Tp-Link T1600G-28PS (TL-SG2424P) [181/754] Network requirements

Содержание

• Configuration guide p.1
• T1600g series switches p.1
• Web interface access p.2
• Accessing the switch p.2
• Conventions p.2
• Command line interface access 1 p.2
• About this guide p.2
• System 3 p.2
• Overview p.2
• More information p.2
• Managing system p.2
• Intended readers p.2
• Contents p.2
• System info configurations 5 p.2
• User management configurations 8 p.3
• System tools configurations 6 p.3
• Access security configurations 6 p.3
• Sdm template configuration 1 p.4
• Port security configuration 7 p.4
• Port mirror configuration 3 p.4
• Port isolation configurations 0 p.4
• Physical interface 8 p.4
• Managing physical interfaces p.4
• Loopback detection configuration 3 p.4
• Configuration examples 7 p.4
• Basic parameters configurations 9 p.4
• Appendix default parameters 4 p.4
• Address configurations 33 p.5
• Traffic monitor 25 p.5
• Monitoring traffic p.5
• Managing mac address table p.5
• Mac address table 31 p.5
• Lag configuration 10 p.5
• Lag 09 p.5
• Configuring lag p.5
• Configuration example 19 p.5
• Appendix default parameters 29 p.5
• Appendix default parameters 23 p.5
• Appendix default parameters 06 p.5
• Configuring 802 q vlan p.6
• Overview 52 p.6
• Example for security configurations 47 p.6
• Configuration example 59 p.6
• Appendix default parameters 50 p.6
• Security configurations 41 p.6
• Q vlan configuration 53 p.6
• Protocol vlan configuration 84 p.7
• Overview 83 p.7
• Overview 67 p.7
• Mac vlan configuration 68 p.7
• Configuring protocol vlan p.7
• Configuring mac vlan p.7
• Configuration example 90 p.7
• Configuration example 73 p.7
• Appendix default parameters 81 p.7
• Appendix default parameters 65 p.7
• Spanning tree 02 p.8
• Mstp configurations 20 p.8
• Configuring spanning tree p.8
• Appendix default parameters 00 p.8
• Stp security configurations 39 p.8
• Stp rstp configurations 10 p.8
• Managing layer 2 multicast p.9
• Layer 2 multicast 66 p.9
• Igmp snooping configurations 68 p.9
• Configuration example for mstp 44 p.9
• Appendix default parameters 63 p.9
• Configuring mld snooping 06 p.11
• Viewing multicast snooping configurations 41 p.12
• Overview 81 p.13
• Managing logical interfaces p.13
• Logical interfaces configurations 82 p.13
• Configuration examples 44 p.13
• Appendix default parameters 77 p.13
• Appendix default parameters 93 p.14
• Appendix default parameter 08 p.14
• Viewing routing table 01 p.14
• Overview 95 p.14
• Overview 10 p.14
• Ipv6 static routing configuration 98 p.14
• Ipv4 static routing configuration 96 p.14
• Example for static routing 03 p.14
• Dhcp relay configuration 11 p.14
• Configuring static routing p.14
• Configuring dhcp relay p.14
• Configuring qos p.15
• Configuring arp p.15
• Configuration examples 48 p.15
• Configuration example 17 p.15
• Bandwidth control configuration 42 p.15
• Arp configurations 23 p.15
• Appendix default parameters 20 p.15
• Qos 29 p.15
• Overview 22 p.15
• Diffserv configuration 30 p.15
• Voice vlan configuration 73 p.16
• Overview 71 p.16
• Configuring voice vlan p.16
• Configuring acl p.16
• Configuration example 81 p.16
• Appendix default parameters 93 p.16
• Appendix default parameters 68 p.16
• Acl configurations 96 p.16
• Acl 95 p.16
• Configuring network security p.17
• Configuration example for acl 16 p.17
• Arp inspection configurations 44 p.17
• Appendix default parameters 24 p.17
• Network security 26 p.17
• Ip mac binding configurations 30 p.17
• Dhcp snooping configuration 36 p.17
• X configuration 55 p.18
• Dos defend configuration 51 p.18
• Configuration examples 85 p.18
• Aaa configuration 67 p.18
• Viewing lldp settings 26 p.19
• Lldp med configurations 19 p.19
• Lldp configurations 11 p.19
• Lldp 10 p.19
• Configuring lldp p.19
• Appendix default parameters 05 p.19
• Configuring maintenance p.20
• Configuration example 34 p.20
• Appendix default parameters 56 p.20
• Viewing lldp med settings 31 p.20
• System log configurations 62 p.20
• Monitoring the system 59 p.20
• Maintenance 58 p.20
• Snmp overview 79 p.21
• Snmp configurations 80 p.21
• Notification configurations 94 p.21
• Managing snmp rmon p.21
• Diagnosing the network 71 p.21
• Diagnosing the device 69 p.21
• Configuration example for remote log 75 p.21
• Appendix default parameters 77 p.21
• Rmon overview 02 p.22
• Rmon configurations 03 p.22
• Configuration example 15 p.22
• Appendix default parameters 29 p.22
• Intended readers p.23
• Conventions p.23
• About this guide p.23
• More information p.24
• Part 1 p.25
• Chapters p.25
• Accessing the switch p.25
• Overview p.26
• Web interface access p.27
• Save config function p.28
• Disable the web server p.29
• Configure the switch s ip address and default gateway p.30
• Click save config to save the settings p.32
• Check the routing table to verify the default gateway you configured the entry marked in red p.32
• Box displays the valid default gateway p.32
• Command line interface access p.33
• Console login only for switch with console port p.33
• Telnet login p.35
• Ssh login p.36
• Password authentication mode p.37
• Key authentication mode p.38
• Disable telnet login p.41
• Disable ssh login p.41
• Copy running config startup config p.42
• Change the switch s ip address and default gateway p.42
• Part 2 p.44
• Managing system p.44
• Chapters p.44
• System p.45
• Supported features p.45
• Overview p.45
• Access security p.45
• User management p.45
• System tools p.45
• System info p.45
• Sdm template p.46
• Viewing the system summary p.47
• Using the gui p.47
• System info configurations p.47
• Move the cursor to the port to view the detailed information of the port p.48
• Click a port to view the bandwidth utilization on this port p.48
• Specifying the device description p.49
• Setting the system time p.49
• Setting the daylight saving time p.50
• In the time config section follow these steps to configure the system time p.50
• Daylight saving time to load the following page p.50
• Click apply p.50
• Choose one method to set the system time and specify the information p.50
• Information p.51
• In the dst config section select enable to enable the daylight saving time function p.51
• Follow these steps to configure daylight saving time p.51
• Choose one method to set the daylight saving time of the switch and specify the p.51
• To view the system information of the switch p.52
• The following example shows how to view the interface status and the system information of the p.52
• Switch show interface status p.52
• Switch p.52
• Port status speed duplex flowctrl jumbo active medium p.52
• On privileged exec mode or any other configuration mode you can use the following command p.52
• Gi1 0 51 linkdown n a n a n a disable fiber p.52
• Gi1 0 50 linkdown n a n a n a disable fiber p.52
• Gi1 0 3 linkup 1000m full disable disable copper p.52
• Gi1 0 2 linkdown n a n a n a disable copper p.52
• Gi1 0 1 linkdown n a n a n a disable copper p.52
• Click apply p.52
• Viewing the system summary p.52
• Using the cli p.52
• System time 2016 01 04 10 07 38 p.53
• System name t1600g 52ts p.53
• System location shenzhen p.53
• System description jetstream 48 port gigabit smart switch with 4 sfp slots p.53
• Switch show system info p.53
• Specifying the device description p.53
• Software version 1 build 20160412 rel 2132 s p.53
• Running time 3 day 2 hour 8 min 26 sec p.53
• Hardware version t1600g 52ts 1 p.53
• Gi1 0 52 linkdown n a n a n a disable fiber p.53
• Follow these steps to specify the device description p.53
• Contact information www tp link com p.53
• Setting the system time p.54
• 8 00 63 and set the update rate as 11 p.57
• Update rate 11 hour s p.57
• Time zone utc 08 00 p.57
• The time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as p.57
• The following example shows how to set the system time by get time from ntp server and set p.57
• Switch copy running config startup config p.57
• Switch configure p.57
• Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 p.57
• Switch config show system time ntp p.57
• Switch config end p.57
• Setting the daylight saving time p.57
• Prefered ntp server 133 00 p.57
• Last successful ntp server 133 00 p.57
• Follow these steps and choose one method to set the daylight saving time p.57
• Backup ntp server 139 8 00 63 p.57
• Dst ends at 01 00 00 on sep 1 2016 p.59
• Dst configuration is one off p.59
• Time as 01 00 august 1st 2016 set the end time as 01 00 september 1st 2016 and set the offset as p.59
• The following example shows how to set the daylight saving time by date mode set the start p.59
• Switch copy running config startup config p.59
• Switch configure p.59
• Switch config system time dst date aug 1 01 00 2016 sep 1 01 00 2016 50 p.59
• Switch config show system time dst p.59
• Switch config end p.59
• Dst starts at 01 00 00 on aug 1 2016 p.59
• Dst offset is 50 minutes p.59
• Using the gui p.60
• User management configurations p.60
• Creating admin accounts p.60
• Need to go to the aaa section to create an enable password for these accounts the enable p.61
• Creating an account p.61
• Creating accounts of other types p.61
• Click create p.61
• You can create accounts with the access level of operator power user and user here you also p.61
• User config to load the following page p.61
• Password is used to change the users access level to admin p.61
• Configuring enable password p.62
• Using the cli p.63
• Follow these steps to create an admin account p.63
• Creating admin accounts p.63
• You can create accounts with the access level of operator power user and user here you also p.64
• Password is used to change the users access level to admin p.64
• Need to go to the aaa section to create an enable password for these accounts the enable p.64
• Follow these steps to create an account of other type p.64
• Creating accounts of other types p.64
• The logged in users can enter the enable password on this page to get the administrative p.66
• The aaa function applies another method to manage the access users name and password p.66
• Privileges p.66
• For details refer to aaa configuration in configuring network security p.66
• Using the gui p.68
• System tools configurations p.68
• Configuring the boot file p.68
• Restoring the configuration of the switch p.69
• In the config restore section select one unit and one configuration file p.69
• In the boot table section select one or more units and configure the relevant parameters p.69
• Follow these steps to restore the configuration of the switch p.69
• Follow these steps to configure the boot file p.69
• Config restore to load the following page p.69
• Click import to import the configuration file p.69
• Click apply p.69
• Upgrading the firmware p.70
• Backing up the configuration file p.70
• Rebooting the switch p.71
• Configuring the reboot schedule p.71
• Configuring the boot file p.72
• Using the cli p.72
• System reset to load the following page p.72
• Reseting the switch p.72
• In the system reset section select the desired unit and click reset p.72
• Follow these steps to configure the boot file p.72
• Switch config show boot p.73
• Switch config end p.73
• Switch config boot application filename image2 backup p.73
• Switch config boot application filename image1 startup p.73
• Restoring the configuration of the switch p.73
• Next startup image image1 bin p.73
• Image as image 2 p.73
• Follow these steps to restore the configuration of the switch p.73
• Current startup image image1 bin p.73
• Boot config p.73
• Backup image image2 bin p.73
• The following example shows how to set the next startup image as image 1 and set the backup p.73
• Switch copy running config startup config p.73
• Switch configure p.73
• The following example shows how to restore the configuration file named file1 from the tftp p.74
• The following example shows how to backup the configuration file named file2 from tftp server p.74
• Switch copy tftp startup config ip address 192 68 00 filename file1 p.74
• Switch copy startup config tftp ip address 192 68 00 filename file2 p.74
• Start to load user config file p.74
• Start to backup user config file p.74
• Server with ip address 192 68 00 p.74
• Operation ok now rebooting system p.74
• Follow these steps to upgrade the firmware p.74
• Follow these steps to back up the current configuration of the switch in a file p.74
• Enable p.74
• Backup user config file ok p.74
• Backing up the configuration file p.74
• With ip address 192 68 00 p.74
• Upgrading the firmware p.74
• The following example shows how to upgrade the firmware using the configuration file named p.75
• Switch firmware upgrade ip address 192 68 00 filename file3 bin p.75
• Rebooting the switch p.75
• Reboot with the backup image y n y p.75
• Operation ok p.75
• It will only upgrade the backup image continue y n y p.75
• Follow these steps to reboot the switch p.75
• Follow these steps and choose one type to configure the reboot schedule p.75
• File3 bin the tftp server is 190 68 00 p.75
• Enable p.75
• Configuring the reboot schedule p.75
• Reboot system at 15 01 2016 12 00 continue y n y p.76
• Reboot schedule settings p.76
• Reboot schedule at 2016 01 15 12 00 in 17007 minutes p.76
• The following example shows how to set the switch to reboot at 12 00 on 15 01 2016 p.76
• Switch copy running config startup config p.76
• Switch configure p.76
• Switch config reboot schedule at 12 00 15 01 2016 save_before_reboot p.76
• Switch config end p.76
• Save before reboot yes p.76
• Reseting the switch p.77
• Follow these steps to reset the switch p.77
• Using the gui p.78
• Configuring the access control feature p.78
• Access security configurations p.78
• When the port based mode is selected the following section will display p.79
• When the ip based mode is selected the following section will display p.79
• Click apply p.79
• Configuring the http function p.80
• Configuring the https function p.81
• The switch supports click apply p.81
• In the global config section select enable to enable https function and select the protocol p.81
• Https config to load the following page p.81
• In the session config section specify the session timeout and click apply p.82
• In the ciphersuite config section select the algorithm to be enabled and click apply p.82
• In the certificate download and key download section download the certificate and key p.82
• In the access user number section select enable and specify the parameters click apply p.82
• Ssh config to load the following page p.83
• Parameters p.83
• In the global config section select enable to enable ssh function and specify other p.83
• Configuring the ssh feature p.83
• Using the cli p.84
• Enabling the telnet function p.84
• Configuring the access control p.84
• Http and https p.85
• As 192 68 00 set the subnet mask as 255 55 55 and make the switch support snmp telnet p.85
• The following example shows how to set the type of access control as ip based set the ip address p.85
• Switch configure p.85
• Switch config user access control ip based 192 68 00 255 55 55 snmp telnet http p.85
• User authentication mode ip based p.86
• Switch copy running config startup config p.86
• Switch config show user configuration p.86
• Switch config end p.86
• Index ip address access interface p.86
• Follow these steps to configure the http function p.86
• Configuring the http function p.86
• 68 24 snmp telnet http https p.86
• Http session timeout 9 p.87
• Http max guest users 5 p.87
• Http max admin users 6 p.87
• Follow these steps to configure the https function p.87
• Configuring the https function p.87
• The following example shows how to set the session timeout as 9 set the maximum admin p.87
• Switch copy running config startup config p.87
• Switch configure p.87
• Switch config show ip http configuration p.87
• Switch config ip http session timeout 9 p.87
• Switch config ip http server p.87
• Switch config ip http max user 6 5 p.87
• Switch config end p.87
• Number as 6 and set the maximum guest number as 5 p.87
• Http user limitation enabled p.87
• Http status enabled p.87
• The following example shows how to configure the https function enable ssl3 and tls1 p.88
• Protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the p.88
• Follow these steps to configure the ssh function p.90
• Configuring the ssh feature p.90
• Aes192 cbc disabled p.92
• Switch copy running config startup config p.92
• Switch config end p.92
• Key type ssh 2 rsa dsa p.92
• Key file p.92
• Hmac sha1 disabled p.92
• Hmac md5 enabled p.92
• Follow these steps enable the telnet function p.92
• Enabling the telnet function p.92
• Des cbc disabled p.92
• Data integrity algorithm p.92
• Comment dsa key 20160711 p.92
• Cast128 cbc enabled p.92
• Blowfish cbc disabled p.92
• Begin ssh2 public key p.92
• Aes256 cbc disabled p.92
• For specific features the switch provides three templates and the hardware resources allocation p.93
• Using the gui p.93
• The template table displays the resources allocation of each template p.93
• The reboot p.93
• Sdm template to load the following page p.93
• Sdm template function is used to configure system resources in the switch to optimize support p.93
• Sdm template configuration p.93
• Is different users can choose one according to how the switch is used in the network p.93
• In select options section select one template and click apply the setting will be effective after p.93
• Using the cli p.94
• Follow these steps to configure the sdm template function p.94
• Default settings of user management are listed in the following table p.96
• Default settings of system tools are listed in the following table p.96
• Default settings of system info are listed in the following tables p.96
• Appendix default parameters p.96
• Default settings of access security are listed in the following tables p.97
• Default settings of sdm template are listed in the following table p.98
• Part 3 p.99
• Managing physical interfaces p.99
• Chapters p.99
• Supported features p.100
• Port security p.100
• Port mirror p.100
• Port isolation p.100
• Physical interface p.100
• Overview p.100
• Loopback detection p.100
• Basic parameters p.100
• Using the gui p.101
• Select and configure your desired ports or lags then click apply p.101
• Port config to load the following page p.101
• Follow these steps to set basic parameters for ports p.101
• Basic parameters configurations p.101
• Using the cli p.102
• Follow these steps to set basic parameters for the ports p.102
• The following example shows how to implement the basic configurations of port1 0 1 including p.103
• Switch configure p.103
• Switch config interface gigabitethernet 1 0 1 p.103
• Switch config if no shutdown p.103
• Setting a description for the port making the port autonegotiate speed and duplex with the p.103
• Neighboring port and enabling the flow control and jumbo feature p.103
• Using the gui p.105
• Port mirror configuration p.105
• The parameters and click apply p.106
• In the source port section select one or multiple monitored ports for configuration then set p.106
• In the destination port section specify a monitoring port for the mirror session and click p.106
• Follow these steps to configure port mirror p.106
• Follow these steps to configure port mirror p.107
• Destination port gi1 0 10 p.107
• Using the cli p.107
• To port 1 0 10 p.107
• The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 p.107
• Switch configure p.107
• Switch config show monitor session p.107
• Switch config monitor session 1 source interface gigabitethernet 1 0 1 3 both p.107
• Switch config monitor session 1 destination interface gigabitethernet 1 0 10 p.107
• Monitor session 1 p.107
• Using the gui p.109
• Then select the learn mode of the mac addresses p.109
• Specify the maximum number of the mac addresses that can be learned on the port and p.109
• Select one or multiple ports for security configuration p.109
• Port security to load the following page p.109
• Port security configuration p.109
• Follow these steps to configure port security p.109
• Click apply p.110
• Using the cli p.110
• Select the status of the port security feature p.110
• Follow these steps to configure port security p.110
• The following example shows how to set the maximum number of mac addresses that can be p.111
• Switch copy running config startup config p.111
• Switch configure p.111
• Switch config interface gigabitethernet 1 0 1 p.111
• Switch config if show mac address table max mac count interface gigabitethernet 1 0 1 p.111
• Switch config if mac address table max mac count max number 30 mode permanent p.111
• Switch config if end p.111
• Status drop p.111
• Port max learn current learn mode status p.111
• Learned on port 1 0 1 as 30 and configure the mode as permanent and the status as drop p.111
• Gi1 0 1 30 0 permanent drop p.111
• Using the gui p.112
• Port isolation configurations p.112
• Using the cli p.113
• Only communicate with it is multi optional p.113
• In the port section select one or multiple ports to be isolated p.113
• In the forward portlist section select the forward ports or lags which the isolated ports can p.113
• Follow these steps to configure port isolation p.113
• Click apply p.113
• Using the gui p.115
• Loopback detection configuration p.115
• View the loopback detection information on this page p.116
• Using the cli p.116
• Parameters and click apply p.116
• In the port config section select one or multiple ports for configuration then set the p.116
• Follow these steps to configure loopback detection p.116
• Parameters p.117
• Loopback detection interval 30 s p.117
• Loopback detection global status enable p.117
• The following example shows how to enable loopback detection globally keeping the default p.117
• Switch configure p.117
• Switch config show loopback detection global p.117
• Switch config loopback detection p.117
• Network requirements p.119
• Example for port mirror p.119
• Configuration scheme p.119
• Configuration examples p.119
• Using the gui p.120
• Verify the configuration p.121
• Using the cli p.121
• Hosts except the server even if the mac address or ip address of host a is changed p.122
• Example for port isolation p.122
• Demonstrated with t1600g 28ts the following sections provide configuration procedure in two p.122
• Configuration scheme p.122
• As shown below three hosts and a server are connected to the switch and all belong to vlan 10 p.122
• You can configure port isolation to implement the requirement set 1 0 4 as the only forwarding p.122
• With the vlan configuration unchanged host a is not allowed to communicate with the other p.122
• Ways using the gui and using the cli p.122
• Source ports egress gi1 0 2 5 p.122
• Port for port 1 0 1 thus forbidding host a to forward packets to the other hosts p.122
• Network requirements p.122
• Using the gui p.123
• Verify the configuration p.124
• Using the cli p.124
• Network requirements p.124
• Example for loopback detection p.124
• Using the gui p.125
• Configuration scheme p.125
• Using the cli p.126
• Verify the configuration p.127
• Appendix default parameters p.128
• Default settings of switching are listed in th following tables p.128
• Configuring lag p.130
• Supported features p.131
• Static lag p.131
• Overview p.131
• Lag configuration p.132
• Configuration guidelines p.132
• Src mac src ip to allow switch a to determine the forwarding port based on the source p.133
• Shared by each link you can change the algorithm of the outgoing interface p.133
• Please properly choose the load balancing algorithm to avoid data stream transferring only p.133
• On one physical link for example switch a receives packets from several hosts and forwards p.133
• Mac addresses and source ip addresses of the received packets p.133
• Load balancing algorithm is effective only for outgoing traffic if the data stream is not well p.133
• Lag table to load the following page p.133
• In the global config section select the load balancing algorithm click apply p.133
• Configuring load balancing algorithm p.133
• Using the gui p.133
• Them to the server with the fixed mac address and ip address you can set the algorithm as p.133
• Configuring static lag or lacp p.134
• Configuring static lag p.134
• Specify the system priority for the switch and click apply p.135
• Select member ports for the lag and configure the related parameters click apply p.135
• Lacp to load the following page p.135
• Follow these steps to configure lacp p.135
• Configuring lacp p.135
• Using the cli p.136
• Follow these steps to configure the load balancing algorithm p.136
• Configuring load balancing algorithm p.136
• Etherchannel load balancing configuration src dst mac p.137
• Etherchannel load balancing addresses used per protocol p.137
• Configuring static lag or lacp p.137
• Configuring static lag p.137
• You can choose only one lag mode for a port static lag or lacp and make sure both ends of a p.137
• The following example shows how to set the global load balancing mode as src dst mac p.137
• Switch copy running config startup config p.137
• Switch configure p.137
• Switch config show etherchannel load balance p.137
• Switch config port channel load balance src dst mac p.137
• Switch config if end p.137
• Non ip source xor destination mac address p.137
• Link use the same lag mode p.137
• Ipv6 source xor destination mac address p.137
• Ipv4 source xor destination mac address p.137
• Follow these steps to configure static lag p.137
• Group port channel protocol ports p.138
• Follow these steps to configure lacp p.138
• Flags d down p bundled in port channel u in use p.138
• Configuring lacp p.138
• U unsuitable for bundling w waiting to be aggregated d default port p.138
• The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag p.138
• Switch copy running config startup config p.138
• Switch configure p.138
• Switch config interface range gigabitethernet 1 0 5 8 p.138
• Switch config if range show etherchannel 2 summary p.138
• Switch config if range end p.138
• Switch config if range channel group 2 mode on p.138
• R layer3 s layer2 f failed to allocate aggregator p.138
• Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d p.138
• I stand alone h hot standby lacp only s suspended p.138
• Switch config if range show lacp internal p.139
• Switch config if range channel group 6 mode active p.139
• Switch config end p.139
• Select the lacpdu sending mode as active p.139
• 000a eb13 397 p.139
• The following example shows how to specify the system priority of the switch as 2 p.139
• The following example shows how to add ports 1 0 1 4 to lag 6 set the mode as lacp and p.139
• Switch copy running config startup config p.139
• Switch configure p.139
• Switch config show lacp sys id p.139
• Switch config lacp system priority 2 p.139
• Switch config interface range gigabitethernet 1 0 1 4 p.139
• Network requirements p.141
• Configuration scheme p.141
• Configuration example p.141
• Using the gui p.142
• Using the cli p.143
• Verify the configuration p.144
• Default settings of switching are listed in the following tables p.145
• Appendix default parameters p.145
• Monitoring traffic p.146
• Viewing the traffic summary p.147
• Using the gui p.147
• Traffic monitor p.147
• Viewing the traffic statistics in detail p.148
• Traffic statistics to load the following page p.148
• To get the real time traffic statistics enable auto refresh in the auto refresh section or click p.148
• Refresh at the bottom of the page p.148
• In the traffic summary section click 1 to show the information of the physical ports and p.148
• Follow these steps to view the traffic statistics in detail p.148
• Click lags to show the information of the lags p.148
• In the statistics section view the detailed information of the selected port or lag p.149
• In port select select a port or lag and click apply p.149
• Using the cli p.150
• To view the traffic information of each port or lag p.150
• On privileged exec mode or any other configuration mode you can use the following command p.150
• Appendix default parameters p.151
• Part 6 p.152
• Managing mac address table p.152
• Chapters p.152
• Supported features p.153
• Part 6 p.153
• Overview p.153
• Mac address table p.153
• Security configurations p.154
• Using the gui p.155
• Address configurations p.155
• Adding static mac address entries p.155
• Binding dynamic address entries p.156
• Modifying the aging time of dynamic address entries p.157
• In the aging config section enable auto aging and enter your desired length of time p.157
• Follow these steps to modify the aging time of dynamic address entries p.157
• Dynamic address to load the following page p.157
• Viewing address table entries p.158
• Adding mac filtering address entries p.158
• Using the cli p.159
• Follow these steps to add static mac address entries p.159
• Address table to load the following page p.159
• Adding static mac address entries p.159
• Modifying the aging time of dynamic address entries p.160
• Switch copy running config startup config p.161
• Switch configure p.161
• Switch config show mac address table aging time p.161
• Switch config mac address table aging time 500 p.161
• Switch config end p.161
• Remains in the mac address table for 500 seconds after the entry is used or updated p.161
• Follow these steps to add mac filtering address entries p.161
• Aging time is 500 sec p.161
• Adding mac filtering address entries p.161
• The following example shows how to modify the aging time to 500 seconds a dynamic entry p.161
• Using the gui p.163
• Security configurations p.163
• Configuring mac notification traps p.163
• To managing snmp rmon p.164
• Options and click apply p.164
• Notification traps you can enable these three types learned mode change exceed max p.164
• Mac vlan security to load the following page p.164
• Limiting the number of mac addresses in vlans p.164
• Learned and new mac learned click apply p.164
• In the mac notification port config section select your desired port and enable its p.164
• In the mac notification global config section enable this feature configure the relevant p.164
• Follow these steps to configure mac notification traps p.164
• Configure snmp and set a management host for detailed snmp configurations please refer p.164
• Click create p.165
• Choose the mode that the switch adopts when the maximum number of mac addresses in p.165
• Using the cli p.165
• The specified vlan is exceeded p.165
• Follow these steps to limit the number of mac addresses in vlans p.165
• Follow these steps to configure mac notification traps p.165
• Enter your desired value in max learned mac to set a threshold p.165
• Enter the vlan id to limit the number of mac addresses that can be learned in the specified p.165
• Configuring mac notification traps p.165
• The following example shows how to enable new mac learned trap on port 1 and set the p.166
• Switch configure p.166
• Now you have configured mac notification traps to receive notifications you need to further p.166
• Notifications of new addresses in every 10 seconds and send to the management host p.166
• Managing snmp rmon p.166
• Interval time as 10 seconds after you have further configured snmp the switch will bundle p.166
• Enable snmp and set a management host for detailed snmp configurations please refer to p.166
• Gi1 0 1 disable disable enable p.167
• Follow these steps to limit the number of mac addresses in vlans p.167
• Table full notification status disable p.167
• Switch copy running config startup config p.167
• Switch config mac address table notification interval 10 p.167
• Switch config mac address table notification global status enable p.167
• Switch config interface gigabitethernet 1 0 1 p.167
• Switch config if show mac address table notification interface gigabitethernet 1 0 1 p.167
• Switch config if mac address table notification new mac learned enable p.167
• Switch config if end p.167
• Port lrnmode change exceed max limit new mac learned p.167
• Notification interval 10 p.167
• Notification global status enable p.167
• Mac notification global config p.167
• Limiting the number of mac addresses in vlans p.167
• Network requirements p.169
• Example for security configurations p.169
• Configuration scheme p.169
• Using the gui p.170
• Verify the configurations p.171
• Using the cli p.171
• Default settings of the mac address table are listed in the following tables p.172
• Appendix default parameters p.172
• Part 7 p.173
• Configuring 802 q vlan p.173
• Chapters p.173
• Overview p.174
• Using the gui p.175
• Q vlan configuration p.175
• Configuring the pvid of the port p.175
• Follow these steps to configure vlan p.176
• Enter a vlan id and a description for identification to create a vlan p.176
• Configuring the vlan p.176
• Based on the network topology p.176
• Will forward untagged packets in the target vlan p.176
• Vlan config and click create to load the following p.176
• Select the untagged port s and the tagged port s respectively to add to the created vlan p.176
• Using the cli p.177
• The following example shows how to create vlan 2 and name it as rd p.177
• Switch configure p.177
• Switch config vlan show vlan id 2 p.177
• Switch config vlan name rd p.177
• Switch config vlan 2 p.177
• Follow these steps to create a vlan p.177
• Creating a vlan p.177
• Click apply p.177
• Member in lag n a p.178
• Link type general p.178
• Follow these steps to configure the port p.178
• Configuring the pvid of the port p.178
• Vlan name status ports p.178
• The following example shows how to configure the pvid of port 1 0 5 as vlan 2 p.178
• Switch copy running config startup config p.178
• Switch configure p.178
• Switch config vlan end p.178
• Switch config interface gigabitethernet 1 0 5 p.178
• Switch config if switchport pvid 2 p.178
• Switch config if show interface switchport gigabitethernet 1 0 5 p.178
• Rd active p.178
• Pvid 2 p.178
• Port gi1 0 5 p.178
• Member in vlan p.178
• Pvid 2 p.179
• Port gi1 0 5 p.179
• Follow these steps to add the port to the specified vlan p.179
• Adding the port to the specified vlan p.179
• Vlan name egress rule p.179
• The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as p.179
• Tagged p.179
• System vlan untagged p.179
• Switch copy running config startup config p.179
• Switch configure p.179
• Switch config interface gigabitethernet 1 0 5 p.179
• Switch config if switchport general allowed vlan 2 tagged p.179
• Switch config if show interface switchport gigabitethernet 1 0 5 p.179
• Switch config if end p.179
• Network requirements p.181
• Configuration scheme p.181
• Configuration example p.181
• Different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 p.182
• Demonstrated with t1600g 52ts the following sections provide configuration procedure in two p.182
• As an example p.182
• While host b1 and host b2 are used in department b switch 1 and switch 2 are located in two p.182
• Ways using the gui and using the cli p.182
• Using the gui p.182
• The figure below shows the network topology host a1 and host a2 are used in department a p.182
• The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 p.182
• Respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 p.182
• Respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 p.182
• Network topology p.182
• Using the cli p.184
• Configuration file p.185
• Verify the configurations p.186
• Default settings of 802 q vlan are listed in the following table p.187
• Appendix default parameters p.187
• Part 8 p.188
• Configuring mac vlan p.188
• Chapters p.188
• Vlan is generally divided by ports this way of division is simple but isn t suitable for those p.189
• Two departments share all the meeting rooms in the company but use different servers and p.189
• The figure below shows a common application scenario of mac vlan p.189
• Switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different p.189
• Server a and laptop b can only access server b no matter which meeting room the laptops are p.189
• Ptops department a uses server a and laptop a while department b uses server b and laptop p.189
• Overview p.189
• Networks that require frequent topology changes with the popularity of mobile office a terminal p.189
• Free the user from such a problem it divides vlans based on the mac addresses of terminal p.189
• Devices in this way terminal devices always belong to their original vlans even when their p.189
• Device may access the switch via different ports for example a terminal device that accessed the p.189
• Determines the vlan each laptop joins each laptop can access only the server in the vlan it joins p.189
• Corresponding vlans respectively in this way the mac address rather than the access port p.189
• Being used in to meet this requirement simply bind the mac addresses of the laptops to the p.189
• B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access p.189
• Vlans the user has to re configure the switch to access the original vlan using mac vlan can p.189
• Access ports change p.189
• Using the gui p.190
• Mac vlan configuration p.190
• Configuring 802 q vlan p.190
• The vlan p.191
• Ports manually p.191
• Mac vlan to load the following page p.191
• Follow these steps to bind the mac address to the vlan p.191
• Enter the mac address of the device give it a description and enter the vlan id to bind it to p.191
• Enabling mac vlan for the port p.191
• Click create to create the mac vlan p.191
• By default mac vlan is disabled on all ports you need to enable mac vlan for your desired p.191
• Binding the mac address to the vlan p.191
• Configuring 802 q vlan p.192
• Binding the mac address to the vlan p.192
• Before configuring mac vlan create an 802 q vlan and set the port type according to network p.192
• Using the cli p.192
• Select your desired ports to enable mac vlan and click apply p.192
• Requirements for details refer to configuring 802 q vlan p.192
• Port enable to load the following page p.192
• Follow these steps to enable mac vlan for the port p.192
• Follow these steps to bind the mac address to the vlan p.192
• Switch configure p.193
• Switch config show mac vlan vlan 10 p.193
• Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a p.193
• Switch config interface gigabitethernet 1 0 1 p.193
• Switch config if mac vlan p.193
• Switch config end p.193
• Mac addr name vlan id p.193
• Follow these steps to enable mac vlan for the port p.193
• Enabling mac vlan for the port p.193
• 19 56 8a 4c 71 dept a 10 p.193
• The following example shows how to enable mac vlan for port 1 0 1 p.193
• The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with p.193
• The address description as dept a p.193
• Switch copy running config startup config p.193
• Two departments share all the meeting rooms in the company but use different servers and p.195
• The ports to the vlans based on the network topology note for the ports connecting the p.195
• Server a and laptop b can only access server b no matter which meeting room the laptops are p.195
• Network requirements p.195
• Laptops department a uses server a and laptop a while department b uses server b and laptop p.195
• Create vlan 10 and vlan 20 on each of the three switches set different port types and add p.195
• Configuration scheme p.195
• Configuration example p.195
• Being used in the figure below shows the network topology p.195
• B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access p.195
• Addresses of the laptops to the corresponding vlans respectively in this way each laptop can p.195
• Access only the server in the vlan it joins no matter which meeting room the laptops are being p.195
• You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac p.195
• Used in the overview of the configuration is as follows p.195
• Using the gui p.196
• Configurations for switch 1 and switch 2 p.196
• Configurations for switch 3 p.198
• Using the cli p.199
• Configurations for switch 1 and switch 2 p.199
• Configurations for switch 3 p.200
• Verify the configurations p.201
• Switch 2 p.201
• Switch 1 p.201
• Switch 3 p.202
• Default settings of mac vlan are listed in the following table p.203
• Appendix default parameters p.203
• Configuring protocol vlan p.204
• Chapters p.204
• Part 9 p.204
• The figure below shows a common application scenario of protocol vlan with protocol vlan p.205
• Special fields of received packets encapsulate the packets in specific formats and forward the p.205
• Services use different protocols network administrators can use protocol vlan to manage the p.205
• Protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze p.205
• Protocol vlan is a technology that divides vlans based on the network layer protocol with the p.205
• Packets of different protocols to the corresponding vlans since different applications and p.205
• Overview p.205
• Networks respectively p.205
• Network based on specific applications and services of network users p.205
• Configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 p.205
• Using the gui p.206
• Protocol vlan configuration p.206
• Configuring 802 q vlan p.206
• Creating protocol template p.207
• Configuring protocol vlan p.207
• Using the cli p.208
• Creating a protocol template p.208
• Configuring 802 q vlan p.208
• Switch configure p.209
• Switch config show protocol vlan template p.209
• Switch config protocol template name ipv6 frame ether_2 ether type 86dd p.209
• Switch config end p.209
• Rarp ethernetii ether type 8035 p.209
• Ipx snap ether type 8137 p.209
• Ipv6 ethernetii ether type 86dd p.209
• Ip ethernetii ether type 0800 p.209
• Index protocol name protocol type p.209
• Follow these steps to configure protocol vlan p.209
• Configuring protocol vlan p.209
• At snap ether type 809b p.209
• Arp ethernetii ether type 0806 p.209
• The following example shows how to create an ipv6 protocol template p.209
• Switch copy running config startup config p.209
• The following example shows how to bind the ipv6 protocol template to vlan 10 p.210
• Switch configure p.210
• Switch config show protocol vlan template p.210
• Rarp ethernetii ether type 8035 p.210
• Ipx snap ether type 8137 p.210
• Ip ethernetii ether type 0800 p.210
• Index protocol name protocol type p.210
• At snap ether type 809b p.210
• Arp ethernetii ether type 0806 p.210
• Ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped p.212
• Configuration scheme p.212
• Configuration example p.212
• Belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to p.212
• A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 p.212
• You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this p.212
• Vlan 10 and vlan 20 respectively p.212
• Two routers to access the ipv4 network and ipv6 network respectively the routers belong to p.212
• The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host p.212
• Protocol types the overview of the configuration on switch 2 is as follows p.212
• Port receives packets switch 2 will forward them to the corresponding vlans according to their p.212
• Network respectively via different routers it is required that ipv4 packets are forwarded to the p.212
• Network requirements p.212
• Using the gui p.213
• Configurations for switch 1 p.213
• Configurations for switch 2 p.215
• Using the cli p.218
• Configurations for switch 1 p.218
• Configurations for switch 2 p.219
• Verify the configurations p.220
• Switch 1 p.220
• Switch 2 p.221
• Default settings of protocol vlan are listed in the following table p.222
• Appendix default parameters p.222
• Part 10 p.223
• Configuring spanning tree p.223
• Chapters p.223
• Stp rstp concepts p.224
• Spanning tree p.224
• Overview p.224
• Basic concepts p.224
• Root bridge p.225
• Port role p.225
• Bridge id p.225
• Port status p.226
• Root path cost p.227
• Path cost p.227
• The packets used to generate the spanning tree the bpdus bridge protocol data unit contain p.228
• Root path cost increases as the bpdu propagates further p.228
• Receives this bpdu it increments the path cost of its local incoming port then it forwards this p.228
• On the networking topology this section will introduce some concepts only exist in mstp p.228
• Mstp concepts p.228
• Mstp compatible with stp and rstp has the same basic elements used in stp and rstp based p.228
• Mst region p.228
• Information to help determine the tree topology p.228
• Characteristics are considered as in the same region p.228
• Bpdu to the downstream switch with the updated root path cost the value of the accumulated p.228
• An mst region consists of multiple interconnected switches the switches that have the following p.228
• A lot of information like bridge id root path cost port priority and so on switches share these p.228
• Vlan instance mapping p.229
• Mst instance p.229
• Stp security p.230
• Configuring stp rstp parameters on ports p.232
• Using the gui p.232
• Stp rstp configurations p.232
• Stp config to load the following page p.234
• Configuring stp rstp globally p.234
• Click apply p.234
• Rstp and click apply p.235
• In the parameters config section configure the global parameters of stp rstp and click p.235
• In the global config section enable spanning tree function choose the stp mode as stp p.235
• Follow these steps to configure stp rstp globally p.235
• Verifying the stp rstp configurations p.236
• Verify the stp rstp information of your switch after all the configurations are finished p.236
• The stp summary section shows the summary information of spanning tree p.236
• Stp summary to load the following page p.236
• Using the cli p.237
• Follow these steps to configure stp rstp parameters on ports p.237
• Configuring stp rstp parameters on ports p.237
• The port priority as 32 p.238
• The following example shows how to enable spanning tree function on port 1 0 3 and configure p.238
• Switch copy running config startup config p.238
• Switch configure p.238
• Switch config interface gigabitethernet 1 0 3 p.238
• Switch config if spanning tree common config port priority 32 p.238
• Switch config if spanning tree p.238
• Switch config if show spanning tree interface gigabitethernet 1 0 3 p.238
• Switch config if end p.238
• Interface state prio ext cost int cost edge p2p mode role status p.238
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn p.238
• This example shows how to configure the priority of the switch as 36864 the forward delay as 12 p.239
• Seconds p.239
• Follow these steps to configure global stp rstp parameters of the switch p.239
• Configuring global stp rstp parameters p.239
• Enable rstp 36864 2 12 20 5 20 p.240
• This example shows how to enable spanning tree function configure the spanning tree mode as p.240
• Switch copy running config startup config p.240
• Switch configure p.240
• Switch config spanning tree timer forward time 12 p.240
• Switch config spanning tree priority 36864 p.240
• Switch config spanning tree mode rstp p.240
• Switch config spanning tree p.240
• Switch config show spanning tree bridge p.240
• Switch config end p.240
• State mode priority hello time fwd time max age hold count max hops p.240
• Rstp and verify the configurations p.240
• Function globally p.240
• Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree p.240
• Enabling stp rstp globally p.240
• Mstp configurations p.242
• Configuring parameters on ports in cist p.242
• Using the gui p.242
• With the same region name the same revision level and the same vlan instance mapping are p.244
• Region config to load the following page p.244
• Instance p.244
• Considered as in the same region p.244
• Configuring the region name and revision level p.244
• Configuring the mstp region p.244
• Configure the region name revision level vlan instance mapping of the switch the switches p.244
• Click apply p.244
• Besides configure the priority of the switch the priority and path cost of ports in the desired p.244
• Configuring the vlan instance mapping and switch priority p.245
• In the instance config section configure the priority of the switch in the desired instance p.246
• And click apply p.246
• In the instance id select section select the desired instance id for its port configuration p.247
• Follow these steps to configure port parameters in the instance p.247
• Configuring parameters on ports in the instance p.247
• Instance port config to load the following p.247
• In the instance port config section configure port parameters in the desired instance p.247
• Stp config to load the following page p.249
• In the parameters config section configure the global parameters of mstp and click apply p.249
• Follow these steps to configure mstp globally p.249
• Configuring mstp globally p.249
• Mstp and click apply p.250
• In the global config section enable spanning tree function and choose the stp mode as p.250
• Verifying the mstp configurations p.251
• The stp summary section shows the summary information of cist p.251
• Stp summary to load the following page p.251
• Using the cli p.252
• The mstp summary section shows the information in mst instances p.252
• Follow these steps to configure the parameters of the port in cist p.252
• Configuring parameters on ports in cist p.252
• Mst instance 0 cist p.253
• This example shows how to enable spanning tree function for port 1 0 3 and configure the port p.253
• Switch configure p.253
• Switch config interface gigabitethernet 1 0 3 p.253
• Switch config if spanning tree common config port priority 32 p.253
• Switch config if spanning tree p.253
• Switch config if show spanning tree interface gigabitethernet 1 0 3 p.253
• Priority as 32 p.253
• Switch config if end p.254
• Mst instance 5 p.254
• Interface state prio ext cost int cost edge p2p mode role status p.254
• Interface prio cost role status p.254
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn p.254
• Gi1 0 3 144 200 n a lnkdwn p.254
• Follow these steps to configure the mst region and the priority of the switch in the instance p.254
• Configuring the mstp region p.254
• Configuring the mst region p.254
• Switch copy running config startup config p.254
• Configuring the parameters on ports in instance p.255
• This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in p.256
• Switch configure p.256
• Switch config interface gigabitethernet 1 0 3 p.256
• Switch config if spanning tree mst instance 5 port priority 144 cost 200 p.256
• Switch config if show spanning tree interface gigabitethernet 1 0 3 p.256
• Mst instance 5 p.256
• Mst instance 0 cist p.256
• Interface state prio ext cost int cost edge p2p mode role status p.256
• Instance 5 p.256
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn p.256
• Interface prio cost role status p.257
• Gi1 0 3 144 200 n a lnkdwn p.257
• Follow these steps to configure the global mstp parameters of the switch p.257
• Configuring global mstp parameters p.257
• Switch copy running config startup config p.257
• Switch config if end p.257
• The hold count as 8 and the max hop as 25 p.258
• Switch copy running config startup config p.258
• Switch configure p.258
• Switch config spanning tree priority 36864 p.258
• Switch config if spanning tree timer forward time 12 p.258
• Switch config if spanning tree max hops 25 p.258
• Switch config if spanning tree hold count 8 p.258
• Switch config if show spanning tree bridge p.258
• Switch config if end p.258
• State mode priority hello time fwd time max age hold count max hops p.258
• Function globally p.258
• Follow these steps to configure the spanning tree mode as mstp and enable spanning tree p.258
• Enabling spanning tree globally p.258
• Enable mstp 36864 2 12 20 8 25 p.258
• This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds p.258
• Switch configure p.259
• Switch config spanning tree mode mstp p.259
• Switch config spanning tree p.259
• Switch config show spanning tree active p.259
• Spanning tree s mode mstp 802 s multiple spanning tree protocol p.259
• Spanning tree is enabled p.259
• Root port gi 0 20 p.259
• Root bridge p.259
• Priority 32768 p.259
• Mst instance 0 cist p.259
• Latest topology change time 2006 01 04 10 47 42 p.259
• Function globally p.259
• External cost 200000 p.259
• Designated bridge p.259
• Address 00 0a eb 13 23 97 p.259
• This example shows how to configure the spanning tree mode as mstp and enable spanning tree p.259
• Using the gui p.261
• Stp security configurations p.261
• Configuring the stp security p.261
• When you enable tc protect function on ports set the tc threshold and tc protect cycle here if p.262
• The number of the received tc bpdus exceeds the maximum number you set in the tc threshold p.262
• Optional configuring the threshold and cycle of tc protect p.262
• Field the switch will not remove mac address entries in the tc protect cycle p.262
• Configure the port protect features for the selected ports and click apply p.262
• Using the cli p.263
• Tc protect to load the following page p.263
• Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter p.263
• Feature for ports p.263
• Featur p.263
• Configuring the stp security p.263
• Configure the parameters of tc protect feature and click apply p.263
• This example shows how to enable loop protect root protect bpdu filter and bpdu protect p.264
• Switch copy running config startup config p.264
• Switch configure p.264
• Switch config interface gigabitethernet 1 0 3 p.264
• Switch config if spanning tree interface security gigabitethernet 1 0 3 p.264
• Switch config if spanning tree guard root p.264
• Switch config if spanning tree guard loop p.264
• Switch config if spanning tree bpduguard p.264
• Switch config if spanning tree bpdufilter p.264
• Switch config if end p.264
• Interface bpdu filter bpdu guard loop protect root protect tc protect p.264
• Gi1 0 3 enable enable enable enable disable p.264
• Functions on port 1 0 3 p.264
• Follow these steps to configure tc protect feature for ports p.264
• Configuring the tc protect p.264
• And the tc protect cycle is 8 p.265
• This example shows how to enable the tc protect function on port 1 0 3 with the tc threshold is p.265
• Switch copy running config startup config p.265
• Switch configure p.265
• Switch config spanning tree tc defend threshold 25 period 8 p.265
• Switch config interface gigabitethernet 1 0 3 p.265
• Switch config if spanning tree interface security gigabitethernet 1 0 3 p.265
• Switch config if spanning tree guard tc p.265
• Switch config if end p.265
• Interface bpdu filter bpdu guard loop protect root protect tc protect p.265
• Gi1 0 3 enable enable enable enable enable p.265
• Here we configure two instances to meet the requirement as is shown below p.266
• Cost of the port is 200000 p.266
• Configuration scheme p.266
• Configuration example for mstp p.266
• Balancing thus providing a more flexible method in network management here we take the p.266
• As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is p.266
• Transmitted in this network the link speed between the switches is 100mb s the default path p.266
• Transmitted along different paths p.266
• To meet this requirement you are suggested to configure mstp function on the switches p.266
• Network requirements p.266
• Mstp configuration as an example p.266
• Mstp backwards compatible with stp and rstp can map vlans to instances to enable load p.266
• Map the vlans to different instances to ensure traffic can be transmitted along the respective p.266
• It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be p.266
• Instance p.266
• Enable mstp function in all the switches p.267
• Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways p.267
• Configure the priority of switch b as 0 to set is as the root bridge in instance 1 configure the p.267
• Configure the path cost to block the specified ports for instance 1 set the path cost of port p.267
• Configure switch a switch b and switch c in the same region configure the region name as p.267
• And the revision level as 100 map vlan 101 vlan 103 to instance 1 and vlan 104 vlan p.267
• 0 1 of switch a to be greater than the default path cost 200000 for instance 2 set the p.267
• Using the gui and using the cli p.267
• To instance 2 p.267
• The overview of configuration is as follows p.267
• Priority of switch c as 0 to set is as the root bridge in instance 2 p.267
• Path cost of port 1 0 2 of switch b to be greater than the default path cost 200000 p.267
• Enable the spanning tree function on the ports in each switch p.267
• Using the gui p.268
• Configurations for switch a p.268
• Page map vlan101 vlan103 to instance 1 map vlan104 vlan106 to instance 2 p.269
• Instance config to load the following p.269
• Instance port config to load the p.270
• Following page set the path cost of port 1 0 1 in instance 1 as 400000 p.270
• Configurations for switch b p.271
• Page configure the priority of switch b as 0 to set it as the root bridge in instance 1 p.273
• Instance config to load the following p.273
• Following page set the path cost of port 1 0 2 in instance 2 as 400000 p.274
• Instance port config to load the p.274
• Configurations for switch c p.275
• Using the cli p.278
• Configurations for switch a p.278
• Configurations for switch b p.279
• Verify the configurations p.280
• Switch a p.280
• Configurations for switch c p.280
• Switch b p.282
• Switch c p.283
• Default settings of the spanning tree feature are listed in the following table p.285
• Appendix default parameters p.285
• Part 11 p.287
• Managing layer 2 multicast p.287
• Chapters p.287
• Layer 2 multicast p.288
• Overview p.288
• Supported layer 2 multicast protocols p.289
• On the layer 2 device mld snooping multicast listener discovery snooping transmits data on p.289
• On the layer 2 device igmp snooping transmits data on demand on data link layer by analyzing p.289
• Managing layer 2 multicast layer 2 multicast p.289
• Layer 2 multicast protocol for ipv6 mld snooping p.289
• Layer 2 multicast protocol for ipv4 igmp snooping p.289
• Igmp packets between layer 3 devices and users to build and maintain layer 2 multicast p.289
• Forwarding table p.289
• Figure 1 1 igmp snooping p.289
• Demonstrated as below p.289
• Demand on data link layer by analyzing igmp packets between layer 3 devices and users to build p.289
• Configuration guide 267 p.289
• And maintain layer 2 multicast forwarding table p.289
• Igmp snooping configurations p.290
• Configuring igmp snooping globally p.290
• Using the gui p.290
• Specify the aging time of the router ports p.291
• Specify the aging time of the member ports p.291
• Snooping config page at the same time p.291
• Optional configuring report message suppression p.291
• For switches that support mld snooping igmp snooping and mld snooping share the setting p.291
• Follow these steps to configure unknown multicast p.291
• Follow these steps to configure the aging time of the router ports and the member ports p.291
• Follow these steps to configure report message suppression p.291
• Enabling report message suppression can reduce the number of packets in the network p.291
• Enable or disable report message suppression globally p.291
• Configuring router port time and member port time p.291
• Configure unknown multicast as forward or discard p.291
• Click apply p.291
• Click apply p.292
• Are sent and no report message is received the switch will delete the multicast address from the p.292
• Verifying igmp snooping status p.292
• Specify the number of masqs to be sent p.292
• Specify the interval between masqs p.292
• Receives an igmp leave message if specified count of multicast address specific queries masqs p.292
• Multicast forwarding table p.292
• Igmp snooping status table displays vlans and ports with igmp snooping enabled p.292
• Global config section p.292
• Follow these steps to configure last listener query interval and last listener query count in the p.292
• Configuring igmp snooping last listener query p.292
• Configure the last listener query interval and last listener query count when the switch p.292
• Optional configuring fast leave p.293
• Enabling igmp snooping on the port p.293
• Configuring the port s basic igmp snooping features p.293
• Configuring igmp snooping in the vlan p.294
• Configuring igmp snooping globally in the vlan p.294
• And reduces network load of layer 3 devices p.295
• With multicast vlan configured all multicast group members will be added to a vlan layer 3 p.295
• Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth p.295
• Optional configuring the static router ports in the vlan p.295
• Optional configuring the forbidden router ports in the vlan p.295
• Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the p.295
• Layer 2 devices p.295
• In old multicast transmission mode when users in different vlans apply for data from the same p.295
• Follow these steps to forbid the selected ports to be the router ports in the designate vlan p.295
• Follow these steps to configure static router ports in the designate vlan p.295
• Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device p.295
• Configuring the multicast vlan p.295
• Configure the router ports in the designate vlan p.295
• Configure the forbidden router ports in the designate vlan p.295
• Click create p.295
• Creating multicast vlan and configuring basic settings p.296
• Configuring 802 q vlan p.296
• The router port time and member port time p.296
• Settings p.296
• Set up the vlan that the router ports and the member ports are in for details please refer to p.296
• Multicast vlan to load the following page p.296
• In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic p.296
• Enable multicast vlan configure the specific vlan to be the multicast vlan and configure p.296
• Optional creating replace source ip p.297
• Optional configuring the static router ports p.297
• Optional configuring the forbidden router ports p.297
• Members in the multicast vlan section follow these steps to configure replace source ip p.297
• Follow these steps to forbid the selected ports to be the router ports in the multicast vlan p.297
• Follow these steps to configure static router ports in the multicast vlan p.297
• Configure the router ports in the multicast vlan p.297
• Configure the router ports in the designate vlan p.297
• Configure the new multicast source ip p.297
• Click apply p.297
• Viewing dynamic router ports in the multicast vlan p.297
• This table displays all the dynamic router ports in the multicast vlan p.297
• This function allows you to use a new ip instead of the source ip to send data to multicast group p.297
• Specify a vlan and configure the querier on this vlan p.298
• Querier config to load the p.298
• Optional configuring the querier p.298
• Igmp snooping querier sends general query packets regularly to maintain the multicast p.298
• Following page p.298
• Follow these steps to configure the querier p.298
• Configuring the querier p.298
• Click apply p.298
• Follow these steps to create a profile and configure its filtering mode p.299
• Creating profile p.299
• Create a profile and configure its filtering mode p.299
• Configuring igmp profile p.299
• Click add p.299
• You can edit the settings in the igmp snooping querier table p.299
• With igmp profile the switch can define a blacklist or whitelist of multicast addresses so as to p.299
• Viewing settings of igmp querier p.299
• The igmp snooping querier table displays all the related settings of the igmp querier p.299
• The following page p.299
• Profile config to load p.299
• Searching profile p.300
• Follow these steps to edit profile mode and its ip range p.300
• Enter the search condition in the search option field to search the profile in the igmp profile info p.300
• Editing ip range of the profile p.300
• Click edit in the igmp profile info table edit its ip range and click add to save the settings p.300
• Click create p.300
• Binding profile and member ports p.301
• Follow these steps to configure the maximum groups a port can join and overflow action p.302
• Configuring max groups a port can join p.302
• Click apply p.302
• Viewing igmp statistics on each port p.302
• Select a port to configure its max group and overflow action p.302
• Packet statistic to load the following page p.302
• Viewing igmp statistics p.303
• The igmp statistics table displays all kinds of igmp statistics of all the ports p.303
• Igmp authentication to load the following p.303
• Follow these steps to configure auto refresh p.303
• Enabling igmp accounting and authentication p.303
• Enable or disable auto refresh p.303
• Configuring auto refresh p.303
• Click apply p.303
• Configuring igmp authentication on the port p.304
• Configuring igmp accounting globally p.304
• Enter the multicast ip and vlan id specify the static member port p.305
• Configuring static member port p.305
• Click apply p.305
• This function allows you to specify a port as a static member port in the multicast group p.305
• Static ipv4 multicast table to load the p.305
• Specify the ports and enable igmp authentication p.305
• Following page p.305
• Follow these steps to enable igmp authentication on the port p.305
• Follow these steps to configure static member port p.305
• You can search igmp static multicast entries by using multicast ip vlan id or forward port as the p.306
• Viewing igmp static multicast groups p.306
• Using the cli p.306
• Static multicast ip table displays details of all igmp static multicast groups p.306
• Search option p.306
• Enabling igmp snooping on the port p.306
• Enabling igmp snooping globally p.306
• Click create p.306
• Configuring report message suppression p.307
• Configuring igmp snooping parameters globally p.307
• Switch copy running config startup config p.308
• Switch configure p.308
• Switch config show ip igmp snooping p.308
• Switch config ip igmp snooping report suppression p.308
• Switch config ip igmp snooping p.308
• Switch config if end p.308
• Last query times 2 p.308
• Last query interval 1 p.308
• Igmp snooping enable p.308
• Global router age time 300 p.308
• Global report suppression enable p.308
• Global member age time 260 p.308
• Global authentication accounting disable p.308
• Enable vlan p.308
• Unknown multicast pass p.308
• Enable port p.308
• The following example shows how to enable report message suppression p.308
• Configuring unknown multicast p.308
• Switch config ip igmp snooping rtime 200 p.310
• Switch config ip igmp snooping mtime 200 p.310
• Switch config ip igmp snooping p.310
• Last query times 2 p.310
• Last query interval 1 p.310
• Igmp snooping enable p.310
• Global router age time 200 p.310
• Global report suppression disable p.310
• Global member age time 200 p.310
• Global authentication accounting disable p.310
• Enable vlan p.310
• Unknown multicast pass p.310
• Enable port p.310
• Time as 200 seconds p.310
• Configuring router port time and member port time p.310
• The following example shows how to configure the global router port time and member port p.310
• Configuring igmp snooping parameters on the port p.310
• Switch configure p.310
• Switch config show ip igmp snooping p.310
• Switch copy running config startup config p.311
• Switch configure p.311
• Switch config ip igmp snooping p.311
• Switch config interface gigabiteternet 1 0 3 p.311
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 basic config p.311
• Switch config if ip igmp snooping immediate leave p.311
• Switch config if ip igmp snooping p.311
• Switch config if end p.311
• Port igmp snooping fast leave p.311
• Gi1 0 3 enable enable p.311
• Configuring fast leave p.311
• The following example shows how to enable fast leave on port 1 0 3 p.311
• The following example shows how to configure the max group as 500 and the overflow action as p.312
• Switch configure p.312
• Switch config ip igmp snooping p.312
• Switch config interface gigabiteternet 1 0 3 p.312
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 max groups p.312
• Switch config if ip igmp snooping max groups action drop p.312
• Switch config if ip igmp snooping max groups 500 p.312
• Switch config if ip igmp snooping p.312
• Switch config if end p.312
• Port max groups overflow action p.312
• Gi1 0 3 500 drop p.312
• Drop on port 1 0 3 p.312
• Configuring max group and overflow action on the port p.312
• Unknown multicast pass p.313
• Enable port p.313
• The following example shows how to configure the last listener query count as 5 and the last p.313
• Configuring igmp snooping last listener query p.313
• Switch copy running config startup config p.313
• Switch configure p.313
• Switch config show ip igmp snooping p.313
• Switch config ip igmp snooping last listener query interval 5 p.313
• Switch config ip igmp snooping last listener query count 5 p.313
• Switch config ip igmp snooping p.313
• Listener query interval as 5 seconds p.313
• Last query times 5 p.313
• Last query interval 5 p.313
• Igmp snooping enable p.313
• Global router age time 300 p.313
• Global report suppression disable p.313
• Global member age time 260 p.313
• Global authentication accounting disable p.313
• The following example shows how to enable igmp snooping in vlan 2 and vlan 3 configure p.314
• Switch copy running config startup config p.314
• Switch configure p.314
• Switch config show ip igmp snooping vlan 2 p.314
• Switch config ip igmp snooping vlan config 2 3 rtime 500 p.314
• Switch config ip igmp snooping vlan config 2 3 mtime 400 p.314
• Switch config ip igmp snooping p.314
• Switch config end p.314
• Static router port none p.314
• Router time 500 p.314
• Member time 400 p.314
• Forbidden router port none p.314
• Enable vlan p.314
• Dynamic router port none p.314
• Vlan id 2 p.314
• Configuring router port time and member port time p.314
• The router port time as 500 seconds and the member port time as 400 seconds p.314
• Configuring igmp snooping parameters in the vlan p.314
• Switch config show ip igmp snooping vlan 2 p.315
• Switch config ip igmp snooping vlan config 2 rport interface gigabitethernet 1 0 2 p.315
• Switch config ip igmp snooping p.315
• Switch config end p.315
• Static router port none p.315
• Static router port gi1 0 2 p.315
• Router time 500 p.315
• Router time 0 p.315
• Member time 400 p.315
• Member time 0 p.315
• Vlan id 3 p.315
• Forbidden router port none p.315
• Vlan id 2 p.315
• Dynamic router port none p.315
• The following example shows how to enable igmp snooping in vlan 2 and configure port 1 0 2 p.315
• Configuring static router port p.315
• Switch copy running config startup config p.315
• As the static router port p.315
• Switch configure p.315
• Switch config show ip igmp snooping vlan 3 p.315
• Switch config end p.316
• Static router port none p.316
• Router time 0 p.316
• Member time 0 p.316
• Gigabitethernet 1 0 4 6 p.316
• From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices p.316
• Forbidden router port none p.316
• Forbidden router port gi1 0 4 6 p.316
• Dynamic router port none p.316
• Configuring forbidden router port p.316
• Vlan id 2 p.316
• The following example shows how to enable igmp snooping in vlan 2 and forbid port 1 0 4 6 p.316
• Switch copy running config startup config p.316
• Switch configure p.316
• Switch config show ip igmp snooping vlan 2 p.316
• Switch config ip igmp snooping vlan config 2 router ports forbidd interface p.316
• Switch config ip igmp snooping p.316
• Switch config ip igmp snooping p.317
• Switch config end p.317
• Port 1 0 9 10 as the forward ports p.317
• Multicast ip vlan id addr type switch port p.317
• Configuring static multicast multicast ip and forward port p.317
• Configuring router port time and member port time p.317
• Configuring igmp snooping parameters in the multicast vlan p.317
• 2 2 static gi1 0 9 10 p.317
• 0 9 10 p.317
• The following example shows how to configure 226 as the static multicast ip and specify p.317
• Switch copy running config startup config p.317
• Switch configure p.317
• Switch config show ip igmp snooping groups static p.317
• Switch config ip igmp snooping vlan config 2 static 226 interface gigabitethernet p.317
• Switch config ip igmp snooping multi vlan config 5 rtime 500 p.318
• Switch config ip igmp snooping multi vlan config 5 mtime 400 p.318
• Switch config ip igmp snooping p.318
• Switch config end p.318
• Static router port none p.318
• Router time 500 p.318
• Replace source ip 0 p.318
• Multicast vlan enable p.318
• Member time 400 p.318
• Forbidden router port none p.318
• Vlan id 5 p.318
• Dynamic router port none p.318
• Time as 500 seconds and the member port time as 400 seconds p.318
• The following example shows how to configure vlan 5 as the multicast vlan set the router port p.318
• Switch copy running config startup config p.318
• Switch configure p.318
• Switch config show ip igmp snooping multi vlan config p.318
• Switch config end p.319
• Static router port gi1 0 5 p.319
• Router time 300 p.319
• Replace source ip 0 p.319
• Multicast vlan enable p.319
• Member time 260 p.319
• Forbidden router port none p.319
• Dynamic router port none p.319
• Configuring static router port p.319
• Vlan id 5 p.319
• As the static router port p.319
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 p.319
• Switch copy running config startup config p.319
• Switch configure p.319
• Switch config show ip igmp snooping multi vlan config p.319
• Switch config ip igmp snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 p.319
• Switch config ip igmp snooping p.319
• Router time 300 p.320
• Replace source ip 0 p.320
• Multicast vlan enable p.320
• Member time 260 p.320
• Gigabitethernet 1 0 6 p.320
• Forbidden router port gi1 0 6 p.320
• Dynamic router port none p.320
• Vlan id 5 p.320
• Configuring forbidden router port p.320
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 p.320
• As the forbidden router port p.320
• Switch copy running config startup config p.320
• Switch configure p.320
• Switch config show ip igmp snooping multi vlan config p.320
• Switch config ip igmp snooping multi vlan config 5 router ports forbidd interface p.320
• Switch config ip igmp snooping p.320
• Switch config end p.320
• Static router port none p.320
• Router time 300 p.321
• Replace source ip 192 68 p.321
• Multicast vlan enable p.321
• Member time 260 p.321
• Forbidden router port none p.321
• Dynamic router port none p.321
• Configuring replace source ip p.321
• Vlan id 5 p.321
• The following example shows how to configure vlan 5 as the multicast vlan and replace the p.321
• Switch copy running config startup config p.321
• Switch configure p.321
• Switch config show ip igmp snooping multi vlan config p.321
• Switch config ip igmp snooping multi vlan config 5 replace sourceip 192 68 p.321
• Switch config ip igmp snooping p.321
• Switch config end p.321
• Static router port none p.321
• Source ip in the igmp packets sent by the switch with 192 68 p.321
• Query interval 60 p.322
• Maximum response time 10 p.322
• General query source ip 192 68 p.322
• Enabling igmp querier p.322
• Configuring the querier p.322
• Configuring query interval max response time and general query source ip p.322
• Vlan 4 p.322
• The following example shows how to enable igmp snooping and igmp querier in vlan 4 p.322
• Switch copy running config startup config p.322
• Switch configure p.322
• Switch config show ip igmp snooping querier p.322
• Switch config ip igmp snooping querier vlan 4 p.322
• Switch config ip igmp snooping p.322
• Switch config end p.322
• Switch config ip igmp snooping querier vlan 4 max response time 20 p.323
• Switch config ip igmp snooping querier vlan 4 general query source ip 192 68 p.323
• Switch config ip igmp snooping p.323
• Switch config end p.323
• Source ip as 192 68 p.323
• Query interval 100 p.323
• Maximum response time 20 p.323
• General query source ip 192 68 p.323
• Vlan 4 p.323
• The query interval as 100 seconds the max response time as 20 seconds and the general query p.323
• The following example shows how to enable igmp snooping and igmp querier in vlan 4 set p.323
• Switch copy running config startup config p.323
• Switch configure p.323
• Switch config show ip igmp snooping querier p.323
• Switch config ip igmp snooping querier vlan 4 query interval 100 p.323
• Switch config ip igmp profile 1 p.324
• Switch config igmp profile show ip igmp profile p.324
• Switch config igmp profile range 226 226 0 p.324
• Switch config igmp profile deny p.324
• Sent to 226 226 0 p.324
• Range 226 226 0 p.324
• Igmp profile 1 p.324
• Creating profile p.324
• Configuring multicast filtering p.324
• The following example shows how to configure profile 1 so that the switch filters multicast data p.324
• Switch configure p.324
• Switch config ip igmp snooping p.324
• Switch config ip igmp profile 1 p.325
• Switch config interface gigabitethernet 1 0 2 p.325
• Switch config igmp profile range 226 226 0 p.325
• Switch config igmp profile exit p.325
• Switch config igmp profile deny p.325
• Switch config if show ip igmp profile p.325
• Switch config if ip igmp snooping p.325
• Switch config if ip igmp filter 1 p.325
• Switch config end p.325
• Range 226 226 0 p.325
• Multicast data sent to 226 226 0 p.325
• Igmp profile 1 p.325
• The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters p.325
• Binding profile to the port p.325
• Switch copy running config startup config p.325
• Switch configure p.325
• Switch config ip igmp snooping p.325
• Switch config ip igmp snooping p.326
• Switch config interface gigabitethernet 1 0 2 p.326
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 2 authentication p.326
• Switch config if ip igmp snooping authentication p.326
• Switch config if ip igmp snooping p.326
• Switch config end p.326
• Port igmp authentication p.326
• Gi1 0 2 enable p.326
• Gi1 0 2 p.326
• Enabling igmp authentication on the port p.326
• Enabling igmp accounting and authentication p.326
• Binding port s p.326
• The following example shows how to enable igmp authentication on port 1 0 2 p.326
• Switch copy running config startup config p.326
• Switch configure p.326
• Switch copy running config startup config p.327
• Enabling igmp accounting globally p.327
• Using the gui p.328
• Configuring mld snooping globally p.328
• Configuring mld snooping p.328
• Follow these steps to configure unknown multicast p.329
• Follow these steps to configure the aging time of the router ports and the member ports p.329
• Follow these steps to configure report message suppression p.329
• Enabling report message suppression can reduce the number of packets in the network p.329
• Enable or disable report message suppression globally p.329
• Configuring router port time and member port time p.329
• Configure unknown multicast as forward or discard p.329
• Click apply p.329
• The same time p.329
• Specify the aging time of the router ports p.329
• Specify the aging time of the member ports p.329
• Snooping config page at p.329
• Optional configuring report message suppression p.329
• Igmp snooping and mld snooping share the setting of unknown multicast so you have to p.329
• Specify the interval between masqs p.330
• Receives an mld leave message if specified count of multicast address specific queries masqs p.330
• Multicast forwarding table p.330
• Mld snooping status table displays vlans and ports with mld snooping enabled p.330
• Global config section p.330
• Follow these steps to configure last listener query interval and last listener query count in the p.330
• Configuring mld snooping last listener query p.330
• Configure the last listener query interval and last listener query count when the switch p.330
• Click apply p.330
• Are sent and no report message is received the switch will delete the multicast address from the p.330
• Verifying mld snooping status p.330
• Specify the number of masqs to be sent p.330
• Optional configuring fast leave p.331
• Enabling mld snooping on the port p.331
• Configuring the port s basic mld snooping features p.331
• Configuring mld snooping in the vlan p.332
• Configuring mld snooping globally in the vlan p.332
• In old multicast transmission mode when users in different vlans apply for data from the same p.333
• Follow these steps to forbid the selected ports to be the router ports in the designate vlan p.333
• Follow these steps to configure static router ports in the designate vlan p.333
• Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device p.333
• Configuring the multicast vlan p.333
• Configure the router ports in the designate vlan p.333
• Configure the forbidden router ports in the designate vlan p.333
• Click create p.333
• And reduces network load of layer 3 devices p.333
• With multicast vlan configured all multicast group members will be added to a vlan layer 3 p.333
• Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth p.333
• Optional configuring the static router ports in the vlan p.333
• Optional configuring the forbidden router ports in the vlan p.333
• Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the p.333
• Layer 2 devices p.333
• The router port time and member port time p.334
• Settings p.334
• Set up the vlan that the router ports and the member ports are in for details please refer to p.334
• Multicast vlan to load the following page p.334
• In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic p.334
• Enable multicast vlan configure the specific vlan to be the multicast vlan and configure p.334
• Creating multicast vlan and configuring basic settings p.334
• Configuring 802 q vlan p.334
• Configure the new multicast source ip p.335
• Click apply p.335
• Viewing dynamic router ports in the multicast vlan p.335
• This table displays all the dynamic router ports in the multicast vlan p.335
• This function allows you to use a new ip instead of the source ip to send data to multicast group p.335
• Optional creating replace source ip p.335
• Optional configuring the static router ports p.335
• Optional configuring the forbidden router ports p.335
• Members in the multicast vlan section follow these steps to configure replace source ip p.335
• Follow these steps to forbid the selected ports to be the router ports in the multicast vlan p.335
• Follow these steps to configure static router ports in the multicast vlan p.335
• Configure the router ports in the multicast vlan p.335
• Configure the router ports in the designate vlan p.335
• Mld snooping querier sends general query packets regularly to maintain the multicast p.336
• Following page p.336
• Follow these steps to configure the querier p.336
• Configuring the querier p.336
• Click apply p.336
• Specify a vlan and configure the querier on this vlan p.336
• Querier config to load the p.336
• Optional configuring the querier p.336
• You can edit the settings in the mld snooping querier table p.337
• With mld profile the switch can define a blacklist or whitelist of multicast addresses so as to filter p.337
• Viewing settings of mld querier p.337
• The mld snooping querier table displays all the related settings of the mld querier p.337
• Profile config to load the p.337
• Following page p.337
• Follow these steps to create a profile and configure its filtering mode p.337
• Creating profile p.337
• Create a profile and configure its filtering mode p.337
• Configuring mld profile p.337
• Click add p.337
• Editing ip range of the profile p.338
• Binding profile and member ports p.338
• Searching profile p.338
• Select the port to be bound and enter the profile id in the profile id column p.339
• Select a port to configure its max group and overflow action p.339
• Follow these steps to configure the maximum groups a port can join and overflow action p.339
• Follow these steps to bind the profile to the port p.339
• Configuring max groups a port can join p.339
• Click apply p.339
• Binding profile and member ports p.339
• Viewing mld statistics on each port p.340
• Packet statistic to load the following page p.340
• Follow these steps to configure auto refresh p.340
• Enable or disable auto refresh p.340
• Configuring auto refresh p.340
• Click apply p.340
• Configuring static member port p.341
• Click apply p.341
• Viewing mld statistics p.341
• This function allows you to specify a port as a static member port in the multicast group p.341
• The mld statistics table displays all kinds of mld statistics of all the ports p.341
• Static ipv4 multicast table to load the p.341
• Following page p.341
• Follow these steps to configure static member port p.341
• Enter the multicast ip and vlan id specify the static member port p.341
• You can search mld static multicast entries by using multicast ip vlan id or forward port as the p.342
• Viewing mld static multicast groups p.342
• Using the cli p.342
• Static multicast ip table displays details of all mld static multicast groups p.342
• Search option p.342
• Enabling mld snooping on the port p.342
• Enabling mld snooping globally p.342
• Click create p.342
• Configuring mld snooping parameters globally p.343
• Configuring report message suppression p.343
• Switch copy running config startup config p.344
• Switch configure p.344
• Switch config show ipv6 mld snooping p.344
• Switch config ipv6 mld snooping report suppression p.344
• Switch config ipv6 mld snooping p.344
• Switch config end p.344
• Mld snooping enable p.344
• Last query times 2 p.344
• Last query interval 1 p.344
• Global router age time 300 p.344
• Global report suppression enable p.344
• Global member age time 260 p.344
• Enable vlan p.344
• Enable port p.344
• Configuring unknown multicast p.344
• Unknown multicast pass p.344
• The following example shows how to enable report message suppression p.344
• Configuring router port time and member port time p.345
• Configuring mld snooping parameters on the port p.345
• Switch copy running config startup config p.347
• Switch configure p.347
• Switch config ipv6 mld snooping p.347
• Switch config interface gigabiteternet 1 0 3 p.347
• Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 basic config p.347
• Switch config if ipv6 mld snooping immediate leave p.347
• Switch config if ipv6 mld snooping p.347
• Switch config if end p.347
• Port mld snooping fast leave p.347
• Gi1 0 3 enable enable p.347
• Configuring max group and overflow action on the port p.347
• Configuring fast leave p.347
• The following example shows how to enable fast leave on port 1 0 3 p.347
• The following example shows how to configure the max group as 500 and the overflow action as p.348
• Switch copy running config startup config p.348
• Switch configure p.348
• Switch config ipv6 mld snooping p.348
• Switch config interface gigabiteternet 1 0 3 p.348
• Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 max groups p.348
• Switch config if ipv6 mld snooping max groups action drop p.348
• Switch config if ipv6 mld snooping max groups 500 p.348
• Switch config if ipv6 mld snooping p.348
• Switch config if end p.348
• Port max groups overflow action p.348
• Gi1 0 3 500 drop p.348
• Drop on port 1 0 3 p.348
• Unknown multicast pass p.349
• Enable port p.349
• The following example shows how to configure the last listener query count as 5 and the last p.349
• Configuring mld snooping last listener query p.349
• Switch copy running config startup config p.349
• Switch configure p.349
• Switch config show ipv6 mld snooping p.349
• Switch config ipv6 mld snooping last listener query interval 5 p.349
• Switch config ipv6 mld snooping last listener query count 5 p.349
• Switch config ipv6 mld snooping p.349
• Switch config end p.349
• Mld snooping enable p.349
• Last query times 5 p.349
• Last query interval 5 p.349
• Global router age time 300 p.349
• Global report suppression disable p.349
• Global member age time 260 p.349
• Enable vlan p.349
• Vlan id 2 p.350
• The following example shows how to enable mld snooping in vlan 2 and vlan 3 configure the p.350
• Switch configure p.350
• Switch config show ipv6 mld snooping vlan 3 p.350
• Switch config show ipv6 mld snooping vlan 2 p.350
• Switch config ipv6 mld snooping vlan config 2 3 rtime 500 p.350
• Switch config ipv6 mld snooping vlan config 2 3 mtime 400 p.350
• Switch config ipv6 mld snooping p.350
• Static router port none p.350
• Router time 500 p.350
• Router port time as 500 seconds and the member port time as 400 seconds p.350
• Member time 400 p.350
• Forbidden router port none p.350
• Dynamic router port none p.350
• Configuring router port time and member port time p.350
• Configuring mld snooping parameters in the vlan p.350
• Vlan id 3 p.350
• Switch copy running config startup config p.351
• Switch configure p.351
• Switch config show ipv6 mld snooping vlan 2 p.351
• Switch config ipv6 mld snooping vlan config 2 rport interface gigabitethernet 1 0 2 p.351
• Switch config ipv6 mld snooping p.351
• Switch config end p.351
• Static router port none p.351
• Static router port gi1 0 2 p.351
• Router time 0 p.351
• Member time 400 p.351
• Member time 0 p.351
• Forbidden router port none p.351
• Dynamic router port none p.351
• Configuring static router port p.351
• Vlan id 2 p.351
• As the static router port p.351
• The following example shows how to enable mld snooping in vlan 2 and configure port 1 0 2 p.351
• Switch copy running config startup config p.352
• Switch config show ipv6 mld snooping vlan 2 p.352
• Switch config ipv6 mld snooping vlan config 2 router ports forbidden interface p.352
• Switch config ipv6 mld snooping p.352
• Switch config end p.352
• Switch config p.352
• Static router port none p.352
• Router time 0 p.352
• Member time 0 p.352
• Gigabitethernet 1 0 4 6 p.352
• From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices p.352
• Forbidden router port gi1 0 4 6 p.352
• Dynamic router port none p.352
• Configuring forbidden router port p.352
• Vlan id 2 p.352
• The following example shows how to enable mld snooping in vlan 2 and forbid port 1 0 4 6 p.352
• The following example shows how to configure ff01 1234 02 as the static multicast ip and specify p.353
• Switch copy running config startup config p.353
• Switch configure p.353
• Switch config show ipv6 mld snooping groups static p.353
• Switch config ipv6 mld snooping vlan config 2 static ff01 1234 02 interface p.353
• Switch config ipv6 mld snooping p.353
• Switch config end p.353
• Port 1 0 9 10 as the forward ports p.353
• Multicast ip vlan id addr type switch port p.353
• Gigabitethernet 1 0 9 10 p.353
• Ff01 1234 02 2 static gi1 0 9 10 p.353
• Configuring static multicast multicast ip and forward port p.353
• Configuring router port time and member port time p.353
• Configuring mld snooping parameters in the multicast vlan p.353
• Time as 500 seconds and the member port time as 400 seconds p.354
• The following example shows how to configure vlan 5 as the multicast vlan set the router port p.354
• Switch copy running config startup config p.354
• Switch configure p.354
• Switch config show ipv6 mld snooping multi vlan p.354
• Switch config ipv6 mld snooping multi vlan config 5 rtime 500 p.354
• Switch config ipv6 mld snooping multi vlan config 5 mtime 400 p.354
• Switch config ipv6 mld snooping p.354
• Switch config end p.354
• Static router port none p.354
• Router time 500 p.354
• Replace source ip p.354
• Multicast vlan enable p.354
• Member time 400 p.354
• Forbidden router port none p.354
• Dynamic router port none p.354
• Vlan id 5 p.354
• Switch copy running config startup config p.355
• Switch configure p.355
• Switch config show ipv6 mld snooping multi vlan p.355
• Switch config ipv6 mld snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 p.355
• Switch config ipv6 mld snooping p.355
• Switch config end p.355
• Static router port gi1 0 5 p.355
• Router time 300 p.355
• Replace source ip p.355
• Multicast vlan enable p.355
• Member time 260 p.355
• Forbidden router port none p.355
• Dynamic router port none p.355
• Configuring static router port p.355
• Vlan id 5 p.355
• As the static router port p.355
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 p.355
• Switch config show ipv6 mld snooping multi vlan p.356
• Switch config ipv6 mld snooping multi vlan config 5 router ports forbidden interface p.356
• Switch config ipv6 mld snooping p.356
• Switch config end p.356
• Static router port none p.356
• Router time 300 p.356
• Replace source ip p.356
• Multicast vlan enable p.356
• Member time 260 p.356
• Gigabitethernet 1 0 6 p.356
• Forbidden router port gi1 0 6 p.356
• Dynamic router port none p.356
• Vlan id 5 p.356
• Configuring forbidden router port p.356
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 p.356
• As the forbidden router port p.356
• Switch copy running config startup config p.356
• Switch configure p.356
• Switch config ipv6 mld snooping p.357
• Switch config end p.357
• Static router port none p.357
• Source ip in the mld packets sent by the switch with fe80 02ff ffff fe00 0001 p.357
• Router time 300 p.357
• Replace source ip fe80 2ff ffff fe00 1 p.357
• Multicast vlan enable p.357
• Member time 260 p.357
• Forbidden router port none p.357
• Fe80 02ff ffff fe00 0001 p.357
• Vlan id 5 p.357
• Dynamic router port none p.357
• The following example shows how to configure vlan 5 as the multicast vlan and replace the p.357
• Configuring replace source ip p.357
• Switch copy running config startup config p.357
• Switch configure p.357
• Switch config show ipv6 mld snooping multi vlan p.357
• Switch config ipv6 mld snooping multi vlan config 5 replace sourceip p.357
• Switch config show ipv6 mld snooping querier p.358
• Switch config ipv6 mld snooping querier vlan 4 p.358
• Switch config ipv6 mld snooping p.358
• Switch config end p.358
• Query interval 60 p.358
• Maximum response time 10 p.358
• General query source ip fe80 2ff ffff fe00 1 p.358
• Enabling mld querier p.358
• Configuring the querier p.358
• Configuring query interval max response time and general query source ip p.358
• Vlan 4 p.358
• The following example shows how to enable mld snooping and mld querier in vlan 4 p.358
• Switch copy running config startup config p.358
• Switch configure p.358
• Switch copy running config startup config p.359
• Switch configure p.359
• Switch config show ipv6 mld snooping querier p.359
• Switch config ipv6 mld snooping querier vlan 4 query interval 100 p.359
• Switch config ipv6 mld snooping querier vlan 4 max response time 20 p.359
• Switch config ipv6 mld snooping querier vlan 4 general query source ip fe80 2ff ffff fe00 1 p.359
• Switch config ipv6 mld snooping p.359
• Switch config end p.359
• Source ip as fe80 2ff ffff fe00 1 p.359
• Query interval 100 p.359
• Maximum response time 20 p.359
• General query source ip fe80 2ff ffff fe00 1 p.359
• Vlan 4 p.359
• The query interval as 100 seconds the max response time as 20 seconds and the general query p.359
• The following example shows how to enable mld snooping and mld querier in vlan 4 set p.359
• The following example shows how to configure profile 1 so that the switch filters multicast data p.360
• Switch configure p.360
• Switch config mld profile show ipv6 mld profile p.360
• Switch config mld profile range ff01 1234 5 ff01 1234 8 p.360
• Switch config mld profile deny p.360
• Switch config ipv6 mld snooping p.360
• Switch config ipv6 mld profile 1 p.360
• Sent to ff01 1234 5 ff01 1234 8 p.360
• Range ff01 1234 5 ff01 1234 8 p.360
• Mld profile 1 p.360
• Creating profile p.360
• Configuring multicast filtering p.360
• The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters p.361
• Binding profile to the port p.361
• Switch copy running config startup config p.361
• Switch configure p.361
• Switch config mld profile range ff01 1234 5 ff01 1234 8 p.361
• Switch config mld profile exit p.361
• Switch config mld profile deny p.361
• Switch config ipv6 mld snooping p.361
• Switch config ipv6 mld profile 1 p.361
• Switch config interface gigabitethernet 1 0 2 p.361
• Switch config if show ipv6 mld profile p.361
• Switch config if ipv6 mld snooping p.361
• Switch config if ipv6 mld filter 1 p.361
• Switch config end p.361
• Range ff01 1234 5 ff01 1234 8 p.361
• Multicast data sent to ff01 1234 5 ff01 1234 8 p.361
• Mld profile 1 p.361
• Viewing multicast snooping configurations p.363
• Viewing ipv6 multicast snooping configurations p.363
• Viewing ipv4 multicast snooping configurations p.363
• Using the gui p.363
• Viewing ipv4 multicast snooping configurations p.364
• Using the cli p.364
• Viewing ipv6 multicast snooping configurations p.365
• Network requirements p.366
• Example for configuring basic igmp snooping p.366
• Configuration scheme p.366
• Configuration examples p.366
• Using the gui p.367
• The pvid of port 1 0 1 4 as 10 p.369
• Port config to load the following page configure p.369
• Using the cli p.370
• Configuration file p.371
• Verify the configurations p.372
• Network topology p.373
• Network requirements p.373
• Example for configuring multicast vlan p.373
• Configuration scheme p.373
• Using the gui and using the cli p.374
• Internet p.374
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways p.374
• Using the gui p.375
• Using the cli p.377
• Configuration file p.378
• Verify the configurations p.379
• Network requirement p.380
• Example for configuring unknown multicast and fast leave p.380
• About leaving the previous channel the switch will then drop multicast data from the previous p.381
• 0 2 and enable unknown multicast globally to change channel host b sends a leave message p.381
• Using the gui and using the cli p.381
• To avoid host b from receiving irrelevant multicast data the user can enable fast leave on port p.381
• Network load and results in network congestion the solution to this problem is using unknown p.381
• Multicast and fast leave p.381
• Internet p.381
• From the previous channel and possibly other unknown multicast data which increases the p.381
• From the new channel and that the multicast network is unimpeded p.381
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways p.381
• Configuration scheme p.381
• Channel and all unknown multicast data which ensures that host b only receives multicast data p.381
• After the channel is changed the client host b still receives irrelevant multicast data the data p.381
• Using the gui p.382
• Snooping config to load the following p.382
• Page enable igmp snooping globally and configure unknown multicast as discard p.382
• Port config to load the following page p.383
• Enable igmp snooping on port 1 0 2 and port 1 0 4 and enable fast leave on port 1 0 2 p.383
• Using the cli p.384
• Verify the configurations p.385
• Configuration file p.385
• Network topology p.386
• Network requirements p.386
• Example for configuring multicast filtering p.386
• Configuration scheme p.386
• Using the gui and using the cli p.387
• Internet p.387
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways p.387
• Using the gui p.388
• The pvid of port 1 0 1 4 as 10 p.390
• Port config to load the following page configure p.390
• Using the cli p.394
• Configuration file p.396
• Verify the configurations p.397
• Default parameters for igmp snooping p.399
• Appendix default parameters p.399
• Default parameters for mld snooping p.400
• Part 12 p.402
• Managing logical interfaces p.402
• Chapters p.402
• This chapter introduces the configurations for logical interfaces the supported types of logical p.403
• Physical interfaces are the ports on the front panel or rear panel of the switch p.403
• Overview p.403
• Logical interfaces are manually configured and do not physically exist such as loopback p.403
• Interfaces of a device are used to exchange data and interact with interfaces of other network p.403
• Interfaces are shown as below p.403
• Interfaces and routing interfaces p.403
• Devices interfaces are classified into physical interfaces and logical interfaces p.403
• Logical interfaces configurations p.404
• Creating a layer 3 interface p.404
• Using the gui p.404
• The ipv4 parameters of the interface p.405
• The interface according to your actual needs then click apply p.405
• Section on the corresponding interface entry click edit to load the following page and configure p.405
• In the modify interface section specify an interface id and configure relevant parameters for p.405
• In the interface list section you can view the corresponding interface entry you create p.405
• In figure 2 1 you can view the corresponding interface entry you create in the interface list p.405
• Configuring ipv4 parameters of the interface p.405
• Which allows you to have two logical subnets using one physical subnet then click create p.406
• Section on the corresponding interface entry click edit ipv6 to load the following page and p.406
• In the secondary ip list section you can view the corresponding secondary ip entry you p.406
• In the secondary ip create section configure the secondary ip for the specified interface p.406
• In figure 2 1 you can view the corresponding interface entry you create in the interface list p.406
• Create p.406
• Configuring ipv6 parameters of the interface p.406
• Configure the ipv6 parameters of the interface p.406
• Local address config section then click apply p.407
• Enable ipv6 function on the interface of switch in the general config section then click p.407
• Configure the ipv6 link local address of the interface manually or automatically in the link p.407
• View the global address entry in the global address table p.408
• Via ra message p.408
• Via dhcpv6 server p.408
• Manually p.408
• Configure one or more ipv6 global addresses of the interface via following three ways p.408
• Viewing detail information of the interface p.409
• Using the cli p.409
• The detail information of the interface p.409
• Section on the corresponding interface entry click detail to load the following page and view p.409
• Interface a routed port or a port channel interface according to your needs p.409
• In figure 2 1 you can view the corresponding interface entry you create in the interface list p.409
• Follow these steps to create a layer 3 interface you can create a vlan interface a loopback p.409
• Creating a layer 3 interface p.409
• The following example shows how to create a vlan interface with a description of vlan 2 p.410
• Switch copy running config startup config p.410
• Switch configure p.410
• Switch config interface vlan 2 p.410
• Switch config if end p.410
• Switch config if description vlan 2 p.410
• The following example shows how to configure the ipv4 parameters of a routed port including p.411
• Switch configure p.411
• Switch config interface gigabitethernet 1 0 1 p.411
• Switch config if show interface configuration gigabitethernet 1 0 1 p.411
• Switch config if no switchport p.411
• Switch config if ip address 192 68 00 255 55 55 p.411
• Setting a static ip address for the port and enabling the layer 3 capabilities p.411
• Follow these steps to configure the ipv4 parameters of the interface p.411
• Configuring ipv4 parameters of the interface p.411
• Configuring ipv6 parameters of the interface p.412
• Switch copy running config startup config p.412
• Switch config if show ip interface brief p.412
• Switch config if end p.412
• Interface ip address method status protocol shutdown p.412
• Gi1 0 1 192 68 00 24 static up up no p.412
• Follow these steps to configure the ipv6 parameters of the interface p.412
• Switch config interface vlan 2 p.413
• Switch config if show ipv6 interface p.413
• Switch config if ipv6 enable p.413
• Switch config if ipv6 address dhcp p.413
• Switch config if ipv6 address autoconfig p.413
• Of a vlan interface p.413
• Ipv6 is enable link local address fe80 20a ebff fe13 237bnor p.413
• Global unicast address es ff02 1 ff13 237b p.413
• Global address ra disable p.413
• Global address dhcpv6 enable p.413
• Vlan2 is up line protocol is up p.413
• The following example shows how to enable the ipv6 function and configure the ipv6 parameters p.413
• Switch configure p.413
• Default settings of interface are listed in the following tables p.415
• Appendix default parameters p.415
• Part 13 p.416
• Configuring static routing p.416
• Chapters p.416
• Overview p.417
• Using the gui p.418
• Ipv4 static routing configuration p.418
• Ipv4 static routing config to load the following p.418
• In the ipv4 static routing config section configure the corresponding parameters to add p.418
• In the ipv4 static route table section you can view and modify the ipv4 static routing p.418
• Entries p.418
• An ipv4 static route then click create p.418
• Using the cli p.419
• The following example shows how to create an ipv4 static route with the destination ip address p.419
• Switch copy running config startup config p.419
• Switch configure p.419
• Switch config show ip route p.419
• Switch config ip route 192 68 255 55 55 192 68 p.419
• Switch config end p.419
• S 192 68 24 1 0 via 192 68 vlan1 p.419
• Follow these steps to create an ipv4 static route p.419
• Codes c connected s static p.419
• Candidate default p.419
• C 192 68 24 is directly connected vlan1 p.419
• As 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 p.419
• Using the gui p.420
• Ipv6 static routing configuration p.420
• As 3200 64 and the next hop address as 3100 1234 p.421
• Using the cli p.421
• The following example shows how to create an ipv6 static route with the destination ip address p.421
• Switch configure p.421
• Switch config show ipv6 route static p.421
• Switch config ipv6 route 3200 64 3100 1234 p.421
• Follow these steps to enable ipv6 routing function and create an ipv6 static route p.421
• Codes c connected s static p.421
• Candidate default p.421
• Viewing routing table p.423
• Viewing ipv6 routing table p.423
• Viewing ipv4 routing table p.423
• Using the gui p.423
• Using the cli p.424
• To view ipv6 routing table p.424
• To view ipv4 routing table p.424
• On privileged exec mode or any other configuration mode you can use the following command p.424
• Viewing ipv6 routing table p.424
• Viewing ipv4 routing table p.424
• View the ipv6 routes in the ipv6 routing information summary section p.424
• The default gateway of host b as 10 24 and configure ipv4 static routes on switch a and p.425
• The configurations of switch a and switch b are similar the following introductions take switch p.425
• Switch b so that hosts on different network segments can communicate with each other p.425
• Network requirements p.425
• Interface config to load the following page p.425
• Host a and host b need establish a connection without using dynamic routing protocols to p.425
• Example for static routing p.425
• Ensure stable connectivity p.425
• Demonstrated with t1600g 52ts the following sections provide configuration procedure in two p.425
• Create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as p.425
• Configuration scheme p.425
• As shown below host a and host b are on different network segments to meet business needs p.425
• A as an example p.425
• Ways using the gui and using the cli p.425
• Using the gui p.425
• To implement this requirement you can configure the default gateway of host a as 10 24 p.425
• Using the cli p.426
• Configuration file p.427
• Verify the configurations p.428
• Switch a p.428
• Switch b p.429
• Connectivity between switch a and switch b p.429
• Default setting of static routing is listed in the following table p.430
• Appendix default parameter p.430
• Overview p.432
• Equipped with a dhcp server thus increasing the costs of network construction p.432
• Dhcp relay solves this problem as the following figure shows the dhcp relay device acts as p.432
• Dhcp relay is used to process and forward dhcp packets between different subnets p.432
• A relay agent and forwards dhcp packets between dhcp clients and dhcp servers on different p.432
• Subnets so that dhcp clients on different subnets can share one dhcp server p.432
• Since the client requests a dynamic ip address via broadcast the basic network model of dhcp p.432
• Requires that the client and the server should be on the same lan therefore each lan should be p.432
• Using the gui p.433
• Enabling dhcp relay and configuring option 82 p.433
• Dhcp relay configuration p.433
• Specifying dhcp server for the interface p.434
• In the add dhcp server address section select the interface type and enter the interface id p.434
• Follow these steps to specify dhcp server for the interface p.434
• Dhcp server to load the following page p.434
• Click create to specify the dhcp server for the interface p.434
• Click apply p.434
• And then enter the server address of the interface p.434
• Enabling dhcp relay p.435
• Dhcp relay is enabled p.435
• Configuring option 82 p.435
• Using the cli p.435
• The following example shows how to enable dhcp relay p.435
• Switch copy running config startup config p.435
• Switch configure p.435
• Switch config show ip dhcp relay p.435
• Switch config service dhcp relay p.435
• Switch config end p.435
• Follow these steps to enable dhcp relay p.435
• Follow these steps to configure option 82 p.435
• Switch config show ip dhcp relay p.436
• Switch config ip dhcp relay information policy keep p.436
• Switch config ip dhcp relay information p.436
• Switch config end p.436
• Information as keep p.436
• Existed option 82 field operation keep p.436
• Dhcp relay option 82 is enabled p.436
• The following example shows how to enable option 82 and configure the process of option 82 p.436
• Switch copy running config startup config p.436
• Switch configure p.436
• The following example shows how to configure the dhcp server address as 192 68 on vlan p.437
• Switch configure p.437
• Switch config interface vlan 66 p.437
• Switch config if ip helper address 192 68 p.437
• Specifying dhcp server for the interface p.437
• Follow these steps to specify dhcp server for the interface p.437
• Configure 802 q vlan add all computers in the marketing department to vlan 10 and p.439
• Configuration scheme p.439
• Configuration example p.439
• Belong to vlan 10 which is connected to the switch via port 1 0 8 the interface address of vlan p.439
• The switch via port 1 0 16 the interface address of vlan 20 is 192 68 24 the dhcp server is p.439
• Before dhcp relay configurations create two dhcp server pools on the dhcp server one is p.439
• The same subnet while computers in different departments should be on different subnets p.439
• Add all computers in the r d department to vlan 20 for details refer to configuring 802 q p.439
• The overview of the configurations are as follows p.439
• A company wants to assign ip addresses to all computers in two departments and there is only p.439
• The network topology is as the following figure shows computers in the marketing department p.439
• One dhcp server available it is required that computers in the same department should be on p.439
• On 192 68 24 and the other is on 192 68 24 make sure the dhcp server can reach all p.439
• Network requirements p.439
• Is 192 68 24 computers in the r d department belong to vlan 20 which is connected to p.439
• In the given situation the dhcp relay feature can satisfy the requirement because dhcp relay p.439
• Enables dhcp clients from different subnets to share one dhcp server p.439
• Dhcp clients p.439
• Connected to the dhcp relay switch via port 1 0 5 and its ip address is 192 68 9 24 p.439
• Using the gui p.440
• Verify the configurations p.441
• Using the cli p.441
• Appendix default parameters p.442
• Default settings of dhcp relay are listed in the following table p.442
• Overview p.444
• Ip address as input arp learns the associated mac address and stores the ip mac address p.444
• Association in an arp entry for rapid retrieval p.444
• Arp address resolution protocol is used to map ip addresses to mac addresses taking an p.444
• Viewing the arp entries p.445
• Using the gui p.445
• Arp configurations p.445
• Adding static arp entries manually p.445
• Using the cli p.446
• Static arp to load the following page p.446
• In the arp config section enter the ip address and mac address and click create p.446
• Follow these steps to add static arp entries p.446
• Follow these steps to add arp entries p.446
• Configuring arp function p.446
• Adding static arp entries p.446
• Vlan1 192 68 00 11 22 33 44 55 static p.447
• This example shows how to create a static arp entry with the ip as 192 68 and the mac as p.447
• Switch copy running config startup config p.447
• Switch configure p.447
• Switch config show arp 192 68 p.447
• Switch config end p.447
• Switch config arp 192 68 00 11 22 33 44 55 arpa p.447
• Interface address hardware addr type p.447
• Follow these steps to configure the aging time of dynamic arp entries p.447
• Configuring the aging time of dynamic arp entries p.447
• 11 22 33 44 55 p.447
• Switch configure p.448
• Switch config interface vlan 2 p.448
• Switch config if end p.448
• Switch config if arp timeout 1000 p.448
• Clearing dynamic entries p.448
• Vlan interface 2 p.448
• This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for p.448
• Switch copy running config startup config p.448
• Viewing arp entries p.449
• On privileged exec mode or any other configuration mode you can use the following command to view arp entries p.449
• Part 16 p.450
• Configuring qos p.450
• Chapters p.450
• Supported features p.451
• Overview p.451
• Diffserv p.451
• Bandwidth control p.451
• Diffserv configuration p.452
• Configuration guidelines p.452
• Configuring 802 p priority p.453
• Configure the tag id cos id tc mapping relations p.453
• Using the gui p.453
• The instructions of the three priority modes are described respectively in this section p.453
• P priority to load the following page p.453
• Follow these steps to configure the 802 p priority p.453
• Configuring priority mode p.453
• Follow these steps to configure the dscp priority p.454
• Enable dscp priority and click apply dscp priority is disabled by default p.454
• Dscp priority to load the following page p.454
• Configuring dscp priority p.454
• Configure the dscp tc mapping relations p.454
• Click apply p.454
• 2p priority p.454
• Follow these steps to configure the port priority p.455
• Configuring port priority p.455
• Click apply p.455
• 2p priority p.455
• Select the desired port or lag to set its priority p.455
• Port priority to load the following page p.455
• Select a schedule mode p.456
• Schedule mode to load the following page p.456
• Follow these steps to configure the schedule mode p.456
• Congestion occurs p.456
• Configuring schedule mode p.456
• Configure the schedule mode to control the forwarding sequence of different tc queues when p.456
• Click apply p.456
• Using cli p.457
• The instructions of the three priority modes are described respectively in this section p.457
• Sp wrr p.457
• Optional configure the weight value of the each tc queue if the schedule mode is wrr of p.457
• Configuring priority mode p.457
• Configuring 802 priority p.457
• Click apply p.457
• The following example shows how to map cos2 to tc0 and keep other cos id tc as default p.458
• Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 p.458
• Tag 0 1 2 3 4 5 6 7 p.458
• Switch copy running config startup config p.458
• Switch configure p.458
• Switch config show qos status p.458
• Switch config show qos cos map p.458
• Switch config qos queue cos map 2 0 p.458
• Switch config end p.458
• P priority is enabled p.458
• Dscp priority is disabled p.458
• Configuring dscp priority p.458
• Switch configure p.459
• Switch config show qos cos map p.459
• Switch config qos queue dscp map 10 14 0 p.459
• Relations as default p.459
• The following example shows how to map dscp values 10 14 to tc1 and keep other mapping p.459
• Tc tc1 tc0 tc2 tc3 tc4 tc5 tc6 tc7 p.459
• Tag 0 1 2 3 4 5 6 7 p.459
• Switch copy running config startup config p.460
• Switch config show qos status p.460
• Switch config show qos dscp map p.460
• Switch config end p.460
• Select the desired port to set the priority packets from this ingress port are mapped to the tc p.460
• Queue based on port priority p.460
• P priority is disabled p.460
• Dscp priority is enabled p.460
• Dscp 8 9 10 11 12 13 14 15 p.460
• Cos cos1 cos1 cos0 cos0 cos0 cos0 cos0 cos1 p.460
• Configuring port priority p.460
• Different tc queues when congestion occurs p.462
• Configuring schedule mode p.462
• Follow these steps to configure the schedule mode to control the forwarding sequence of p.462
• Using the gui p.464
• Configuring rate limit p.464
• Bandwidth control configuration p.464
• Storm control to load the following page p.465
• Select the port s and configure the upper rate limit for forwarding broadcast packets p.465
• Multicast packets and ul frames p.465
• Follow these steps to configure the storm control function p.465
• Configuring storm control p.465
• Click apply p.465
• Using the cli p.466
• Configuring rate limit on port p.466
• Configure the upper rate limit for the port to receive and send packets p.466
• Click apply p.466
• Configure the upper rate limit on the port for forwarding broadcast packets multicast packets p.467
• And unknown unicast frames p.467
• The following example shows how to configure the ingress rate as 5120 kbps and egress rate as p.467
• Switch copy running config startup config p.467
• Switch configure p.467
• Switch config interface gigabitethernet 1 0 5 p.467
• Switch config if show bandwidth interface gigabitethernet 1 0 5 p.467
• Switch config if end p.467
• Switch config if bandwidth ingress 5120 egress 1024 p.467
• Port ingressrate kbps egressrate kbps lag p.467
• Kbps for port 1 0 5 p.467
• Gi1 0 5 5120 1024 n a p.467
• Configuring storm control p.467
• Network requirements p.470
• Example for configuring sp mode p.470
• Configuration scheme p.470
• Configuration examples p.470
• Using the gui p.471
• Using the cli p.472
• Verify the configuration p.473
• Configuration files p.473
• Verify the schedule mode p.474
• Value ratio of 2 1 when congestion occurs p.474
• To port 1 0 2 of switch b and port 1 0 3 of switch a is connected to port 1 0 1 of switch b p.474
• The switches to ensure the traffic from the two departments are forwarded based on the weight p.474
• The network topology is shown as the following figure switch a is an access layer switch and p.474
• Switch config show qos queue mode p.474
• Switch b is a layer 3 switch with acl redirect feature rd department is connected to port 1 0 1 of p.474
• Switch a marketing department is connected to port 1 0 2 of switch a the server is connected p.474
• Scheduler mode sp weight unusable in sp mode p.474
• Network requirements p.474
• Example for configuring wrr mode p.474
• Both rd department and marketing department can access the local network server configure p.474
• Configuration scheme p.475
• Using the gui p.475
• Configurations for switch a demonstrated with t1600g 52ts p.475
• Configurations for switch b demonstrated with t3700g 28tq p.477
• Using the cli p.483
• Configurations for switch a demonstrated with t1600g 52ts p.483
• Configurations for for switch b demonstrated with t3700g 28tq p.484
• Switch b p.486
• Switch a p.486
• Configuration file p.486
• Verify the configuration p.488
• Switch b p.488
• Switch a p.488
• Enabled see table 5 3 for tag id cos id tc mapping relations p.490
• Disabled see table 5 4 for dscp cos id mapping relations p.490
• Diffserv p.490
• Appendix default parameters p.490
• Bandwidth control p.491
• Part 17 p.492
• Configuring voice vlan p.492
• Chapters p.492
• Voice vlan configuration 4 appendix default parameters p.493
• Part 17 p.493
• Overview 3 configuration example p.493
• Overview p.493
• Make sure traffic from the voice device is tagged to do so there are mainly two ways p.495
• Id and the link type of the port which is connected to voice devices we recommend that p.495
• Create a vlan p.495
• Configure voice vlan mode on ports p.495
• Configure voice vlan globally p.495
• Configuration guidelines p.495
• Before configuring voice vlan you need to create a vlan for voice traffic for details about p.495
• Because the voice vlan in automatic mode supports only tagged voice traffic you need to p.495
• You choose the mode according to your needs and configure the port as the following table p.495
• You can configure the voice device to forward traffic with a voice vlan tag p.495
• Voice vlan configuration p.495
• Vlan configuration please refer to configuring 802 q vlan p.495
• Vlan 1 is a default vlan and cannot be configured as the voice vlan p.495
• To complete the voice vlan configuration follow these steps p.495
• To apply the voice vlan configuration you may need to further configure pvid port vlan p.495
• Optional configure oui addresses p.495
• Only one vlan can be set as the voice vlan on the switch p.495
• Using the gui p.496
• Optional configuring oui addresses p.496
• Enable the voice vlan feature and enter a vlan id p.497
• Configuring voice vlan mode on ports p.497
• Configuring voice vlan globally p.497
• Click create to add an oui address to the table p.497
• Click apply p.497
• Specify a priority for the voice vlan p.497
• Set the aging time for the voice vlan p.497
• Port config to load the following page p.497
• Global config to load the following page p.497
• Follow these steps to configure the voice vlan globally p.497
• Select your desired ports and choose the port mode p.498
• Follow these steps to configure voice vlan mode on ports p.498
• Using the cli p.499
• Set the security mode for selected ports p.499
• Follow these steps to configure the voice vlan p.499
• Click apply p.499
• Network topology p.503
• Network requirements p.503
• Configuration scheme p.503
• Configuration example p.503
• B ports connected to ip phones use the voice vlan for voice traffic and ports connected to p.504
• Voice traffics from switch a and switch b are forwarded to voice gateway and internet through p.504
• Vlan config and click create to load the p.504
• Using the gui and using the cli p.504
• Using the gui p.504
• Switch c p.504
• Internet p.504
• In the meeting room computers and ip phones are connected to different ports of switch p.504
• Following page create vlan 10 p.504
• Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways p.504
• Configurations for switch a p.504
• Computers use the default vlan for data traffic p.504
• Vlan config and edit vlan 10 to load the p.506
• Following page add port 1 0 2 to the voice vlan p.506
• Configurations for switch b p.508
• Configurations for switch c p.510
• Configurations for switch a p.511
• Using the cli p.511
• Configurations for switch b p.512
• Verify the configurations p.513
• Switch a p.513
• Configurations for switch c p.513
• Switch c p.514
• Switch b p.514
• Description p.515
• Default settings of voice vlan are listed in the following tables p.515
• Appendix default parameters p.515
• Part 18 p.516
• Configuring acl p.516
• Chapters p.516
• Policy binding p.517
• Overview p.517
• Acl binding p.517
• Supported features p.517
• Using the gui p.518
• Creating an acl p.518
• Acl configurations p.518
• Configuring the mac acl rule p.519
• Configuring acl rules p.519
• Tandard i p.520
• Standard ip acl to load the following page p.520
• Standard i p.520
• Select a standard ip acl from the drop down list enter a rule id and specify the operation p.520
• For the matched packets p.520
• Follow these steps to create the standard ip acl rule p.520
• Configuring the standard ip acl rule p.520
• Configure the rule s packet matching criteria p.520
• Click apply p.520
• Click apply p.521
• The matched packets p.521
• Select an extend ip acl from the drop down list enter a rule id and specify the operation for p.521
• Follow these steps to create the extend ip acl rule p.521
• Extend ip acl to load the following page p.521
• Extend ip ac p.521
• Configuring the extend ip acl rule p.521
• Configure the rule s packet matching criteria p.521
• Configure the rule s packet matching criteri p.521
• Select an ipv6 acl from the drop down list enter a rule id and specify the operation for the p.522
• Ipv6 acl to load the following page p.522
• Follow these steps to create the ipv6 acl rule p.522
• Configuring the ipv6 acl rule p.522
• Click apply p.522
• Click apply p.523
• By default a rule configured earlier is listed before a rule configured later the switch matches a p.523
• Acl rule or change the matching order if needed p.523
• Verifying the rule table p.523
• The rules in an acl are listed in ascending order of configuration time regardless of their rule ids p.523
• Received packet with the rules in order when a packet matches a rule the device stops the match p.523
• Process and performs the action defined in the rule p.523
• In the acl rule table you can view all the acls and their rules you can also delete an acl or an p.523
• Configure the rule s packet matching criteri p.523
• Creating a policy p.524
• Configuring policy p.524
• Applying an acl to the policy p.524
• Configuring the acl binding and policy binding p.525
• Configuring the acl binding p.525
• Binding the acl to a port p.525
• Follow these steps to bind the acl to a vlan p.526
• Configuring the policy binding p.526
• Binding the policy to a port p.526
• Binding the acl to a vlan p.526
• You can bind the policy to a port or a vlan the received packets will then be matched and p.526
• Vlan binding to load the following page p.526
• Select the acl and enter the vlan id and click appl p.526
• Processed according to this policy p.526
• You can view both port binding and vlan binding entries in the table you can also delete p.527
• Vlan binding to load the following page p.527
• Verifying the binding configuration p.527
• Verifying the acl binding p.527
• Select the policy and the port to be bound and clic p.527
• Select the acl and enter the vlan id and clic p.527
• Follow these steps to bind the policy to a vlan p.527
• Follow these steps to bind the policy to a port p.527
• Existing entries if needed p.527
• Binding the policy to a vlan p.527
• Verifying the policy binding p.528
• Addresses protocol type and so on p.529
• You can define the rules based on source or destination ip addresses source or destination mac p.529
• Using the cli p.529
• Follow the steps to create different types of acl and configure the acl rules p.529
• Configuring the mac acl p.529
• Configuring acl p.529
• Binding table to load the following page p.529
• The following example shows how to create mac acl 50 and configure rule 1 to permit packets p.530
• Switch copy running config startup config p.530
• Switch configure p.530
• Switch config mac acl show access list 50 p.530
• Switch config mac acl rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff p.530
• Switch config mac acl end p.530
• Switch config mac access list 50 p.530
• Rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff p.530
• Mac access list 50 p.530
• Configuring the standard ip acl p.530
• With source mac address 00 34 a2 d4 34 b5 p.530
• The following example shows how to create standard ip acl 600 and configure rule 1 to permit p.531
• Switch copy running config startup config p.531
• Switch configure p.531
• Switch config show access list 600 p.531
• Switch config rule 1 permit sip 192 68 00 smask 255 55 55 55 p.531
• Switch config end p.531
• Switch config access list create 600 p.531
• Standard ip access list 600 p.531
• Rule 1 permit sip 192 68 00 smask 255 55 55 55 p.531
• Packets with source ip address 192 68 00 p.531
• Switch config access list extended 1700 rule 7 deny sip 192 68 00 smask 255 55 55 55 p.532
• Switch config access list create 1700 p.532
• Protocol 6 d port 23 p.532
• Extended ip access list 1700 p.532
• Configuring the extend ip acl p.532
• The following example shows how to create extend ip acl 1700 and configure rule7 to deny p.532
• Telnet packets with source ip192 68 00 p.532
• Switch configure p.532
• Switch config show access list 1700 p.532
• Switch copy running config startup config p.533
• Switch config end p.533
• Rule 7 deny sip 192 68 00 smask 255 55 55 55 protocol 6 d port 23 p.533
• Configuring the ipv6 acl p.533
• Switch config end p.534
• Switch config access list ipv6 3600 rule 1 deny sip p.534
• Switch config access list create 3600 p.534
• Rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff ff ffff ffff p.534
• Ipv6 access list 3600 p.534
• Follow the steps below to create a policy and configure the policy actions p.534
• Configuring policy p.534
• Cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff p.534
• With source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 p.534
• The following example shows how to create ipv6 acl 3600 and configure rule 1 to deny packets p.534
• Switch copy running config startup config p.534
• Switch configure p.534
• Switch config show access list 3600 p.534
• Switch configure p.535
• Switch config show access list policy rd p.535
• Switch config end p.535
• Switch config action exit p.535
• Switch config access list policy name rd p.535
• Switch config access list policy action rd 600 p.535
• Processed according to the acl rules p.535
• Policy name rd p.535
• Acl binding and policy binding p.535
• Acl binding p.535
• Access list 600 p.535
• You can select acl binding or policy binding according to your needs an acl rule and policy p.535
• You can bind the acl to a port or a vlan the received packets will then be matched and p.535
• The following example shows how to create policy rd and apply acl 600 to policy rd p.535
• Takes effect only after they are bound to a port or vlan p.535
• Switch copy running config startup config p.535
• Policy binding p.536
• Switch config if exit p.537
• Switch config if end p.537
• Switch config if access list bind policy 2 p.537
• Switch config if access list bind policy 1 p.537
• Port port lis p.537
• Policy nam p.537
• Index policy name interface vid direction type p.537
• Index acl id interface vid direction type p.537
• Gi1 0 2 ingress port p.537
• Vlan i p.537
• 2 ingress vlan p.537
• The following example shows how to bind policy 1 to port 2 and policy 2 to vlan 2 p.537
• Switch copy running config startup config p.537
• Switch configure p.537
• Switch config interface vlan 2 p.537
• Switch config interface gigabitethernet 1 0 2 p.537
• Switch config if show access list bind p.537
• The marketing department can only access the server group p.538
• Network topology p.538
• Network requirements p.538
• Configuration scheme p.538
• Configuration example for acl p.538
• As shown below computers in the marketing department are connected to the switch via port p.538
• And configuring rules for it p.538
• A company s server group can provide different types of services it is required that p.538
• 0 1 and the server group is connected to the switch via port 1 0 2 p.538
• To meet the requirements above you can configure packet filtering by creating an extend ip acl p.538
• The marketing department can only visit http and https websites on the internet p.538
• Using the gui p.539
• Configuring acl p.539
• Binding configuration p.539
• Rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp p.541
• Policy create to load the following page configure p.541
• Or udp 53 dns service port p.541
• Using the cli p.543
• Verify the configurations p.544
• Index acl id interface vid direction type p.545
• For standard ip acl p.546
• For mac acl p.546
• For ipv6 acl p.546
• For extend ip acl p.546
• Appendix default parameters p.546
• Part 19 p.547
• Configuring network security p.547
• Chapters p.547
• Supported features p.548
• Overview p.548
• Network security p.548
• Ip mac binding p.548
• Dhcp snooping p.548
• Arp inspection p.549
• Dos defend p.550
• Using the gui p.552
• Ip mac binding configurations p.552
• Binding entries manually p.552
• Arp scanning to load the following p.553
• Arp scanning p.553
• And the connected port number of the host you can bind these entries conveniently p.553
• With arp scanning the switch sends the arp request packets of the specified ip field to the hosts p.553
• Upon receiving the arp reply packet the switch can get the ip address mac address vlan id p.553
• The binding entries can be dynamically learned from arp scanning and dhcp snooping p.553
• Select the port that is connected to this host p.553
• Select protect type for the entry p.553
• Click bind p.553
• Binding entries dynamically p.553
• With dhcp snooping enabled the switch can monitor the ip address obtaining process of the p.554
• To scan the entries in the specified ip address range and vlan p.554
• Parameters then click apply p.554
• In the scanning result section select one or more entries and configure the relevant p.554
• In the scanning option section specify an ip address range and a vlan id then click scan p.554
• Host and record the ip address mac address vlan id and the connected port number of the p.554
• For instructions on how to configure dhcp snooping refer to dhcp snooping configurations p.554
• Follow these steps to configure ip mac binding via arp scanning p.554
• Dhcp snooping p.554
• With the binding table you can view and search the specified binding entries p.555
• Viewing the binding entries p.555
• The host name and protect type for one or more entries and click apply p.555
• In the search section specify the search criteria to search your desired entries p.555
• In the binding table section you can view the searched entries additionally you can configure p.555
• Binding table to load the following p.555
• You can manually bind the ip address mac address vlan id and the port number together on p.556
• Using the cli p.556
• The condition that you have got the related information of the hosts p.556
• Is introduced in dhcp snooping configurations the following sections introduce how to bind p.556
• Follow these steps to manually bind entries p.556
• Entries manually and view the binding entries p.556
• Binding entries via arp scanning is not supported by the cli binding entries via dhcp snooping p.556
• Binding entries manually p.556
• Entry for the arp detection feature p.557
• 68 5 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this p.557
• Viewing binding entries p.557
• U no host ip addr mac addr vid port acl col p.557
• To view binding entries p.557
• The following example shows how to bind an entry with the hostname host1 ip address p.557
• Switch copy running config startup config p.557
• Switch configure p.557
• Switch config show ip source binding p.557
• Switch config ip source binding host1 192 68 5 aa bb cc dd ee ff vlan 10 interface p.557
• Switch config end p.557
• On privileged exec mode or any other configuration mode you can use the following command p.557
• Host1 192 68 5 aa bb cc dd ee ff 10 gi1 0 5 arp d p.557
• Gigabitethernet 1 0 5 arp detection p.557
• Using the gui p.558
• Enabling dhcp snooping on vlan p.558
• Dhcp snooping configuration p.558
• Click apply p.559
• Select one or more ports and configure the parameters p.559
• Port config to load the following p.559
• Globally enable dhcp snooping p.559
• Follow these steps to enable dhcp snooping p.559
• Follow these steps to configure dhcp snooping on the specified port p.559
• Enable dhcp snooping on a vlan or range of vlans p.559
• Configuring dhcp snooping on ports p.559
• Request packet and then transmit the packet to the dhcp server administrators can check the p.560
• Optional configuring option 82 p.560
• Option 82 records the location of the dhcp client the switch can add option 82 to the dhcp p.560
• Option 82 config to load the p.560
• Location of the dhcp client via option 82 the dhcp server supporting option 82 can also set p.560
• Following page p.560
• Follow these steps to configure option 82 p.560
• Distribution way p.560
• Click apply p.560
• The distribution policy of ip addresses and other parameters providing a more flexible address p.560
• Select one or more ports and configure the parameters p.560
• Using the cli p.561
• Globally configuring dhcp snooping p.561
• Follow these steps to globally configure dhcp snooping p.561
• Click apply p.561
• The following example shows how to enable dhcp snooping globally and on vlan 5 p.562
• Switch copy running config startup config p.562
• Switch configure p.562
• Switch config show ip dhcp snooping p.562
• Switch config ip dhcp snooping vlan 5 p.562
• Switch config ip dhcp snooping p.562
• Switch config if end p.562
• Global status enable p.562
• Follow these steps to configure dhcp snooping on the specified ports p.562
• Configuring dhcp snooping on ports p.562
• Vlan id 5 p.562
• Optional configuring option 82 p.563
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy p.564
• Switch configure p.564
• Switch config interface gigabitethernet 1 0 7 p.564
• Switch config if ip dhcp snooping information option p.564
• Follow these steps to configure option 82 p.564
• As replace the circuit id as vlan20 and the remote id as host1 p.564
• Using the gui p.566
• Configuring arp detection p.566
• Arp inspection configurations p.566
• Configuring arp defend p.567
• You can view the number of the illegal arp packets received on each port which facilitates you p.568
• Viewing arp statistics p.568
• To locate the network malfunction and take the related protection measures p.568
• Click apply p.568
• Using the cli p.569
• Configuring arp detection p.569
• Switch configure p.570
• Switch config ip arp inspection p.570
• Switch config interface gigabitethernet 1 0 1 p.570
• Switch config if show ip arp inspection p.570
• Switch config if ip arp inspection trust p.570
• Switch config if end p.570
• Port trusted p.570
• Gi1 0 2 no p.570
• Gi1 0 1 yes p.570
• Follow these steps to configure arp detection p.570
• Configurations p.570
• Configuration complete ip mac binding configuration for details refer to ip mac binding p.570
• Arp detection global status enabled p.570
• A trusted port p.570
• The following example shows how to globally enable arp detection and configure port 1 0 1 as p.570
• With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds p.571
• When the transmission speed of the legal arp packet on the port exceeds the defined value so as p.571
• To avoid arp attack flood p.571
• The following example shows how to enable arp defend and configure the arp inspection limit p.571
• Switch copy running config startup config p.571
• Switch configure p.571
• Switch config interface gigabitethernet 1 0 2 p.571
• Switch config if ip arp inspection limit rate 20 p.571
• Switch config if ip arp inspection p.571
• Rate as 20 pps on port 1 0 2 p.571
• Follow these steps to configure arp defend p.571
• Configuring arp defend p.571
• Viewing arp statistics p.572
• Dos defend to load the following page p.573
• Dos defend configuration p.573
• Using the gui p.573
• In the defend table section select one or more defend types according to your needs the p.573
• In the configure section enable dos protection p.573
• Following table introduces each type of dos attack p.573
• Follow these steps to configure dos defend p.573
• Using the cli p.574
• Follow these steps to configure dos defend p.574
• Click apply p.574
• The following example shows how to enable the dos defend type named land p.575
• Switch configure p.575
• Switch config ip dos prevent type land p.575
• Switch config ip dos prevent p.575
• X configuration p.577
• Using the gui p.577
• Configuring 802 x globally p.577
• In the authentication config section enable quiet configure the quiet timer and click p.578
• In the global config section enable 802 x globally and click apply p.578
• Port config to load the following page p.579
• Configuring 802 x on ports p.579
• Configure 802 x authentication on the desired port and click apply p.579
• Enabling aaa function p.580
• Configuring the radius server p.580
• Adding the radius server p.580
• Server group to load the following page p.581
• Select the newly added group and click edit in the operation column p.581
• In the add new server group section specify the name and server type for the new server p.581
• Group and click add p.581
• Configuring the radius server group p.581
• Using the cli p.582
• Configuring the dot1x list p.582
• Configuring 802 x globally p.582
• Configuring 802 x on ports p.584
• The following example shows how to enable 802 x authentication on port 1 0 2 configure the p.585
• Switch configure p.585
• Switch config interface gigabitethernet 1 0 2 p.585
• Switch config if dot1x port method port based p.585
• Switch config if dot1x port control auto p.585
• Switch config if dot1x p.585
• Control type as port based and configure the control mode as auto p.585
• Switch copy running config startup config p.586
• Switch config if show dot1x interface gigabitethernet 1 0 2 p.586
• Switch config if end p.586
• Port state guestvlan portcontrol portmethod authorized lag p.586
• Gi1 0 2 enabled disabled auto port based unauthorized n a p.586
• Follow these steps to configure radius p.586
• Configuring the radius server p.586
• Named radius1 and apply this server group to the 802 x authentication the ip address of the p.587
• Accounting port is 1813 p.587
• The following example shows how to enable aaa add a radius server to the server group p.587
• Switch show radius server p.587
• Switch configure p.587
• Switch config radius server host 192 68 00 key 123456 auth port 1812 acct port 1813 p.587
• Switch config aaa group radius radius1 p.587
• Switch config aaa authentication dot1x default radius1 p.587
• Switch config aaa accounting dot1x default radius1 p.587
• Switch aaa group server 192 68 00 p.587
• Switch aaa group exit p.587
• Switch aaa enable p.587
• Server ip auth port acct port timeout retransmit shared key p.587
• Radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the p.587
• Configuration guidelines p.589
• Aaa configuration p.589
• Globally enabling aaa p.590
• Adding servers p.590
• Using the gui p.590
• Radius conifg to load the following page p.591
• In the server config section configure the following parameters p.591
• Follow these steps to add a radius server p.591
• Adding radius server p.591
• The switch has two built in server groups one for radius servers and the other for tacacs p.592
• Tacacs conifg to load the following page p.592
• Servers the servers running the same protocol are automatically added to the default server p.592
• In the server config section configure the following parameters p.592
• Group you can add new server groups as needed p.592
• Follow these steps to add a tacacs server p.592
• Configuring server groups p.592
• Click add to add the tacacs server on the switch p.592
• Click add to add the radius server on the switch p.592
• Adding tacacs server p.592
• Configuring the method list p.594
• You can edit the default methods or follow these steps to add a new method p.595
• In the add method list section configure the parameters for the method to be added p.595
• In the aaa application list section select an access application and configure the login list p.595
• Global config to load the following page p.595
• Follow these steps to configure the aaa application list p.595
• Configuring the aaa application list p.595
• Click add to add the new method p.595
• And enable list p.595
• On the switch p.596
• On the server p.596
• Configuring login account and enable password p.596
• Follow these steps to globally enable aaa p.597
• Follow these steps to add radius server on the switch p.597
• Adding servers p.597
• Adding radius server p.597
• Aaa global status enable p.597
• You can add one or more radius tacacs servers on the switch for authentication if multiple p.597
• Using the cli p.597
• The following example shows how to globally enable aaa p.597
• Switch copy running config startup config p.597
• Switch configure p.597
• Switch config show aaa global p.597
• Switch config end p.597
• Switch config aaa enable p.597
• Switch and the others act as backup servers in case the first one breaks down p.597
• Servers are added the server with the highest priority authenticates the users trying to access the p.597
• Globally enabling aaa p.597
• Switch config end p.598
• Server ip auth port acct port timeout retransmit shared key p.598
• Server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as p.598
• Seconds and the retransmit number as 3 p.598
• 68 0 1812 1813 8 3 123456 p.598
• The following example shows how to add a radius server on the switch set the ip address of the p.598
• Switch copy running config startup config p.598
• Switch configure p.598
• Switch config show radius server p.598
• Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key p.598
• The following example shows how to add a tacacs server on the switch set the ip address p.599
• Switch copy running config startup config p.599
• Switch configure p.599
• Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 p.599
• Switch config show tacacs server p.599
• Switch config end p.599
• Server ip port timeout shared key p.599
• Of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the p.599
• Follow these steps to add tacacs server on the switch p.599
• Adding tacacs server p.599
• 68 0 49 8 123456 p.599
• Timeout as 8 seconds p.599
• The two default server groups cannot be deleted or edited follow these steps to add a server p.600
• The switch has two built in server groups one for radius and the other for tacacs the servers p.600
• The following example shows how to create a radius server group named radius1 and add the p.600
• Switch copy running config startup config p.600
• Switch configure p.600
• Switch config aaa group radius radius1 p.600
• Switch aaa group show aaa group radius1 p.600
• Switch aaa group server 192 68 0 p.600
• Switch aaa group end p.600
• Server groups as needed p.600
• Running the same protocol are automatically added to the default server group you can add new p.600
• Existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group p.600
• Configuring server groups p.600
• And enable method list for guests to get administrative privileges p.601
• A method list describes the authentication methods and their sequence to authenticate the p.601
• Users the switch supports login method list for users of all types to gain access to the switch p.601
• The method 1 as the default radius server group and the method 2 as local p.601
• The following example shows how to create a login method list named login1 and configure p.601
• Switch configure p.601
• Switch config show aaa authentication login p.601
• Switch config aaa authentication login login1 radius local p.601
• Methodlist pri1 pri2 pri3 pri4 p.601
• Login1 radius local p.601
• Follow these steps to configure the method list p.601
• Default local p.601
• Configuring the method list p.601
• Follow these steps to apply the login and enable method lists for the application telnet p.602
• Enable1 radius local p.602
• Default local p.602
• Configuring the aaa application list p.602
• And http p.602
• You can configure authentication method lists on the following access applications telnet ssh p.602
• The method 1 as the default radius server group and the method 2 as local p.602
• The following example shows how to create an enable method list named enable1 and configure p.602
• Telnet p.602
• Switch copy running config startup config p.602
• Switch configure p.602
• Switch config show aaa authentication enable p.602
• Switch config end p.602
• Switch config aaa authentication enable enable1 radius local p.602
• Methodlist pri1 pri2 pri3 pri4 p.602
• Switch config line enable authentication enable1 p.603
• Ssh default default p.603
• Module login list enable list p.603
• Http default default p.603
• Follow these steps to apply the login and enable method lists for the application ssh p.603
• Enable method list named enable1 for the application telnet p.603
• The following example shows how to apply the existing login method list named login1 and p.603
• Telnet login1 enable1 p.603
• Switch copy running config startup config p.603
• Switch configure p.603
• Switch config line telnet p.603
• Switch config line show aaa global p.603
• Switch config line login authentication login1 p.603
• Switch config line end p.603
• Switch config line login authentication login1 p.604
• Switch config line end p.604
• Switch config line enable authentication enable1 p.604
• Ssh login1 enable1 p.604
• Module login list enable list p.604
• Http default default p.604
• Follow these steps to apply the login and enable method lists for the application http p.604
• Enable method list named enable1 for the application ssh p.604
• The following example shows how to apply the existing login method list named login1 and p.604
• Telnet default default p.604
• Switch copy running config startup config p.604
• Switch configure p.604
• Switch config line ssh p.604
• Switch config line show aaa global p.604
• On the switch p.605
• Configuring login account and enable password p.605
• Server besides both the user name and password can be customized p.606
• Password is customizable all the users trying to get administrative privileges share this p.606
• On the server p.606
• Network information without the enable password p.606
• For login authentication configuration more than one login account can be created on the p.606
• For enable password configuration the user name should be set as enable and the enable p.606
• Enable password p.606
• Enable and providing the enable password p.606
• Tips the logged in guests can get administrative privileges by using the command admin p.606
• The accounts created by the radius tacacs server can only view the configurations and some p.606
• Some configuration principles on the server are as follows p.606
• Network requirements p.607
• Example for dhcp snooping and arp detection p.607
• Configuration scheme p.607
• Configuration examples p.607
• Using the gui p.608
• Using the cli p.611
• Verify the configuration p.612
• Network topology p.614
• Network requirements p.614
• Example for 802 x p.614
• Configuration scheme p.614
• Demonstrated with t1600g 28ts acting as the authenticator the following sections provide p.615
• Configuration procedure in two ways using the gui and using the cli p.615
• Using the gui p.615
• Internet p.615
• Global config to load the p.615
• Following page enable 802 x authentication and configure the authentication method as p.615
• Eap enable the quiet feature and then keep the default authentication settings p.615
• Using the cli p.618
• Verify the configurations p.619
• Network requirements p.620
• Example for aaa p.620
• Using the gui p.621
• Configuration scheme p.621
• Using the cli p.624
• Verify the configuration p.625
• Default settings of network security are listed in the following tables p.627
• Appendix default parameters p.627
• Chapters p.631
• Part 20 p.631
• Configuring lldp p.631
• Supported features p.632
• Overview p.632
• Using the gui p.633
• Lldp configurations p.633
• Global config p.633
• In the parameters config section configure the lldp parameters click apply p.634
• In the global config section enable lldp click apply p.634
• Follow these steps to enable lldp and configure the lldp feature globally p.634
• Select the desired port and set its admin status and notification mode p.635
• Port config p.635
• Policy config to load the following page p.635
• Follow these steps to configure the lldp feature for the interface p.635
• Global config p.636
• Enable the lldp feature on the switch and configure the lldp parameters p.636
• Using the cli p.636
• Select the tlvs type length value included in the lldp packets according to your needs p.636
• Tx interval 30 seconds p.637
• Ttl multiplier 4 p.637
• The following example shows how to configure the following parameters lldp timer 4 tx p.637
• Switch configure p.637
• Switch config show lldp p.637
• Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count p.637
• Switch config lldp hold multiplier 4 p.637
• Switch config lldp p.637
• Lldp status enabled p.637
• Interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast p.637
• Count 3 p.637
• Lldp med fast start repeat count 4 p.638
• Initialization delay 2 seconds p.638
• Fast packet count 3 p.638
• Tx delay 2 seconds p.638
• Trap notification interval 5 seconds p.638
• Switch copy running config startup config p.638
• Switch config end p.638
• Select the desired port and set its admin status notification mode and the tlvs included in the p.638
• Port config p.638
• Lldp packets p.638
• Switch copy running config startup config p.640
• Switch config if end p.640
• Power yes p.640
• Using the gui p.641
• Lldp med configurations p.641
• Global config p.641
• Port config p.642
• Lldp status enabled p.644
• Global config p.644
• Using the cli p.644
• Tx interval 30 seconds p.644
• Tx delay 2 seconds p.644
• Ttl multiplier 4 p.644
• The following example shows how to configure lldp med fast count as 4 p.644
• Switch configure p.644
• Switch config show lldp p.644
• Switch config lldp med fast count 4 p.644
• Switch config lldp p.644
• Switch copy running config startup config p.645
• Switch config end p.645
• Select the desired port enable lldp med and select the tlvs type length value included in p.645
• Port config p.645
• Lldp med fast start repeat count 4 p.645
• Initialization delay 2 seconds p.645
• Fast packet count 3 p.645
• Trap notification interval 5 seconds p.645
• The outgoing lldp packets according to your needs p.645
• Viewing lldp settings p.648
• Viewing lldp device info p.648
• Using gui p.648
• Information p.649
• In the local info section select the desired port and view its associated local device p.649
• In the auto refresh section enable the auto refresh feature and set the refresh rate p.649
• Follow these steps to view the local information p.649
• According to your needs click apply p.649
• Viewing the neighbor info p.650
• Viewing lldp statistics p.651
• Viewing the local info p.652
• Viewing lldp statistics p.652
• Using cli p.652
• In the neighbors statistics section view the statistics of the corresponding port p.652
• Viewing the neighbor info p.652
• Viewing the local info p.653
• Viewing lldp med settings p.653
• Using gui p.653
• Viewing the neighbor info p.654
• Settings p.654
• In the lldp med neighbor info section select the desired port and view the lldp med p.654
• In the auto refresh section enable the auto refresh feature and set the refresh rate p.654
• Follow these steps to view lldp med neighgbor information p.654
• According to your needs click apply p.654
• Viewing the neighbor info p.655
• Viewing the local info p.655
• Viewing lldp statistics p.655
• Using cli p.655
• Configuration scheme p.656
• Configuration example p.656
• Network topology p.656
• Network requirements p.656
• Example for configuring lldp p.656
• Using the gui p.657
• Using cli p.658
• Verify the configurations p.659
• Configuration file p.659
• Network requirements p.664
• Example for configuring lldp med p.664
• Using the gui p.665
• Network topology p.665
• Configuration scheme p.665
• Using the cli p.669
• Configuration file p.670
• Verify the configurations p.671
• Appendix default parameters p.678
• Default settings of lldp are listed in the following tables p.678
• Default lldp settings p.678
• Default lldp med settings p.678
• Part 21 p.679
• Configuring maintenance p.679
• Chapters p.679
• System monitor p.680
• Supported features p.680
• Overview p.680
• Network diagnose p.680
• Maintenance p.680
• Device diagnose p.680
• Using the gui p.681
• Monitoring the system p.681
• Monitoring the cpu p.681
• Monitoring the cpu p.682
• Using the cli p.682
• Monitoring the memory p.682
• Monitoring the memory p.683
• Viewing the log table p.684
• System log configurations include p.684
• System log configurations p.684
• Of the switch is affected please take actions according to the log message p.684
• Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality p.684
• Configuring the remote log p.684
• Configuring the local log p.684
• Configuration guidelines p.684
• Backing up log files p.684
• Follow these steps to configure the local log p.685
• Configuring the remote log p.685
• Configuring the local log p.685
• Click apply p.685
• Using the gui p.685
• Select your desired channel and configure the corresponding severity and status p.685
• Run a log server that complies with the syslog standard p.685
• Remote log enables the switch to send system logs to a host to display the logs the host should p.685
• Local log to load the following page p.685
• Viewing the log table p.686
• Backing up the log file p.686
• Using the cli p.687
• Select a module and a severity to view the corresponding log information p.687
• Follow these steps to configure the local log p.687
• Configuring the local log p.687
• Switch config logging file flash level 2 p.688
• Switch config logging file flash frequency periodic 10 p.688
• Switch config logging file flash p.688
• Switch config logging buffer level 5 p.688
• Switch config logging buffer p.688
• To 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours p.688
• The following example shows how to configure the local log on the switch save logs of levels 0 p.688
• Switch configure p.688
• Switch config show logging local config p.688
• Switch copy running config startup config p.689
• Switch configure p.689
• Switch config end p.689
• Run a log server that complies with the syslog standard p.689
• Remote log enables the switch to send system logs to a host to display the logs the host should p.689
• Monitor 5 enable immediately p.689
• Ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the host p.689
• Follow these steps to set the remote log p.689
• Flash 2 enable 10 hour s p.689
• Configuring the remote log p.689
• Channel level status sync periodic p.689
• Buffer 5 enable immediately p.689
• The following example shows how to set the remote log on the switch enable log host 2 set its p.689
• Using the gui p.691
• In the result section click apply and check the test results p.691
• In the port section select your desired port for the test p.691
• Diagnosing the device p.691
• Cable test to load the following page p.691
• Using the cli p.692
• To check the connection status of the cable that is connected to the switch p.692
• The following example shows how to check the cable diagnostics of port 1 0 2 p.692
• Switch show cable diagnostics interface gigabitehternet 1 0 2 p.692
• Port pair status length error p.692
• Pair d normal 2 10m p.692
• Pair c normal 0 10m p.692
• Pair b normal 2 10m p.692
• On privileged exec mode or any other configuration mode you can use the following command p.692
• Gi1 0 2 pair a normal 2 10m p.692
• Using the gui p.693
• Diagnosing the network p.693
• Configuring the ping test p.693
• Configuring the tracert test p.694
• Switch ping ip 192 68 0 n 3 l 1000 i 500 p.695
• Reply from 192 68 0 bytes 1000 time 16ms ttl 64 p.695
• Pinging 192 68 0 with 1000 bytes of data p.695
• Ping statistics for 192 68 0 p.695
• Packets sent 3 received 3 lost 0 0 loss p.695
• On privileged exec mode or any other configuration mode you can use the following command p.695
• Minimum 0ms maximum 0ms average 0ms p.695
• In the tracert result section check the test results p.695
• Destination device with the ip address 192 68 0 specify the ping times as 3 the data size as p.695
• Configuring the ping test p.695
• Bytes and the interval as 500 milliseconds p.695
• Approximate round trip times in milli seconds p.695
• Using the cli p.695
• To test the connectivity between the switch and one node of the network p.695
• The following example shows how to test the connectivity between the switch and the p.695
• Tracing route to 192 68 00 over a maximum of 2 hops p.696
• Trace complete p.696
• To test the connectivity between the switch and routers along the path from the source to the p.696
• The following example shows how to test the connectivity between the switch and the network p.696
• Switch tracert 192 68 00 2 p.696
• On privileged exec mode or any other configuration mode you can use the following command p.696
• Ms 2 ms 2 ms 192 68 00 p.696
• Ms 1 ms 2 ms 192 68 p.696
• Device with the ip address 192 68 00 set the maxhops as 2 p.696
• Destination p.696
• Configuring the tracert test p.696
• Configuration scheme p.697
• Configuration example for remote log p.697
• Using the gui p.697
• Network requirements p.697
• Verify the configurations p.698
• Using the cli p.698
• Default settings of maintenance are listed in the following tables p.699
• Appendix default parameters p.699
• Part 22 p.700
• Managing snmp rmon p.700
• Chapters p.700
• Snmp overview 5 rmon configurations p.701
• Snmp overview p.701
• Snmp configurations 6 configuration example p.701
• Rmon overview p.701
• Part 22 p.701
• Notification configurations 7 appendix default parameters p.701
• Choose snmpv1 or snmpv2c p.702
• Snmp configurations p.702
• Choose snmpv3 p.702
• Using the gui p.703
• Enabling snmp p.703
• Creating an snmp view p.703
• Snmp view to load the following page p.704
• Set the view name and one mib variable that is related to the view choose the view type and p.704
• Creating an snmp group p.704
• Create an snmp group and configure related parameters p.704
• Click create to add the view entry p.704
• Snmp group to load the following page p.705
• Set the group name and security model if you choose snmpv3 as the security model you p.705
• Need to further configure security level p.705
• Follow these steps to create an snmp group p.705
• Follow these steps to create an snmp user p.706
• Creating snmp users p.706
• Specify the user name user type and the group which the user belongs to set the security p.706
• Snmp user to load the following page p.706
• Set the read write and notify view of the snmp group click create p.706
• Need to configure the security level p.706
• Model according to the related parameters of the specified group if you choose snmpv3 you p.706
• If you want to use snmpv1 or snmpv2c as the security model you can create snmp communities p.707
• If you have chosen authnopriv or authpriv as the security level you need to set p.707
• Directly p.707
• Creating snmp communities p.707
• Corresponding auth mode or privacy mode if not skip the step p.707
• Click create p.707
• Using the cli p.708
• Snmp community to load the following page p.708
• Set the community name access rights and the related view click create p.708
• Enabling snmp p.708
• Bad snmp version errors p.709
• Unknown community name p.709
• The following example shows how to enable snmp and set 123456789a as the remote engine id p.709
• Switch configure p.709
• Switch config snmp server engineid remote 123456789a p.709
• Switch config snmp server p.709
• Switch config show snmp server p.709
• Snmp packets input p.709
• Snmp agent is enabled p.709
• Number of requested variables p.709
• Number of altered variables p.709
• Illegal operation for community name supplied p.709
• Get request pdus p.709
• Encoding errors p.709
• General errors p.710
• Creating an snmp view p.710
• Bad value errors p.710
• Trap pdus p.710
• Too big errors maximum packet size 1500 p.710
• Switch config show snmp server engineid p.710
• Switch copy running config startup config p.710
• Switch config end p.710
• Specify the oid object identifier of the view to determine objects to be managed p.710
• Snmp packets output p.710
• Set request pdus p.710
• Response pdus p.710
• Remote engine id 123456789a p.710
• No such name errors p.710
• Local engine id 80002e5703000aeb132397 p.710
• Get next pdus p.710
• Creating an snmp group p.711
• No name sec mode sec lev read view write view notify view p.712
• Nms monitor v3 authpriv view view p.712
• Enable auth mode and privacy mode and set the view as read view and notify view p.712
• The following example shows how to create an snmpv3 group name the group as nms monitor p.712
• Switch copy running config startup config p.712
• Switch configure p.712
• Switch config snmp server group nms monitor smode v3 slev authpriv read view notify p.712
• Switch config show snmp server group p.712
• Switch config end p.712
• Creating snmp users p.713
• Configure users of the snmp group users belong to the group and use the same security level p.713
• And access rights as the group p.713
• Password p.714
• No u name u type g name s mode s lev a mode p mode p.714
• Level sha as the authentication algorithm 1234 as the authentication password des as the p.714
• For snmpv1 and snmpv2c the community name is used for authentication functioning as the p.714
• Creating snmp communities p.714
• Admin remote nms monitor v3 authpriv sha des p.714
• Admin and set the user as a remote user snmpv3 as the security mode authpriv as the security p.714
• The following example shows how to create an snmp user on the switch name the user as p.714
• Switch copy running config startup config p.714
• Switch configure p.714
• Switch config snmp server user admin remote nms monitor smode v3 slev authpriv cmode p.714
• Switch config show snmp server user p.714
• Switch config end p.714
• Sha cpwd 1234 emode des epwd 1234 p.714
• Privacy algorithm and 1234 as the privacy password p.714
• Using the gui p.716
• Notification configurations p.716
• Configuration guidelines p.716
• Specify the user name or community name used by the nms and configure the security p.717
• Need to set retry times and timeout interval p.717
• Model and security level based on the settings of the user or community p.717
• Choose a notification type based on the snmp version if you choose the inform type you p.717
• Click create p.718
• Using the cli p.718
• Configuring the host p.718
• Configure parameters of the nms host and packet handling mechanism p.718
• Enabling the snmp standard trap p.719
• Enabling snmp notification p.719
• The following example shows how to configure the switch to send linkup traps p.720
• Switch copy running config startup config p.720
• Switch configure p.720
• Switch config snmp server traps snmp linkup p.720
• Switch config end p.720
• Optional enabling the snmp extend trap p.720
• The following example shows how to configure the switch to enable bandwidth control traps p.721
• Switch copy running config startup config p.721
• Switch configure p.721
• Switch config snmp server traps bandwidth control p.721
• Switch config end p.721
• The following example shows how to configure the switch to enable p.722
• Switch copy running config startup config p.722
• Switch configure p.722
• Switch config snmp server traps mac new p.722
• Switch config end p.722
• Optional enabling the vlan trap p.722
• Optional enabling the mac trap p.722
• The following example shows how to configure the switch to enable p.723
• Switch copy running config startup config p.723
• Switch configure p.723
• Switch config snmp server traps vlan create p.723
• Switch config interface gigabitethernet 1 0 1 p.723
• Switch config if snmp server traps link status p.723
• Switch config if end p.723
• Switch config end p.723
• Optional enabling the link status trap p.723
• The following example shows how to configure the switch to enable link status trap p.723
• Rmon overview p.724
• Using the gui p.725
• Rmon configurations p.725
• Configuring statistics p.725
• Valid or undercreation and click create p.726
• Specify the entry id the port to be monitored and the owner name of the entry set the entry as p.726
• Select a history entry and specify a port to be monitored p.726
• History to load the following page p.726
• Follow these steps to configure history p.726
• Configuring history p.726
• Follow these steps to configure event p.727
• Event to load the following page p.727
• Enter the owner name and set the status of the entry click apply p.727
• Configuring event p.727
• Choose an event entry and set the snmp user of the entry p.727
• Set the sample interval and the maximum buckets of history entries p.727
• The alarm entries must be associated with statistics and event entries p.728
• Set the description and type of the event p.728
• Enter the owner name and set the status of the entry click apply p.728
• Configuring alarm p.728
• Before you begin please complete configurations of statistics entries and event entries because p.728
• Alarm to load the following page p.728
• Statistics entry p.729
• Set the sample type the rising and falling threshold the corresponding event action and the p.729
• Select an alarm entry choose a variable to be monitored and associate the entry with a p.729
• Follow these steps to configure alarm p.729
• Alarm type of the entry p.729
• Using the cli p.730
• Enter the owner name and set the status of the entry click apply p.730
• Configuring statistics p.730
• Configuring history p.731
• The following example shows how to create a history entry on the switch to monitor port 1 0 1 p.732
• Switch copy running config startup config p.732
• Switch configure p.732
• Switch config show rmon history p.732
• Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor p.732
• Switch config end p.732
• Set the sample interval as 100 seconds max buckets as 50 and the owner as monitor p.732
• Index port interval buckets owner state p.732
• Gi1 0 1 100 50 monitor enable p.732
• Buckets 50 p.732
• The following example shows how to create an event entry on the switch set the user name as p.733
• Switch configure p.733
• Switch config rmon event 1 user admin description rising notify type notify owner monitor p.733
• Configuring event p.733
• As monitor p.733
• Admin the event type as notify set the switch to initiate notifications to the nms and the owner p.733
• Switch copy running config startup config p.734
• Switch config show rmon event p.734
• Switch config end p.734
• Index user description type owner state p.734
• Configuring alarm p.734
• Admin rising notify notify monitor enable p.734
• Switch config rmon alarm 1 stats index 1 alarm variable bpkt s type absolute rising p.735
• Statistics index 1 p.735
• Sample type absolute p.735
• Rhold revent 3000 1 p.735
• Related rising event entry index as 1 the falling threshold as 3000 the related falling event index p.735
• Monitor p.735
• Interval 10 owner monitor p.735
• Index state 1 enabled p.735
• As 2 the alarm type as all the notification interval as 10 seconds and the owner of the entry as p.735
• Alarm variable bpkt p.735
• Threshold 3000 rising event index 1 falling threshold 3000 falling event index 2 a type all p.735
• The related statistics entry id as 1 the sample type as absolute the rising threshold as 3000 the p.735
• The following example shows how to set an alarm entry to monitor bpackets on the switch set p.735
• Switch configure p.735
• Switch config show rmon alarm p.735
• Network requirements p.737
• Configuration scheme p.737
• Configuration example p.737
• Using the gui and using the cli p.738
• Network topology p.738
• Demonstrated with t1600g 28ts this chapter provides configuration procedures in two ways p.738
• Core switch switch b on switch a ports 1 0 1 and 1 0 2 are monitored by the nms port 1 0 3 is p.738
• Connected to switch b and port 1 0 3 and the nms are able to reach one another p.738
• As shown in the following figure the nms host with ip address 172 68 22 is connected to the p.738
• Configuring snmp p.739
• Configuring rate limit on ports p.739
• Using the gui p.739
• Enabling bandwith control trap p.741
• Configuring rmon p.741
• Using the cli p.744
• Enable bandwith control trap p.744
• Configuring snmp p.744
• Configuring rate limit on ports p.744
• Configuring rmon p.745
• Configuration file p.745
• Verify the configurations p.746
• Default settings of snmp are listed in the following table p.751
• Appendix default parameters p.751
• Default settings of notification are listed in the following table p.752