Configuration Parameter Default Setting Port Mode Auto Security Mode Disable Member State Inactive Table 4 3 Entries in the OUI Table OUI MASK Description 00 01 e3 00 00 00 f...

Страница 531: ...Part 19 Configuring PoE CHAPTERS 1 PoE 2 PoE Power Management Configurations 3 Time Range Function Configurations 4 Example for PoE Configurations 5 Appendix Default Parameters...

Страница 532: ...ct detection and optional power device power classification PSE Power sourcing equipment PSE is a device that provides power for PDs on the Ethernet for example the PoE switch PSE can detect the PDs a...

Страница 533: ...ponding ports to quickly configure the PoE parameters 2 1 Using the GUI 2 1 1 Configuring the PoE Parameters Manually Choose the menu PoE PoE Config PoE Config to load the following page Figure 2 1 Co...

Страница 534: ...Class1 The maximum power that the port can supply is 4W Class2 The maximum power that the port can supply is 7W Class3 The maximum power that the port can supply is 15 4W Class4 The maximum power that...

Страница 535: ...iority level for the PoE profile The following options are provided High Middle and Low When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensu...

Страница 536: ...power of the PoE switch 2 In the Port Config section select a profile and bind it to the corresponding ports Click Apply Port Select Specify the port number and click Select to quick select the corres...

Страница 537: ...able the PoE function By default it is enable Step 5 power inline priority low middle high Specify the PoE priority for the corresponding port low middle high Select the priority level for the corresp...

Страница 538: ...of 1 0 1 3 1 0 5 Step 10 end Return to privileged EXEC mode Step 11 copy running config startup config Save the settings in the configuration file The following example shows how to set the system pow...

Страница 539: ...ority level for the profile When the supply power exceeds the system power limit the switch will power off PDs on low priority ports to ensure stable running of other PDs power limit auto class1 class...

Страница 540: ...6 Switch configure Switch config power profile profile1 supply enable priority middle consumption class2 Switch config show power profile Index Name Status Priority Power Limit w 1 profile1 Enable Mi...

Страница 541: ...urce We recommend that you use Network Time Protocol NTP to synchronize the switch clock For details refer to System Info Configurations in Managing System 3 1 Using the GUI 3 1 1 Creating a Time Rang...

Страница 542: ...ick Add When the Absolute mode is selected the following section will be shown Figure 3 2 Absolute Mode Type Select Absolute time to configure From Time Specify the starting time of the absolute mode...

Страница 543: ...ify the time Holiday Name Specify a name for the holiday time Start Date Specify the starting time of the holiday End Date Specify the ending time of the holiday 2 Click Apply 3 1 3 Viewing the Time R...

Страница 544: ...include Step 4 Use the following command to create a absolute time range absolute from start date to end date Specify the time range in absolute mode start date Specify the starting time of the time...

Страница 545: ...ed if the name is not specified Step 9 end Return to privileged EXEC mode Step 10 copy running config startup config Save the settings in the configuration file The following example shows how to crea...

Страница 546: ...s If the name contains spaces enclose the name in double quotes start date Specify the starting time of the holiday in the format of MM DD end date Specify the ending time of the holiday in the format...

Страница 547: ...the time range desired It ranges from 1 to 16 characters If the name contains spaces enclose the name in double quotes All PoE time range configurations will be displayed if the name is not specified...

Страница 548: ...ce time for example from 08 30 to 18 00 You can also set a holiday and make the time range settings not be affected on holiday Then apply the settings to port 1 0 3 and 1 0 4 Port 1 0 1 and 1 0 2 need...

Страница 549: ...Time Range Holiday Config to load the following page Specify a name for the holiday and set the starting date and ending date Figure 4 3 Configure the Holiday 3 Choose the menu PoE PoE Config PoE Con...

Страница 550: ...30 end 23 00 day of the week 1 5 Switch_A config time range exit 2 Create a holiday Switch_A config power holiday Christmas start date 12 22 end date 12 31 3 Enable the PoE function on the port 1 0 3...

Страница 551: ...entry office time Active holiday exclude number of absolute time 0 01 01 2000 00 00 to 12 31 2099 24 00 by default number of periodic time 1 1 08 30 to 23 00 on 1 2 3 4 5 Verify the configuration of...

Страница 552: ...Time Range No Limit PoE Profile None Table 5 2 Default Settings of PoE Profile Parameter Default Setting Profile Name None PoE Status Enable PoE Priority High Power Limit Auto Table 5 3 Default Setti...

Страница 553: ...Part 20 Configuring ACL CHAPTERS 1 Overview 2 ACL Configuration 3 Configuration Example for ACL 4 Appendix Default Parameters...

Страница 554: ...situations To prevent various network attacks such as attacks on IP Internet Protocol TCP Transmission Control Protocol and ICMP Internet Control Message Protocol packets To manage network access beh...

Страница 555: ...nfigure a time range during which the ACL takes effect 2 Create an ACL and configure the rules to filter different packets 3 Create a Policy and configure the policy action for packets that match the...

Страница 556: ...range in Holiday mode In this mode the corresponding ACL rule takes effect only when the system date falls within the specified holiday time For details refer to Configuring Holiday Absolute Configure...

Страница 557: ...name to the holiday Start Date End Date Specify the start and end date of the holiday 2 Click Apply to make the settings effective 2 1 3 Creating an ACL You can create different types of ACL and defin...

Страница 558: ...fy the ACL 2 Click Apply to make the settings effective Note The supported ACL type and ID range varies on different switch models Please refer to the on screen information 2 1 4 Configuring ACL Rules...

Страница 559: ...at the corresponding bit in the address will be matched D MAC Mask Enter the destination IP address with a mask A value of 1 in the mask indicates that the corresponding bit in the address will be mat...

Страница 560: ...packet matching criteria S IP Mask Specify the source IP address with a mask A value of 1 in the mask indicates that the corresponding bit in the address will be matched D IP Mask Specify the destina...

Страница 561: ...e from the drop down list The default is All which indicates that packets of all protocols will be matched TCP Flag If TCP protocol is selected you can configure the TCP Flag to be used for the rule s...

Страница 562: ...can also delete an ACL or an ACL rule or change the matching order if needed Choose the menu ACL ACL Config ACL Summary to load the following page Figure 2 7 ACL Information 2 1 5 Configuring Policy P...

Страница 563: ...st Select ACL Select an ACL to be applied to the policy 2 Configure the actions to be taken for the matched packets S Mirror Configure port mirroring for the matched packets Enter a destination port t...

Страница 564: ...nd Policy Binding You can select ACL binding or Policy binding according to your needs An ACL or policy takes effect only after it is bound to a port or VLAN Configuring the ACL Binding You can bind t...

Страница 565: ...Binding VLAN Binding to load the following page Figure 2 11 Binding the ACL to a VLAN Follow these steps to bind the ACL to a VLAN Select the ACL and enter the VLAN ID and click Apply ACL ID Select an...

Страница 566: ...ding to this policy Binding the Policy to a Port Figure 2 12 Binding the policy to a Port Follow these steps to bind the policy to a Port Select the policy and the port to be bound and click Apply Pol...

Страница 567: ...LAN ID Enter the VLAN ID Verifying the Binding Configuration Verifying the ACL Binding You can view both port binding and VLAN binding entries in the table You can also delete existing entries if need...

Страница 568: ...the CLI 2 2 1 Configuring Time Range Some services or features that use ACL need to be limited to a specified time period In this case you can configure time range for the ACL Step 1 configure Enter g...

Страница 569: ...icates every day off day indicates Saturday and Sunday and working day indicates Monday to Friday By default Week mode is disabled time slice Add a time slice in HH MM HH MM format You can add a maxim...

Страница 570: ...eriodic time slice 08 30 18 00 periodic week day 1 2 3 4 5 Switch config end Switch copy running config startup config 2 2 2 Configuring ACL Follow the steps to create different types of ACL and confi...

Страница 571: ...k Enter the mask of the destination MAC address This is required if a destination MAC address is entered The format is FF FF FF FF FF FF vlan id The VLAN ID ranges from 1 to 4094 ethernet type Specify...

Страница 572: ...he packets that match the rule Deny means to discard permit means to forward By default it is set to permit source ip Enter the source IP address source ip mask Enter the mask of the source IP address...

Страница 573: ...255 255 Switch config show access list 600 Standard IP access list 600 rule 1 permit sip 192 168 1 100 smask 255 255 255 255 Switch config end Switch copy running config startup config Extend IP ACL...

Страница 574: ...disable matching of fragmented packets The default is disable When enabled the rule will apply to all fragmented packets and always permit to forward the last fragment of a packet dscp Specify the DSC...

Страница 575: ...ets through operations such as mirroring rate limiting redirecting or changing priority Follow the steps below to create a policy and configure the policy actions Step 1 configure Enter global configu...

Страница 576: ...for the packets whose rate is beyond the specified rate The default is None qos remark dscp dscp priority pri dot1p pri Optional Define the policy to remark priority for the matched packets dscp Spec...

Страница 577: ...ange ten gigabitEthernet port list access list bind policy name Optional Enter layer 2 interface configuration mode and bind the policy to the port port The port to which the policy will bind policy n...

Страница 578: ...atched and processed according to the ACL rules Step 1 configure Enter global configuration mode Step 2 interface fastEthernet port gigabitEthernet port ten gigabitEthernet port access list bind acl a...

Страница 579: ...ure Switch config interface gigabitEthernet 1 0 3 Switch config if access list bind acl 1 Switch config if exit Switch config interface vlan 4 Switch config if access list bind acl 2 Switch config if...

Страница 580: ...department can only visit http and https websites on the internet 3 2 Network Topology As is shown below computers in the Marketing department are connected to the switch via port 1 0 1 and the intern...

Страница 581: ...matches the packets with the rules in order starting with Rule 1 If a packet matches a rule the switch stops the matching process and initiates the action defined in the rule Binding Configuration Ap...

Страница 582: ...Rule 1 3 Choose the menu ACL ACL Config Extend IP ACL to load the the following page Select the Extend IP ACL 1600 configure rule 2 and rule 3 to permit packets with source IP 10 10 70 0 and destinati...

Страница 583: ...nfiguring Rule 3 4 Choose the menu ACL ACL Config Extend IP ACL to load the following page Select the Extend IP ACL 1600 configure Rule 4 and Rule 5 to permit packets with source IP 10 10 70 0 and wit...

Страница 584: ...5 Choose the menu ACL ACL Config Extend IP ACL to load the following page Select the Extend IP ACL 1600 configure Rule 6 to deny packets with source IP 10 10 70 0 Figure 3 8 Configuring Rule 6 6 Choos...

Страница 585: ...y 7 Choose the menu ACL Policy Config Action Create to load the the following page Then apply ACL 1600 to Policy Market Figure 3 10 Applying the ACL to the Policy 8 Choose the menu ACL Policy Binding...

Страница 586: ...ule 2 and Rule 3 to permit packets with source IP 10 10 70 0 and destination port TCP 80 http service port or TCP 443 https service port Switch config access list extended 1600 rule 2 permit sip 10 10...

Страница 587: ...itch config if exit Switch config end Switch copy running config startup config Verify the Configurations Verify the Extended IP access list 1600 rule 1 permit sip 10 10 70 0 smask 255 255 255 0 dip 1...

Страница 588: ...arameter Default Setting Operation Permit User Priority No Limit Time Range No Limit For Standard IP ACL Parameter Default Setting Operation Permit Time Range No Limit For Extend IP ACL Parameter Defa...

Страница 589: ...rity 2 IP MAC Binding Configurations 3 DHCP Snooping Configuration 4 ARP Inspection Configurations 5 DoS Defend Configuration 6 802 1X Configuration 7 PPPoE ID Insertion Configuration 8 AAA Configurat...

Страница 590: ...ng DHCP Snooping DHCP Snooping supports the basic DHCP security feature and the Option 82 feature Basic DHCP Security During the working process of DHCP generally there is no authentication mechanism...

Страница 591: ...erver Administrators can check the location of the DHCP client via option 82 The DHCP server supporting option 82 can also set the distribution policy of IP addresses and the other parameters providin...

Страница 592: ...alicious DoS attack packets and discard them directly Also DoS Defend feature can limit the transmission rate of legal packets When the number of legal packets exceeds the threshold value and may incu...

Страница 593: ...ients confirms whether a client is legal and informs the authenticator whether a client is authenticated PPPoE ID Insertion In common PPPoE dialup mode when users dial up through PPPoE they can access...

Страница 594: ...accounts and an Enable password for other users The guests do not have administrative privileges without the Enable password provided AAA provides a safe and efficient authentication method The authen...

Страница 595: ...Binding Table 2 1 Using the GUI 2 1 1 Binding Entries Manually You can manually bind the IP address MAC address VLAN ID and the Port number together on the condition that you have got the related inf...

Страница 596: ...ies Dynamically The binding entries can be dynamically learned from ARP Scanning and DHCP Snooping ARP Scanning With ARP Scanning the switch sends the ARP request packets of the specified IP field to...

Страница 597: ...Warning The collision entries have the same IP address and MAC address and all the collision entries are valid This kind of collision may be caused by the MSTP function Critical The collision entries...

Страница 598: ...oping Displays the binding entries learned from DHCP Snooping IP Enter an IP address and click Search to search the specific entry In the Binding Table section you can view the searched entries Additi...

Страница 599: ...anually bind the IP address MAC address VLAN ID and the Port number together on the condition that you have got the related information of the hosts Follow these steps to manually bind entries Step 1...

Страница 600: ...nd Switch copy running config startup config 2 2 2 Viewing Binding Entries On privileged EXEC mode or any other configuration mode you can use the following command to view binding entries show ip sou...

Страница 601: ...oping after step 1 and step 2 are completed By default the binding entries are applied to ARP Detection Configuration Guidelines DHCP Snooping and DHCP Relay cannot be used at the same time on the swi...

Страница 602: ...arameters Trusted Port Select Enable to set the port that is connected to the DHCP server as a trusted port Select Disable to set the other ports as untrusted ports MAC Verify Enable or disable the MA...

Страница 603: ...addresses and other parameters providing a more flexible address distribution way Choose the menu Network Security DHCP Snooping Option 82 Config to load the following page Figure 3 3 Option 82 Config...

Страница 604: ...ter the customized remote ID which contains up to 64 characters LAG Displays the LAG that the port is in 2 Click Apply 3 2 Using the CLI 3 2 1 Enabling DHCP Snooping on VLAN Follow these steps to glob...

Страница 605: ...4 ip dhcp snooping mac verify Enable the MAC Verify feature There are two fields in the DHCP packet that contain the MAC address of the host The MAC Verify feature compares the two fields of a DHCP p...

Страница 606: ...snooping mac verify Switch config if ip dhcp snooping limit rate 10 Switch config if ip dhcp snooping decline rate 20 Switch config if show ip dhcp snooping interface gigabitEthernet 1 0 1 Interface T...

Страница 607: ...es the DHCP Request packets drop Indicates discarding the packets that include the Option 82 field Step 5 ip dhcp snooping information circuit id string Configure the circuit ID The circuit ID configu...

Страница 608: ...dhcp snooping information circut id VLAN20 Switch config if ip dhcp snooping information remote id Host1 Switch config if show ip dhcp snooping information interface gigabitEthernet 1 0 7 Interface O...

Страница 609: ...the illegal ARP packets Before configuring ARP Detection complete IP MAC Binding configuration For details refer to IP MAC Binding Configurations Choose the menu Network Security ARP Inspection ARP De...

Страница 610: ...le the ARP Defend feature Speed 10 100 pps Specify the maximum number of the ARP packets that can be received on the port per second The valid values are from 10 to 100 pps packet second and the defau...

Страница 611: ...u Network Security ARP Inspection ARP Statistics to load the following page Figure 4 3 ARP Statistics In the Auto Refresh section you can enable the auto refresh feature and specify the refresh interv...

Страница 612: ...fastEthernet port list gigabitEthernet port range gigabitEthernet port list Enter interface configuration mode Step 4 ip arp inspection trust Configure the port as a trusted port on which the ARP Det...

Страница 613: ...gigabitEthernet port range gigabitEthernet port list Enter interface configuration mode Step 3 ip arp inspection Enable the ARP defend feature on the port Step 4 ip arp inspection limit rate value Sp...

Страница 614: ...Gi1 0 2 Enabled 20 N A Normal N A Switch config if end Switch copy running config startup config The following example shows how to restore the port 1 0 1 that is in Discard status to Normal status Sw...

Страница 615: ...g ARP Statistics On privileged EXEC mode or any other configuration mode you can use the following command to view ARP statistics show ip arp inspection statistics View the ARP statistics on each port...

Страница 616: ...DoS attack Land Attack The attacker sends a specific fake SYN synchronous packet to the destination host Because both of the source IP address and the destination IP address of the SYN packet are set...

Страница 617: ...packets If the attacker sends overflowing fake request packets the network resource will be occupied maliciously and the requests of the legal clients will be denied WinNuke Attack Because the Operat...

Страница 618: ...d host is reduced because the Host circularly attempts to build a connection with the attacker ping flood The attacker floods the destination system with Ping packets creating a broadcast storm that m...

Страница 619: ...ve the settings in the configuration file The following example shows how to enable the DoS Defend type named land Switch configure Switch config ip dos prevent Switch config ip dos prevent type land...

Страница 620: ...curity cannot be enabled at the same time Before enabling 802 1X authentication make sure that Port Security is disabled 6 1 Using the GUI 6 1 1 Configuring the RADIUS Server Enable AAA function on th...

Страница 621: ...exchange responses Auth Port Specify the UDP destination port on the RADIUS server for authentication requests The default setting is 1812 Acct Port Specify the UDP destination port on the RADIUS ser...

Страница 622: ...Add New Server Group section specify the name and server type for the new server group and click Add Server Group Specify the name of the new server group Server Type Select the type of the server gro...

Страница 623: ...Configuring the Dot1x List Follow these steps to configure RADIUS server groups for 802 1X authentication and accounting 1 In the Authentication Dot1x Method List section select an existing RADIUS ser...

Страница 624: ...EAP Extensible Authentication Protocol packets is terminated at the switch and the EAP packets are converted to other protocol such as RADIUS packets and transmitted to the authentication server EAP T...

Страница 625: ...et Period Specify the Quiet Period It ranges from 1 to 999 seconds and the default time is 10 seconds The quiet period starts after the authentication fails During the quiet period the switch does not...

Страница 626: ...nticated Control Type Select the Control Type for the port By default it is MAC Based MAC Based All clients connected to the port need to be authenticated Port Based If a client connected to the port...

Страница 627: ...the shared key 0 and 7 prevent the encryption type 0 indicates that an unencrypted key will follow 7 indicates that a symmetric encrypted key with a fixed length will follow By default the encryption...

Страница 628: ...file The following example shows how to enable AAA add a RADIUS server to the server group named radius1 and apply this server group to the 802 1X authentication The IP address of the RADIUS server is...

Страница 629: ...ected the 802 1X authentication system uses EAP Extensible Authentication Protocol packets to exchange information between the switch and the client The transmission of EAP packets is terminated at th...

Страница 630: ...the client within the specified time it will resend the request Step 7 dot1x max reauth req times Specify the maximum number of attempts to send the authentication packet for the client times The maxi...

Страница 631: ...method mac based port based Configure the control type for the port By default it is mac based mac based All clients connected to the port need to be authenticated port based If a client connected to...

Страница 632: ...g startup config Save the settings in the configuration file The following example shows how to enable 802 1X authentication on port 1 0 2 configure the control type as port based and configure the co...

Страница 633: ...eature With this option enabled the switch will insert a Circuit ID to the received PPPoE Discovery packet on this port Circuit ID Type Select the type of the Circuit ID The following options are prov...

Страница 634: ...Discovery packet on this port Step 5 pppoe circuit id type mac ip udf Value udf only Value Specify the type of the Circuit ID The following options are provided mac The source MAC address of the pack...

Страница 635: ...port 1 0 1 and configure the Circuit ID as 123 without other information and Remote ID as host1 Switch configure Switch config pppoe id insertion Switch config if interface gigabitEthernet 1 0 1 Switc...

Страница 636: ...the users in the order they are added The server that is first added to the group has the highest priority and is responsible for authentication under normal circumstances If the first one breaks dow...

Страница 637: ...8 1 Global Configuration Follow these steps to globally enable AAA 1 In the Global Config section enable AAA 2 Click Apply 8 1 2 Adding Servers You can add one or more RADIUS TACACS servers on the sw...

Страница 638: ...The default setting is 1813 Usually it is used in the 802 1X feature Retransmit Specify the number of times a request is resent to the server if the server does not respond The default setting is 2 T...

Страница 639: ...The servers running the same protocol are automatically added to the default server group You can add new server groups as needed Choose the menu Network Security AAA Server Group to load the followin...

Страница 640: ...t Then click Add to add this server to the server group Figure 8 6 Add Server to Group 8 1 4 Configuring the Method List A method list describes the authentication methods and their sequence to authen...

Страница 641: ...method List Type Select the authentication type The following options are provided Authentication Login and Authentication Enable Pri1 Pri4 Specify the authentication methods in order The method with...

Страница 642: ...the users trying to log in to the switch Enable List Select a previously configured Enable method list This method list will authenticate the users trying to get administrative privileges 2 Click App...

Страница 643: ...US server the user name should be set as enable and the Enable password is customizable All the users trying to get administrative privileges share this Enable password On TACACS server configure the...

Страница 644: ...nation port on the RADIUS server for authentication requests The default setting is 1812 acct port port id Specify the UDP destination port on the RADIUS server for accounting requests The default set...

Страница 645: ...e server as 192 168 0 10 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 Switch configure Switch config radius server host 192 168 0 10...

Страница 646: ...length will follow By default the encryption type is 0 string is the shared key for the switch and the server which contains 31 characters at most encrypted string is a symmetric encrypted key with a...

Страница 647: ...pe group name Specify a name for the group Step 3 server ip address Add the existing servers to the server group ip address Specify IP address of the server to be added to the group Step 4 show aaa gr...

Страница 648: ...if the previous method does not respond and so on The default methods include radius tacacs local and none None means no authentication is used for login Step 3 aaa authentication enable method list m...

Страница 649: ...tion enable Methodlist pri1 pri2 pri3 pri4 default local Enable1 radius local Switch config end Switch copy running config startup config 8 2 5 Configuring the AAA Application List You can configure a...

Страница 650: ...st Step 6 end Return to privileged EXEC mode Step 7 copy running config startup config Save the settings in the configuration file The following example shows how to apply the existing Login method li...

Страница 651: ...e application Telnet method list Specify the name of the Enable method list Step 5 show aaa global Verify the configuration of application list Step 6 end Return to privileged EXEC mode Step 7 copy ru...

Страница 652: ...ep 4 enable authentication method list Apply the Enable method list for the application SSH method list Specify the name of the Enable method list Step 5 show aaa global Verify the configuration of ap...

Страница 653: ...e Login method list Step 3 ip http enable authentication method list Apply the Enable method list for the application HTTP method list Specify the name of the Enable method list Step 4 show aaa global...

Страница 654: ...represent the encryption type 0 indicates that an unencrypted key will follow 7 indicates that a symmetric encrypted key with a fixed length will follow By default the encryption type is 0 password is...

Страница 655: ...e login account can be created on the server Besides both the user name and password can be customized For Enable password configuration On RADIUS server the user name should be set as enable and the...

Страница 656: ...Figure 9 1 Network Topology Gi1 0 4 Gi1 0 1 Gi1 0 2 Gi1 0 3 Gi1 0 5 User 3 88 A9 D4 54 FD C3 192 168 0 33 24 User 1 74 D3 45 32 B6 8D Attacker Illegal DHCP Server User 2 76 D9 33 56 78 A3 Switch A Le...

Страница 657: ...ARP packets on each port thus to prevent ARP flooding attacks Demonstrated with T2500G 10MPS the following sections provide configuration procedure in two ways using the GUI and using the CLI 9 1 3 U...

Страница 658: ...e following page Enter the host name IP address MAC address and VLAN ID of User 3 select ARP Detection as the protect type and select port 1 0 3 on the panel Click Bind Figure 9 4 Manual Binding 4 Cho...

Страница 659: ...twork Security ARP Inspection ARP Detect to load the following page Enable ARP Detection and set ports 1 0 4 as trusted port Click Apply Figure 9 6 ARP Detect 6 Choose the menu Network Security ARP In...

Страница 660: ...ng User3 192 168 0 33 88 a9 d4 54 fd c3 vlan 1 interface gigabitEthernet 1 0 3 arp detection 4 Enable ARP Detection globally and set port 1 0 4 as a trusted port Switch_A config ip arp inspection Swit...

Страница 661: ...0 0 N A Verify the IP MAC Binding entries Switch_A show ip source binding U No Host IP Addr MAC Addr VID Port ACL Col 1 1 User1 192 168 0 20 74 d3 45 32 6b 8d 1 Gi1 0 1 ARP D 1 2 User2 192 168 0 21 76...

Страница 662: ...at only the authenticated clients can access the Internet 9 2 2 Configuration Scheme To authenticate clients separately enable 802 1X authentication configure the control mode as auto and set the cont...

Страница 663: ...h T2500G 10MPS acting as the authenticator the following sections provide configuration procedure in two ways using the GUI and using the CLI 9 2 4 Using the GUI 1 Choose the menu Network Security AAA...

Страница 664: ...up Figure 9 11 Create Server Group 4 On the same page select the newly created server group and click edit to load the following page Select 192 168 0 10 from the drop down list and click Add to add t...

Страница 665: ...d as EAP Enable the Quiet feature and then keep the default authentication settings Figure 9 14 Global Config 7 Choose the menu Network Security 802 1X Authentication Port Config to load the following...

Страница 666: ...ethod enable the quiet feature and configure relevant parameters Switch_A configure Switch_A config dot1x system auth control Switch_A config dot1x auth method eap Switch_A config dot1x quiet period 3...

Страница 667: ...Timer 10 sec Max Retry times For RADIUS Packet 3 Supplicant Timeout 3 sec Verify the configurations of 802 1X authentication on the port Switch_A show dot1x interface Port State GuestVLAN PortControl...

Страница 668: ...twork to provide a safer authenticate method for the administrators trying to log in or get administrative privileges If RADIUS Server 1 breaks down and doesn t respond to the authentication request R...

Страница 669: ...ways using the GUI and using the CLI 9 3 3 Using the GUI 1 Choose the menu Network Security AAA Global Config to load the following page In the Global Config section enable AAA and click Apply Figure...

Страница 670: ...pecify the group name as RADIUS1 and the server type as RADIUS Click Add to create the server group Figure 9 20 Create Server Group 5 On the same page select the newly created server group and click e...

Страница 671: ...for the Login authentication Figure 9 22 Configure Login Method List 7 On the same page specify the Method List Name as Method Enable select the List Type as Authentication Enable and select the Pri1...

Страница 672: ...o RADIUS servers to the server group Switch config aaa group radius RADIUS1 Switch aaa group server 192 168 0 10 Switch aaa group server 192 168 0 20 Switch aaa group exit 4 Create two method lists Me...

Страница 673: ...1813 5 2 123456 Verify the configuration of server group RADIUS1 Switch show aaa group RADIUS1 192 168 0 10 192 168 0 20 Verify the configuration of the method lists Switch show aaa authentication Aut...

Страница 674: ...nfiguration Guide 650 Configuring Network Security Configuration Examples Module Login List Enable List Console default default Telnet Method Login Method Enable Ssh default default Http default defau...

Страница 675: ...otect Type For Manual Binding None For ARP Scanning None For DHCP Snooping All Table 10 2 DHCP Snooping Parameter Default Setting Global Config DHCP Snooping Disable VLAN ID Disable Port Config Truste...

Страница 676: ...Defend Disable Speed 15 pps ARP Statistics Auto Refresh Disable Refresh Interval 5 seconds Table 10 4 DoS Defend Parameter Default Setting DoS Defend Disable Table 10 5 802 1X Parameter Default Setti...

Страница 677: ...Type MAC Based Dot1X List Authentication Dot1x Method List List Name default Pri1 radius Accounting Dot1x Method List List Name default Pri1 radius Table 10 6 PPPoE ID Insertion Parameter Default Sett...

Страница 678: ...nfig Server IP None Timeout 5 seconds Shared Key None Port 49 Server Group There are two default server groups radius and tacacs Method List Authentication Login Method List List name default Pri1 loc...

Страница 679: ...Configuration Guide 655 Configuring Network Security Appendix Default Parameters Parameter Defualt Setting http Login List default Enable List default...

Страница 680: ...Part 22 Configuring LLDP CHAPTERS 1 LLDP 2 LLDP Configurations 3 LLDP MED Configurations 4 Viewing LLDP Settings 5 Viewing LLDP MED Settings 6 Configuration Example 7 Appendix Default Parameters...

Страница 681: ...et Protocol device to access the network VoIP devices can use LLDP MED for auto configuration to minimize the configuration effort 1 2 Supported Features The switch supports LLDP and LLDP MED LLDP all...

Страница 682: ...figurations you can 1 Enable the LLDP feature on the switch 2 Optional Configure the LLDP feature globally 3 Optional Configure the LLDP feature for the interface 2 1 Using the GUI 2 1 1 Global Config...

Страница 683: ...fter specifying a transmit delay time the local device will wait for a delay time to send LLDP packets when changes occur to avoid frequent LLDP packet forwarding The default is 2 seconds Reinit Delay...

Страница 684: ...port will transmit LLDP packets and process the received LLDP packets Rx_Only The port will only process the received LLDP packets but not transmit LLDP packets Tx_Only The port will only transmit LLD...

Страница 685: ...t VA Used to advertise the name of the VLAN which the port is in LA Used to advertise whether the link is capable of being aggregated whether the link is currently in an aggregation and the port ID wh...

Страница 686: ...ime that the local device waits before sending another LLDP packet to its neighbors The default is 2 seconds notify interval Enter the interval between successive Trap messages that are periodically s...

Страница 687: ...guration mode Step 3 lldp receive Optional Set the mode for the port to receive LLDP packets It is enabled by default Step 4 lldp transmit Optional Set the mode for the port to send LLDP packets It is...

Страница 688: ...lldp receive Switch config if lldp transmit Switch config if lldp snmp trap Switch config if lldp tlv select all Switch config if show lldp interface gigabitEthernet 1 0 1 LLDP interface config gigabi...

Страница 689: ...to load the following page Figure 3 1 LLDP MED Parameters Config Configure the Fast Start Count and view the current device class Click Apply Fast Start Count Specify the number of successive LLDP ME...

Страница 690: ...3 2 LLDP MED Port Config Follow these steps to enable LLDP MED 1 Select the desired port and enble LLDP MED Click Apply 2 Click Detail to enter the following page Configure the TLVs included in the ou...

Страница 691: ...e Endpoint device in the Location Identification Parameters section Extended Power Via MDI Used to advertise the detailed PoE information including power supply priority and supply status between LLDP...

Страница 692: ...ed fast count count Optional Specify the number of successive LLDP MED frames that the local device sends when fast start mechanism is activated When the fast start mechanism is activated the local de...

Страница 693: ...management all Optional Configure the LLDP MED TLVs included in the outgoing LLDP packets By default the outgoing LLDP packets include all TLVs If LLDP MED Location TLV is selected configure the para...

Страница 694: ...ig lldp Switch config lldp med fast count 4 Switch config interface gigabitEthernet 1 0 1 Switch config if lldp med status Switch config if lldp med tlv select all Switch config if show lldp interface...

Страница 695: ...figurations Configuration Guide 671 LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch config end Switch copy...

Страница 696: ...Info to load the following page Figure 4 1 Local Info Follow these steps to view the local information 1 In the Auto Refresh section enable the Auto Refresh feature and set the Refresh Rate according...

Страница 697: ...Displays the system name of the local device System Description Displays the system description of the local device System Capabilities Supported Displays the supported capabilities of the local syste...

Страница 698: ...ys the system name of the neighbor device Chassis ID Displays the Chassis ID of the neighbor device System Description Displays the system description of the neighbor device Neighbor Port Displays the...

Страница 699: ...er of the LLDP packets sent via the port Receive Total Displays the total number of the LLDP packets received via the port Discards Displays the total number of the LLDP packets discarded by the port...

Страница 700: ...6 Configuring LLDP Viewing LLDP Settings Viewing LLDP Statistics show lldp traffic interface fastEthernet port gigabitEthernet port tengigabitEthernet port View the statistics of the corresponding por...

Страница 701: ...se steps to view LLDP MED local information 1 In the Auto Refresh section enable the Auto Refresh feature and set the Refresh Rate according to your needs Click Apply 2 In the LLDP MED Local Info sect...

Страница 702: ...Media Policy Layer 2 Priority Displays the Layer 2 priority used in the specific application Media Policy DSCP Displays the DSCP value used in the specific application Viewing the Neighbor Info Figure...

Страница 703: ...al Info show lldp local information interface fastEthernet port gigabitEthernet port ten gigabitEthernet port View the LLDP details of a specific port or all the ports on the local device Viewing the...

Страница 704: ...ator can view the device information using the NMS Figure 6 1 LLDP Network Topology Gi1 0 1 Gi1 0 2 Switch A Switch B PC 6 1 3 Configuration Scheme LLDP can meet the network requirements Enable the LL...

Страница 705: ...g Port Config to load the following page Set the Admin Status of port Gi1 0 1 to Tx Rx enable Notification Mode and configure all the TLVs included in the outgoing LLDP packets Figure 6 3 LLDP Port Co...

Страница 706: ...lldp receive Switch_A config if lldp transmit Switch_A config if lldp snmp trap Switch_A config if lldp tlv select all Switch_A config if end Switch_A copy running config startup config Verify the Co...

Страница 707: ...Yes Max Frame Size Yes Power Yes LLDP MED Status Disabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes View the Local Info Switch_A sh...

Страница 708: ...rt VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port and protocol VLAN supported Yes Port and protocol VLAN enabled No VLAN name of VLAN 1 System VLAN Protocol identity Auto negotiation supported...

Страница 709: ...ision 2 0 0 Build 20160905 Rel 74744 s Serial Number Reserved Manufacturer Name TP Link Model Name T2500G 10MPS 2 0 Asset ID unknown View the Neighbor Info Switch_A show lldp neighbor information inte...

Страница 710: ...otocol identity Auto negotiation supported Yes Auto negotiation enabled Yes OperMau speed 1000 duplex Full Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Power port c...

Страница 711: ...AN while other traffic will be transmitted in the default VLAN Please note that the PVID of the port which the IP phone is connected with cannot be the same as the VLAN ID of the Voice VLAN Refer to C...

Страница 712: ...ice VLAN Global Config enable Voice VLAN and set the VLAN ID to 10 Figure 6 6 Configuring Voice VLAN Globally Choose the menu QoS Voice VLAN Port Config set the Voice VLAN mode on Gi1 0 1 and Gi1 0 2...

Страница 713: ...ing Voice VLAN Mode on Port 1 0 2 Choose the menu VLAN 802 1Q VLAN VLAN Config to load the following page Add port 1 0 2 to the Voice VLAN Figure 6 9 Adding Port 1 0 2 to the Voice VLAN 3 Choose the L...

Страница 714: ...e 6 11 LLDP MED Global Config 5 Choose th menu LLDP LLDP MED Policy Config to load the following page Select port 1 0 1 and enable LLDP MED Figure 6 12 LLDP MED Port Config Click Detail in the Port 1...

Страница 715: ...Voice VLAN Switch_A config vlan 10 Switch_A config vlan name Voice_VLAN Switch_A config voice vlan 10 2 Configure the Voice VLAN mode on port Gi1 0 1 as Auto Switch_A config interface gigabitEthernet...

Страница 716: ...us 7 Configure the LLDP MED TLVs included in the outgoing LLDP packets Switch_A config if lldp med tlv select all 8 Configure the detailed address of the IP phone Switch_A config if lldp med location...

Страница 717: ...N ID Yes VLAN Name Yes Link Aggregation Yes MAC Physic Yes Max Frame Size Yes Power Yes LLDP MED Status Enabled TLV Status Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inv...

Страница 718: ...192 168 0 226 Management address interface type IfIndex Management address interface ID 1 Management address OID 0 Port VLAN ID PVID 1 Port and protocol VLAN ID PPVID 0 Port and protocol VLAN support...

Страница 719: ...s LCI What Switch Country Code CN Language chinese Province State Guangdong County Parish District China City Township Shenzhen Street Keyuan Road Name South Building No 5 Postal Zip Code 518057 Hardw...

Страница 720: ...ult System capabilities supported Bridge Telephone System capabilities enabled Bridge Telephone Management address type ipv4 Management address 192 168 1 117 Management address interface type UnKnown...

Страница 721: ...Application type Voice Unknown policy No Tagged No VLAN ID 4095 Layer 2 Priority 5 DSCP 46 Application type Voice Signaling Unknown policy No Tagged No VLAN ID 4095 Layer 2 Priority 4 DSCP 32 Power Ty...

Страница 722: ...LDP Disable Transmit Interval 30 seconds Hold Multiplier 4 Transmit Delay 2 seconds Reinit Delay 2 seconds Notification Interval 5 seconds Fast Start Times 3 Table 7 2 Default LLDP Settings on the Por...

Страница 723: ...ntenance CHAPTERS 1 Maintenance 2 Monitoring the System 3 System Log Configurations 4 Diagnosing the Device 5 Diagnosing the Network 6 DLDP Configuration 7 Configuration Example for Remote Log 8 Appen...

Страница 724: ...se function includes Ping test and Tracert test With them you can test the connectivity between the switch and one node of the network or the connectivity of the gateways on the path from the source t...

Страница 725: ...d memory utilizations should be always under 80 and excessive use may result in switch malfunctions For example the switch fails to respond to management requests In similar situations you can monitor...

Страница 726: ...itor and display its CPU utilization rate every four seconds 2 1 2 Monitoring the Memory Choose the menu Maintenance System Monitor Memory Monitor to load the following page Figure 2 2 Monitoing the M...

Страница 727: ...es The following example shows how to monitor the CPU Switch show cpu utilization Unit CPU Utilization No Five Seconds One Minute Five Minutes 1 13 13 13 2 2 2 Monitoring the Memory On privileged EXEC...

Страница 728: ...ions affect the functionality of the switch Alerts 1 Actions must be taken immediately The memory utilization reaches the limit Critical 2 Cause analysis or actions must be taken immediately The memor...

Страница 729: ...Log Table page It will be lost when the switch is restarted Log File indicates the flash sector for saving system log The information in the log file will not be lost after the switch is restarted and...

Страница 730: ...nd severity Host IP Specify an IP address for the log host UDP Port Displays the UDP port that receives and sends the log information And the switch uses the standard port 514 Severity Specify the sev...

Страница 731: ...the exact time when the log event occurs you need to configure the system time on the System System Info System Time Web management page Module Select a module from the drop down list to display the...

Страница 732: ...he frequency ranging from 1 to 48 hours By default the synchronization process takes place every 24 hours immediate The system log file in the buffer will be synchronized to the flash immediately This...

Страница 733: ...y monitor the settings and operation status of other devices through the log host idx Enter the index of the log host The switch supports 4 log hosts at most host ip Specify the IP address for the log...

Страница 734: ...its IP address as 192 168 0 148 and allow logs of levels 0 to 5 to be sent to the host Switch configure Switch config logging host index 2 192 168 0 148 5 Switch config show logging loghost Index Host...

Страница 735: ...iagnose Cable Test to load the following page Figure 4 1 Diagnosing the Device 1 In the Port section select your desired port for the test 2 In the Result section click Apply and check the test result...

Страница 736: ...atus is short close or crosstalk here displays the length from the port to the trouble spot The value makes sense only when the cable is longer than 30m 4 2 Using the CLI On privileged EXEC mode or an...

Страница 737: ...the Ping Test Choose the menu Maintenance Network Diagnose Ping to load the following page Figure 5 1 Configuring the Ping Test Follow these steps to test the connectivity between the switch and anoth...

Страница 738: ...milliseconds 2 In the Ping Result section check the test results 5 1 2 Configuring the Tracert Test Choose the menu Maintenance Network Diagnose Tracert to load the following page Figure 5 2 Configuri...

Страница 739: ...testing The values are from 1 to 10 times the default is 4 times l count Specify the size of the sending data for ping testing The values are from 1 to 1500 bytes the default is 64 bytes i count Spec...

Страница 740: ...ipv6 The type of the IP address for tracert test should be IPv6 ip_addr Enter the IP address of the destination device If the parameter ip ipv6 is not selected both IPv4 and IPv6 addresses are support...

Страница 741: ...the following page Figure 6 1 DLDP Config Follow these steps to configure DLDP 1 In the Global Config section enable DLDP and configure the relevant parameters Click Apply DLDP State Enable or disable...

Страница 742: ...ormation in the table DLDP State Enable or disable DLDP on the port Protocol State Displays the DLDP protocol state Initial DLDP is disabled Inactive DLDP is enabled but the link is down Active DLDP i...

Страница 743: ...a unidirectional link is detected It is the default setting manual The switch displays an alert when a unidirectional link is detected Then the users can manually shut down the unidirectional link po...

Страница 744: ...to Switch config end Switch copy running config startup config The following example shows how to enable DLDP on port 1 0 1 Switch configure Switch config interface gigabitEthernet 1 0 1 Switch config...

Страница 745: ...receive system logs from monitored devices Make sure the switch and the PC are reachable to each other configure a log server that complies with the syslog standard on the PC and set the PC as the log...

Страница 746: ...ure the remote log host Switch configure Switch config logging host index 1 1 1 0 1 5 Switch config end Switch copy running config startup config Verify the Configurations Switch show logging loghost...

Страница 747: ...File Disabled Severity of Log File Level_3 Sync Periodic of Log File 24 hours Table 8 2 Default Settings of Remote Log Parameter Default Setting Host IP 0 0 0 0 UDP Port 514 Severity Level_6 Status Di...

Страница 748: ...Configuring Maintenance Appendix Default Parameters Parameter Default Setting DLDP State Disable Adver Interval 5 seconds Shut Mode Auto Web Refresh State Disable Web Refresh Interval 5 seconds Port C...

Страница 749: ...Part 24 Configuring SNMP RMON CHAPTERS 1 SNMP Overview 2 SNMP Configurations 3 Notification Configurations 4 RMON Overview 5 RMON Configurations 6 Configuration Example 7 Appendix Default Parameters...

Страница 750: ...uthentication and Privacy Based on Community Name Based on Community Name Supported authentication and privacy modes are as follows Authentication MD5 SHA Privacy DES Trap Supported Supported Supporte...

Страница 751: ...reate an SNMP group and specify the access rights 4 Create SNMP users and configure the authentication mode privacy mode and corresponding passwords Choose SNMPv1 or SNMPv2c 1 Enable SNMP 2 Create an...

Страница 752: ...meric string used to identify the SNMP engine on the switch 3 In the Remote Engine section configure the remote engine ID Click Apply Remote Engine ID Set the ID of the remote SNMP manager with 10 to...

Страница 753: ...s A complete view consists of all MIB objects that have the same view name MIB Object ID Enter a MIB Object ID to specify a specific function of the device For specific ID rules refer to the device re...

Страница 754: ...e group is SNMPv1 In this mode community name match is used for authentication You can configure the community name on the SNMP community page v2c The security model of the group is SNMPv2 In this mod...

Страница 755: ...hese steps to create an SNMP user 1 Specify the user name user type and the group which the user belongs to Set the security model according to the related parameters of the specified group If you cho...

Страница 756: ...rivacy mode are applied to check and encrypt packets 2 If you have chosen authNoPriv or authPriv as the security level you need to set corresponding Auth Mode or Privacy Mode If not skip the step Auth...

Страница 757: ...MPv1 and SNMPv2c the community name match is used for authentication Access Specify the access right to the related view The default is read only read only The NMS can view but not modify parameters o...

Страница 758: ...eceives inform messages from Switch Note that the switch will automatically generate a local engine ID if the ID is not set or is deleted Step 4 show snmp server Displays the global settings of SNMP S...

Страница 759: ...e view to determine objects to be managed Step 1 configure Enter global configuration mode Step 2 snmp server view name mib oid include exclude Configure the view name Enter a view name with 1 to 16 c...

Страница 760: ...ig show snmp server view No View Name Type MOID 1 viewDefault include 1 2 viewDefault exclude 1 3 6 1 6 3 15 3 viewDefault exclude 1 3 6 1 6 3 16 4 viewDefault exclude 1 3 6 1 6 3 18 5 View include 1...

Страница 761: ...evel cannot be configured read view Set the view as read only And then the NMS can view parameters of the specified view write view Set the view as write only And then the NMS can modify parameters of...

Страница 762: ...noAuthNoPriv Please note that if you have chosen v1 or v2c as the security mode security level cannot be configured none MD5 SHA Choose an authentication algorithm which is only for the user of SNMPv3...

Страница 763: ...ssword Step 1 configure Enter global configuration mode Step 2 snmp server community name read only read write mib view Configure the community name Enter a group name with 1 to 16 characters read onl...

Страница 764: ...ON SNMP Configurations Switch config snmp server community nms monitor read write View Switch config show snmp server community Index Name Type MIB View 1 nms monitor read write View Switch config end...

Страница 765: ...abling the SNMP Extend Trap Optional Enabling the DDM Trap and Optional Enabling the Link status Trap 3 1 Using the GUI Choose the menu SNMP Notification Notification Config to load the following page...

Страница 766: ...o check and encrypt packets 3 Choose a notification type based on the SNMP version If you choose the Inform type you need to set retry times and timeout interval Type Choose a notification type for th...

Страница 767: ...zation and no encryption authNoPriv authorization and no encryption authPriv authorization and encryption The defaut is noAuthNoPriv Please note that if you have chosen v1 or v2c as the security mode...

Страница 768: ...2 snmp server traps snmp linkup linkdown warmstart coldstart auth failure Configure parameters of basic traps supported on the switch linkup When a port status changes from linkdown to linkup the swit...

Страница 769: ...pply port pwr change Enable PoE port power change trap The trap can be triggered when a PoE port starts to supply power or stops supplying power port pwr deny Enable PoE port power deny trap When the...

Страница 770: ...her the flash is modified And the trap is disabled by default The trap can be triggered when the flash is modified by saving configurations factory resetting upgrading and importing configurations lld...

Страница 771: ...tch temperature Enable DDM Temperature trap It is sent when the DDM temperature value exceeds the alarm threshold or warning threshold voltage Enable DDM Voltage trap It is sent when the DDM voltage v...

Страница 772: ...s on the specified ports port port list The number or the list of the Ethernet ports that you desire to configure notification traps Step 3 snmp server traps link status Enable SNMP extended linkup an...

Страница 773: ...ork device The NMS is usually a host that runs the management software to manage Agents of network devices And the Agent is usually a switch or router that collects traffic statistics such as total pa...

Страница 774: ...ory group Configuring the event group Configuring the alarm group Configuration Guidelines To ensure that the NMS receives notifications normally please complete configurations of SNMP and SNMP Notifi...

Страница 775: ...Set the entry as valid or underCreation By default it is valid Valid The entry is created and valid underCreation The entry is created but invalid 5 1 2 Configuring History Choose the menu SNMP RMON H...

Страница 776: ...set the status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters By default it is monitor Status Enable or disable the entry By default it is disabled Enable Th...

Страница 777: ...status of the entry Click Apply Owner Enter the owner name of the entry with 1 to 16 characters By default it is monitor Status Enable or disable the entry By default it is disabled Enable The entry...

Страница 778: ...t the sample type the rising and falling threshold the corresponding event action and the alarm type of the entry Sample Type Set the sampling method of the specified variable the default is absolute...

Страница 779: ...ing the CLI 5 2 1 Configuring Statistics Step 1 configure Enter global configuration mode Step 2 rmon statistics index interface gigabitEthernet port ten gigabitEthernet port owner owner name status u...

Страница 780: ...fig end Switch copy running config startup config 5 2 2 Configuring History Step 1 configure Enter global configuration mode Step 2 rmon history index interface fastEthernet port gigabitEthernet port...

Страница 781: ...settings in the configuration file The following example shows how to create a history entry on the switch to monitor port 1 0 1 Set the sample interval as 100 seconds max buckets as 50 and the owner...

Страница 782: ...notifications to the NMS and log notify indicates the switch records the event and sends notifications to the NMS owner name Enter the owner name of the entry with 1 to 16 characters The default name...

Страница 783: ...ns occur collision means the collision times in the network segment 64 65 127 128 255 256 511 512 1023 1024 10240 means total packets of the specified size absolute delta Choose the sampling mode The...

Страница 784: ...e type as Absolute the rising threshold as 3000 the related rising event entry index as 1 the falling threshold as 2000 the related falling event index as 2 the alarm type as all the notification inte...

Страница 785: ...number of packets transmitted and received is below the threshold 6 2 Configuration Scheme 1 Set a limit on the rate of the specified ports and then enable SNMP on Switch A Configure SNMP and Notifica...

Страница 786: ...to reach one another Figure 6 1 Network Topology Gi1 0 1 NMS Switch B Switch A IP 172 168 1 222 Gi1 0 2 Gi1 0 3 Demonstrated with T2500G 10MPS this chapter provides configuration procedures in two way...

Страница 787: ...SNMP view as View set MIB Object ID as 1 which means all functions and set the view type as Include Click Create Figure 6 3 SNMP View Configuration 3 Choose SNMP SNMP Config SNMP Group to load the fo...

Страница 788: ...g 5 Choose SNMP Notification Notification Config to load the following page Specify the IP address of the NMS host and the port of the host for transmitting notifications Set the User Security Model a...

Страница 789: ...and bind them to ports 1 0 1 and 1 0 2 respectively Set the owner of the entries as monitor and the status as valid Figure 6 7 Configuring Entry 1 Figure 6 8 Configuring Entry 2 2 Choose the menu SNMP...

Страница 790: ...s falling log owner as monitor and status as Enable Figure 6 10 Event Configuration 4 Choose SNMP RMON Alarm to load the following page Configure entries 1 and 2 For entry 1 set the alarm variable as...

Страница 791: ...Create a view with the name View set the MIB Object ID as 1 which represents all functions and the view type as Include Switch config snmp server view View 1 include 3 Create a group of SNMPv3 with t...

Страница 792: ...0 1 interval 100 owner monitor buckets 50 Switch config rmon history 2 interface gigabitEthernet 1 0 2 interval 100 owner monitor buckets 50 3 Create two event entries named admin which is the SNMP us...

Страница 793: ...er SNMP agent is enabled 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Num...

Страница 794: ...Switch config show snmp server group No Name Sec Mode Sec Lev Read View Write View Notify View 1 nms monitor v3 authPriv View View Verify SNMP user configurations Switch config show snmp server user...

Страница 795: ...able 2 Gi1 0 2 100 50 monitor Enable Verify RMON event configurations Switch config show rmon event Index User Description Type Owner State 1 admin rising notify Notify monitor Enable 2 admin falling...

Страница 796: ...uration Guide 772 Configuring SNMP RMON Configuration Example Statistics index 2 Alarm variable BPkt Sample Type Absolute RHold REvent 3000 1 FHold FEvent 2000 2 Alarm startup All Interval 10 Owner mo...

Страница 797: ...Table 7 2 Default SNMP View Settings Parameter Default Setting View Name None MIB Object ID None View Type Include Table 7 3 Default SNMP View Table Settings View Name View Type MIB Object ID viewDefa...

Страница 798: ...Privacy Password None Table 7 6 Default Community Settings Parameter Default Setting Community Name None Access read only MIB View viewDefault Default settings of Notification are listed in the follow...

Страница 799: ...0 1 Interval 1800 seconds Max Buckets 50 Owner monitor Status Disable Table 7 10 Default Settings for Event Entries Parameter Default Setting User public Description None Type None Owner monitor Statu...

Страница 800: ...Configuration Guide 776 Configuring SNMP RMON Appendix Default Parameters Parameter Default Setting Status Disable...

Страница 801: ...com This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection aga...

Страница 802: ...is device complies with Industry Canada license exempt RSSs Operation is subject to the following two conditions 1 This device may not cause interference and 2 This device must accept any interference...

Страница 803: ...BSMI Notice Pb Cd Hg CrVI PBB PBDE PCB 1 2...

Страница 804: ...use of the device Please use this product with care and operate at your own risk A VCCI A Explanation of the symbols on the product label Symbol Explanation AC voltage Indoor use only RECYCLING This p...

Результаты поиска

Содержание T2500G-10MPS

Отзывы:

Бренды по названию

Популярные бренды

TP-Link T2500G-10MPS, Руководство пользователя

Результаты поиска

Содержание T2500G-10MPS

Отзывы:

Бренды по названию

Популярные бренды