Tp-Link T2500G-10TS V2 [3/933] Eee configuration 63

Содержание

• T2500g 10ts tl sg3210 1
• User guide 1
• About this guide 2
• Accessing the switch 2
• Command line interface access 2
• Contents 2
• Conventions 2
• Intended readers 2
• Managing system 2
• More information 2
• Overview 2
• System 20 2
• System info configurations 21 2
• Web interface access 2
• Eee configuration 63 3
• Sdm template configuration 65 3
• System tools configurations 50 3
• Time range configuration 68 3
• User management configurations 43 3
• Appendix default parameters 74 4
• Appendix default parameters 95 4
• Basic parameters configurations 78 4
• Configuration examples 89 4
• Configuring lag 4
• Lag 97 4
• Lag configuration 98 4
• Loopback detection configuration 85 4
• Managing physical interfaces 4
• Physical interface 77 4
• Port isolation configurations 82 4
• Address configurations 33 5
• Appendix default parameters 11 5
• Appendix default parameters 29 5
• Configuration example 07 5
• Configuring ddm 5
• Ddm configuration 14 5
• Mac address table 31 5
• Managing mac address table 5
• Overview 13 5
• Appendix default parameters 50 6
• Appendix default parameters 67 6
• Configuration example 60 6
• Configuring 802 q vlan 6
• Example for security configurations 47 6
• Overview 52 6
• Q vlan configuration 53 6
• Security configurations 41 6
• Appendix default parameters 06 7
• Appendix default parameters 84 7
• Configuration example 74 7
• Configuration example 94 7
• Configuring mac vlan 7
• Configuring protocol vlan 7
• Mac vlan configuration 70 7
• Overview 69 7
• Overview 86 7
• Protocol vlan configuration 87 7
• Appendix default parameters 42 8
• Basic vlan vpn configuration 10 8
• Configuration example 50 8
• Configuration examples 18 8
• Configuring gvrp 8
• Configuring vlan vpn 8
• Flexible vlan vpn configuration 15 8
• Gvrp configuration 45 8
• Overview 44 8
• Vlan vpn 08 8
• Appendix default parameters 59 9
• Configuring layer 2 multicast 9
• Igmp snooping configuration 64 9
• Layer 2 multicast 61 9
• Mld snooping configuration 84 9
• Mvr configuration 98 9
• Configuration examples 23 10
• Multicast filtering configuration 08 10
• Viewing multicast snooping information 18 10
• Appendix default parameters 47 11
• Configuring spanning tree 11
• Mstp configurations 71 11
• Spanning tree 51 11
• Stp rstp configurations 59 11
• Appendix default parameters 09 12
• Configuration example for mstp 95 12
• Configuring lldp 12
• Lldp 12 12
• Lldp configurations 13 12
• Lldp med configurations 21 12
• Stp security configurations 91 12
• Viewing lldp med settings 34 12
• Viewing lldp settings 28 12
• Appendix default parameters 46 13
• Appendix default parameters 58 13
• Appendix default parameters 65 13
• Configuration example 38 13
• Configuration example 55 13
• Configuring dhcp service 13
• Configuring l2pt 13
• Configuring pppoe id insertion 13
• Dhcp 67 13
• Dhcp relay configuration 69 13
• L2pt configuration 50 13
• Overview 48 13
• Overview 60 13
• Pppoe id insertion configuration 61 13
• Appendix default parameters 88 14
• Bandwidth control configuration 14 14
• Class of service configuration 93 14
• Configuring qos 14
• Dhcp l2 relay configuration 76 14
• Example for dhcp vlan relay 81 14
• Qos 91 14
• Access security 60 15
• Access security configurations 61 15
• Appendix default parameters 55 15
• Auto voip configuration 26 15
• Configuration examples 31 15
• Configuring access security 15
• Voice vlan configuration 20 15
• Aaa configuration 85 16
• Appendix default parameters 08 16
• Appendix default parameters 81 16
• Configuration example 02 16
• Configuring aaa 16
• Overview 84 16
• Acl configuration 43 17
• Appendix default parameters 33 17
• Appendix default parameters 40 17
• Configuration example 27 17
• Configuring 802 x 17
• Configuring acl 17
• Configuring port security 17
• Overview 11 17
• Overview 35 17
• Overview 42 17
• Port security configuration 36 17
• X configuration 12 17
• Appendix default parameters 01 18
• Configuring ipv4 impb 18
• Ip mac binding configuration 05 18
• Ipv4 impb 04 18
• Onfiguration example for acl 75 18
• Appendix default parameters 35 19
• Arp detection configuration 16 19
• Configuration examples 26 19
• Configuring ipv6 impb 19
• Ipv4 source guard configuration 23 19
• Ipv6 impb 38 19
• Configuration examples 58 20
• Ipv6 mac binding configuration 40 20
• Ipv6 source guard configuration 55 20
• Nd detection configuration 50 20
• Appendix default parameters 66 21
• Appendix default parameters 90 21
• Configuration examples 82 21
• Configuring dhcp filter 21
• Dhcp filter 69 21
• Dhcpv4 filter configuration 71 21
• Dhcpv6 filter configuration 77 21
• Appendix default parameters 10 22
• Appendix default parameters 19 22
• Appendix default parameters 97 22
• Configuration examples 16 22
• Configuring dldp 22
• Configuring dos defend 22
• Dldp configuration 22 22
• Dos defend configuration 93 22
• Mirroring 12 22
• Mirroring traffic 22
• Monitoring the cpu 00 22
• Monitoring the memory 02 22
• Monitoring the system 22
• Monitoring traffic 22
• Overview 21 22
• Overview 92 22
• Overview 99 22
• Traffic monitor 05 22
• Appendix default parameters 26 23
• Configuring snmp rmon 23
• Notification configurations 45 23
• Rmon 56 23
• Rmon configurations 57 23
• Snmp 28 23
• Snmp configurations 32 23
• Appendix default parameters 81 24
• Appendix default parameters 96 24
• Configuration example 69 24
• Configuration example 94 24
• Configuring system logs 24
• Diagnosing the device 98 24
• Diagnosing the device network 24
• Diagnosing the network 00 24
• Overview 86 24
• System logs configurations 87 24
• Appendix default parameters 04 25
• About this guide 26
• Conventions 26
• Intended readers 26
• More information 27
• Accessing the switch 28
• Chapters 28
• Part 1 28
• Overview 29
• Web interface access 30
• Save config function 31
• Change the switch s ip address and default gateway 32
• Disable the web server 32
• Enter the new ip address in the web browser to access the switch 33
• To save the settings 33
• Command line interface access 34
• Console login only for switch with console port 34
• Enter enable to enter the user exec mode to further configure the switch 35
• Telnet login 36
• Password authentication mode 37
• Ssh login 37
• Key authentication mode 38
• After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 39
• Disable telnet login 41
• Change the switch s ip address and default gateway 42
• Copy running config startup config 42
• Disable ssh login 42
• Chapters 44
• Managing system 44
• Part 2 44
• Overview 45
• Sdm template 45
• Supported features 45
• System 45
• System info 45
• System tools 45
• Time range 45
• User management 45
• System info configurations 46
• Using the gui 46
• Viewing the system summary 46
• You can click a port to view the bandwidth utilization on this port 47
• You can move your cursor to a port to view the detailed information of the port 47
• In the system info section you can view the system information of the switch 48
• Viewing the system information 48
• Configuring the device description 50
• Device description to load the following page 50
• In the device description section configure the following parameters 50
• Choose one method to set the system time and specify the related parameters 51
• Click apply 51
• Configuring the system time 51
• In the time config section follow these steps to configure the system time 51
• In the time info section you can view the current time information of the switch 51
• System time to load the following page 51
• Choose one method to set the daylight saving time and specify the related parameters 52
• Click apply 52
• Configuring the daylight saving time 52
• Daylight saving time to load the following page 52
• Follow these steps to configure daylight saving time 52
• In the dst config section enable the daylight saving time function 52
• Click apply 53
• Configure the corresponding parameters for the system ip 53
• Configuring the system ip 53
• Follow these steps to configure the system ip 53
• System ip to load the following page 53
• Click apply 54
• Configuring the system ipv6 54
• In the system ipv6 config section enable ipv6 feature for the interface and configure the corresponding parameters then click apply 54
• System ipv6 to load the following page 54
• Configure ipv6 global address of the interface via following three ways 55
• In the global address config section click 55
• Manually 55
• To manually assign an ipv6 global address to the interface 55
• Via dhcpv6 server 55
• Via ra message 55
• View the global address entry in the global address config section 56
• Gi1 0 1 linkdown n a n a n a disable copper 57
• Gi1 0 2 linkdown n a n a n a disable copper 57
• Gi1 0 3 linkup 1000m full disable disable copper 57
• On privileged exec mode or any other configuration mode you can use the following commands to view the system information of the switch 57
• Port status speed duplex flowctrl jumbo active medium 57
• Switch show interface status 57
• Switch show system info 57
• System description jetstream 8 port gigabit l2 managed switch with 2 sfp slots 57
• System name t2500g 10ts 57
• The following example shows how to view the interface status and the system information of the switch 57
• Using the cli 57
• Viewing the system summary 57
• Bootloader version tp link bootutil v1 58
• Configuring the device description 58
• Contact information www tp link com 58
• Follow these steps to configure the device description 58
• Hardware version t2500g 10ts 2 58
• Mac address 00 0a eb 13 23 a0 58
• Running time 1 day 2 hour 33 min 42 sec 58
• Serial number 58
• Software version 2 build 20180926 rel 2438 s 58
• System location shenzhen 58
• System time 2017 12 12 11 23 32 58
• Configuring the system time 59
• Backup ntp server 139 8 00 63 61
• Last successful ntp server 133 00 61
• Prefered ntp server 133 00 61
• Switch config show system time ntp 61
• Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 61
• Switch configure 61
• The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 61
• Time zone utc 08 00 61
• Configuring the daylight saving time 62
• Follow these steps to configure the daylight saving time 62
• Switch config end 62
• Switch copy running config startup config 62
• Update rate 11 hour s 62
• Dst configuration is one off 63
• Dst ends at 01 00 00 on sep 1 2017 63
• Dst offset is 50 minutes 63
• Dst starts at 01 00 00 on aug 1 2017 63
• Switch config end 63
• Switch config show system time dst 63
• Switch config system time dst date aug 1 01 00 2017 sep 1 01 00 2017 50 63
• Switch configure 63
• Switch copy running config startup config 63
• The following example shows how to set the daylight saving time by date mode set the start time as 01 00 august 1st 2017 set the end time as 01 00 september 1st 2017 and set the offset as 50 63
• Configuring the system ip 64
• Follow these steps to configure the system ip parameters 64
• Switch config if ip address 192 68 0 255 55 55 gateway 192 68 00 64
• Switch config interface vlan 1 64
• Switch configure 64
• The following example shows how to configure the switch s ip address as 192 68 0 24 and configure the default gateway as 192 68 00 64
• Configuring system ipv6 parameters 65
• Enable 65
• Follow these steps to configure the system ipv6 parameters 65
• Password admin 65
• Switch copy running config startup config 65
• Switch show interface vlan 1 65
• Telnet 192 68 0 65
• The connection will be interrupted and you should telnet to the switch s new ip address 192 68 0 65
• User admin 65
• Global address dhcpv6 enable 66
• Global address ra disable 66
• Global unicast address es ff02 1 ff13 237b 66
• Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 66
• Joined group address es ff02 1 66
• Switch config if ipv6 address autoconfig 66
• Switch config if ipv6 address dhcp 66
• Switch config if ipv6 enable 66
• Switch config if show ipv6 interface 66
• Switch config interface vlan 1 66
• Switch configure 66
• The following example shows how to enable the ipv6 function and configure the ipv6 parameters of the management interface 66
• Vlan2 is up line protocol is up 66
• Creating accounts 68
• User management configurations 68
• Using the gui 68
• Click create 69
• Configure the following parameters 69
• Configuring enable password 69
• Follow these steps to create a new user account 69
• Global config to load the following page 69
• Creating accounts 70
• Using the cli 70
• Configuring enable password 72
• Follow these steps to create an account of other type 72
• The logged in users can enter the enable password on this page to get the administrative privileges 73
• Configuring the boot file 75
• System tools configurations 75
• Using the gui 75
• Click apply 76
• Follow these steps to configure the boot file 76
• In the boot table section select one or more units and configure the relevant parameters 76
• In the image table you can view the information of the current startup image next startup image and backup image the displayed information is as follows 76
• Backing up the configuration file 77
• Restoring the configuration of the switch 77
• Configuring dhcp auto install 78
• Upgrading the firmware 78
• Configuration file name image file path and tftp server ip address from the dhcp server and then downloads the new image and configuration file form the tftp server 79
• Configure the following parameters and click apply 79
• Dhcp auto install to load the following page 79
• Configuring reboot schedule 80
• Manually rebooting the switch 80
• Rebooting the switch 80
• Choose whether to save the current configuration before the reboot 81
• Click apply 81
• Configuring the boot file 81
• Follow these steps to configure the boot file 81
• In the system reset section select the desired unit and click reset after reset all configurations of the switch will be reset to the factory defaults 81
• Reseting the switch 81
• System reset to load the following page 81
• Using the cli 81
• Backup config config2 cfg 82
• Backup image image2 bin 82
• Boot config 82
• Current startup config config2 cfg 82
• Current startup image image2 bin 82
• Follow these steps to restore the configuration of the switch 82
• Next startup config config1 cfg 82
• Next startup image image1 bin 82
• Restoring the configuration of the switch 82
• Switch config boot application filename image1 startup 82
• Switch config boot application filename image2 backup 82
• Switch config boot config filename config1 startup 82
• Switch config boot config filename config2 backup 82
• Switch config end 82
• Switch config show boot 82
• Switch configure 82
• Switch copy running config startup config 82
• The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file as config2 82
• Backing up the configuration file 83
• Backup user config file ok 83
• Enable 83
• Follow these steps to back up the current configuration of the switch in a file 83
• Follow these steps to upgrade the firmware 83
• Operation ok now rebooting system 83
• Start to backup user config file 83
• Start to load user config file 83
• Switch copy startup config tftp ip address 192 68 00 filename file2 83
• Switch copy tftp startup config ip address 192 68 00 filename file1 83
• The following example shows how to backup the configuration file named file2 to tftp server with ip address 192 68 00 83
• The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 83
• Upgrading the firmware 83
• Configuring dhcp auto install 84
• Enable 84
• Follow these steps to configure the dhcp auto install 84
• It will only upgrade the backup image continue y n y 84
• Operation ok 84
• Reboot with the backup image y n 84
• Switch firmware upgrade ip address 192 68 00 filename file3 bin 84
• The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 84
• This feature is used to download configuration files and images from the tftp server automatically it requires a tftp server and a dhcp server that supports option 67 125 and 150 on your network when auto install function starts the switch tries to get configuration file name image file path and tftp server ip address from the dhcp server and then downloads the new image and configuration file form the tftp server 84
• Auto insatll mode stop 85
• Auto insatll persistent mode enabled 85
• Auto insatll retry count 85
• Auto insatll sate stopped 85
• Auto reboot mode enabled 85
• Auto save mode enabled 85
• Follow these steps to reboot the switch 85
• Manually rebooting the switch 85
• Rebooting the switch 85
• Switch config boot autoinstall auto reboot 85
• Switch config boot autoinstall auto save 85
• Switch config boot autoinstall persistent mode 85
• Switch config boot autoinstall retry count 2 85
• Switch config show boot autoinstall 85
• Switch configure 85
• The following example shows how to configure the auto install function 85
• Configuring reboot schedule 86
• Follow these steps to configure the reboot schedule 86
• Reboot schedule at 2017 08 15 12 00 in 25582 minutes 86
• Reboot schedule settings 86
• Reboot system at 15 08 2017 12 00 continue y n y 86
• Switch config reboot schedule at 12 00 15 08 2017 save_before_reboot 86
• Switch configure 86
• The following example shows how to set the switch to reboot at 12 00 on 15 08 2017 86
• Follow these steps to reset the switch 87
• Reseting the switch 87
• Save before reboot yes 87
• Switch config end 87
• Switch copy running config startup config 87
• Click apply 88
• Eee configuration 88
• Eee to load the following page 88
• Enable or disable eee on the selected port s 88
• Follow these steps to configure eee 88
• In the eee config section select one or more ports to be configured 88
• Using the cli 88
• In sdm template config section select one template and click apply the setting will be effective after the switch is rebooted 90
• Sdm template configuration 90
• Sdm template to load the following page 90
• The template table displays the resources allocation of each template 90
• Using the gui 90
• Follow these steps to configure the sdm template 91
• Switch config 91
• The following example shows how to set the sdm template as enterprisev4 91
• Using the cli 91
• Adding time range entries 93
• Time range configuration 93
• Using the gui 93
• Configure the following parameters and click create 94
• Similarly you can add more entries of period time according to your needs the final period time is the sum of all the periods in the table click create 94
• Configuring holiday 95
• Adding time range entries 96
• Follow these steps to add time range entries 96
• Using the cli 96
• 08 00 to 20 00 on 1 2 97
• 10 01 2017 to 10 31 2017 97
• Configuring holiday 97
• Follow these steps to configure holiday time range 97
• Holiday exclude 97
• Number of time slice 1 97
• Switch config 97
• Switch config time range absolute from 10 01 2017 to 10 31 2017 97
• Switch config time range end 97
• Switch config time range holiday exclude 97
• Switch config time range periodic start 08 00 end 20 00 day of the week 1 2 97
• Switch config time range show time range 97
• Switch config time range time1 97
• Switch copy running config startup config 97
• The following example shows how to create a time range entry and set the name as time1 holiday mode as exclude absolute time as 10 01 2017 to 10 31 2017 and periodic time as 8 00 to 20 00 on every monday and tuesday 97
• Time range entry 12 inactive 97
• Time range entry time1 inactive 97
• Appendix default parameters 99
• Default settings of system info are listed in the following tables 99
• Default settings of system tools are listed in the following table 99
• Default settings of user management are listed in the following table 99
• Default setting of eee is listed in the following table 100
• Default settings of sdm template are listed in the following table 100
• Default settings of time range are listed in the following table 100
• Chapters 101
• Managing physical interfaces 101
• Part 3 101
• Basic parameters 102
• Loopback detection 102
• Overview 102
• Physical interface 102
• Port isolation 102
• Supported features 102
• Basic parameters configurations 103
• Configure the mtu size of jumbo frames for all ports then click apply 103
• Follow these steps to configure basic parameters for the ports 103
• Port config to load the following page 103
• Select one or more ports to configure the basic parameters then click apply 103
• Using the gui 103
• Follow these steps to set basic parameters for the ports 104
• Using the cli 104
• Switch config if no shutdown 105
• Switch config interface gigabitethernet 1 0 1 105
• Switch configure 105
• Switch jumbo size 9216 105
• The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port configuring the jumbo frame making the port automatically negotiate speed and duplex with the neighboring port and enabling the flow control 105
• Port isolation configurations 107
• Using the gui 107
• Using the cli 108
• Gi1 0 5 n a gi1 0 1 3 po4 109
• Port lag forward list 109
• Switch config if end 109
• Switch config if port isolation gi forward list 1 0 1 3 po forward list 4 109
• Switch config if show port isolation interface gigabitethernet 1 0 5 109
• Switch config interface gigabitethernet 1 0 5 109
• Switch configure 109
• Switch copy running config startup config 109
• The following example shows how to add ports 1 0 1 3 and lag 4 to the forwarding list of port 1 0 5 109
• Loopback detection configuration 110
• Using the gui 110
• In the port config section select one or more ports to configure the loopback detection parameters then click apply 111
• Optional view the loopback detection information 111
• Follow these steps to configure loopback detection 112
• Using the cli 112
• Configuration examples 114
• Configuration scheme 114
• Example for port isolation 114
• Network requirements 114
• Using the gui 114
• Using the cli 116
• Configuration scheme 117
• Example for loopback detection 117
• Network requirements 117
• Verify the configuration 117
• Using the gui 118
• Using the cli 119
• Verify the configuration 119
• Appendix default parameters 120
• Default settings of switching are listed in th following tables 120
• Chapters 121
• Configuring lag 121
• Part 4 121
• Overview 122
• Static lag 122
• Supported features 122
• Configuration guidelines 123
• Lag configuration 123
• Configuring load balancing algorithm 124
• In the global config section select the load balancing algorithm hash algorithm then click apply 124
• Lag table to load the following page 124
• Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 124
• Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address you can set the algorithm 124
• Using the gui 124
• Configuring static lag or lacp 125
• Configuring lacp 126
• Follow these steps to configure lacp 126
• Lacp to load the following page 126
• Select member ports for the lag and configure the related parameters click apply 126
• Specify the system priority for the switch and click apply 126
• Configuring load balancing algorithm 127
• Follow these steps to configure the load balancing algorithm 127
• Using the cli 127
• Configuring static lag or lacp 128
• Etherchannel load balancing addresses used per protocol 128
• Etherchannel load balancing configuration src dst mac 128
• Ipv4 source xor destination mac address 128
• Ipv6 source xor destination mac address 128
• Non ip source xor destination mac address 128
• Switch config end 128
• Switch config port channel load balance src dst mac 128
• Switch config show etherchannel load balance 128
• Switch configure 128
• Switch copy running config startup config 128
• The following example shows how to set the global load balancing mode as src dst mac 128
• You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 128
• Configuring static lag 129
• Flags d down p bundled in port channel u in use 129
• Follow these steps to configure static lag 129
• Group port channel protocol ports 129
• I stand alone h hot standby lacp only s suspended 129
• Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 129
• R layer3 s layer2 f failed to allocate aggregator 129
• Switch config if range channel group 2 mode on 129
• Switch config if range end 129
• Switch config if range show etherchannel 2 summary 129
• Switch config interface range gigabitethernet 1 0 5 8 129
• Switch configure 129
• Switch copy running config startup config 129
• The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 129
• U unsuitable for bundling w waiting to be aggregated d default port 129
• Configuring lacp 130
• Follow these steps to configure lacp 130
• Configuration example 132
• Configuration scheme 132
• Network requirements 132
• Using the gui 133
• Using the cli 134
• Verify the configuration 134
• Appendix default parameters 136
• Default settings of switching are listed in the following tables 136
• Chapters 137
• Configuring ddm 137
• Part 5 137
• Overview 138
• Configuring ddm globally 139
• Ddm configuration 139
• Using the gui 139
• Click apply 140
• Configuring the temperature threshold 140
• Configuring the threshold 140
• Follow these steps to configure ddm s temperature threshold 140
• In the temperature table select one or more sfp ports to configure temperature threshold of the sfp ports 140
• Threshold config to load the following page 140
• Click apply 141
• Configuring the bias current threshold 141
• Configuring the voltage threshold 141
• Follow these steps to configure ddm s voltage threshold 141
• In the voltage table select one or more sfp ports to configure voltage threshold on the sfp ports 141
• Click apply 142
• Configuring the rx power threshold 142
• Follow these steps to configure ddm s bias current threshold 142
• Follow these steps to configure ddm s rx power threshold 142
• In the bias current table select one or more sfp ports to configure bias current threshold on the sfp ports 142
• In the rx power table select one or more sfp ports to configure rx power threshold on the sfp ports 142
• Click apply 143
• Configuring the tx power threshold 143
• Follow these steps to configure ddm s tx power threshold 143
• In the tx power table select one or more sfp ports to configure tx power threshold on the sfp ports 143
• Configuring ddm globally 144
• Ddm status to load the following page 144
• Follow these steps to enable ddm on specified sfp ports 144
• In the port config table view the current operating parameters for the sfp modules inserted into the sfp ports 144
• Using the cli 144
• Viewing ddm status 144
• Configuring ddm shutdown 145
• Ddm status ddm status shutdown 145
• Follow these steps to configure settings for shutting down sfp ports when the alarm threshold or warning threshold is exceeded 145
• Gi1 0 9 enable none 145
• Switch config if ddm state enable 145
• Switch config if end 145
• Switch config if show ddm configuration state 145
• Switch config interface gigabitethernet 1 0 9 145
• Switch configure 145
• Switch copy running config startup config 145
• The following example shows how to enable ddm status on sfp port 1 0 9 145
• Configuring temperature threshold 146
• Configuring the threshold 146
• Ddm status ddm status shutdown 146
• Follow these steps to configure the threshold of the ddm temperature on the specified sfp port 146
• Gi1 0 25 enable warning 146
• Switch config if ddm shutdown warning 146
• Switch config if end 146
• Switch config if show ddm configuration state 146
• Switch config interface gigabitethernet 1 0 25 146
• Switch configure 146
• Switch copy running config startup config 146
• The following example shows how to set sfp port 1 0 25 to shut down when the warning threshold is exceeded 146
• Gi1 0 10 110 00000 147
• High alarm high alarm low alarm high warning low warning 147
• Switch config if ddm temperature_threshold high_alarm 110 147
• Switch config if end 147
• Switch config if show ddm configuration temperature 147
• Switch config interface gigabitethernet 1 0 10 147
• Switch configure 147
• Switch copy running config startup config 147
• Temperature threshold celsius 147
• The following example shows how to set sfp port 1 0 10 s high alarm temperature threshold as 110 celsius 147
• Configuring voltage threshold 148
• Follow these steps to configure the threshold of the ddm voltage on the specified sfp port 148
• Gi1 0 10 5 00000 148
• High alarm high alarm low alarm high warning low warning 148
• Switch config if ddm vlotage_threshold high_alarm 5 148
• Switch config if show ddm configuration voltage 148
• Switch config interface gigabitethernet 1 0 10 148
• Switch configure 148
• The following example shows how to set sfp port 1 0 10 s high alarm threshold voltage as 5 v 148
• Voltage threshold v 148
• Configuring bias current threshold 149
• Follow these steps to configure the threshold of the ddm bias current on the specified sfp port 149
• High alarm high alarm low alarm high warning low warning 149
• Switch config if ddm vlotage_threshold high_alarm 120 149
• Switch config if end 149
• Switch config if show ddm configuration bias_current 149
• Switch config interface gigabitethernet 1 0 10 149
• Switch configure 149
• Switch copy running config startup config 149
• The following example shows how to set sfp port 1 0 10 s high alarm threshold bias current as 120 ma 149
• Voltage threshold v 149
• Configuring rx power threshold 150
• Follow these steps to configure the threshold of the ddm rx power on the specified sfp port 150
• Gi1 0 10 120 00000 150
• Switch config if ddm rx_power_threshold high_alarm 6 150
• Switch config if end 150
• Switch config if show ddm configuration rx_power 150
• Switch config interface gigabitethernet 1 0 10 150
• Switch configure 150
• Switch copy running config startup config 150
• The following example shows how to set sfp port 1 0 10 s high alarm threshold rx power as 6 mw 150
• Configuring tx power threshold 151
• Follow these steps to configure the threshold of the ddm tx power on the specified sfp port 151
• Gi1 0 10 6 00000 151
• High alarm high alarm low alarm high warning low warning 151
• Rx power threshold mw 151
• Switch config if end 151
• Switch configure 151
• Switch copy running config startup config 151
• The following example shows how to set sfp port 1 0 10 s high alarm threshold tx power as 6 mw 151
• Viewing ddm configuration 152
• Viewing ddm status 153
• Appendix default parameters 154
• Default settings of ddm are listed in the following table 154
• Chapters 155
• Managing mac address table 155
• Part 6 155
• Address configurations 156
• Mac address table 156
• Overview 156
• Supported features 156
• Security configurations 157
• Adding static mac address entries 158
• Address configurations 158
• Using the gui 158
• Click apply 160
• Dynamic address to load the following page 160
• Follow these steps to modify the aging time of dynamic address entries 160
• In the aging config section enable auto aging and enter your desired length of time 160
• Modifying the aging time of dynamic address entries 160
• Adding mac filtering address entries 161
• Viewing address table entries 161
• Adding static mac address entries 162
• Address table and click 162
• Follow these steps to add static mac address entries 162
• To load the following page 162
• Using the cli 162
• Modifying the aging time of dynamic address entries 163
• Adding mac filtering address entries 164
• Aging time is 500 sec 164
• Follow these steps to add mac filtering address entries 164
• Switch config end 164
• Switch config mac address table aging time 500 164
• Switch config show mac address table aging time 164
• Switch configure 164
• Switch copy running config startup config 164
• The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 164
• Configuring mac notification traps 166
• Security configurations 166
• Using the gui 166
• Configure snmp and set a management host for detailed snmp configurations please refer to snmp configurations 167
• Follow these steps to configure mac notification traps 167
• Follow these steps to limit the number of mac addresses in vlans 167
• In the mac notification global config section enable this feature configure the relevant options and click apply 167
• In the mac notification port config section select one or more ports to configure the notification status click apply 167
• In the mac vlan security config section select the security mode for all vlans 167
• Limiting the number of mac addresses learned in vlans 167
• Mac vlan security to load the following page 167
• Click create 168
• Configuring mac notification traps 168
• Follow these steps to configure mac notification traps 168
• In the mac vlan security table section click add to load the following page enter the vlan id and the max learned number to limit the number of mac addresses that can be learned in the specified vlan 168
• Using the cli 168
• Mac notification global config 169
• Notification global status enable 169
• Notification interval 10 169
• Now you have configured mac notification traps to receive notifications you need to further enable snmp and set a management host for detailed snmp configurations please refer to snmp configurations 169
• Port lrnmode change new mac learned 169
• Switch config if mac address table notification new mac learned enable 169
• Switch config if show mac address table notification interface gigabitethernet 1 0 1 169
• Switch config interface gigabitethernet 1 0 1 169
• Switch config mac address table notification global status enable 169
• Switch config mac address table notification interval 10 169
• Switch configure 169
• Table full notification status disable 169
• The following example shows how to enable new mac learned trap on port 1 and set the interval time as 10 seconds after you have further configured snmp the switch will bundle notifications of new addresses in every 10 seconds and send to the management host 169
• 100 0 drop 170
• Follow these steps to limit the number of mac addresses in vlans 170
• Gi1 0 1 disable enable 170
• Limiting the number of mac addresses in vlans 170
• Switch config if end 170
• Switch config mac address table vlan security mode drop 170
• Switch config mac address table vlan security vid 10 max learn 100 170
• Switch config show mac address table vlan security vid 10 170
• Switch configure 170
• Switch copy running config startup config 170
• The following example shows how to limit the number of mac addresses to 100 in vlan 10 and configure the switch to drop packets of new source mac addresses when the limit is exceeded 170
• Vlanid max learn current learn status 170
• Switch config end 171
• Switch copy running config startup config 171
• Configuration scheme 172
• Example for security configurations 172
• Network requirements 172
• Using the gui 173
• Using the cli 174
• Verify the configurations 174
• Appendix default parameters 175
• Default settings of the mac address table are listed in the following tables 175
• Chapters 176
• Configuring 802 q vlan 176
• Part 7 176
• Overview 177
• Configuring the pvid of the port 178
• Q vlan configuration 178
• Using the gui 178
• Configuring the vlan 180
• Enter a vlan id and a description for identification to create a vlan 180
• Follow these steps to configure vlan 180
• To load the following page to load the following page 180
• Vlan config and click 180
• Click apply 181
• Creating a vlan 181
• Follow these steps to create a vlan 181
• Select the untagged port s and the tagged port s respectively to add to the created vlan based on the network topology 181
• Switch config vlan 2 181
• Switch config vlan name rd 181
• Switch configure 181
• The following example shows how to create vlan 2 and name it as rd 181
• Using the cli 181
• Configuring the port 182
• Follow these steps to configure the port 182
• Rd active 182
• Switch config interface gigabitethernet 1 0 5 182
• Switch config vlan end 182
• Switch config vlan show vlan id 2 182
• Switch configure 182
• Switch copy running config startup config 182
• The following example shows how to configure the pvid of port 1 0 5 as 2 enable the ingress checking and set the acceptable frame type as all 182
• Vlan name status ports 182
• Acceptable frame type all 183
• Adding the port to the specified vlan 183
• Follow these steps to add the port to the specified vlan 183
• Ingress checking enable 183
• Link type general 183
• Member in lag n a 183
• Member in vlan 183
• Port gi1 0 5 183
• Pvid 2 183
• Switch config if end 183
• Switch config if show interface switchport gigabitethernet 1 0 5 183
• Switch config if switchport acceptable frame all 183
• Switch config if switchport check ingress 183
• Switch config if switchport pvid 2 183
• Switch copy running config startup config 183
• System vlan untagged 183
• Vlan name egress rule 183
• Configuration example 185
• Configuration scheme 185
• Network requirements 185
• Network topology 186
• The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 as an example 186
• The figure below shows the network topology host a1 and host a2 are in department a while host b1 and host b2 are in department b switch 1 and switch 2 are located in two different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 186
• The following sections provide configuration procedure in two ways using the gui and using the cli 186
• To load the following page create vlan 10 with the description of department_a add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to vlan 10 click create 186
• Using the gui 186
• Vlan config and 186
• Using the cli 189
• Verify the configurations 190
• Appendix default parameters 192
• Default settings of 802 q vlan are listed in the following table 192
• Chapters 193
• Configuring mac vlan 193
• Part 8 193
• Overview 194
• Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 194
• The figure below shows a common application scenario of mac vlan 194
• Two departments share all the meeting rooms in the company but use different servers and l 194
• Vlan is generally divided by ports it is a common way of division but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office at different times a terminal device may access the network via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their mac vlans even when their access ports change 194
• Binding the mac address to the vlan 195
• Configuring 802 q vlan 195
• Mac vlan configuration 195
• Using the gui 195
• Enabling mac vlan for the port 196
• 19 56 8a 4c 71 dept a 10 197
• Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 197
• Binding the mac address to the vlan 197
• Configuring 802 q vlan 197
• Follow these steps to bind the mac address to the vlan 197
• Mac addr name vlan id 197
• Switch config end 197
• Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 197
• Switch config show mac vlan vlan 10 197
• Switch configure 197
• The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 197
• Using the cli 197
• Enabling mac vlan for the port 198
• Follow these steps to enable mac vlan for the port 198
• Gi1 0 1 enable 198
• Gi1 0 2 disable 198
• Port status 198
• Switch config if end 198
• Switch config if mac vlan 198
• Switch config if show mac vlan interface 198
• Switch config interface gigabitethernet 1 0 1 198
• Switch configure 198
• Switch copy running config startup config 198
• The following example shows how to enable mac vlan for port 1 0 1 198
• Configuration example 199
• Configuration scheme 199
• Create vlan 10 and vlan 20 on each of the three switches and add the ports to the vlans based on the network topology for the ports connecting the laptops set the 199
• Network requirements 199
• Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 199
• You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 199
• Using the gui 200
• Using the cli 205
• Verify the configurations 207
• Appendix default parameters 209
• Default settings of mac vlan are listed in the following table 209
• Chapters 210
• Configuring protocol vlan 210
• Part 9 210
• Overview 211
• Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze specific fields of received packets encapsulate the packets in specific formats and forward the packets with different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services 211
• The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 211
• Configuring 802 q vlan 212
• Protocol vlan configuration 212
• Using the gui 212
• Check whether your desired template already exists in the protocol template config 213
• Creating protocol template 213
• Follow these steps to create a protocol template 213
• Protocol template to load the following page 213
• Section if not click 213
• To create a new template 213
• Click create 214
• Configuring protocol vlan 214
• Follow these steps to configure the protocol group 214
• In the protocol group config section specify the following parameters 214
• Protocol vlan group and 214
• To load the following page 214
• Before configuring protocol vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 215
• Configuring 802 q vlan 215
• Creating a protocol template 215
• Follow these steps to create a protocol template 215
• Select the desired ports click create 215
• Using the cli 215
• Arp ethernetii ether type 0806 216
• At snap ether type 809b 216
• Configuring protocol vlan 216
• Follow these steps to configure protocol vlan 216
• Index protocol name protocol type 216
• Ip ethernetii ether type 0800 216
• Ipv6 ethernetii ether type 86dd 216
• Ipx snap ether type 8137 216
• Rarp ethernetii ether type 8035 216
• Switch config end 216
• Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 216
• Switch config show protocol vlan template 216
• Switch configure 216
• Switch copy running config startup config 216
• The following example shows how to create an ipv6 protocol template 216
• Arp ethernetii ether type 0806 217
• At snap ether type 809b 217
• Index protocol name protocol type 217
• Index protocol name vid priority member 217
• Ip ethernetii ether type 0800 217
• Ipv6 10 0 217
• Ipv6 ethernetii ether type 86dd 217
• Ipx snap ether type 8137 217
• Rarp ethernetii ether type 8035 217
• Switch config interface gigabitethernet 1 0 2 217
• Switch config protocol vlan vlan 10 priority 5 template 6 217
• Switch config show protocol vlan template 217
• Switch config show protocol vlan vlan 217
• Switch configure 217
• The following example shows how to bind the ipv6 protocol template to vlan 10 and add port 1 0 2 to protocol vlan 217
• A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 219
• Configuration example 219
• Configuration scheme 219
• Network requirements 219
• The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 219
• You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 219
• Using the gui 221
• Using the cli 227
• Verify the configurations 229
• Appendix default parameters 231
• Default settings of protocol vlan are listed in the following table 231
• Chapters 232
• Configuring vlan vpn 232
• Part 10 232
• Overview 233
• Vlan vpn 233
• Basic vlan vpn 234
• Flexible vlan vpn 234
• Supported features 234
• Basic vlan vpn configuration 235
• Configuring 802 q vlan 235
• Using the gui 235
• Configuring basic vlan vpn 236
• Before configuring vlan vpn create 802 q vlan add ports to corresponding vlans and configure ingress checking on ports according to your needs for details refer to configuring 802 q vlan 237
• Configuring 802 q vlan 237
• Configuring basic vlan vpn 237
• Follow these steps to configure basic vlan vpn 237
• Using the cli 237
• Switch config dot1q tunnel 238
• Switch config if exit 238
• Switch config if switchport dot1q tunnel mode uni 238
• Switch config interface gigabitethernet 1 0 1 238
• Switch config interface gigabitethernet 1 0 2 238
• Switch configure 238
• The following example shows how to enable the vlan vpn feature globally set port 1 0 1 of switch as the uni port and 1 0 2 as the nni port 238
• Configuration guidelines 240
• Flexible vlan vpn configuration 240
• Using the gui 240
• Click create 241
• Follow these steps to configure flexible vlan vpn 241
• Using the cli 241
• Configuration examples 243
• Configuration scheme 243
• Example for basic vlan vpn 243
• Network requirements 243
• Configure 802 q vlan on switch 1 the parameters are shown below 244
• Configure 802 q vlan on switch 3 the parameters are shown below 244
• Configure vlan vpn on switch 1 set port 1 0 1 as nni port and port 1 0 2 as uni port configure the tpid as 0x9100 244
• Configuring switch 1 244
• Q vlan to create vlan 100 vlan 200 and vlan 1050 configure the egress rule of port 1 0 2 in vlan 100 and vlan 200 as tagged and in vlan 1050 as untagged configure the egress rule of port 1 0 1 in vlan 1050 as tagged 244
• This chapter provides configuration procedures in two ways using the gui and using the cli 244
• Using the gui 244
• Port config to set the pvid as 1050 for port 1 0 2 and leave the default vaule 1 for port 1 0 1 247
• Using the cli 251
• Verify the vlan vpn configurations on switch 1 252
• Example for flexible vlan vpn 254
• Network requirements 254
• Configuration scheme 255
• Configure 802 q vlan on switch 1 the parameters are shown below 255
• Configure 802 q vlan on switch 3 the parameters are shown below 255
• Configure vlan vpn on switch 1 set port 1 0 1 as nni port and port 1 0 2 as uni port configure the tpid as 0x9100 map vlan 100 to vlan 1050 and vlan 200 to vlan 1060 255
• Configuring switch 1 255
• Here we only introduce the configuration scheme on switch 1 and switch 3 for the configurations on switch 2 are the same as that on switch 1 and the configurations on switch 4 are the same as that on switch 3 255
• Q vlan to create vlan 100 vlan 200 vlan 1050 and vlan 1060 configure the egress rule of port 1 0 2 in vlan 100 and vlan 200 as tagged and untagged in vlan 1050 and vlan 1060 configure the egress rule of port 1 0 1 in vlan 1050 and vlan 1060 as tagged 255
• This chapter provides configuration procedures in two ways using the gui and using the cli 255
• To meet the requirement that all the traffic from vlan 100 and vlan 200 need to be transmitted through different isp vlans users can configure flexible vlan vpn on switch 1 and switch 2 to map vlan 100 to vlan 1050 and vlan 200 to vlan 1060 so packets from vlan 100 and vlan 200 will be transmitted through vlan 1050 and vlan 1060 respectively 255
• Using the gui 255
• Port config to set the pvid as 1050 for port 1 0 2 and leave the default vaule 1 for port 1 0 1 259
• Using the cli 264
• Appendix default parameters 267
• Default settings of vlan vpn are listed in the following table 267
• Chapters 268
• Configuring gvrp 268
• Part 11 268
• Gvrp garp vlan registration protocol is a garp generic attribute registration protocol application that allows registration and deregistration of vlan attribute values and dynamic vlan creation 269
• Overview 269
• The configuration may seem easy in this situation however for a larger or more complex network such manual configuration would be time costing and fallible gvrp can be used to implement dynamic vlan configuration with gvrp the switch can exchange vlan configuration information with the adjacent gvrp switches and dynamically create and manage the vlans this reduces vlan configuration workload and ensures correct vlan configuration 269
• Without gvrp operating configuring the same vlan on a network would require manual configuration on each device as shown in figure 1 1 switch a b and c are connected through trunk ports vlan 10 is configured on switch a and vlan 1 is configured on switch b and switch c switch c can receive messages sent from switch a in vlan 10 only when the network administrator has manually created vlan 10 on switch b and switch c 269
• Configuration guidelines 270
• Gvrp configuration 270
• Follow these steps to configure gvrp 271
• Gvrp config to load the following page 271
• In the gvrp section enable gvrp globally then click apply 271
• In the port config section select one or more ports set the status as enable and configure the related parameters according to your needs 271
• Using the gui 271
• Click apply 272
• Using the cli 272
• Configuration example 275
• Configuration scheme 275
• Department a and department b of a company are connected using switches offices of one department are distributed on different floors as shown in figure 3 1 the network topology is complicated configuration of the same vlan on different switches is required so that computers in the same department can communicate with each other 275
• Network requirements 275
• The following sections provide configuration procedure in two ways using the gui and using the cli 275
• The two departments are in separate vlans to make sure the switches only dynamically create vlan of their own department you need to set the registration mode for ports on switch 1 to switch 4 as fixed to prevents dynamic registration and deregistration of vlans and allow the port to transmit only the static vlan registration information 275
• To configure dynamic vlan creation on other switches set the registration mode of the corresponding ports as normal to allow dynamic registration and deregistration of vlans 275
• To reduce manual configuration and maintenance workload gvrp can be enabled to implement dynamic vlan registration and update on the switches 275
• When configuring gvrp please note the following 275
• Using the gui 276
• Using the cli 280
• Verify the configuration 282
• Appendix default parameters 284
• Default settings of gvrp are listed in the following tables 284
• Chapters 285
• Configuring layer 2 multicast 285
• Part 12 285
• Layer 2 multicast 286
• Overview 286
• A member port is a port on snooping switch that is connecting to the host 287
• A router port is a port on snooping switch that is connecting to the igmp querier 287
• A snooping switch indicates a switch with igmp snooping enabled the switch maintains a multicast forwarding table by snooping on the igmp transmissions between the host and the querier with the multicast forwarding table the switch can forward multicast data only to the ports that are in the corresponding multicast group so as to constrain the flooding of multicast data in the layer 2 network 287
• An igmp querier is a multicast router a router or a layer 3 switch that sends query messages to maintain a list of multicast group memberships for each attached network and a timer for each membership 287
• Demonstrated as below 287
• Igmp querier 287
• Member port 287
• Normally only one device acts as querier per physical network if there are more than one multicast router in the network a querier election process will be implemented to determine which one acts as the querier 287
• Router port 287
• Snooping switch 287
• The following basic concepts of igmp snooping will be introduced igmp querier snooping switch router port and member port 287
• Layer 2 multicast protocol for ipv4 igmp snooping 288
• Layer 2 multicast protocol for ipv6 mld snooping 288
• Multicast filtering 288
• Multicast vlan registration mvr 288
• Supported features 288
• Configuring igmp snooping globally 289
• Igmp snooping configuration 289
• Using the gui 289
• And click 290
• Before configuring igmp snooping for vlans set up the vlans that the router ports and the member ports are in for details please refer to configuring 802 q vlan 290
• Choose the menu 290
• Click apply 290
• Configuring igmp snooping for vlans 290
• Global config 290
• Igmp vlan confi 290
• In your desired vlan entry in the 290
• Section to load the following page 290
• The switch supports configuring igmp snooping on a per vlan basis after igmp snooping is enabled globally you also need to enable igmp snooping and configure the corresponding parameters for the vlans that the router ports and the member ports are in 290
• Enable igmp snooping for the vlan and configure the corresponding parameters 291
• Follow these steps to configure igmp snooping for a specific vlan 291
• Click save 293
• Click apply 294
• Configuring hosts to statically join a group 294
• Configuring igmp snooping for ports 294
• Enable igmp snooping for the port and enable fast leave if there is only one receiver connected to the port 294
• Follow these steps to configure igmp snooping for ports 294
• Following page 294
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 294
• Port confi 294
• To load the 294
• Configuring igmp accounting and authentication features 295
• Configuring igmp snooping globally 297
• Follow these steps to configure igmp snooping globally 297
• Using the cli 297
• Configuring igmp snooping for vlans 298
• Configuring igmp snooping for ports 303
• Follow these steps to configure igmp snooping for ports 303
• General query source ip 192 68 303
• Last member query count 3 303
• Last member query interval 2 303
• Maximum response time 15 303
• Querier 303
• Query interval 100 303
• Switch config end 303
• Switch config ip igmp snooping vlan config 1 querier general query source ip 192 68 303
• Switch config ip igmp snooping vlan config 1 querier last member query count 3 303
• Switch config show ip igmp snooping vlan 1 303
• Switch copy running config startup config 303
• Vlan id 1 303
• Configuring hosts to statically join a group 304
• Follow these steps to configure hosts to statically join a group 304
• Gi1 0 1 enable enable 304
• Gi1 0 2 enable enable 304
• Gi1 0 3 enable enable 304
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 304
• Port igmp snooping fast leave 304
• Switch config if range end 304
• Switch config if range ip igmp snooping 304
• Switch config if range ip igmp snooping immediate leave 304
• Switch config if range show ip igmp snooping interface gigabitethernet 1 0 1 3 304
• Switch config interface range fastehternet 1 0 1 3 304
• Switch configure 304
• Switch copy running config startup config 304
• The following example shows how to enable igmp snooping and fast leave for port 1 0 1 3 304
• 2 static gi1 0 1 3 305
• Configuring igmp accounting and authentication features 305
• Follow these steps to add the radius server and enable igmp accounting globally 305
• Multicast ip vlan id addr type switch port 305
• Switch config end 305
• Switch config ip igmp snooping vlan config 2 static 239 interface gigabitethernet 1 0 1 3 305
• Switch config show ip igmp snooping groups static 305
• Switch configure 305
• Switch copy running config startup config 305
• The following example shows how to configure port 1 0 1 3 in vlan 2 to statically join the multicast group 239 305
• To use these features you need to set up a radius server and configure add the radius server for the switch 305
• You can enable igmp accounting and authentication according to your need igmp accounting is configured globally and igmp authentication can be enabled on a per port basis 305
• Follow these steps to enable igmp authentication for ports 306
• Enable port gi1 0 1 28 po1 14 307
• Enable vlan 307
• Global authentication accounting enable 307
• Switch config end 307
• Switch config if range ip igmp snooping authentication 307
• Switch config if range show ip igmp snooping interface gigabitethernet 1 0 1 3 authentication 307
• Switch config interface range gigabitehternet 1 0 1 3 307
• Switch config ip igmp snooping accounting 307
• Switch config show ip igmp snooping 307
• Switch configure 307
• Switch copy running config startup config 307
• The following example shows how to enable igmp accounting globally 307
• The following example shows how to enable igmp authentication on port 1 0 1 3 307
• Configuring mld snooping globally 309
• Mld snooping configuration 309
• Using the gui 309
• Configuring mld snooping for vlans 310
• Click apply 313
• Click save 313
• Configuring mld snooping for ports 313
• Enable mld snooping for the port and enable fast leave if there is only one receiver connected to the port 313
• Follow these steps to configure mld snooping for ports 313
• Following page 313
• Port config to load the 313
• Choose the menu 314
• Click create 314
• Configuring hosts to statically join a group 314
• Configuring mld snooping globally 314
• Follow these steps to configure hosts to statically join a group 314
• Follow these steps to configure mld snooping globally 314
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 314
• Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 314
• Static group config 314
• To load the following page 314
• Using the cli 314
• Before configuring mld snooping for vlans set up the vlans that the router ports and the member ports are in for details please refer to configuring 802 q vlan 315
• Configuring mld snooping for vlans 315
• Mld snooping enable 315
• Switch config end 315
• Switch config ipv6 mld snooping 315
• Switch config ipv6 mld snooping drop unknown 315
• Switch config show ipv6 mld snooping 315
• Switch configure 315
• Switch copy running config startup config 315
• The following example shows how to enable mld snooping globally and the way how the switch processes multicast streams that are sent to unknown multicast groups as discard 315
• The switch supports configuring mld snooping on a per vlan basis after mld snooping is enabled globally you also need to enable mld snooping and configure the 315
• Unknown multicast discard 315
• Corresponding parameters for the vlans that the router ports and the member ports are in 316
• Follow these steps to configure mld snooping for vlans 316
• Switch config ipv6 mld snooping vlan config 1 mtime 300 318
• Switch configure 318
• The following example shows how to enable mld snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 318
• Configuring mld snooping for ports 320
• Follow these steps to configure mld snooping for ports 320
• General query source ip fe80 1 320
• Last member query count 3 320
• Last member query interval 2 320
• Switch config end 320
• Switch config if range ipv6 mld snooping 320
• Switch config interface range fastehternet 1 0 1 3 320
• Switch configure 320
• Switch copy running config startup config 320
• The following example shows how to enable mld snooping and fast leave for port 1 0 1 3 320
• Configuring hosts to statically join a group 321
• Follow these steps to configure hosts to statically join a group 321
• Gi1 0 1 enable enable 321
• Gi1 0 2 enable enable 321
• Gi1 0 3 enable enable 321
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 321
• Port mld snooping fast leave 321
• Switch config if range end 321
• Switch config if range ipv6 mld snooping immediate leave 321
• Switch config if range show ipv6 mld snooping interface gigabitethernet 1 0 1 3 321
• Switch config ipv6 mld snooping vlan config 2 static ff80 1234 01 interface gigabitethernet 1 0 1 3 321
• Switch config show ipv6 mld snooping groups static 321
• Switch configure 321
• Switch copy running config startup config 321
• The following example shows how to configure port 1 0 1 3 in vlan 2 to statically join the multicast group ff80 1234 01 321
• Configuring 802 q vlans 323
• Mvr configuration 323
• Using the gui 323
• Choose the menu 324
• Click apply 324
• Configuring mvr globally 324
• Enable mvr globally and configure the global parameters 324
• Follow these steps to configure mvr globally 324
• Mvr config 324
• To load the following page 324
• Adding multicast groups to mvr 325
• And click 325
• Click create 325
• Follow these steps to add multicast groups to mvr 325
• Mvr group config 325
• Specify the ip address of the multicast groups 325
• Then the added multicast groups will appear in the mvr group table as the following figure shows 325
• To load the following page 325
• You need to manually add multicast groups to the mvr choose the menu 325
• Choose the menu 326
• Configuring mvr for the port 326
• Enable mvr and configure the port type and fast leave feature for the port 326
• Follow these steps to add multicast groups to mvr 326
• Port config 326
• Select one or more ports to configure 326
• To load the following page 326
• And click 327
• Choose the menu 327
• Click apply 327
• Optional adding ports to mvr groups statically 327
• Static group members 327
• You can add only receiver ports to mvr groups statically the switch adds or removes receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts you can also statically add a receiver port to an mvr group 327
• Your desired mvr group entry to load the following page 327
• Before configuring mvr create an 802 q vlan as the multicast vlan add the all source ports to the multicast vlan as tagged ports configure 802 q vlans for the receiver ports according to network requirements note that receiver ports can only belong to one vlan and cannot be added to the multicast vlan for details refer to configuring 802 q vlan 328
• Click save 328
• Configuring 802 q vlans 328
• Configuring mvr globally 328
• Follow these steps to configure mvr globally 328
• Follow these steps to statically add ports to an mvr group 328
• Select the ports to add them to the mvr group 328
• Using the cli 328
• Mvr current multicast groups 3 329
• Mvr enable 329
• Mvr global query response time 5 tenths of sec 329
• Mvr max multicast groups 256 329
• Mvr mode type compatible 329
• Mvr multicast vlan 2 329
• Switch config mvr group 239 3 329
• Switch config mvr mode compatible 329
• Switch config mvr querytime 5 329
• Switch config mvr vlan 2 329
• Switch config show mvr 329
• Switch config show mvr members 329
• Switch configure 329
• The following example shows how to enable mvr globally and configure the mvr mode as compatible the multicast vlan as vlan 2 and the query response time as 5 tenths of a second then add 239 239 to mvr group 329
• Active 330
• Configuring mvr for the ports 330
• Follow these steps to configure mvr for the ports 330
• Mvr group ip status members 330
• Switch config end 330
• Switch copy running config startup config 330
• Creating the multicast profile 333
• Multicast filtering configuration 333
• Using the gui 333
• Follow these steps to create a profile 334
• In the general config section specify the profile id and mode 334
• In the ip range section click 334
• To load the following page configure the start ip address and end ip address of the multicast groups to be filtered and click create 334
• Configure multicast filtering for ports 335
• Click apply 336
• Creating igmp profile multicast profile for ipv4 336
• Creating the multicast profile 336
• Follow these steps to bind the profile to ports and configure the corresponding parameters for the ports 336
• Select one or more ports to configure 336
• Specify the profile to be bound and configure the maximum groups the port can join and the overflow action 336
• Using the cli 336
• You can create multicast profiles for both ipv4 and ipv6 network with multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources 336
• Creating mld profile multicast profile for ipv6 337
• Igmp profile 1 337
• Range 226 226 0 337
• Switch config end 337
• Switch config igmp profile deny 337
• Switch config igmp profile range 226 226 0 337
• Switch config igmp profile show ip igmp profile 337
• Switch config ip igmp profile 1 337
• Switch config ip igmp snooping 337
• Switch configure 337
• Switch copy running config startup config 337
• The following example shows how to configure profile 1 so that the switch filters multicast streams sent to 226 226 0 337
• Mld profile 1 338
• Range ff01 1234 5 ff01 1234 8 338
• Switch config end 338
• Switch config ipv6 mld profile 1 338
• Switch config ipv6 mld snooping 338
• Switch config mld profile deny 338
• Switch config mld profile range ff01 1234 5 ff01 1234 8 338
• Switch config mld profile show ipv6 mld profile 338
• Switch configure 338
• Switch copy running config startup config 338
• The following example shows how to configure profile 1 so that the switch filters multicast streams sent to ff01 1234 5 ff01 1234 8 338
• Binding the igmp profile to ports 339
• Binding the profile to ports 339
• You can bind the created igmp profile or mld profile to ports and configure the number of multicast groups a port can join and the overflow action 339
• Binding port s 340
• Binding the mld profile to ports 340
• Gi1 0 2 340
• Gi1 0 2 50 drops 340
• Igmp profile 1 340
• Port max groups overflow action 340
• Switch config end 340
• Switch config if ip igmp filter 1 340
• Switch config if ip igmp snooping 340
• Switch config if ip igmp snooping max groups 50 340
• Switch config if ip igmp snooping max groups action drop 340
• Switch config if show ip igmp profile 340
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 2 max groups 340
• Switch config interface gigabitethernet 1 0 2 340
• Switch configure 340
• Switch copy running config startup config 340
• The following example shows how to bind the existing profile 1 to port 1 0 2 and specify the maximum number of multicast groups that port 1 0 2 can join as 50 and the overflow action as drop 340
• Binding port s 341
• Mld profile 1 341
• Switch config if ipv6 mld filter 1 341
• Switch config if ipv6 mld snooping 341
• Switch config if ipv6 mld snooping max groups 50 341
• Switch config if ipv6 mld snooping max groups action drop 341
• Switch config if show ipv6 mld profile 341
• Switch config interface gigabitethernet 1 0 2 341
• Switch configure 341
• The following example shows how to bind the existing profile 1 to port 1 0 2 and specify the maximum number of multicast groups that port 1 0 2 can join as 50 and the overflow action as drop 341
• Using the gui 343
• Viewing ipv4 multicast table 343
• Viewing multicast snooping information 343
• Follow these steps to view ipv4 multicast statistics on each port 344
• In the port statistics section view ipv4 multicast statistics on each port 344
• Ipv4 multicast statistics to load the following page 344
• To get the real time multicast statistics enable auto refresh or click refresh 344
• Viewing ipv4 multicast statistics on each port 344
• Ipv6 multicast table to load the following pag 345
• The multicast ip address table shows all valid multicast ip vlan port entries 345
• Viewing ipv6 multicast table 345
• Follow these steps to view ipv6 multicast statistics on each port 346
• In the port statistics section view ipv6 multicast statistics on each port 346
• Ipv6 multicast statistics to load the following page 346
• To get the real time ipv6 multicast statistics enable auto refresh or click refresh 346
• Viewing ipv6 multicast statistics on each port 346
• Using the cli 347
• Viewing ipv4 multicast snooping information 347
• Viewing ipv6 multicast snooping configurations 347
• Configuration examples 348
• Configuration scheme 348
• Example for configuring basic igmp snooping 348
• Network requirements 348
• Using the gui 349
• Using the cli 351
• Verify the configurations 352
• Example for configuring mvr 353
• Network requirements 353
• Network topology 353
• Add port 1 0 1 3 to vlan 10 vlan 20 and vlan 30 as untagged ports respectively and configure the pvid of port 1 0 1 as 10 port 1 0 2 as 20 port 1 0 3 as 30 make sure port1 0 1 3 only belong to vlan 10 vlan 20 and vlan 30 respectively for details refer to configuring 802 q vlan 354
• As the hosts are in different vlans in igmp snooping the querier need to duplicate multicast streams for hosts in each vlan to avoid duplication of multicast streams being sent between querier and the switch you can configure mvr on the switch 354
• Configuration scheme 354
• Internet 354
• The switch can work in either mvr compatible mode or mvr dynamic mode when in compatible mode remember to statically configure the querier to transmit the streams of multicast group 225 to the switch via the multicast vlan here we take the mvr dynamic mode as an example 354
• This section provides configuration procedures in two ways using the gui and using the cli 354
• Using the gui 354
• To load the following page create vlan 40 and add port 1 0 4 to the vlan as tagged port 355
• Vlan config and click 355
• Using the cli 357
• Verify the configurations 359
• Example for configuring unknown multicast and fast leave 360
• Network requirement 360
• Configuration scheme 361
• Using the gui 361
• Using the cli 363
• Configuration scheme 364
• Example for configuring multicast filtering 364
• Network requirements 364
• Verify the configurations 364
• As shown in the following network topology host b is connected to port 1 0 1 host c is connected to port 1 0 2 and host d is connected to port 1 0 3 they are all in vlan 10 365
• Create vlan 10 add port 1 0 1 3 to the vlan as untagged port and port 1 0 4 as tagged port configure the pvid of the four ports as 10 for details refer to configuring 802 q vlan 365
• Global config to load the following page in the global config section enable igmp snooping globally 365
• Internet 365
• Network topology 365
• This section provides configuration procedures in two ways using the gui and using the cli 365
• Using the gui 365
• In the igmp vlan config section click 366
• In vlan 10 to load the following page enable igmp snooping for vlan 10 366
• Using the cli 369
• Verify the configurations 371
• Appendix default parameters 372
• Default parameters for igmp snooping 372
• Default parameters for mld snooping 373
• Default parameters for multicast filtering 374
• Default parameters for mvr 374
• Chapters 375
• Configuring spanning tree 375
• Part 13 375
• Basic concepts 376
• Overview 376
• Spanning tree 376
• Stp rstp concepts 376
• Bridge id 377
• Port role 377
• Root bridge 377
• Port status 378
• Path cost 379
• Root path cost 379
• Mst region 380
• Mstp concepts 380
• Mst instance 381
• Stp security 381
• Vlan instance mapping 381
• Configuring stp rstp parameters on ports 384
• Stp rstp configurations 384
• Using the gui 384
• In the port config section configure stp rstp parameters on ports 385
• Click apply 386
• Configuring stp rstp globally 386
• Stp config to load the following page 386
• Follow these steps to configure stp rstp globally 387
• In the parameters config section configure the global parameters of stp rstp and click apply 387
• In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 388
• Stp summary to load the following page 388
• Verify the stp rstp information of your switch after all the configurations are finished 388
• Verifying the stp rstp configurations 388
• The stp summary section shows the summary information of spanning tree 389
• Configuring stp rstp parameters on ports 390
• Follow these steps to configure stp rstp parameters on ports 390
• Using the cli 390
• Configuring global stp rstp parameters 392
• This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 393
• Enable rstp 36864 2 12 20 5 20 394
• Enabling stp rstp globally 394
• Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 394
• State mode priority hello time fwd time max age hold count max hops 394
• Switch config end 394
• Switch config show spanning tree bridge 394
• Switch config spanning tree 394
• Switch config spanning tree mode rstp 394
• Switch config spanning tree priority 36864 394
• Switch config spanning tree timer forward time 12 394
• Switch configure 394
• Switch copy running config startup config 394
• This example shows how to enable spanning tree function configure the spanning tree mode as rstp and verify the configurations 394
• Configuring parameters on ports in cist 396
• Mstp configurations 396
• Using the gui 396
• Follow these steps to configure parameters on ports in cist 397
• In the port config section configure the parameters on ports 397
• Besides configure the priority of the switch the priority and path cost of ports in the desired instance 399
• Click apply 399
• Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 399
• Configuring the mstp region 399
• Configuring the region name and revision level 399
• Follow these steps to create an mst region 399
• In the region config section set the name and revision level to specify an mstp region 399
• Region config to load the following page 399
• Configure port parameters in the desired instance 401
• Configuring parameters on ports in the instance 401
• Follow these steps to configure port parameters in the instance 401
• In the instance port config section select the desired instance id 401
• Instance port config to load the following page 401
• Configuring mstp globally 403
• Follow these steps to configure mstp globally 403
• In the parameters config section configure the global parameters of mstp and click apply 403
• Stp config to load the following page 403
• In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 404
• Stp summary to load the following page 405
• The stp summary section shows the summary information of cist 405
• Verifying the mstp configurations 405
• Configuring parameters on ports in cist 406
• Follow these steps to configure the parameters of the port in cist 406
• The mstp instance summary section shows the information in mst instances 406
• Using the cli 406
• Configuring the mstp region 408
• Switch configure 409
• This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 409
• 7 4094 410
• Configuring the parameters on ports in instance 410
• Follow these steps to configure the priority and path cost of ports in the specified instance 410
• Mst instance vlans mapped 410
• Region name r1 410
• Revision 100 410
• Switch config mst end 410
• Switch config mst instance 5 vlan 2 6 410
• Switch config mst name r1 410
• Switch config mst revision 100 410
• Switch config mst show spanning tree mst configuration 410
• Switch config spanning tree mst configuration 410
• Switch copy running config startup config 410
• Configuring global mstp parameters 411
• Follow these steps to configure the global mstp parameters of the switch 411
• Gi1 0 3 144 200 n a lnkdwn n a 411
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn n a 411
• Interface prio cost role status lag 411
• Interface state prio ext cost int cost edge p2p mode role status lag 411
• Mst instance 0 cist 411
• Mst instance 5 411
• Switch config if end 411
• Switch config if show spanning tree interface gigabitethernet 1 0 3 411
• Switch config if spanning tree mst instance 5 port priority 144 cost 200 411
• Switch config interface gigabitethernet 1 0 3 411
• Switch configure 411
• Switch copy running config startup config 411
• This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in instance 5 411
• Enable mstp 36864 2 12 20 8 25 413
• Enabling spanning tree globally 413
• Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 413
• State mode priority hello time fwd time max age hold count max hops 413
• Switch config if end 413
• Switch config if show spanning tree bridge 413
• Switch config if spanning tree hold count 8 413
• Switch config if spanning tree max hops 25 413
• Switch config if spanning tree timer forward time 12 413
• Switch config spanning tree priority 36864 413
• Switch configure 413
• Switch copy running config startup config 413
• This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 413
• Configure the port protect features for the selected ports and click apply 416
• Stp security configurations 416
• Stp security to load the following page 416
• Using the gui 416
• Configuring the stp security 417
• Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 417
• Using the cli 417
• Gi1 0 3 enable enable enable enable disable enable 419
• Interface bpdu filter bpdu guard loop protect root protect tc protect bpdu flood 419
• Switch config if end 419
• Switch config if show spanning tree interface security gigabitethernet 1 0 3 419
• Switch config if spanning tree bpdufilter 419
• Switch config if spanning tree bpduguard 419
• Switch config if spanning tree guard loop 419
• Switch config if spanning tree guard root 419
• Switch config interface gigabitethernet 1 0 3 419
• Switch configure 419
• Switch copy running config startup config 419
• This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 419
• As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 420
• Configuration example for mstp 420
• Configuration scheme 420
• Here we configure two instances to meet the requirement as is shown below 420
• It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 420
• Mstp backwards compatible with stp and rstp can map vlans to instances to implement load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 420
• Network requirements 420
• To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 420
• Using the gui 421
• Using the cli 427
• Verify the configurations 429
• Appendix default parameters 434
• Default settings of the spanning tree feature are listed in the following table 434
• Chapters 436
• Configuring lldp 436
• Part 14 436
• Overview 437
• Supported features 437
• Configuring lldp globally 438
• Lldp configurations 438
• Using the gui 438
• Follow these steps to configure the lldp feature globally 439
• In the global config section enable lldp you can also enable the switch to forward lldp messages when lldp function is disabled click apply 439
• In the parameter config section configure the lldp parameters click apply 439
• Configure the admin status and notification mode for the port 440
• Configuring lldp for the port 440
• Follow these steps to configure the lldp feature for the interface 440
• Port config to load the following page 440
• Select one or more ports to configure 440
• Select the tlvs type length value included in the lldp packets according to your needs 440
• Click apply 441
• Enable the lldp feature on the switch and configure the lldp parameters 441
• Global config 441
• Using the cli 441
• Switch config lldp 442
• Switch config lldp hold multiplier 4 442
• Switch config lldp timer tx interval 30 442
• Switch configure 442
• The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 442
• Fast packet count 3 443
• Initialization delay 2 seconds 443
• Lldp forward message disabled 443
• Lldp med fast start repeat count 4 443
• Lldp status enabled 443
• Port config 443
• Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 443
• Switch config end 443
• Switch config lldp timer fast count 3 443
• Switch config lldp timer notify interval 5 443
• Switch config lldp timer reinit delay 3 443
• Switch config lldp timer tx delay 2 443
• Switch config show lldp 443
• Switch copy running config startup config 443
• Trap notification interval 5 seconds 443
• Ttl multiplier 4 443
• Tx delay 2 seconds 443
• Tx interval 30 seconds 443
• Configuring lldp globally 446
• Configuring lldp med globally 446
• Lldp med configurations 446
• Using the gui 446
• Configuring lldp med for ports 447
• Global config 449
• Lldp status enabled 449
• Switch config lldp 449
• Switch config lldp med fast count 4 449
• Switch config show lldp 449
• Switch configure 449
• The following example shows how to configure lldp med fast count as 4 449
• Tx interval 30 seconds 449
• Using the cli 449
• Fast packet count 3 450
• Initialization delay 2 seconds 450
• Lldp med fast start repeat count 4 450
• Port config 450
• Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 450
• Switch config end 450
• Switch copy running config startup config 450
• Trap notification interval 5 seconds 450
• Ttl multiplier 4 450
• Tx delay 2 seconds 450
• Using gui 453
• Viewing lldp device info 453
• Viewing lldp settings 453
• Follow these steps to view the local information 454
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 454
• In the local info section select the desired port and view its associated local device information 454
• Viewing lldp statistics 457
• In the neighbors statistics section view the statistics of the corresponding port 458
• Using cli 458
• Viewing lldp statistics 458
• Viewing the local info 458
• Viewing the neighbor info 458
• Using gui 459
• Viewing lldp med settings 459
• Using cli 462
• Viewing lldp statistics 462
• Viewing the local info 462
• Viewing the neighbor info 462
• Configuration example 463
• Configuration scheme 463
• Network requirements 463
• Network topology 463
• Using the gui 463
• Using cli 464
• Verify the configurations 465
• Appendix default parameters 471
• Default lldp med settings 471
• Default lldp settings 471
• Default settings of lldp are listed in the following tables 471
• Chapters 472
• Configuring l2pt 472
• Part 15 472
• Overview 473
• Follow these steps to configure l2pt 475
• In the l2pt config section enable l2pt globally and click apply 475
• In the port config section configure the port that is connected to the customer network as a uni port and specify your desired protocols on the port in addition you can also set the threshold for packets per second to be processed on the uni port 475
• L2pt configuration 475
• L2pt to load the following page 475
• Using the gui 475
• Click apply 476
• Follow these steps to configure l2pt feature 476
• In the port config section configure the port that is connected to the isp network as an nni port note that the protocols and threshold cannot be configured on the nni port 476
• Using the cli 476
• Configuration example 480
• Configuration scheme 480
• Network requirements 480
• Using the gui 480
• Using the cli 481
• Verify the configuration 482
• Appendix default parameters 483
• Default settings of l2pt are listed in the following table 483
• Chapters 484
• Configuring pppoe id insertion 484
• Part 16 484
• Overview 485
• Pppoe id insertion configuration 486
• Using the gui 486
• Follow these steps to configure pppoe id insertion 487
• Using the cli 487
• Pppoe id insertion state enabled 488
• Switch config if interface gigabitethernet 1 0 1 488
• Switch config if pppoe circuit id 488
• Switch config if pppoe circuit id type udf only 123 488
• Switch config if pppoe remote id host1 488
• Switch config if show pppoe id insertion global 488
• Switch config pppoe id insertion 488
• Switch configure 488
• The following example shows how to enable pppoe id insertion globally and on port 1 0 1 and configure the circuit id as 123 without other information and remote id as host1 488
• Appendix default parameters 490
• Default settings of l2pt are listed in the following table 490
• Chapters 491
• Configuring dhcp service 491
• Part 17 491
• Dhcp relay 492
• Overview 492
• Supported features 492
• As the following figure shows no ip addresses are assigned to vlan 10 and vlan 20 the switch uses the ip address of the default agent interface 192 68 24 to apply for ip addresses for clients in both vlan 10 and vlan 20 as a result the dhcp server will assign ip addresses on 192 68 24 the same subnet with the ip address of the default agent interface to clients in both vlan 10 and vlan 20 493
• Dhcp l2 relay 493
• Unlike dhcp relay dhcp l2 relay is used in the situation that the dhcp server and client are in the same vlan in dhcp l2 relay in addition to normally assigning ip addresses to clients from the dhcp server the switch can record the location information of the dhcp client using option 82 the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server the dhcp server which supports option 82 can set the distribution policy of ip addresses and the other parameters providing a more flexible address distribution way 493
• Dhcp relay configuration 494
• Enabling dhcp relay and configuring option 82 494
• Using the gui 494
• Optional in the option 82 config section configure option 82 495
• Configuring dhcp vlan relay 496
• Enabling dhcp relay 497
• Follow these steps to enable dhcp relay and configure the corresponding parameters 497
• Specify the vlan that the clients belong to and the ip address of the dhcp server click create 497
• Switch config service dhcp relay 497
• Switch configure 497
• The following example shows how to enable dhcp relay configure the relay hops as 5 and configure the relay time as 10 seconds 497
• Using the cli 497
• Dhcp relay state enabled 498
• Follow these steps to configure option 82 498
• Optional configuring option 82 498
• Switch config end 498
• Switch config show ip dhcp relay 498
• Switch copy running config startup config 498
• Configuring dhcp vlan relay 499
• Follow these steps to configure dhcp vlan relay 499
• Gi1 0 7 enable replace normal vlan20 host1 n a 499
• Interface option 82 status operation strategy format circuit id remote id lag 499
• Switch config if end 499
• Switch config if ip dhcp relay information circut id vlan20 499
• Switch config if ip dhcp relay information format normal 499
• Switch config if ip dhcp relay information option 499
• Switch config if ip dhcp relay information remote id host1 499
• Switch config if ip dhcp relay information strategy replace 499
• Switch config if show ip dhcp relay information interface gigabitethernet 1 0 7 499
• Switch config interface gigabitethernet 1 0 7 499
• Switch configure 499
• Switch copy running config startup config 499
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan 20 and the remote id as host1 499
• Dhcp vlan relay helper address is configured on the following vlan 500
• Switch config end 500
• Switch config if exit 500
• Switch config if ip dhcp relay default interface 500
• Switch config interface vlan 1 500
• Switch config ip dhcp relay vlan 10 helper address 192 68 500
• Switch config show ip dhcp relay 500
• Switch configure 500
• Switch copy running config startup config 500
• The following example shows how to set vlan interface 1 the management vlan as the default relay agent interface and specify the dhcp server by entering the server address as 192 68 on vlan 10 500
• Vlan 10 192 68 500
• Vlan helper address 500
• Dhcp l2 relay configuration 501
• Enabling dhcp l2 relay 501
• Using the gui 501
• Configuring option 82 for ports 502
• Follow these steps to enable dhcp relay and configure option 82 502
• Port config to load the following page 502
• Select one or more ports to configure option 82 502
• Click apply 503
• Enabling dhcp relay 503
• Follow these steps to enable dhcp l2 relay 503
• Switch config ip dhcp l2relay 503
• Switch configure 503
• The following example shows how to enable dhcp l2 relay globally and for vlan 2 503
• Using the cli 503
• Configuring option 82 for ports 504
• Follow these steps to configure option 82 504
• Global status enable 504
• Switch config end 504
• Switch config ip dhcp l2relay vlan 2 504
• Switch config show ip dhcp l2relay 504
• Switch copy running config startup config 504
• Vlan id 2 504
• Gi1 0 7 enable replace normal vlan20 host1 n a 505
• Interface option 82 status operation strategy format circuit id remote id lag 505
• Switch config if end 505
• Switch config if ip dhcp l2relay information circut id vlan20 505
• Switch config if ip dhcp l2relay information format normal 505
• Switch config if ip dhcp l2relay information option 505
• Switch config if ip dhcp l2relay information remote id host1 505
• Switch config if ip dhcp l2relay information strategy replace 505
• Switch config if show ip dhcp l2relay information interface gigabitethernet 1 0 7 505
• Switch config interface gigabitethernet 1 0 7 505
• Switch configure 505
• Switch copy running config startup config 505
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 505
• Configuration scheme 506
• Example for dhcp vlan relay 506
• Network requirements 506
• Using the gui 507
• Department and r d department respectively add port 1 0 1 to vlan 10 and port 1 0 2 to vlan 20 508
• Using the cli 510
• Verify the configurations of the dhcp relay agent 512
• Appendix default parameters 513
• Default settings of dhcp l2 relay are listed in the following table 513
• Default settings of dhcp relay are listed in the following table 513
• Chapters 515
• Configuring qos 515
• Part 18 515
• Bandwidth control 516
• Class of service 516
• Overview 516
• Supported features 516
• Voice vlan and auto voip 516
• Class of service configuration 518
• Configuration guidelines 518
• Click apply 519
• Configuring port priority 519
• Configuring the trust mode and port to 802 p mapping 519
• Follow these steps to configure the parameters of the port priority 519
• Port priority to load the following page 519
• Select the desired ports specify the 802 p priority and set the trust mode as untrusted 519
• Using the gui 519
• Configuring the 802 p to queue mapping 520
• In the 802 p to queue mapping section configure the mappings and click apply 520
• P priority to load the following page 520
• Configuring 802 p priority 521
• Configuring the 802 p to queue mapping and 802 p remap 522
• Follow these steps to configure the parameters of the 802 p priority 522
• In the 802 p to queue mapping section configure the mappings and click apply 522
• Optional in the 802 p remap section configure the 802 p to 802 p mappings and click apply 522
• P priority to load the following page 522
• Click apply 523
• Configuring dscp priority 523
• Configuring the trust mode 523
• Follow these steps to configure the trust mode 523
• Port priority to load the following page 523
• Select the desired ports and set the trust mode as trust dscp 523
• Configuring the 802 p to queue mapping 524
• In the 802 p to queue mapping section configure the mappings and click apply 524
• P priority to load the following page 524
• Click apply 525
• Configuring the dscp to 802 p mapping and the dscp remap 525
• Dscp priority to load the following page 525
• Follow these steps to configure the dscp priority 525
• In the dscp priority config section configure the dscp to 802 p mapping and the dscp remap 525
• Specifying the scheduler settings 526
• Click apply 527
• Configuring port priority 527
• Configuring the trust mode and the port to 802 p mapping 527
• Follow these steps to configure the trust mode and the port to 802 p mapping 527
• Using cli 527
• Configuring the 802 p to queue mapping 528
• Follow these steps to configure the 802 p to queue mapping 528
• Configuring 802 p priority 529
• Configuring the 802 p to queue mapping and 802 p remap 530
• Follow these steps to configure the 802 p to queue mapping and 802 p remap 530
• Configuring dscp priority 532
• Configuring the 802 p to queue mapping 532
• Configuring the trust mode 532
• Dot1p remap 0 3 2 3 4 5 6 7 n a 532
• Follow these steps to configure the 802 p to queue mapping 532
• Follow these steps to configure the trust mode 532
• Switch config end 532
• Switch copy running config startup config 532
• Configuring the dscp to 802 p mapping and dscp remp 533
• Follow these steps to configure the dscp to 802 p mapping and dscp remap 533
• Dscp 16 17 18 19 20 21 22 23 536
• Dscp 24 25 26 27 28 29 30 31 536
• Dscp 32 33 34 35 36 37 38 39 536
• Dscp 40 41 42 43 44 45 46 47 536
• Dscp 48 49 50 51 52 53 54 55 536
• Dscp 56 57 58 59 60 61 62 63 536
• Dscp remap value 16 17 18 19 20 21 22 23 536
• Dscp remap value 24 25 26 27 28 29 30 31 536
• Dscp remap value 32 33 34 35 36 37 38 39 536
• Dscp remap value 40 41 42 43 44 45 46 47 536
• Dscp remap value 48 49 50 51 52 53 54 55 536
• Dscp remap value 56 57 58 59 60 61 62 63 536
• Follow these steps to specify the scheduler settings to control the forwarding sequence of different tc queues when congestion occurs 536
• Specifying the scheduler settings 536
• Switch config if end 536
• Switch copy running config startup config 536
• Gi1 0 1 lag n a 537
• Queue schedule mode weight 537
• Switch config if qos queue 1 mode sp 537
• Switch config if qos queue 4 mode wrr weight 5 537
• Switch config if show qos queue interface gigabitethernet 1 0 1 537
• Switch config interface gigabitethernet 1 0 1 537
• Switch configure 537
• Tc0 wrr 1 537
• The following example shows how to specify the scheduler settings for port 1 0 1 set the scheduler mode of tc1 as sp mode set the scheduler mode of tc4 as wrr mode and set the queue weight as 5 537
• Bandwidth control configuration 539
• Configuring rate limit 539
• Using the gui 539
• Configuring storm control 540
• Follow these steps to configure the storm control function 540
• Select the desired port and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames unknown unicast frames 540
• Storm control to load the following page 540
• Click apply 541
• Configuring rate limit 541
• Follow these steps to configure the upper rate limit for the port to receive and send packets 541
• Using the cli 541
• Configuring storm control 542
• Follow these steps to configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames 542
• Gi1 0 5 5120 1024 n a 542
• Port ingressrate kbps egressrate kbps lag 542
• Switch config if bandwidth ingress 5120 egress 1024 542
• Switch config if end 542
• Switch config if show bandwidth interface gigabitethernet 1 0 5 542
• Switch config interface gigabitethernet 1 0 5 542
• Switch configure 542
• Switch copy running config startup config 542
• The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 542
• Gi1 0 5 kbps 1024 0 0 shutdown 10 n a 544
• Port rate mode bcrate mcrate ulrate exceed recover time lag 544
• Switch config if end 544
• Switch config if show storm control interface gigabitethernet 1 0 5 544
• Switch config if storm control broadcast 1024 544
• Switch config if storm control exceed shutdown recover time 10 544
• Switch config if storm control rate mode kbps 544
• Switch config interface gigabitethernet 1 0 5 544
• Switch configure 544
• Switch copy running config startup config 544
• The following example shows how to configure the upper rate limit of broadcast packets as 1024 kbps specify the action as shutdown and set the recover time as 10 for port 1 0 5 544
• Configuring oui addresses 545
• Using the gui 545
• Voice vlan configuration 545
• Click create 546
• Configuring voice vlan globally 546
• Follow these steps to configure the oui addresses 546
• Global config to load the following page 546
• Specify the oui and the description 546
• To load the following page 546
• Adding ports to voice vlan 547
• Click apply 547
• Enable the voice vlan feature and specify the parameters 547
• Follow these steps to configure voice vlan globally 547
• Port config to load the following page 547
• Select the desired ports and choose enable in voice vlan filed 547
• Click apply 548
• Follow these steps to configure voice vlan 548
• Using the cli 548
• Auto voip configuration 551
• Configuration guidelines 551
• Using the gui 551
• Click apply 552
• Follow these steps to configure auto voip 552
• Using the cli 552
• Configuration examples 556
• Configuration scheme 556
• Example for class of service 556
• Network requirements 556
• Using the gui 557
• Using the cli 559
• Verify the configurations 560
• Example for voice vlan 561
• Network requirements 561
• Configuration scheme 562
• Configure 802 q vlan for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 562
• Configure voice vlan feature on port 1 0 1 and port 1 0 2 562
• Internet 562
• The following sections provide configuration procedure in two ways using the gui and using the cli 562
• To implement this requirement you can configure voice vlan to ensure that the voice traffic can be transmitted in the same vlan and the data traffic is transmitted in another vlan in addition specify the priority to make the voice traffic can take precedence when the congestion occurs 562
• To load the following page create vlan 2 and add untagged port 1 0 1 port 1 0 2 and port 1 0 4 to vlan 2 click create 562
• Using the gui 562
• Vlan config and click 562
• Using the cli 566
• Verify the configurations 568
• Example for auto voip 569
• Network requirements 569
• Configuration scheme 570
• Using the gui 570
• Select port 1 0 2 set the scheduler mode as weighted and specify the queue weight as 10 for tc 7 click apply 573
• Using the cli 575
• Verify the configurations 576
• Appendix default parameters 580
• Default settings of class of service are listed in the following tables 580
• Default settings of class of service are listed in the following tables 582
• Default settings of voice vlan are listed in the following tables 582
• Default settings of auto voip are listed in the following tables 583
• Chapters 584
• Configuring access security 584
• Part 19 584
• Access control 585
• Access security 585
• Overview 585
• Serial port 585
• Supported features 585
• Telnet 585
• Access security configurations 586
• Configuring the access control feature 586
• Using the gui 586
• In the entry table section click 587
• To add an access control entry 587
• When the ip based mode is selected the following window will pop up 587
• When the mac based mode is selected the following window will pop up 587
• When the port based mode is selected the following window will pop up 588
• Click create then you can view the created entries in the entry table 589
• Configuring the http function 589
• Http config to load the following page 589
• In the global control section enable http function specify the port using for http and click apply to enable the http function 589
• In the number of access users section enable number control function specify the following parameters and click apply 590
• In the session config section specify the session timeout and click apply 590
• Configuring the https function 591
• In the ciphersuite config section select the algorithm to be enabled and click apply 592
• In the number of access users section enable number control function specify the following parameters and click apply 592
• In the session config section specify the session timeout and click apply 592
• In the load certificate and load key section download the certificate and key 593
• Configuring the ssh feature 594
• Configuring the telnet function 595
• Enable telnet and click apply 595
• In data integrity algorithm section enable the integrity algorithm you want the switch to support and click apply 595
• In import key file section select key type from the drop down list and click browse to download the desired key file 595
• In the encryption algorithm section enable the encryption algorithm you want the switch to support and click apply 595
• Telnet config to load the following page 595
• Configure the baud rate and click apply 596
• Configuring the access control 596
• Configuring the serial port parameters 596
• Follow these steps to configure the access control 596
• Serial port config to load the following page 596
• Using the cli 596
• 68 00 32 snmp telnet http https 598
• Configuring the http function 598
• Follow these steps to configure the http function 598
• Index ip address access interface 598
• Switch config end 598
• Switch config show user configuration 598
• Switch config user access control ip based 192 68 00 255 55 55 55 snmp telnet http https 598
• Switch config user access control ip based enable 598
• Switch configure 598
• Switch copy running config startup config 598
• The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 55 and make the switch support snmp telnet http and https 598
• User authentication mode ip based 598
• Http max users as admin 6 599
• Http max users as operator 2 599
• Http max users as power user 2 599
• Http max users as user 2 599
• Http port 80 599
• Http session timeout 9 599
• Http status enabled 599
• Http user limitation enabled 599
• Switch config end 599
• Switch config ip http max user 6 2 2 2 599
• Switch config ip http server 599
• Switch config ip http session timeout 9 599
• Switch config show ip http configuration 599
• Switch configure 599
• Switch copy running config startup config 599
• The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 599
• Configuring the https function 600
• Follow these steps to configure the https function 600
• Download ssl certificate ok 601
• Start to download ssl certificate 601
• Switch config ip http secure ciphersuite 3des ede cbc sha 601
• Switch config ip http secure max users 2 2 2 2 601
• Switch config ip http secure protocol ssl3 tls1 601
• Switch config ip http secure server 601
• Switch config ip http secure server download certificate ca crt ip address 192 68 00 601
• Switch config ip http secure server download key ca key ip address 192 68 00 601
• Switch config ip http secure session timeout 15 601
• Switch configure 601
• The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the maximum admin number as 2 the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 601
• Configuring the ssh feature 602
• Switch config ip ssh algorithm aes128 cbc 603
• Switch config ip ssh max client 4 603
• Switch config ip ssh server 603
• Switch config ip ssh timeout 100 603
• Switch config ip ssh version v1 603
• Switch config ip ssh version v2 603
• The following example shows how to configure the ssh function set the version as ssh v1 and ssh v2 enable the aes128 cbc and cast128 cbc encryption algorithm enable the hmac md5 data integrity algorithm choose the key type as ssh 2 rsa dsa 603
• Configuring the serial port parameters 605
• Configuring the telnet function 605
• Follow these steps enable the serial port parameters 605
• Follow these steps enable the telnet function 605
• Appendix default parameters 606
• Default settings of access security are listed in the following tables 606
• Chapters 608
• Configuring aaa 608
• Part 20 608
• Overview 609
• Aaa configuration 610
• Configuration guidelines 610
• Adding servers 611
• Using the gui 611
• Adding tacacs server 612
• Click create to add the radius server on the switch 612
• Click create to add the tacacs server on the switch 612
• Configure the following parameters 612
• Follow these steps to add a tacacs server 612
• Tacacs config and click 612
• To load the following page 612
• Configuring server groups 613
• Configuring the method list 613
• Click apply 615
• Click create to add the new method 615
• Configuring login account and enable password 615
• Configuring the aaa application list 615
• Follow these steps to configure the aaa application list 615
• Global config to load the following page 615
• In the aaa application list section select an access application and configure the login list and enable list 615
• The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 615
• Adding servers 616
• Using the cli 616
• Adding radius server 617
• Follow these steps to add radius server on the switch 617
• Switch configure 617
• The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 617
• Trying to access the switch and the others act as backup servers in case the first one breaks down 617
• 68 0 1812 1813 5 2 000aeb132397 123456 618
• Adding tacacs server 618
• Follow these steps to add tacacs server on the switch 618
• Server ip auth port acct port timeout retransmit nas identifier shared key 618
• Switch config end 618
• Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 618
• Switch config show radius server 618
• Switch copy running config startup config 618
• The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 618
• 68 0 49 8 123456 619
• Configuring server groups 619
• Server ip port timeout shared key 619
• Switch config end 619
• Switch config show tacacs server 619
• Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 619
• Switch configure 619
• Switch copy running config startup config 619
• The following example shows how to create a radius server group named radius1 and add the existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 619
• The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 619
• The two default server groups cannot be deleted or edited follow these steps to add a server group 619
• A method list describes the authentication methods and their sequence to authenticate the users the switch supports login method list for users of all types to gain access to the switch and enable method list for guests to get administrative privileges 620
• Configuring the method list 620
• Follow these steps to configure the method list 620
• Switch aaa group end 620
• Switch aaa group server 192 68 0 620
• Switch aaa group show aaa group radius1 620
• Switch config aaa group radius radius1 620
• Switch copy running config startup config 620
• Configuring the aaa application list 621
• Follow these steps to apply the login and enable method lists for the application telnet 622
• Http default default 622
• Module login list enable list 622
• Ssh default default 622
• Switch config line enable authentication enable1 622
• Switch config line end 622
• Switch config line login authentication login1 622
• Switch config line show aaa global 622
• Switch config line telnet 622
• Switch configure 622
• Switch copy running config startup config 622
• Telnet 622
• Telnet login1 enable1 622
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 622
• Follow these steps to apply the login and enable method lists for the application ssh 623
• Http default default 623
• Module login list enable list 623
• Ssh login1 enable1 623
• Switch config line enable authentication enable1 623
• Switch config line end 623
• Switch config line login authentication login1 623
• Switch config line show aaa global 623
• Switch config line ssh 623
• Switch configure 623
• Switch copy running config startup config 623
• Telnet default default 623
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 623
• Configuring login account and enable password 624
• Follow these steps to apply the login and enable method lists for the application http 624
• Http login1 enable1 624
• Module login list enable list 624
• Ssh default default 624
• Switch config end 624
• Switch config ip http enable authentication enable1 624
• Switch config ip http login authentication login1 624
• Switch config show aaa global 624
• Switch configure 624
• Switch copy running config startup config 624
• Telnet default default 624
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application http 624
• The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 624
• For enable password configuration 625
• For login authentication configuration more than one login account can be created on the server besides both the user name and password can be customized 625
• On radius server the user name should be set as enable and the enable password is customizable all the users trying to get administrative privileges share this enable password 625
• On the server 625
• On the switch 625
• Some configuration principles on the server are as follows 625
• The accounts created by the radius tacacs server can only view the configurations and some network information without the enable password 625
• The local username and password for login can be configured in the user management feature for details refer to managing system 625
• To configure the local enable password for getting administrative privileges follow these steps 625
• Configuration example 627
• Configuration scheme 627
• Network requirements 627
• Using the gui 628
• Using the cli 630
• Verify the configuration 631
• Appendix default parameters 633
• Default settings of aaa are listed in the following tables 633
• Chapters 635
• Configuring 802 x 635
• Part 21 635
• Overview 636
• Configuring the radius server 637
• Using the gui 637
• X configuration 637
• Click apply 638
• Configure the parameters of the radius server 638
• Configuring the radius server group 638
• Follow these steps to add the radius server to a server group 638
• If you click 638
• Server group to load the following page 638
• The following window will pop up select a radius server and click save 638
• To add a new server group 638
• To edit the default radius server group or click 638
• Configuring 802 x globally 640
• Follow these steps to configure 802 x global parameters 640
• Global config to load the following page 640
• In the accounting dot1x method section select an existing radius server group for accounting from the pri1 drop down list and click apply 640
• In the global config section configure the following parameters 640
• Click apply 641
• Configuring 802 x on ports 641
• Follow these steps to configure 802 x authentication on the desired port 641
• Port config to load the following page 641
• Select one or more ports and configure the following parameters 641
• Click apply 642
• Authenticator state to load the following page 643
• On this page you can view the authentication status of each port 643
• View the authenticator state 643
• Configuring the radius server 644
• Follow these steps to configure radius 644
• Using the cli 644
• The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 645
• Configuring 802 x globally 646
• The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 647
• Authentication protocol pap 648
• Configuring 802 x on ports 648
• Follow these steps to configure the port 648
• Handshake state enabled 648
• Switch config dot1x auth protocol pap 648
• Switch config dot1x system auth control 648
• Switch config end 648
• Switch config show dot1x global 648
• Switch configure 648
• Switch copy running config startup config 648
• X accounting state disabled 648
• X state enabled 648
• X vlan assignment state disabled 648
• Viewing authenticator state 650
• Configuration example 652
• Configuration scheme 652
• Network requirements 652
• Network topology 652
• Internet 653
• Radius config and click 653
• The following sections provide configuration procedure in two ways using the gui and using the cli 653
• To load the following page configure the parameters of the radius server and click create 653
• Using the gui 653
• Using the cli 655
• Verify the configurations 656
• Appendix default parameters 658
• Default settings of 802 x are listed in the following table 658
• Chapters 659
• Configuring port security 659
• Part 22 659
• Overview 660
• Follow these steps to configure port security 661
• Port security configuration 661
• Port security to load the following page 661
• Select one or more ports and configure the following parameters 661
• Using the gui 661
• Click apply 662
• Follow these steps to configure port security 662
• Using the cli 662
• Switch config interface gigabitethernet 1 0 1 663
• Switch configure 663
• The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 enable exceed max leaned feature and configure the mode as permanent and the status as drop 663
• Appendix default parameters 665
• Default settings of port security are listed in the following table 665
• Chapters 666
• Configuring acl 666
• Part 23 666
• Configuration guidelines 667
• Overview 667
• Acl configuration 668
• Configuring time range 668
• Creating an acl 668
• Using the gui 668
• Configuring acl rules 669
• Configuring mac acl rule 669
• Follow these steps to configure the mac acl rule 670
• In the mac acl rule section configure the following parameters 670
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 671
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 671
• Click apply 672
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 672
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 672
• Configuring ip acl rule 673
• Follow these steps to configure the ip acl rule 674
• In the ip acl rule section configure the following parameters 674
• Click apply 676
• Click edit acl for a combined acl entry to load the following page 676
• Configuring combined acl rule 676
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 676
• Follow these steps to configure the combined acl rule 678
• In the combined acl rule section configure the following parameters 678
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 680
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 680
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 680
• Click apply 681
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 681
• Configuring the ipv6 acl rule 682
• Follow these steps to configure the ipv6 acl rule 683
• In the ipv6 acl rule section configure the following parameters 683
• Click apply 685
• Click edit acl for an entry you have created and you can view the rule table we take ip acl rules table for example 685
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 685
• The rules in an acl are listed in ascending order of their rule ids the switch matches a received packet with the rules in order when a packet matches a rule the switch stops the match process and performs the action defined in the rule 685
• Viewing the acl rules 685
• Configuring acl binding 686
• Configuring acl 687
• Configuring time range 687
• Using the cli 687
• Combined access list 2600 name acl_2600 693
• Ipv6 acl 693
• Rule 1 permit logging disable vid 2 sip 192 68 00 sip mask 255 55 55 55 693
• Switch config access list combined 1100 logging disable rule 1 permit vid 2 sip 192 68 00 sip mask 255 55 55 55 693
• Switch config access list create 1100 693
• Switch config end 693
• Switch config show access list 2600 693
• Switch configure 693
• Switch copy running config startup config 693
• The following example shows how to create combined acl 1100 and configure rule 1 to deny packets with source ip address 192 68 00 in vlan 2 693
• Resequencing rules 695
• Configuring policy 696
• Follow the steps below to configure the policy actions for an acl rule 696
• Policy allows you to further process the matched packets through operations such as mirroring rate limiting redirecting or changing priority 696
• Rule 11 permit logging disable vid 18 696
• Rule 21 permit logging disable dmac aa cc ee ff dd 33 dmask ff ff ff ff ff ff 696
• Switch config end 696
• Switch copy running config startup config 696
• Redirect the matched packets to port 1 0 4 for rule 1 of mac acl 10 697
• Switch config access list action 10 rule 1 697
• Switch config action exit 697
• Switch config action redirect interface gigabitethernet 1 0 4 697
• Switch config show access list 10 697
• Switch configure 697
• Configuring acl binding 698
• Follow the steps below to bind acl to a port or a vlan 698
• Mac access list 10 name acl_10 698
• Rule 5 permit logging disable action redirect gi1 0 4 698
• Sswitch config show access list bind 698
• Switch config access list bind 1 interface vlan 4 gigabitethernet 1 0 3 698
• Switch config end 698
• Switch configure 698
• Switch copy running config startup config 698
• The following example shows how to bind acl 1 to port 3 and vlan 4 698
• You can bind the acl to a port or a vlan the received packets on the port or in the vlan will then be matched and processed according to the acl rules an acl takes effect only after it is bound to a port or vlan 698
• Acl id acl name interface vid direction type 699
• Acl_1 4 ingress vlan 699
• Acl_1 gi1 0 3 ingress port 699
• Switch config end 699
• Switch copy running config startup config 699
• Viewing acl counting 699
• You can use the following command to view the number of matched packets of each acl in the privileged exec mode and any other configuration mode 699
• Configuration example for mac acl 700
• Configuration scheme 700
• Network requirements 700
• Onfiguration example for acl 700
• Using the gui 701
• In the same way configure rule 15 to deny packets with destination mac address 40 61 86 fc 71 56 and apply the time range of work hours 704
• Configure rule 25 to permit all the packets that do not match neither of the above rules 705
• Acl binding and click 706
• To load the following page bind acl 100 to port 1 0 2 to make it take effect 706
• Using the cli 707
• Verify the configurations 707
• Configuration example for ip acl 708
• Network requirements 708
• Configuration scheme 709
• Using the gui 709
• In the same way configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and tcp 443 https service port 711
• In the same way configure rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 53 or udp 53 dns service port 714
• In the same way configure rule 6 to deny packets with source ip 10 0 0 715
• Using the cli 716
• Verify the configurations 717
• Configuration example for combined acl 718
• Configuration scheme 718
• Network requirements 718
• Using the gui 719
• Configure rule 5 to permit packets with the source mac address 6c 62 6d f5 ba 48 and destination port tcp 23 telnet service port 720
• Configure rule 15 to deny all the packets except the packet with source mac address 6c 62 6d f5 ba 48 and destination port tcp 23 telnet service port 721
• In the same way configure rule 25 to permit all the packets the rule makes sure that all devices can get other network services normally 722
• Using the cli 724
• Verify the configurations 725
• Appendix default parameters 726
• The default settings of acl are listed in the following tables 726
• Chapters 728
• Configuring ipv4 impb 728
• Part 24 728
• Arp detection 729
• Ip mac binding 729
• Ipv4 impb 729
• Ipv4 source guard 729
• Overview 729
• Supported features 729
• Binding entries manually 730
• Ip mac binding configuration 730
• Using the gui 730
• Enter the following information to specify a host 731
• Follow these steps to manually create an ip mac binding entry 731
• Manual binding and click 731
• Select protect type for the entry 731
• To load the following page 731
• Binding entries via arp scanning 732
• Click apply 732
• Enter or select the port that is connected to this host 732
• With arp scanning the switch sends the arp request packets of the specified ip field to the hosts upon receiving the arp reply packet the switch can get the ip address mac address vlan id and the connected port number of the host you can bind these entries conveniently 732
• Arp scanning to load the following page 733
• Follow these steps to configure ip mac binding via arp scanning 733
• In the scanning option section specify an ip address range and a vlan id then click scan to scan the entries in the specified ip address range and vlan 733
• In the scanning result section select one or more entries and configure the relevant parameters then click bind 733
• Binding entries via dhcp snooping 734
• With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 734
• Additionally you select one or more entries to edit the host name and protect type and click apply 736
• Binding table to load the following page 736
• Binding table to view or edit the entries 736
• In the binding table you can view search and edit the specified binding entries 736
• Viewing the binding entries 736
• You can specify the search criteria to search your desired entries 736
• Binding entries manually 737
• Binding entries via arp scanning is not supported by the cli the following sections introduce how to bind entries manually and via dhcp snooping and view the binding entries 737
• Follow these steps to manually bind entries 737
• Using the cli 737
• You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 737
• Here arp d for arp detection and ip v s for ip verify source 738
• Host1 192 68 5 74 d4 35 76 a4 d8 10 gi1 0 5 arp d manual 738
• Notice 738
• Switch config end 738
• Switch config ip source binding host1 192 68 5 74 d4 35 76 a4 d8 vlan 10 interface gigabitethernet 1 0 5 arp detection 738
• Switch config show ip source binding 738
• Switch configure 738
• Switch copy running config startup config 738
• The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address 74 d4 35 76 a4 d8 vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 738
• U host ip addr mac addr vid port acl source 738
• Binding entries via dhcp snooping 739
• Follow these steps to bind entries via dhcp snooping 739
• Global status enable 739
• Switch config if ip dhcp snooping max entries 100 739
• Switch config if show ip dhcp snooping 739
• Switch config interface gigabitethernet 1 0 1 739
• Switch config ip dhcp snooping 739
• Switch config ip dhcp snooping vlan 5 739
• Switch configure 739
• The following example shows how to enable dhcp snooping globally and on vlan 5 and set the maximum number of binding entries port 1 0 1 can learn via dhcp snooping as 100 739
• Viewing binding entries 740
• Adding ip mac binding entries 741
• Arp detection configuration 741
• Enabling arp detection 741
• Using the gui 741
• Configuring arp detection on ports 742
• In the vlan config section enable arp detection on the selected vlans click apply 742
• Port config to load the following page 742
• Arp statistics to load the following page 743
• Click apply 743
• Follow these steps to configure arp detection on ports 743
• Select one or more ports and configure the parameters 743
• Viewing arp statistics 743
• You can view the number of the illegal arp packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 743
• Adding ip mac binding entries 744
• Enabling arp detection 744
• Follow these steps to enable arp detection 744
• In arp detection the switch detects the arp packets based on the binding entries in the ip mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 744
• In the auto refresh section you can enable the auto refresh feature and specify the refresh interval and thus the web page will be automatically refreshed 744
• In the illegal arp packet section you can view the number of illegal arp packets in each vlan 744
• Using the cli 744
• Configuring arp detection on ports 745
• Switch config if ip arp inspection limit rate 20 746
• Switch config if ip arp inspection trust 746
• Switch config interface gigabitethernet 1 0 2 746
• Switch configure 746
• The following example shows how to set port 1 02 as a trusted port and set limit rate as 20 pps and burst interval as 2 seconds on port 1 0 2 746
• Viewing arp statistics 747
• Adding ip mac binding entries 748
• Configuring ipv4 source guard 748
• Ipv4 source guard configuration 748
• Using the gui 748
• Adding ip mac binding entries 749
• Configuring ipv4 source guard 749
• Follow these steps to configure ipv4 source guard 749
• In ipv4 source guard the switch filters the packets that do not match the rules of ipv4 mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 749
• In the global config section choose whether to enable the log feature click apply 749
• In the port config section configure the protect type for ports and click apply 749
• Using the cli 749
• Gi1 0 1 sip mac n a 750
• Port security type lag 750
• Switch config if end 750
• Switch config if ip verify source sip mac 750
• Switch config if show ip verify source interface gigabitethernet 1 0 1 750
• Switch config interface gigabitethernet 1 0 1 750
• Switch configure 750
• Switch copy running config startup config 750
• The following example shows how to enable ipv4 source guard on port 1 0 1 750
• Configuration examples 751
• Configuration scheme 751
• Example for arp detection 751
• Network requirements 751
• Using the gui 752
• Using the cli 754
• Verify the configuration 755
• Configuration scheme 756
• Example for ip source guard 756
• Network requirements 756
• Using the gui 756
• Using the cli 758
• Verify the configuration 758
• Appendix default parameters 760
• Default settings of arp detection are listed in the following table 760
• Default settings of dhcp snooping are listed in the following table 760
• Default settings of ipv4 source guard are listed in the following table 761
• Chapters 762
• Configuring ipv6 impb 762
• Part 25 762
• Ipv6 impb 763
• Ipv6 mac binding 763
• Nd detection 763
• Overview 763
• Supported features 763
• Internet 764
• Ipv6 source guard 764
• Ipv6 source guard is used to filter the ipv6 packets based on the ipv6 mac binding table only the packets that match the binding rules are forwarded 764
• Binding entries manually 765
• Ipv6 mac binding configuration 765
• Using the gui 765
• Binding entries via nd snooping 766
• Click apply 766
• Enter or select the port that is connected to this host 766
• Enter the following information to specify a host 766
• Select protect type for the entry 766
• With nd snooping the switch monitors the nd packets and records the ipv6 addresses mac addresses vlan ids and the connected port numbers of the ipv6 hosts you can bind these entries conveniently 766
• Binding entries via dhcpv6 snooping 768
• Viewing the binding entries 769
• Additionally you select one or more entries to edit the host name and protect type and click apply 770
• Binding entries manually 770
• Follow these steps to manually bind entries 770
• The following sections introduce how to bind entries manually and via nd snooping and dhcp snooping and how to view the binding entries 770
• Using the cli 770
• You can manually bind the ipv6 address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 770
• Host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff 10 gi1 0 5 nd d manual 771
• Switch config end 771
• Switch config ipv6 source binding host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff vlan 10 interface gigabitethernet 1 0 5 nd detection 771
• Switch config show ipv6 source binding 771
• Switch configure 771
• Switch copy running config startup config 771
• The following example shows how to bind an entry with the hostname host1 ipv6 address 2001 0 9d38 90d5 34 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for nd detection 771
• U host ip addr mac addr vid port acl source 771
• Binding entries via nd snooping 772
• Follow these steps to bind entries via nd snooping 772
• Global status enable 772
• Switch config ipv6 nd snooping 772
• Switch config ipv6 nd snooping vlan 1 772
• Switch config show ipv6 nd snooping 772
• Switch configure 772
• The following example shows how to enable nd snooping globally and on vlan 1 772
• Vlan id 1 772
• Binding entries via dhcpv6 snooping 773
• Follow these steps to bind entries via dhcp snooping 773
• Gi1 0 1 1000 n a 773
• Interface max entries lag 773
• Switch config end 773
• Switch config if end 773
• Switch config if ipv6 nd snooping max entries 1000 773
• Switch config if show ipv6 nd snooping interface gigabitethernet 1 0 1 773
• Switch config interface gigabitethernet 1 0 1 773
• Switch configure 773
• Switch copy running config startup config 773
• The following example shows how to configure the maximum number of entries that can be learned on port 1 0 1 773
• Viewing binding entries 774
• Adding ipv6 mac binding entries 775
• Enabling nd detection 775
• Nd detection configuration 775
• Using the gui 775
• Click apply 776
• Configuring nd detection on ports 776
• Follow these steps to configure nd detection on ports 776
• Port config to load the following page 776
• Select one or more ports and configure the parameters 776
• Viewing nd statistics 776
• You can view the number of the illegal nd packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 776
• Adding ipv6 mac binding entries 777
• Enabling nd detection 777
• Using the cli 777
• Configuring nd detection on ports 778
• Enable disable 778
• Follow these steps to configure nd detection on ports 778
• Global status enable 778
• Switch config end 778
• Switch config ipv6 nd detection 778
• Switch config ipv6 nd detection vlan 1 778
• Switch config show ipv6 nd detection 778
• Switch config show ipv6 nd detection vlan 778
• Switch configure 778
• Switch copy running config startup config 778
• The following example shows how to enable nd detection globally and on vlan 1 778
• Vid enable status log status 778
• Gi1 0 1 enable n a 779
• Interface trusted lag 779
• On privileged exec mode or any other configuration mode you can use the following command to view nd statistics 779
• Switch config if end 779
• Switch config if ipv6 nd detection trust 779
• Switch config if show ipv6 nd detection interface gigabitethernet 1 0 1 779
• Switch config interface gigabitethernet 1 0 1 779
• Switch configure 779
• Switch copy running config startup config 779
• The following example shows how to configure port 1 0 1 as trusted port 779
• Viewing nd statistics 779
• Adding ipv6 mac binding entries 780
• Configuring ipv6 source guard 780
• Ipv6 source guard configuration 780
• Using the gui 780
• Adding ipv6 mac binding entries 781
• Before configuring ipv6 source guard you need to configure the sdm template as enterprisev6 781
• Click apply 781
• Configuring ipv6 source guard 781
• Follow these steps to configure ipv6 source guard 781
• The nd detection feature allows the switch to detect the nd packets based on the binding entries in the ipv6 mac binding table and filter out the illegal nd packets before configuring nd detection complete ipv6 mac binding configuration for details refer to ipv6 mac binding configuration 781
• Using the cli 781
• Gi1 0 1 sipv6 mac n a 782
• Port security type lag 782
• Switch config if end 782
• Switch config if ipv6 verify source sipv6 mac 782
• Switch config if show ipv6 verify source interface gigabitethernet 1 0 1 782
• Switch config interface gigabitethernet 1 0 1 782
• Switch configure 782
• Switch copy running config startup config 782
• The following example shows how to enable ipv6 source guard on port 1 0 1 782
• Configuration examples 783
• Configuration scheme 783
• Example for nd detection 783
• Network requirements 783
• Using the gui 784
• Using the cli 786
• Verify the configuration 786
• Example for ipv6 source guard 787
• Network requirements 787
• Configuration scheme 788
• Using the gui 788
• Using the cli 790
• Verify the configuration 790
• Appendix default parameters 791
• Default settings of dhcp snooping are listed in the following table 791
• Default settings of nd detection are listed in the following table 791
• Default settings of ipv6 source guard are listed in the following table 792
• Chapters 793
• Configuring dhcp filter 793
• Part 26 793
• Dhcp filter 794
• Overview 794
• Supported features 794
• Dhcpv4 filter 795
• Dhcpv4 filter is used for dhcpv4 servers and ipv4 clients 795
• Dhcpv6 filter 795
• Dhcpv6 filter is used for dhcpv6 servers and ipv6 clients 795
• Configuring the basic dhcpv4 filter parameters 796
• Dhcpv4 filter configuration 796
• Using the gui 796
• Click apply 797
• Click create 798
• Configure the following parameters 798
• Configuring legal dhcpv4 servers 798
• Configuring the basic dhcpv4 filter parameters 798
• Follow these steps to add a legal dhcpv4 server 798
• Follow these steps to complete the basic settings of dhcpv4 filter 798
• Legal dhcpv4 servers and 798
• To load the following page 798
• Using the cli 798
• Configuring legal dhcpv4 servers 800
• Follow these steps configure legal dhcpv4 servers 800
• Gi1 0 1 enable enable 10 20 n a 800
• Global status enable 800
• Interface state mac verify limit rate dec rate lag 800
• Switch config if end 800
• Switch config if ip dhcp filter 800
• Switch config if ip dhcp filter decline rate 20 800
• Switch config if ip dhcp filter limit rate 10 800
• Switch config if ip dhcp filter mac verify 800
• Switch config if show ip dhcp filter 800
• Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 800
• Switch config interface gigabitethernet 1 0 1 800
• Switch config ip dhcp filter 800
• Switch configure 800
• Switch copy running config startup config 800
• The following example shows how to enable dhcpv4 filter globally and how to enable dhcpv4 filter enable the mac verify feature set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 800
• Configuring the basic dhcpv6 filter parameters 802
• Dhcpv6 filter configuration 802
• Using the gui 802
• Click apply 803
• Configure the following parameters 803
• Configuring legal dhcpv6 servers 803
• Follow these steps to add a legal dhcpv6 server 803
• Legal dhcpv6 servers and 803
• To load the following page 803
• Click create 804
• Configuring the basic dhcpv6 filter parameters 804
• Follow these steps to complete the basic settings of dhcpv6 filter 804
• Using the cli 804
• Configuring legal dhcpv6 servers 805
• Follow these steps configure legal dhcpv6 servers 805
• Gi1 0 1 enable 10 20 n a 805
• Global status enable 805
• Interface state limit rate dec rate lag 805
• Switch config if end 805
• Switch config if ipv6 dhcp filter 805
• Switch config if ipv6 dhcp filter decline rate 20 805
• Switch config if ipv6 dhcp filter limit rate 10 805
• Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 805
• Switch config if show ipv6 dhcp filter 805
• Switch config interface gigabitethernet 1 0 1 805
• Switch config ipv6 dhcp filter 805
• Switch configure 805
• Switch copy running config startup config 805
• The following example shows how to enable dhcpv6 filter globally and how to enable dhcpv6 filter set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 805
• Configuration examples 807
• Configuration scheme 807
• Example for dhcpv4 filter 807
• Network requirements 807
• Using the gui 808
• Using the cli 809
• Verify the configuration 809
• Example for dhcpv6 filter 810
• Network requirements 810
• Configuration scheme 811
• Using the gui 811
• Using the cli 813
• Verify the configuration 813
• 54 gi1 0 1 814
• Server ip interface 814
• Appendix default parameters 815
• Default settings of dhcpv4 filter are listed in the following table 815
• Chapters 816
• Configuring dos defend 816
• Part 27 816
• Overview 817
• Dos defend configuration 818
• Dos defend to load the following page 818
• Follow these steps to configure dos defend 818
• In the dos defend config section select one or more defend types according to your needs and click apply the following table introduces each type of dos attack 818
• In the dos defend section enable dos protection and click apply 818
• Using the gui 818
• Click apply 819
• Follow these steps to configure dos defend 819
• Using the cli 819
• Appendix default parameters 822
• Default settings of network security are listed in the following tables 822
• Chapters 823
• Monitoring the system 823
• Part 28 823
• Overview 824
• Monitoring the cpu 825
• Using the cli 825
• Using the gui 825
• Monitoring the memory 827
• Using the cli 827
• Using the gui 827
• Unit current memory utilization 828
• Traffic monitor 830
• Using the gui 830
• To view a port s traffic statistics in detail click statistics on the right side of the entry 831
• On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 834
• Using the cli 834
• Appendix default parameters 835
• Chapters 836
• Mirroring traffic 836
• Part 30 836
• Mirroring 837
• Using the gui 837
• Follow these steps to configure the mirroring session 838
• In the destination port config section specify a destination port for the mirroring session and click apply 838
• In the source interfaces config section specify the source interfaces and click apply traffic passing through the source interfaces will be mirrored to the destination port there are three source interface types port lag and cpu choose one or more types according to your need 838
• Follow these steps to configure mirroring 839
• Switch config monitor session 1 destination interface gigabitethernet 1 0 10 839
• Switch configure 839
• The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 and the cpu to port 1 0 10 839
• Using the cli 839
• Configuration examples 841
• Configuration scheme 841
• Network requirements 841
• Using the gui 841
• Using the cli 842
• Verify the configuration 843
• Appendix default parameters 844
• Default settings of switching are listed in th following tables 844
• Chapters 845
• Configuring dldp 845
• Part 31 845
• Overview 846
• Configuration guidelines 847
• Dldp configuration 847
• Using the gui 847
• In the port config section select one or more ports enable dldp and click apply then you can view the relevant dldp information in the table 848
• Follow these steps to configure dldp 849
• Switch configure 849
• The following example shows how to enable dldp globally configure the dldp interval as 10 seconds and specify the shutdown mode as auto 849
• Using the cli 849
• Appendix default parameters 851
• Default settings of dldp are listed in the following table 851
• Chapters 852
• Configuring snmp rmon 852
• Part 32 852
• Basic concepts 853
• Overview 853
• Snmp agent 853
• Snmp manager 853
• A mib is a collection of managed objects that is organized hierarchically the objects define the attributes of the managed device including the names status access rights and data types each object can be addressed through an object identifier oid 854
• Also tp link switches support the following public mibs 854
• As the following figure shows the mib hierarchy can be depicted as a tree with a nameless root the levels of which are assigned by different organizations the top level mib object ids belong to different standards organizations while lower level object ids are allocated by associated organizations vendors can define private branches that include managed objects for their own products 854
• Lldp ext dot1 mib 854
• Lldp ext med mib 854
• Lldp mib 854
• Rfc1213 mib 854
• Rfc1493 bridge mib 854
• Rfc1757 rmon mib 854
• Rfc2618 radius auth client mib 854
• Tp link switches provide private mibs that can be identified by the oid 1 1863 the mib file can be found on the provided cd or the download center of our official website http www tp link com en download center html 854
• An snmp engine can be uniquely identified by an engine id within an administrative domain since there is a one to one association between snmp engines and snmp entities we can also use the engine id to uniquely and unambiguously identify the snmp entity within that administrative domain 855
• An snmp engine is a part of the snmp entity every snmp entity has one and only one engine an snmp engine provides services for ending and receiving messages authenticating and encrypting messages and controlling access to managed objects 855
• An snmp entity is a device running the snmp protocol both the snmp manager and snmp agent are snmp entities 855
• For detail information about the supported public mibs see supported public mibs for tp link switches which can be found on the training center of our website 855
• Http www tp link com en configuration guides html 855
• Rfc2620 radius acc client mib 855
• Rfc2674 pbridge mib 855
• Rfc2674 qbridge mib 855
• Rfc2863 pbridge mib 855
• Rfc2925 disman ping mib 855
• Rfc2925 disman traceroute mib 855
• Snmp engine 855
• Snmp entity 855
• Snmp version 855
• The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 855
• Enabling snmp 857
• Snmp configurations 857
• Using the gui 857
• Click apply 858
• Creating an snmp view 858
• Follow these steps to create an snmp view 858
• Global config to load the following page 858
• Nms manages mib objects based on the snmp view an snmp view is a subset of a mib the system provides a default view named viewdefault and you can create other snmp views according to your needs 858
• To load the following page enter a view name and specify the view type and a mib object that is related to the view 858
• Click create 859
• Creating snmp communities for snmp v1 v2c 859
• Set the community name access rights and the related view 859
• Snmp v1 v2c and click 859
• To load the following page 859
• Assign a name to the group then set the security level and the read view write view and notify view 860
• Click create 860
• Create an snmp group and configure related parameters 860
• Creating an snmp group for snmp v3 860
• Follow these steps to create an snmp group 860
• Snmp group and click 860
• To load the following page 860
• Click create 861
• Creating snmp users for snmp v3 861
• Follow these steps to create an snmp user 861
• Snmp user and click 861
• Specify the user name user type and the group which the user belongs to then configure the security level 861
• To load the following page 861
• Click create 862
• Enabling snmp 862
• If you have chosen authnopriv or authpriv as the security level you need to set corresponding authentication mode or privacy mode if not skip the step 862
• Using the cli 862
• Bad snmp version errors 863
• Snmp agent is enabled 863
• Snmp packets input 863
• Switch config show snmp server 863
• Switch config snmp server 863
• Switch config snmp server engineid remote 123456789a 863
• Switch configure 863
• The following example shows how to enable snmp and set 123456789a as the remote engine id 863
• Unknown community name 863
• Bad value errors 864
• Creating an snmp view 864
• Encoding errors 864
• General errors 864
• Get next pdus 864
• Get request pdus 864
• Illegal operation for community name supplied 864
• Local engine id 80002e5703000aeb13a23d 864
• No such name errors 864
• Number of altered variables 864
• Number of requested variables 864
• Remote engine id 123456789a 864
• Response pdus 864
• Set request pdus 864
• Snmp packets output 864
• Specify the oid object identifier of the view to determine objects to be managed 864
• Switch config end 864
• Switch config show snmp server engineid 864
• Switch copy running config startup config 864
• Too big errors maximum packet size 1500 864
• Trap pdus 864
• Creating snmp communities for snmp v1 v2c 865
• Create an snmp group and set user access control with read write and notify views meanwhile set the authentication and privacy modes to secure the communication between the nms and managed devices 866
• Creating an snmp group for snmpv3 866
• Index name type mib view 866
• Nms monitor read write view 866
• Switch config end 866
• Switch config show snmp server community 866
• Switch config snmp server community nms monitor read write view 866
• Switch configure 866
• Switch copy running config startup config 866
• The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 866
• 1 nms1 v3 authpriv view1 view1 867
• No name sec mode sec lev read view write view notify view 867
• Switch config end 867
• Switch config show snmp server group 867
• Switch config snmp server group nms1 smode v3 slev authpriv read view1 notify view1 867
• Switch configure 867
• Switch copy running config startup config 867
• The following example shows how to create an snmpv3 group with the group name as nms1 the security level as authpriv and the read and notify view are both view1 867
• Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 868
• Creating snmp users for snmpv3 868
• Configuring the information of nms hosts 870
• Notification configurations 870
• Using the gui 870
• Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 871
• Click create 871
• Specify the user name or community name used by the nms host and configure the security model and security level based on the settings of the user or community 871
• Enabling snmp traps 872
• Select the traps to enable according to your needs 872
• The supported traps are listed on the page follow these steps to enable any or all of these traps 872
• Trap config to load the following page 872
• Click apply 873
• Configure parameters of the nms host and packet handling mechanism 874
• Configuring the nms host 874
• Using the cli 874
• Enabling snmp traps 875
• Enabling the snmp extended traps globally 876
• Switch config end 876
• Switch config snmp server traps snmp linkup 876
• Switch configure 876
• Switch copy running config startup config 876
• The following example shows how to configure the switch to send linkup traps 876
• Switch config end 877
• Switch config snmp server traps bandwidth control 877
• Switch configure 877
• Switch copy running config startup config 877
• The following example shows how to configure the switch to enable bandwidth control traps 877
• Enabling the snmp security traps globally 878
• Enabling the vlan traps globally 878
• Switch config end 878
• Switch config snmp server traps vlan 878
• Switch configure 878
• Switch copy running config startup config 878
• The following example shows how to configure the switch to enable all the snmp vlan traps 878
• Enabling the acl trap globally 879
• Enabling the ip traps globally 879
• Switch config end 879
• Switch config snmp server traps acl 879
• Switch config snmp server traps security dhcp filter 879
• Switch configure 879
• Switch copy running config startup config 879
• The following example shows how to configure the switch to enable acl trap 879
• The following example shows how to configure the switch to enable dhcp filter trap 879
• Enabling the link status trap for ports 880
• Switch config end 880
• Switch config if end 880
• Switch config if snmp server traps link status 880
• Switch config interface gigabitethernet 1 0 1 880
• Switch config snmp server traps ip change 880
• Switch configure 880
• Switch copy running config startup config 880
• The following example shows how to configure the switch to enable ip change trap 880
• The following example shows how to configure the switch to enable link status trap 880
• Configuring statistics group 882
• Rmon configurations 882
• Using the gui 882
• Click create 883
• Configuring history group 883
• Follow these steps to configure the history group 883
• History to load the following page 883
• Select a history entry and specify a port to be monitored 883
• Set the sample interval and the maximum buckets of history entries 883
• Choose an event entry and set the snmp user of the entry 884
• Configuring event group 884
• Enter the owner name and set the status of the entry click apply 884
• Event to load the following page 884
• Follow these steps to configure the event group 884
• Set the description and action to be taken when the event is triggered 884
• Alarm to load the following page 885
• Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 885
• Configuring alarm group 885
• Enter the owner name and set the status of the entry click apply 885
• Follow these steps to configure the alarm group 886
• Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 886
• Set the sample type the rising and falling threshold the corresponding event action mode and the alarm type of the entry 886
• Configuring statistics 887
• Enter the owner name and set the status of the entry click apply 887
• Using the cli 887
• Gi1 0 1 monitor valid 888
• Gi1 0 2 monitor valid 888
• Index port owner state 888
• Switch config end 888
• Switch config rmon statistics 1 interface gigabitethernet 1 0 1 owner monitor status valid 888
• Switch config rmon statistics 2 interface gigabitethernet 1 0 2 owner monitor status valid 888
• Switch config show rmon statistics 888
• Switch configure 888
• Switch copy running config startup config 888
• The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entries are both monitor and the status are both valid 888
• Configuring history 889
• Gi1 0 1 100 50 monitor enable 889
• Index port interval buckets owner state 889
• Switch config end 889
• Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor buckets 50 889
• Switch config show rmon history 889
• Switch configure 889
• The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds maximum buckets as 50 and the owner as monitor 889
• Configuring event 890
• Switch config rmon event 1 user admin description rising notify type notify owner monitor 890
• Switch configure 890
• Switch copy running config startup config 890
• The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 890
• Admin rising notify notify monitor enable 891
• Configuring alarm 891
• Index user description type owner state 891
• Switch config end 891
• Switch config show rmon event 891
• Switch copy running config startup config 891
• Configuration example 894
• Network requirements 894
• Configuration scheme 895
• Using the gui 895
• Using the cli 900
• Verify the configurations 902
• Appendix default parameters 906
• Default settings of snmp are listed in the following tables 906
• Default settings of notification are listed in the following table 907
• Default settings of rmon are listed in the following tables 908
• Chapters 910
• Configuring system logs 910
• Part 33 910
• Overview 911
• Backing up the logs 912
• Configuration guidelines 912
• Configure the local logs 912
• Configure the remote logs 912
• Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 912
• System logs configurations 912
• System logs configurations include 912
• Viewing the log table 912
• Click apply 913
• Configuring the local logs 913
• Configuring the remote logs 913
• Follow these steps to configure the local logs 913
• Local logs to load the following page 913
• Select your desired channel and configure the corresponding severity and status 913
• Using the gui 913
• You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log 913
• Backing up the logs 914
• Configuring the local logs 915
• Follow these steps to configure the local logs 915
• Log table to load the following page 915
• Select a module and a severity to view the corresponding log information 915
• Using the cli 915
• Viewing the log table 915
• Switch config logging buffer 916
• Switch config logging buffer level 5 916
• Switch configure 916
• The following example shows how to configure the local logs on the switch save logs of levels 0 to 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 916
• Buffer 5 enable immediately 917
• Channel level status sync periodic 917
• Configuring the remote logs 917
• Console 5 enable immediately 917
• Flash 2 enable 10 hour s 917
• Follow these steps to set the remote log 917
• Monitor 5 enable immediately 917
• Switch config end 917
• Switch config logging file flash 917
• Switch config logging file flash frequency periodic 10 917
• Switch config logging file flash level 2 917
• Switch config show logging local config 917
• Switch copy running config startup config 917
• You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log message is generated to display the logs the servers should run a log server software that complies with the syslog standard 917
• Configuration example 919
• Configuration scheme 919
• Network requirements 919
• Using the gui 919
• Using the cli 920
• Verify the configurations 920
• Appendix default parameters 921
• Default settings of maintenance are listed in the following tables 921
• Chapters 922
• Diagnosing the device network 922
• Part 34 922
• Check the test results in the result section 923
• Device diagnostics to load the following page 923
• Diagnosing the device 923
• Follow these steps to diagnose the cable 923
• Select your desired port for the test and click apply 923
• The device diagnostics feature provides cable testing which allows you to troubleshoot based on the connection status cable length and fault location 923
• Using the gui 923
• Gi1 0 2 pair a normal 2 10m 924
• On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 924
• Pair b normal 2 10m 924
• Pair c normal 0 10m 924
• Pair d normal 2 10m 924
• Port pair status length error 924
• Switch show cable diagnostics interface gigabitehternet 1 0 2 924
• The following example shows how to check the cable diagnostics of port 1 0 2 924
• Using the cli 924
• Diagnosing the network 925
• Troubleshooting with ping testing 925
• Using the gui 925
• Troubleshooting with tracert testing 926
• Approximate round trip times in milli seconds 927
• Configuring the ping test 927
• In the tracert result section check the test results 927
• Minimum 0ms maximum 0ms average 0ms 927
• On privileged exec mode you can use the following command to test the connectivity between the switch and one node of the network 927
• Packets sent 3 received 3 lost 0 0 loss 927
• Ping statistics for 192 68 0 927
• Pinging 192 68 0 with 1000 bytes of data 927
• Reply from 192 68 0 bytes 1000 time 16ms ttl 64 927
• Switch ping ip 192 68 0 n 3 l 1000 i 500 927
• The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 927
• Using the cli 927
• Configuring the tracert test 928
• Ms 1 ms 2 ms 192 68 928
• Ms 2 ms 2 ms 192 68 00 928
• On privileged exec mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 928
• Switch tracert 192 68 00 2 928
• The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 928
• Trace complete 928
• Tracing route to 192 68 00 over a maximum of 2 hops 928
• Appendix default parameters 929
• Default settings of network diagnostics are listed in the following tables 929
• Ce mark warning 930
• Eu declaration of conformity 930
• Fcc statement 930
• Industry canada statement 930
• Bsmi notice 931
• Korea warning statements 931
• 限用物質含有情況標示聲明書 931
• Do not attempt to disassemble repair or modify the device 932
• Do not use damaged charger or usb cable to charge the device 932
• Explanation of the symbols on the product label 932
• Keep the device away from water fire humidity or hot environments 932
• Please read and follow the above safety information when operating the device we cannot guarantee that no accidents or damage will occur due to improper use of the device please use this product with care and operate at your own risk 932
• Safety information 932
• Copyright trademarks 933