![Tp-Link T1600G-28PS (TL-SG2424P) [548/754] Network security](/img/pdf.png)
Tp-Link T1600G-28PS (TL-SG2424P) [548/754] Network security
![Tp-Link T1600G-28PS (TL-SG2424P) [548/754] Network security](/views2/1210084/page548/bg224.png)
Configuration Guide 526
Configuring Network Security Network Security
1
Network Security
1.1 Overview
Network Security provides multiple protection measures for the network. Users can configure the
security functions according to their needs.
1.2 Supported Features
The switch supports multiple network security features, for example, IP-MAC Binding, DHCP Snooping,
ARP Inspection and so on.
IP-MAC Binding
IP-MAC Binding is used to bind the IP address, MAC address, VLAN ID and the connected port
number of the specified host. Based on the IP-MAC binding table, the switch can filter the illegal
ARP packets with the ARP Detection feature, so as to prevent the network from ARP cheating
attacks.
The binding entries can be manually configured, or learned by ARP scanning or DHCP snooping.
DHCP Snooping
DHCP Snooping supports the basic DHCP security feature and the Option 82 feature.
Basic DHCP Security
During the working process of DHCP, generally there is no authentication mechanism between
the DHCP server and the clients. If there are several DHCP servers on the network, security
problems and network interference will happen. DHCP Snooping resolves this problem.
As the following figure shows, the port connected to the legal DHCP server is configured as
a trusted port, and other ports are configured as untrusted ports. When receiving the DHCP
discover or DHCP request packets, the switch forwards them to the legal DHCP server only
through the trusted port. When receiving the respond packets, the switch will determine whether
to send or not depending on the type of receiving port: packets received from the trusted port
will be forwarded, otherwise they will be discarded. DHCP Snooping ensures that users get IP
addresses only from the legal DHCP server, enhancing the network security.
Содержание
- Configuration guide 1
- T1600g series switches 1
- About this guide 2
- Accessing the switch 2
- Command line interface access 1 2
- Contents 2
- Conventions 2
- Intended readers 2
- Managing system 2
- More information 2
- Overview 2
- System 3 2
- System info configurations 5 2
- Web interface access 2
- Access security configurations 6 3
- System tools configurations 6 3
- User management configurations 8 3
- Appendix default parameters 4 4
- Basic parameters configurations 9 4
- Configuration examples 7 4
- Loopback detection configuration 3 4
- Managing physical interfaces 4
- Physical interface 8 4
- Port isolation configurations 0 4
- Port mirror configuration 3 4
- Port security configuration 7 4
- Sdm template configuration 1 4
- Address configurations 33 5
- Appendix default parameters 06 5
- Appendix default parameters 23 5
- Appendix default parameters 29 5
- Configuration example 19 5
- Configuring lag 5
- Lag 09 5
- Lag configuration 10 5
- Mac address table 31 5
- Managing mac address table 5
- Monitoring traffic 5
- Traffic monitor 25 5
- Appendix default parameters 50 6
- Configuration example 59 6
- Configuring 802 q vlan 6
- Example for security configurations 47 6
- Overview 52 6
- Q vlan configuration 53 6
- Security configurations 41 6
- Appendix default parameters 65 7
- Appendix default parameters 81 7
- Configuration example 73 7
- Configuration example 90 7
- Configuring mac vlan 7
- Configuring protocol vlan 7
- Mac vlan configuration 68 7
- Overview 67 7
- Overview 83 7
- Protocol vlan configuration 84 7
- Appendix default parameters 00 8
- Configuring spanning tree 8
- Mstp configurations 20 8
- Spanning tree 02 8
- Stp rstp configurations 10 8
- Stp security configurations 39 8
- Appendix default parameters 63 9
- Configuration example for mstp 44 9
- Igmp snooping configurations 68 9
- Layer 2 multicast 66 9
- Managing layer 2 multicast 9
- Configuring mld snooping 06 11
- Viewing multicast snooping configurations 41 12
- Appendix default parameters 77 13
- Configuration examples 44 13
- Logical interfaces configurations 82 13
- Managing logical interfaces 13
- Overview 81 13
- Appendix default parameter 08 14
- Appendix default parameters 93 14
- Configuring dhcp relay 14
- Configuring static routing 14
- Dhcp relay configuration 11 14
- Example for static routing 03 14
- Ipv4 static routing configuration 96 14
- Ipv6 static routing configuration 98 14
- Overview 10 14
- Overview 95 14
- Viewing routing table 01 14
- Appendix default parameters 20 15
- Arp configurations 23 15
- Bandwidth control configuration 42 15
- Configuration example 17 15
- Configuration examples 48 15
- Configuring arp 15
- Configuring qos 15
- Diffserv configuration 30 15
- Overview 22 15
- Qos 29 15
- Acl 95 16
- Acl configurations 96 16
- Appendix default parameters 68 16
- Appendix default parameters 93 16
- Configuration example 81 16
- Configuring acl 16
- Configuring voice vlan 16
- Overview 71 16
- Voice vlan configuration 73 16
- Appendix default parameters 24 17
- Arp inspection configurations 44 17
- Configuration example for acl 16 17
- Configuring network security 17
- Dhcp snooping configuration 36 17
- Ip mac binding configurations 30 17
- Network security 26 17
- Aaa configuration 67 18
- Configuration examples 85 18
- Dos defend configuration 51 18
- X configuration 55 18
- Appendix default parameters 05 19
- Configuring lldp 19
- Lldp 10 19
- Lldp configurations 11 19
- Lldp med configurations 19 19
- Viewing lldp settings 26 19
- Appendix default parameters 56 20
- Configuration example 34 20
- Configuring maintenance 20
- Maintenance 58 20
- Monitoring the system 59 20
- System log configurations 62 20
- Viewing lldp med settings 31 20
- Appendix default parameters 77 21
- Configuration example for remote log 75 21
- Diagnosing the device 69 21
- Diagnosing the network 71 21
- Managing snmp rmon 21
- Notification configurations 94 21
- Snmp configurations 80 21
- Snmp overview 79 21
- Appendix default parameters 29 22
- Configuration example 15 22
- Rmon configurations 03 22
- Rmon overview 02 22
- About this guide 23
- Conventions 23
- Intended readers 23
- More information 24
- Accessing the switch 25
- Chapters 25
- Part 1 25
- Overview 26
- Web interface access 27
- Save config function 28
- Disable the web server 29
- Configure the switch s ip address and default gateway 30
- Box displays the valid default gateway 32
- Check the routing table to verify the default gateway you configured the entry marked in red 32
- Click save config to save the settings 32
- Command line interface access 33
- Console login only for switch with console port 33
- Telnet login 35
- Ssh login 36
- Password authentication mode 37
- Key authentication mode 38
- Disable ssh login 41
- Disable telnet login 41
- Change the switch s ip address and default gateway 42
- Copy running config startup config 42
- Chapters 44
- Managing system 44
- Part 2 44
- Access security 45
- Overview 45
- Supported features 45
- System 45
- System info 45
- System tools 45
- User management 45
- Sdm template 46
- System info configurations 47
- Using the gui 47
- Viewing the system summary 47
- Click a port to view the bandwidth utilization on this port 48
- Move the cursor to the port to view the detailed information of the port 48
- Setting the system time 49
- Specifying the device description 49
- Choose one method to set the system time and specify the information 50
- Click apply 50
- Daylight saving time to load the following page 50
- In the time config section follow these steps to configure the system time 50
- Setting the daylight saving time 50
- Choose one method to set the daylight saving time of the switch and specify the 51
- Follow these steps to configure daylight saving time 51
- In the dst config section select enable to enable the daylight saving time function 51
- Information 51
- Click apply 52
- Gi1 0 1 linkdown n a n a n a disable copper 52
- Gi1 0 2 linkdown n a n a n a disable copper 52
- Gi1 0 3 linkup 1000m full disable disable copper 52
- Gi1 0 50 linkdown n a n a n a disable fiber 52
- Gi1 0 51 linkdown n a n a n a disable fiber 52
- On privileged exec mode or any other configuration mode you can use the following command 52
- Port status speed duplex flowctrl jumbo active medium 52
- Switch 52
- Switch show interface status 52
- The following example shows how to view the interface status and the system information of the 52
- To view the system information of the switch 52
- Using the cli 52
- Viewing the system summary 52
- Contact information www tp link com 53
- Follow these steps to specify the device description 53
- Gi1 0 52 linkdown n a n a n a disable fiber 53
- Hardware version t1600g 52ts 1 53
- Running time 3 day 2 hour 8 min 26 sec 53
- Software version 1 build 20160412 rel 2132 s 53
- Specifying the device description 53
- Switch show system info 53
- System description jetstream 48 port gigabit smart switch with 4 sfp slots 53
- System location shenzhen 53
- System name t1600g 52ts 53
- System time 2016 01 04 10 07 38 53
- Setting the system time 54
- 8 00 63 and set the update rate as 11 57
- Backup ntp server 139 8 00 63 57
- Follow these steps and choose one method to set the daylight saving time 57
- Last successful ntp server 133 00 57
- Prefered ntp server 133 00 57
- Setting the daylight saving time 57
- Switch config end 57
- Switch config show system time ntp 57
- Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 57
- Switch configure 57
- Switch copy running config startup config 57
- The following example shows how to set the system time by get time from ntp server and set 57
- The time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 57
- Time zone utc 08 00 57
- Update rate 11 hour s 57
- Dst configuration is one off 59
- Dst ends at 01 00 00 on sep 1 2016 59
- Dst offset is 50 minutes 59
- Dst starts at 01 00 00 on aug 1 2016 59
- Switch config end 59
- Switch config show system time dst 59
- Switch config system time dst date aug 1 01 00 2016 sep 1 01 00 2016 50 59
- Switch configure 59
- Switch copy running config startup config 59
- The following example shows how to set the daylight saving time by date mode set the start 59
- Time as 01 00 august 1st 2016 set the end time as 01 00 september 1st 2016 and set the offset as 59
- Creating admin accounts 60
- User management configurations 60
- Using the gui 60
- Click create 61
- Creating accounts of other types 61
- Creating an account 61
- Need to go to the aaa section to create an enable password for these accounts the enable 61
- Password is used to change the users access level to admin 61
- User config to load the following page 61
- You can create accounts with the access level of operator power user and user here you also 61
- Configuring enable password 62
- Creating admin accounts 63
- Follow these steps to create an admin account 63
- Using the cli 63
- Creating accounts of other types 64
- Follow these steps to create an account of other type 64
- Need to go to the aaa section to create an enable password for these accounts the enable 64
- Password is used to change the users access level to admin 64
- You can create accounts with the access level of operator power user and user here you also 64
- For details refer to aaa configuration in configuring network security 66
- Privileges 66
- The aaa function applies another method to manage the access users name and password 66
- The logged in users can enter the enable password on this page to get the administrative 66
- Configuring the boot file 68
- System tools configurations 68
- Using the gui 68
- Click apply 69
- Click import to import the configuration file 69
- Config restore to load the following page 69
- Follow these steps to configure the boot file 69
- Follow these steps to restore the configuration of the switch 69
- In the boot table section select one or more units and configure the relevant parameters 69
- In the config restore section select one unit and one configuration file 69
- Restoring the configuration of the switch 69
- Backing up the configuration file 70
- Upgrading the firmware 70
- Configuring the reboot schedule 71
- Rebooting the switch 71
- Configuring the boot file 72
- Follow these steps to configure the boot file 72
- In the system reset section select the desired unit and click reset 72
- Reseting the switch 72
- System reset to load the following page 72
- Using the cli 72
- Backup image image2 bin 73
- Boot config 73
- Current startup image image1 bin 73
- Follow these steps to restore the configuration of the switch 73
- Image as image 2 73
- Next startup image image1 bin 73
- Restoring the configuration of the switch 73
- Switch config boot application filename image1 startup 73
- Switch config boot application filename image2 backup 73
- Switch config end 73
- Switch config show boot 73
- Switch configure 73
- Switch copy running config startup config 73
- The following example shows how to set the next startup image as image 1 and set the backup 73
- Backing up the configuration file 74
- Backup user config file ok 74
- Enable 74
- Follow these steps to back up the current configuration of the switch in a file 74
- Follow these steps to upgrade the firmware 74
- Operation ok now rebooting system 74
- Server with ip address 192 68 00 74
- Start to backup user config file 74
- Start to load user config file 74
- Switch copy startup config tftp ip address 192 68 00 filename file2 74
- Switch copy tftp startup config ip address 192 68 00 filename file1 74
- The following example shows how to backup the configuration file named file2 from tftp server 74
- The following example shows how to restore the configuration file named file1 from the tftp 74
- Upgrading the firmware 74
- With ip address 192 68 00 74
- Configuring the reboot schedule 75
- Enable 75
- File3 bin the tftp server is 190 68 00 75
- Follow these steps and choose one type to configure the reboot schedule 75
- Follow these steps to reboot the switch 75
- It will only upgrade the backup image continue y n y 75
- Operation ok 75
- Reboot with the backup image y n y 75
- Rebooting the switch 75
- Switch firmware upgrade ip address 192 68 00 filename file3 bin 75
- The following example shows how to upgrade the firmware using the configuration file named 75
- Reboot schedule at 2016 01 15 12 00 in 17007 minutes 76
- Reboot schedule settings 76
- Reboot system at 15 01 2016 12 00 continue y n y 76
- Save before reboot yes 76
- Switch config end 76
- Switch config reboot schedule at 12 00 15 01 2016 save_before_reboot 76
- Switch configure 76
- Switch copy running config startup config 76
- The following example shows how to set the switch to reboot at 12 00 on 15 01 2016 76
- Follow these steps to reset the switch 77
- Reseting the switch 77
- Access security configurations 78
- Configuring the access control feature 78
- Using the gui 78
- Click apply 79
- When the ip based mode is selected the following section will display 79
- When the port based mode is selected the following section will display 79
- Configuring the http function 80
- Configuring the https function 81
- Https config to load the following page 81
- In the global config section select enable to enable https function and select the protocol 81
- The switch supports click apply 81
- In the access user number section select enable and specify the parameters click apply 82
- In the certificate download and key download section download the certificate and key 82
- In the ciphersuite config section select the algorithm to be enabled and click apply 82
- In the session config section specify the session timeout and click apply 82
- Configuring the ssh feature 83
- In the global config section select enable to enable ssh function and specify other 83
- Parameters 83
- Ssh config to load the following page 83
- Configuring the access control 84
- Enabling the telnet function 84
- Using the cli 84
- As 192 68 00 set the subnet mask as 255 55 55 and make the switch support snmp telnet 85
- Http and https 85
- Switch config user access control ip based 192 68 00 255 55 55 snmp telnet http 85
- Switch configure 85
- The following example shows how to set the type of access control as ip based set the ip address 85
- 68 24 snmp telnet http https 86
- Configuring the http function 86
- Follow these steps to configure the http function 86
- Index ip address access interface 86
- Switch config end 86
- Switch config show user configuration 86
- Switch copy running config startup config 86
- User authentication mode ip based 86
- Configuring the https function 87
- Follow these steps to configure the https function 87
- Http max admin users 6 87
- Http max guest users 5 87
- Http session timeout 9 87
- Http status enabled 87
- Http user limitation enabled 87
- Number as 6 and set the maximum guest number as 5 87
- Switch config end 87
- Switch config ip http max user 6 5 87
- Switch config ip http server 87
- Switch config ip http session timeout 9 87
- Switch config show ip http configuration 87
- Switch configure 87
- Switch copy running config startup config 87
- The following example shows how to set the session timeout as 9 set the maximum admin 87
- Protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the 88
- The following example shows how to configure the https function enable ssl3 and tls1 88
- Configuring the ssh feature 90
- Follow these steps to configure the ssh function 90
- Aes192 cbc disabled 92
- Aes256 cbc disabled 92
- Begin ssh2 public key 92
- Blowfish cbc disabled 92
- Cast128 cbc enabled 92
- Comment dsa key 20160711 92
- Data integrity algorithm 92
- Des cbc disabled 92
- Enabling the telnet function 92
- Follow these steps enable the telnet function 92
- Hmac md5 enabled 92
- Hmac sha1 disabled 92
- Key file 92
- Key type ssh 2 rsa dsa 92
- Switch config end 92
- Switch copy running config startup config 92
- For specific features the switch provides three templates and the hardware resources allocation 93
- In select options section select one template and click apply the setting will be effective after 93
- Is different users can choose one according to how the switch is used in the network 93
- Sdm template configuration 93
- Sdm template function is used to configure system resources in the switch to optimize support 93
- Sdm template to load the following page 93
- The reboot 93
- The template table displays the resources allocation of each template 93
- Using the gui 93
- Follow these steps to configure the sdm template function 94
- Using the cli 94
- Appendix default parameters 96
- Default settings of system info are listed in the following tables 96
- Default settings of system tools are listed in the following table 96
- Default settings of user management are listed in the following table 96
- Default settings of access security are listed in the following tables 97
- Default settings of sdm template are listed in the following table 98
- Chapters 99
- Managing physical interfaces 99
- Part 3 99
- Basic parameters 100
- Loopback detection 100
- Overview 100
- Physical interface 100
- Port isolation 100
- Port mirror 100
- Port security 100
- Supported features 100
- Basic parameters configurations 101
- Follow these steps to set basic parameters for ports 101
- Port config to load the following page 101
- Select and configure your desired ports or lags then click apply 101
- Using the gui 101
- Follow these steps to set basic parameters for the ports 102
- Using the cli 102
- Neighboring port and enabling the flow control and jumbo feature 103
- Setting a description for the port making the port autonegotiate speed and duplex with the 103
- Switch config if no shutdown 103
- Switch config interface gigabitethernet 1 0 1 103
- Switch configure 103
- The following example shows how to implement the basic configurations of port1 0 1 including 103
- Port mirror configuration 105
- Using the gui 105
- Follow these steps to configure port mirror 106
- In the destination port section specify a monitoring port for the mirror session and click 106
- In the source port section select one or multiple monitored ports for configuration then set 106
- The parameters and click apply 106
- Destination port gi1 0 10 107
- Follow these steps to configure port mirror 107
- Monitor session 1 107
- Switch config monitor session 1 destination interface gigabitethernet 1 0 10 107
- Switch config monitor session 1 source interface gigabitethernet 1 0 1 3 both 107
- Switch config show monitor session 107
- Switch configure 107
- The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 107
- To port 1 0 10 107
- Using the cli 107
- Follow these steps to configure port security 109
- Port security configuration 109
- Port security to load the following page 109
- Select one or multiple ports for security configuration 109
- Specify the maximum number of the mac addresses that can be learned on the port and 109
- Then select the learn mode of the mac addresses 109
- Using the gui 109
- Click apply 110
- Follow these steps to configure port security 110
- Select the status of the port security feature 110
- Using the cli 110
- Gi1 0 1 30 0 permanent drop 111
- Learned on port 1 0 1 as 30 and configure the mode as permanent and the status as drop 111
- Port max learn current learn mode status 111
- Status drop 111
- Switch config if end 111
- Switch config if mac address table max mac count max number 30 mode permanent 111
- Switch config if show mac address table max mac count interface gigabitethernet 1 0 1 111
- Switch config interface gigabitethernet 1 0 1 111
- Switch configure 111
- Switch copy running config startup config 111
- The following example shows how to set the maximum number of mac addresses that can be 111
- Port isolation configurations 112
- Using the gui 112
- Click apply 113
- Follow these steps to configure port isolation 113
- In the forward portlist section select the forward ports or lags which the isolated ports can 113
- In the port section select one or multiple ports to be isolated 113
- Only communicate with it is multi optional 113
- Using the cli 113
- Loopback detection configuration 115
- Using the gui 115
- Follow these steps to configure loopback detection 116
- In the port config section select one or multiple ports for configuration then set the 116
- Parameters and click apply 116
- Using the cli 116
- View the loopback detection information on this page 116
- Loopback detection global status enable 117
- Loopback detection interval 30 s 117
- Parameters 117
- Switch config loopback detection 117
- Switch config show loopback detection global 117
- Switch configure 117
- The following example shows how to enable loopback detection globally keeping the default 117
- Configuration examples 119
- Configuration scheme 119
- Example for port mirror 119
- Network requirements 119
- Using the gui 120
- Using the cli 121
- Verify the configuration 121
- As shown below three hosts and a server are connected to the switch and all belong to vlan 10 122
- Configuration scheme 122
- Demonstrated with t1600g 28ts the following sections provide configuration procedure in two 122
- Example for port isolation 122
- Hosts except the server even if the mac address or ip address of host a is changed 122
- Network requirements 122
- Port for port 1 0 1 thus forbidding host a to forward packets to the other hosts 122
- Source ports egress gi1 0 2 5 122
- Ways using the gui and using the cli 122
- With the vlan configuration unchanged host a is not allowed to communicate with the other 122
- You can configure port isolation to implement the requirement set 1 0 4 as the only forwarding 122
- Using the gui 123
- Example for loopback detection 124
- Network requirements 124
- Using the cli 124
- Verify the configuration 124
- Configuration scheme 125
- Using the gui 125
- Using the cli 126
- Verify the configuration 127
- Appendix default parameters 128
- Default settings of switching are listed in th following tables 128
- Configuring lag 130
- Overview 131
- Static lag 131
- Supported features 131
- Configuration guidelines 132
- Lag configuration 132
- Configuring load balancing algorithm 133
- In the global config section select the load balancing algorithm click apply 133
- Lag table to load the following page 133
- Load balancing algorithm is effective only for outgoing traffic if the data stream is not well 133
- Mac addresses and source ip addresses of the received packets 133
- On one physical link for example switch a receives packets from several hosts and forwards 133
- Please properly choose the load balancing algorithm to avoid data stream transferring only 133
- Shared by each link you can change the algorithm of the outgoing interface 133
- Src mac src ip to allow switch a to determine the forwarding port based on the source 133
- Them to the server with the fixed mac address and ip address you can set the algorithm as 133
- Using the gui 133
- Configuring static lag 134
- Configuring static lag or lacp 134
- Configuring lacp 135
- Follow these steps to configure lacp 135
- Lacp to load the following page 135
- Select member ports for the lag and configure the related parameters click apply 135
- Specify the system priority for the switch and click apply 135
- Configuring load balancing algorithm 136
- Follow these steps to configure the load balancing algorithm 136
- Using the cli 136
- Configuring static lag 137
- Configuring static lag or lacp 137
- Etherchannel load balancing addresses used per protocol 137
- Etherchannel load balancing configuration src dst mac 137
- Follow these steps to configure static lag 137
- Ipv4 source xor destination mac address 137
- Ipv6 source xor destination mac address 137
- Link use the same lag mode 137
- Non ip source xor destination mac address 137
- Switch config if end 137
- Switch config port channel load balance src dst mac 137
- Switch config show etherchannel load balance 137
- Switch configure 137
- Switch copy running config startup config 137
- The following example shows how to set the global load balancing mode as src dst mac 137
- You can choose only one lag mode for a port static lag or lacp and make sure both ends of a 137
- Configuring lacp 138
- Flags d down p bundled in port channel u in use 138
- Follow these steps to configure lacp 138
- Group port channel protocol ports 138
- I stand alone h hot standby lacp only s suspended 138
- Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 138
- R layer3 s layer2 f failed to allocate aggregator 138
- Switch config if range channel group 2 mode on 138
- Switch config if range end 138
- Switch config if range show etherchannel 2 summary 138
- Switch config interface range gigabitethernet 1 0 5 8 138
- Switch configure 138
- Switch copy running config startup config 138
- The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 138
- U unsuitable for bundling w waiting to be aggregated d default port 138
- 000a eb13 397 139
- Select the lacpdu sending mode as active 139
- Switch config end 139
- Switch config if range channel group 6 mode active 139
- Switch config if range show lacp internal 139
- Switch config interface range gigabitethernet 1 0 1 4 139
- Switch config lacp system priority 2 139
- Switch config show lacp sys id 139
- Switch configure 139
- Switch copy running config startup config 139
- The following example shows how to add ports 1 0 1 4 to lag 6 set the mode as lacp and 139
- The following example shows how to specify the system priority of the switch as 2 139
- Configuration example 141
- Configuration scheme 141
- Network requirements 141
- Using the gui 142
- Using the cli 143
- Verify the configuration 144
- Appendix default parameters 145
- Default settings of switching are listed in the following tables 145
- Monitoring traffic 146
- Traffic monitor 147
- Using the gui 147
- Viewing the traffic summary 147
- Click lags to show the information of the lags 148
- Follow these steps to view the traffic statistics in detail 148
- In the traffic summary section click 1 to show the information of the physical ports and 148
- Refresh at the bottom of the page 148
- To get the real time traffic statistics enable auto refresh in the auto refresh section or click 148
- Traffic statistics to load the following page 148
- Viewing the traffic statistics in detail 148
- In port select select a port or lag and click apply 149
- In the statistics section view the detailed information of the selected port or lag 149
- On privileged exec mode or any other configuration mode you can use the following command 150
- To view the traffic information of each port or lag 150
- Using the cli 150
- Appendix default parameters 151
- Chapters 152
- Managing mac address table 152
- Part 6 152
- Mac address table 153
- Overview 153
- Part 6 153
- Supported features 153
- Security configurations 154
- Adding static mac address entries 155
- Address configurations 155
- Using the gui 155
- Binding dynamic address entries 156
- Dynamic address to load the following page 157
- Follow these steps to modify the aging time of dynamic address entries 157
- In the aging config section enable auto aging and enter your desired length of time 157
- Modifying the aging time of dynamic address entries 157
- Adding mac filtering address entries 158
- Viewing address table entries 158
- Adding static mac address entries 159
- Address table to load the following page 159
- Follow these steps to add static mac address entries 159
- Using the cli 159
- Modifying the aging time of dynamic address entries 160
- Adding mac filtering address entries 161
- Aging time is 500 sec 161
- Follow these steps to add mac filtering address entries 161
- Remains in the mac address table for 500 seconds after the entry is used or updated 161
- Switch config end 161
- Switch config mac address table aging time 500 161
- Switch config show mac address table aging time 161
- Switch configure 161
- Switch copy running config startup config 161
- The following example shows how to modify the aging time to 500 seconds a dynamic entry 161
- Configuring mac notification traps 163
- Security configurations 163
- Using the gui 163
- Configure snmp and set a management host for detailed snmp configurations please refer 164
- Follow these steps to configure mac notification traps 164
- In the mac notification global config section enable this feature configure the relevant 164
- In the mac notification port config section select your desired port and enable its 164
- Learned and new mac learned click apply 164
- Limiting the number of mac addresses in vlans 164
- Mac vlan security to load the following page 164
- Notification traps you can enable these three types learned mode change exceed max 164
- Options and click apply 164
- To managing snmp rmon 164
- Choose the mode that the switch adopts when the maximum number of mac addresses in 165
- Click create 165
- Configuring mac notification traps 165
- Enter the vlan id to limit the number of mac addresses that can be learned in the specified 165
- Enter your desired value in max learned mac to set a threshold 165
- Follow these steps to configure mac notification traps 165
- Follow these steps to limit the number of mac addresses in vlans 165
- The specified vlan is exceeded 165
- Using the cli 165
- Enable snmp and set a management host for detailed snmp configurations please refer to 166
- Interval time as 10 seconds after you have further configured snmp the switch will bundle 166
- Managing snmp rmon 166
- Notifications of new addresses in every 10 seconds and send to the management host 166
- Now you have configured mac notification traps to receive notifications you need to further 166
- Switch configure 166
- The following example shows how to enable new mac learned trap on port 1 and set the 166
- Follow these steps to limit the number of mac addresses in vlans 167
- Gi1 0 1 disable disable enable 167
- Limiting the number of mac addresses in vlans 167
- Mac notification global config 167
- Notification global status enable 167
- Notification interval 10 167
- Port lrnmode change exceed max limit new mac learned 167
- Switch config if end 167
- Switch config if mac address table notification new mac learned enable 167
- Switch config if show mac address table notification interface gigabitethernet 1 0 1 167
- Switch config interface gigabitethernet 1 0 1 167
- Switch config mac address table notification global status enable 167
- Switch config mac address table notification interval 10 167
- Switch copy running config startup config 167
- Table full notification status disable 167
- Configuration scheme 169
- Example for security configurations 169
- Network requirements 169
- Using the gui 170
- Using the cli 171
- Verify the configurations 171
- Appendix default parameters 172
- Default settings of the mac address table are listed in the following tables 172
- Chapters 173
- Configuring 802 q vlan 173
- Part 7 173
- Overview 174
- Configuring the pvid of the port 175
- Q vlan configuration 175
- Using the gui 175
- Based on the network topology 176
- Configuring the vlan 176
- Enter a vlan id and a description for identification to create a vlan 176
- Follow these steps to configure vlan 176
- Select the untagged port s and the tagged port s respectively to add to the created vlan 176
- Vlan config and click create to load the following 176
- Will forward untagged packets in the target vlan 176
- Click apply 177
- Creating a vlan 177
- Follow these steps to create a vlan 177
- Switch config vlan 2 177
- Switch config vlan name rd 177
- Switch config vlan show vlan id 2 177
- Switch configure 177
- The following example shows how to create vlan 2 and name it as rd 177
- Using the cli 177
- Configuring the pvid of the port 178
- Follow these steps to configure the port 178
- Link type general 178
- Member in lag n a 178
- Member in vlan 178
- Port gi1 0 5 178
- Pvid 2 178
- Rd active 178
- Switch config if show interface switchport gigabitethernet 1 0 5 178
- Switch config if switchport pvid 2 178
- Switch config interface gigabitethernet 1 0 5 178
- Switch config vlan end 178
- Switch configure 178
- Switch copy running config startup config 178
- The following example shows how to configure the pvid of port 1 0 5 as vlan 2 178
- Vlan name status ports 178
- Adding the port to the specified vlan 179
- Follow these steps to add the port to the specified vlan 179
- Port gi1 0 5 179
- Pvid 2 179
- Switch config if end 179
- Switch config if show interface switchport gigabitethernet 1 0 5 179
- Switch config if switchport general allowed vlan 2 tagged 179
- Switch config interface gigabitethernet 1 0 5 179
- Switch configure 179
- Switch copy running config startup config 179
- System vlan untagged 179
- Tagged 179
- The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as 179
- Vlan name egress rule 179
- Configuration example 181
- Configuration scheme 181
- Network requirements 181
- As an example 182
- Demonstrated with t1600g 52ts the following sections provide configuration procedure in two 182
- Different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 182
- Network topology 182
- Respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 182
- Respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 182
- The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 182
- The figure below shows the network topology host a1 and host a2 are used in department a 182
- Using the gui 182
- Ways using the gui and using the cli 182
- While host b1 and host b2 are used in department b switch 1 and switch 2 are located in two 182
- Using the cli 184
- Configuration file 185
- Verify the configurations 186
- Appendix default parameters 187
- Default settings of 802 q vlan are listed in the following table 187
- Chapters 188
- Configuring mac vlan 188
- Part 8 188
- Access ports change 189
- B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access 189
- Being used in to meet this requirement simply bind the mac addresses of the laptops to the 189
- Corresponding vlans respectively in this way the mac address rather than the access port 189
- Determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 189
- Device may access the switch via different ports for example a terminal device that accessed the 189
- Devices in this way terminal devices always belong to their original vlans even when their 189
- Free the user from such a problem it divides vlans based on the mac addresses of terminal 189
- Networks that require frequent topology changes with the popularity of mobile office a terminal 189
- Overview 189
- Ptops department a uses server a and laptop a while department b uses server b and laptop 189
- Server a and laptop b can only access server b no matter which meeting room the laptops are 189
- Switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different 189
- The figure below shows a common application scenario of mac vlan 189
- Two departments share all the meeting rooms in the company but use different servers and 189
- Vlan is generally divided by ports this way of division is simple but isn t suitable for those 189
- Vlans the user has to re configure the switch to access the original vlan using mac vlan can 189
- Configuring 802 q vlan 190
- Mac vlan configuration 190
- Using the gui 190
- Binding the mac address to the vlan 191
- By default mac vlan is disabled on all ports you need to enable mac vlan for your desired 191
- Click create to create the mac vlan 191
- Enabling mac vlan for the port 191
- Enter the mac address of the device give it a description and enter the vlan id to bind it to 191
- Follow these steps to bind the mac address to the vlan 191
- Mac vlan to load the following page 191
- Ports manually 191
- The vlan 191
- Before configuring mac vlan create an 802 q vlan and set the port type according to network 192
- Binding the mac address to the vlan 192
- Configuring 802 q vlan 192
- Follow these steps to bind the mac address to the vlan 192
- Follow these steps to enable mac vlan for the port 192
- Port enable to load the following page 192
- Requirements for details refer to configuring 802 q vlan 192
- Select your desired ports to enable mac vlan and click apply 192
- Using the cli 192
- 19 56 8a 4c 71 dept a 10 193
- Enabling mac vlan for the port 193
- Follow these steps to enable mac vlan for the port 193
- Mac addr name vlan id 193
- Switch config end 193
- Switch config if mac vlan 193
- Switch config interface gigabitethernet 1 0 1 193
- Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 193
- Switch config show mac vlan vlan 10 193
- Switch configure 193
- Switch copy running config startup config 193
- The address description as dept a 193
- The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with 193
- The following example shows how to enable mac vlan for port 1 0 1 193
- Access only the server in the vlan it joins no matter which meeting room the laptops are being 195
- Addresses of the laptops to the corresponding vlans respectively in this way each laptop can 195
- B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access 195
- Being used in the figure below shows the network topology 195
- Configuration example 195
- Configuration scheme 195
- Create vlan 10 and vlan 20 on each of the three switches set different port types and add 195
- Laptops department a uses server a and laptop a while department b uses server b and laptop 195
- Network requirements 195
- Server a and laptop b can only access server b no matter which meeting room the laptops are 195
- The ports to the vlans based on the network topology note for the ports connecting the 195
- Two departments share all the meeting rooms in the company but use different servers and 195
- Used in the overview of the configuration is as follows 195
- You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac 195
- Configurations for switch 1 and switch 2 196
- Using the gui 196
- Configurations for switch 3 198
- Configurations for switch 1 and switch 2 199
- Using the cli 199
- Configurations for switch 3 200
- Switch 1 201
- Switch 2 201
- Verify the configurations 201
- Switch 3 202
- Appendix default parameters 203
- Default settings of mac vlan are listed in the following table 203
- Chapters 204
- Configuring protocol vlan 204
- Part 9 204
- Configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 205
- Network based on specific applications and services of network users 205
- Networks respectively 205
- Overview 205
- Packets of different protocols to the corresponding vlans since different applications and 205
- Protocol vlan is a technology that divides vlans based on the network layer protocol with the 205
- Protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze 205
- Services use different protocols network administrators can use protocol vlan to manage the 205
- Special fields of received packets encapsulate the packets in specific formats and forward the 205
- The figure below shows a common application scenario of protocol vlan with protocol vlan 205
- Configuring 802 q vlan 206
- Protocol vlan configuration 206
- Using the gui 206
- Configuring protocol vlan 207
- Creating protocol template 207
- Configuring 802 q vlan 208
- Creating a protocol template 208
- Using the cli 208
- Arp ethernetii ether type 0806 209
- At snap ether type 809b 209
- Configuring protocol vlan 209
- Follow these steps to configure protocol vlan 209
- Index protocol name protocol type 209
- Ip ethernetii ether type 0800 209
- Ipv6 ethernetii ether type 86dd 209
- Ipx snap ether type 8137 209
- Rarp ethernetii ether type 8035 209
- Switch config end 209
- Switch config protocol template name ipv6 frame ether_2 ether type 86dd 209
- Switch config show protocol vlan template 209
- Switch configure 209
- Switch copy running config startup config 209
- The following example shows how to create an ipv6 protocol template 209
- Arp ethernetii ether type 0806 210
- At snap ether type 809b 210
- Index protocol name protocol type 210
- Ip ethernetii ether type 0800 210
- Ipx snap ether type 8137 210
- Rarp ethernetii ether type 8035 210
- Switch config show protocol vlan template 210
- Switch configure 210
- The following example shows how to bind the ipv6 protocol template to vlan 10 210
- A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 212
- Belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to 212
- Configuration example 212
- Configuration scheme 212
- Ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 212
- Network requirements 212
- Network respectively via different routers it is required that ipv4 packets are forwarded to the 212
- Port receives packets switch 2 will forward them to the corresponding vlans according to their 212
- Protocol types the overview of the configuration on switch 2 is as follows 212
- The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host 212
- Two routers to access the ipv4 network and ipv6 network respectively the routers belong to 212
- Vlan 10 and vlan 20 respectively 212
- You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this 212
- Configurations for switch 1 213
- Using the gui 213
- Configurations for switch 2 215
- Configurations for switch 1 218
- Using the cli 218
- Configurations for switch 2 219
- Switch 1 220
- Verify the configurations 220
- Switch 2 221
- Appendix default parameters 222
- Default settings of protocol vlan are listed in the following table 222
- Chapters 223
- Configuring spanning tree 223
- Part 10 223
- Basic concepts 224
- Overview 224
- Spanning tree 224
- Stp rstp concepts 224
- Bridge id 225
- Port role 225
- Root bridge 225
- Port status 226
- Path cost 227
- Root path cost 227
- A lot of information like bridge id root path cost port priority and so on switches share these 228
- An mst region consists of multiple interconnected switches the switches that have the following 228
- Bpdu to the downstream switch with the updated root path cost the value of the accumulated 228
- Characteristics are considered as in the same region 228
- Information to help determine the tree topology 228
- Mst region 228
- Mstp compatible with stp and rstp has the same basic elements used in stp and rstp based 228
- Mstp concepts 228
- On the networking topology this section will introduce some concepts only exist in mstp 228
- Receives this bpdu it increments the path cost of its local incoming port then it forwards this 228
- Root path cost increases as the bpdu propagates further 228
- The packets used to generate the spanning tree the bpdus bridge protocol data unit contain 228
- Mst instance 229
- Vlan instance mapping 229
- Stp security 230
- Configuring stp rstp parameters on ports 232
- Stp rstp configurations 232
- Using the gui 232
- Click apply 234
- Configuring stp rstp globally 234
- Stp config to load the following page 234
- Follow these steps to configure stp rstp globally 235
- In the global config section enable spanning tree function choose the stp mode as stp 235
- In the parameters config section configure the global parameters of stp rstp and click 235
- Rstp and click apply 235
- Stp summary to load the following page 236
- The stp summary section shows the summary information of spanning tree 236
- Verify the stp rstp information of your switch after all the configurations are finished 236
- Verifying the stp rstp configurations 236
- Configuring stp rstp parameters on ports 237
- Follow these steps to configure stp rstp parameters on ports 237
- Using the cli 237
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 238
- Interface state prio ext cost int cost edge p2p mode role status 238
- Switch config if end 238
- Switch config if show spanning tree interface gigabitethernet 1 0 3 238
- Switch config if spanning tree 238
- Switch config if spanning tree common config port priority 32 238
- Switch config interface gigabitethernet 1 0 3 238
- Switch configure 238
- Switch copy running config startup config 238
- The following example shows how to enable spanning tree function on port 1 0 3 and configure 238
- The port priority as 32 238
- Configuring global stp rstp parameters 239
- Follow these steps to configure global stp rstp parameters of the switch 239
- Seconds 239
- This example shows how to configure the priority of the switch as 36864 the forward delay as 12 239
- Enable rstp 36864 2 12 20 5 20 240
- Enabling stp rstp globally 240
- Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree 240
- Function globally 240
- Rstp and verify the configurations 240
- State mode priority hello time fwd time max age hold count max hops 240
- Switch config end 240
- Switch config show spanning tree bridge 240
- Switch config spanning tree 240
- Switch config spanning tree mode rstp 240
- Switch config spanning tree priority 36864 240
- Switch config spanning tree timer forward time 12 240
- Switch configure 240
- Switch copy running config startup config 240
- This example shows how to enable spanning tree function configure the spanning tree mode as 240
- Configuring parameters on ports in cist 242
- Mstp configurations 242
- Using the gui 242
- Besides configure the priority of the switch the priority and path cost of ports in the desired 244
- Click apply 244
- Configure the region name revision level vlan instance mapping of the switch the switches 244
- Configuring the mstp region 244
- Configuring the region name and revision level 244
- Considered as in the same region 244
- Instance 244
- Region config to load the following page 244
- With the same region name the same revision level and the same vlan instance mapping are 244
- Configuring the vlan instance mapping and switch priority 245
- And click apply 246
- In the instance config section configure the priority of the switch in the desired instance 246
- Configuring parameters on ports in the instance 247
- Follow these steps to configure port parameters in the instance 247
- In the instance id select section select the desired instance id for its port configuration 247
- In the instance port config section configure port parameters in the desired instance 247
- Instance port config to load the following 247
- Configuring mstp globally 249
- Follow these steps to configure mstp globally 249
- In the parameters config section configure the global parameters of mstp and click apply 249
- Stp config to load the following page 249
- In the global config section enable spanning tree function and choose the stp mode as 250
- Mstp and click apply 250
- Stp summary to load the following page 251
- The stp summary section shows the summary information of cist 251
- Verifying the mstp configurations 251
- Configuring parameters on ports in cist 252
- Follow these steps to configure the parameters of the port in cist 252
- The mstp summary section shows the information in mst instances 252
- Using the cli 252
- Mst instance 0 cist 253
- Priority as 32 253
- Switch config if show spanning tree interface gigabitethernet 1 0 3 253
- Switch config if spanning tree 253
- Switch config if spanning tree common config port priority 32 253
- Switch config interface gigabitethernet 1 0 3 253
- Switch configure 253
- This example shows how to enable spanning tree function for port 1 0 3 and configure the port 253
- Configuring the mst region 254
- Configuring the mstp region 254
- Follow these steps to configure the mst region and the priority of the switch in the instance 254
- Gi1 0 3 144 200 n a lnkdwn 254
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 254
- Interface prio cost role status 254
- Interface state prio ext cost int cost edge p2p mode role status 254
- Mst instance 5 254
- Switch config if end 254
- Switch copy running config startup config 254
- Configuring the parameters on ports in instance 255
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 256
- Instance 5 256
- Interface state prio ext cost int cost edge p2p mode role status 256
- Mst instance 0 cist 256
- Mst instance 5 256
- Switch config if show spanning tree interface gigabitethernet 1 0 3 256
- Switch config if spanning tree mst instance 5 port priority 144 cost 200 256
- Switch config interface gigabitethernet 1 0 3 256
- Switch configure 256
- This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in 256
- Configuring global mstp parameters 257
- Follow these steps to configure the global mstp parameters of the switch 257
- Gi1 0 3 144 200 n a lnkdwn 257
- Interface prio cost role status 257
- Switch config if end 257
- Switch copy running config startup config 257
- Enable mstp 36864 2 12 20 8 25 258
- Enabling spanning tree globally 258
- Follow these steps to configure the spanning tree mode as mstp and enable spanning tree 258
- Function globally 258
- State mode priority hello time fwd time max age hold count max hops 258
- Switch config if end 258
- Switch config if show spanning tree bridge 258
- Switch config if spanning tree hold count 8 258
- Switch config if spanning tree max hops 25 258
- Switch config if spanning tree timer forward time 12 258
- Switch config spanning tree priority 36864 258
- Switch configure 258
- Switch copy running config startup config 258
- The hold count as 8 and the max hop as 25 258
- This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds 258
- Address 00 0a eb 13 23 97 259
- Designated bridge 259
- External cost 200000 259
- Function globally 259
- Latest topology change time 2006 01 04 10 47 42 259
- Mst instance 0 cist 259
- Priority 32768 259
- Root bridge 259
- Root port gi 0 20 259
- Spanning tree is enabled 259
- Spanning tree s mode mstp 802 s multiple spanning tree protocol 259
- Switch config show spanning tree active 259
- Switch config spanning tree 259
- Switch config spanning tree mode mstp 259
- Switch configure 259
- This example shows how to configure the spanning tree mode as mstp and enable spanning tree 259
- Configuring the stp security 261
- Stp security configurations 261
- Using the gui 261
- Configure the port protect features for the selected ports and click apply 262
- Field the switch will not remove mac address entries in the tc protect cycle 262
- Optional configuring the threshold and cycle of tc protect 262
- The number of the received tc bpdus exceeds the maximum number you set in the tc threshold 262
- When you enable tc protect function on ports set the tc threshold and tc protect cycle here if 262
- Configure the parameters of tc protect feature and click apply 263
- Configuring the stp security 263
- Featur 263
- Feature for ports 263
- Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter 263
- Tc protect to load the following page 263
- Using the cli 263
- Configuring the tc protect 264
- Follow these steps to configure tc protect feature for ports 264
- Functions on port 1 0 3 264
- Gi1 0 3 enable enable enable enable disable 264
- Interface bpdu filter bpdu guard loop protect root protect tc protect 264
- Switch config if end 264
- Switch config if spanning tree bpdufilter 264
- Switch config if spanning tree bpduguard 264
- Switch config if spanning tree guard loop 264
- Switch config if spanning tree guard root 264
- Switch config if spanning tree interface security gigabitethernet 1 0 3 264
- Switch config interface gigabitethernet 1 0 3 264
- Switch configure 264
- Switch copy running config startup config 264
- This example shows how to enable loop protect root protect bpdu filter and bpdu protect 264
- And the tc protect cycle is 8 265
- Gi1 0 3 enable enable enable enable enable 265
- Interface bpdu filter bpdu guard loop protect root protect tc protect 265
- Switch config if end 265
- Switch config if spanning tree guard tc 265
- Switch config if spanning tree interface security gigabitethernet 1 0 3 265
- Switch config interface gigabitethernet 1 0 3 265
- Switch config spanning tree tc defend threshold 25 period 8 265
- Switch configure 265
- Switch copy running config startup config 265
- This example shows how to enable the tc protect function on port 1 0 3 with the tc threshold is 265
- As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is 266
- Balancing thus providing a more flexible method in network management here we take the 266
- Configuration example for mstp 266
- Configuration scheme 266
- Cost of the port is 200000 266
- Here we configure two instances to meet the requirement as is shown below 266
- Instance 266
- It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be 266
- Map the vlans to different instances to ensure traffic can be transmitted along the respective 266
- Mstp backwards compatible with stp and rstp can map vlans to instances to enable load 266
- Mstp configuration as an example 266
- Network requirements 266
- To meet this requirement you are suggested to configure mstp function on the switches 266
- Transmitted along different paths 266
- Transmitted in this network the link speed between the switches is 100mb s the default path 266
- 0 1 of switch a to be greater than the default path cost 200000 for instance 2 set the 267
- And the revision level as 100 map vlan 101 vlan 103 to instance 1 and vlan 104 vlan 267
- Configure switch a switch b and switch c in the same region configure the region name as 267
- Configure the path cost to block the specified ports for instance 1 set the path cost of port 267
- Configure the priority of switch b as 0 to set is as the root bridge in instance 1 configure the 267
- Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways 267
- Enable mstp function in all the switches 267
- Enable the spanning tree function on the ports in each switch 267
- Path cost of port 1 0 2 of switch b to be greater than the default path cost 200000 267
- Priority of switch c as 0 to set is as the root bridge in instance 2 267
- The overview of configuration is as follows 267
- To instance 2 267
- Using the gui and using the cli 267
- Configurations for switch a 268
- Using the gui 268
- Instance config to load the following 269
- Page map vlan101 vlan103 to instance 1 map vlan104 vlan106 to instance 2 269
- Following page set the path cost of port 1 0 1 in instance 1 as 400000 270
- Instance port config to load the 270
- Configurations for switch b 271
- Instance config to load the following 273
- Page configure the priority of switch b as 0 to set it as the root bridge in instance 1 273
- Following page set the path cost of port 1 0 2 in instance 2 as 400000 274
- Instance port config to load the 274
- Configurations for switch c 275
- Configurations for switch a 278
- Using the cli 278
- Configurations for switch b 279
- Configurations for switch c 280
- Switch a 280
- Verify the configurations 280
- Switch b 282
- Switch c 283
- Appendix default parameters 285
- Default settings of the spanning tree feature are listed in the following table 285
- Chapters 287
- Managing layer 2 multicast 287
- Part 11 287
- Layer 2 multicast 288
- Overview 288
- And maintain layer 2 multicast forwarding table 289
- Configuration guide 267 289
- Demand on data link layer by analyzing igmp packets between layer 3 devices and users to build 289
- Demonstrated as below 289
- Figure 1 1 igmp snooping 289
- Forwarding table 289
- Igmp packets between layer 3 devices and users to build and maintain layer 2 multicast 289
- Layer 2 multicast protocol for ipv4 igmp snooping 289
- Layer 2 multicast protocol for ipv6 mld snooping 289
- Managing layer 2 multicast layer 2 multicast 289
- On the layer 2 device igmp snooping transmits data on demand on data link layer by analyzing 289
- On the layer 2 device mld snooping multicast listener discovery snooping transmits data on 289
- Supported layer 2 multicast protocols 289
- Configuring igmp snooping globally 290
- Igmp snooping configurations 290
- Using the gui 290
- Click apply 291
- Configure unknown multicast as forward or discard 291
- Configuring router port time and member port time 291
- Enable or disable report message suppression globally 291
- Enabling report message suppression can reduce the number of packets in the network 291
- Follow these steps to configure report message suppression 291
- Follow these steps to configure the aging time of the router ports and the member ports 291
- Follow these steps to configure unknown multicast 291
- For switches that support mld snooping igmp snooping and mld snooping share the setting 291
- Optional configuring report message suppression 291
- Snooping config page at the same time 291
- Specify the aging time of the member ports 291
- Specify the aging time of the router ports 291
- Are sent and no report message is received the switch will delete the multicast address from the 292
- Click apply 292
- Configure the last listener query interval and last listener query count when the switch 292
- Configuring igmp snooping last listener query 292
- Follow these steps to configure last listener query interval and last listener query count in the 292
- Global config section 292
- Igmp snooping status table displays vlans and ports with igmp snooping enabled 292
- Multicast forwarding table 292
- Receives an igmp leave message if specified count of multicast address specific queries masqs 292
- Specify the interval between masqs 292
- Specify the number of masqs to be sent 292
- Verifying igmp snooping status 292
- Configuring the port s basic igmp snooping features 293
- Enabling igmp snooping on the port 293
- Optional configuring fast leave 293
- Configuring igmp snooping globally in the vlan 294
- Configuring igmp snooping in the vlan 294
- And reduces network load of layer 3 devices 295
- Click create 295
- Configure the forbidden router ports in the designate vlan 295
- Configure the router ports in the designate vlan 295
- Configuring the multicast vlan 295
- Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device 295
- Follow these steps to configure static router ports in the designate vlan 295
- Follow these steps to forbid the selected ports to be the router ports in the designate vlan 295
- In old multicast transmission mode when users in different vlans apply for data from the same 295
- Layer 2 devices 295
- Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the 295
- Optional configuring the forbidden router ports in the vlan 295
- Optional configuring the static router ports in the vlan 295
- Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth 295
- With multicast vlan configured all multicast group members will be added to a vlan layer 3 295
- Configuring 802 q vlan 296
- Creating multicast vlan and configuring basic settings 296
- Enable multicast vlan configure the specific vlan to be the multicast vlan and configure 296
- In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic 296
- Multicast vlan to load the following page 296
- Set up the vlan that the router ports and the member ports are in for details please refer to 296
- Settings 296
- The router port time and member port time 296
- Click apply 297
- Configure the new multicast source ip 297
- Configure the router ports in the designate vlan 297
- Configure the router ports in the multicast vlan 297
- Follow these steps to configure static router ports in the multicast vlan 297
- Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 297
- Members in the multicast vlan section follow these steps to configure replace source ip 297
- Optional configuring the forbidden router ports 297
- Optional configuring the static router ports 297
- Optional creating replace source ip 297
- This function allows you to use a new ip instead of the source ip to send data to multicast group 297
- This table displays all the dynamic router ports in the multicast vlan 297
- Viewing dynamic router ports in the multicast vlan 297
- Click apply 298
- Configuring the querier 298
- Follow these steps to configure the querier 298
- Following page 298
- Igmp snooping querier sends general query packets regularly to maintain the multicast 298
- Optional configuring the querier 298
- Querier config to load the 298
- Specify a vlan and configure the querier on this vlan 298
- Click add 299
- Configuring igmp profile 299
- Create a profile and configure its filtering mode 299
- Creating profile 299
- Follow these steps to create a profile and configure its filtering mode 299
- Profile config to load 299
- The following page 299
- The igmp snooping querier table displays all the related settings of the igmp querier 299
- Viewing settings of igmp querier 299
- With igmp profile the switch can define a blacklist or whitelist of multicast addresses so as to 299
- You can edit the settings in the igmp snooping querier table 299
- Click create 300
- Click edit in the igmp profile info table edit its ip range and click add to save the settings 300
- Editing ip range of the profile 300
- Enter the search condition in the search option field to search the profile in the igmp profile info 300
- Follow these steps to edit profile mode and its ip range 300
- Searching profile 300
- Binding profile and member ports 301
- Click apply 302
- Configuring max groups a port can join 302
- Follow these steps to configure the maximum groups a port can join and overflow action 302
- Packet statistic to load the following page 302
- Select a port to configure its max group and overflow action 302
- Viewing igmp statistics on each port 302
- Click apply 303
- Configuring auto refresh 303
- Enable or disable auto refresh 303
- Enabling igmp accounting and authentication 303
- Follow these steps to configure auto refresh 303
- Igmp authentication to load the following 303
- The igmp statistics table displays all kinds of igmp statistics of all the ports 303
- Viewing igmp statistics 303
- Configuring igmp accounting globally 304
- Configuring igmp authentication on the port 304
- Click apply 305
- Configuring static member port 305
- Enter the multicast ip and vlan id specify the static member port 305
- Follow these steps to configure static member port 305
- Follow these steps to enable igmp authentication on the port 305
- Following page 305
- Specify the ports and enable igmp authentication 305
- Static ipv4 multicast table to load the 305
- This function allows you to specify a port as a static member port in the multicast group 305
- Click create 306
- Enabling igmp snooping globally 306
- Enabling igmp snooping on the port 306
- Search option 306
- Static multicast ip table displays details of all igmp static multicast groups 306
- Using the cli 306
- Viewing igmp static multicast groups 306
- You can search igmp static multicast entries by using multicast ip vlan id or forward port as the 306
- Configuring igmp snooping parameters globally 307
- Configuring report message suppression 307
- Configuring unknown multicast 308
- Enable port 308
- Enable vlan 308
- Global authentication accounting disable 308
- Global member age time 260 308
- Global report suppression enable 308
- Global router age time 300 308
- Igmp snooping enable 308
- Last query interval 1 308
- Last query times 2 308
- Switch config if end 308
- Switch config ip igmp snooping 308
- Switch config ip igmp snooping report suppression 308
- Switch config show ip igmp snooping 308
- Switch configure 308
- Switch copy running config startup config 308
- The following example shows how to enable report message suppression 308
- Unknown multicast pass 308
- Configuring igmp snooping parameters on the port 310
- Configuring router port time and member port time 310
- Enable port 310
- Enable vlan 310
- Global authentication accounting disable 310
- Global member age time 200 310
- Global report suppression disable 310
- Global router age time 200 310
- Igmp snooping enable 310
- Last query interval 1 310
- Last query times 2 310
- Switch config ip igmp snooping 310
- Switch config ip igmp snooping mtime 200 310
- Switch config ip igmp snooping rtime 200 310
- Switch config show ip igmp snooping 310
- Switch configure 310
- The following example shows how to configure the global router port time and member port 310
- Time as 200 seconds 310
- Unknown multicast pass 310
- Configuring fast leave 311
- Gi1 0 3 enable enable 311
- Port igmp snooping fast leave 311
- Switch config if end 311
- Switch config if ip igmp snooping 311
- Switch config if ip igmp snooping immediate leave 311
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 basic config 311
- Switch config interface gigabiteternet 1 0 3 311
- Switch config ip igmp snooping 311
- Switch configure 311
- Switch copy running config startup config 311
- The following example shows how to enable fast leave on port 1 0 3 311
- Configuring max group and overflow action on the port 312
- Drop on port 1 0 3 312
- Gi1 0 3 500 drop 312
- Port max groups overflow action 312
- Switch config if end 312
- Switch config if ip igmp snooping 312
- Switch config if ip igmp snooping max groups 500 312
- Switch config if ip igmp snooping max groups action drop 312
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 max groups 312
- Switch config interface gigabiteternet 1 0 3 312
- Switch config ip igmp snooping 312
- Switch configure 312
- The following example shows how to configure the max group as 500 and the overflow action as 312
- Configuring igmp snooping last listener query 313
- Enable port 313
- Global authentication accounting disable 313
- Global member age time 260 313
- Global report suppression disable 313
- Global router age time 300 313
- Igmp snooping enable 313
- Last query interval 5 313
- Last query times 5 313
- Listener query interval as 5 seconds 313
- Switch config ip igmp snooping 313
- Switch config ip igmp snooping last listener query count 5 313
- Switch config ip igmp snooping last listener query interval 5 313
- Switch config show ip igmp snooping 313
- Switch configure 313
- Switch copy running config startup config 313
- The following example shows how to configure the last listener query count as 5 and the last 313
- Unknown multicast pass 313
- Configuring igmp snooping parameters in the vlan 314
- Configuring router port time and member port time 314
- Dynamic router port none 314
- Enable vlan 314
- Forbidden router port none 314
- Member time 400 314
- Router time 500 314
- Static router port none 314
- Switch config end 314
- Switch config ip igmp snooping 314
- Switch config ip igmp snooping vlan config 2 3 mtime 400 314
- Switch config ip igmp snooping vlan config 2 3 rtime 500 314
- Switch config show ip igmp snooping vlan 2 314
- Switch configure 314
- Switch copy running config startup config 314
- The following example shows how to enable igmp snooping in vlan 2 and vlan 3 configure 314
- The router port time as 500 seconds and the member port time as 400 seconds 314
- Vlan id 2 314
- As the static router port 315
- Configuring static router port 315
- Dynamic router port none 315
- Forbidden router port none 315
- Member time 0 315
- Member time 400 315
- Router time 0 315
- Router time 500 315
- Static router port gi1 0 2 315
- Static router port none 315
- Switch config end 315
- Switch config ip igmp snooping 315
- Switch config ip igmp snooping vlan config 2 rport interface gigabitethernet 1 0 2 315
- Switch config show ip igmp snooping vlan 2 315
- Switch config show ip igmp snooping vlan 3 315
- Switch configure 315
- Switch copy running config startup config 315
- The following example shows how to enable igmp snooping in vlan 2 and configure port 1 0 2 315
- Vlan id 2 315
- Vlan id 3 315
- Configuring forbidden router port 316
- Dynamic router port none 316
- Forbidden router port gi1 0 4 6 316
- Forbidden router port none 316
- From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 316
- Gigabitethernet 1 0 4 6 316
- Member time 0 316
- Router time 0 316
- Static router port none 316
- Switch config end 316
- Switch config ip igmp snooping 316
- Switch config ip igmp snooping vlan config 2 router ports forbidd interface 316
- Switch config show ip igmp snooping vlan 2 316
- Switch configure 316
- Switch copy running config startup config 316
- The following example shows how to enable igmp snooping in vlan 2 and forbid port 1 0 4 6 316
- Vlan id 2 316
- 0 9 10 317
- 2 2 static gi1 0 9 10 317
- Configuring igmp snooping parameters in the multicast vlan 317
- Configuring router port time and member port time 317
- Configuring static multicast multicast ip and forward port 317
- Multicast ip vlan id addr type switch port 317
- Port 1 0 9 10 as the forward ports 317
- Switch config end 317
- Switch config ip igmp snooping 317
- Switch config ip igmp snooping vlan config 2 static 226 interface gigabitethernet 317
- Switch config show ip igmp snooping groups static 317
- Switch configure 317
- Switch copy running config startup config 317
- The following example shows how to configure 226 as the static multicast ip and specify 317
- Dynamic router port none 318
- Forbidden router port none 318
- Member time 400 318
- Multicast vlan enable 318
- Replace source ip 0 318
- Router time 500 318
- Static router port none 318
- Switch config end 318
- Switch config ip igmp snooping 318
- Switch config ip igmp snooping multi vlan config 5 mtime 400 318
- Switch config ip igmp snooping multi vlan config 5 rtime 500 318
- Switch config show ip igmp snooping multi vlan config 318
- Switch configure 318
- Switch copy running config startup config 318
- The following example shows how to configure vlan 5 as the multicast vlan set the router port 318
- Time as 500 seconds and the member port time as 400 seconds 318
- Vlan id 5 318
- As the static router port 319
- Configuring static router port 319
- Dynamic router port none 319
- Forbidden router port none 319
- Member time 260 319
- Multicast vlan enable 319
- Replace source ip 0 319
- Router time 300 319
- Static router port gi1 0 5 319
- Switch config end 319
- Switch config ip igmp snooping 319
- Switch config ip igmp snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 319
- Switch config show ip igmp snooping multi vlan config 319
- Switch configure 319
- Switch copy running config startup config 319
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 319
- Vlan id 5 319
- As the forbidden router port 320
- Configuring forbidden router port 320
- Dynamic router port none 320
- Forbidden router port gi1 0 6 320
- Gigabitethernet 1 0 6 320
- Member time 260 320
- Multicast vlan enable 320
- Replace source ip 0 320
- Router time 300 320
- Static router port none 320
- Switch config end 320
- Switch config ip igmp snooping 320
- Switch config ip igmp snooping multi vlan config 5 router ports forbidd interface 320
- Switch config show ip igmp snooping multi vlan config 320
- Switch configure 320
- Switch copy running config startup config 320
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 320
- Vlan id 5 320
- Configuring replace source ip 321
- Dynamic router port none 321
- Forbidden router port none 321
- Member time 260 321
- Multicast vlan enable 321
- Replace source ip 192 68 321
- Router time 300 321
- Source ip in the igmp packets sent by the switch with 192 68 321
- Static router port none 321
- Switch config end 321
- Switch config ip igmp snooping 321
- Switch config ip igmp snooping multi vlan config 5 replace sourceip 192 68 321
- Switch config show ip igmp snooping multi vlan config 321
- Switch configure 321
- Switch copy running config startup config 321
- The following example shows how to configure vlan 5 as the multicast vlan and replace the 321
- Vlan id 5 321
- Configuring query interval max response time and general query source ip 322
- Configuring the querier 322
- Enabling igmp querier 322
- General query source ip 192 68 322
- Maximum response time 10 322
- Query interval 60 322
- Switch config end 322
- Switch config ip igmp snooping 322
- Switch config ip igmp snooping querier vlan 4 322
- Switch config show ip igmp snooping querier 322
- Switch configure 322
- Switch copy running config startup config 322
- The following example shows how to enable igmp snooping and igmp querier in vlan 4 322
- Vlan 4 322
- General query source ip 192 68 323
- Maximum response time 20 323
- Query interval 100 323
- Source ip as 192 68 323
- Switch config end 323
- Switch config ip igmp snooping 323
- Switch config ip igmp snooping querier vlan 4 general query source ip 192 68 323
- Switch config ip igmp snooping querier vlan 4 max response time 20 323
- Switch config ip igmp snooping querier vlan 4 query interval 100 323
- Switch config show ip igmp snooping querier 323
- Switch configure 323
- Switch copy running config startup config 323
- The following example shows how to enable igmp snooping and igmp querier in vlan 4 set 323
- The query interval as 100 seconds the max response time as 20 seconds and the general query 323
- Vlan 4 323
- Configuring multicast filtering 324
- Creating profile 324
- Igmp profile 1 324
- Range 226 226 0 324
- Sent to 226 226 0 324
- Switch config igmp profile deny 324
- Switch config igmp profile range 226 226 0 324
- Switch config igmp profile show ip igmp profile 324
- Switch config ip igmp profile 1 324
- Switch config ip igmp snooping 324
- Switch configure 324
- The following example shows how to configure profile 1 so that the switch filters multicast data 324
- Binding profile to the port 325
- Igmp profile 1 325
- Multicast data sent to 226 226 0 325
- Range 226 226 0 325
- Switch config end 325
- Switch config if ip igmp filter 1 325
- Switch config if ip igmp snooping 325
- Switch config if show ip igmp profile 325
- Switch config igmp profile deny 325
- Switch config igmp profile exit 325
- Switch config igmp profile range 226 226 0 325
- Switch config interface gigabitethernet 1 0 2 325
- Switch config ip igmp profile 1 325
- Switch config ip igmp snooping 325
- Switch configure 325
- Switch copy running config startup config 325
- The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters 325
- Binding port s 326
- Enabling igmp accounting and authentication 326
- Enabling igmp authentication on the port 326
- Gi1 0 2 326
- Gi1 0 2 enable 326
- Port igmp authentication 326
- Switch config end 326
- Switch config if ip igmp snooping 326
- Switch config if ip igmp snooping authentication 326
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 2 authentication 326
- Switch config interface gigabitethernet 1 0 2 326
- Switch config ip igmp snooping 326
- Switch configure 326
- Switch copy running config startup config 326
- The following example shows how to enable igmp authentication on port 1 0 2 326
- Enabling igmp accounting globally 327
- Switch copy running config startup config 327
- Configuring mld snooping 328
- Configuring mld snooping globally 328
- Using the gui 328
- Click apply 329
- Configure unknown multicast as forward or discard 329
- Configuring router port time and member port time 329
- Enable or disable report message suppression globally 329
- Enabling report message suppression can reduce the number of packets in the network 329
- Follow these steps to configure report message suppression 329
- Follow these steps to configure the aging time of the router ports and the member ports 329
- Follow these steps to configure unknown multicast 329
- Igmp snooping and mld snooping share the setting of unknown multicast so you have to 329
- Optional configuring report message suppression 329
- Snooping config page at 329
- Specify the aging time of the member ports 329
- Specify the aging time of the router ports 329
- The same time 329
- Are sent and no report message is received the switch will delete the multicast address from the 330
- Click apply 330
- Configure the last listener query interval and last listener query count when the switch 330
- Configuring mld snooping last listener query 330
- Follow these steps to configure last listener query interval and last listener query count in the 330
- Global config section 330
- Mld snooping status table displays vlans and ports with mld snooping enabled 330
- Multicast forwarding table 330
- Receives an mld leave message if specified count of multicast address specific queries masqs 330
- Specify the interval between masqs 330
- Specify the number of masqs to be sent 330
- Verifying mld snooping status 330
- Configuring the port s basic mld snooping features 331
- Enabling mld snooping on the port 331
- Optional configuring fast leave 331
- Configuring mld snooping globally in the vlan 332
- Configuring mld snooping in the vlan 332
- And reduces network load of layer 3 devices 333
- Click create 333
- Configure the forbidden router ports in the designate vlan 333
- Configure the router ports in the designate vlan 333
- Configuring the multicast vlan 333
- Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device 333
- Follow these steps to configure static router ports in the designate vlan 333
- Follow these steps to forbid the selected ports to be the router ports in the designate vlan 333
- In old multicast transmission mode when users in different vlans apply for data from the same 333
- Layer 2 devices 333
- Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the 333
- Optional configuring the forbidden router ports in the vlan 333
- Optional configuring the static router ports in the vlan 333
- Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth 333
- With multicast vlan configured all multicast group members will be added to a vlan layer 3 333
- Configuring 802 q vlan 334
- Creating multicast vlan and configuring basic settings 334
- Enable multicast vlan configure the specific vlan to be the multicast vlan and configure 334
- In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic 334
- Multicast vlan to load the following page 334
- Set up the vlan that the router ports and the member ports are in for details please refer to 334
- Settings 334
- The router port time and member port time 334
- Click apply 335
- Configure the new multicast source ip 335
- Configure the router ports in the designate vlan 335
- Configure the router ports in the multicast vlan 335
- Follow these steps to configure static router ports in the multicast vlan 335
- Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 335
- Members in the multicast vlan section follow these steps to configure replace source ip 335
- Optional configuring the forbidden router ports 335
- Optional configuring the static router ports 335
- Optional creating replace source ip 335
- This function allows you to use a new ip instead of the source ip to send data to multicast group 335
- This table displays all the dynamic router ports in the multicast vlan 335
- Viewing dynamic router ports in the multicast vlan 335
- Click apply 336
- Configuring the querier 336
- Follow these steps to configure the querier 336
- Following page 336
- Mld snooping querier sends general query packets regularly to maintain the multicast 336
- Optional configuring the querier 336
- Querier config to load the 336
- Specify a vlan and configure the querier on this vlan 336
- Click add 337
- Configuring mld profile 337
- Create a profile and configure its filtering mode 337
- Creating profile 337
- Follow these steps to create a profile and configure its filtering mode 337
- Following page 337
- Profile config to load the 337
- The mld snooping querier table displays all the related settings of the mld querier 337
- Viewing settings of mld querier 337
- With mld profile the switch can define a blacklist or whitelist of multicast addresses so as to filter 337
- You can edit the settings in the mld snooping querier table 337
- Binding profile and member ports 338
- Editing ip range of the profile 338
- Searching profile 338
- Binding profile and member ports 339
- Click apply 339
- Configuring max groups a port can join 339
- Follow these steps to bind the profile to the port 339
- Follow these steps to configure the maximum groups a port can join and overflow action 339
- Select a port to configure its max group and overflow action 339
- Select the port to be bound and enter the profile id in the profile id column 339
- Click apply 340
- Configuring auto refresh 340
- Enable or disable auto refresh 340
- Follow these steps to configure auto refresh 340
- Packet statistic to load the following page 340
- Viewing mld statistics on each port 340
- Click apply 341
- Configuring static member port 341
- Enter the multicast ip and vlan id specify the static member port 341
- Follow these steps to configure static member port 341
- Following page 341
- Static ipv4 multicast table to load the 341
- The mld statistics table displays all kinds of mld statistics of all the ports 341
- This function allows you to specify a port as a static member port in the multicast group 341
- Viewing mld statistics 341
- Click create 342
- Enabling mld snooping globally 342
- Enabling mld snooping on the port 342
- Search option 342
- Static multicast ip table displays details of all mld static multicast groups 342
- Using the cli 342
- Viewing mld static multicast groups 342
- You can search mld static multicast entries by using multicast ip vlan id or forward port as the 342
- Configuring mld snooping parameters globally 343
- Configuring report message suppression 343
- Configuring unknown multicast 344
- Enable port 344
- Enable vlan 344
- Global member age time 260 344
- Global report suppression enable 344
- Global router age time 300 344
- Last query interval 1 344
- Last query times 2 344
- Mld snooping enable 344
- Switch config end 344
- Switch config ipv6 mld snooping 344
- Switch config ipv6 mld snooping report suppression 344
- Switch config show ipv6 mld snooping 344
- Switch configure 344
- Switch copy running config startup config 344
- The following example shows how to enable report message suppression 344
- Unknown multicast pass 344
- Configuring mld snooping parameters on the port 345
- Configuring router port time and member port time 345
- Configuring fast leave 347
- Configuring max group and overflow action on the port 347
- Gi1 0 3 enable enable 347
- Port mld snooping fast leave 347
- Switch config if end 347
- Switch config if ipv6 mld snooping 347
- Switch config if ipv6 mld snooping immediate leave 347
- Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 basic config 347
- Switch config interface gigabiteternet 1 0 3 347
- Switch config ipv6 mld snooping 347
- Switch configure 347
- Switch copy running config startup config 347
- The following example shows how to enable fast leave on port 1 0 3 347
- Drop on port 1 0 3 348
- Gi1 0 3 500 drop 348
- Port max groups overflow action 348
- Switch config if end 348
- Switch config if ipv6 mld snooping 348
- Switch config if ipv6 mld snooping max groups 500 348
- Switch config if ipv6 mld snooping max groups action drop 348
- Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 max groups 348
- Switch config interface gigabiteternet 1 0 3 348
- Switch config ipv6 mld snooping 348
- Switch configure 348
- Switch copy running config startup config 348
- The following example shows how to configure the max group as 500 and the overflow action as 348
- Configuring mld snooping last listener query 349
- Enable port 349
- Enable vlan 349
- Global member age time 260 349
- Global report suppression disable 349
- Global router age time 300 349
- Last query interval 5 349
- Last query times 5 349
- Mld snooping enable 349
- Switch config end 349
- Switch config ipv6 mld snooping 349
- Switch config ipv6 mld snooping last listener query count 5 349
- Switch config ipv6 mld snooping last listener query interval 5 349
- Switch config show ipv6 mld snooping 349
- Switch configure 349
- Switch copy running config startup config 349
- The following example shows how to configure the last listener query count as 5 and the last 349
- Unknown multicast pass 349
- Configuring mld snooping parameters in the vlan 350
- Configuring router port time and member port time 350
- Dynamic router port none 350
- Forbidden router port none 350
- Member time 400 350
- Router port time as 500 seconds and the member port time as 400 seconds 350
- Router time 500 350
- Static router port none 350
- Switch config ipv6 mld snooping 350
- Switch config ipv6 mld snooping vlan config 2 3 mtime 400 350
- Switch config ipv6 mld snooping vlan config 2 3 rtime 500 350
- Switch config show ipv6 mld snooping vlan 2 350
- Switch config show ipv6 mld snooping vlan 3 350
- Switch configure 350
- The following example shows how to enable mld snooping in vlan 2 and vlan 3 configure the 350
- Vlan id 2 350
- Vlan id 3 350
- As the static router port 351
- Configuring static router port 351
- Dynamic router port none 351
- Forbidden router port none 351
- Member time 0 351
- Member time 400 351
- Router time 0 351
- Static router port gi1 0 2 351
- Static router port none 351
- Switch config end 351
- Switch config ipv6 mld snooping 351
- Switch config ipv6 mld snooping vlan config 2 rport interface gigabitethernet 1 0 2 351
- Switch config show ipv6 mld snooping vlan 2 351
- Switch configure 351
- Switch copy running config startup config 351
- The following example shows how to enable mld snooping in vlan 2 and configure port 1 0 2 351
- Vlan id 2 351
- Configuring forbidden router port 352
- Dynamic router port none 352
- Forbidden router port gi1 0 4 6 352
- From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 352
- Gigabitethernet 1 0 4 6 352
- Member time 0 352
- Router time 0 352
- Static router port none 352
- Switch config 352
- Switch config end 352
- Switch config ipv6 mld snooping 352
- Switch config ipv6 mld snooping vlan config 2 router ports forbidden interface 352
- Switch config show ipv6 mld snooping vlan 2 352
- Switch copy running config startup config 352
- The following example shows how to enable mld snooping in vlan 2 and forbid port 1 0 4 6 352
- Vlan id 2 352
- Configuring mld snooping parameters in the multicast vlan 353
- Configuring router port time and member port time 353
- Configuring static multicast multicast ip and forward port 353
- Ff01 1234 02 2 static gi1 0 9 10 353
- Gigabitethernet 1 0 9 10 353
- Multicast ip vlan id addr type switch port 353
- Port 1 0 9 10 as the forward ports 353
- Switch config end 353
- Switch config ipv6 mld snooping 353
- Switch config ipv6 mld snooping vlan config 2 static ff01 1234 02 interface 353
- Switch config show ipv6 mld snooping groups static 353
- Switch configure 353
- Switch copy running config startup config 353
- The following example shows how to configure ff01 1234 02 as the static multicast ip and specify 353
- Dynamic router port none 354
- Forbidden router port none 354
- Member time 400 354
- Multicast vlan enable 354
- Replace source ip 354
- Router time 500 354
- Static router port none 354
- Switch config end 354
- Switch config ipv6 mld snooping 354
- Switch config ipv6 mld snooping multi vlan config 5 mtime 400 354
- Switch config ipv6 mld snooping multi vlan config 5 rtime 500 354
- Switch config show ipv6 mld snooping multi vlan 354
- Switch configure 354
- Switch copy running config startup config 354
- The following example shows how to configure vlan 5 as the multicast vlan set the router port 354
- Time as 500 seconds and the member port time as 400 seconds 354
- Vlan id 5 354
- As the static router port 355
- Configuring static router port 355
- Dynamic router port none 355
- Forbidden router port none 355
- Member time 260 355
- Multicast vlan enable 355
- Replace source ip 355
- Router time 300 355
- Static router port gi1 0 5 355
- Switch config end 355
- Switch config ipv6 mld snooping 355
- Switch config ipv6 mld snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 355
- Switch config show ipv6 mld snooping multi vlan 355
- Switch configure 355
- Switch copy running config startup config 355
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 355
- Vlan id 5 355
- As the forbidden router port 356
- Configuring forbidden router port 356
- Dynamic router port none 356
- Forbidden router port gi1 0 6 356
- Gigabitethernet 1 0 6 356
- Member time 260 356
- Multicast vlan enable 356
- Replace source ip 356
- Router time 300 356
- Static router port none 356
- Switch config end 356
- Switch config ipv6 mld snooping 356
- Switch config ipv6 mld snooping multi vlan config 5 router ports forbidden interface 356
- Switch config show ipv6 mld snooping multi vlan 356
- Switch configure 356
- Switch copy running config startup config 356
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 356
- Vlan id 5 356
- Configuring replace source ip 357
- Dynamic router port none 357
- Fe80 02ff ffff fe00 0001 357
- Forbidden router port none 357
- Member time 260 357
- Multicast vlan enable 357
- Replace source ip fe80 2ff ffff fe00 1 357
- Router time 300 357
- Source ip in the mld packets sent by the switch with fe80 02ff ffff fe00 0001 357
- Static router port none 357
- Switch config end 357
- Switch config ipv6 mld snooping 357
- Switch config ipv6 mld snooping multi vlan config 5 replace sourceip 357
- Switch config show ipv6 mld snooping multi vlan 357
- Switch configure 357
- Switch copy running config startup config 357
- The following example shows how to configure vlan 5 as the multicast vlan and replace the 357
- Vlan id 5 357
- Configuring query interval max response time and general query source ip 358
- Configuring the querier 358
- Enabling mld querier 358
- General query source ip fe80 2ff ffff fe00 1 358
- Maximum response time 10 358
- Query interval 60 358
- Switch config end 358
- Switch config ipv6 mld snooping 358
- Switch config ipv6 mld snooping querier vlan 4 358
- Switch config show ipv6 mld snooping querier 358
- Switch configure 358
- Switch copy running config startup config 358
- The following example shows how to enable mld snooping and mld querier in vlan 4 358
- Vlan 4 358
- General query source ip fe80 2ff ffff fe00 1 359
- Maximum response time 20 359
- Query interval 100 359
- Source ip as fe80 2ff ffff fe00 1 359
- Switch config end 359
- Switch config ipv6 mld snooping 359
- Switch config ipv6 mld snooping querier vlan 4 general query source ip fe80 2ff ffff fe00 1 359
- Switch config ipv6 mld snooping querier vlan 4 max response time 20 359
- Switch config ipv6 mld snooping querier vlan 4 query interval 100 359
- Switch config show ipv6 mld snooping querier 359
- Switch configure 359
- Switch copy running config startup config 359
- The following example shows how to enable mld snooping and mld querier in vlan 4 set 359
- The query interval as 100 seconds the max response time as 20 seconds and the general query 359
- Vlan 4 359
- Configuring multicast filtering 360
- Creating profile 360
- Mld profile 1 360
- Range ff01 1234 5 ff01 1234 8 360
- Sent to ff01 1234 5 ff01 1234 8 360
- Switch config ipv6 mld profile 1 360
- Switch config ipv6 mld snooping 360
- Switch config mld profile deny 360
- Switch config mld profile range ff01 1234 5 ff01 1234 8 360
- Switch config mld profile show ipv6 mld profile 360
- Switch configure 360
- The following example shows how to configure profile 1 so that the switch filters multicast data 360
- Binding profile to the port 361
- Mld profile 1 361
- Multicast data sent to ff01 1234 5 ff01 1234 8 361
- Range ff01 1234 5 ff01 1234 8 361
- Switch config end 361
- Switch config if ipv6 mld filter 1 361
- Switch config if ipv6 mld snooping 361
- Switch config if show ipv6 mld profile 361
- Switch config interface gigabitethernet 1 0 2 361
- Switch config ipv6 mld profile 1 361
- Switch config ipv6 mld snooping 361
- Switch config mld profile deny 361
- Switch config mld profile exit 361
- Switch config mld profile range ff01 1234 5 ff01 1234 8 361
- Switch configure 361
- Switch copy running config startup config 361
- The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters 361
- Using the gui 363
- Viewing ipv4 multicast snooping configurations 363
- Viewing ipv6 multicast snooping configurations 363
- Viewing multicast snooping configurations 363
- Using the cli 364
- Viewing ipv4 multicast snooping configurations 364
- Viewing ipv6 multicast snooping configurations 365
- Configuration examples 366
- Configuration scheme 366
- Example for configuring basic igmp snooping 366
- Network requirements 366
- Using the gui 367
- Port config to load the following page configure 369
- The pvid of port 1 0 1 4 as 10 369
- Using the cli 370
- Configuration file 371
- Verify the configurations 372
- Configuration scheme 373
- Example for configuring multicast vlan 373
- Network requirements 373
- Network topology 373
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 374
- Internet 374
- Using the gui and using the cli 374
- Using the gui 375
- Using the cli 377
- Configuration file 378
- Verify the configurations 379
- Example for configuring unknown multicast and fast leave 380
- Network requirement 380
- 0 2 and enable unknown multicast globally to change channel host b sends a leave message 381
- About leaving the previous channel the switch will then drop multicast data from the previous 381
- After the channel is changed the client host b still receives irrelevant multicast data the data 381
- Channel and all unknown multicast data which ensures that host b only receives multicast data 381
- Configuration scheme 381
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 381
- From the new channel and that the multicast network is unimpeded 381
- From the previous channel and possibly other unknown multicast data which increases the 381
- Internet 381
- Multicast and fast leave 381
- Network load and results in network congestion the solution to this problem is using unknown 381
- To avoid host b from receiving irrelevant multicast data the user can enable fast leave on port 381
- Using the gui and using the cli 381
- Page enable igmp snooping globally and configure unknown multicast as discard 382
- Snooping config to load the following 382
- Using the gui 382
- Enable igmp snooping on port 1 0 2 and port 1 0 4 and enable fast leave on port 1 0 2 383
- Port config to load the following page 383
- Using the cli 384
- Configuration file 385
- Verify the configurations 385
- Configuration scheme 386
- Example for configuring multicast filtering 386
- Network requirements 386
- Network topology 386
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 387
- Internet 387
- Using the gui and using the cli 387
- Using the gui 388
- Port config to load the following page configure 390
- The pvid of port 1 0 1 4 as 10 390
- Using the cli 394
- Configuration file 396
- Verify the configurations 397
- Appendix default parameters 399
- Default parameters for igmp snooping 399
- Default parameters for mld snooping 400
- Chapters 402
- Managing logical interfaces 402
- Part 12 402
- Devices interfaces are classified into physical interfaces and logical interfaces 403
- Interfaces and routing interfaces 403
- Interfaces are shown as below 403
- Interfaces of a device are used to exchange data and interact with interfaces of other network 403
- Logical interfaces are manually configured and do not physically exist such as loopback 403
- Overview 403
- Physical interfaces are the ports on the front panel or rear panel of the switch 403
- This chapter introduces the configurations for logical interfaces the supported types of logical 403
- Creating a layer 3 interface 404
- Logical interfaces configurations 404
- Using the gui 404
- Configuring ipv4 parameters of the interface 405
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 405
- In the interface list section you can view the corresponding interface entry you create 405
- In the modify interface section specify an interface id and configure relevant parameters for 405
- Section on the corresponding interface entry click edit to load the following page and configure 405
- The interface according to your actual needs then click apply 405
- The ipv4 parameters of the interface 405
- Configure the ipv6 parameters of the interface 406
- Configuring ipv6 parameters of the interface 406
- Create 406
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 406
- In the secondary ip create section configure the secondary ip for the specified interface 406
- In the secondary ip list section you can view the corresponding secondary ip entry you 406
- Section on the corresponding interface entry click edit ipv6 to load the following page and 406
- Which allows you to have two logical subnets using one physical subnet then click create 406
- Configure the ipv6 link local address of the interface manually or automatically in the link 407
- Enable ipv6 function on the interface of switch in the general config section then click 407
- Local address config section then click apply 407
- Configure one or more ipv6 global addresses of the interface via following three ways 408
- Manually 408
- Via dhcpv6 server 408
- Via ra message 408
- View the global address entry in the global address table 408
- Creating a layer 3 interface 409
- Follow these steps to create a layer 3 interface you can create a vlan interface a loopback 409
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 409
- Interface a routed port or a port channel interface according to your needs 409
- Section on the corresponding interface entry click detail to load the following page and view 409
- The detail information of the interface 409
- Using the cli 409
- Viewing detail information of the interface 409
- Switch config if description vlan 2 410
- Switch config if end 410
- Switch config interface vlan 2 410
- Switch configure 410
- Switch copy running config startup config 410
- The following example shows how to create a vlan interface with a description of vlan 2 410
- Configuring ipv4 parameters of the interface 411
- Follow these steps to configure the ipv4 parameters of the interface 411
- Setting a static ip address for the port and enabling the layer 3 capabilities 411
- Switch config if ip address 192 68 00 255 55 55 411
- Switch config if no switchport 411
- Switch config if show interface configuration gigabitethernet 1 0 1 411
- Switch config interface gigabitethernet 1 0 1 411
- Switch configure 411
- The following example shows how to configure the ipv4 parameters of a routed port including 411
- Configuring ipv6 parameters of the interface 412
- Follow these steps to configure the ipv6 parameters of the interface 412
- Gi1 0 1 192 68 00 24 static up up no 412
- Interface ip address method status protocol shutdown 412
- Switch config if end 412
- Switch config if show ip interface brief 412
- Switch copy running config startup config 412
- Global address dhcpv6 enable 413
- Global address ra disable 413
- Global unicast address es ff02 1 ff13 237b 413
- Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 413
- Of a vlan interface 413
- Switch config if ipv6 address autoconfig 413
- Switch config if ipv6 address dhcp 413
- Switch config if ipv6 enable 413
- Switch config if show ipv6 interface 413
- Switch config interface vlan 2 413
- Switch configure 413
- The following example shows how to enable the ipv6 function and configure the ipv6 parameters 413
- Vlan2 is up line protocol is up 413
- Appendix default parameters 415
- Default settings of interface are listed in the following tables 415
- Chapters 416
- Configuring static routing 416
- Part 13 416
- Overview 417
- An ipv4 static route then click create 418
- Entries 418
- In the ipv4 static route table section you can view and modify the ipv4 static routing 418
- In the ipv4 static routing config section configure the corresponding parameters to add 418
- Ipv4 static routing config to load the following 418
- Ipv4 static routing configuration 418
- Using the gui 418
- As 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 419
- C 192 68 24 is directly connected vlan1 419
- Candidate default 419
- Codes c connected s static 419
- Follow these steps to create an ipv4 static route 419
- S 192 68 24 1 0 via 192 68 vlan1 419
- Switch config end 419
- Switch config ip route 192 68 255 55 55 192 68 419
- Switch config show ip route 419
- Switch configure 419
- Switch copy running config startup config 419
- The following example shows how to create an ipv4 static route with the destination ip address 419
- Using the cli 419
- Ipv6 static routing configuration 420
- Using the gui 420
- As 3200 64 and the next hop address as 3100 1234 421
- Candidate default 421
- Codes c connected s static 421
- Follow these steps to enable ipv6 routing function and create an ipv6 static route 421
- Switch config ipv6 route 3200 64 3100 1234 421
- Switch config show ipv6 route static 421
- Switch configure 421
- The following example shows how to create an ipv6 static route with the destination ip address 421
- Using the cli 421
- Using the gui 423
- Viewing ipv4 routing table 423
- Viewing ipv6 routing table 423
- Viewing routing table 423
- On privileged exec mode or any other configuration mode you can use the following command 424
- To view ipv4 routing table 424
- To view ipv6 routing table 424
- Using the cli 424
- View the ipv6 routes in the ipv6 routing information summary section 424
- Viewing ipv4 routing table 424
- Viewing ipv6 routing table 424
- A as an example 425
- As shown below host a and host b are on different network segments to meet business needs 425
- Configuration scheme 425
- Create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as 425
- Demonstrated with t1600g 52ts the following sections provide configuration procedure in two 425
- Ensure stable connectivity 425
- Example for static routing 425
- Host a and host b need establish a connection without using dynamic routing protocols to 425
- Interface config to load the following page 425
- Network requirements 425
- Switch b so that hosts on different network segments can communicate with each other 425
- The configurations of switch a and switch b are similar the following introductions take switch 425
- The default gateway of host b as 10 24 and configure ipv4 static routes on switch a and 425
- To implement this requirement you can configure the default gateway of host a as 10 24 425
- Using the gui 425
- Ways using the gui and using the cli 425
- Using the cli 426
- Configuration file 427
- Switch a 428
- Verify the configurations 428
- Connectivity between switch a and switch b 429
- Switch b 429
- Appendix default parameter 430
- Default setting of static routing is listed in the following table 430
- A relay agent and forwards dhcp packets between dhcp clients and dhcp servers on different 432
- Dhcp relay is used to process and forward dhcp packets between different subnets 432
- Dhcp relay solves this problem as the following figure shows the dhcp relay device acts as 432
- Equipped with a dhcp server thus increasing the costs of network construction 432
- Overview 432
- Requires that the client and the server should be on the same lan therefore each lan should be 432
- Since the client requests a dynamic ip address via broadcast the basic network model of dhcp 432
- Subnets so that dhcp clients on different subnets can share one dhcp server 432
- Dhcp relay configuration 433
- Enabling dhcp relay and configuring option 82 433
- Using the gui 433
- And then enter the server address of the interface 434
- Click apply 434
- Click create to specify the dhcp server for the interface 434
- Dhcp server to load the following page 434
- Follow these steps to specify dhcp server for the interface 434
- In the add dhcp server address section select the interface type and enter the interface id 434
- Specifying dhcp server for the interface 434
- Configuring option 82 435
- Dhcp relay is enabled 435
- Enabling dhcp relay 435
- Follow these steps to configure option 82 435
- Follow these steps to enable dhcp relay 435
- Switch config end 435
- Switch config service dhcp relay 435
- Switch config show ip dhcp relay 435
- Switch configure 435
- Switch copy running config startup config 435
- The following example shows how to enable dhcp relay 435
- Using the cli 435
- Dhcp relay option 82 is enabled 436
- Existed option 82 field operation keep 436
- Information as keep 436
- Switch config end 436
- Switch config ip dhcp relay information 436
- Switch config ip dhcp relay information policy keep 436
- Switch config show ip dhcp relay 436
- Switch configure 436
- Switch copy running config startup config 436
- The following example shows how to enable option 82 and configure the process of option 82 436
- Follow these steps to specify dhcp server for the interface 437
- Specifying dhcp server for the interface 437
- Switch config if ip helper address 192 68 437
- Switch config interface vlan 66 437
- Switch configure 437
- The following example shows how to configure the dhcp server address as 192 68 on vlan 437
- A company wants to assign ip addresses to all computers in two departments and there is only 439
- Add all computers in the r d department to vlan 20 for details refer to configuring 802 q 439
- Before dhcp relay configurations create two dhcp server pools on the dhcp server one is 439
- Belong to vlan 10 which is connected to the switch via port 1 0 8 the interface address of vlan 439
- Configuration example 439
- Configuration scheme 439
- Configure 802 q vlan add all computers in the marketing department to vlan 10 and 439
- Connected to the dhcp relay switch via port 1 0 5 and its ip address is 192 68 9 24 439
- Dhcp clients 439
- Enables dhcp clients from different subnets to share one dhcp server 439
- In the given situation the dhcp relay feature can satisfy the requirement because dhcp relay 439
- Is 192 68 24 computers in the r d department belong to vlan 20 which is connected to 439
- Network requirements 439
- On 192 68 24 and the other is on 192 68 24 make sure the dhcp server can reach all 439
- One dhcp server available it is required that computers in the same department should be on 439
- The network topology is as the following figure shows computers in the marketing department 439
- The overview of the configurations are as follows 439
- The same subnet while computers in different departments should be on different subnets 439
- The switch via port 1 0 16 the interface address of vlan 20 is 192 68 24 the dhcp server is 439
- Using the gui 440
- Using the cli 441
- Verify the configurations 441
- Appendix default parameters 442
- Default settings of dhcp relay are listed in the following table 442
- Arp address resolution protocol is used to map ip addresses to mac addresses taking an 444
- Association in an arp entry for rapid retrieval 444
- Ip address as input arp learns the associated mac address and stores the ip mac address 444
- Overview 444
- Adding static arp entries manually 445
- Arp configurations 445
- Using the gui 445
- Viewing the arp entries 445
- Adding static arp entries 446
- Configuring arp function 446
- Follow these steps to add arp entries 446
- Follow these steps to add static arp entries 446
- In the arp config section enter the ip address and mac address and click create 446
- Static arp to load the following page 446
- Using the cli 446
- 11 22 33 44 55 447
- Configuring the aging time of dynamic arp entries 447
- Follow these steps to configure the aging time of dynamic arp entries 447
- Interface address hardware addr type 447
- Switch config arp 192 68 00 11 22 33 44 55 arpa 447
- Switch config end 447
- Switch config show arp 192 68 447
- Switch configure 447
- Switch copy running config startup config 447
- This example shows how to create a static arp entry with the ip as 192 68 and the mac as 447
- Vlan1 192 68 00 11 22 33 44 55 static 447
- Clearing dynamic entries 448
- Switch config if arp timeout 1000 448
- Switch config if end 448
- Switch config interface vlan 2 448
- Switch configure 448
- Switch copy running config startup config 448
- This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for 448
- Vlan interface 2 448
- On privileged exec mode or any other configuration mode you can use the following command to view arp entries 449
- Viewing arp entries 449
- Chapters 450
- Configuring qos 450
- Part 16 450
- Bandwidth control 451
- Diffserv 451
- Overview 451
- Supported features 451
- Configuration guidelines 452
- Diffserv configuration 452
- Configure the tag id cos id tc mapping relations 453
- Configuring 802 p priority 453
- Configuring priority mode 453
- Follow these steps to configure the 802 p priority 453
- P priority to load the following page 453
- The instructions of the three priority modes are described respectively in this section 453
- Using the gui 453
- 2p priority 454
- Click apply 454
- Configure the dscp tc mapping relations 454
- Configuring dscp priority 454
- Dscp priority to load the following page 454
- Enable dscp priority and click apply dscp priority is disabled by default 454
- Follow these steps to configure the dscp priority 454
- 2p priority 455
- Click apply 455
- Configuring port priority 455
- Follow these steps to configure the port priority 455
- Port priority to load the following page 455
- Select the desired port or lag to set its priority 455
- Click apply 456
- Configure the schedule mode to control the forwarding sequence of different tc queues when 456
- Configuring schedule mode 456
- Congestion occurs 456
- Follow these steps to configure the schedule mode 456
- Schedule mode to load the following page 456
- Select a schedule mode 456
- Click apply 457
- Configuring 802 priority 457
- Configuring priority mode 457
- Optional configure the weight value of the each tc queue if the schedule mode is wrr of 457
- Sp wrr 457
- The instructions of the three priority modes are described respectively in this section 457
- Using cli 457
- Configuring dscp priority 458
- Dscp priority is disabled 458
- P priority is enabled 458
- Switch config end 458
- Switch config qos queue cos map 2 0 458
- Switch config show qos cos map 458
- Switch config show qos status 458
- Switch configure 458
- Switch copy running config startup config 458
- Tag 0 1 2 3 4 5 6 7 458
- Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 458
- The following example shows how to map cos2 to tc0 and keep other cos id tc as default 458
- Relations as default 459
- Switch config qos queue dscp map 10 14 0 459
- Switch config show qos cos map 459
- Switch configure 459
- Tag 0 1 2 3 4 5 6 7 459
- Tc tc1 tc0 tc2 tc3 tc4 tc5 tc6 tc7 459
- The following example shows how to map dscp values 10 14 to tc1 and keep other mapping 459
- Configuring port priority 460
- Cos cos1 cos1 cos0 cos0 cos0 cos0 cos0 cos1 460
- Dscp 8 9 10 11 12 13 14 15 460
- Dscp priority is enabled 460
- P priority is disabled 460
- Queue based on port priority 460
- Select the desired port to set the priority packets from this ingress port are mapped to the tc 460
- Switch config end 460
- Switch config show qos dscp map 460
- Switch config show qos status 460
- Switch copy running config startup config 460
- Configuring schedule mode 462
- Different tc queues when congestion occurs 462
- Follow these steps to configure the schedule mode to control the forwarding sequence of 462
- Bandwidth control configuration 464
- Configuring rate limit 464
- Using the gui 464
- Click apply 465
- Configuring storm control 465
- Follow these steps to configure the storm control function 465
- Multicast packets and ul frames 465
- Select the port s and configure the upper rate limit for forwarding broadcast packets 465
- Storm control to load the following page 465
- Click apply 466
- Configure the upper rate limit for the port to receive and send packets 466
- Configuring rate limit on port 466
- Using the cli 466
- And unknown unicast frames 467
- Configure the upper rate limit on the port for forwarding broadcast packets multicast packets 467
- Configuring storm control 467
- Gi1 0 5 5120 1024 n a 467
- Kbps for port 1 0 5 467
- Port ingressrate kbps egressrate kbps lag 467
- Switch config if bandwidth ingress 5120 egress 1024 467
- Switch config if end 467
- Switch config if show bandwidth interface gigabitethernet 1 0 5 467
- Switch config interface gigabitethernet 1 0 5 467
- Switch configure 467
- Switch copy running config startup config 467
- The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 467
- Configuration examples 470
- Configuration scheme 470
- Example for configuring sp mode 470
- Network requirements 470
- Using the gui 471
- Using the cli 472
- Configuration files 473
- Verify the configuration 473
- Both rd department and marketing department can access the local network server configure 474
- Example for configuring wrr mode 474
- Network requirements 474
- Scheduler mode sp weight unusable in sp mode 474
- Switch a marketing department is connected to port 1 0 2 of switch a the server is connected 474
- Switch b is a layer 3 switch with acl redirect feature rd department is connected to port 1 0 1 of 474
- Switch config show qos queue mode 474
- The network topology is shown as the following figure switch a is an access layer switch and 474
- The switches to ensure the traffic from the two departments are forwarded based on the weight 474
- To port 1 0 2 of switch b and port 1 0 3 of switch a is connected to port 1 0 1 of switch b 474
- Value ratio of 2 1 when congestion occurs 474
- Verify the schedule mode 474
- Configuration scheme 475
- Configurations for switch a demonstrated with t1600g 52ts 475
- Using the gui 475
- Configurations for switch b demonstrated with t3700g 28tq 477
- Configurations for switch a demonstrated with t1600g 52ts 483
- Using the cli 483
- Configurations for for switch b demonstrated with t3700g 28tq 484
- Configuration file 486
- Switch a 486
- Switch b 486
- Switch a 488
- Switch b 488
- Verify the configuration 488
- Appendix default parameters 490
- Diffserv 490
- Disabled see table 5 4 for dscp cos id mapping relations 490
- Enabled see table 5 3 for tag id cos id tc mapping relations 490
- Bandwidth control 491
- Chapters 492
- Configuring voice vlan 492
- Part 17 492
- Overview 493
- Overview 3 configuration example 493
- Part 17 493
- Voice vlan configuration 4 appendix default parameters 493
- Because the voice vlan in automatic mode supports only tagged voice traffic you need to 495
- Before configuring voice vlan you need to create a vlan for voice traffic for details about 495
- Configuration guidelines 495
- Configure voice vlan globally 495
- Configure voice vlan mode on ports 495
- Create a vlan 495
- Id and the link type of the port which is connected to voice devices we recommend that 495
- Make sure traffic from the voice device is tagged to do so there are mainly two ways 495
- Only one vlan can be set as the voice vlan on the switch 495
- Optional configure oui addresses 495
- To apply the voice vlan configuration you may need to further configure pvid port vlan 495
- To complete the voice vlan configuration follow these steps 495
- Vlan 1 is a default vlan and cannot be configured as the voice vlan 495
- Vlan configuration please refer to configuring 802 q vlan 495
- Voice vlan configuration 495
- You can configure the voice device to forward traffic with a voice vlan tag 495
- You choose the mode according to your needs and configure the port as the following table 495
- Optional configuring oui addresses 496
- Using the gui 496
- Click apply 497
- Click create to add an oui address to the table 497
- Configuring voice vlan globally 497
- Configuring voice vlan mode on ports 497
- Enable the voice vlan feature and enter a vlan id 497
- Follow these steps to configure the voice vlan globally 497
- Global config to load the following page 497
- Port config to load the following page 497
- Set the aging time for the voice vlan 497
- Specify a priority for the voice vlan 497
- Follow these steps to configure voice vlan mode on ports 498
- Select your desired ports and choose the port mode 498
- Click apply 499
- Follow these steps to configure the voice vlan 499
- Set the security mode for selected ports 499
- Using the cli 499
- Configuration example 503
- Configuration scheme 503
- Network requirements 503
- Network topology 503
- B ports connected to ip phones use the voice vlan for voice traffic and ports connected to 504
- Computers use the default vlan for data traffic 504
- Configurations for switch a 504
- Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways 504
- Following page create vlan 10 504
- In the meeting room computers and ip phones are connected to different ports of switch 504
- Internet 504
- Switch c 504
- Using the gui 504
- Using the gui and using the cli 504
- Vlan config and click create to load the 504
- Voice traffics from switch a and switch b are forwarded to voice gateway and internet through 504
- Following page add port 1 0 2 to the voice vlan 506
- Vlan config and edit vlan 10 to load the 506
- Configurations for switch b 508
- Configurations for switch c 510
- Configurations for switch a 511
- Using the cli 511
- Configurations for switch b 512
- Configurations for switch c 513
- Switch a 513
- Verify the configurations 513
- Switch b 514
- Switch c 514
- Appendix default parameters 515
- Default settings of voice vlan are listed in the following tables 515
- Description 515
- Chapters 516
- Configuring acl 516
- Part 18 516
- Acl binding 517
- Overview 517
- Policy binding 517
- Supported features 517
- Acl configurations 518
- Creating an acl 518
- Using the gui 518
- Configuring acl rules 519
- Configuring the mac acl rule 519
- Click apply 520
- Configure the rule s packet matching criteria 520
- Configuring the standard ip acl rule 520
- Follow these steps to create the standard ip acl rule 520
- For the matched packets 520
- Select a standard ip acl from the drop down list enter a rule id and specify the operation 520
- Standard i 520
- Standard ip acl to load the following page 520
- Tandard i 520
- Click apply 521
- Configure the rule s packet matching criteri 521
- Configure the rule s packet matching criteria 521
- Configuring the extend ip acl rule 521
- Extend ip ac 521
- Extend ip acl to load the following page 521
- Follow these steps to create the extend ip acl rule 521
- Select an extend ip acl from the drop down list enter a rule id and specify the operation for 521
- The matched packets 521
- Click apply 522
- Configuring the ipv6 acl rule 522
- Follow these steps to create the ipv6 acl rule 522
- Ipv6 acl to load the following page 522
- Select an ipv6 acl from the drop down list enter a rule id and specify the operation for the 522
- Acl rule or change the matching order if needed 523
- By default a rule configured earlier is listed before a rule configured later the switch matches a 523
- Click apply 523
- Configure the rule s packet matching criteri 523
- In the acl rule table you can view all the acls and their rules you can also delete an acl or an 523
- Process and performs the action defined in the rule 523
- Received packet with the rules in order when a packet matches a rule the device stops the match 523
- The rules in an acl are listed in ascending order of configuration time regardless of their rule ids 523
- Verifying the rule table 523
- Applying an acl to the policy 524
- Configuring policy 524
- Creating a policy 524
- Binding the acl to a port 525
- Configuring the acl binding 525
- Configuring the acl binding and policy binding 525
- Binding the acl to a vlan 526
- Binding the policy to a port 526
- Configuring the policy binding 526
- Follow these steps to bind the acl to a vlan 526
- Processed according to this policy 526
- Select the acl and enter the vlan id and click appl 526
- Vlan binding to load the following page 526
- You can bind the policy to a port or a vlan the received packets will then be matched and 526
- Binding the policy to a vlan 527
- Existing entries if needed 527
- Follow these steps to bind the policy to a port 527
- Follow these steps to bind the policy to a vlan 527
- Select the acl and enter the vlan id and clic 527
- Select the policy and the port to be bound and clic 527
- Verifying the acl binding 527
- Verifying the binding configuration 527
- Vlan binding to load the following page 527
- You can view both port binding and vlan binding entries in the table you can also delete 527
- Verifying the policy binding 528
- Addresses protocol type and so on 529
- Binding table to load the following page 529
- Configuring acl 529
- Configuring the mac acl 529
- Follow the steps to create different types of acl and configure the acl rules 529
- Using the cli 529
- You can define the rules based on source or destination ip addresses source or destination mac 529
- Configuring the standard ip acl 530
- Mac access list 50 530
- Rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 530
- Switch config mac access list 50 530
- Switch config mac acl end 530
- Switch config mac acl rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 530
- Switch config mac acl show access list 50 530
- Switch configure 530
- Switch copy running config startup config 530
- The following example shows how to create mac acl 50 and configure rule 1 to permit packets 530
- With source mac address 00 34 a2 d4 34 b5 530
- Packets with source ip address 192 68 00 531
- Rule 1 permit sip 192 68 00 smask 255 55 55 55 531
- Standard ip access list 600 531
- Switch config access list create 600 531
- Switch config end 531
- Switch config rule 1 permit sip 192 68 00 smask 255 55 55 55 531
- Switch config show access list 600 531
- Switch configure 531
- Switch copy running config startup config 531
- The following example shows how to create standard ip acl 600 and configure rule 1 to permit 531
- Configuring the extend ip acl 532
- Extended ip access list 1700 532
- Protocol 6 d port 23 532
- Switch config access list create 1700 532
- Switch config access list extended 1700 rule 7 deny sip 192 68 00 smask 255 55 55 55 532
- Switch config show access list 1700 532
- Switch configure 532
- Telnet packets with source ip192 68 00 532
- The following example shows how to create extend ip acl 1700 and configure rule7 to deny 532
- Configuring the ipv6 acl 533
- Rule 7 deny sip 192 68 00 smask 255 55 55 55 protocol 6 d port 23 533
- Switch config end 533
- Switch copy running config startup config 533
- Cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 534
- Configuring policy 534
- Follow the steps below to create a policy and configure the policy actions 534
- Ipv6 access list 3600 534
- Rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff ff ffff ffff 534
- Switch config access list create 3600 534
- Switch config access list ipv6 3600 rule 1 deny sip 534
- Switch config end 534
- Switch config show access list 3600 534
- Switch configure 534
- Switch copy running config startup config 534
- The following example shows how to create ipv6 acl 3600 and configure rule 1 to deny packets 534
- With source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 534
- Access list 600 535
- Acl binding 535
- Acl binding and policy binding 535
- Policy name rd 535
- Processed according to the acl rules 535
- Switch config access list policy action rd 600 535
- Switch config access list policy name rd 535
- Switch config action exit 535
- Switch config end 535
- Switch config show access list policy rd 535
- Switch configure 535
- Switch copy running config startup config 535
- Takes effect only after they are bound to a port or vlan 535
- The following example shows how to create policy rd and apply acl 600 to policy rd 535
- You can bind the acl to a port or a vlan the received packets will then be matched and 535
- You can select acl binding or policy binding according to your needs an acl rule and policy 535
- Policy binding 536
- 2 ingress vlan 537
- Gi1 0 2 ingress port 537
- Index acl id interface vid direction type 537
- Index policy name interface vid direction type 537
- Policy nam 537
- Port port lis 537
- Switch config if access list bind policy 1 537
- Switch config if access list bind policy 2 537
- Switch config if end 537
- Switch config if exit 537
- Switch config if show access list bind 537
- Switch config interface gigabitethernet 1 0 2 537
- Switch config interface vlan 2 537
- Switch configure 537
- Switch copy running config startup config 537
- The following example shows how to bind policy 1 to port 2 and policy 2 to vlan 2 537
- Vlan i 537
- 0 1 and the server group is connected to the switch via port 1 0 2 538
- A company s server group can provide different types of services it is required that 538
- And configuring rules for it 538
- As shown below computers in the marketing department are connected to the switch via port 538
- Configuration example for acl 538
- Configuration scheme 538
- Network requirements 538
- Network topology 538
- The marketing department can only access the server group 538
- The marketing department can only visit http and https websites on the internet 538
- To meet the requirements above you can configure packet filtering by creating an extend ip acl 538
- Binding configuration 539
- Configuring acl 539
- Using the gui 539
- Or udp 53 dns service port 541
- Policy create to load the following page configure 541
- Rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 541
- Using the cli 543
- Verify the configurations 544
- Index acl id interface vid direction type 545
- Appendix default parameters 546
- For extend ip acl 546
- For ipv6 acl 546
- For mac acl 546
- For standard ip acl 546
- Chapters 547
- Configuring network security 547
- Part 19 547
- Dhcp snooping 548
- Ip mac binding 548
- Network security 548
- Overview 548
- Supported features 548
- Arp inspection 549
- Dos defend 550
- Binding entries manually 552
- Ip mac binding configurations 552
- Using the gui 552
- And the connected port number of the host you can bind these entries conveniently 553
- Arp scanning 553
- Arp scanning to load the following 553
- Binding entries dynamically 553
- Click bind 553
- Select protect type for the entry 553
- Select the port that is connected to this host 553
- The binding entries can be dynamically learned from arp scanning and dhcp snooping 553
- Upon receiving the arp reply packet the switch can get the ip address mac address vlan id 553
- With arp scanning the switch sends the arp request packets of the specified ip field to the hosts 553
- Dhcp snooping 554
- Follow these steps to configure ip mac binding via arp scanning 554
- For instructions on how to configure dhcp snooping refer to dhcp snooping configurations 554
- Host and record the ip address mac address vlan id and the connected port number of the 554
- In the scanning option section specify an ip address range and a vlan id then click scan 554
- In the scanning result section select one or more entries and configure the relevant 554
- Parameters then click apply 554
- To scan the entries in the specified ip address range and vlan 554
- With dhcp snooping enabled the switch can monitor the ip address obtaining process of the 554
- Binding table to load the following 555
- In the binding table section you can view the searched entries additionally you can configure 555
- In the search section specify the search criteria to search your desired entries 555
- The host name and protect type for one or more entries and click apply 555
- Viewing the binding entries 555
- With the binding table you can view and search the specified binding entries 555
- Binding entries manually 556
- Binding entries via arp scanning is not supported by the cli binding entries via dhcp snooping 556
- Entries manually and view the binding entries 556
- Follow these steps to manually bind entries 556
- Is introduced in dhcp snooping configurations the following sections introduce how to bind 556
- The condition that you have got the related information of the hosts 556
- Using the cli 556
- You can manually bind the ip address mac address vlan id and the port number together on 556
- 68 5 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this 557
- Entry for the arp detection feature 557
- Gigabitethernet 1 0 5 arp detection 557
- Host1 192 68 5 aa bb cc dd ee ff 10 gi1 0 5 arp d 557
- On privileged exec mode or any other configuration mode you can use the following command 557
- Switch config end 557
- Switch config ip source binding host1 192 68 5 aa bb cc dd ee ff vlan 10 interface 557
- Switch config show ip source binding 557
- Switch configure 557
- Switch copy running config startup config 557
- The following example shows how to bind an entry with the hostname host1 ip address 557
- To view binding entries 557
- U no host ip addr mac addr vid port acl col 557
- Viewing binding entries 557
- Dhcp snooping configuration 558
- Enabling dhcp snooping on vlan 558
- Using the gui 558
- Click apply 559
- Configuring dhcp snooping on ports 559
- Enable dhcp snooping on a vlan or range of vlans 559
- Follow these steps to configure dhcp snooping on the specified port 559
- Follow these steps to enable dhcp snooping 559
- Globally enable dhcp snooping 559
- Port config to load the following 559
- Select one or more ports and configure the parameters 559
- Click apply 560
- Distribution way 560
- Follow these steps to configure option 82 560
- Following page 560
- Location of the dhcp client via option 82 the dhcp server supporting option 82 can also set 560
- Option 82 config to load the 560
- Option 82 records the location of the dhcp client the switch can add option 82 to the dhcp 560
- Optional configuring option 82 560
- Request packet and then transmit the packet to the dhcp server administrators can check the 560
- Select one or more ports and configure the parameters 560
- The distribution policy of ip addresses and other parameters providing a more flexible address 560
- Click apply 561
- Follow these steps to globally configure dhcp snooping 561
- Globally configuring dhcp snooping 561
- Using the cli 561
- Configuring dhcp snooping on ports 562
- Follow these steps to configure dhcp snooping on the specified ports 562
- Global status enable 562
- Switch config if end 562
- Switch config ip dhcp snooping 562
- Switch config ip dhcp snooping vlan 5 562
- Switch config show ip dhcp snooping 562
- Switch configure 562
- Switch copy running config startup config 562
- The following example shows how to enable dhcp snooping globally and on vlan 5 562
- Vlan id 5 562
- Optional configuring option 82 563
- As replace the circuit id as vlan20 and the remote id as host1 564
- Follow these steps to configure option 82 564
- Switch config if ip dhcp snooping information option 564
- Switch config interface gigabitethernet 1 0 7 564
- Switch configure 564
- The following example shows how to enable option 82 on port 1 0 7 and configure the strategy 564
- Arp inspection configurations 566
- Configuring arp detection 566
- Using the gui 566
- Configuring arp defend 567
- Click apply 568
- To locate the network malfunction and take the related protection measures 568
- Viewing arp statistics 568
- You can view the number of the illegal arp packets received on each port which facilitates you 568
- Configuring arp detection 569
- Using the cli 569
- A trusted port 570
- Arp detection global status enabled 570
- Configuration complete ip mac binding configuration for details refer to ip mac binding 570
- Configurations 570
- Follow these steps to configure arp detection 570
- Gi1 0 1 yes 570
- Gi1 0 2 no 570
- Port trusted 570
- Switch config if end 570
- Switch config if ip arp inspection trust 570
- Switch config if show ip arp inspection 570
- Switch config interface gigabitethernet 1 0 1 570
- Switch config ip arp inspection 570
- Switch configure 570
- The following example shows how to globally enable arp detection and configure port 1 0 1 as 570
- Configuring arp defend 571
- Follow these steps to configure arp defend 571
- Rate as 20 pps on port 1 0 2 571
- Switch config if ip arp inspection 571
- Switch config if ip arp inspection limit rate 20 571
- Switch config interface gigabitethernet 1 0 2 571
- Switch configure 571
- Switch copy running config startup config 571
- The following example shows how to enable arp defend and configure the arp inspection limit 571
- To avoid arp attack flood 571
- When the transmission speed of the legal arp packet on the port exceeds the defined value so as 571
- With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds 571
- Viewing arp statistics 572
- Dos defend configuration 573
- Dos defend to load the following page 573
- Follow these steps to configure dos defend 573
- Following table introduces each type of dos attack 573
- In the configure section enable dos protection 573
- In the defend table section select one or more defend types according to your needs the 573
- Using the gui 573
- Click apply 574
- Follow these steps to configure dos defend 574
- Using the cli 574
- Switch config ip dos prevent 575
- Switch config ip dos prevent type land 575
- Switch configure 575
- The following example shows how to enable the dos defend type named land 575
- Configuring 802 x globally 577
- Using the gui 577
- X configuration 577
- In the authentication config section enable quiet configure the quiet timer and click 578
- In the global config section enable 802 x globally and click apply 578
- Configure 802 x authentication on the desired port and click apply 579
- Configuring 802 x on ports 579
- Port config to load the following page 579
- Adding the radius server 580
- Configuring the radius server 580
- Enabling aaa function 580
- Configuring the radius server group 581
- Group and click add 581
- In the add new server group section specify the name and server type for the new server 581
- Select the newly added group and click edit in the operation column 581
- Server group to load the following page 581
- Configuring 802 x globally 582
- Configuring the dot1x list 582
- Using the cli 582
- Configuring 802 x on ports 584
- Control type as port based and configure the control mode as auto 585
- Switch config if dot1x 585
- Switch config if dot1x port control auto 585
- Switch config if dot1x port method port based 585
- Switch config interface gigabitethernet 1 0 2 585
- Switch configure 585
- The following example shows how to enable 802 x authentication on port 1 0 2 configure the 585
- Configuring the radius server 586
- Follow these steps to configure radius 586
- Gi1 0 2 enabled disabled auto port based unauthorized n a 586
- Port state guestvlan portcontrol portmethod authorized lag 586
- Switch config if end 586
- Switch config if show dot1x interface gigabitethernet 1 0 2 586
- Switch copy running config startup config 586
- Accounting port is 1813 587
- Named radius1 and apply this server group to the 802 x authentication the ip address of the 587
- Radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the 587
- Server ip auth port acct port timeout retransmit shared key 587
- Switch aaa enable 587
- Switch aaa group exit 587
- Switch aaa group server 192 68 00 587
- Switch config aaa accounting dot1x default radius1 587
- Switch config aaa authentication dot1x default radius1 587
- Switch config aaa group radius radius1 587
- Switch config radius server host 192 68 00 key 123456 auth port 1812 acct port 1813 587
- Switch configure 587
- Switch show radius server 587
- The following example shows how to enable aaa add a radius server to the server group 587
- Aaa configuration 589
- Configuration guidelines 589
- Adding servers 590
- Globally enabling aaa 590
- Using the gui 590
- Adding radius server 591
- Follow these steps to add a radius server 591
- In the server config section configure the following parameters 591
- Radius conifg to load the following page 591
- Adding tacacs server 592
- Click add to add the radius server on the switch 592
- Click add to add the tacacs server on the switch 592
- Configuring server groups 592
- Follow these steps to add a tacacs server 592
- Group you can add new server groups as needed 592
- In the server config section configure the following parameters 592
- Servers the servers running the same protocol are automatically added to the default server 592
- Tacacs conifg to load the following page 592
- The switch has two built in server groups one for radius servers and the other for tacacs 592
- Configuring the method list 594
- And enable list 595
- Click add to add the new method 595
- Configuring the aaa application list 595
- Follow these steps to configure the aaa application list 595
- Global config to load the following page 595
- In the aaa application list section select an access application and configure the login list 595
- In the add method list section configure the parameters for the method to be added 595
- You can edit the default methods or follow these steps to add a new method 595
- Configuring login account and enable password 596
- On the server 596
- On the switch 596
- Aaa global status enable 597
- Adding radius server 597
- Adding servers 597
- Follow these steps to add radius server on the switch 597
- Follow these steps to globally enable aaa 597
- Globally enabling aaa 597
- Servers are added the server with the highest priority authenticates the users trying to access the 597
- Switch and the others act as backup servers in case the first one breaks down 597
- Switch config aaa enable 597
- Switch config end 597
- Switch config show aaa global 597
- Switch configure 597
- Switch copy running config startup config 597
- The following example shows how to globally enable aaa 597
- Using the cli 597
- You can add one or more radius tacacs servers on the switch for authentication if multiple 597
- 68 0 1812 1813 8 3 123456 598
- Seconds and the retransmit number as 3 598
- Server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 598
- Server ip auth port acct port timeout retransmit shared key 598
- Switch config end 598
- Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 598
- Switch config show radius server 598
- Switch configure 598
- Switch copy running config startup config 598
- The following example shows how to add a radius server on the switch set the ip address of the 598
- 68 0 49 8 123456 599
- Adding tacacs server 599
- Follow these steps to add tacacs server on the switch 599
- Of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the 599
- Server ip port timeout shared key 599
- Switch config end 599
- Switch config show tacacs server 599
- Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 599
- Switch configure 599
- Switch copy running config startup config 599
- The following example shows how to add a tacacs server on the switch set the ip address 599
- Timeout as 8 seconds 599
- Configuring server groups 600
- Existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 600
- Running the same protocol are automatically added to the default server group you can add new 600
- Server groups as needed 600
- Switch aaa group end 600
- Switch aaa group server 192 68 0 600
- Switch aaa group show aaa group radius1 600
- Switch config aaa group radius radius1 600
- Switch configure 600
- Switch copy running config startup config 600
- The following example shows how to create a radius server group named radius1 and add the 600
- The switch has two built in server groups one for radius and the other for tacacs the servers 600
- The two default server groups cannot be deleted or edited follow these steps to add a server 600
- A method list describes the authentication methods and their sequence to authenticate the 601
- And enable method list for guests to get administrative privileges 601
- Configuring the method list 601
- Default local 601
- Follow these steps to configure the method list 601
- Login1 radius local 601
- Methodlist pri1 pri2 pri3 pri4 601
- Switch config aaa authentication login login1 radius local 601
- Switch config show aaa authentication login 601
- Switch configure 601
- The following example shows how to create a login method list named login1 and configure 601
- The method 1 as the default radius server group and the method 2 as local 601
- Users the switch supports login method list for users of all types to gain access to the switch 601
- And http 602
- Configuring the aaa application list 602
- Default local 602
- Enable1 radius local 602
- Follow these steps to apply the login and enable method lists for the application telnet 602
- Methodlist pri1 pri2 pri3 pri4 602
- Switch config aaa authentication enable enable1 radius local 602
- Switch config end 602
- Switch config show aaa authentication enable 602
- Switch configure 602
- Switch copy running config startup config 602
- Telnet 602
- The following example shows how to create an enable method list named enable1 and configure 602
- The method 1 as the default radius server group and the method 2 as local 602
- You can configure authentication method lists on the following access applications telnet ssh 602
- Enable method list named enable1 for the application telnet 603
- Follow these steps to apply the login and enable method lists for the application ssh 603
- Http default default 603
- Module login list enable list 603
- Ssh default default 603
- Switch config line enable authentication enable1 603
- Switch config line end 603
- Switch config line login authentication login1 603
- Switch config line show aaa global 603
- Switch config line telnet 603
- Switch configure 603
- Switch copy running config startup config 603
- Telnet login1 enable1 603
- The following example shows how to apply the existing login method list named login1 and 603
- Enable method list named enable1 for the application ssh 604
- Follow these steps to apply the login and enable method lists for the application http 604
- Http default default 604
- Module login list enable list 604
- Ssh login1 enable1 604
- Switch config line enable authentication enable1 604
- Switch config line end 604
- Switch config line login authentication login1 604
- Switch config line show aaa global 604
- Switch config line ssh 604
- Switch configure 604
- Switch copy running config startup config 604
- Telnet default default 604
- The following example shows how to apply the existing login method list named login1 and 604
- Configuring login account and enable password 605
- On the switch 605
- Enable and providing the enable password 606
- Enable password 606
- For enable password configuration the user name should be set as enable and the enable 606
- For login authentication configuration more than one login account can be created on the 606
- Network information without the enable password 606
- On the server 606
- Password is customizable all the users trying to get administrative privileges share this 606
- Server besides both the user name and password can be customized 606
- Some configuration principles on the server are as follows 606
- The accounts created by the radius tacacs server can only view the configurations and some 606
- Tips the logged in guests can get administrative privileges by using the command admin 606
- Configuration examples 607
- Configuration scheme 607
- Example for dhcp snooping and arp detection 607
- Network requirements 607
- Using the gui 608
- Using the cli 611
- Verify the configuration 612
- Configuration scheme 614
- Example for 802 x 614
- Network requirements 614
- Network topology 614
- Configuration procedure in two ways using the gui and using the cli 615
- Demonstrated with t1600g 28ts acting as the authenticator the following sections provide 615
- Eap enable the quiet feature and then keep the default authentication settings 615
- Following page enable 802 x authentication and configure the authentication method as 615
- Global config to load the 615
- Internet 615
- Using the gui 615
- Using the cli 618
- Verify the configurations 619
- Example for aaa 620
- Network requirements 620
- Configuration scheme 621
- Using the gui 621
- Using the cli 624
- Verify the configuration 625
- Appendix default parameters 627
- Default settings of network security are listed in the following tables 627
- Chapters 631
- Configuring lldp 631
- Part 20 631
- Overview 632
- Supported features 632
- Global config 633
- Lldp configurations 633
- Using the gui 633
- Follow these steps to enable lldp and configure the lldp feature globally 634
- In the global config section enable lldp click apply 634
- In the parameters config section configure the lldp parameters click apply 634
- Follow these steps to configure the lldp feature for the interface 635
- Policy config to load the following page 635
- Port config 635
- Select the desired port and set its admin status and notification mode 635
- Enable the lldp feature on the switch and configure the lldp parameters 636
- Global config 636
- Select the tlvs type length value included in the lldp packets according to your needs 636
- Using the cli 636
- Count 3 637
- Interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast 637
- Lldp status enabled 637
- Switch config lldp 637
- Switch config lldp hold multiplier 4 637
- Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 637
- Switch config show lldp 637
- Switch configure 637
- The following example shows how to configure the following parameters lldp timer 4 tx 637
- Ttl multiplier 4 637
- Tx interval 30 seconds 637
- Fast packet count 3 638
- Initialization delay 2 seconds 638
- Lldp med fast start repeat count 4 638
- Lldp packets 638
- Port config 638
- Select the desired port and set its admin status notification mode and the tlvs included in the 638
- Switch config end 638
- Switch copy running config startup config 638
- Trap notification interval 5 seconds 638
- Tx delay 2 seconds 638
- Power yes 640
- Switch config if end 640
- Switch copy running config startup config 640
- Global config 641
- Lldp med configurations 641
- Using the gui 641
- Port config 642
- Global config 644
- Lldp status enabled 644
- Switch config lldp 644
- Switch config lldp med fast count 4 644
- Switch config show lldp 644
- Switch configure 644
- The following example shows how to configure lldp med fast count as 4 644
- Ttl multiplier 4 644
- Tx delay 2 seconds 644
- Tx interval 30 seconds 644
- Using the cli 644
- Fast packet count 3 645
- Initialization delay 2 seconds 645
- Lldp med fast start repeat count 4 645
- Port config 645
- Select the desired port enable lldp med and select the tlvs type length value included in 645
- Switch config end 645
- Switch copy running config startup config 645
- The outgoing lldp packets according to your needs 645
- Trap notification interval 5 seconds 645
- Using gui 648
- Viewing lldp device info 648
- Viewing lldp settings 648
- According to your needs click apply 649
- Follow these steps to view the local information 649
- In the auto refresh section enable the auto refresh feature and set the refresh rate 649
- In the local info section select the desired port and view its associated local device 649
- Information 649
- Viewing the neighbor info 650
- Viewing lldp statistics 651
- In the neighbors statistics section view the statistics of the corresponding port 652
- Using cli 652
- Viewing lldp statistics 652
- Viewing the local info 652
- Viewing the neighbor info 652
- Using gui 653
- Viewing lldp med settings 653
- Viewing the local info 653
- According to your needs click apply 654
- Follow these steps to view lldp med neighgbor information 654
- In the auto refresh section enable the auto refresh feature and set the refresh rate 654
- In the lldp med neighbor info section select the desired port and view the lldp med 654
- Settings 654
- Viewing the neighbor info 654
- Using cli 655
- Viewing lldp statistics 655
- Viewing the local info 655
- Viewing the neighbor info 655
- Configuration example 656
- Configuration scheme 656
- Example for configuring lldp 656
- Network requirements 656
- Network topology 656
- Using the gui 657
- Using cli 658
- Configuration file 659
- Verify the configurations 659
- Example for configuring lldp med 664
- Network requirements 664
- Configuration scheme 665
- Network topology 665
- Using the gui 665
- Using the cli 669
- Configuration file 670
- Verify the configurations 671
- Appendix default parameters 678
- Default lldp med settings 678
- Default lldp settings 678
- Default settings of lldp are listed in the following tables 678
- Chapters 679
- Configuring maintenance 679
- Part 21 679
- Device diagnose 680
- Maintenance 680
- Network diagnose 680
- Overview 680
- Supported features 680
- System monitor 680
- Monitoring the cpu 681
- Monitoring the system 681
- Using the gui 681
- Monitoring the cpu 682
- Monitoring the memory 682
- Using the cli 682
- Monitoring the memory 683
- Backing up log files 684
- Configuration guidelines 684
- Configuring the local log 684
- Configuring the remote log 684
- Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality 684
- Of the switch is affected please take actions according to the log message 684
- System log configurations 684
- System log configurations include 684
- Viewing the log table 684
- Click apply 685
- Configuring the local log 685
- Configuring the remote log 685
- Follow these steps to configure the local log 685
- Local log to load the following page 685
- Remote log enables the switch to send system logs to a host to display the logs the host should 685
- Run a log server that complies with the syslog standard 685
- Select your desired channel and configure the corresponding severity and status 685
- Using the gui 685
- Backing up the log file 686
- Viewing the log table 686
- Configuring the local log 687
- Follow these steps to configure the local log 687
- Select a module and a severity to view the corresponding log information 687
- Using the cli 687
- Switch config logging buffer 688
- Switch config logging buffer level 5 688
- Switch config logging file flash 688
- Switch config logging file flash frequency periodic 10 688
- Switch config logging file flash level 2 688
- Switch config show logging local config 688
- Switch configure 688
- The following example shows how to configure the local log on the switch save logs of levels 0 688
- To 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 688
- Buffer 5 enable immediately 689
- Channel level status sync periodic 689
- Configuring the remote log 689
- Flash 2 enable 10 hour s 689
- Follow these steps to set the remote log 689
- Ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the host 689
- Monitor 5 enable immediately 689
- Remote log enables the switch to send system logs to a host to display the logs the host should 689
- Run a log server that complies with the syslog standard 689
- Switch config end 689
- Switch configure 689
- Switch copy running config startup config 689
- The following example shows how to set the remote log on the switch enable log host 2 set its 689
- Cable test to load the following page 691
- Diagnosing the device 691
- In the port section select your desired port for the test 691
- In the result section click apply and check the test results 691
- Using the gui 691
- Gi1 0 2 pair a normal 2 10m 692
- On privileged exec mode or any other configuration mode you can use the following command 692
- Pair b normal 2 10m 692
- Pair c normal 0 10m 692
- Pair d normal 2 10m 692
- Port pair status length error 692
- Switch show cable diagnostics interface gigabitehternet 1 0 2 692
- The following example shows how to check the cable diagnostics of port 1 0 2 692
- To check the connection status of the cable that is connected to the switch 692
- Using the cli 692
- Configuring the ping test 693
- Diagnosing the network 693
- Using the gui 693
- Configuring the tracert test 694
- Approximate round trip times in milli seconds 695
- Bytes and the interval as 500 milliseconds 695
- Configuring the ping test 695
- Destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 695
- In the tracert result section check the test results 695
- Minimum 0ms maximum 0ms average 0ms 695
- On privileged exec mode or any other configuration mode you can use the following command 695
- Packets sent 3 received 3 lost 0 0 loss 695
- Ping statistics for 192 68 0 695
- Pinging 192 68 0 with 1000 bytes of data 695
- Reply from 192 68 0 bytes 1000 time 16ms ttl 64 695
- Switch ping ip 192 68 0 n 3 l 1000 i 500 695
- The following example shows how to test the connectivity between the switch and the 695
- To test the connectivity between the switch and one node of the network 695
- Using the cli 695
- Configuring the tracert test 696
- Destination 696
- Device with the ip address 192 68 00 set the maxhops as 2 696
- Ms 1 ms 2 ms 192 68 696
- Ms 2 ms 2 ms 192 68 00 696
- On privileged exec mode or any other configuration mode you can use the following command 696
- Switch tracert 192 68 00 2 696
- The following example shows how to test the connectivity between the switch and the network 696
- To test the connectivity between the switch and routers along the path from the source to the 696
- Trace complete 696
- Tracing route to 192 68 00 over a maximum of 2 hops 696
- Configuration example for remote log 697
- Configuration scheme 697
- Network requirements 697
- Using the gui 697
- Using the cli 698
- Verify the configurations 698
- Appendix default parameters 699
- Default settings of maintenance are listed in the following tables 699
- Chapters 700
- Managing snmp rmon 700
- Part 22 700
- Notification configurations 7 appendix default parameters 701
- Part 22 701
- Rmon overview 701
- Snmp configurations 6 configuration example 701
- Snmp overview 701
- Snmp overview 5 rmon configurations 701
- Choose snmpv1 or snmpv2c 702
- Choose snmpv3 702
- Snmp configurations 702
- Creating an snmp view 703
- Enabling snmp 703
- Using the gui 703
- Click create to add the view entry 704
- Create an snmp group and configure related parameters 704
- Creating an snmp group 704
- Set the view name and one mib variable that is related to the view choose the view type and 704
- Snmp view to load the following page 704
- Follow these steps to create an snmp group 705
- Need to further configure security level 705
- Set the group name and security model if you choose snmpv3 as the security model you 705
- Snmp group to load the following page 705
- Creating snmp users 706
- Follow these steps to create an snmp user 706
- Model according to the related parameters of the specified group if you choose snmpv3 you 706
- Need to configure the security level 706
- Set the read write and notify view of the snmp group click create 706
- Snmp user to load the following page 706
- Specify the user name user type and the group which the user belongs to set the security 706
- Click create 707
- Corresponding auth mode or privacy mode if not skip the step 707
- Creating snmp communities 707
- Directly 707
- If you have chosen authnopriv or authpriv as the security level you need to set 707
- If you want to use snmpv1 or snmpv2c as the security model you can create snmp communities 707
- Enabling snmp 708
- Set the community name access rights and the related view click create 708
- Snmp community to load the following page 708
- Using the cli 708
- Bad snmp version errors 709
- Encoding errors 709
- Get request pdus 709
- Illegal operation for community name supplied 709
- Number of altered variables 709
- Number of requested variables 709
- Snmp agent is enabled 709
- Snmp packets input 709
- Switch config show snmp server 709
- Switch config snmp server 709
- Switch config snmp server engineid remote 123456789a 709
- Switch configure 709
- The following example shows how to enable snmp and set 123456789a as the remote engine id 709
- Unknown community name 709
- Bad value errors 710
- Creating an snmp view 710
- General errors 710
- Get next pdus 710
- Local engine id 80002e5703000aeb132397 710
- No such name errors 710
- Remote engine id 123456789a 710
- Response pdus 710
- Set request pdus 710
- Snmp packets output 710
- Specify the oid object identifier of the view to determine objects to be managed 710
- Switch config end 710
- Switch config show snmp server engineid 710
- Switch copy running config startup config 710
- Too big errors maximum packet size 1500 710
- Trap pdus 710
- Creating an snmp group 711
- Enable auth mode and privacy mode and set the view as read view and notify view 712
- Nms monitor v3 authpriv view view 712
- No name sec mode sec lev read view write view notify view 712
- Switch config end 712
- Switch config show snmp server group 712
- Switch config snmp server group nms monitor smode v3 slev authpriv read view notify 712
- Switch configure 712
- Switch copy running config startup config 712
- The following example shows how to create an snmpv3 group name the group as nms monitor 712
- And access rights as the group 713
- Configure users of the snmp group users belong to the group and use the same security level 713
- Creating snmp users 713
- Admin and set the user as a remote user snmpv3 as the security mode authpriv as the security 714
- Admin remote nms monitor v3 authpriv sha des 714
- Creating snmp communities 714
- For snmpv1 and snmpv2c the community name is used for authentication functioning as the 714
- Level sha as the authentication algorithm 1234 as the authentication password des as the 714
- No u name u type g name s mode s lev a mode p mode 714
- Password 714
- Privacy algorithm and 1234 as the privacy password 714
- Sha cpwd 1234 emode des epwd 1234 714
- Switch config end 714
- Switch config show snmp server user 714
- Switch config snmp server user admin remote nms monitor smode v3 slev authpriv cmode 714
- Switch configure 714
- Switch copy running config startup config 714
- The following example shows how to create an snmp user on the switch name the user as 714
- Configuration guidelines 716
- Notification configurations 716
- Using the gui 716
- Choose a notification type based on the snmp version if you choose the inform type you 717
- Model and security level based on the settings of the user or community 717
- Need to set retry times and timeout interval 717
- Specify the user name or community name used by the nms and configure the security 717
- Click create 718
- Configure parameters of the nms host and packet handling mechanism 718
- Configuring the host 718
- Using the cli 718
- Enabling snmp notification 719
- Enabling the snmp standard trap 719
- Optional enabling the snmp extend trap 720
- Switch config end 720
- Switch config snmp server traps snmp linkup 720
- Switch configure 720
- Switch copy running config startup config 720
- The following example shows how to configure the switch to send linkup traps 720
- Switch config end 721
- Switch config snmp server traps bandwidth control 721
- Switch configure 721
- Switch copy running config startup config 721
- The following example shows how to configure the switch to enable bandwidth control traps 721
- Optional enabling the mac trap 722
- Optional enabling the vlan trap 722
- Switch config end 722
- Switch config snmp server traps mac new 722
- Switch configure 722
- Switch copy running config startup config 722
- The following example shows how to configure the switch to enable 722
- Optional enabling the link status trap 723
- Switch config end 723
- Switch config if end 723
- Switch config if snmp server traps link status 723
- Switch config interface gigabitethernet 1 0 1 723
- Switch config snmp server traps vlan create 723
- Switch configure 723
- Switch copy running config startup config 723
- The following example shows how to configure the switch to enable 723
- The following example shows how to configure the switch to enable link status trap 723
- Rmon overview 724
- Configuring statistics 725
- Rmon configurations 725
- Using the gui 725
- Configuring history 726
- Follow these steps to configure history 726
- History to load the following page 726
- Select a history entry and specify a port to be monitored 726
- Specify the entry id the port to be monitored and the owner name of the entry set the entry as 726
- Valid or undercreation and click create 726
- Choose an event entry and set the snmp user of the entry 727
- Configuring event 727
- Enter the owner name and set the status of the entry click apply 727
- Event to load the following page 727
- Follow these steps to configure event 727
- Set the sample interval and the maximum buckets of history entries 727
- Alarm to load the following page 728
- Before you begin please complete configurations of statistics entries and event entries because 728
- Configuring alarm 728
- Enter the owner name and set the status of the entry click apply 728
- Set the description and type of the event 728
- The alarm entries must be associated with statistics and event entries 728
- Alarm type of the entry 729
- Follow these steps to configure alarm 729
- Select an alarm entry choose a variable to be monitored and associate the entry with a 729
- Set the sample type the rising and falling threshold the corresponding event action and the 729
- Statistics entry 729
- Configuring statistics 730
- Enter the owner name and set the status of the entry click apply 730
- Using the cli 730
- Configuring history 731
- Buckets 50 732
- Gi1 0 1 100 50 monitor enable 732
- Index port interval buckets owner state 732
- Set the sample interval as 100 seconds max buckets as 50 and the owner as monitor 732
- Switch config end 732
- Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor 732
- Switch config show rmon history 732
- Switch configure 732
- Switch copy running config startup config 732
- The following example shows how to create a history entry on the switch to monitor port 1 0 1 732
- Admin the event type as notify set the switch to initiate notifications to the nms and the owner 733
- As monitor 733
- Configuring event 733
- Switch config rmon event 1 user admin description rising notify type notify owner monitor 733
- Switch configure 733
- The following example shows how to create an event entry on the switch set the user name as 733
- Admin rising notify notify monitor enable 734
- Configuring alarm 734
- Index user description type owner state 734
- Switch config end 734
- Switch config show rmon event 734
- Switch copy running config startup config 734
- Alarm variable bpkt 735
- As 2 the alarm type as all the notification interval as 10 seconds and the owner of the entry as 735
- Index state 1 enabled 735
- Interval 10 owner monitor 735
- Monitor 735
- Related rising event entry index as 1 the falling threshold as 3000 the related falling event index 735
- Rhold revent 3000 1 735
- Sample type absolute 735
- Statistics index 1 735
- Switch config rmon alarm 1 stats index 1 alarm variable bpkt s type absolute rising 735
- Switch config show rmon alarm 735
- Switch configure 735
- The following example shows how to set an alarm entry to monitor bpackets on the switch set 735
- The related statistics entry id as 1 the sample type as absolute the rising threshold as 3000 the 735
- Threshold 3000 rising event index 1 falling threshold 3000 falling event index 2 a type all 735
- Configuration example 737
- Configuration scheme 737
- Network requirements 737
- As shown in the following figure the nms host with ip address 172 68 22 is connected to the 738
- Connected to switch b and port 1 0 3 and the nms are able to reach one another 738
- Core switch switch b on switch a ports 1 0 1 and 1 0 2 are monitored by the nms port 1 0 3 is 738
- Demonstrated with t1600g 28ts this chapter provides configuration procedures in two ways 738
- Network topology 738
- Using the gui and using the cli 738
- Configuring rate limit on ports 739
- Configuring snmp 739
- Using the gui 739
- Configuring rmon 741
- Enabling bandwith control trap 741
- Configuring rate limit on ports 744
- Configuring snmp 744
- Enable bandwith control trap 744
- Using the cli 744
- Configuration file 745
- Configuring rmon 745
- Verify the configurations 746
- Appendix default parameters 751
- Default settings of snmp are listed in the following table 751
- Default settings of notification are listed in the following table 752
Похожие устройства
- Tp-Link T1600G-28PS (TL-SG2424P) Руководство по установке
- Tp-Link T1600G-28PS (TL-SG2424P) Руководство пользователя
- Tp-Link T1600G-28TS (TL-SG2424) Брошюра
- Tp-Link T1600G-28TS (TL-SG2424) Руководство по командной строке
- Tp-Link T1600G-28TS (TL-SG2424) Руководство по конфигурированию
- Tp-Link T1600G-28TS (TL-SG2424) Руководство по установке
- Tp-Link T1600G-28TS (TL-SG2424) Руководство пользователя
- Rivotek Fisher 25 Pro Руководство пользователя
- Rivotek Fisher 51 Руководство пользователя
- Liberton D-LED 4016 DBT2 Руководство по эксплуатации
- Liberton D-LED 3216 DBT2 Руководство по эксплуатации
- Liberton D-LED 2216 DBT2 Руководство по эксплуатации
- Liberton D-LED 32303 DBT2 Руководство по эксплуатации
- Liberton D-LED 24306 DBT2 Руководство по эксплуатации
- Liberton D-LED 3203 DBT2 Руководство по эксплуатации
- Philips SHE3590/10 Red Инструкция по эксплуатации
- Philips D 1202 B Инструкция по эксплуатации
- Philips HR 1560/20 Инструкция по эксплуатации
- Philips DCM2260/12 Black Инструкция по эксплуатации
- Philips BT5880B/12 Black Инструкция по эксплуатации