![Tp-Link T1600G-28PS (TL-SG2424P) [532/754] Configuring the extend ip acl](/img/pdf.png)
Tp-Link T1600G-28PS (TL-SG2424P) [532/754] Configuring the extend ip acl
![Tp-Link T1600G-28PS (TL-SG2424P) [532/754] Configuring the extend ip acl](/views2/1210084/page532/bg214.png)
Configuration Guide 510
Configuring ACL ACL Configurations
Configuring the Extend-IP ACL
Step 1 configure
Enter global configuration mode
Step 2 access-list create
access-list-num
Create an Extend-IP ACL
access-list-num:
Enter an ACL ID. The ID ranges from 1500 to 2499.
Step 3 access-list extended
acl-id
rule
rule-id
{deny | permit} [ [sip source-ip] smask
source-ip-mask
]
[ [dip
destination-ip
] dmask
destination-ip-mask
] [s-port
s-port
] [d-port
d-port
] [protocol
protocol
]
Add a rule to the ACL.
acl-id:
The ID number of the ACL you have created.
rule-id:
Specify the rule ID, which ranges from 0 to 1999. It should not be the same as any
existing Extend-IP ACL IDs
deny | permit
:
Specify the operation to be performed with the packets that match the rule.
Deny means to discard; permit means to forward. By default, it is permit.
source-ip:
Enter the source IP address.
source-ip-mask:
Enter the mask of the source IP address. This is required if a source IP address is
entered.
destination-ip:
Enter the destination IP address.
destination-ip-mask:
Enter the mask of the destination IP address. This is required if a
destination IP address is entered.
s-port:
Enter the TCP/UDP source port if TCP/UDP protocol is selected.
d-port:
Enter the TCP/UDP destination port if TCP/UDP protocol is selected.
protocol:
Specify a protocol type.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to create Extend-IP ACL 1700 and configure Rule7 to deny
Telnet packets with source IP192.168.2.100:
Switch#configure
Switch(config)#access-list create 1700
Switch(config)#access-list extended 1700 Rule 7 deny sip 192.168.2.100 smask 255.255.255.255
protocol 6 d-port 23
Switch(config)#show access-list 1700
Extended IP access list 1700
Содержание
- Configuration guide 1
- T1600g series switches 1
- About this guide 2
- Accessing the switch 2
- Command line interface access 1 2
- Contents 2
- Conventions 2
- Intended readers 2
- Managing system 2
- More information 2
- Overview 2
- System 3 2
- System info configurations 5 2
- Web interface access 2
- Access security configurations 6 3
- System tools configurations 6 3
- User management configurations 8 3
- Appendix default parameters 4 4
- Basic parameters configurations 9 4
- Configuration examples 7 4
- Loopback detection configuration 3 4
- Managing physical interfaces 4
- Physical interface 8 4
- Port isolation configurations 0 4
- Port mirror configuration 3 4
- Port security configuration 7 4
- Sdm template configuration 1 4
- Address configurations 33 5
- Appendix default parameters 06 5
- Appendix default parameters 23 5
- Appendix default parameters 29 5
- Configuration example 19 5
- Configuring lag 5
- Lag 09 5
- Lag configuration 10 5
- Mac address table 31 5
- Managing mac address table 5
- Monitoring traffic 5
- Traffic monitor 25 5
- Appendix default parameters 50 6
- Configuration example 59 6
- Configuring 802 q vlan 6
- Example for security configurations 47 6
- Overview 52 6
- Q vlan configuration 53 6
- Security configurations 41 6
- Appendix default parameters 65 7
- Appendix default parameters 81 7
- Configuration example 73 7
- Configuration example 90 7
- Configuring mac vlan 7
- Configuring protocol vlan 7
- Mac vlan configuration 68 7
- Overview 67 7
- Overview 83 7
- Protocol vlan configuration 84 7
- Appendix default parameters 00 8
- Configuring spanning tree 8
- Mstp configurations 20 8
- Spanning tree 02 8
- Stp rstp configurations 10 8
- Stp security configurations 39 8
- Appendix default parameters 63 9
- Configuration example for mstp 44 9
- Igmp snooping configurations 68 9
- Layer 2 multicast 66 9
- Managing layer 2 multicast 9
- Configuring mld snooping 06 11
- Viewing multicast snooping configurations 41 12
- Appendix default parameters 77 13
- Configuration examples 44 13
- Logical interfaces configurations 82 13
- Managing logical interfaces 13
- Overview 81 13
- Appendix default parameter 08 14
- Appendix default parameters 93 14
- Configuring dhcp relay 14
- Configuring static routing 14
- Dhcp relay configuration 11 14
- Example for static routing 03 14
- Ipv4 static routing configuration 96 14
- Ipv6 static routing configuration 98 14
- Overview 10 14
- Overview 95 14
- Viewing routing table 01 14
- Appendix default parameters 20 15
- Arp configurations 23 15
- Bandwidth control configuration 42 15
- Configuration example 17 15
- Configuration examples 48 15
- Configuring arp 15
- Configuring qos 15
- Diffserv configuration 30 15
- Overview 22 15
- Qos 29 15
- Acl 95 16
- Acl configurations 96 16
- Appendix default parameters 68 16
- Appendix default parameters 93 16
- Configuration example 81 16
- Configuring acl 16
- Configuring voice vlan 16
- Overview 71 16
- Voice vlan configuration 73 16
- Appendix default parameters 24 17
- Arp inspection configurations 44 17
- Configuration example for acl 16 17
- Configuring network security 17
- Dhcp snooping configuration 36 17
- Ip mac binding configurations 30 17
- Network security 26 17
- Aaa configuration 67 18
- Configuration examples 85 18
- Dos defend configuration 51 18
- X configuration 55 18
- Appendix default parameters 05 19
- Configuring lldp 19
- Lldp 10 19
- Lldp configurations 11 19
- Lldp med configurations 19 19
- Viewing lldp settings 26 19
- Appendix default parameters 56 20
- Configuration example 34 20
- Configuring maintenance 20
- Maintenance 58 20
- Monitoring the system 59 20
- System log configurations 62 20
- Viewing lldp med settings 31 20
- Appendix default parameters 77 21
- Configuration example for remote log 75 21
- Diagnosing the device 69 21
- Diagnosing the network 71 21
- Managing snmp rmon 21
- Notification configurations 94 21
- Snmp configurations 80 21
- Snmp overview 79 21
- Appendix default parameters 29 22
- Configuration example 15 22
- Rmon configurations 03 22
- Rmon overview 02 22
- About this guide 23
- Conventions 23
- Intended readers 23
- More information 24
- Accessing the switch 25
- Chapters 25
- Part 1 25
- Overview 26
- Web interface access 27
- Save config function 28
- Disable the web server 29
- Configure the switch s ip address and default gateway 30
- Box displays the valid default gateway 32
- Check the routing table to verify the default gateway you configured the entry marked in red 32
- Click save config to save the settings 32
- Command line interface access 33
- Console login only for switch with console port 33
- Telnet login 35
- Ssh login 36
- Password authentication mode 37
- Key authentication mode 38
- Disable ssh login 41
- Disable telnet login 41
- Change the switch s ip address and default gateway 42
- Copy running config startup config 42
- Chapters 44
- Managing system 44
- Part 2 44
- Access security 45
- Overview 45
- Supported features 45
- System 45
- System info 45
- System tools 45
- User management 45
- Sdm template 46
- System info configurations 47
- Using the gui 47
- Viewing the system summary 47
- Click a port to view the bandwidth utilization on this port 48
- Move the cursor to the port to view the detailed information of the port 48
- Setting the system time 49
- Specifying the device description 49
- Choose one method to set the system time and specify the information 50
- Click apply 50
- Daylight saving time to load the following page 50
- In the time config section follow these steps to configure the system time 50
- Setting the daylight saving time 50
- Choose one method to set the daylight saving time of the switch and specify the 51
- Follow these steps to configure daylight saving time 51
- In the dst config section select enable to enable the daylight saving time function 51
- Information 51
- Click apply 52
- Gi1 0 1 linkdown n a n a n a disable copper 52
- Gi1 0 2 linkdown n a n a n a disable copper 52
- Gi1 0 3 linkup 1000m full disable disable copper 52
- Gi1 0 50 linkdown n a n a n a disable fiber 52
- Gi1 0 51 linkdown n a n a n a disable fiber 52
- On privileged exec mode or any other configuration mode you can use the following command 52
- Port status speed duplex flowctrl jumbo active medium 52
- Switch 52
- Switch show interface status 52
- The following example shows how to view the interface status and the system information of the 52
- To view the system information of the switch 52
- Using the cli 52
- Viewing the system summary 52
- Contact information www tp link com 53
- Follow these steps to specify the device description 53
- Gi1 0 52 linkdown n a n a n a disable fiber 53
- Hardware version t1600g 52ts 1 53
- Running time 3 day 2 hour 8 min 26 sec 53
- Software version 1 build 20160412 rel 2132 s 53
- Specifying the device description 53
- Switch show system info 53
- System description jetstream 48 port gigabit smart switch with 4 sfp slots 53
- System location shenzhen 53
- System name t1600g 52ts 53
- System time 2016 01 04 10 07 38 53
- Setting the system time 54
- 8 00 63 and set the update rate as 11 57
- Backup ntp server 139 8 00 63 57
- Follow these steps and choose one method to set the daylight saving time 57
- Last successful ntp server 133 00 57
- Prefered ntp server 133 00 57
- Setting the daylight saving time 57
- Switch config end 57
- Switch config show system time ntp 57
- Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 57
- Switch configure 57
- Switch copy running config startup config 57
- The following example shows how to set the system time by get time from ntp server and set 57
- The time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 57
- Time zone utc 08 00 57
- Update rate 11 hour s 57
- Dst configuration is one off 59
- Dst ends at 01 00 00 on sep 1 2016 59
- Dst offset is 50 minutes 59
- Dst starts at 01 00 00 on aug 1 2016 59
- Switch config end 59
- Switch config show system time dst 59
- Switch config system time dst date aug 1 01 00 2016 sep 1 01 00 2016 50 59
- Switch configure 59
- Switch copy running config startup config 59
- The following example shows how to set the daylight saving time by date mode set the start 59
- Time as 01 00 august 1st 2016 set the end time as 01 00 september 1st 2016 and set the offset as 59
- Creating admin accounts 60
- User management configurations 60
- Using the gui 60
- Click create 61
- Creating accounts of other types 61
- Creating an account 61
- Need to go to the aaa section to create an enable password for these accounts the enable 61
- Password is used to change the users access level to admin 61
- User config to load the following page 61
- You can create accounts with the access level of operator power user and user here you also 61
- Configuring enable password 62
- Creating admin accounts 63
- Follow these steps to create an admin account 63
- Using the cli 63
- Creating accounts of other types 64
- Follow these steps to create an account of other type 64
- Need to go to the aaa section to create an enable password for these accounts the enable 64
- Password is used to change the users access level to admin 64
- You can create accounts with the access level of operator power user and user here you also 64
- For details refer to aaa configuration in configuring network security 66
- Privileges 66
- The aaa function applies another method to manage the access users name and password 66
- The logged in users can enter the enable password on this page to get the administrative 66
- Configuring the boot file 68
- System tools configurations 68
- Using the gui 68
- Click apply 69
- Click import to import the configuration file 69
- Config restore to load the following page 69
- Follow these steps to configure the boot file 69
- Follow these steps to restore the configuration of the switch 69
- In the boot table section select one or more units and configure the relevant parameters 69
- In the config restore section select one unit and one configuration file 69
- Restoring the configuration of the switch 69
- Backing up the configuration file 70
- Upgrading the firmware 70
- Configuring the reboot schedule 71
- Rebooting the switch 71
- Configuring the boot file 72
- Follow these steps to configure the boot file 72
- In the system reset section select the desired unit and click reset 72
- Reseting the switch 72
- System reset to load the following page 72
- Using the cli 72
- Backup image image2 bin 73
- Boot config 73
- Current startup image image1 bin 73
- Follow these steps to restore the configuration of the switch 73
- Image as image 2 73
- Next startup image image1 bin 73
- Restoring the configuration of the switch 73
- Switch config boot application filename image1 startup 73
- Switch config boot application filename image2 backup 73
- Switch config end 73
- Switch config show boot 73
- Switch configure 73
- Switch copy running config startup config 73
- The following example shows how to set the next startup image as image 1 and set the backup 73
- Backing up the configuration file 74
- Backup user config file ok 74
- Enable 74
- Follow these steps to back up the current configuration of the switch in a file 74
- Follow these steps to upgrade the firmware 74
- Operation ok now rebooting system 74
- Server with ip address 192 68 00 74
- Start to backup user config file 74
- Start to load user config file 74
- Switch copy startup config tftp ip address 192 68 00 filename file2 74
- Switch copy tftp startup config ip address 192 68 00 filename file1 74
- The following example shows how to backup the configuration file named file2 from tftp server 74
- The following example shows how to restore the configuration file named file1 from the tftp 74
- Upgrading the firmware 74
- With ip address 192 68 00 74
- Configuring the reboot schedule 75
- Enable 75
- File3 bin the tftp server is 190 68 00 75
- Follow these steps and choose one type to configure the reboot schedule 75
- Follow these steps to reboot the switch 75
- It will only upgrade the backup image continue y n y 75
- Operation ok 75
- Reboot with the backup image y n y 75
- Rebooting the switch 75
- Switch firmware upgrade ip address 192 68 00 filename file3 bin 75
- The following example shows how to upgrade the firmware using the configuration file named 75
- Reboot schedule at 2016 01 15 12 00 in 17007 minutes 76
- Reboot schedule settings 76
- Reboot system at 15 01 2016 12 00 continue y n y 76
- Save before reboot yes 76
- Switch config end 76
- Switch config reboot schedule at 12 00 15 01 2016 save_before_reboot 76
- Switch configure 76
- Switch copy running config startup config 76
- The following example shows how to set the switch to reboot at 12 00 on 15 01 2016 76
- Follow these steps to reset the switch 77
- Reseting the switch 77
- Access security configurations 78
- Configuring the access control feature 78
- Using the gui 78
- Click apply 79
- When the ip based mode is selected the following section will display 79
- When the port based mode is selected the following section will display 79
- Configuring the http function 80
- Configuring the https function 81
- Https config to load the following page 81
- In the global config section select enable to enable https function and select the protocol 81
- The switch supports click apply 81
- In the access user number section select enable and specify the parameters click apply 82
- In the certificate download and key download section download the certificate and key 82
- In the ciphersuite config section select the algorithm to be enabled and click apply 82
- In the session config section specify the session timeout and click apply 82
- Configuring the ssh feature 83
- In the global config section select enable to enable ssh function and specify other 83
- Parameters 83
- Ssh config to load the following page 83
- Configuring the access control 84
- Enabling the telnet function 84
- Using the cli 84
- As 192 68 00 set the subnet mask as 255 55 55 and make the switch support snmp telnet 85
- Http and https 85
- Switch config user access control ip based 192 68 00 255 55 55 snmp telnet http 85
- Switch configure 85
- The following example shows how to set the type of access control as ip based set the ip address 85
- 68 24 snmp telnet http https 86
- Configuring the http function 86
- Follow these steps to configure the http function 86
- Index ip address access interface 86
- Switch config end 86
- Switch config show user configuration 86
- Switch copy running config startup config 86
- User authentication mode ip based 86
- Configuring the https function 87
- Follow these steps to configure the https function 87
- Http max admin users 6 87
- Http max guest users 5 87
- Http session timeout 9 87
- Http status enabled 87
- Http user limitation enabled 87
- Number as 6 and set the maximum guest number as 5 87
- Switch config end 87
- Switch config ip http max user 6 5 87
- Switch config ip http server 87
- Switch config ip http session timeout 9 87
- Switch config show ip http configuration 87
- Switch configure 87
- Switch copy running config startup config 87
- The following example shows how to set the session timeout as 9 set the maximum admin 87
- Protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the 88
- The following example shows how to configure the https function enable ssl3 and tls1 88
- Configuring the ssh feature 90
- Follow these steps to configure the ssh function 90
- Aes192 cbc disabled 92
- Aes256 cbc disabled 92
- Begin ssh2 public key 92
- Blowfish cbc disabled 92
- Cast128 cbc enabled 92
- Comment dsa key 20160711 92
- Data integrity algorithm 92
- Des cbc disabled 92
- Enabling the telnet function 92
- Follow these steps enable the telnet function 92
- Hmac md5 enabled 92
- Hmac sha1 disabled 92
- Key file 92
- Key type ssh 2 rsa dsa 92
- Switch config end 92
- Switch copy running config startup config 92
- For specific features the switch provides three templates and the hardware resources allocation 93
- In select options section select one template and click apply the setting will be effective after 93
- Is different users can choose one according to how the switch is used in the network 93
- Sdm template configuration 93
- Sdm template function is used to configure system resources in the switch to optimize support 93
- Sdm template to load the following page 93
- The reboot 93
- The template table displays the resources allocation of each template 93
- Using the gui 93
- Follow these steps to configure the sdm template function 94
- Using the cli 94
- Appendix default parameters 96
- Default settings of system info are listed in the following tables 96
- Default settings of system tools are listed in the following table 96
- Default settings of user management are listed in the following table 96
- Default settings of access security are listed in the following tables 97
- Default settings of sdm template are listed in the following table 98
- Chapters 99
- Managing physical interfaces 99
- Part 3 99
- Basic parameters 100
- Loopback detection 100
- Overview 100
- Physical interface 100
- Port isolation 100
- Port mirror 100
- Port security 100
- Supported features 100
- Basic parameters configurations 101
- Follow these steps to set basic parameters for ports 101
- Port config to load the following page 101
- Select and configure your desired ports or lags then click apply 101
- Using the gui 101
- Follow these steps to set basic parameters for the ports 102
- Using the cli 102
- Neighboring port and enabling the flow control and jumbo feature 103
- Setting a description for the port making the port autonegotiate speed and duplex with the 103
- Switch config if no shutdown 103
- Switch config interface gigabitethernet 1 0 1 103
- Switch configure 103
- The following example shows how to implement the basic configurations of port1 0 1 including 103
- Port mirror configuration 105
- Using the gui 105
- Follow these steps to configure port mirror 106
- In the destination port section specify a monitoring port for the mirror session and click 106
- In the source port section select one or multiple monitored ports for configuration then set 106
- The parameters and click apply 106
- Destination port gi1 0 10 107
- Follow these steps to configure port mirror 107
- Monitor session 1 107
- Switch config monitor session 1 destination interface gigabitethernet 1 0 10 107
- Switch config monitor session 1 source interface gigabitethernet 1 0 1 3 both 107
- Switch config show monitor session 107
- Switch configure 107
- The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 107
- To port 1 0 10 107
- Using the cli 107
- Follow these steps to configure port security 109
- Port security configuration 109
- Port security to load the following page 109
- Select one or multiple ports for security configuration 109
- Specify the maximum number of the mac addresses that can be learned on the port and 109
- Then select the learn mode of the mac addresses 109
- Using the gui 109
- Click apply 110
- Follow these steps to configure port security 110
- Select the status of the port security feature 110
- Using the cli 110
- Gi1 0 1 30 0 permanent drop 111
- Learned on port 1 0 1 as 30 and configure the mode as permanent and the status as drop 111
- Port max learn current learn mode status 111
- Status drop 111
- Switch config if end 111
- Switch config if mac address table max mac count max number 30 mode permanent 111
- Switch config if show mac address table max mac count interface gigabitethernet 1 0 1 111
- Switch config interface gigabitethernet 1 0 1 111
- Switch configure 111
- Switch copy running config startup config 111
- The following example shows how to set the maximum number of mac addresses that can be 111
- Port isolation configurations 112
- Using the gui 112
- Click apply 113
- Follow these steps to configure port isolation 113
- In the forward portlist section select the forward ports or lags which the isolated ports can 113
- In the port section select one or multiple ports to be isolated 113
- Only communicate with it is multi optional 113
- Using the cli 113
- Loopback detection configuration 115
- Using the gui 115
- Follow these steps to configure loopback detection 116
- In the port config section select one or multiple ports for configuration then set the 116
- Parameters and click apply 116
- Using the cli 116
- View the loopback detection information on this page 116
- Loopback detection global status enable 117
- Loopback detection interval 30 s 117
- Parameters 117
- Switch config loopback detection 117
- Switch config show loopback detection global 117
- Switch configure 117
- The following example shows how to enable loopback detection globally keeping the default 117
- Configuration examples 119
- Configuration scheme 119
- Example for port mirror 119
- Network requirements 119
- Using the gui 120
- Using the cli 121
- Verify the configuration 121
- As shown below three hosts and a server are connected to the switch and all belong to vlan 10 122
- Configuration scheme 122
- Demonstrated with t1600g 28ts the following sections provide configuration procedure in two 122
- Example for port isolation 122
- Hosts except the server even if the mac address or ip address of host a is changed 122
- Network requirements 122
- Port for port 1 0 1 thus forbidding host a to forward packets to the other hosts 122
- Source ports egress gi1 0 2 5 122
- Ways using the gui and using the cli 122
- With the vlan configuration unchanged host a is not allowed to communicate with the other 122
- You can configure port isolation to implement the requirement set 1 0 4 as the only forwarding 122
- Using the gui 123
- Example for loopback detection 124
- Network requirements 124
- Using the cli 124
- Verify the configuration 124
- Configuration scheme 125
- Using the gui 125
- Using the cli 126
- Verify the configuration 127
- Appendix default parameters 128
- Default settings of switching are listed in th following tables 128
- Configuring lag 130
- Overview 131
- Static lag 131
- Supported features 131
- Configuration guidelines 132
- Lag configuration 132
- Configuring load balancing algorithm 133
- In the global config section select the load balancing algorithm click apply 133
- Lag table to load the following page 133
- Load balancing algorithm is effective only for outgoing traffic if the data stream is not well 133
- Mac addresses and source ip addresses of the received packets 133
- On one physical link for example switch a receives packets from several hosts and forwards 133
- Please properly choose the load balancing algorithm to avoid data stream transferring only 133
- Shared by each link you can change the algorithm of the outgoing interface 133
- Src mac src ip to allow switch a to determine the forwarding port based on the source 133
- Them to the server with the fixed mac address and ip address you can set the algorithm as 133
- Using the gui 133
- Configuring static lag 134
- Configuring static lag or lacp 134
- Configuring lacp 135
- Follow these steps to configure lacp 135
- Lacp to load the following page 135
- Select member ports for the lag and configure the related parameters click apply 135
- Specify the system priority for the switch and click apply 135
- Configuring load balancing algorithm 136
- Follow these steps to configure the load balancing algorithm 136
- Using the cli 136
- Configuring static lag 137
- Configuring static lag or lacp 137
- Etherchannel load balancing addresses used per protocol 137
- Etherchannel load balancing configuration src dst mac 137
- Follow these steps to configure static lag 137
- Ipv4 source xor destination mac address 137
- Ipv6 source xor destination mac address 137
- Link use the same lag mode 137
- Non ip source xor destination mac address 137
- Switch config if end 137
- Switch config port channel load balance src dst mac 137
- Switch config show etherchannel load balance 137
- Switch configure 137
- Switch copy running config startup config 137
- The following example shows how to set the global load balancing mode as src dst mac 137
- You can choose only one lag mode for a port static lag or lacp and make sure both ends of a 137
- Configuring lacp 138
- Flags d down p bundled in port channel u in use 138
- Follow these steps to configure lacp 138
- Group port channel protocol ports 138
- I stand alone h hot standby lacp only s suspended 138
- Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 138
- R layer3 s layer2 f failed to allocate aggregator 138
- Switch config if range channel group 2 mode on 138
- Switch config if range end 138
- Switch config if range show etherchannel 2 summary 138
- Switch config interface range gigabitethernet 1 0 5 8 138
- Switch configure 138
- Switch copy running config startup config 138
- The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 138
- U unsuitable for bundling w waiting to be aggregated d default port 138
- 000a eb13 397 139
- Select the lacpdu sending mode as active 139
- Switch config end 139
- Switch config if range channel group 6 mode active 139
- Switch config if range show lacp internal 139
- Switch config interface range gigabitethernet 1 0 1 4 139
- Switch config lacp system priority 2 139
- Switch config show lacp sys id 139
- Switch configure 139
- Switch copy running config startup config 139
- The following example shows how to add ports 1 0 1 4 to lag 6 set the mode as lacp and 139
- The following example shows how to specify the system priority of the switch as 2 139
- Configuration example 141
- Configuration scheme 141
- Network requirements 141
- Using the gui 142
- Using the cli 143
- Verify the configuration 144
- Appendix default parameters 145
- Default settings of switching are listed in the following tables 145
- Monitoring traffic 146
- Traffic monitor 147
- Using the gui 147
- Viewing the traffic summary 147
- Click lags to show the information of the lags 148
- Follow these steps to view the traffic statistics in detail 148
- In the traffic summary section click 1 to show the information of the physical ports and 148
- Refresh at the bottom of the page 148
- To get the real time traffic statistics enable auto refresh in the auto refresh section or click 148
- Traffic statistics to load the following page 148
- Viewing the traffic statistics in detail 148
- In port select select a port or lag and click apply 149
- In the statistics section view the detailed information of the selected port or lag 149
- On privileged exec mode or any other configuration mode you can use the following command 150
- To view the traffic information of each port or lag 150
- Using the cli 150
- Appendix default parameters 151
- Chapters 152
- Managing mac address table 152
- Part 6 152
- Mac address table 153
- Overview 153
- Part 6 153
- Supported features 153
- Security configurations 154
- Adding static mac address entries 155
- Address configurations 155
- Using the gui 155
- Binding dynamic address entries 156
- Dynamic address to load the following page 157
- Follow these steps to modify the aging time of dynamic address entries 157
- In the aging config section enable auto aging and enter your desired length of time 157
- Modifying the aging time of dynamic address entries 157
- Adding mac filtering address entries 158
- Viewing address table entries 158
- Adding static mac address entries 159
- Address table to load the following page 159
- Follow these steps to add static mac address entries 159
- Using the cli 159
- Modifying the aging time of dynamic address entries 160
- Adding mac filtering address entries 161
- Aging time is 500 sec 161
- Follow these steps to add mac filtering address entries 161
- Remains in the mac address table for 500 seconds after the entry is used or updated 161
- Switch config end 161
- Switch config mac address table aging time 500 161
- Switch config show mac address table aging time 161
- Switch configure 161
- Switch copy running config startup config 161
- The following example shows how to modify the aging time to 500 seconds a dynamic entry 161
- Configuring mac notification traps 163
- Security configurations 163
- Using the gui 163
- Configure snmp and set a management host for detailed snmp configurations please refer 164
- Follow these steps to configure mac notification traps 164
- In the mac notification global config section enable this feature configure the relevant 164
- In the mac notification port config section select your desired port and enable its 164
- Learned and new mac learned click apply 164
- Limiting the number of mac addresses in vlans 164
- Mac vlan security to load the following page 164
- Notification traps you can enable these three types learned mode change exceed max 164
- Options and click apply 164
- To managing snmp rmon 164
- Choose the mode that the switch adopts when the maximum number of mac addresses in 165
- Click create 165
- Configuring mac notification traps 165
- Enter the vlan id to limit the number of mac addresses that can be learned in the specified 165
- Enter your desired value in max learned mac to set a threshold 165
- Follow these steps to configure mac notification traps 165
- Follow these steps to limit the number of mac addresses in vlans 165
- The specified vlan is exceeded 165
- Using the cli 165
- Enable snmp and set a management host for detailed snmp configurations please refer to 166
- Interval time as 10 seconds after you have further configured snmp the switch will bundle 166
- Managing snmp rmon 166
- Notifications of new addresses in every 10 seconds and send to the management host 166
- Now you have configured mac notification traps to receive notifications you need to further 166
- Switch configure 166
- The following example shows how to enable new mac learned trap on port 1 and set the 166
- Follow these steps to limit the number of mac addresses in vlans 167
- Gi1 0 1 disable disable enable 167
- Limiting the number of mac addresses in vlans 167
- Mac notification global config 167
- Notification global status enable 167
- Notification interval 10 167
- Port lrnmode change exceed max limit new mac learned 167
- Switch config if end 167
- Switch config if mac address table notification new mac learned enable 167
- Switch config if show mac address table notification interface gigabitethernet 1 0 1 167
- Switch config interface gigabitethernet 1 0 1 167
- Switch config mac address table notification global status enable 167
- Switch config mac address table notification interval 10 167
- Switch copy running config startup config 167
- Table full notification status disable 167
- Configuration scheme 169
- Example for security configurations 169
- Network requirements 169
- Using the gui 170
- Using the cli 171
- Verify the configurations 171
- Appendix default parameters 172
- Default settings of the mac address table are listed in the following tables 172
- Chapters 173
- Configuring 802 q vlan 173
- Part 7 173
- Overview 174
- Configuring the pvid of the port 175
- Q vlan configuration 175
- Using the gui 175
- Based on the network topology 176
- Configuring the vlan 176
- Enter a vlan id and a description for identification to create a vlan 176
- Follow these steps to configure vlan 176
- Select the untagged port s and the tagged port s respectively to add to the created vlan 176
- Vlan config and click create to load the following 176
- Will forward untagged packets in the target vlan 176
- Click apply 177
- Creating a vlan 177
- Follow these steps to create a vlan 177
- Switch config vlan 2 177
- Switch config vlan name rd 177
- Switch config vlan show vlan id 2 177
- Switch configure 177
- The following example shows how to create vlan 2 and name it as rd 177
- Using the cli 177
- Configuring the pvid of the port 178
- Follow these steps to configure the port 178
- Link type general 178
- Member in lag n a 178
- Member in vlan 178
- Port gi1 0 5 178
- Pvid 2 178
- Rd active 178
- Switch config if show interface switchport gigabitethernet 1 0 5 178
- Switch config if switchport pvid 2 178
- Switch config interface gigabitethernet 1 0 5 178
- Switch config vlan end 178
- Switch configure 178
- Switch copy running config startup config 178
- The following example shows how to configure the pvid of port 1 0 5 as vlan 2 178
- Vlan name status ports 178
- Adding the port to the specified vlan 179
- Follow these steps to add the port to the specified vlan 179
- Port gi1 0 5 179
- Pvid 2 179
- Switch config if end 179
- Switch config if show interface switchport gigabitethernet 1 0 5 179
- Switch config if switchport general allowed vlan 2 tagged 179
- Switch config interface gigabitethernet 1 0 5 179
- Switch configure 179
- Switch copy running config startup config 179
- System vlan untagged 179
- Tagged 179
- The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as 179
- Vlan name egress rule 179
- Configuration example 181
- Configuration scheme 181
- Network requirements 181
- As an example 182
- Demonstrated with t1600g 52ts the following sections provide configuration procedure in two 182
- Different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 182
- Network topology 182
- Respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 182
- Respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 182
- The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 182
- The figure below shows the network topology host a1 and host a2 are used in department a 182
- Using the gui 182
- Ways using the gui and using the cli 182
- While host b1 and host b2 are used in department b switch 1 and switch 2 are located in two 182
- Using the cli 184
- Configuration file 185
- Verify the configurations 186
- Appendix default parameters 187
- Default settings of 802 q vlan are listed in the following table 187
- Chapters 188
- Configuring mac vlan 188
- Part 8 188
- Access ports change 189
- B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access 189
- Being used in to meet this requirement simply bind the mac addresses of the laptops to the 189
- Corresponding vlans respectively in this way the mac address rather than the access port 189
- Determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 189
- Device may access the switch via different ports for example a terminal device that accessed the 189
- Devices in this way terminal devices always belong to their original vlans even when their 189
- Free the user from such a problem it divides vlans based on the mac addresses of terminal 189
- Networks that require frequent topology changes with the popularity of mobile office a terminal 189
- Overview 189
- Ptops department a uses server a and laptop a while department b uses server b and laptop 189
- Server a and laptop b can only access server b no matter which meeting room the laptops are 189
- Switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different 189
- The figure below shows a common application scenario of mac vlan 189
- Two departments share all the meeting rooms in the company but use different servers and 189
- Vlan is generally divided by ports this way of division is simple but isn t suitable for those 189
- Vlans the user has to re configure the switch to access the original vlan using mac vlan can 189
- Configuring 802 q vlan 190
- Mac vlan configuration 190
- Using the gui 190
- Binding the mac address to the vlan 191
- By default mac vlan is disabled on all ports you need to enable mac vlan for your desired 191
- Click create to create the mac vlan 191
- Enabling mac vlan for the port 191
- Enter the mac address of the device give it a description and enter the vlan id to bind it to 191
- Follow these steps to bind the mac address to the vlan 191
- Mac vlan to load the following page 191
- Ports manually 191
- The vlan 191
- Before configuring mac vlan create an 802 q vlan and set the port type according to network 192
- Binding the mac address to the vlan 192
- Configuring 802 q vlan 192
- Follow these steps to bind the mac address to the vlan 192
- Follow these steps to enable mac vlan for the port 192
- Port enable to load the following page 192
- Requirements for details refer to configuring 802 q vlan 192
- Select your desired ports to enable mac vlan and click apply 192
- Using the cli 192
- 19 56 8a 4c 71 dept a 10 193
- Enabling mac vlan for the port 193
- Follow these steps to enable mac vlan for the port 193
- Mac addr name vlan id 193
- Switch config end 193
- Switch config if mac vlan 193
- Switch config interface gigabitethernet 1 0 1 193
- Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 193
- Switch config show mac vlan vlan 10 193
- Switch configure 193
- Switch copy running config startup config 193
- The address description as dept a 193
- The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with 193
- The following example shows how to enable mac vlan for port 1 0 1 193
- Access only the server in the vlan it joins no matter which meeting room the laptops are being 195
- Addresses of the laptops to the corresponding vlans respectively in this way each laptop can 195
- B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access 195
- Being used in the figure below shows the network topology 195
- Configuration example 195
- Configuration scheme 195
- Create vlan 10 and vlan 20 on each of the three switches set different port types and add 195
- Laptops department a uses server a and laptop a while department b uses server b and laptop 195
- Network requirements 195
- Server a and laptop b can only access server b no matter which meeting room the laptops are 195
- The ports to the vlans based on the network topology note for the ports connecting the 195
- Two departments share all the meeting rooms in the company but use different servers and 195
- Used in the overview of the configuration is as follows 195
- You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac 195
- Configurations for switch 1 and switch 2 196
- Using the gui 196
- Configurations for switch 3 198
- Configurations for switch 1 and switch 2 199
- Using the cli 199
- Configurations for switch 3 200
- Switch 1 201
- Switch 2 201
- Verify the configurations 201
- Switch 3 202
- Appendix default parameters 203
- Default settings of mac vlan are listed in the following table 203
- Chapters 204
- Configuring protocol vlan 204
- Part 9 204
- Configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 205
- Network based on specific applications and services of network users 205
- Networks respectively 205
- Overview 205
- Packets of different protocols to the corresponding vlans since different applications and 205
- Protocol vlan is a technology that divides vlans based on the network layer protocol with the 205
- Protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze 205
- Services use different protocols network administrators can use protocol vlan to manage the 205
- Special fields of received packets encapsulate the packets in specific formats and forward the 205
- The figure below shows a common application scenario of protocol vlan with protocol vlan 205
- Configuring 802 q vlan 206
- Protocol vlan configuration 206
- Using the gui 206
- Configuring protocol vlan 207
- Creating protocol template 207
- Configuring 802 q vlan 208
- Creating a protocol template 208
- Using the cli 208
- Arp ethernetii ether type 0806 209
- At snap ether type 809b 209
- Configuring protocol vlan 209
- Follow these steps to configure protocol vlan 209
- Index protocol name protocol type 209
- Ip ethernetii ether type 0800 209
- Ipv6 ethernetii ether type 86dd 209
- Ipx snap ether type 8137 209
- Rarp ethernetii ether type 8035 209
- Switch config end 209
- Switch config protocol template name ipv6 frame ether_2 ether type 86dd 209
- Switch config show protocol vlan template 209
- Switch configure 209
- Switch copy running config startup config 209
- The following example shows how to create an ipv6 protocol template 209
- Arp ethernetii ether type 0806 210
- At snap ether type 809b 210
- Index protocol name protocol type 210
- Ip ethernetii ether type 0800 210
- Ipx snap ether type 8137 210
- Rarp ethernetii ether type 8035 210
- Switch config show protocol vlan template 210
- Switch configure 210
- The following example shows how to bind the ipv6 protocol template to vlan 10 210
- A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 212
- Belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to 212
- Configuration example 212
- Configuration scheme 212
- Ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 212
- Network requirements 212
- Network respectively via different routers it is required that ipv4 packets are forwarded to the 212
- Port receives packets switch 2 will forward them to the corresponding vlans according to their 212
- Protocol types the overview of the configuration on switch 2 is as follows 212
- The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host 212
- Two routers to access the ipv4 network and ipv6 network respectively the routers belong to 212
- Vlan 10 and vlan 20 respectively 212
- You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this 212
- Configurations for switch 1 213
- Using the gui 213
- Configurations for switch 2 215
- Configurations for switch 1 218
- Using the cli 218
- Configurations for switch 2 219
- Switch 1 220
- Verify the configurations 220
- Switch 2 221
- Appendix default parameters 222
- Default settings of protocol vlan are listed in the following table 222
- Chapters 223
- Configuring spanning tree 223
- Part 10 223
- Basic concepts 224
- Overview 224
- Spanning tree 224
- Stp rstp concepts 224
- Bridge id 225
- Port role 225
- Root bridge 225
- Port status 226
- Path cost 227
- Root path cost 227
- A lot of information like bridge id root path cost port priority and so on switches share these 228
- An mst region consists of multiple interconnected switches the switches that have the following 228
- Bpdu to the downstream switch with the updated root path cost the value of the accumulated 228
- Characteristics are considered as in the same region 228
- Information to help determine the tree topology 228
- Mst region 228
- Mstp compatible with stp and rstp has the same basic elements used in stp and rstp based 228
- Mstp concepts 228
- On the networking topology this section will introduce some concepts only exist in mstp 228
- Receives this bpdu it increments the path cost of its local incoming port then it forwards this 228
- Root path cost increases as the bpdu propagates further 228
- The packets used to generate the spanning tree the bpdus bridge protocol data unit contain 228
- Mst instance 229
- Vlan instance mapping 229
- Stp security 230
- Configuring stp rstp parameters on ports 232
- Stp rstp configurations 232
- Using the gui 232
- Click apply 234
- Configuring stp rstp globally 234
- Stp config to load the following page 234
- Follow these steps to configure stp rstp globally 235
- In the global config section enable spanning tree function choose the stp mode as stp 235
- In the parameters config section configure the global parameters of stp rstp and click 235
- Rstp and click apply 235
- Stp summary to load the following page 236
- The stp summary section shows the summary information of spanning tree 236
- Verify the stp rstp information of your switch after all the configurations are finished 236
- Verifying the stp rstp configurations 236
- Configuring stp rstp parameters on ports 237
- Follow these steps to configure stp rstp parameters on ports 237
- Using the cli 237
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 238
- Interface state prio ext cost int cost edge p2p mode role status 238
- Switch config if end 238
- Switch config if show spanning tree interface gigabitethernet 1 0 3 238
- Switch config if spanning tree 238
- Switch config if spanning tree common config port priority 32 238
- Switch config interface gigabitethernet 1 0 3 238
- Switch configure 238
- Switch copy running config startup config 238
- The following example shows how to enable spanning tree function on port 1 0 3 and configure 238
- The port priority as 32 238
- Configuring global stp rstp parameters 239
- Follow these steps to configure global stp rstp parameters of the switch 239
- Seconds 239
- This example shows how to configure the priority of the switch as 36864 the forward delay as 12 239
- Enable rstp 36864 2 12 20 5 20 240
- Enabling stp rstp globally 240
- Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree 240
- Function globally 240
- Rstp and verify the configurations 240
- State mode priority hello time fwd time max age hold count max hops 240
- Switch config end 240
- Switch config show spanning tree bridge 240
- Switch config spanning tree 240
- Switch config spanning tree mode rstp 240
- Switch config spanning tree priority 36864 240
- Switch config spanning tree timer forward time 12 240
- Switch configure 240
- Switch copy running config startup config 240
- This example shows how to enable spanning tree function configure the spanning tree mode as 240
- Configuring parameters on ports in cist 242
- Mstp configurations 242
- Using the gui 242
- Besides configure the priority of the switch the priority and path cost of ports in the desired 244
- Click apply 244
- Configure the region name revision level vlan instance mapping of the switch the switches 244
- Configuring the mstp region 244
- Configuring the region name and revision level 244
- Considered as in the same region 244
- Instance 244
- Region config to load the following page 244
- With the same region name the same revision level and the same vlan instance mapping are 244
- Configuring the vlan instance mapping and switch priority 245
- And click apply 246
- In the instance config section configure the priority of the switch in the desired instance 246
- Configuring parameters on ports in the instance 247
- Follow these steps to configure port parameters in the instance 247
- In the instance id select section select the desired instance id for its port configuration 247
- In the instance port config section configure port parameters in the desired instance 247
- Instance port config to load the following 247
- Configuring mstp globally 249
- Follow these steps to configure mstp globally 249
- In the parameters config section configure the global parameters of mstp and click apply 249
- Stp config to load the following page 249
- In the global config section enable spanning tree function and choose the stp mode as 250
- Mstp and click apply 250
- Stp summary to load the following page 251
- The stp summary section shows the summary information of cist 251
- Verifying the mstp configurations 251
- Configuring parameters on ports in cist 252
- Follow these steps to configure the parameters of the port in cist 252
- The mstp summary section shows the information in mst instances 252
- Using the cli 252
- Mst instance 0 cist 253
- Priority as 32 253
- Switch config if show spanning tree interface gigabitethernet 1 0 3 253
- Switch config if spanning tree 253
- Switch config if spanning tree common config port priority 32 253
- Switch config interface gigabitethernet 1 0 3 253
- Switch configure 253
- This example shows how to enable spanning tree function for port 1 0 3 and configure the port 253
- Configuring the mst region 254
- Configuring the mstp region 254
- Follow these steps to configure the mst region and the priority of the switch in the instance 254
- Gi1 0 3 144 200 n a lnkdwn 254
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 254
- Interface prio cost role status 254
- Interface state prio ext cost int cost edge p2p mode role status 254
- Mst instance 5 254
- Switch config if end 254
- Switch copy running config startup config 254
- Configuring the parameters on ports in instance 255
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 256
- Instance 5 256
- Interface state prio ext cost int cost edge p2p mode role status 256
- Mst instance 0 cist 256
- Mst instance 5 256
- Switch config if show spanning tree interface gigabitethernet 1 0 3 256
- Switch config if spanning tree mst instance 5 port priority 144 cost 200 256
- Switch config interface gigabitethernet 1 0 3 256
- Switch configure 256
- This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in 256
- Configuring global mstp parameters 257
- Follow these steps to configure the global mstp parameters of the switch 257
- Gi1 0 3 144 200 n a lnkdwn 257
- Interface prio cost role status 257
- Switch config if end 257
- Switch copy running config startup config 257
- Enable mstp 36864 2 12 20 8 25 258
- Enabling spanning tree globally 258
- Follow these steps to configure the spanning tree mode as mstp and enable spanning tree 258
- Function globally 258
- State mode priority hello time fwd time max age hold count max hops 258
- Switch config if end 258
- Switch config if show spanning tree bridge 258
- Switch config if spanning tree hold count 8 258
- Switch config if spanning tree max hops 25 258
- Switch config if spanning tree timer forward time 12 258
- Switch config spanning tree priority 36864 258
- Switch configure 258
- Switch copy running config startup config 258
- The hold count as 8 and the max hop as 25 258
- This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds 258
- Address 00 0a eb 13 23 97 259
- Designated bridge 259
- External cost 200000 259
- Function globally 259
- Latest topology change time 2006 01 04 10 47 42 259
- Mst instance 0 cist 259
- Priority 32768 259
- Root bridge 259
- Root port gi 0 20 259
- Spanning tree is enabled 259
- Spanning tree s mode mstp 802 s multiple spanning tree protocol 259
- Switch config show spanning tree active 259
- Switch config spanning tree 259
- Switch config spanning tree mode mstp 259
- Switch configure 259
- This example shows how to configure the spanning tree mode as mstp and enable spanning tree 259
- Configuring the stp security 261
- Stp security configurations 261
- Using the gui 261
- Configure the port protect features for the selected ports and click apply 262
- Field the switch will not remove mac address entries in the tc protect cycle 262
- Optional configuring the threshold and cycle of tc protect 262
- The number of the received tc bpdus exceeds the maximum number you set in the tc threshold 262
- When you enable tc protect function on ports set the tc threshold and tc protect cycle here if 262
- Configure the parameters of tc protect feature and click apply 263
- Configuring the stp security 263
- Featur 263
- Feature for ports 263
- Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter 263
- Tc protect to load the following page 263
- Using the cli 263
- Configuring the tc protect 264
- Follow these steps to configure tc protect feature for ports 264
- Functions on port 1 0 3 264
- Gi1 0 3 enable enable enable enable disable 264
- Interface bpdu filter bpdu guard loop protect root protect tc protect 264
- Switch config if end 264
- Switch config if spanning tree bpdufilter 264
- Switch config if spanning tree bpduguard 264
- Switch config if spanning tree guard loop 264
- Switch config if spanning tree guard root 264
- Switch config if spanning tree interface security gigabitethernet 1 0 3 264
- Switch config interface gigabitethernet 1 0 3 264
- Switch configure 264
- Switch copy running config startup config 264
- This example shows how to enable loop protect root protect bpdu filter and bpdu protect 264
- And the tc protect cycle is 8 265
- Gi1 0 3 enable enable enable enable enable 265
- Interface bpdu filter bpdu guard loop protect root protect tc protect 265
- Switch config if end 265
- Switch config if spanning tree guard tc 265
- Switch config if spanning tree interface security gigabitethernet 1 0 3 265
- Switch config interface gigabitethernet 1 0 3 265
- Switch config spanning tree tc defend threshold 25 period 8 265
- Switch configure 265
- Switch copy running config startup config 265
- This example shows how to enable the tc protect function on port 1 0 3 with the tc threshold is 265
- As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is 266
- Balancing thus providing a more flexible method in network management here we take the 266
- Configuration example for mstp 266
- Configuration scheme 266
- Cost of the port is 200000 266
- Here we configure two instances to meet the requirement as is shown below 266
- Instance 266
- It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be 266
- Map the vlans to different instances to ensure traffic can be transmitted along the respective 266
- Mstp backwards compatible with stp and rstp can map vlans to instances to enable load 266
- Mstp configuration as an example 266
- Network requirements 266
- To meet this requirement you are suggested to configure mstp function on the switches 266
- Transmitted along different paths 266
- Transmitted in this network the link speed between the switches is 100mb s the default path 266
- 0 1 of switch a to be greater than the default path cost 200000 for instance 2 set the 267
- And the revision level as 100 map vlan 101 vlan 103 to instance 1 and vlan 104 vlan 267
- Configure switch a switch b and switch c in the same region configure the region name as 267
- Configure the path cost to block the specified ports for instance 1 set the path cost of port 267
- Configure the priority of switch b as 0 to set is as the root bridge in instance 1 configure the 267
- Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways 267
- Enable mstp function in all the switches 267
- Enable the spanning tree function on the ports in each switch 267
- Path cost of port 1 0 2 of switch b to be greater than the default path cost 200000 267
- Priority of switch c as 0 to set is as the root bridge in instance 2 267
- The overview of configuration is as follows 267
- To instance 2 267
- Using the gui and using the cli 267
- Configurations for switch a 268
- Using the gui 268
- Instance config to load the following 269
- Page map vlan101 vlan103 to instance 1 map vlan104 vlan106 to instance 2 269
- Following page set the path cost of port 1 0 1 in instance 1 as 400000 270
- Instance port config to load the 270
- Configurations for switch b 271
- Instance config to load the following 273
- Page configure the priority of switch b as 0 to set it as the root bridge in instance 1 273
- Following page set the path cost of port 1 0 2 in instance 2 as 400000 274
- Instance port config to load the 274
- Configurations for switch c 275
- Configurations for switch a 278
- Using the cli 278
- Configurations for switch b 279
- Configurations for switch c 280
- Switch a 280
- Verify the configurations 280
- Switch b 282
- Switch c 283
- Appendix default parameters 285
- Default settings of the spanning tree feature are listed in the following table 285
- Chapters 287
- Managing layer 2 multicast 287
- Part 11 287
- Layer 2 multicast 288
- Overview 288
- And maintain layer 2 multicast forwarding table 289
- Configuration guide 267 289
- Demand on data link layer by analyzing igmp packets between layer 3 devices and users to build 289
- Demonstrated as below 289
- Figure 1 1 igmp snooping 289
- Forwarding table 289
- Igmp packets between layer 3 devices and users to build and maintain layer 2 multicast 289
- Layer 2 multicast protocol for ipv4 igmp snooping 289
- Layer 2 multicast protocol for ipv6 mld snooping 289
- Managing layer 2 multicast layer 2 multicast 289
- On the layer 2 device igmp snooping transmits data on demand on data link layer by analyzing 289
- On the layer 2 device mld snooping multicast listener discovery snooping transmits data on 289
- Supported layer 2 multicast protocols 289
- Configuring igmp snooping globally 290
- Igmp snooping configurations 290
- Using the gui 290
- Click apply 291
- Configure unknown multicast as forward or discard 291
- Configuring router port time and member port time 291
- Enable or disable report message suppression globally 291
- Enabling report message suppression can reduce the number of packets in the network 291
- Follow these steps to configure report message suppression 291
- Follow these steps to configure the aging time of the router ports and the member ports 291
- Follow these steps to configure unknown multicast 291
- For switches that support mld snooping igmp snooping and mld snooping share the setting 291
- Optional configuring report message suppression 291
- Snooping config page at the same time 291
- Specify the aging time of the member ports 291
- Specify the aging time of the router ports 291
- Are sent and no report message is received the switch will delete the multicast address from the 292
- Click apply 292
- Configure the last listener query interval and last listener query count when the switch 292
- Configuring igmp snooping last listener query 292
- Follow these steps to configure last listener query interval and last listener query count in the 292
- Global config section 292
- Igmp snooping status table displays vlans and ports with igmp snooping enabled 292
- Multicast forwarding table 292
- Receives an igmp leave message if specified count of multicast address specific queries masqs 292
- Specify the interval between masqs 292
- Specify the number of masqs to be sent 292
- Verifying igmp snooping status 292
- Configuring the port s basic igmp snooping features 293
- Enabling igmp snooping on the port 293
- Optional configuring fast leave 293
- Configuring igmp snooping globally in the vlan 294
- Configuring igmp snooping in the vlan 294
- And reduces network load of layer 3 devices 295
- Click create 295
- Configure the forbidden router ports in the designate vlan 295
- Configure the router ports in the designate vlan 295
- Configuring the multicast vlan 295
- Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device 295
- Follow these steps to configure static router ports in the designate vlan 295
- Follow these steps to forbid the selected ports to be the router ports in the designate vlan 295
- In old multicast transmission mode when users in different vlans apply for data from the same 295
- Layer 2 devices 295
- Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the 295
- Optional configuring the forbidden router ports in the vlan 295
- Optional configuring the static router ports in the vlan 295
- Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth 295
- With multicast vlan configured all multicast group members will be added to a vlan layer 3 295
- Configuring 802 q vlan 296
- Creating multicast vlan and configuring basic settings 296
- Enable multicast vlan configure the specific vlan to be the multicast vlan and configure 296
- In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic 296
- Multicast vlan to load the following page 296
- Set up the vlan that the router ports and the member ports are in for details please refer to 296
- Settings 296
- The router port time and member port time 296
- Click apply 297
- Configure the new multicast source ip 297
- Configure the router ports in the designate vlan 297
- Configure the router ports in the multicast vlan 297
- Follow these steps to configure static router ports in the multicast vlan 297
- Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 297
- Members in the multicast vlan section follow these steps to configure replace source ip 297
- Optional configuring the forbidden router ports 297
- Optional configuring the static router ports 297
- Optional creating replace source ip 297
- This function allows you to use a new ip instead of the source ip to send data to multicast group 297
- This table displays all the dynamic router ports in the multicast vlan 297
- Viewing dynamic router ports in the multicast vlan 297
- Click apply 298
- Configuring the querier 298
- Follow these steps to configure the querier 298
- Following page 298
- Igmp snooping querier sends general query packets regularly to maintain the multicast 298
- Optional configuring the querier 298
- Querier config to load the 298
- Specify a vlan and configure the querier on this vlan 298
- Click add 299
- Configuring igmp profile 299
- Create a profile and configure its filtering mode 299
- Creating profile 299
- Follow these steps to create a profile and configure its filtering mode 299
- Profile config to load 299
- The following page 299
- The igmp snooping querier table displays all the related settings of the igmp querier 299
- Viewing settings of igmp querier 299
- With igmp profile the switch can define a blacklist or whitelist of multicast addresses so as to 299
- You can edit the settings in the igmp snooping querier table 299
- Click create 300
- Click edit in the igmp profile info table edit its ip range and click add to save the settings 300
- Editing ip range of the profile 300
- Enter the search condition in the search option field to search the profile in the igmp profile info 300
- Follow these steps to edit profile mode and its ip range 300
- Searching profile 300
- Binding profile and member ports 301
- Click apply 302
- Configuring max groups a port can join 302
- Follow these steps to configure the maximum groups a port can join and overflow action 302
- Packet statistic to load the following page 302
- Select a port to configure its max group and overflow action 302
- Viewing igmp statistics on each port 302
- Click apply 303
- Configuring auto refresh 303
- Enable or disable auto refresh 303
- Enabling igmp accounting and authentication 303
- Follow these steps to configure auto refresh 303
- Igmp authentication to load the following 303
- The igmp statistics table displays all kinds of igmp statistics of all the ports 303
- Viewing igmp statistics 303
- Configuring igmp accounting globally 304
- Configuring igmp authentication on the port 304
- Click apply 305
- Configuring static member port 305
- Enter the multicast ip and vlan id specify the static member port 305
- Follow these steps to configure static member port 305
- Follow these steps to enable igmp authentication on the port 305
- Following page 305
- Specify the ports and enable igmp authentication 305
- Static ipv4 multicast table to load the 305
- This function allows you to specify a port as a static member port in the multicast group 305
- Click create 306
- Enabling igmp snooping globally 306
- Enabling igmp snooping on the port 306
- Search option 306
- Static multicast ip table displays details of all igmp static multicast groups 306
- Using the cli 306
- Viewing igmp static multicast groups 306
- You can search igmp static multicast entries by using multicast ip vlan id or forward port as the 306
- Configuring igmp snooping parameters globally 307
- Configuring report message suppression 307
- Configuring unknown multicast 308
- Enable port 308
- Enable vlan 308
- Global authentication accounting disable 308
- Global member age time 260 308
- Global report suppression enable 308
- Global router age time 300 308
- Igmp snooping enable 308
- Last query interval 1 308
- Last query times 2 308
- Switch config if end 308
- Switch config ip igmp snooping 308
- Switch config ip igmp snooping report suppression 308
- Switch config show ip igmp snooping 308
- Switch configure 308
- Switch copy running config startup config 308
- The following example shows how to enable report message suppression 308
- Unknown multicast pass 308
- Configuring igmp snooping parameters on the port 310
- Configuring router port time and member port time 310
- Enable port 310
- Enable vlan 310
- Global authentication accounting disable 310
- Global member age time 200 310
- Global report suppression disable 310
- Global router age time 200 310
- Igmp snooping enable 310
- Last query interval 1 310
- Last query times 2 310
- Switch config ip igmp snooping 310
- Switch config ip igmp snooping mtime 200 310
- Switch config ip igmp snooping rtime 200 310
- Switch config show ip igmp snooping 310
- Switch configure 310
- The following example shows how to configure the global router port time and member port 310
- Time as 200 seconds 310
- Unknown multicast pass 310
- Configuring fast leave 311
- Gi1 0 3 enable enable 311
- Port igmp snooping fast leave 311
- Switch config if end 311
- Switch config if ip igmp snooping 311
- Switch config if ip igmp snooping immediate leave 311
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 basic config 311
- Switch config interface gigabiteternet 1 0 3 311
- Switch config ip igmp snooping 311
- Switch configure 311
- Switch copy running config startup config 311
- The following example shows how to enable fast leave on port 1 0 3 311
- Configuring max group and overflow action on the port 312
- Drop on port 1 0 3 312
- Gi1 0 3 500 drop 312
- Port max groups overflow action 312
- Switch config if end 312
- Switch config if ip igmp snooping 312
- Switch config if ip igmp snooping max groups 500 312
- Switch config if ip igmp snooping max groups action drop 312
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 max groups 312
- Switch config interface gigabiteternet 1 0 3 312
- Switch config ip igmp snooping 312
- Switch configure 312
- The following example shows how to configure the max group as 500 and the overflow action as 312
- Configuring igmp snooping last listener query 313
- Enable port 313
- Global authentication accounting disable 313
- Global member age time 260 313
- Global report suppression disable 313
- Global router age time 300 313
- Igmp snooping enable 313
- Last query interval 5 313
- Last query times 5 313
- Listener query interval as 5 seconds 313
- Switch config ip igmp snooping 313
- Switch config ip igmp snooping last listener query count 5 313
- Switch config ip igmp snooping last listener query interval 5 313
- Switch config show ip igmp snooping 313
- Switch configure 313
- Switch copy running config startup config 313
- The following example shows how to configure the last listener query count as 5 and the last 313
- Unknown multicast pass 313
- Configuring igmp snooping parameters in the vlan 314
- Configuring router port time and member port time 314
- Dynamic router port none 314
- Enable vlan 314
- Forbidden router port none 314
- Member time 400 314
- Router time 500 314
- Static router port none 314
- Switch config end 314
- Switch config ip igmp snooping 314
- Switch config ip igmp snooping vlan config 2 3 mtime 400 314
- Switch config ip igmp snooping vlan config 2 3 rtime 500 314
- Switch config show ip igmp snooping vlan 2 314
- Switch configure 314
- Switch copy running config startup config 314
- The following example shows how to enable igmp snooping in vlan 2 and vlan 3 configure 314
- The router port time as 500 seconds and the member port time as 400 seconds 314
- Vlan id 2 314
- As the static router port 315
- Configuring static router port 315
- Dynamic router port none 315
- Forbidden router port none 315
- Member time 0 315
- Member time 400 315
- Router time 0 315
- Router time 500 315
- Static router port gi1 0 2 315
- Static router port none 315
- Switch config end 315
- Switch config ip igmp snooping 315
- Switch config ip igmp snooping vlan config 2 rport interface gigabitethernet 1 0 2 315
- Switch config show ip igmp snooping vlan 2 315
- Switch config show ip igmp snooping vlan 3 315
- Switch configure 315
- Switch copy running config startup config 315
- The following example shows how to enable igmp snooping in vlan 2 and configure port 1 0 2 315
- Vlan id 2 315
- Vlan id 3 315
- Configuring forbidden router port 316
- Dynamic router port none 316
- Forbidden router port gi1 0 4 6 316
- Forbidden router port none 316
- From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 316
- Gigabitethernet 1 0 4 6 316
- Member time 0 316
- Router time 0 316
- Static router port none 316
- Switch config end 316
- Switch config ip igmp snooping 316
- Switch config ip igmp snooping vlan config 2 router ports forbidd interface 316
- Switch config show ip igmp snooping vlan 2 316
- Switch configure 316
- Switch copy running config startup config 316
- The following example shows how to enable igmp snooping in vlan 2 and forbid port 1 0 4 6 316
- Vlan id 2 316
- 0 9 10 317
- 2 2 static gi1 0 9 10 317
- Configuring igmp snooping parameters in the multicast vlan 317
- Configuring router port time and member port time 317
- Configuring static multicast multicast ip and forward port 317
- Multicast ip vlan id addr type switch port 317
- Port 1 0 9 10 as the forward ports 317
- Switch config end 317
- Switch config ip igmp snooping 317
- Switch config ip igmp snooping vlan config 2 static 226 interface gigabitethernet 317
- Switch config show ip igmp snooping groups static 317
- Switch configure 317
- Switch copy running config startup config 317
- The following example shows how to configure 226 as the static multicast ip and specify 317
- Dynamic router port none 318
- Forbidden router port none 318
- Member time 400 318
- Multicast vlan enable 318
- Replace source ip 0 318
- Router time 500 318
- Static router port none 318
- Switch config end 318
- Switch config ip igmp snooping 318
- Switch config ip igmp snooping multi vlan config 5 mtime 400 318
- Switch config ip igmp snooping multi vlan config 5 rtime 500 318
- Switch config show ip igmp snooping multi vlan config 318
- Switch configure 318
- Switch copy running config startup config 318
- The following example shows how to configure vlan 5 as the multicast vlan set the router port 318
- Time as 500 seconds and the member port time as 400 seconds 318
- Vlan id 5 318
- As the static router port 319
- Configuring static router port 319
- Dynamic router port none 319
- Forbidden router port none 319
- Member time 260 319
- Multicast vlan enable 319
- Replace source ip 0 319
- Router time 300 319
- Static router port gi1 0 5 319
- Switch config end 319
- Switch config ip igmp snooping 319
- Switch config ip igmp snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 319
- Switch config show ip igmp snooping multi vlan config 319
- Switch configure 319
- Switch copy running config startup config 319
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 319
- Vlan id 5 319
- As the forbidden router port 320
- Configuring forbidden router port 320
- Dynamic router port none 320
- Forbidden router port gi1 0 6 320
- Gigabitethernet 1 0 6 320
- Member time 260 320
- Multicast vlan enable 320
- Replace source ip 0 320
- Router time 300 320
- Static router port none 320
- Switch config end 320
- Switch config ip igmp snooping 320
- Switch config ip igmp snooping multi vlan config 5 router ports forbidd interface 320
- Switch config show ip igmp snooping multi vlan config 320
- Switch configure 320
- Switch copy running config startup config 320
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 320
- Vlan id 5 320
- Configuring replace source ip 321
- Dynamic router port none 321
- Forbidden router port none 321
- Member time 260 321
- Multicast vlan enable 321
- Replace source ip 192 68 321
- Router time 300 321
- Source ip in the igmp packets sent by the switch with 192 68 321
- Static router port none 321
- Switch config end 321
- Switch config ip igmp snooping 321
- Switch config ip igmp snooping multi vlan config 5 replace sourceip 192 68 321
- Switch config show ip igmp snooping multi vlan config 321
- Switch configure 321
- Switch copy running config startup config 321
- The following example shows how to configure vlan 5 as the multicast vlan and replace the 321
- Vlan id 5 321
- Configuring query interval max response time and general query source ip 322
- Configuring the querier 322
- Enabling igmp querier 322
- General query source ip 192 68 322
- Maximum response time 10 322
- Query interval 60 322
- Switch config end 322
- Switch config ip igmp snooping 322
- Switch config ip igmp snooping querier vlan 4 322
- Switch config show ip igmp snooping querier 322
- Switch configure 322
- Switch copy running config startup config 322
- The following example shows how to enable igmp snooping and igmp querier in vlan 4 322
- Vlan 4 322
- General query source ip 192 68 323
- Maximum response time 20 323
- Query interval 100 323
- Source ip as 192 68 323
- Switch config end 323
- Switch config ip igmp snooping 323
- Switch config ip igmp snooping querier vlan 4 general query source ip 192 68 323
- Switch config ip igmp snooping querier vlan 4 max response time 20 323
- Switch config ip igmp snooping querier vlan 4 query interval 100 323
- Switch config show ip igmp snooping querier 323
- Switch configure 323
- Switch copy running config startup config 323
- The following example shows how to enable igmp snooping and igmp querier in vlan 4 set 323
- The query interval as 100 seconds the max response time as 20 seconds and the general query 323
- Vlan 4 323
- Configuring multicast filtering 324
- Creating profile 324
- Igmp profile 1 324
- Range 226 226 0 324
- Sent to 226 226 0 324
- Switch config igmp profile deny 324
- Switch config igmp profile range 226 226 0 324
- Switch config igmp profile show ip igmp profile 324
- Switch config ip igmp profile 1 324
- Switch config ip igmp snooping 324
- Switch configure 324
- The following example shows how to configure profile 1 so that the switch filters multicast data 324
- Binding profile to the port 325
- Igmp profile 1 325
- Multicast data sent to 226 226 0 325
- Range 226 226 0 325
- Switch config end 325
- Switch config if ip igmp filter 1 325
- Switch config if ip igmp snooping 325
- Switch config if show ip igmp profile 325
- Switch config igmp profile deny 325
- Switch config igmp profile exit 325
- Switch config igmp profile range 226 226 0 325
- Switch config interface gigabitethernet 1 0 2 325
- Switch config ip igmp profile 1 325
- Switch config ip igmp snooping 325
- Switch configure 325
- Switch copy running config startup config 325
- The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters 325
- Binding port s 326
- Enabling igmp accounting and authentication 326
- Enabling igmp authentication on the port 326
- Gi1 0 2 326
- Gi1 0 2 enable 326
- Port igmp authentication 326
- Switch config end 326
- Switch config if ip igmp snooping 326
- Switch config if ip igmp snooping authentication 326
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 2 authentication 326
- Switch config interface gigabitethernet 1 0 2 326
- Switch config ip igmp snooping 326
- Switch configure 326
- Switch copy running config startup config 326
- The following example shows how to enable igmp authentication on port 1 0 2 326
- Enabling igmp accounting globally 327
- Switch copy running config startup config 327
- Configuring mld snooping 328
- Configuring mld snooping globally 328
- Using the gui 328
- Click apply 329
- Configure unknown multicast as forward or discard 329
- Configuring router port time and member port time 329
- Enable or disable report message suppression globally 329
- Enabling report message suppression can reduce the number of packets in the network 329
- Follow these steps to configure report message suppression 329
- Follow these steps to configure the aging time of the router ports and the member ports 329
- Follow these steps to configure unknown multicast 329
- Igmp snooping and mld snooping share the setting of unknown multicast so you have to 329
- Optional configuring report message suppression 329
- Snooping config page at 329
- Specify the aging time of the member ports 329
- Specify the aging time of the router ports 329
- The same time 329
- Are sent and no report message is received the switch will delete the multicast address from the 330
- Click apply 330
- Configure the last listener query interval and last listener query count when the switch 330
- Configuring mld snooping last listener query 330
- Follow these steps to configure last listener query interval and last listener query count in the 330
- Global config section 330
- Mld snooping status table displays vlans and ports with mld snooping enabled 330
- Multicast forwarding table 330
- Receives an mld leave message if specified count of multicast address specific queries masqs 330
- Specify the interval between masqs 330
- Specify the number of masqs to be sent 330
- Verifying mld snooping status 330
- Configuring the port s basic mld snooping features 331
- Enabling mld snooping on the port 331
- Optional configuring fast leave 331
- Configuring mld snooping globally in the vlan 332
- Configuring mld snooping in the vlan 332
- And reduces network load of layer 3 devices 333
- Click create 333
- Configure the forbidden router ports in the designate vlan 333
- Configure the router ports in the designate vlan 333
- Configuring the multicast vlan 333
- Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device 333
- Follow these steps to configure static router ports in the designate vlan 333
- Follow these steps to forbid the selected ports to be the router ports in the designate vlan 333
- In old multicast transmission mode when users in different vlans apply for data from the same 333
- Layer 2 devices 333
- Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the 333
- Optional configuring the forbidden router ports in the vlan 333
- Optional configuring the static router ports in the vlan 333
- Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth 333
- With multicast vlan configured all multicast group members will be added to a vlan layer 3 333
- Configuring 802 q vlan 334
- Creating multicast vlan and configuring basic settings 334
- Enable multicast vlan configure the specific vlan to be the multicast vlan and configure 334
- In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic 334
- Multicast vlan to load the following page 334
- Set up the vlan that the router ports and the member ports are in for details please refer to 334
- Settings 334
- The router port time and member port time 334
- Click apply 335
- Configure the new multicast source ip 335
- Configure the router ports in the designate vlan 335
- Configure the router ports in the multicast vlan 335
- Follow these steps to configure static router ports in the multicast vlan 335
- Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 335
- Members in the multicast vlan section follow these steps to configure replace source ip 335
- Optional configuring the forbidden router ports 335
- Optional configuring the static router ports 335
- Optional creating replace source ip 335
- This function allows you to use a new ip instead of the source ip to send data to multicast group 335
- This table displays all the dynamic router ports in the multicast vlan 335
- Viewing dynamic router ports in the multicast vlan 335
- Click apply 336
- Configuring the querier 336
- Follow these steps to configure the querier 336
- Following page 336
- Mld snooping querier sends general query packets regularly to maintain the multicast 336
- Optional configuring the querier 336
- Querier config to load the 336
- Specify a vlan and configure the querier on this vlan 336
- Click add 337
- Configuring mld profile 337
- Create a profile and configure its filtering mode 337
- Creating profile 337
- Follow these steps to create a profile and configure its filtering mode 337
- Following page 337
- Profile config to load the 337
- The mld snooping querier table displays all the related settings of the mld querier 337
- Viewing settings of mld querier 337
- With mld profile the switch can define a blacklist or whitelist of multicast addresses so as to filter 337
- You can edit the settings in the mld snooping querier table 337
- Binding profile and member ports 338
- Editing ip range of the profile 338
- Searching profile 338
- Binding profile and member ports 339
- Click apply 339
- Configuring max groups a port can join 339
- Follow these steps to bind the profile to the port 339
- Follow these steps to configure the maximum groups a port can join and overflow action 339
- Select a port to configure its max group and overflow action 339
- Select the port to be bound and enter the profile id in the profile id column 339
- Click apply 340
- Configuring auto refresh 340
- Enable or disable auto refresh 340
- Follow these steps to configure auto refresh 340
- Packet statistic to load the following page 340
- Viewing mld statistics on each port 340
- Click apply 341
- Configuring static member port 341
- Enter the multicast ip and vlan id specify the static member port 341
- Follow these steps to configure static member port 341
- Following page 341
- Static ipv4 multicast table to load the 341
- The mld statistics table displays all kinds of mld statistics of all the ports 341
- This function allows you to specify a port as a static member port in the multicast group 341
- Viewing mld statistics 341
- Click create 342
- Enabling mld snooping globally 342
- Enabling mld snooping on the port 342
- Search option 342
- Static multicast ip table displays details of all mld static multicast groups 342
- Using the cli 342
- Viewing mld static multicast groups 342
- You can search mld static multicast entries by using multicast ip vlan id or forward port as the 342
- Configuring mld snooping parameters globally 343
- Configuring report message suppression 343
- Configuring unknown multicast 344
- Enable port 344
- Enable vlan 344
- Global member age time 260 344
- Global report suppression enable 344
- Global router age time 300 344
- Last query interval 1 344
- Last query times 2 344
- Mld snooping enable 344
- Switch config end 344
- Switch config ipv6 mld snooping 344
- Switch config ipv6 mld snooping report suppression 344
- Switch config show ipv6 mld snooping 344
- Switch configure 344
- Switch copy running config startup config 344
- The following example shows how to enable report message suppression 344
- Unknown multicast pass 344
- Configuring mld snooping parameters on the port 345
- Configuring router port time and member port time 345
- Configuring fast leave 347
- Configuring max group and overflow action on the port 347
- Gi1 0 3 enable enable 347
- Port mld snooping fast leave 347
- Switch config if end 347
- Switch config if ipv6 mld snooping 347
- Switch config if ipv6 mld snooping immediate leave 347
- Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 basic config 347
- Switch config interface gigabiteternet 1 0 3 347
- Switch config ipv6 mld snooping 347
- Switch configure 347
- Switch copy running config startup config 347
- The following example shows how to enable fast leave on port 1 0 3 347
- Drop on port 1 0 3 348
- Gi1 0 3 500 drop 348
- Port max groups overflow action 348
- Switch config if end 348
- Switch config if ipv6 mld snooping 348
- Switch config if ipv6 mld snooping max groups 500 348
- Switch config if ipv6 mld snooping max groups action drop 348
- Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 max groups 348
- Switch config interface gigabiteternet 1 0 3 348
- Switch config ipv6 mld snooping 348
- Switch configure 348
- Switch copy running config startup config 348
- The following example shows how to configure the max group as 500 and the overflow action as 348
- Configuring mld snooping last listener query 349
- Enable port 349
- Enable vlan 349
- Global member age time 260 349
- Global report suppression disable 349
- Global router age time 300 349
- Last query interval 5 349
- Last query times 5 349
- Mld snooping enable 349
- Switch config end 349
- Switch config ipv6 mld snooping 349
- Switch config ipv6 mld snooping last listener query count 5 349
- Switch config ipv6 mld snooping last listener query interval 5 349
- Switch config show ipv6 mld snooping 349
- Switch configure 349
- Switch copy running config startup config 349
- The following example shows how to configure the last listener query count as 5 and the last 349
- Unknown multicast pass 349
- Configuring mld snooping parameters in the vlan 350
- Configuring router port time and member port time 350
- Dynamic router port none 350
- Forbidden router port none 350
- Member time 400 350
- Router port time as 500 seconds and the member port time as 400 seconds 350
- Router time 500 350
- Static router port none 350
- Switch config ipv6 mld snooping 350
- Switch config ipv6 mld snooping vlan config 2 3 mtime 400 350
- Switch config ipv6 mld snooping vlan config 2 3 rtime 500 350
- Switch config show ipv6 mld snooping vlan 2 350
- Switch config show ipv6 mld snooping vlan 3 350
- Switch configure 350
- The following example shows how to enable mld snooping in vlan 2 and vlan 3 configure the 350
- Vlan id 2 350
- Vlan id 3 350
- As the static router port 351
- Configuring static router port 351
- Dynamic router port none 351
- Forbidden router port none 351
- Member time 0 351
- Member time 400 351
- Router time 0 351
- Static router port gi1 0 2 351
- Static router port none 351
- Switch config end 351
- Switch config ipv6 mld snooping 351
- Switch config ipv6 mld snooping vlan config 2 rport interface gigabitethernet 1 0 2 351
- Switch config show ipv6 mld snooping vlan 2 351
- Switch configure 351
- Switch copy running config startup config 351
- The following example shows how to enable mld snooping in vlan 2 and configure port 1 0 2 351
- Vlan id 2 351
- Configuring forbidden router port 352
- Dynamic router port none 352
- Forbidden router port gi1 0 4 6 352
- From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 352
- Gigabitethernet 1 0 4 6 352
- Member time 0 352
- Router time 0 352
- Static router port none 352
- Switch config 352
- Switch config end 352
- Switch config ipv6 mld snooping 352
- Switch config ipv6 mld snooping vlan config 2 router ports forbidden interface 352
- Switch config show ipv6 mld snooping vlan 2 352
- Switch copy running config startup config 352
- The following example shows how to enable mld snooping in vlan 2 and forbid port 1 0 4 6 352
- Vlan id 2 352
- Configuring mld snooping parameters in the multicast vlan 353
- Configuring router port time and member port time 353
- Configuring static multicast multicast ip and forward port 353
- Ff01 1234 02 2 static gi1 0 9 10 353
- Gigabitethernet 1 0 9 10 353
- Multicast ip vlan id addr type switch port 353
- Port 1 0 9 10 as the forward ports 353
- Switch config end 353
- Switch config ipv6 mld snooping 353
- Switch config ipv6 mld snooping vlan config 2 static ff01 1234 02 interface 353
- Switch config show ipv6 mld snooping groups static 353
- Switch configure 353
- Switch copy running config startup config 353
- The following example shows how to configure ff01 1234 02 as the static multicast ip and specify 353
- Dynamic router port none 354
- Forbidden router port none 354
- Member time 400 354
- Multicast vlan enable 354
- Replace source ip 354
- Router time 500 354
- Static router port none 354
- Switch config end 354
- Switch config ipv6 mld snooping 354
- Switch config ipv6 mld snooping multi vlan config 5 mtime 400 354
- Switch config ipv6 mld snooping multi vlan config 5 rtime 500 354
- Switch config show ipv6 mld snooping multi vlan 354
- Switch configure 354
- Switch copy running config startup config 354
- The following example shows how to configure vlan 5 as the multicast vlan set the router port 354
- Time as 500 seconds and the member port time as 400 seconds 354
- Vlan id 5 354
- As the static router port 355
- Configuring static router port 355
- Dynamic router port none 355
- Forbidden router port none 355
- Member time 260 355
- Multicast vlan enable 355
- Replace source ip 355
- Router time 300 355
- Static router port gi1 0 5 355
- Switch config end 355
- Switch config ipv6 mld snooping 355
- Switch config ipv6 mld snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 355
- Switch config show ipv6 mld snooping multi vlan 355
- Switch configure 355
- Switch copy running config startup config 355
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 355
- Vlan id 5 355
- As the forbidden router port 356
- Configuring forbidden router port 356
- Dynamic router port none 356
- Forbidden router port gi1 0 6 356
- Gigabitethernet 1 0 6 356
- Member time 260 356
- Multicast vlan enable 356
- Replace source ip 356
- Router time 300 356
- Static router port none 356
- Switch config end 356
- Switch config ipv6 mld snooping 356
- Switch config ipv6 mld snooping multi vlan config 5 router ports forbidden interface 356
- Switch config show ipv6 mld snooping multi vlan 356
- Switch configure 356
- Switch copy running config startup config 356
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 356
- Vlan id 5 356
- Configuring replace source ip 357
- Dynamic router port none 357
- Fe80 02ff ffff fe00 0001 357
- Forbidden router port none 357
- Member time 260 357
- Multicast vlan enable 357
- Replace source ip fe80 2ff ffff fe00 1 357
- Router time 300 357
- Source ip in the mld packets sent by the switch with fe80 02ff ffff fe00 0001 357
- Static router port none 357
- Switch config end 357
- Switch config ipv6 mld snooping 357
- Switch config ipv6 mld snooping multi vlan config 5 replace sourceip 357
- Switch config show ipv6 mld snooping multi vlan 357
- Switch configure 357
- Switch copy running config startup config 357
- The following example shows how to configure vlan 5 as the multicast vlan and replace the 357
- Vlan id 5 357
- Configuring query interval max response time and general query source ip 358
- Configuring the querier 358
- Enabling mld querier 358
- General query source ip fe80 2ff ffff fe00 1 358
- Maximum response time 10 358
- Query interval 60 358
- Switch config end 358
- Switch config ipv6 mld snooping 358
- Switch config ipv6 mld snooping querier vlan 4 358
- Switch config show ipv6 mld snooping querier 358
- Switch configure 358
- Switch copy running config startup config 358
- The following example shows how to enable mld snooping and mld querier in vlan 4 358
- Vlan 4 358
- General query source ip fe80 2ff ffff fe00 1 359
- Maximum response time 20 359
- Query interval 100 359
- Source ip as fe80 2ff ffff fe00 1 359
- Switch config end 359
- Switch config ipv6 mld snooping 359
- Switch config ipv6 mld snooping querier vlan 4 general query source ip fe80 2ff ffff fe00 1 359
- Switch config ipv6 mld snooping querier vlan 4 max response time 20 359
- Switch config ipv6 mld snooping querier vlan 4 query interval 100 359
- Switch config show ipv6 mld snooping querier 359
- Switch configure 359
- Switch copy running config startup config 359
- The following example shows how to enable mld snooping and mld querier in vlan 4 set 359
- The query interval as 100 seconds the max response time as 20 seconds and the general query 359
- Vlan 4 359
- Configuring multicast filtering 360
- Creating profile 360
- Mld profile 1 360
- Range ff01 1234 5 ff01 1234 8 360
- Sent to ff01 1234 5 ff01 1234 8 360
- Switch config ipv6 mld profile 1 360
- Switch config ipv6 mld snooping 360
- Switch config mld profile deny 360
- Switch config mld profile range ff01 1234 5 ff01 1234 8 360
- Switch config mld profile show ipv6 mld profile 360
- Switch configure 360
- The following example shows how to configure profile 1 so that the switch filters multicast data 360
- Binding profile to the port 361
- Mld profile 1 361
- Multicast data sent to ff01 1234 5 ff01 1234 8 361
- Range ff01 1234 5 ff01 1234 8 361
- Switch config end 361
- Switch config if ipv6 mld filter 1 361
- Switch config if ipv6 mld snooping 361
- Switch config if show ipv6 mld profile 361
- Switch config interface gigabitethernet 1 0 2 361
- Switch config ipv6 mld profile 1 361
- Switch config ipv6 mld snooping 361
- Switch config mld profile deny 361
- Switch config mld profile exit 361
- Switch config mld profile range ff01 1234 5 ff01 1234 8 361
- Switch configure 361
- Switch copy running config startup config 361
- The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters 361
- Using the gui 363
- Viewing ipv4 multicast snooping configurations 363
- Viewing ipv6 multicast snooping configurations 363
- Viewing multicast snooping configurations 363
- Using the cli 364
- Viewing ipv4 multicast snooping configurations 364
- Viewing ipv6 multicast snooping configurations 365
- Configuration examples 366
- Configuration scheme 366
- Example for configuring basic igmp snooping 366
- Network requirements 366
- Using the gui 367
- Port config to load the following page configure 369
- The pvid of port 1 0 1 4 as 10 369
- Using the cli 370
- Configuration file 371
- Verify the configurations 372
- Configuration scheme 373
- Example for configuring multicast vlan 373
- Network requirements 373
- Network topology 373
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 374
- Internet 374
- Using the gui and using the cli 374
- Using the gui 375
- Using the cli 377
- Configuration file 378
- Verify the configurations 379
- Example for configuring unknown multicast and fast leave 380
- Network requirement 380
- 0 2 and enable unknown multicast globally to change channel host b sends a leave message 381
- About leaving the previous channel the switch will then drop multicast data from the previous 381
- After the channel is changed the client host b still receives irrelevant multicast data the data 381
- Channel and all unknown multicast data which ensures that host b only receives multicast data 381
- Configuration scheme 381
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 381
- From the new channel and that the multicast network is unimpeded 381
- From the previous channel and possibly other unknown multicast data which increases the 381
- Internet 381
- Multicast and fast leave 381
- Network load and results in network congestion the solution to this problem is using unknown 381
- To avoid host b from receiving irrelevant multicast data the user can enable fast leave on port 381
- Using the gui and using the cli 381
- Page enable igmp snooping globally and configure unknown multicast as discard 382
- Snooping config to load the following 382
- Using the gui 382
- Enable igmp snooping on port 1 0 2 and port 1 0 4 and enable fast leave on port 1 0 2 383
- Port config to load the following page 383
- Using the cli 384
- Configuration file 385
- Verify the configurations 385
- Configuration scheme 386
- Example for configuring multicast filtering 386
- Network requirements 386
- Network topology 386
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 387
- Internet 387
- Using the gui and using the cli 387
- Using the gui 388
- Port config to load the following page configure 390
- The pvid of port 1 0 1 4 as 10 390
- Using the cli 394
- Configuration file 396
- Verify the configurations 397
- Appendix default parameters 399
- Default parameters for igmp snooping 399
- Default parameters for mld snooping 400
- Chapters 402
- Managing logical interfaces 402
- Part 12 402
- Devices interfaces are classified into physical interfaces and logical interfaces 403
- Interfaces and routing interfaces 403
- Interfaces are shown as below 403
- Interfaces of a device are used to exchange data and interact with interfaces of other network 403
- Logical interfaces are manually configured and do not physically exist such as loopback 403
- Overview 403
- Physical interfaces are the ports on the front panel or rear panel of the switch 403
- This chapter introduces the configurations for logical interfaces the supported types of logical 403
- Creating a layer 3 interface 404
- Logical interfaces configurations 404
- Using the gui 404
- Configuring ipv4 parameters of the interface 405
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 405
- In the interface list section you can view the corresponding interface entry you create 405
- In the modify interface section specify an interface id and configure relevant parameters for 405
- Section on the corresponding interface entry click edit to load the following page and configure 405
- The interface according to your actual needs then click apply 405
- The ipv4 parameters of the interface 405
- Configure the ipv6 parameters of the interface 406
- Configuring ipv6 parameters of the interface 406
- Create 406
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 406
- In the secondary ip create section configure the secondary ip for the specified interface 406
- In the secondary ip list section you can view the corresponding secondary ip entry you 406
- Section on the corresponding interface entry click edit ipv6 to load the following page and 406
- Which allows you to have two logical subnets using one physical subnet then click create 406
- Configure the ipv6 link local address of the interface manually or automatically in the link 407
- Enable ipv6 function on the interface of switch in the general config section then click 407
- Local address config section then click apply 407
- Configure one or more ipv6 global addresses of the interface via following three ways 408
- Manually 408
- Via dhcpv6 server 408
- Via ra message 408
- View the global address entry in the global address table 408
- Creating a layer 3 interface 409
- Follow these steps to create a layer 3 interface you can create a vlan interface a loopback 409
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 409
- Interface a routed port or a port channel interface according to your needs 409
- Section on the corresponding interface entry click detail to load the following page and view 409
- The detail information of the interface 409
- Using the cli 409
- Viewing detail information of the interface 409
- Switch config if description vlan 2 410
- Switch config if end 410
- Switch config interface vlan 2 410
- Switch configure 410
- Switch copy running config startup config 410
- The following example shows how to create a vlan interface with a description of vlan 2 410
- Configuring ipv4 parameters of the interface 411
- Follow these steps to configure the ipv4 parameters of the interface 411
- Setting a static ip address for the port and enabling the layer 3 capabilities 411
- Switch config if ip address 192 68 00 255 55 55 411
- Switch config if no switchport 411
- Switch config if show interface configuration gigabitethernet 1 0 1 411
- Switch config interface gigabitethernet 1 0 1 411
- Switch configure 411
- The following example shows how to configure the ipv4 parameters of a routed port including 411
- Configuring ipv6 parameters of the interface 412
- Follow these steps to configure the ipv6 parameters of the interface 412
- Gi1 0 1 192 68 00 24 static up up no 412
- Interface ip address method status protocol shutdown 412
- Switch config if end 412
- Switch config if show ip interface brief 412
- Switch copy running config startup config 412
- Global address dhcpv6 enable 413
- Global address ra disable 413
- Global unicast address es ff02 1 ff13 237b 413
- Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 413
- Of a vlan interface 413
- Switch config if ipv6 address autoconfig 413
- Switch config if ipv6 address dhcp 413
- Switch config if ipv6 enable 413
- Switch config if show ipv6 interface 413
- Switch config interface vlan 2 413
- Switch configure 413
- The following example shows how to enable the ipv6 function and configure the ipv6 parameters 413
- Vlan2 is up line protocol is up 413
- Appendix default parameters 415
- Default settings of interface are listed in the following tables 415
- Chapters 416
- Configuring static routing 416
- Part 13 416
- Overview 417
- An ipv4 static route then click create 418
- Entries 418
- In the ipv4 static route table section you can view and modify the ipv4 static routing 418
- In the ipv4 static routing config section configure the corresponding parameters to add 418
- Ipv4 static routing config to load the following 418
- Ipv4 static routing configuration 418
- Using the gui 418
- As 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 419
- C 192 68 24 is directly connected vlan1 419
- Candidate default 419
- Codes c connected s static 419
- Follow these steps to create an ipv4 static route 419
- S 192 68 24 1 0 via 192 68 vlan1 419
- Switch config end 419
- Switch config ip route 192 68 255 55 55 192 68 419
- Switch config show ip route 419
- Switch configure 419
- Switch copy running config startup config 419
- The following example shows how to create an ipv4 static route with the destination ip address 419
- Using the cli 419
- Ipv6 static routing configuration 420
- Using the gui 420
- As 3200 64 and the next hop address as 3100 1234 421
- Candidate default 421
- Codes c connected s static 421
- Follow these steps to enable ipv6 routing function and create an ipv6 static route 421
- Switch config ipv6 route 3200 64 3100 1234 421
- Switch config show ipv6 route static 421
- Switch configure 421
- The following example shows how to create an ipv6 static route with the destination ip address 421
- Using the cli 421
- Using the gui 423
- Viewing ipv4 routing table 423
- Viewing ipv6 routing table 423
- Viewing routing table 423
- On privileged exec mode or any other configuration mode you can use the following command 424
- To view ipv4 routing table 424
- To view ipv6 routing table 424
- Using the cli 424
- View the ipv6 routes in the ipv6 routing information summary section 424
- Viewing ipv4 routing table 424
- Viewing ipv6 routing table 424
- A as an example 425
- As shown below host a and host b are on different network segments to meet business needs 425
- Configuration scheme 425
- Create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as 425
- Demonstrated with t1600g 52ts the following sections provide configuration procedure in two 425
- Ensure stable connectivity 425
- Example for static routing 425
- Host a and host b need establish a connection without using dynamic routing protocols to 425
- Interface config to load the following page 425
- Network requirements 425
- Switch b so that hosts on different network segments can communicate with each other 425
- The configurations of switch a and switch b are similar the following introductions take switch 425
- The default gateway of host b as 10 24 and configure ipv4 static routes on switch a and 425
- To implement this requirement you can configure the default gateway of host a as 10 24 425
- Using the gui 425
- Ways using the gui and using the cli 425
- Using the cli 426
- Configuration file 427
- Switch a 428
- Verify the configurations 428
- Connectivity between switch a and switch b 429
- Switch b 429
- Appendix default parameter 430
- Default setting of static routing is listed in the following table 430
- A relay agent and forwards dhcp packets between dhcp clients and dhcp servers on different 432
- Dhcp relay is used to process and forward dhcp packets between different subnets 432
- Dhcp relay solves this problem as the following figure shows the dhcp relay device acts as 432
- Equipped with a dhcp server thus increasing the costs of network construction 432
- Overview 432
- Requires that the client and the server should be on the same lan therefore each lan should be 432
- Since the client requests a dynamic ip address via broadcast the basic network model of dhcp 432
- Subnets so that dhcp clients on different subnets can share one dhcp server 432
- Dhcp relay configuration 433
- Enabling dhcp relay and configuring option 82 433
- Using the gui 433
- And then enter the server address of the interface 434
- Click apply 434
- Click create to specify the dhcp server for the interface 434
- Dhcp server to load the following page 434
- Follow these steps to specify dhcp server for the interface 434
- In the add dhcp server address section select the interface type and enter the interface id 434
- Specifying dhcp server for the interface 434
- Configuring option 82 435
- Dhcp relay is enabled 435
- Enabling dhcp relay 435
- Follow these steps to configure option 82 435
- Follow these steps to enable dhcp relay 435
- Switch config end 435
- Switch config service dhcp relay 435
- Switch config show ip dhcp relay 435
- Switch configure 435
- Switch copy running config startup config 435
- The following example shows how to enable dhcp relay 435
- Using the cli 435
- Dhcp relay option 82 is enabled 436
- Existed option 82 field operation keep 436
- Information as keep 436
- Switch config end 436
- Switch config ip dhcp relay information 436
- Switch config ip dhcp relay information policy keep 436
- Switch config show ip dhcp relay 436
- Switch configure 436
- Switch copy running config startup config 436
- The following example shows how to enable option 82 and configure the process of option 82 436
- Follow these steps to specify dhcp server for the interface 437
- Specifying dhcp server for the interface 437
- Switch config if ip helper address 192 68 437
- Switch config interface vlan 66 437
- Switch configure 437
- The following example shows how to configure the dhcp server address as 192 68 on vlan 437
- A company wants to assign ip addresses to all computers in two departments and there is only 439
- Add all computers in the r d department to vlan 20 for details refer to configuring 802 q 439
- Before dhcp relay configurations create two dhcp server pools on the dhcp server one is 439
- Belong to vlan 10 which is connected to the switch via port 1 0 8 the interface address of vlan 439
- Configuration example 439
- Configuration scheme 439
- Configure 802 q vlan add all computers in the marketing department to vlan 10 and 439
- Connected to the dhcp relay switch via port 1 0 5 and its ip address is 192 68 9 24 439
- Dhcp clients 439
- Enables dhcp clients from different subnets to share one dhcp server 439
- In the given situation the dhcp relay feature can satisfy the requirement because dhcp relay 439
- Is 192 68 24 computers in the r d department belong to vlan 20 which is connected to 439
- Network requirements 439
- On 192 68 24 and the other is on 192 68 24 make sure the dhcp server can reach all 439
- One dhcp server available it is required that computers in the same department should be on 439
- The network topology is as the following figure shows computers in the marketing department 439
- The overview of the configurations are as follows 439
- The same subnet while computers in different departments should be on different subnets 439
- The switch via port 1 0 16 the interface address of vlan 20 is 192 68 24 the dhcp server is 439
- Using the gui 440
- Using the cli 441
- Verify the configurations 441
- Appendix default parameters 442
- Default settings of dhcp relay are listed in the following table 442
- Arp address resolution protocol is used to map ip addresses to mac addresses taking an 444
- Association in an arp entry for rapid retrieval 444
- Ip address as input arp learns the associated mac address and stores the ip mac address 444
- Overview 444
- Adding static arp entries manually 445
- Arp configurations 445
- Using the gui 445
- Viewing the arp entries 445
- Adding static arp entries 446
- Configuring arp function 446
- Follow these steps to add arp entries 446
- Follow these steps to add static arp entries 446
- In the arp config section enter the ip address and mac address and click create 446
- Static arp to load the following page 446
- Using the cli 446
- 11 22 33 44 55 447
- Configuring the aging time of dynamic arp entries 447
- Follow these steps to configure the aging time of dynamic arp entries 447
- Interface address hardware addr type 447
- Switch config arp 192 68 00 11 22 33 44 55 arpa 447
- Switch config end 447
- Switch config show arp 192 68 447
- Switch configure 447
- Switch copy running config startup config 447
- This example shows how to create a static arp entry with the ip as 192 68 and the mac as 447
- Vlan1 192 68 00 11 22 33 44 55 static 447
- Clearing dynamic entries 448
- Switch config if arp timeout 1000 448
- Switch config if end 448
- Switch config interface vlan 2 448
- Switch configure 448
- Switch copy running config startup config 448
- This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for 448
- Vlan interface 2 448
- On privileged exec mode or any other configuration mode you can use the following command to view arp entries 449
- Viewing arp entries 449
- Chapters 450
- Configuring qos 450
- Part 16 450
- Bandwidth control 451
- Diffserv 451
- Overview 451
- Supported features 451
- Configuration guidelines 452
- Diffserv configuration 452
- Configure the tag id cos id tc mapping relations 453
- Configuring 802 p priority 453
- Configuring priority mode 453
- Follow these steps to configure the 802 p priority 453
- P priority to load the following page 453
- The instructions of the three priority modes are described respectively in this section 453
- Using the gui 453
- 2p priority 454
- Click apply 454
- Configure the dscp tc mapping relations 454
- Configuring dscp priority 454
- Dscp priority to load the following page 454
- Enable dscp priority and click apply dscp priority is disabled by default 454
- Follow these steps to configure the dscp priority 454
- 2p priority 455
- Click apply 455
- Configuring port priority 455
- Follow these steps to configure the port priority 455
- Port priority to load the following page 455
- Select the desired port or lag to set its priority 455
- Click apply 456
- Configure the schedule mode to control the forwarding sequence of different tc queues when 456
- Configuring schedule mode 456
- Congestion occurs 456
- Follow these steps to configure the schedule mode 456
- Schedule mode to load the following page 456
- Select a schedule mode 456
- Click apply 457
- Configuring 802 priority 457
- Configuring priority mode 457
- Optional configure the weight value of the each tc queue if the schedule mode is wrr of 457
- Sp wrr 457
- The instructions of the three priority modes are described respectively in this section 457
- Using cli 457
- Configuring dscp priority 458
- Dscp priority is disabled 458
- P priority is enabled 458
- Switch config end 458
- Switch config qos queue cos map 2 0 458
- Switch config show qos cos map 458
- Switch config show qos status 458
- Switch configure 458
- Switch copy running config startup config 458
- Tag 0 1 2 3 4 5 6 7 458
- Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 458
- The following example shows how to map cos2 to tc0 and keep other cos id tc as default 458
- Relations as default 459
- Switch config qos queue dscp map 10 14 0 459
- Switch config show qos cos map 459
- Switch configure 459
- Tag 0 1 2 3 4 5 6 7 459
- Tc tc1 tc0 tc2 tc3 tc4 tc5 tc6 tc7 459
- The following example shows how to map dscp values 10 14 to tc1 and keep other mapping 459
- Configuring port priority 460
- Cos cos1 cos1 cos0 cos0 cos0 cos0 cos0 cos1 460
- Dscp 8 9 10 11 12 13 14 15 460
- Dscp priority is enabled 460
- P priority is disabled 460
- Queue based on port priority 460
- Select the desired port to set the priority packets from this ingress port are mapped to the tc 460
- Switch config end 460
- Switch config show qos dscp map 460
- Switch config show qos status 460
- Switch copy running config startup config 460
- Configuring schedule mode 462
- Different tc queues when congestion occurs 462
- Follow these steps to configure the schedule mode to control the forwarding sequence of 462
- Bandwidth control configuration 464
- Configuring rate limit 464
- Using the gui 464
- Click apply 465
- Configuring storm control 465
- Follow these steps to configure the storm control function 465
- Multicast packets and ul frames 465
- Select the port s and configure the upper rate limit for forwarding broadcast packets 465
- Storm control to load the following page 465
- Click apply 466
- Configure the upper rate limit for the port to receive and send packets 466
- Configuring rate limit on port 466
- Using the cli 466
- And unknown unicast frames 467
- Configure the upper rate limit on the port for forwarding broadcast packets multicast packets 467
- Configuring storm control 467
- Gi1 0 5 5120 1024 n a 467
- Kbps for port 1 0 5 467
- Port ingressrate kbps egressrate kbps lag 467
- Switch config if bandwidth ingress 5120 egress 1024 467
- Switch config if end 467
- Switch config if show bandwidth interface gigabitethernet 1 0 5 467
- Switch config interface gigabitethernet 1 0 5 467
- Switch configure 467
- Switch copy running config startup config 467
- The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 467
- Configuration examples 470
- Configuration scheme 470
- Example for configuring sp mode 470
- Network requirements 470
- Using the gui 471
- Using the cli 472
- Configuration files 473
- Verify the configuration 473
- Both rd department and marketing department can access the local network server configure 474
- Example for configuring wrr mode 474
- Network requirements 474
- Scheduler mode sp weight unusable in sp mode 474
- Switch a marketing department is connected to port 1 0 2 of switch a the server is connected 474
- Switch b is a layer 3 switch with acl redirect feature rd department is connected to port 1 0 1 of 474
- Switch config show qos queue mode 474
- The network topology is shown as the following figure switch a is an access layer switch and 474
- The switches to ensure the traffic from the two departments are forwarded based on the weight 474
- To port 1 0 2 of switch b and port 1 0 3 of switch a is connected to port 1 0 1 of switch b 474
- Value ratio of 2 1 when congestion occurs 474
- Verify the schedule mode 474
- Configuration scheme 475
- Configurations for switch a demonstrated with t1600g 52ts 475
- Using the gui 475
- Configurations for switch b demonstrated with t3700g 28tq 477
- Configurations for switch a demonstrated with t1600g 52ts 483
- Using the cli 483
- Configurations for for switch b demonstrated with t3700g 28tq 484
- Configuration file 486
- Switch a 486
- Switch b 486
- Switch a 488
- Switch b 488
- Verify the configuration 488
- Appendix default parameters 490
- Diffserv 490
- Disabled see table 5 4 for dscp cos id mapping relations 490
- Enabled see table 5 3 for tag id cos id tc mapping relations 490
- Bandwidth control 491
- Chapters 492
- Configuring voice vlan 492
- Part 17 492
- Overview 493
- Overview 3 configuration example 493
- Part 17 493
- Voice vlan configuration 4 appendix default parameters 493
- Because the voice vlan in automatic mode supports only tagged voice traffic you need to 495
- Before configuring voice vlan you need to create a vlan for voice traffic for details about 495
- Configuration guidelines 495
- Configure voice vlan globally 495
- Configure voice vlan mode on ports 495
- Create a vlan 495
- Id and the link type of the port which is connected to voice devices we recommend that 495
- Make sure traffic from the voice device is tagged to do so there are mainly two ways 495
- Only one vlan can be set as the voice vlan on the switch 495
- Optional configure oui addresses 495
- To apply the voice vlan configuration you may need to further configure pvid port vlan 495
- To complete the voice vlan configuration follow these steps 495
- Vlan 1 is a default vlan and cannot be configured as the voice vlan 495
- Vlan configuration please refer to configuring 802 q vlan 495
- Voice vlan configuration 495
- You can configure the voice device to forward traffic with a voice vlan tag 495
- You choose the mode according to your needs and configure the port as the following table 495
- Optional configuring oui addresses 496
- Using the gui 496
- Click apply 497
- Click create to add an oui address to the table 497
- Configuring voice vlan globally 497
- Configuring voice vlan mode on ports 497
- Enable the voice vlan feature and enter a vlan id 497
- Follow these steps to configure the voice vlan globally 497
- Global config to load the following page 497
- Port config to load the following page 497
- Set the aging time for the voice vlan 497
- Specify a priority for the voice vlan 497
- Follow these steps to configure voice vlan mode on ports 498
- Select your desired ports and choose the port mode 498
- Click apply 499
- Follow these steps to configure the voice vlan 499
- Set the security mode for selected ports 499
- Using the cli 499
- Configuration example 503
- Configuration scheme 503
- Network requirements 503
- Network topology 503
- B ports connected to ip phones use the voice vlan for voice traffic and ports connected to 504
- Computers use the default vlan for data traffic 504
- Configurations for switch a 504
- Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways 504
- Following page create vlan 10 504
- In the meeting room computers and ip phones are connected to different ports of switch 504
- Internet 504
- Switch c 504
- Using the gui 504
- Using the gui and using the cli 504
- Vlan config and click create to load the 504
- Voice traffics from switch a and switch b are forwarded to voice gateway and internet through 504
- Following page add port 1 0 2 to the voice vlan 506
- Vlan config and edit vlan 10 to load the 506
- Configurations for switch b 508
- Configurations for switch c 510
- Configurations for switch a 511
- Using the cli 511
- Configurations for switch b 512
- Configurations for switch c 513
- Switch a 513
- Verify the configurations 513
- Switch b 514
- Switch c 514
- Appendix default parameters 515
- Default settings of voice vlan are listed in the following tables 515
- Description 515
- Chapters 516
- Configuring acl 516
- Part 18 516
- Acl binding 517
- Overview 517
- Policy binding 517
- Supported features 517
- Acl configurations 518
- Creating an acl 518
- Using the gui 518
- Configuring acl rules 519
- Configuring the mac acl rule 519
- Click apply 520
- Configure the rule s packet matching criteria 520
- Configuring the standard ip acl rule 520
- Follow these steps to create the standard ip acl rule 520
- For the matched packets 520
- Select a standard ip acl from the drop down list enter a rule id and specify the operation 520
- Standard i 520
- Standard ip acl to load the following page 520
- Tandard i 520
- Click apply 521
- Configure the rule s packet matching criteri 521
- Configure the rule s packet matching criteria 521
- Configuring the extend ip acl rule 521
- Extend ip ac 521
- Extend ip acl to load the following page 521
- Follow these steps to create the extend ip acl rule 521
- Select an extend ip acl from the drop down list enter a rule id and specify the operation for 521
- The matched packets 521
- Click apply 522
- Configuring the ipv6 acl rule 522
- Follow these steps to create the ipv6 acl rule 522
- Ipv6 acl to load the following page 522
- Select an ipv6 acl from the drop down list enter a rule id and specify the operation for the 522
- Acl rule or change the matching order if needed 523
- By default a rule configured earlier is listed before a rule configured later the switch matches a 523
- Click apply 523
- Configure the rule s packet matching criteri 523
- In the acl rule table you can view all the acls and their rules you can also delete an acl or an 523
- Process and performs the action defined in the rule 523
- Received packet with the rules in order when a packet matches a rule the device stops the match 523
- The rules in an acl are listed in ascending order of configuration time regardless of their rule ids 523
- Verifying the rule table 523
- Applying an acl to the policy 524
- Configuring policy 524
- Creating a policy 524
- Binding the acl to a port 525
- Configuring the acl binding 525
- Configuring the acl binding and policy binding 525
- Binding the acl to a vlan 526
- Binding the policy to a port 526
- Configuring the policy binding 526
- Follow these steps to bind the acl to a vlan 526
- Processed according to this policy 526
- Select the acl and enter the vlan id and click appl 526
- Vlan binding to load the following page 526
- You can bind the policy to a port or a vlan the received packets will then be matched and 526
- Binding the policy to a vlan 527
- Existing entries if needed 527
- Follow these steps to bind the policy to a port 527
- Follow these steps to bind the policy to a vlan 527
- Select the acl and enter the vlan id and clic 527
- Select the policy and the port to be bound and clic 527
- Verifying the acl binding 527
- Verifying the binding configuration 527
- Vlan binding to load the following page 527
- You can view both port binding and vlan binding entries in the table you can also delete 527
- Verifying the policy binding 528
- Addresses protocol type and so on 529
- Binding table to load the following page 529
- Configuring acl 529
- Configuring the mac acl 529
- Follow the steps to create different types of acl and configure the acl rules 529
- Using the cli 529
- You can define the rules based on source or destination ip addresses source or destination mac 529
- Configuring the standard ip acl 530
- Mac access list 50 530
- Rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 530
- Switch config mac access list 50 530
- Switch config mac acl end 530
- Switch config mac acl rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 530
- Switch config mac acl show access list 50 530
- Switch configure 530
- Switch copy running config startup config 530
- The following example shows how to create mac acl 50 and configure rule 1 to permit packets 530
- With source mac address 00 34 a2 d4 34 b5 530
- Packets with source ip address 192 68 00 531
- Rule 1 permit sip 192 68 00 smask 255 55 55 55 531
- Standard ip access list 600 531
- Switch config access list create 600 531
- Switch config end 531
- Switch config rule 1 permit sip 192 68 00 smask 255 55 55 55 531
- Switch config show access list 600 531
- Switch configure 531
- Switch copy running config startup config 531
- The following example shows how to create standard ip acl 600 and configure rule 1 to permit 531
- Configuring the extend ip acl 532
- Extended ip access list 1700 532
- Protocol 6 d port 23 532
- Switch config access list create 1700 532
- Switch config access list extended 1700 rule 7 deny sip 192 68 00 smask 255 55 55 55 532
- Switch config show access list 1700 532
- Switch configure 532
- Telnet packets with source ip192 68 00 532
- The following example shows how to create extend ip acl 1700 and configure rule7 to deny 532
- Configuring the ipv6 acl 533
- Rule 7 deny sip 192 68 00 smask 255 55 55 55 protocol 6 d port 23 533
- Switch config end 533
- Switch copy running config startup config 533
- Cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 534
- Configuring policy 534
- Follow the steps below to create a policy and configure the policy actions 534
- Ipv6 access list 3600 534
- Rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff ff ffff ffff 534
- Switch config access list create 3600 534
- Switch config access list ipv6 3600 rule 1 deny sip 534
- Switch config end 534
- Switch config show access list 3600 534
- Switch configure 534
- Switch copy running config startup config 534
- The following example shows how to create ipv6 acl 3600 and configure rule 1 to deny packets 534
- With source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 534
- Access list 600 535
- Acl binding 535
- Acl binding and policy binding 535
- Policy name rd 535
- Processed according to the acl rules 535
- Switch config access list policy action rd 600 535
- Switch config access list policy name rd 535
- Switch config action exit 535
- Switch config end 535
- Switch config show access list policy rd 535
- Switch configure 535
- Switch copy running config startup config 535
- Takes effect only after they are bound to a port or vlan 535
- The following example shows how to create policy rd and apply acl 600 to policy rd 535
- You can bind the acl to a port or a vlan the received packets will then be matched and 535
- You can select acl binding or policy binding according to your needs an acl rule and policy 535
- Policy binding 536
- 2 ingress vlan 537
- Gi1 0 2 ingress port 537
- Index acl id interface vid direction type 537
- Index policy name interface vid direction type 537
- Policy nam 537
- Port port lis 537
- Switch config if access list bind policy 1 537
- Switch config if access list bind policy 2 537
- Switch config if end 537
- Switch config if exit 537
- Switch config if show access list bind 537
- Switch config interface gigabitethernet 1 0 2 537
- Switch config interface vlan 2 537
- Switch configure 537
- Switch copy running config startup config 537
- The following example shows how to bind policy 1 to port 2 and policy 2 to vlan 2 537
- Vlan i 537
- 0 1 and the server group is connected to the switch via port 1 0 2 538
- A company s server group can provide different types of services it is required that 538
- And configuring rules for it 538
- As shown below computers in the marketing department are connected to the switch via port 538
- Configuration example for acl 538
- Configuration scheme 538
- Network requirements 538
- Network topology 538
- The marketing department can only access the server group 538
- The marketing department can only visit http and https websites on the internet 538
- To meet the requirements above you can configure packet filtering by creating an extend ip acl 538
- Binding configuration 539
- Configuring acl 539
- Using the gui 539
- Or udp 53 dns service port 541
- Policy create to load the following page configure 541
- Rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 541
- Using the cli 543
- Verify the configurations 544
- Index acl id interface vid direction type 545
- Appendix default parameters 546
- For extend ip acl 546
- For ipv6 acl 546
- For mac acl 546
- For standard ip acl 546
- Chapters 547
- Configuring network security 547
- Part 19 547
- Dhcp snooping 548
- Ip mac binding 548
- Network security 548
- Overview 548
- Supported features 548
- Arp inspection 549
- Dos defend 550
- Binding entries manually 552
- Ip mac binding configurations 552
- Using the gui 552
- And the connected port number of the host you can bind these entries conveniently 553
- Arp scanning 553
- Arp scanning to load the following 553
- Binding entries dynamically 553
- Click bind 553
- Select protect type for the entry 553
- Select the port that is connected to this host 553
- The binding entries can be dynamically learned from arp scanning and dhcp snooping 553
- Upon receiving the arp reply packet the switch can get the ip address mac address vlan id 553
- With arp scanning the switch sends the arp request packets of the specified ip field to the hosts 553
- Dhcp snooping 554
- Follow these steps to configure ip mac binding via arp scanning 554
- For instructions on how to configure dhcp snooping refer to dhcp snooping configurations 554
- Host and record the ip address mac address vlan id and the connected port number of the 554
- In the scanning option section specify an ip address range and a vlan id then click scan 554
- In the scanning result section select one or more entries and configure the relevant 554
- Parameters then click apply 554
- To scan the entries in the specified ip address range and vlan 554
- With dhcp snooping enabled the switch can monitor the ip address obtaining process of the 554
- Binding table to load the following 555
- In the binding table section you can view the searched entries additionally you can configure 555
- In the search section specify the search criteria to search your desired entries 555
- The host name and protect type for one or more entries and click apply 555
- Viewing the binding entries 555
- With the binding table you can view and search the specified binding entries 555
- Binding entries manually 556
- Binding entries via arp scanning is not supported by the cli binding entries via dhcp snooping 556
- Entries manually and view the binding entries 556
- Follow these steps to manually bind entries 556
- Is introduced in dhcp snooping configurations the following sections introduce how to bind 556
- The condition that you have got the related information of the hosts 556
- Using the cli 556
- You can manually bind the ip address mac address vlan id and the port number together on 556
- 68 5 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this 557
- Entry for the arp detection feature 557
- Gigabitethernet 1 0 5 arp detection 557
- Host1 192 68 5 aa bb cc dd ee ff 10 gi1 0 5 arp d 557
- On privileged exec mode or any other configuration mode you can use the following command 557
- Switch config end 557
- Switch config ip source binding host1 192 68 5 aa bb cc dd ee ff vlan 10 interface 557
- Switch config show ip source binding 557
- Switch configure 557
- Switch copy running config startup config 557
- The following example shows how to bind an entry with the hostname host1 ip address 557
- To view binding entries 557
- U no host ip addr mac addr vid port acl col 557
- Viewing binding entries 557
- Dhcp snooping configuration 558
- Enabling dhcp snooping on vlan 558
- Using the gui 558
- Click apply 559
- Configuring dhcp snooping on ports 559
- Enable dhcp snooping on a vlan or range of vlans 559
- Follow these steps to configure dhcp snooping on the specified port 559
- Follow these steps to enable dhcp snooping 559
- Globally enable dhcp snooping 559
- Port config to load the following 559
- Select one or more ports and configure the parameters 559
- Click apply 560
- Distribution way 560
- Follow these steps to configure option 82 560
- Following page 560
- Location of the dhcp client via option 82 the dhcp server supporting option 82 can also set 560
- Option 82 config to load the 560
- Option 82 records the location of the dhcp client the switch can add option 82 to the dhcp 560
- Optional configuring option 82 560
- Request packet and then transmit the packet to the dhcp server administrators can check the 560
- Select one or more ports and configure the parameters 560
- The distribution policy of ip addresses and other parameters providing a more flexible address 560
- Click apply 561
- Follow these steps to globally configure dhcp snooping 561
- Globally configuring dhcp snooping 561
- Using the cli 561
- Configuring dhcp snooping on ports 562
- Follow these steps to configure dhcp snooping on the specified ports 562
- Global status enable 562
- Switch config if end 562
- Switch config ip dhcp snooping 562
- Switch config ip dhcp snooping vlan 5 562
- Switch config show ip dhcp snooping 562
- Switch configure 562
- Switch copy running config startup config 562
- The following example shows how to enable dhcp snooping globally and on vlan 5 562
- Vlan id 5 562
- Optional configuring option 82 563
- As replace the circuit id as vlan20 and the remote id as host1 564
- Follow these steps to configure option 82 564
- Switch config if ip dhcp snooping information option 564
- Switch config interface gigabitethernet 1 0 7 564
- Switch configure 564
- The following example shows how to enable option 82 on port 1 0 7 and configure the strategy 564
- Arp inspection configurations 566
- Configuring arp detection 566
- Using the gui 566
- Configuring arp defend 567
- Click apply 568
- To locate the network malfunction and take the related protection measures 568
- Viewing arp statistics 568
- You can view the number of the illegal arp packets received on each port which facilitates you 568
- Configuring arp detection 569
- Using the cli 569
- A trusted port 570
- Arp detection global status enabled 570
- Configuration complete ip mac binding configuration for details refer to ip mac binding 570
- Configurations 570
- Follow these steps to configure arp detection 570
- Gi1 0 1 yes 570
- Gi1 0 2 no 570
- Port trusted 570
- Switch config if end 570
- Switch config if ip arp inspection trust 570
- Switch config if show ip arp inspection 570
- Switch config interface gigabitethernet 1 0 1 570
- Switch config ip arp inspection 570
- Switch configure 570
- The following example shows how to globally enable arp detection and configure port 1 0 1 as 570
- Configuring arp defend 571
- Follow these steps to configure arp defend 571
- Rate as 20 pps on port 1 0 2 571
- Switch config if ip arp inspection 571
- Switch config if ip arp inspection limit rate 20 571
- Switch config interface gigabitethernet 1 0 2 571
- Switch configure 571
- Switch copy running config startup config 571
- The following example shows how to enable arp defend and configure the arp inspection limit 571
- To avoid arp attack flood 571
- When the transmission speed of the legal arp packet on the port exceeds the defined value so as 571
- With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds 571
- Viewing arp statistics 572
- Dos defend configuration 573
- Dos defend to load the following page 573
- Follow these steps to configure dos defend 573
- Following table introduces each type of dos attack 573
- In the configure section enable dos protection 573
- In the defend table section select one or more defend types according to your needs the 573
- Using the gui 573
- Click apply 574
- Follow these steps to configure dos defend 574
- Using the cli 574
- Switch config ip dos prevent 575
- Switch config ip dos prevent type land 575
- Switch configure 575
- The following example shows how to enable the dos defend type named land 575
- Configuring 802 x globally 577
- Using the gui 577
- X configuration 577
- In the authentication config section enable quiet configure the quiet timer and click 578
- In the global config section enable 802 x globally and click apply 578
- Configure 802 x authentication on the desired port and click apply 579
- Configuring 802 x on ports 579
- Port config to load the following page 579
- Adding the radius server 580
- Configuring the radius server 580
- Enabling aaa function 580
- Configuring the radius server group 581
- Group and click add 581
- In the add new server group section specify the name and server type for the new server 581
- Select the newly added group and click edit in the operation column 581
- Server group to load the following page 581
- Configuring 802 x globally 582
- Configuring the dot1x list 582
- Using the cli 582
- Configuring 802 x on ports 584
- Control type as port based and configure the control mode as auto 585
- Switch config if dot1x 585
- Switch config if dot1x port control auto 585
- Switch config if dot1x port method port based 585
- Switch config interface gigabitethernet 1 0 2 585
- Switch configure 585
- The following example shows how to enable 802 x authentication on port 1 0 2 configure the 585
- Configuring the radius server 586
- Follow these steps to configure radius 586
- Gi1 0 2 enabled disabled auto port based unauthorized n a 586
- Port state guestvlan portcontrol portmethod authorized lag 586
- Switch config if end 586
- Switch config if show dot1x interface gigabitethernet 1 0 2 586
- Switch copy running config startup config 586
- Accounting port is 1813 587
- Named radius1 and apply this server group to the 802 x authentication the ip address of the 587
- Radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the 587
- Server ip auth port acct port timeout retransmit shared key 587
- Switch aaa enable 587
- Switch aaa group exit 587
- Switch aaa group server 192 68 00 587
- Switch config aaa accounting dot1x default radius1 587
- Switch config aaa authentication dot1x default radius1 587
- Switch config aaa group radius radius1 587
- Switch config radius server host 192 68 00 key 123456 auth port 1812 acct port 1813 587
- Switch configure 587
- Switch show radius server 587
- The following example shows how to enable aaa add a radius server to the server group 587
- Aaa configuration 589
- Configuration guidelines 589
- Adding servers 590
- Globally enabling aaa 590
- Using the gui 590
- Adding radius server 591
- Follow these steps to add a radius server 591
- In the server config section configure the following parameters 591
- Radius conifg to load the following page 591
- Adding tacacs server 592
- Click add to add the radius server on the switch 592
- Click add to add the tacacs server on the switch 592
- Configuring server groups 592
- Follow these steps to add a tacacs server 592
- Group you can add new server groups as needed 592
- In the server config section configure the following parameters 592
- Servers the servers running the same protocol are automatically added to the default server 592
- Tacacs conifg to load the following page 592
- The switch has two built in server groups one for radius servers and the other for tacacs 592
- Configuring the method list 594
- And enable list 595
- Click add to add the new method 595
- Configuring the aaa application list 595
- Follow these steps to configure the aaa application list 595
- Global config to load the following page 595
- In the aaa application list section select an access application and configure the login list 595
- In the add method list section configure the parameters for the method to be added 595
- You can edit the default methods or follow these steps to add a new method 595
- Configuring login account and enable password 596
- On the server 596
- On the switch 596
- Aaa global status enable 597
- Adding radius server 597
- Adding servers 597
- Follow these steps to add radius server on the switch 597
- Follow these steps to globally enable aaa 597
- Globally enabling aaa 597
- Servers are added the server with the highest priority authenticates the users trying to access the 597
- Switch and the others act as backup servers in case the first one breaks down 597
- Switch config aaa enable 597
- Switch config end 597
- Switch config show aaa global 597
- Switch configure 597
- Switch copy running config startup config 597
- The following example shows how to globally enable aaa 597
- Using the cli 597
- You can add one or more radius tacacs servers on the switch for authentication if multiple 597
- 68 0 1812 1813 8 3 123456 598
- Seconds and the retransmit number as 3 598
- Server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 598
- Server ip auth port acct port timeout retransmit shared key 598
- Switch config end 598
- Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 598
- Switch config show radius server 598
- Switch configure 598
- Switch copy running config startup config 598
- The following example shows how to add a radius server on the switch set the ip address of the 598
- 68 0 49 8 123456 599
- Adding tacacs server 599
- Follow these steps to add tacacs server on the switch 599
- Of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the 599
- Server ip port timeout shared key 599
- Switch config end 599
- Switch config show tacacs server 599
- Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 599
- Switch configure 599
- Switch copy running config startup config 599
- The following example shows how to add a tacacs server on the switch set the ip address 599
- Timeout as 8 seconds 599
- Configuring server groups 600
- Existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 600
- Running the same protocol are automatically added to the default server group you can add new 600
- Server groups as needed 600
- Switch aaa group end 600
- Switch aaa group server 192 68 0 600
- Switch aaa group show aaa group radius1 600
- Switch config aaa group radius radius1 600
- Switch configure 600
- Switch copy running config startup config 600
- The following example shows how to create a radius server group named radius1 and add the 600
- The switch has two built in server groups one for radius and the other for tacacs the servers 600
- The two default server groups cannot be deleted or edited follow these steps to add a server 600
- A method list describes the authentication methods and their sequence to authenticate the 601
- And enable method list for guests to get administrative privileges 601
- Configuring the method list 601
- Default local 601
- Follow these steps to configure the method list 601
- Login1 radius local 601
- Methodlist pri1 pri2 pri3 pri4 601
- Switch config aaa authentication login login1 radius local 601
- Switch config show aaa authentication login 601
- Switch configure 601
- The following example shows how to create a login method list named login1 and configure 601
- The method 1 as the default radius server group and the method 2 as local 601
- Users the switch supports login method list for users of all types to gain access to the switch 601
- And http 602
- Configuring the aaa application list 602
- Default local 602
- Enable1 radius local 602
- Follow these steps to apply the login and enable method lists for the application telnet 602
- Methodlist pri1 pri2 pri3 pri4 602
- Switch config aaa authentication enable enable1 radius local 602
- Switch config end 602
- Switch config show aaa authentication enable 602
- Switch configure 602
- Switch copy running config startup config 602
- Telnet 602
- The following example shows how to create an enable method list named enable1 and configure 602
- The method 1 as the default radius server group and the method 2 as local 602
- You can configure authentication method lists on the following access applications telnet ssh 602
- Enable method list named enable1 for the application telnet 603
- Follow these steps to apply the login and enable method lists for the application ssh 603
- Http default default 603
- Module login list enable list 603
- Ssh default default 603
- Switch config line enable authentication enable1 603
- Switch config line end 603
- Switch config line login authentication login1 603
- Switch config line show aaa global 603
- Switch config line telnet 603
- Switch configure 603
- Switch copy running config startup config 603
- Telnet login1 enable1 603
- The following example shows how to apply the existing login method list named login1 and 603
- Enable method list named enable1 for the application ssh 604
- Follow these steps to apply the login and enable method lists for the application http 604
- Http default default 604
- Module login list enable list 604
- Ssh login1 enable1 604
- Switch config line enable authentication enable1 604
- Switch config line end 604
- Switch config line login authentication login1 604
- Switch config line show aaa global 604
- Switch config line ssh 604
- Switch configure 604
- Switch copy running config startup config 604
- Telnet default default 604
- The following example shows how to apply the existing login method list named login1 and 604
- Configuring login account and enable password 605
- On the switch 605
- Enable and providing the enable password 606
- Enable password 606
- For enable password configuration the user name should be set as enable and the enable 606
- For login authentication configuration more than one login account can be created on the 606
- Network information without the enable password 606
- On the server 606
- Password is customizable all the users trying to get administrative privileges share this 606
- Server besides both the user name and password can be customized 606
- Some configuration principles on the server are as follows 606
- The accounts created by the radius tacacs server can only view the configurations and some 606
- Tips the logged in guests can get administrative privileges by using the command admin 606
- Configuration examples 607
- Configuration scheme 607
- Example for dhcp snooping and arp detection 607
- Network requirements 607
- Using the gui 608
- Using the cli 611
- Verify the configuration 612
- Configuration scheme 614
- Example for 802 x 614
- Network requirements 614
- Network topology 614
- Configuration procedure in two ways using the gui and using the cli 615
- Demonstrated with t1600g 28ts acting as the authenticator the following sections provide 615
- Eap enable the quiet feature and then keep the default authentication settings 615
- Following page enable 802 x authentication and configure the authentication method as 615
- Global config to load the 615
- Internet 615
- Using the gui 615
- Using the cli 618
- Verify the configurations 619
- Example for aaa 620
- Network requirements 620
- Configuration scheme 621
- Using the gui 621
- Using the cli 624
- Verify the configuration 625
- Appendix default parameters 627
- Default settings of network security are listed in the following tables 627
- Chapters 631
- Configuring lldp 631
- Part 20 631
- Overview 632
- Supported features 632
- Global config 633
- Lldp configurations 633
- Using the gui 633
- Follow these steps to enable lldp and configure the lldp feature globally 634
- In the global config section enable lldp click apply 634
- In the parameters config section configure the lldp parameters click apply 634
- Follow these steps to configure the lldp feature for the interface 635
- Policy config to load the following page 635
- Port config 635
- Select the desired port and set its admin status and notification mode 635
- Enable the lldp feature on the switch and configure the lldp parameters 636
- Global config 636
- Select the tlvs type length value included in the lldp packets according to your needs 636
- Using the cli 636
- Count 3 637
- Interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast 637
- Lldp status enabled 637
- Switch config lldp 637
- Switch config lldp hold multiplier 4 637
- Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 637
- Switch config show lldp 637
- Switch configure 637
- The following example shows how to configure the following parameters lldp timer 4 tx 637
- Ttl multiplier 4 637
- Tx interval 30 seconds 637
- Fast packet count 3 638
- Initialization delay 2 seconds 638
- Lldp med fast start repeat count 4 638
- Lldp packets 638
- Port config 638
- Select the desired port and set its admin status notification mode and the tlvs included in the 638
- Switch config end 638
- Switch copy running config startup config 638
- Trap notification interval 5 seconds 638
- Tx delay 2 seconds 638
- Power yes 640
- Switch config if end 640
- Switch copy running config startup config 640
- Global config 641
- Lldp med configurations 641
- Using the gui 641
- Port config 642
- Global config 644
- Lldp status enabled 644
- Switch config lldp 644
- Switch config lldp med fast count 4 644
- Switch config show lldp 644
- Switch configure 644
- The following example shows how to configure lldp med fast count as 4 644
- Ttl multiplier 4 644
- Tx delay 2 seconds 644
- Tx interval 30 seconds 644
- Using the cli 644
- Fast packet count 3 645
- Initialization delay 2 seconds 645
- Lldp med fast start repeat count 4 645
- Port config 645
- Select the desired port enable lldp med and select the tlvs type length value included in 645
- Switch config end 645
- Switch copy running config startup config 645
- The outgoing lldp packets according to your needs 645
- Trap notification interval 5 seconds 645
- Using gui 648
- Viewing lldp device info 648
- Viewing lldp settings 648
- According to your needs click apply 649
- Follow these steps to view the local information 649
- In the auto refresh section enable the auto refresh feature and set the refresh rate 649
- In the local info section select the desired port and view its associated local device 649
- Information 649
- Viewing the neighbor info 650
- Viewing lldp statistics 651
- In the neighbors statistics section view the statistics of the corresponding port 652
- Using cli 652
- Viewing lldp statistics 652
- Viewing the local info 652
- Viewing the neighbor info 652
- Using gui 653
- Viewing lldp med settings 653
- Viewing the local info 653
- According to your needs click apply 654
- Follow these steps to view lldp med neighgbor information 654
- In the auto refresh section enable the auto refresh feature and set the refresh rate 654
- In the lldp med neighbor info section select the desired port and view the lldp med 654
- Settings 654
- Viewing the neighbor info 654
- Using cli 655
- Viewing lldp statistics 655
- Viewing the local info 655
- Viewing the neighbor info 655
- Configuration example 656
- Configuration scheme 656
- Example for configuring lldp 656
- Network requirements 656
- Network topology 656
- Using the gui 657
- Using cli 658
- Configuration file 659
- Verify the configurations 659
- Example for configuring lldp med 664
- Network requirements 664
- Configuration scheme 665
- Network topology 665
- Using the gui 665
- Using the cli 669
- Configuration file 670
- Verify the configurations 671
- Appendix default parameters 678
- Default lldp med settings 678
- Default lldp settings 678
- Default settings of lldp are listed in the following tables 678
- Chapters 679
- Configuring maintenance 679
- Part 21 679
- Device diagnose 680
- Maintenance 680
- Network diagnose 680
- Overview 680
- Supported features 680
- System monitor 680
- Monitoring the cpu 681
- Monitoring the system 681
- Using the gui 681
- Monitoring the cpu 682
- Monitoring the memory 682
- Using the cli 682
- Monitoring the memory 683
- Backing up log files 684
- Configuration guidelines 684
- Configuring the local log 684
- Configuring the remote log 684
- Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality 684
- Of the switch is affected please take actions according to the log message 684
- System log configurations 684
- System log configurations include 684
- Viewing the log table 684
- Click apply 685
- Configuring the local log 685
- Configuring the remote log 685
- Follow these steps to configure the local log 685
- Local log to load the following page 685
- Remote log enables the switch to send system logs to a host to display the logs the host should 685
- Run a log server that complies with the syslog standard 685
- Select your desired channel and configure the corresponding severity and status 685
- Using the gui 685
- Backing up the log file 686
- Viewing the log table 686
- Configuring the local log 687
- Follow these steps to configure the local log 687
- Select a module and a severity to view the corresponding log information 687
- Using the cli 687
- Switch config logging buffer 688
- Switch config logging buffer level 5 688
- Switch config logging file flash 688
- Switch config logging file flash frequency periodic 10 688
- Switch config logging file flash level 2 688
- Switch config show logging local config 688
- Switch configure 688
- The following example shows how to configure the local log on the switch save logs of levels 0 688
- To 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 688
- Buffer 5 enable immediately 689
- Channel level status sync periodic 689
- Configuring the remote log 689
- Flash 2 enable 10 hour s 689
- Follow these steps to set the remote log 689
- Ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the host 689
- Monitor 5 enable immediately 689
- Remote log enables the switch to send system logs to a host to display the logs the host should 689
- Run a log server that complies with the syslog standard 689
- Switch config end 689
- Switch configure 689
- Switch copy running config startup config 689
- The following example shows how to set the remote log on the switch enable log host 2 set its 689
- Cable test to load the following page 691
- Diagnosing the device 691
- In the port section select your desired port for the test 691
- In the result section click apply and check the test results 691
- Using the gui 691
- Gi1 0 2 pair a normal 2 10m 692
- On privileged exec mode or any other configuration mode you can use the following command 692
- Pair b normal 2 10m 692
- Pair c normal 0 10m 692
- Pair d normal 2 10m 692
- Port pair status length error 692
- Switch show cable diagnostics interface gigabitehternet 1 0 2 692
- The following example shows how to check the cable diagnostics of port 1 0 2 692
- To check the connection status of the cable that is connected to the switch 692
- Using the cli 692
- Configuring the ping test 693
- Diagnosing the network 693
- Using the gui 693
- Configuring the tracert test 694
- Approximate round trip times in milli seconds 695
- Bytes and the interval as 500 milliseconds 695
- Configuring the ping test 695
- Destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 695
- In the tracert result section check the test results 695
- Minimum 0ms maximum 0ms average 0ms 695
- On privileged exec mode or any other configuration mode you can use the following command 695
- Packets sent 3 received 3 lost 0 0 loss 695
- Ping statistics for 192 68 0 695
- Pinging 192 68 0 with 1000 bytes of data 695
- Reply from 192 68 0 bytes 1000 time 16ms ttl 64 695
- Switch ping ip 192 68 0 n 3 l 1000 i 500 695
- The following example shows how to test the connectivity between the switch and the 695
- To test the connectivity between the switch and one node of the network 695
- Using the cli 695
- Configuring the tracert test 696
- Destination 696
- Device with the ip address 192 68 00 set the maxhops as 2 696
- Ms 1 ms 2 ms 192 68 696
- Ms 2 ms 2 ms 192 68 00 696
- On privileged exec mode or any other configuration mode you can use the following command 696
- Switch tracert 192 68 00 2 696
- The following example shows how to test the connectivity between the switch and the network 696
- To test the connectivity between the switch and routers along the path from the source to the 696
- Trace complete 696
- Tracing route to 192 68 00 over a maximum of 2 hops 696
- Configuration example for remote log 697
- Configuration scheme 697
- Network requirements 697
- Using the gui 697
- Using the cli 698
- Verify the configurations 698
- Appendix default parameters 699
- Default settings of maintenance are listed in the following tables 699
- Chapters 700
- Managing snmp rmon 700
- Part 22 700
- Notification configurations 7 appendix default parameters 701
- Part 22 701
- Rmon overview 701
- Snmp configurations 6 configuration example 701
- Snmp overview 701
- Snmp overview 5 rmon configurations 701
- Choose snmpv1 or snmpv2c 702
- Choose snmpv3 702
- Snmp configurations 702
- Creating an snmp view 703
- Enabling snmp 703
- Using the gui 703
- Click create to add the view entry 704
- Create an snmp group and configure related parameters 704
- Creating an snmp group 704
- Set the view name and one mib variable that is related to the view choose the view type and 704
- Snmp view to load the following page 704
- Follow these steps to create an snmp group 705
- Need to further configure security level 705
- Set the group name and security model if you choose snmpv3 as the security model you 705
- Snmp group to load the following page 705
- Creating snmp users 706
- Follow these steps to create an snmp user 706
- Model according to the related parameters of the specified group if you choose snmpv3 you 706
- Need to configure the security level 706
- Set the read write and notify view of the snmp group click create 706
- Snmp user to load the following page 706
- Specify the user name user type and the group which the user belongs to set the security 706
- Click create 707
- Corresponding auth mode or privacy mode if not skip the step 707
- Creating snmp communities 707
- Directly 707
- If you have chosen authnopriv or authpriv as the security level you need to set 707
- If you want to use snmpv1 or snmpv2c as the security model you can create snmp communities 707
- Enabling snmp 708
- Set the community name access rights and the related view click create 708
- Snmp community to load the following page 708
- Using the cli 708
- Bad snmp version errors 709
- Encoding errors 709
- Get request pdus 709
- Illegal operation for community name supplied 709
- Number of altered variables 709
- Number of requested variables 709
- Snmp agent is enabled 709
- Snmp packets input 709
- Switch config show snmp server 709
- Switch config snmp server 709
- Switch config snmp server engineid remote 123456789a 709
- Switch configure 709
- The following example shows how to enable snmp and set 123456789a as the remote engine id 709
- Unknown community name 709
- Bad value errors 710
- Creating an snmp view 710
- General errors 710
- Get next pdus 710
- Local engine id 80002e5703000aeb132397 710
- No such name errors 710
- Remote engine id 123456789a 710
- Response pdus 710
- Set request pdus 710
- Snmp packets output 710
- Specify the oid object identifier of the view to determine objects to be managed 710
- Switch config end 710
- Switch config show snmp server engineid 710
- Switch copy running config startup config 710
- Too big errors maximum packet size 1500 710
- Trap pdus 710
- Creating an snmp group 711
- Enable auth mode and privacy mode and set the view as read view and notify view 712
- Nms monitor v3 authpriv view view 712
- No name sec mode sec lev read view write view notify view 712
- Switch config end 712
- Switch config show snmp server group 712
- Switch config snmp server group nms monitor smode v3 slev authpriv read view notify 712
- Switch configure 712
- Switch copy running config startup config 712
- The following example shows how to create an snmpv3 group name the group as nms monitor 712
- And access rights as the group 713
- Configure users of the snmp group users belong to the group and use the same security level 713
- Creating snmp users 713
- Admin and set the user as a remote user snmpv3 as the security mode authpriv as the security 714
- Admin remote nms monitor v3 authpriv sha des 714
- Creating snmp communities 714
- For snmpv1 and snmpv2c the community name is used for authentication functioning as the 714
- Level sha as the authentication algorithm 1234 as the authentication password des as the 714
- No u name u type g name s mode s lev a mode p mode 714
- Password 714
- Privacy algorithm and 1234 as the privacy password 714
- Sha cpwd 1234 emode des epwd 1234 714
- Switch config end 714
- Switch config show snmp server user 714
- Switch config snmp server user admin remote nms monitor smode v3 slev authpriv cmode 714
- Switch configure 714
- Switch copy running config startup config 714
- The following example shows how to create an snmp user on the switch name the user as 714
- Configuration guidelines 716
- Notification configurations 716
- Using the gui 716
- Choose a notification type based on the snmp version if you choose the inform type you 717
- Model and security level based on the settings of the user or community 717
- Need to set retry times and timeout interval 717
- Specify the user name or community name used by the nms and configure the security 717
- Click create 718
- Configure parameters of the nms host and packet handling mechanism 718
- Configuring the host 718
- Using the cli 718
- Enabling snmp notification 719
- Enabling the snmp standard trap 719
- Optional enabling the snmp extend trap 720
- Switch config end 720
- Switch config snmp server traps snmp linkup 720
- Switch configure 720
- Switch copy running config startup config 720
- The following example shows how to configure the switch to send linkup traps 720
- Switch config end 721
- Switch config snmp server traps bandwidth control 721
- Switch configure 721
- Switch copy running config startup config 721
- The following example shows how to configure the switch to enable bandwidth control traps 721
- Optional enabling the mac trap 722
- Optional enabling the vlan trap 722
- Switch config end 722
- Switch config snmp server traps mac new 722
- Switch configure 722
- Switch copy running config startup config 722
- The following example shows how to configure the switch to enable 722
- Optional enabling the link status trap 723
- Switch config end 723
- Switch config if end 723
- Switch config if snmp server traps link status 723
- Switch config interface gigabitethernet 1 0 1 723
- Switch config snmp server traps vlan create 723
- Switch configure 723
- Switch copy running config startup config 723
- The following example shows how to configure the switch to enable 723
- The following example shows how to configure the switch to enable link status trap 723
- Rmon overview 724
- Configuring statistics 725
- Rmon configurations 725
- Using the gui 725
- Configuring history 726
- Follow these steps to configure history 726
- History to load the following page 726
- Select a history entry and specify a port to be monitored 726
- Specify the entry id the port to be monitored and the owner name of the entry set the entry as 726
- Valid or undercreation and click create 726
- Choose an event entry and set the snmp user of the entry 727
- Configuring event 727
- Enter the owner name and set the status of the entry click apply 727
- Event to load the following page 727
- Follow these steps to configure event 727
- Set the sample interval and the maximum buckets of history entries 727
- Alarm to load the following page 728
- Before you begin please complete configurations of statistics entries and event entries because 728
- Configuring alarm 728
- Enter the owner name and set the status of the entry click apply 728
- Set the description and type of the event 728
- The alarm entries must be associated with statistics and event entries 728
- Alarm type of the entry 729
- Follow these steps to configure alarm 729
- Select an alarm entry choose a variable to be monitored and associate the entry with a 729
- Set the sample type the rising and falling threshold the corresponding event action and the 729
- Statistics entry 729
- Configuring statistics 730
- Enter the owner name and set the status of the entry click apply 730
- Using the cli 730
- Configuring history 731
- Buckets 50 732
- Gi1 0 1 100 50 monitor enable 732
- Index port interval buckets owner state 732
- Set the sample interval as 100 seconds max buckets as 50 and the owner as monitor 732
- Switch config end 732
- Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor 732
- Switch config show rmon history 732
- Switch configure 732
- Switch copy running config startup config 732
- The following example shows how to create a history entry on the switch to monitor port 1 0 1 732
- Admin the event type as notify set the switch to initiate notifications to the nms and the owner 733
- As monitor 733
- Configuring event 733
- Switch config rmon event 1 user admin description rising notify type notify owner monitor 733
- Switch configure 733
- The following example shows how to create an event entry on the switch set the user name as 733
- Admin rising notify notify monitor enable 734
- Configuring alarm 734
- Index user description type owner state 734
- Switch config end 734
- Switch config show rmon event 734
- Switch copy running config startup config 734
- Alarm variable bpkt 735
- As 2 the alarm type as all the notification interval as 10 seconds and the owner of the entry as 735
- Index state 1 enabled 735
- Interval 10 owner monitor 735
- Monitor 735
- Related rising event entry index as 1 the falling threshold as 3000 the related falling event index 735
- Rhold revent 3000 1 735
- Sample type absolute 735
- Statistics index 1 735
- Switch config rmon alarm 1 stats index 1 alarm variable bpkt s type absolute rising 735
- Switch config show rmon alarm 735
- Switch configure 735
- The following example shows how to set an alarm entry to monitor bpackets on the switch set 735
- The related statistics entry id as 1 the sample type as absolute the rising threshold as 3000 the 735
- Threshold 3000 rising event index 1 falling threshold 3000 falling event index 2 a type all 735
- Configuration example 737
- Configuration scheme 737
- Network requirements 737
- As shown in the following figure the nms host with ip address 172 68 22 is connected to the 738
- Connected to switch b and port 1 0 3 and the nms are able to reach one another 738
- Core switch switch b on switch a ports 1 0 1 and 1 0 2 are monitored by the nms port 1 0 3 is 738
- Demonstrated with t1600g 28ts this chapter provides configuration procedures in two ways 738
- Network topology 738
- Using the gui and using the cli 738
- Configuring rate limit on ports 739
- Configuring snmp 739
- Using the gui 739
- Configuring rmon 741
- Enabling bandwith control trap 741
- Configuring rate limit on ports 744
- Configuring snmp 744
- Enable bandwith control trap 744
- Using the cli 744
- Configuration file 745
- Configuring rmon 745
- Verify the configurations 746
- Appendix default parameters 751
- Default settings of snmp are listed in the following table 751
- Default settings of notification are listed in the following table 752
Похожие устройства
- Tp-Link T1600G-28PS (TL-SG2424P) Руководство по установке
- Tp-Link T1600G-28PS (TL-SG2424P) Руководство пользователя
- Tp-Link T1600G-28TS (TL-SG2424) Брошюра
- Tp-Link T1600G-28TS (TL-SG2424) Руководство по командной строке
- Tp-Link T1600G-28TS (TL-SG2424) Руководство по конфигурированию
- Tp-Link T1600G-28TS (TL-SG2424) Руководство по установке
- Tp-Link T1600G-28TS (TL-SG2424) Руководство пользователя
- Rivotek Fisher 25 Pro Руководство пользователя
- Rivotek Fisher 51 Руководство пользователя
- Liberton D-LED 4016 DBT2 Руководство по эксплуатации
- Liberton D-LED 3216 DBT2 Руководство по эксплуатации
- Liberton D-LED 2216 DBT2 Руководство по эксплуатации
- Liberton D-LED 32303 DBT2 Руководство по эксплуатации
- Liberton D-LED 24306 DBT2 Руководство по эксплуатации
- Liberton D-LED 3203 DBT2 Руководство по эксплуатации
- Philips SHE3590/10 Red Инструкция по эксплуатации
- Philips D 1202 B Инструкция по эксплуатации
- Philips HR 1560/20 Инструкция по эксплуатации
- Philips DCM2260/12 Black Инструкция по эксплуатации
- Philips BT5880B/12 Black Инструкция по эксплуатации