Tp-Link T2600G-52TS V3 [10/1069] Configuration examples 38

Содержание

• T2600g series switches 1
• User guide 1
• About this guide 2
• Accessing the switch 2
• Command line interface access 10 2
• Contents 2
• Conventions 2
• Intended readers 2
• Managing system 2
• More information 2
• Overview 2
• System 21 2
• System info configurations 23 2
• Web interface access 2
• Eee configuration 57 3
• Poe configurations 59 3
• Sdm template configuration 71 3
• System tools configurations 44 3
• User management configurations 37 3
• Appendix default parameters 85 4
• Basic parameters configurations 90 4
• Configuration examples 01 4
• Example for poe configurations 80 4
• Loopback detection configuration 97 4
• Managing physical interfaces 4
• Physical interface 89 4
• Port isolation configurations 94 4
• Time range configuration 74 4
• Appendix default parameters 07 5
• Appendix default parameters 23 5
• Appendix default parameters 42 5
• Configuration example 19 5
• Configuring ddm 5
• Configuring lag 5
• Ddm configuration 26 5
• Lag 09 5
• Lag configuration 10 5
• Overview 25 5
• Address configurations 46 6
• Appendix default parameters 62 6
• Configuring 802 q vlan 6
• Example for security configurations 59 6
• Mac address table 44 6
• Managing mac address table 6
• Overview 64 6
• Q vlan configuration 65 6
• Security configurations 54 6
• Appendix default parameters 79 7
• Appendix default parameters 96 7
• Configuration example 72 7
• Configuration example 86 7
• Configuring mac vlan 7
• Configuring protocol vlan 7
• Mac vlan configuration 82 7
• Overview 81 7
• Overview 98 7
• Protocol vlan configuration 99 7
• Appendix default parameters 18 8
• Appendix default parameters 38 8
• Basic vlan vpn configuration 22 8
• Configuration example 06 8
• Configuration example 30 8
• Configuration example 46 8
• Configuring gvrp 8
• Configuring vlan vpn 8
• Flexible vlan vpn configuration 27 8
• Gvrp configuration 41 8
• Overview 40 8
• Vlan vpn 20 8
• Appendix default parameters 55 9
• Appendix default parameters 75 9
• Configuration example 66 9
• Configuring layer 2 multicast 9
• Configuring private vlan 9
• Igmp snooping configuration 80 9
• Layer 2 multicast 77 9
• Mld snooping configuration 99 9
• Overview 57 9
• Private vlan configurations 59 9
• Configuration examples 38 10
• Multicast filtering configuration 23 10
• Mvr configuration 13 10
• Viewing multicast snooping information 33 10
• Appendix default parameters 62 11
• Configuring spanning tree 11
• Spanning tree 66 11
• Stp rstp configurations 74 11
• Appendix default parameters 24 12
• Configuration example for mstp 10 12
• Configuring lldp 12
• Lldp 27 12
• Lldp configurations 28 12
• Mstp configurations 86 12
• Stp security configurations 06 12
• Appendix default parameters 58 13
• Configuration example 51 13
• Configuration example 67 13
• Configuring l2pt 13
• L2pt configuration 62 13
• Lldp med configurations 36 13
• Overview 60 13
• Viewing lldp med settings 48 13
• Viewing lldp settings 43 13
• Appendix default parameters 70 14
• Appendix default parameters 77 14
• Appendix default parameters 93 14
• Configuring layer 3 interfaces 14
• Configuring pppoe id insertion 14
• Configuring routing 14
• Ipv4 static routing configuration 96 14
• Ipv6 static routing configuration 98 14
• Layer 3 interface configurations 80 14
• Overview 72 14
• Overview 79 14
• Overview 95 14
• Pppoe id insertion configuration 73 14
• Viewing routing table 00 14
• Configuring dhcp service 15
• Dhcp 09 15
• Dhcp l2 relay configuration 34 15
• Dhcp relay configuration 24 15
• Dhcp server configuration 12 15
• Example for static routing 03 15
• Appendix default parameters 60 16
• Appendix default parameters 77 16
• Arp configurations 66 16
• Configuration examples 39 16
• Configuring arp 16
• Configuring qos 16
• Overview 64 16
• Qos 79 16
• Auto voip configuration 14 17
• Bandwidth control configuration 02 17
• Class of service configuration 81 17
• Configuration examples 19 17
• Voice vlan configuration 08 17
• Aaa configuration 75 18
• Access security 50 18
• Access security configurations 51 18
• Appendix default parameters 45 18
• Appendix default parameters 71 18
• Configuring aaa 18
• Configuring access security 18
• Overview 74 18
• Appendix default parameters 24 19
• Appendix default parameters 99 19
• Configuration example 18 19
• Configuration examples 93 19
• Configuring 802 x 19
• Configuring port security 19
• Overview 02 19
• Overview 26 19
• X configuration 03 19
• Acl configuration 34 20
• Appendix default parameters 31 20
• Appendix default parameters 780 20
• Configuration example for acl 71 20
• Configuring acl 20
• Configuring ipv4 impb 20
• Ip mac binding configuration 84 20
• Ipv4 impb 83 20
• Overview 33 20
• Port security configuration 27 20
• Appendix default parameters 13 21
• Arp detection configuration 94 21
• Configuration examples 04 21
• Ipv4 source guard configuration 01 21
• Configuration examples 37 22
• Configuring ipv6 impb 22
• Ipv6 impb 16 22
• Ipv6 mac binding configuration 18 22
• Ipv6 source guard configuration 34 22
• Nd detection configuration 29 22
• Appendix default parameters 45 23
• Configuration examples 61 23
• Configuring dhcp filter 23
• Dhcp filter 48 23
• Dhcpv4 filter configuration 50 23
• Dhcpv6 filter configuration 56 23
• Appendix default parameters 68 24
• Appendix default parameters 75 24
• Appendix default parameters 88 24
• Appendix default parameters 97 24
• Configuration examples 94 24
• Configuring dos defend 24
• Dos defend configuration 71 24
• Mirroring 90 24
• Mirroring traffic 24
• Monitoring the cpu 78 24
• Monitoring the memory 80 24
• Monitoring the system 24
• Monitoring traffic 24
• Overview 70 24
• Overview 77 24
• Traffic monitor 83 24
• Appendix default parameters 09 25
• Configuration example 06 25
• Configuring oam 25
• Configuring sflow 25
• Ethernet oam 11 25
• Ethernet oam configurations 15 25
• Overview 99 25
• Sflow configuration 00 25
• Viewing oam statistics 34 25
• Appendix default parameters 49 26
• Appendix default parameters 56 26
• Configuration example 41 26
• Configuring dldp 26
• Configuring snmp rmon 26
• Dldp configuration 52 26
• Notification configurations 75 26
• Overview 51 26
• Snmp 58 26
• Snmp configurations 62 26
• Appendix default parameters 014 27
• Appendix default parameters 025 27
• Configuration example 002 27
• Configuring system logs 27
• Diagnosing the device 019 27
• Diagnosing the device network 27
• Diagnosing the network 021 27
• Overview 027 27
• Rmon 89 27
• Rmon configurations 90 27
• Appendix default parameters 037 28
• Configuration example 035 28
• System logs configurations 028 28
• About this guide 29
• Conventions 29
• Intended readers 29
• More information 30
• Accessing the switch 31
• Chapters 31
• Part 1 31
• Overview 32
• Web interface access 33
• Save the configuration file 34
• Configure the switch s ip address and default gateway 35
• Disable the web server 35
• Check the routing table to verify the default gateway you configured the entry marked in red box displays the valid default gateway 37
• To save the settings 37
• Command line interface access 38
• Console login only for switch with console port 38
• Enter enable to enter the user exec mode to further configure the switch 39
• Telnet login 40
• Password authentication mode 41
• Ssh login 41
• Key authentication mode 42
• After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 43
• Disable telnet login 45
• Copy running config startup config 46
• Disable ssh login 46
• Change the switch s ip address and default gateway 47
• Chapters 48
• Managing system 48
• Part 2 48
• Overview 49
• Supported features 49
• System 49
• System info 49
• System tools 49
• User management 49
• Sdm template 50
• Time range 50
• System info configurations 51
• Using the gui 51
• Viewing the system summary 51
• You can click a port to view the bandwidth utilization on this port 52
• You can move your cursor to a port to view the detailed information of the port 52
• In the system info section you can view the system information of the switch 53
• Viewing the system information 53
• Configuring the device description 55
• Configuring the system time 55
• Choose one method to set the system time and specify the related parameters 56
• Click apply 56
• Configuring the daylight saving time 56
• Daylight saving time to load the following page 56
• Follow these steps to configure daylight saving time 56
• In the dst config section enable the daylight saving time function 56
• In the time config section follow these steps to configure the system time 56
• Choose one method to set the daylight saving time and specify the related parameters 57
• Click apply 57
• On privileged exec mode or any other configuration mode you can use the following commands to view the system information of the switch 57
• Using the cli 57
• Viewing the system summary 57
• Configuring the device description 58
• Contact information https www tp link com 59
• Switch config contact info https www tp link com 59
• Switch config end 59
• Switch config hostname switch_a 59
• Switch config location beijing 59
• Switch config show system info 59
• Switch configure 59
• Switch copy running config startup config 59
• System description jetstream 24 port gigabit l2 managed switch with 4 sfp slots 59
• System location beijing 59
• System name switch_a 59
• The following example shows how to set the device name as switch_a set the location as beijing and set the contact information as https www tp link com 59
• Configuring the system time 60
• Follow these steps to configure the system time 60
• Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 61
• Switch configure 61
• The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 61
• Backup ntp server 139 8 00 63 62
• Configuring the daylight saving time 62
• Follow these steps to configure the daylight saving time 62
• Last successful ntp server 133 00 62
• Prefered ntp server 133 00 62
• Switch config end 62
• Switch config show system time ntp 62
• Switch copy running config startup config 62
• Time zone utc 08 00 62
• Update rate 11 hour s 62
• Creating accounts 65
• User management configurations 65
• Using the gui 65
• Click create 66
• Configure the following parameters 66
• Configuring enable password 66
• Follow these steps to create a new user account 66
• Global config to load the following page 66
• Creating accounts 67
• Using the cli 67
• Configuring enable password 69
• Follow these steps to create an account of other type 69
• The logged in users can enter the enable password on this page to get the administrative privileges 70
• Configuring the boot file 72
• System tools configurations 72
• Using the gui 72
• Click apply 73
• Follow these steps to configure the boot file 73
• In the boot table section select one or more units and configure the relevant parameters 73
• In the image table you can view the information of the current startup image next startup image and backup image the displayed information is as follows 73
• Backing up the configuration file 74
• Restoring the configuration of the switch 74
• Configuring dhcp auto install 75
• Upgrading the firmware 75
• Configuration file name image file path and tftp server ip address from the dhcp server and then downloads the new image and configuration file form the tftp server 76
• Configure the following parameters and click apply 76
• Dhcp auto install to load the following page 76
• Configuring reboot schedule 77
• Manually rebooting the switch 77
• Rebooting the switch 77
• Choose whether to save the current configuration before the reboot 78
• Click apply 78
• Configuring the boot file 78
• Follow these steps to configure the boot file 78
• In the system reset section select the desired unit and click reset after reset all configurations of the switch will be reset to the factory defaults 78
• Reseting the switch 78
• System reset to load the following page 78
• To delete the reboot schedule configurations you can click delete and the configurations will be empty 78
• Using the cli 78
• Backup config config2 cfg 79
• Backup image image2 bin 79
• Boot config 79
• Current startup config config2 cfg 79
• Current startup image image2 bin 79
• Next startup config config1 cfg 79
• Next startup image image1 bin 79
• Switch config boot application filename image1 startup 79
• Switch config boot application filename image2 backup 79
• Switch config boot config filename config1 startup 79
• Switch config boot config filename config2 backup 79
• Switch config end 79
• Switch config show boot 79
• Switch configure 79
• Switch copy running config startup config 79
• The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file as config2 79
• Backing up the configuration file 80
• Enable 80
• Follow these steps to back up the current configuration of the switch in a file 80
• Follow these steps to restore the configuration of the switch 80
• Operation ok now rebooting system 80
• Restoring the configuration of the switch 80
• Start to backup user config file 80
• Start to load user config file 80
• Switch copy startup config tftp ip address 192 68 00 filename file2 80
• Switch copy tftp startup config ip address 192 68 00 filename file1 80
• The following example shows how to backup the configuration file named file2 to tftp server with ip address 192 68 00 80
• The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 80
• Backup user config file ok 81
• Configuring dhcp auto install 81
• Enable 81
• Follow these steps to configure the dhcp auto install 81
• Follow these steps to upgrade the firmware 81
• It will only upgrade the backup image continue y n y 81
• Operation ok 81
• Reboot with the backup image y n y 81
• Switch firmware upgrade ip address 192 68 00 filename file3 bin 81
• The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 81
• This feature is used to download configuration files and images from the tftp server automatically it requires a tftp server and a dhcp server that supports option 67 125 and 150 on your network when auto install function starts the switch tries to get configuration file name image file path and tftp server ip address from the dhcp server and then downloads the new image and configuration file form the tftp server 81
• Upgrading the firmware 81
• Auto insatll mode stop 82
• Auto insatll persistent mode enabled 82
• Auto insatll retry count 82
• Auto reboot mode enabled 82
• Auto save mode enabled 82
• Switch config boot autoinstall auto reboot 82
• Switch config boot autoinstall auto save 82
• Switch config boot autoinstall persistent mode 82
• Switch config boot autoinstall retry count 2 82
• Switch config show boot autoinstall 82
• Switch configure 82
• The following example shows how to configure the auto install function 82
• Auto insatll sate stopped 83
• Configuring reboot schedule 83
• Follow these steps to configure the reboot schedule 83
• Follow these steps to reboot the switch 83
• Manually rebooting the switch 83
• Rebooting the switch 83
• Reseting the switch 84
• Click apply 85
• Eee configuration 85
• Eee to load the following page 85
• Enable or disable eee on the selected port s 85
• Follow these steps to configure eee 85
• In the eee config section select one or more ports to be configured 85
• Using the cli 85
• Poe configurations 87
• And configure the system power limit click apply 88
• Configuring the poe parameters manually 88
• Follow these steps to configure the basic poe parameters 88
• In addition you can click 88
• In the poe config section you can view the current poe parameters 88
• Poe config to load the following page 88
• Using the gui 88
• In the port config section select the port you want to configure and specify the parameters click apply 89
• Click create 91
• Configuring the poe parameters using the profile 91
• Creating a poe profile 91
• Follow these steps to create a poe profile 91
• In the create poe profile section specify the desired configurations of the profile 91
• Poe profile and click 91
• To load the following page 91
• In the port config section select one or more ports and configure the following two parameters time range and poe profile click apply and the poe parameters of the selected poe profile such as poe status and poe priority will be displayed in the table 93
• Configuring the poe parameters manually 94
• Follow these steps to configure the basic poe parameters 94
• Using the cli 94
• Gi1 0 5 enable middle class3 no limit none 95
• Interface poe status poe prio power limit w time range poe profile 95
• Switch config if power inline consumption class3 95
• Switch config if power inline priority middle 95
• Switch config if power inline supply enable 95
• Switch config if show power inline 95
• Switch config if show power inline configuration interface gigabitethernet 1 0 5 95
• Switch config if show power inline information interface gigabitethernet 1 0 5 95
• Switch config interface gigabitethernet 1 0 5 95
• Switch config power inline consumption 160 95
• Switch configure 95
• System power consumption 0 w 95
• System power limit 160 w 95
• System power remain 160 w 95
• The following example shows how to set the system power limit as 160w set the priority as middle and set the power limit as class3 for the port 1 0 5 95
• Configuring the poe parameters using the profile 96
• Follow these steps to configure the poe profile 96
• Gi1 0 5 1 26 53 class 2 on 96
• Interface power w current ma voltage v pd class power status 96
• Switch config if end 96
• Switch copy running config startup config 96
• Index name status priority power limit w 97
• Profile1 enable middle class2 97
• Switch config interface gigabitethernet 1 0 6 97
• Switch config power profile profile1 supply enable priority middle consumption class2 97
• Switch config show power profile 97
• Switch configure 97
• The following example shows how to create a profile named profile1and bind the profile to the port 1 0 6 97
• In sdm template config section select one template and click apply the setting will be effective after the switch is rebooted 99
• Sdm template configuration 99
• Sdm template to load the following page 99
• The template table displays the resources allocation of each template 99
• Using the gui 99
• Follow these steps to configure the sdm template 100
• Using the cli 100
• Adding time range entries 102
• Time range configuration 102
• Using the gui 102
• Configure the following parameters and click create 103
• Similarly you can add more entries of period time according to your needs the final period time is the sum of all the periods in the table click create 103
• Configuring holiday 104
• Adding time range entries 105
• Follow these steps to add time range entries 105
• Using the cli 105
• 08 00 to 20 00 on 1 2 106
• 10 01 2017 to 10 31 2017 106
• Configuring holiday 106
• Follow these steps to configure holiday time range 106
• Holiday exclude 106
• Number of time slice 1 106
• Switch config 106
• Switch config time range absolute from 10 01 2017 to 10 31 2017 106
• Switch config time range end 106
• Switch config time range holiday exclude 106
• Switch config time range periodic start 08 00 end 20 00 day of the week 1 2 106
• Switch config time range show time range 106
• Switch config time range time1 106
• Switch copy running config startup config 106
• The following example shows how to create a time range entry and set the name as time1 holiday mode as exclude absolute time as 10 01 2017 to 10 31 2017 and periodic time as 8 00 to 20 00 on every monday and tuesday 106
• Time range entry 12 inactive 106
• Time range entry time1 inactive 106
• Configuring scheme 108
• Example for poe configurations 108
• Network requirements 108
• Using the gui 108
• Using the cli 111
• Verify the configuration 111
• Gi1 0 3 enable low class4 office time none 112
• Interface poe status poe prio power limit w time range poe profile 112
• Appendix default parameters 113
• Default settings of system info are listed in the following tables 113
• Default settings of system tools are listed in the following table 113
• Default settings of user management are listed in the following table 113
• Default setting of eee is listed in the following table 114
• Default settings of poe is listed in the following table 114
• Default settings of sdm template are listed in the following table 114
• Default settings of time range are listed in the following table 115
• Chapters 116
• Managing physical interfaces 116
• Part 3 116
• Basic parameters 117
• Loopback detection 117
• Overview 117
• Physical interface 117
• Port isolation 117
• Supported features 117
• Basic parameters configurations 118
• Configure the mtu size of jumbo frames for all the ports then click apply 118
• Follow these steps to configure basic parameters for the ports 118
• Port config to load the following page 118
• Select one or more ports to configure the basic parameters then click apply 118
• Using the gui 118
• Follow these steps to set basic parameters for the ports 119
• Using the cli 119
• Switch config if no shutdown 120
• Switch config interface gigabitethernet 1 0 1 120
• Switch configure 120
• Switch jumbo size 9216 120
• The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port configuring the jumbo frame making the port automatically negotiate speed and duplex with the neighboring port and enabling the flow control 120
• Port isolation configurations 122
• Using the gui 122
• Click apply 123
• Follow these steps to configure port isolation 123
• In the forwarding port list section select the forwarding ports or lags which the isolated ports can only communicate with it is multi optional 123
• In the port section select one or multiple ports to be isolated 123
• Using the cli 123
• Gi1 0 5 n a gi1 0 1 3 po4 124
• Port lag forward list 124
• Switch config if end 124
• Switch config if port isolation gi forward list 1 0 1 3 po forward list 4 124
• Switch config if show port isolation interface gigabitethernet 1 0 5 124
• Switch config interface gigabitethernet 1 0 5 124
• Switch configure 124
• Switch copy running config startup config 124
• The following example shows how to add ports 1 0 1 3 and lag 4 to the forwarding list of port 1 0 5 124
• Loopback detection configuration 125
• Using the gui 125
• In the port config section select one or more ports to configure the loopback detection parameters then click apply 126
• Optional view the loopback detection information 126
• Follow these steps to configure loopback detection 127
• Using the cli 127
• Configuration examples 129
• Configuration scheme 129
• Example for port isolation 129
• Network requirements 129
• Using the gui 129
• Using the cli 131
• Verify the configuration 131
• Configuration scheme 132
• Example for loopback detection 132
• Network requirements 132
• Using the gui 133
• Using the cli 134
• Verify the configuration 134
• Appendix default parameters 135
• Default settings of switching are listed in th following tables 135
• Chapters 136
• Configuring lag 136
• Part 4 136
• Overview 137
• Static lag 137
• Supported features 137
• Configuration guidelines 138
• Lag configuration 138
• Configuring load balancing algorithm 139
• In the global config section select the load balancing algorithm hash algorithm then click apply 139
• Lag table to load the following page 139
• Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 139
• Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address you can set the algorithm 139
• Using the gui 139
• Configuring static lag or lacp 140
• Configuring lacp 141
• Follow these steps to configure lacp 141
• Lacp to load the following page 141
• Select member ports for the lag and configure the related parameters click apply 141
• Specify the system priority for the switch and click apply 141
• Configuring load balancing algorithm 142
• Follow these steps to configure the load balancing algorithm 142
• Using the cli 142
• Configuring static lag or lacp 143
• Etherchannel load balancing addresses used per protocol 143
• Etherchannel load balancing configuration src dst mac 143
• Ipv4 source xor destination mac address 143
• Ipv6 source xor destination mac address 143
• Non ip source xor destination mac address 143
• Switch config end 143
• Switch config port channel load balance src dst mac 143
• Switch config show etherchannel load balance 143
• Switch configure 143
• Switch copy running config startup config 143
• The following example shows how to set the global load balancing mode as src dst mac 143
• You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 143
• Configuring static lag 144
• Flags d down p bundled in port channel u in use 144
• Follow these steps to configure static lag 144
• Group port channel protocol ports 144
• I stand alone h hot standby lacp only s suspended 144
• Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 144
• R layer3 s layer2 f failed to allocate aggregator 144
• Switch config if range channel group 2 mode on 144
• Switch config if range end 144
• Switch config if range show etherchannel 2 summary 144
• Switch config interface range gigabitethernet 1 0 5 8 144
• Switch configure 144
• Switch copy running config startup config 144
• The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 144
• U unsuitable for bundling w waiting to be aggregated d default port 144
• Configuring lacp 145
• Follow these steps to configure lacp 145
• Configuration example 147
• Configuration scheme 147
• Network requirements 147
• Using the gui 148
• Using the cli 149
• Verify the configuration 149
• Appendix default parameters 151
• Default settings of switching are listed in the following tables 151
• Chapters 152
• Configuring ddm 152
• Part 5 152
• Overview 153
• Configuring ddm globally 154
• Ddm configuration 154
• Using the gui 154
• Click apply 155
• Configuring the temperature threshold 155
• Configuring the threshold 155
• Follow these steps to configure ddm s temperature threshold 155
• In the temperature table select one or more sfp ports to configure temperature threshold of the sfp ports 155
• Threshold config to load the following page 155
• Click apply 156
• Configuring the voltage threshold 156
• Follow these steps to configure ddm s voltage threshold 156
• In the voltage table select one or more sfp ports to configure voltage threshold on the sfp ports 156
• Click apply 157
• Configuring the bias current threshold 157
• Follow these steps to configure ddm s bias current threshold 157
• In the bias current table select one or more sfp ports to configure bias current threshold on the sfp ports 157
• Click apply 158
• Configuring the rx power threshold 158
• Follow these steps to configure ddm s rx power threshold 158
• In the rx power table select one or more sfp ports to configure rx power threshold on the sfp ports 158
• Click apply 159
• Configuring the tx power threshold 159
• Follow these steps to configure ddm s tx power threshold 159
• In the tx power table select one or more sfp ports to configure tx power threshold on the sfp ports 159
• Configuring ddm globally 160
• Ddm status to load the following page 160
• Follow these steps to enable ddm on specified sfp ports 160
• In the port config table view the current operating parameters for the sfp modules inserted into the sfp ports 160
• Using the cli 160
• Viewing ddm status 160
• Configuring ddm shutdown 161
• Ddm status ddm status shutdown 161
• Follow these steps to configure settings for shutting down sfp ports when the alarm threshold or warning threshold is exceeded 161
• Gi1 0 25 enable none 161
• Switch config if ddm state enable 161
• Switch config if end 161
• Switch config if show ddm configuration state 161
• Switch config interface gigabitethernet 1 0 25 161
• Switch configure 161
• Switch copy running config startup config 161
• The following example shows how to enable ddm status on sfp port 1 0 25 161
• Configuring temperature threshold 162
• Configuring the threshold 162
• Ddm status ddm status shutdown 162
• Follow these steps to configure the threshold of the ddm temperature on the specified sfp port 162
• Gi1 0 25 enable warning 162
• Switch config if ddm shutdown warning 162
• Switch config if end 162
• Switch config if show ddm configuration state 162
• Switch config interface gigabitethernet 1 0 25 162
• Switch configure 162
• Switch copy running config startup config 162
• The following example shows how to set sfp port 1 0 25 to shut down when the warning threshold is exceeded 162
• Gi1 0 27 110 00000 163
• High alarm high alarm low alarm high warning low warning 163
• Switch config if ddm temperature_threshold high_alarm 110 163
• Switch config if end 163
• Switch config if show ddm configuration temperature 163
• Switch config interface gigabitethernet 1 0 27 163
• Switch configure 163
• Switch copy running config startup config 163
• Temperature threshold celsius 163
• The following example shows how to set sfp port 1 0 27 s high alarm temperature threshold as 110 celsius 163
• Configuring voltage threshold 164
• Follow these steps to configure the threshold of the ddm voltage on the specified sfp port 164
• Gi1 0 27 5 00000 164
• High alarm high alarm low alarm high warning low warning 164
• Switch config if ddm vlotage_threshold high_alarm 5 164
• Switch config if show ddm configuration voltage 164
• Switch config interface gigabitethernet 1 0 27 164
• Switch configure 164
• The following example shows how to set sfp port 1 0 27 s high alarm threshold voltage as 5 v 164
• Voltage threshold v 164
• Configuring bias current threshold 165
• Follow these steps to configure the threshold of the ddm bias current on the specified sfp port 165
• High alarm high alarm low alarm high warning low warning 165
• Switch config if ddm vlotage_threshold high_alarm 120 165
• Switch config if end 165
• Switch config if show ddm configuration bias_current 165
• Switch config interface gigabitethernet 1 0 17 165
• Switch configure 165
• Switch copy running config startup config 165
• The following example shows how to set sfp port 1 0 27 s high alarm threshold bias current as 120 ma 165
• Voltage threshold v 165
• Configuring rx power threshold 166
• Follow these steps to configure the threshold of the ddm rx power on the specified sfp port 166
• Gi1 0 27 120 00000 166
• Switch config if ddm rx_power_threshold high_alarm 6 166
• Switch config if end 166
• Switch config if show ddm configuration rx_power 166
• Switch config interface gigabitethernet 1 0 27 166
• Switch configure 166
• Switch copy running config startup config 166
• The following example shows how to set sfp port 1 0 27 s high alarm threshold rx power as 6 mw 166
• Configuring tx power threshold 167
• Follow these steps to configure the threshold of the ddm tx power on the specified sfp port 167
• Gi1 0 27 6 00000 167
• High alarm high alarm low alarm high warning low warning 167
• Rx power threshold mw 167
• Switch config if end 167
• Switch configure 167
• Switch copy running config startup config 167
• The following example shows how to set sfp port 1 0 27 s high alarm threshold tx power as 6 mw 167
• Viewing ddm configuration 168
• Viewing ddm status 169
• Appendix default parameters 170
• Default settings of ddm are listed in the following table 170
• Chapters 171
• Managing mac address table 171
• Part 6 171
• Address configurations 172
• Mac address table 172
• Overview 172
• Supported features 172
• Security configurations 173
• Adding static mac address entries 174
• Address configurations 174
• Using the gui 174
• Click apply 176
• Dynamic address to load the following page 176
• Follow these steps to modify the aging time of dynamic address entries 176
• In the aging config section enable auto aging and enter your desired length of time 176
• Modifying the aging time of dynamic address entries 176
• Adding mac filtering address entries 177
• Viewing address table entries 177
• Adding static mac address entries 178
• Address table and click 178
• Follow these steps to add static mac address entries 178
• To load the following page 178
• Using the cli 178
• Modifying the aging time of dynamic address entries 179
• Adding mac filtering address entries 180
• Aging time is 500 sec 180
• Follow these steps to add mac filtering address entries 180
• Switch config end 180
• Switch config mac address table aging time 500 180
• Switch config show mac address table aging time 180
• Switch configure 180
• Switch copy running config startup config 180
• The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 180
• Configuring mac notification traps 182
• Security configurations 182
• Using the gui 182
• Limiting the number of mac addresses learned in vlans 183
• Choose the mode that the switch adopts when the maximum number of mac addresses in the specified vlan is exceeded 184
• Click create 184
• Configuring mac notification traps 184
• Follow these steps to configure mac notification traps 184
• Using the cli 184
• 100 0 drop 186
• Follow these steps to limit the number of mac addresses in vlans 186
• Limiting the number of mac addresses in vlans 186
• Switch config end 186
• Switch config mac address table security vid 10 max learn 100 drop 186
• Switch config show mac address table security vid 10 186
• Switch configure 186
• Switch copy running config startup config 186
• The following example shows how to limit the number of mac addresses to 100 in vlan 10 and configure the switch to drop packets of new source mac addresses when the limit is exceeded 186
• Vlanid max learn current learn status 186
• Configuration scheme 187
• Example for security configurations 187
• Network requirements 187
• Using the gui 188
• Using the cli 189
• Verify the configurations 189
• Appendix default parameters 190
• Default settings of the mac address table are listed in the following tables 190
• Chapters 191
• Configuring 802 q vlan 191
• Part 7 191
• Overview 192
• Configuring the pvid of the port 193
• Q vlan configuration 193
• Using the gui 193
• Configuring the vlan 195
• Enter a vlan id and a description for identification to create a vlan 195
• Follow these steps to configure vlan 195
• Select the untagged port s and the tagged port s respectively to add to the created vlan based on the network topology 195
• To load the following page to load the following page 195
• Vlan config and click 195
• Click apply 196
• Creating a vlan 196
• Follow these steps to create a vlan 196
• Switch config vlan 2 196
• Switch config vlan name rd 196
• Switch config vlan show vlan id 2 196
• Switch configure 196
• The following example shows how to create vlan 2 and name it as rd 196
• Using the cli 196
• Configuring the port 197
• Follow these steps to configure the port 197
• Rd active 197
• Switch config if switchport pvid 2 197
• Switch config interface gigabitethernet 1 0 5 197
• Switch config vlan end 197
• Switch configure 197
• Switch copy running config startup config 197
• The following example shows how to configure the pvid of port 1 0 5 as 2 enable the ingress checking and set the acceptable frame type as all 197
• Vlan name status ports 197
• Acceptable frame type all 198
• Adding the port to the specified vlan 198
• Follow these steps to add the port to the specified vlan 198
• Ingress checking enable 198
• Link type general 198
• Member in lag n a 198
• Member in vlan 198
• Port gi1 0 5 198
• Pvid 2 198
• Switch config if end 198
• Switch config if show interface switchport gigabitethernet 1 0 5 198
• Switch config if switchport acceptable frame all 198
• Switch config if switchport check ingress 198
• Switch copy running config startup config 198
• System vlan untagged 198
• Vlan name egress rule 198
• Configuration example 200
• Configuration scheme 200
• Network requirements 200
• Demonstrated with t2600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 201
• Network topology 201
• The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 as an example 201
• The figure below shows the network topology host a1 and host a2 are in department a while host b1 and host b2 are in department b switch 1 and switch 2 are located in two different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 201
• To load the following page create vlan 10 with the description of department_a add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to vlan 10 click create 201
• Using the gui 201
• Vlan config and 201
• Using the cli 204
• Verify the configurations 205
• Appendix default parameters 207
• Default settings of 802 q vlan are listed in the following table 207
• Chapters 208
• Configuring mac vlan 208
• Part 8 208
• Overview 209
• Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 209
• The figure below shows a common application scenario of mac vlan 209
• Two departments share all the meeting rooms in the company but use different servers and l 209
• Vlan is generally divided by ports it is a common way of division but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office at different times a terminal device may access the network via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their mac vlans even when their access ports change 209
• Binding the mac address to the vlan 210
• Configuring 802 q vlan 210
• Mac vlan configuration 210
• Using the gui 210
• Enabling mac vlan for the port 211
• 19 56 8a 4c 71 dept a 10 212
• Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 212
• Binding the mac address to the vlan 212
• Configuring 802 q vlan 212
• Follow these steps to bind the mac address to the vlan 212
• Mac addr name vlan id 212
• Switch config end 212
• Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 212
• Switch config show mac vlan vlan 10 212
• Switch configure 212
• Switch copy running config startup config 212
• The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 212
• Using the cli 212
• Enabling mac vlan for the port 213
• Follow these steps to enable mac vlan for the port 213
• Gi1 0 1 enable 213
• Gi1 0 2 disable 213
• Port status 213
• Switch config if end 213
• Switch config if mac vlan 213
• Switch config if show mac vlan interface 213
• Switch config interface gigabitethernet 1 0 1 213
• Switch configure 213
• Switch copy running config startup config 213
• The following example shows how to enable mac vlan for port 1 0 1 213
• Configuration example 214
• Configuration scheme 214
• Create vlan 10 and vlan 20 on each of the three switches and add the ports to the vlans based on the network topology for the ports connecting to the laptops set the 214
• Network requirements 214
• Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 214
• You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 214
• Using the gui 215
• Using the cli 220
• Verify the configurations 222
• Appendix default parameters 224
• Default settings of mac vlan are listed in the following table 224
• Chapters 225
• Configuring protocol vlan 225
• Part 9 225
• Overview 226
• Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze specific fields of received packets encapsulate the packets in specific formats and forward the packets with different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services 226
• The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 226
• Configuring 802 q vlan 227
• Protocol vlan configuration 227
• Using the gui 227
• Check whether your desired template already exists in the protocol template config 228
• Creating protocol template 228
• Follow these steps to create a protocol template 228
• Protocol template to load the following page 228
• Section if not click 228
• To create a new template 228
• Click create 229
• Configuring protocol vlan 229
• Follow these steps to configure the protocol group 229
• In the protocol group config section specify the following parameters 229
• Protocol vlan group and 229
• To load the following page 229
• Before configuring protocol vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 230
• Configuring 802 q vlan 230
• Creating a protocol template 230
• Follow these steps to create a protocol template 230
• Select the desired ports click create 230
• Using the cli 230
• Arp ethernetii ether type 0806 231
• At snap ether type 809b 231
• Configuring protocol vlan 231
• Follow these steps to configure protocol vlan 231
• Index protocol name protocol type 231
• Ip ethernetii ether type 0800 231
• Ipv6 ethernetii ether type 86dd 231
• Ipx snap ether type 8137 231
• Rarp ethernetii ether type 8035 231
• Switch config end 231
• Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 231
• Switch config show protocol vlan template 231
• Switch configure 231
• Switch copy running config startup config 231
• The following example shows how to create an ipv6 protocol template 231
• Arp ethernetii ether type 0806 232
• At snap ether type 809b 232
• Index protocol name protocol type 232
• Index protocol name vid priority member 232
• Ip ethernetii ether type 0800 232
• Ipv6 10 0 232
• Ipv6 ethernetii ether type 86dd 232
• Ipx snap ether type 8137 232
• Rarp ethernetii ether type 8035 232
• Switch config if protocol vlan group 1 232
• Switch config if show protocol vlan vlan 232
• Switch config interface gigabitethernet 1 0 2 232
• Switch config protocol vlan vlan 10 priority 5 template 6 232
• Switch config show protocol vlan template 232
• Switch config show protocol vlan vlan 232
• Switch configure 232
• The following example shows how to bind the ipv6 protocol template to vlan 10 and add port 1 0 2 to protocol vlan 232
• A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 234
• Configuration example 234
• Configuration scheme 234
• Network requirements 234
• The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 234
• You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 234
• Using the gui 236
• To save the settings 241
• Using the cli 242
• Verify the configurations 244
• Appendix default parameters 246
• Default settings of protocol vlan are listed in the following table 246
• Chapters 247
• Configuring vlan vpn 247
• Part 10 247
• Overview 248
• Vlan vpn 248
• Basic vlan vpn 249
• Flexible vlan vpn 249
• Supported features 249
• Basic vlan vpn configuration 250
• Configuring 802 q vlan 250
• Using the gui 250
• Configuring basic vlan vpn 251
• Before configuring vlan vpn create 802 q vlan add ports to corresponding vlans and configure ingress checking on ports according to your needs for details refer to configuring 802 q vlan 252
• Configuring 802 q vlan 252
• Configuring basic vlan vpn 252
• Follow these steps to configure basic vlan vpn 252
• Using the cli 252
• Switch config dot1q tunnel 253
• Switch configure 253
• The following example shows how to enable the vlan vpn feature globally set port 1 0 1 of switch as the uni port and 1 0 2 as the nni port 253
• Configuration guidelines 255
• Flexible vlan vpn configuration 255
• Using the gui 255
• Click create 256
• Follow these steps to configure flexible vlan vpn 256
• Using the cli 256
• Gi1 0 3 15 1040 mapping1 257
• Mapping mode enabled 257
• Port c vlan sp vlan name 257
• Switch config dot1q tunnel mapping 257
• Switch config if end 257
• Switch config if show dot1q tunnel mapping 257
• Switch config if switchport dot1q tunnel mapping 15 1040 mapping1 257
• Switch config interface gigabitethernet 1 0 3 257
• Switch config show dot1q tunnel 257
• Switch configure 257
• Switch copy running config startup config 257
• The following example shows how to enable vlan mapping and set a vlan mapping entry named mapping1 on port 1 0 3 to map customer network vlan 15 to isp network vlan 1040 257
• Vlan vpn mode enabled 257
• Configuration example 258
• Configuration scheme 258
• Configure 802 q vlan before vlan vpn configuration create isp network vlan 1050 on the switch and add tagged port1 0 1 and untagged port 1 0 2 to the vlan create client network vlan 100 and vlan 200 and add tagged port 1 0 2 to both the vlans set the pvid of port 1 0 1 and port 1 0 2 as 1050 258
• Demonstrated with t2600g 28ts this chapter provides configuration procedures in two ways using the gui and using the cli 258
• Enable the vpn feature globally 258
• Figure 4 1 shows the network topology switches of the two divisions are connected to customer networks vlan 100 and vlan 200 respectively and they communicate across isp network vlan 1050 devices in the isp network adopt tpid value 0x9100 258
• Network requirements 258
• Set port 1 0 1 as the nni port and port 1 0 2 as the uni port specify the tpid as 0x9100 for the ports 258
• Two divisions of the company are located in different areas and have to communicate across an isp network a normal communication is required 258
• Users can configure vlan vpn on switch 1 and switch 2 to allow packets sent with double vlan tags and thus ensure the communication between them the general configuration procedure is as follows 258
• Using the gui 259
• Using the cli 263
• Verify the configurations 264
• Appendix default parameters 266
• Default settings of vlan vpn are listed in the following table 266
• Chapters 267
• Configuring gvrp 267
• Part 11 267
• Gvrp garp vlan registration protocol is a garp generic attribute registration protocol application that allows registration and deregistration of vlan attribute values and dynamic vlan creation 268
• Overview 268
• The configuration may seem easy in this situation however for a larger or more complex network such manual configuration would be time costing and fallible gvrp can be used to implement dynamic vlan configuration with gvrp the switch can exchange vlan configuration information with the adjacent gvrp switches and dynamically create and manage the vlans this reduces vlan configuration workload and ensures correct vlan configuration 268
• Without gvrp operating configuring the same vlan on a network would require manual configuration on each device as shown in figure 1 1 switch a b and c are connected through trunk ports vlan 10 is configured on switch a and vlan 1 is configured on switch b and switch c switch c can receive messages sent from switch a in vlan 10 only when the network administrator has manually created vlan 10 on switch b and switch c 268
• Configuration guidelines 269
• Gvrp configuration 269
• Follow these steps to configure gvrp 270
• Gvrp config to load the following page 270
• In the gvrp section enable gvrp globally then click apply 270
• In the port config section select one or more ports set the status as enable and configure the related parameters according to your needs 270
• Using the gui 270
• Click apply 271
• Using the cli 271
• Configuration example 274
• Configuration scheme 274
• Demonstrated with t2600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 274
• Department a and department b of a company are connected using switches offices of one department are distributed on different floors as shown in figure 3 1 the network topology is complicated configuration of the same vlan on different switches is required so that computers in the same department can communicate with each other 274
• Network requirements 274
• The two departments are in separate vlans to make sure the switches only dynamically create vlan of their own department you need to set the registration mode for ports on switch 1 to switch 4 as fixed to prevents dynamic registration and deregistration of vlans and allow the port to transmit only the static vlan registration information 274
• To configure dynamic vlan creation on other switches set the registration mode of the corresponding ports as normal to allow dynamic registration and deregistration of vlans 274
• To reduce manual configuration and maintenance workload gvrp can be enabled to implement dynamic vlan registration and update on the switches 274
• When configuring gvrp please note the following 274
• Using the gui 275
• Using the cli 279
• Verify the configuration 281
• Appendix default parameters 283
• Default settings of gvrp are listed in the following tables 283
• Chapters 284
• Configuring private vlan 284
• Part 12 284
• Overview 285
• If private vlan is configured on switch b switch a only needs to recognize primary vlan vlan5 and end users can be isolated by secondary vlans vlan2 vlan3 and vlan4 saving vlan resources for switch a 286
• Private vlan configurations 287
• Using the gui 287
• Click create 288
• Creating private vlan 288
• Enter the ids of primary vlan and secondary vlan and select secondary vlan type 288
• Follow these steps to create private vlan 288
• Select promiscuous ports and host ports to be added to the private vlan 288
• Using the cli 288
• Community 290
• Configuring the up link port 290
• Follow these steps to add up link ports to private vlan 290
• Primary secondary type ports 290
• Switch config end 290
• Switch config show vlan private vlan 290
• Switch config vlan 5 290
• Switch config vlan 6 290
• Switch config vlan exit 290
• Switch config vlan private vlan association 5 290
• Switch config vlan private vlan community 290
• Switch config vlan private vlan primary 290
• Switch configure 290
• Switch copy running config startup config 290
• The following example shows how to create primary vlan 6 and secondary vlan 5 set the secondary vlan type as community and pair primary vlan 6 with secondary vlan 5 as a private vlan 290
• Community gi1 0 2 291
• Port type 291
• Primary secondary type ports 291
• Switch config if exit 291
• Switch config if switchport private vlan promiscuous 291
• Switch config interface gigabitethernet 1 0 2 291
• Switch config show vlan private vlan 291
• Switch config show vlan private vlan interface gigabitethernet 1 0 2 291
• Switch configure 291
• Swtich config if switchport private vlan mapping 6 5 291
• The following example shows how to configure the port type of port 1 0 2 as promiscuous and add it to the private vlan composed of primary vlan 6 and secondary vlan 5 291
• Configuring the down link port 292
• Follow these steps to add down link ports to private vlan 292
• Gi1 0 2 promiscuous 292
• Switch config end 292
• Switch configure 292
• Switch copy running config startup config 292
• The following example shows how to configure the port type of port 1 0 3 as host and add it to the private vlan composed of primary vlan 6 and secondary vlan 5 292
• Configuration example 294
• Configuration scheme 294
• Network requirements 294
• Network topology 294
• Configurations for switch a 295
• Private vlan and click 295
• To load the following page create primary vlan 6 and secondary vlan 5 select community as the secondary vlan type add promiscuous port 1 0 2 and host port 1 0 10 to private vlan 295
• Using the gui 295
• Using the cli 299
• Verify the configurations 301
• Appendix default parameters 303
• Default settings of private vlan are listed in the following tables 303
• Chapters 304
• Configuring layer 2 multicast 304
• Part 13 304
• Layer 2 multicast 305
• Overview 305
• A member port is a port on snooping switch that is connecting to the host 306
• A router port is a port on snooping switch that is connecting to the igmp querier 306
• A snooping switch indicates a switch with igmp snooping enabled the switch maintains a multicast forwarding table by snooping on the igmp transmissions between the host and the querier with the multicast forwarding table the switch can forward multicast data only to the ports that are in the corresponding multicast group so as to constrain the flooding of multicast data in the layer 2 network 306
• An igmp querier is a multicast router a router or a layer 3 switch that sends query messages to maintain a list of multicast group memberships for each attached network and a timer for each membership 306
• Demonstrated as below 306
• Igmp querier 306
• Member port 306
• Normally only one device acts as querier per physical network if there are more than one multicast router in the network a querier election process will be implemented to determine which one acts as the querier 306
• Router port 306
• Snooping switch 306
• The following basic concepts of igmp snooping will be introduced igmp querier snooping switch router port and member port 306
• Layer 2 multicast protocol for ipv4 igmp snooping 307
• Layer 2 multicast protocol for ipv6 mld snooping 307
• Multicast filtering 307
• Multicast vlan registration mvr 307
• Supported features 307
• Configuring igmp snooping globally 308
• Igmp snooping configuration 308
• Using the gui 308
• And click 309
• Before configuring igmp snooping for vlans set up the vlans that the router ports and the member ports are in for details please refer to configuring 802 q vlan 309
• Choose the menu 309
• Click apply 309
• Configuring igmp snooping for vlans 309
• Global config 309
• Igmp vlan confi 309
• In your desired vlan entry in the 309
• Section to load the following page 309
• The switch supports configuring igmp snooping on a per vlan basis after igmp snooping is enabled globally you also need to enable igmp snooping and configure the corresponding parameters for the vlans that the router ports and the member ports are in 309
• Enable igmp snooping for the vlan and configure the corresponding parameters 310
• Follow these steps to configure igmp snooping for a specific vlan 310
• Click save 312
• Click apply 313
• Configuring hosts to statically join a group 313
• Configuring igmp snooping for ports 313
• Enable igmp snooping for the port and enable fast leave if there is only one receiver connected to the port 313
• Follow these steps to configure igmp snooping for ports 313
• Following page 313
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 313
• Port confi 313
• To load the 313
• Configuring igmp accounting and authentication features 314
• Configuring igmp snooping globally 316
• Follow these steps to configure igmp snooping globally 316
• Using the cli 316
• Configuring igmp snooping for vlans 317
• Switch config ip igmp snooping vlan config 1 mtime 300 320
• Switch config ip igmp snooping vlan config 1 rtime 320 320
• Switch configure 320
• The following example shows how to enable igmp snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 320
• Configuring igmp snooping for ports 322
• Follow these steps to configure igmp snooping for ports 322
• General query source ip 192 68 322
• Last member query count 3 322
• Switch config end 322
• Switch config if range ip igmp snooping 322
• Switch config interface range gigabitehternet 1 0 1 3 322
• Switch configure 322
• Switch copy running config startup config 322
• The following example shows how to enable igmp snooping and fast leave for port 1 0 1 3 322
• Configuring hosts to statically join a group 323
• 2 static gi1 0 1 3 324
• Configuring igmp accounting and authentication features 324
• Follow these steps to add the radius server and enable igmp accounting globally 324
• Multicast ip vlan id addr type switch port 324
• Switch config end 324
• Switch config show ip igmp snooping groups static 324
• Switch copy running config startup config 324
• To use these features you need to set up a radius server and configure add the radius server for the switch 324
• You can enable igmp accounting and authentication according to your need igmp accounting is configured globally and igmp authentication can be enabled on a per port basis 324
• Enable port gi1 0 1 28 po1 14 325
• Enable vlan 325
• Follow these steps to enable igmp authentication for ports 325
• Global authentication accounting enable 325
• Switch config ip igmp snooping accounting 325
• Switch config show ip igmp snooping 325
• Switch configure 325
• The following example shows how to enable igmp accounting globally 325
• Configuring mld snooping globally 327
• Mld snooping configuration 327
• Using the gui 327
• Configuring mld snooping for vlans 328
• Click save 330
• Click apply 331
• Configuring hosts to statically join a group 331
• Configuring mld snooping for ports 331
• Enable mld snooping for the port and enable fast leave if there is only one receiver connected to the port 331
• Follow these steps to configure mld snooping for ports 331
• Following page 331
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 331
• Port config to load the 331
• Choose the menu 332
• Click create 332
• Configuring mld snooping globally 332
• Follow these steps to configure hosts to statically join a group 332
• Follow these steps to configure mld snooping globally 332
• Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 332
• Static group config 332
• To load the following page 332
• Using the cli 332
• Configuring mld snooping for vlans 333
• Follow these steps to configure mld snooping for vlans 334
• Switch config ipv6 mld snooping vlan config 1 immediate leave 336
• Switch config ipv6 mld snooping vlan config 1 mtime 300 336
• Switch config ipv6 mld snooping vlan config 1 report suppression 336
• Switch config ipv6 mld snooping vlan config 1 rtime 320 336
• Switch configure 336
• The following example shows how to enable mld snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 336
• Configuring mld snooping for ports 338
• Follow these steps to configure mld snooping for ports 338
• Switch config end 338
• Switch config if range ipv6 mld snooping 338
• Switch config if range ipv6 mld snooping immediate leave 338
• Switch config if range show ipv6 mld snooping interface gigabitethernet 1 0 1 3 338
• Switch config interface range gigabitehternet 1 0 1 3 338
• Switch configure 338
• Switch copy running config startup config 338
• The following example shows how to enable mld snooping and fast leave for port 1 0 1 3 338
• Configuring hosts to statically join a group 339
• Follow these steps to configure hosts to statically join a group 339
• Gi1 0 1 enable enable 339
• Gi1 0 2 enable enable 339
• Gi1 0 3 enable enable 339
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 339
• Port mld snooping fast leave 339
• Switch config if range end 339
• Switch config ipv6 mld snooping vlan config 2 static ff80 1001 interface gigabitethernet 1 0 1 3 339
• Switch config show ipv6 mld snooping groups static 339
• Switch configure 339
• Switch copy running config startup config 339
• The following example shows how to configure port 1 0 1 3 in vlan 2 to statically join the multicast group ff80 1001 339
• Configuring 802 q vlans 341
• Mvr configuration 341
• Using the gui 341
• Choose the menu 342
• Click apply 342
• Configuring mvr globally 342
• Enable mvr globally and configure the global parameters 342
• Follow these steps to configure mvr globally 342
• Mvr config 342
• To load the following page 342
• Adding multicast groups to mvr 343
• And click 343
• Click create 343
• Follow these steps to add multicast groups to mvr 343
• Mvr group config 343
• Specify the ip address of the multicast groups 343
• Then the added multicast groups will appear in the mvr group table as the following figure shows 343
• To load the following page 343
• You need to manually add multicast groups to the mvr choose the menu 343
• Choose the menu 344
• Configuring mvr for the port 344
• Enable mvr and configure the port type and fast leave feature for the port 344
• Follow these steps to add multicast groups to mvr 344
• Port config 344
• Select one or more ports to configure 344
• To load the following page 344
• And click 345
• Choose the menu 345
• Click apply 345
• Optional adding ports to mvr groups statically 345
• Static group members 345
• You can add only receiver ports to mvr groups statically the switch adds or removes receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts you can also statically add a receiver port to an mvr group 345
• Your desired mvr group entry to load the following page 345
• Before configuring mvr create an 802 q vlan as the multicast vlan add the all source ports to the multicast vlan as tagged ports configure 802 q vlans for the receiver ports according to network requirements note that receiver ports can only belong to one vlan and cannot be added to the multicast vlan for details refer to configuring 802 q vlan 346
• Click save 346
• Configuring 802 q vlans 346
• Configuring mvr globally 346
• Follow these steps to configure mvr globally 346
• Follow these steps to statically add ports to an mvr group 346
• Select the ports to add them to the mvr group 346
• Using the cli 346
• Mvr current multicast groups 3 347
• Mvr enable 347
• Mvr max multicast groups 256 347
• Mvr multicast vlan 2 347
• Switch config mvr group 239 3 347
• Switch config mvr mode compatible 347
• Switch config mvr querytime 5 347
• Switch config mvr vlan 2 347
• Switch config show mvr 347
• Switch configure 347
• The following example shows how to enable mvr globally and configure the mvr mode as compatible the multicast vlan as vlan 2 and the query response time as 5 tenths of a second then add 239 239 to mvr group 347
• Active 348
• Configuring mvr for the ports 348
• Follow these steps to configure mld snooping globally 348
• Mvr global query response time 5 tenths of sec 348
• Mvr group ip status members 348
• Mvr mode type compatible 348
• Switch config end 348
• Switch config show mvr members 348
• Switch copy running config startup config 348
• Port mode type status immediate leave 349
• Switch config if exit 349
• Switch config if mvr 349
• Switch config if mvr type source 349
• Switch config if range mvr 349
• Switch config if range mvr immediate 349
• Switch config if range mvr type receiver 349
• Switch config if range mvr vlan 2 group 239 349
• Switch config if range show mvr interface gigabitetnernet 1 0 1 3 1 0 7 349
• Switch config interface gigabitethernet 1 0 7 349
• Switch config interface range gigabitethernet 1 0 1 3 349
• Switch configure 349
• The following example shows how to configure port 1 0 7 as source port and port 1 0 1 3 as receiver ports then statically add port 1 0 1 3 to group 239 and enable mvr fast leave for these ports the multicast vlan is vlan 2 349
• Creating the multicast profile 351
• Multicast filtering configuration 351
• Using the gui 351
• Follow these steps to create a profile 352
• In the general config section specify the profile id and mode 352
• In the ip range section click 352
• To load the following page configure the start ip address and end ip address of the multicast groups to be filtered and click create 352
• Configure multicast filtering for ports 353
• Click apply 354
• Creating igmp profile multicast profile for ipv4 354
• Creating the multicast profile 354
• Follow these steps to bind the profile to ports and configure the corresponding parameters for the ports 354
• Select one or more ports to configure 354
• Specify the profile to be bound and configure the maximum groups the port can join and the overflow action 354
• Using the cli 354
• You can create multicast profiles for both ipv4 and ipv6 network with multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources 354
• Creating mld profile multicast profile for ipv6 355
• Deny deny 355
• Igmp profile 1 355
• Range 226 226 0 range 226 226 0 355
• Switch config end 355
• Switch config igmp profile deny 355
• Switch config igmp profile range 226 226 0 355
• Switch config igmp profile show ip igmp profile 355
• Switch config ip igmp profile 1 355
• Switch config ip igmp snooping 355
• Switch configure 355
• Switch copy running config startup config 355
• The following example shows how to configure profile 1 so that the switch filters multicast streams sent to 226 226 0 355
• Deny deny 356
• Mld profile 1 356
• Range ff01 1234 5 ff01 1234 8 range ff01 1234 5 ff01 1234 8 356
• Switch config end 356
• Switch config ipv6 mld profile 1 356
• Switch config ipv6 mld snooping 356
• Switch config mld profile deny 356
• Switch config mld profile range ff01 1234 5 ff01 1234 8 356
• Switch config mld profile show ipv6 mld profile 356
• Switch configure 356
• Switch copy running config startup config 356
• The following example shows how to configure profile 1 so that the switch filters multicast streams sent to ff01 1234 5 ff01 1234 8 356
• Binding the igmp profile to ports 357
• Binding the profile to ports 357
• You can bind the created igmp profile or mld profile to ports and configure the number of multicast groups a port can join and the overflow action 357
• Binding the mld profile to ports 358
• Binding port s binding port s 359
• Mld profile 1 359
• Switch config if ipv6 mld filter 1 359
• Switch config if ipv6 mld snooping 359
• Switch config if ipv6 mld snooping max groups 50 359
• Switch config if ipv6 mld snooping max groups action drop 359
• Switch config if show ipv6 mld profile 359
• Switch config interface gigabitethernet 1 0 2 359
• Switch configure 359
• The following example shows how to bind the existing profile 1 to port 1 0 2 and specify the maximum number of multicast groups that port 1 0 2 can join as 50 and the overflow action as drop 359
• Using the gui 361
• Viewing ipv4 multicast table 361
• Viewing multicast snooping information 361
• Follow these steps to view ipv4 multicast statistics on each port 362
• In the port statistics section view ipv4 multicast statistics on each port 362
• Ipv4 multicast statistics to load the following page 362
• To get the real time multicast statistics enable auto refresh or click refresh 362
• Viewing ipv4 multicast statistics on each port 362
• Ipv6 multicast table to load the following pag 363
• The multicast ip address table shows all valid multicast ip vlan port entries 363
• Viewing ipv6 multicast table 363
• Follow these steps to view ipv6 multicast statistics on each port 364
• In the port statistics section view ipv6 multicast statistics on each port 364
• Ipv6 multicast statistics to load the following page 364
• To get the real time ipv6 multicast statistics enable auto refresh or click refresh 364
• Viewing ipv6 multicast statistics on each port 364
• Using the cli 365
• Viewing ipv4 multicast snooping information 365
• Viewing ipv6 multicast snooping configurations 365
• Configuration examples 366
• Configuration scheme 366
• Example for configuring basic igmp snooping 366
• Network requirements 366
• Using the gui 367
• Using the cli 369
• Verify the configurations 370
• Example for configuring mvr 371
• Network requirements 371
• Network topology 371
• Add port 1 0 1 3 to vlan 10 vlan 20 and vlan 30 as untagged ports respectively and configure the pvid of port 1 0 1 as 10 port 1 0 2 as 20 port 1 0 3 as 30 make sure port1 0 1 3 only belong to vlan 10 vlan 20 and vlan 30 respectively for details refer to configuring 802 q vlan 372
• As the hosts are in different vlans in igmp snooping the querier need to duplicate multicast streams for hosts in each vlan to avoid duplication of multicast streams being sent between querier and the switch you can configure mvr on the switch 372
• Configuration scheme 372
• Demonstrated with t2600g 28ts this section provides configuration procedures in two ways using the gui and using the cli 372
• Internet 372
• The switch can work in either mvr compatible mode or mvr dynamic mode when in compatible mode remember to statically configure the querier to transmit the streams of multicast group 225 to the switch via the multicast vlan here we take the mvr dynamic mode as an example 372
• Using the gui 372
• To load the following page create vlan 40 and add port 1 0 4 to the vlan as tagged port 373
• Vlan config and click 373
• Using the cli 375
• Verify the configurations 377
• Example for configuring unknown multicast and fast leave 378
• Network requirement 378
• Configuration scheme 379
• Using the gui 379
• In the igmp vlan config section click 380
• In vlan 10 to load the following page enable igmp snooping for vlan 10 380
• Using the cli 381
• Configuration scheme 382
• Example for configuring multicast filtering 382
• Network requirements 382
• Verify the configurations 382
• As shown in the following network topology host b is connected to port 1 0 1 host c is connected to port 1 0 2 and host d is connected to port 1 0 3 they are all in vlan 10 383
• Create vlan 10 add port 1 0 1 3 to the vlan as untagged port and port 1 0 4 as tagged port configure the pvid of the four ports as 10 for details refer to configuring 802 q vlan 383
• Demonstrated with t2600g 28ts this section provides configuration procedures in two ways using the gui and using the cli 383
• Global config to load the following page in the global config section enable igmp snooping globally 383
• Internet 383
• Network topology 383
• Using the gui 383
• In the igmp vlan config section click 384
• In vlan 10 to load the following page enable igmp snooping for vlan 10 384
• Using the cli 387
• Verify the configurations 389
• Appendix default parameters 390
• Default parameters for igmp snooping 390
• Default parameters for mld snooping 391
• Default parameters for multicast filtering 392
• Default parameters for mvr 392
• Chapters 393
• Configuring spanning tree 393
• Part 14 393
• Basic concepts 394
• Overview 394
• Spanning tree 394
• Stp rstp concepts 394
• Bridge id 395
• Port role 395
• Root bridge 395
• Port status 396
• Path cost 397
• Root path cost 397
• Mst region 398
• Mstp concepts 398
• Mst instance 399
• Stp security 399
• Vlan instance mapping 399
• Configuring stp rstp parameters on ports 402
• Stp rstp configurations 402
• Using the gui 402
• Follow these steps to configure stp rstp parameters on ports 403
• In the port config section configure stp rstp parameters on ports 403
• Click apply 404
• Configuring stp rstp globally 404
• Stp config to load the following page 404
• Follow these steps to configure stp rstp globally 405
• In the parameters config section configure the global parameters of stp rstp and click apply 405
• In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 406
• Stp summary to load the following page 406
• Verify the stp rstp information of your switch after all the configurations are finished 406
• Verifying the stp rstp configurations 406
• The stp summary section shows the summary information of spanning tree 407
• Configuring stp rstp parameters on ports 408
• Follow these steps to configure stp rstp parameters on ports 408
• Using the cli 408
• Configuring global stp rstp parameters 410
• This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 411
• Enable rstp 36864 2 12 20 5 20 412
• Enabling stp rstp globally 412
• Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 412
• State mode priority hello time fwd time max age hold count max hops 412
• Switch config end 412
• Switch config show spanning tree bridge 412
• Switch config spanning tree 412
• Switch config spanning tree mode rstp 412
• Switch config spanning tree priority 36864 412
• Switch config spanning tree timer forward time 12 412
• Switch configure 412
• Switch copy running config startup config 412
• This example shows how to enable spanning tree function configure the spanning tree mode as rstp and verify the configurations 412
• Configuring parameters on ports in cist 414
• Mstp configurations 414
• Using the gui 414
• Follow these steps to configure parameters on ports in cist 415
• In the port config section configure the parameters on ports 415
• Besides configure the priority of the switch the priority and path cost of ports in the desired instance 417
• Click apply 417
• Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 417
• Configuring the mstp region 417
• Configuring the region name and revision level 417
• Follow these steps to create an mst region 417
• In the region config section set the name and revision level to specify an mstp region 417
• Region config to load the following page 417
• Configure port parameters in the desired instance 419
• Configuring parameters on ports in the instance 419
• Follow these steps to configure port parameters in the instance 419
• In the instance port config section select the desired instance id 419
• Instance port config to load the following page 419
• Configuring mstp globally 421
• Follow these steps to configure mstp globally 421
• In the parameters config section configure the global parameters of mstp and click apply 421
• Stp config to load the following page 421
• In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 422
• Stp summary to load the following page 423
• The stp summary section shows the summary information of cist 423
• Verifying the mstp configurations 423
• Configuring parameters on ports in cist 424
• Follow these steps to configure the parameters of the port in cist 424
• The mstp instance summary section shows the information in mst instances 424
• Using the cli 424
• Configuring the mstp region 426
• Switch configure 427
• This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 427
• 7 4094 428
• Configuring the parameters on ports in instance 428
• Follow these steps to configure the priority and path cost of ports in the specified instance 428
• Mst instance vlans mapped 428
• Region name r1 428
• Revision 100 428
• Switch config mst end 428
• Switch config mst instance 5 vlan 2 6 428
• Switch config mst name r1 428
• Switch config mst revision 100 428
• Switch config mst show spanning tree mst configuration 428
• Switch config spanning tree mst configuration 428
• Switch copy running config startup config 428
• Configuring global mstp parameters 429
• Follow these steps to configure the global mstp parameters of the switch 429
• Gi1 0 3 144 200 n a lnkdwn n a 429
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn n a 429
• Interface prio cost role status lag 429
• Interface state prio ext cost int cost edge p2p mode role status lag 429
• Mst instance 0 cist 429
• Mst instance 5 429
• Switch config if end 429
• Switch config if show spanning tree interface gigabitethernet 1 0 3 429
• Switch config if spanning tree mst instance 5 port priority 144 cost 200 429
• Switch config interface gigabitethernet 1 0 3 429
• Switch configure 429
• Switch copy running config startup config 429
• This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in instance 5 429
• Enable mstp 36864 2 12 20 8 25 431
• Enabling spanning tree globally 431
• Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 431
• State mode priority hello time fwd time max age hold count max hops 431
• Switch config if end 431
• Switch config if show spanning tree bridge 431
• Switch config if spanning tree hold count 8 431
• Switch config if spanning tree max hops 25 431
• Switch config if spanning tree timer forward time 12 431
• Switch config spanning tree priority 36864 431
• Switch configure 431
• Switch copy running config startup config 431
• This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 431
• Configure the port protect features for the selected ports and click apply 434
• Stp security configurations 434
• Stp security to load the following page 434
• Using the gui 434
• Configuring the stp security 435
• Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 435
• Using the cli 435
• Gi1 0 3 enable enable enable enable disable enable 437
• Interface bpdu filter bpdu guard loop protect root protect tc protect bpdu flood 437
• Switch config if end 437
• Switch config if show spanning tree interface security gigabitethernet 1 0 3 437
• Switch config if spanning tree bpdufilter 437
• Switch config if spanning tree bpduguard 437
• Switch config if spanning tree guard loop 437
• Switch config if spanning tree guard root 437
• Switch config interface gigabitethernet 1 0 3 437
• Switch configure 437
• Switch copy running config startup config 437
• This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 437
• As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 438
• Configuration example for mstp 438
• Configuration scheme 438
• Here we configure two instances to meet the requirement as is shown below 438
• It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 438
• Mstp backwards compatible with stp and rstp can map vlans to instances to implement load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 438
• Network requirements 438
• To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 438
• Using the gui 439
• Using the cli 445
• Verify the configurations 447
• Appendix default parameters 452
• Default settings of the spanning tree feature are listed in the following table 452
• Chapters 454
• Configuring lldp 454
• Part 15 454
• Overview 455
• Supported features 455
• Configuring lldp globally 456
• Lldp configurations 456
• Using the gui 456
• Follow these steps to configure the lldp feature globally 457
• In the global config section enable lldp you can also enable the switch to forward lldp messages when lldp function is disabled click apply 457
• In the parameter config section configure the lldp parameters click apply 457
• Configure the admin status and notification mode for the port 458
• Configuring lldp for the port 458
• Follow these steps to configure the lldp feature for the interface 458
• Port config to load the following page 458
• Select one or more ports to configure 458
• Select the tlvs type length value included in the lldp packets according to your needs 458
• Click apply 459
• Enable the lldp feature on the switch and configure the lldp parameters 459
• Global config 459
• Using the cli 459
• Switch config lldp 460
• Switch config lldp hold multiplier 4 460
• Switch configure 460
• The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 460
• Fast packet count 3 461
• Initialization delay 2 seconds 461
• Lldp forward message disabled 461
• Lldp med fast start repeat count 4 461
• Lldp status enabled 461
• Port config 461
• Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 461
• Switch config end 461
• Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 461
• Switch config show lldp 461
• Switch copy running config startup config 461
• Trap notification interval 5 seconds 461
• Ttl multiplier 4 461
• Tx delay 2 seconds 461
• Tx interval 30 seconds 461
• Configuring lldp globally 464
• Configuring lldp med globally 464
• Lldp med configurations 464
• Using the gui 464
• Configuring lldp med for ports 465
• Global config 467
• Lldp status enabled 467
• Switch config lldp 467
• Switch config lldp med fast count 4 467
• Switch config show lldp 467
• Switch configure 467
• The following example shows how to configure lldp med fast count as 4 467
• Tx interval 30 seconds 467
• Using the cli 467
• Fast packet count 3 468
• Initialization delay 2 seconds 468
• Lldp med fast start repeat count 4 468
• Port config 468
• Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 468
• Switch config end 468
• Switch copy running config startup config 468
• Trap notification interval 5 seconds 468
• Ttl multiplier 4 468
• Tx delay 2 seconds 468
• Using gui 471
• Viewing lldp device info 471
• Viewing lldp settings 471
• Follow these steps to view the local information 472
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 472
• In the local info section select the desired port and view its associated local device information 472
• Viewing lldp statistics 474
• In the neighbors statistics section view the statistics of the corresponding port 475
• Using cli 475
• Viewing lldp statistics 475
• Viewing the local info 475
• Viewing the neighbor info 475
• Using gui 476
• Viewing lldp med settings 476
• Follow these steps to view lldp med neighgbor information 477
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 477
• In the neighbor info section select the desired port and view the lldp med settings 477
• Neighbor info to load the following page 477
• Viewing the neighbor info 477
• Using cli 478
• Viewing lldp statistics 478
• Viewing the local info 478
• Viewing the neighbor info 478
• Configuration example 479
• Configuration scheme 479
• Network requirements 479
• Network topology 479
• Using the gui 479
• Using cli 480
• Verify the configurations 481
• Appendix default parameters 486
• Default lldp med settings 486
• Default lldp settings 486
• Default settings of lldp are listed in the following tables 486
• Chapters 487
• Configuring l2pt 487
• Part 16 487
• Overview 488
• Follow these steps to configure l2pt 490
• In the l2pt config section enable l2pt globally and click apply 490
• In the port config section configure the port that is connected to the customer network as a uni port and specify your desired protocols on the port in addition you can also set the threshold for packets per second to be processed on the uni port 490
• L2pt configuration 490
• L2pt to load the following page 490
• Using the gui 490
• Click apply 491
• Follow these steps to configure l2pt feature 491
• In the port config section configure the port that is connected to the isp network as an nni port note that the protocols and threshold cannot be configured on the nni port 491
• Using the cli 491
• Configuration example 495
• Configuration scheme 495
• Network requirements 495
• Using the gui 495
• Using the cli 496
• Verify the configuration 497
• Appendix default parameters 498
• Default settings of l2pt are listed in the following table 498
• Chapters 499
• Configuring pppoe id insertion 499
• Part 17 499
• Overview 500
• Pppoe id insertion configuration 501
• Using the gui 501
• Follow these steps to configure pppoe id insertion 502
• Using the cli 502
• Pppoe id insertion state enabled 503
• Switch config if interface gigabitethernet 1 0 1 503
• Switch config if pppoe circuit id 503
• Switch config if pppoe circuit id type udf only 123 503
• Switch config if pppoe remote id host1 503
• Switch config if show pppoe id insertion global 503
• Switch config pppoe id insertion 503
• Switch configure 503
• The following example shows how to enable pppoe id insertion globally and on port 1 0 1 and configure the circuit id as 123 without other information and remote id as host1 503
• Appendix default parameters 505
• Default settings of l2pt are listed in the following table 505
• Chapters 506
• Configuring layer 3 interfaces 506
• Part 18 506
• Interfaces are used to exchange data and interact with interfaces of other network devices interfaces are classified into layer 2 interfaces and layer 3 interfaces 507
• Layer 2 interfaces are the physical ports on the switch panel they forward packets based on mac address table 507
• Layer 3 interfaces are used to forward ipv4 and ipv6 packets using static or dynamic routing protocols you can use layer 3 interfaces for ip routing and inter vlan routing 507
• Overview 507
• This chapter introduces the configurations for layer 3 interfaces the supported types of layer 3 interfaces are shown as below 507
• Creating a layer 3 interface 508
• Layer 3 interface configurations 508
• Using the gui 508
• In the interface config section click 509
• To load the following page and configure the corresponding parameters for the layer 3 interface then click create 509
• Config section on the corresponding interface entry click edit ipv4 to load the following page and edit the ipv4 parameters of the interface 510
• Configuring ipv4 parameters of the interface 510
• Figure 2 510
• In the modify ipv4 interface section configure relevant parameters for the interface according to your actual needs then click apply 510
• You can view the corresponding interface you have created in the interface 510
• Configuring ipv6 parameters of the interface 511
• In the modify ipv6 interface section enable ipv6 feature for the interface and configure the corresponding parameters then click apply 512
• Configure ipv6 global address of the interface via following three ways 513
• In the global address config section click 513
• Manually 513
• To manually assign an ipv6 global address to the interface 513
• Via dhcpv6 server 513
• Via ra message 513
• Figure 2 514
• Interface config section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 514
• View the global address entry in the global address config 514
• Viewing detail information of the interface 514
• You can view the corresponding interface entry you have created in the 514
• Creating a layer 3 interface 515
• Follow these steps to create a layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 515
• Using the cli 515
• Switch config if description vlan 2 516
• Switch config if end 516
• Switch config interface vlan 2 516
• Switch configure 516
• The following example shows how to create a vlan interface with a description of vlan 2 516
• Configuring ipv4 parameters of the interface 517
• Follow these steps to configure the ipv4 parameters of the interface 517
• Switch config if ip address 192 68 00 255 55 55 517
• Switch config if no switchport 517
• Switch config interface gigabitethernet 1 0 1 517
• Switch configure 517
• Switch copy running config startup config 517
• The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 517
• Configuring ipv6 parameters of the interface 518
• Follow these steps to configure the ipv6 parameters of the interface 518
• Interface ip address method status protocol shutdown gi1 0 1 192 68 00 24 static up up no 518
• Switch config if end 518
• Switch config if show ip interface brief 518
• Switch copy running config startup config 518
• Global address dhcpv6 enable 519
• Global address ra disable 519
• Global unicast address es ff02 1 ff13 237b 519
• Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 519
• Joined group address es ff02 1 519
• Switch config if ipv6 address autoconfig 519
• Switch config if ipv6 address dhcp 519
• Switch config if ipv6 enable 519
• Switch config if show ipv6 interface 519
• Switch config interface vlan 2 519
• Switch configure 519
• The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 519
• Vlan2 is up line protocol is up 519
• Appendix default parameters 521
• Default settings of interface are listed in the following tables 521
• Chapters 522
• Configuring routing 522
• Part 19 522
• Overview 523
• Configure the corresponding parameters to add an ipv4 static routing entry then click create 524
• Ipv4 static routing and click 524
• Ipv4 static routing configuration 524
• To load the following page to load the following page 524
• Using the gui 524
• C 192 68 24 is directly connected vlan1 525
• Candidate default 525
• Codes c connected s static 525
• Follow these steps to create an ipv4 static route 525
• S 192 68 24 1 0 via 192 68 vlan1 525
• Switch config end 525
• Switch config ip route 192 68 255 55 55 192 68 525
• Switch config show ip route 525
• Switch configure 525
• Switch copy running config startup config 525
• The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 525
• Using the cli 525
• Configure the corresponding parameters to add an ipv6 static routing entry then click create 526
• Follow these steps to enable ipv6 routing function and create an ipv6 static route 526
• Ipv6 static 526
• Ipv6 static routing configuration 526
• Routing table and click 526
• To load the following page 526
• Using the cli 526
• Using the gui 526
• C 3000 64 is directly connected vlan1 527
• Candidate default 527
• Codes c connected s static 527
• S 3200 64 1 0 via 3100 1234 vlan2 527
• Switch config end 527
• Switch config ipv6 route 3200 64 3100 1234 527
• Switch config show ipv6 route static 527
• Switch configure 527
• Switch copy running config startup config 527
• The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 527
• Using the gui 528
• Viewing ipv4 routing table 528
• Viewing routing table 528
• Ipv6 routing table to load the following page 529
• On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 529
• Using the cli 529
• View the ipv6 routing entries 529
• Viewing ipv4 routing table 529
• Viewing ipv6 routing table 529
• On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 530
• Viewing ipv6 routing table 530
• As shown below host a and host b are on different network segments to meet business needs host a and host b need to establish a connection without using dynamic routing protocols to ensure stable connectivity 531
• Configuration scheme 531
• Demonstrated with t2600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 531
• Example for static routing 531
• Interface to create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as 255 55 55 and the admin status as enable create a routed port gi1 0 2 with the mode as static the ip address as 10 0 the mask as 255 55 55 and the admin status as enable 531
• Network requirements 531
• The configurations of switch a and switch b are similar the following introductions take switch a as an example 531
• To implement this requirement you can configure the default gateway of host a as 10 24 the default gateway of host b as 10 24 and configure ipv4 static routes on switch a and switch b so that hosts on different network segments can communicate with each other 531
• Using the gui 531
• Ipv4 static routing to load the following page add a static routing entry with the destination as 10 the subnet 532
• Using the cli 533
• Verify the configurations 534
• Chapters 536
• Configuring dhcp service 536
• Part 20 536
• Dhcp relay 537
• Dhcp server 537
• Overview 537
• Supported features 537
• As the following figure shows no ip addresses are assigned to vlan 10 and vlan 20 but a default relay agent interface is configured with the ip address 192 68 24 the switch uses ip address of the default agent interface 192 68 24 to apply for ip addresses for clients in both vlan 10 and vlan 20 as a result the dhcp server will assign ip addresses on 192 68 24 the same subnet with the ip address of the default agent interface to clients in both vlan 10 and vlan 20 539
• Dhcp l2 relay 539
• Unlike dhcp relay dhcp l2 relay is used in the situation that the dhcp server and client are in the same vlan in dhcp l2 relay in addition to normally assigning ip addresses to clients from the dhcp server the switch can record the location information of the dhcp client using option 82 the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server the dhcp server which supports option 82 can set the distribution policy of ip addresses and the other parameters providing a more flexible address distribution way 539
• Dhcp server configuration 540
• Enabling dhcp server 540
• Using the gui 540
• Enter the starting ip address and ending ip address to specify the range of reserved ip addresses click create 541
• In the excluded ip address config section click 541
• In the ping time config section configure ping packets and ping timeout for ping tests click apply 541
• To load the following page to specify the ip addresses that should not be assigned to the clients 541
• Configure the parameters for the dhcp server pool then click create 542
• Configuring dhcp server pool 542
• Pool setting and click 542
• The dhcp server pool defines the parameters that will be assigned to the dhcp clients 542
• To load the following page 542
• Configuring manual binding 543
• Some devices like web servers require static ip addresses to meet this requirement you can manually bind the mac address or client id of the device to an ip address and the dhcp server will reserve the bound ip address to this device at all times 543
• Enabling dhcp server 544
• Follow these steps to enable dhcp server and to configure ping packets and ping timeout 544
• Manual binding and 544
• Select a pool name and enter the ip address to be bound select a binding mode and finish the configuration accordingly click create 544
• To load the following page 544
• Using the cli 544
• 68 192 68 547
• Configuring dhcp server pool 547
• Follow these steps to configure dhcp server pool 547
• No start ip address end ip address 547
• Switch config end 547
• Switch config ip dhcp server excluded address 192 68 192 68 547
• Switch config show ip dhcp server excluded address 547
• Switch configure 547
• Switch copy running config startup config 547
• The following example shows how to configure the 192 68 as the default gateway address and excluded ip address 547
• Configuring manual binding 550
• Follow these steps to configure manual binding 550
• Some hosts www server for example requires a static ip address to satisfy this requirement you can manually bind the mac address or client id of the host to an ip address and the dhcp server will reserve the bound ip address to this host at all times 550
• Switch copy running config startup config 550
• Dhcp relay configuration 552
• Enabling dhcp relay and configuring option 82 552
• Using the gui 552
• Optional in the option 82 config section configure option 82 553
• Configuring dhcp interface relay 554
• Configuring dhcp vlan relay 554
• Follow these steps to specify dhcp server for the specific vlan 555
• In the default relay agent interface section specify a layer 3 interface as the default relay agent interface then click apply 555
• In the dhcp vlan relay config section click 555
• Specify the vlan the clients belongs to and the server address click create 555
• To load the configuration page 555
• Enabling dhcp relay 556
• Follow these steps to enable dhcp relay and configure the corresponding parameters 556
• Switch config service dhcp relay 556
• Switch configure 556
• The following example shows how to enable dhcp relay configure the relay hops as 5 and configure the relay time as 10 seconds 556
• Using the cli 556
• Dhcp relay hops 5 557
• Dhcp relay state enabled 557
• Dhcp relay time threshold 10 seconds 557
• Follow these steps to configure option 82 557
• Optional configuring option 82 557
• Switch config end 557
• Switch config ip dhcp relay hops 5 557
• Switch config ip dhcp relay time 10 557
• Switch config show ip dhcp relay 557
• Switch copy running config startup config 557
• Gi1 0 7 enable replace normal vlan20 host1 n a 558
• Interface option 82 status operation strategy format circuit id remote id lag 558
• Switch config if end 558
• Switch config if ip dhcp relay information circut id vlan20 558
• Switch config if ip dhcp relay information format normal 558
• Switch config if ip dhcp relay information option 558
• Switch config if ip dhcp relay information remote id host1 558
• Switch config if ip dhcp relay information strategy replace 558
• Switch config if show ip dhcp relay information interface gigabitethernet 1 0 7 558
• Switch config interface gigabitethernet 1 0 7 558
• Switch configure 558
• Switch copy running config startup config 558
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 558
• Configuring dhcp interface relay 559
• Follow these steps to dhcp interface relay 559
• The following example shows how to configure the dhcp server address as 192 68 on vlan interface 66 559
• You can specify dhcp server for an layer 3 interface or for a vlan the following respectively introduces how to configure dhcp interface relay and dhcp vlan relay 559
• Configuring dhcp vlan relay 560
• Dhcp relay helper address is configured on the following interfaces 560
• Follow these steps to configure dhcp vlan relay 560
• Interface helper address 560
• Switch config if end 560
• Switch config if ip helper address 192 68 560
• Switch config if show ip dhcp relay 560
• Switch config interface vlan 66 560
• Switch configure 560
• Switch copy running config startup config 560
• Vlan 66 192 68 560
• Dhcp vlan relay helper address is configured on the following vlan 561
• Switch config end 561
• Switch config if exit 561
• Switch config if ip dhcp relay default interface 561
• Switch config if no switchport 561
• Switch config interface gigabitethernet 1 0 2 561
• Switch config ip dhcp relay vlan 10 helper address 192 68 561
• Switch config show ip dhcp relay 561
• Switch configure 561
• Switch copy running config startup config 561
• The following example shows how to set the routed port 1 0 2 as the default relay agent interface and configure the dhcp server address as 192 68 on vlan 10 561
• Vlan 10 192 68 561
• Vlan helper address 561
• Dhcp l2 relay configuration 562
• Enabling dhcp l2 relay 562
• Using the gui 562
• Configuring option 82 for ports 563
• Follow these steps to enable dhcp relay and configure option 82 563
• Port config to load the following page 563
• Select one or more ports to configure option 82 563
• Click apply 564
• Enabling dhcp l2 relay 564
• Follow these steps to enable dhcp l2 relay 564
• Switch config ip dhcp l2relay 564
• Switch configure 564
• The following example shows how to enable dhcp l2 relay globally and for vlan 2 564
• Using the cli 564
• Configuring option 82 for ports 565
• Follow these steps to configure option 82 565
• Global status enable 565
• Switch config end 565
• Switch config ip dhcp l2relay vlan 2 565
• Switch config show ip dhcp l2relay 565
• Switch copy running config startup config 565
• Vlan id 2 565
• Gi1 0 7 enable replace normal vlan20 host1 n a 566
• Interface option 82 status operation strategy format circuit id remote id lag 566
• Switch config if end 566
• Switch config if ip dhcp l2relay information circut id vlan20 566
• Switch config if ip dhcp l2relay information format normal 566
• Switch config if ip dhcp l2relay information option 566
• Switch config if ip dhcp l2relay information remote id host1 566
• Switch config if ip dhcp l2relay information strategy replace 566
• Switch config if show ip dhcp l2relay information interface gigabitethernet 1 0 7 566
• Switch config interface gigabitethernet 1 0 7 566
• Switch configure 566
• Switch copy running config startup config 566
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 566
• Configuration examples 567
• Configuration scheme 567
• Example for dhcp server 567
• Network requirements 567
• Using the gui 567
• Using the cli 568
• Example for dhcp interface relay 569
• Network requirements 569
• Verify the configuration 569
• Configuration scheme 570
• Using the gui 570
• Using the cli 578
• Example for dhcp vlan relay 580
• Network requirements 580
• Verify the configurations of the dhcp relay agent 580
• Configuration scheme 581
• Using the gui 581
• Using the cli 585
• Verify the configurations of the dhcp relay agent 587
• Appendix default parameters 588
• Default settings of dhcp server are listed in the following table 588
• Default settings of dhcp relay are listed in the following table 589
• Default settings of dhcp l2 relay are listed in the following table 590
• Chapters 591
• Configuring arp 591
• Part 21 591
• Arp table 592
• Gratuitous arp 592
• Overview 592
• Proxy arp 592
• Static arp 592
• Supported features 592
• Local proxy arp 593
• Local proxy arp is similar with proxy arp as shown below two hosts are in the same vlan and connected to vlan interface 1 but port 1 0 1 and port 1 0 2 are isolated on layer 2 in this case both of the hosts cannot receive each other s arp request so they cannot communicate with each other because they cannot learn each other s mac address using arp packets 593
• To solve this problem you can enable local proxy arp on the layer 3 interface and the interface will respond the arp request sender with its own mac address after that the arp request sender sends packets to the layer 3 interface and the interface forwards the packets to the intended device 593
• Arp configurations 594
• Using the gui 594
• Viewing the arp entries 594
• Adding static arp entries manually 595
• Configuring gratuitous arp 595
• Enter the ip address and mac address then click create 595
• Gratuitous arp to load the following page 595
• Static arp and click 595
• To load the following page 595
• You can add desired static arp entries by mannually specifying the ip addresses and mac addresses 595
• Configuring proxy arp 596
• Follow these steps to configure the gratuitous feature for the interface 596
• In the gratuitous arp global settings section configure the global parameters for gratuitous arp then click apply 596
• In the gratuitous arp table section configure the interval of sending gratuitous arp request packets for the interface then click apply 596
• Proxy arp is used in the situation that two devices are in the same network segment but connected to different layer 3 interfaces 596
• Proxy arp to load the following page 596
• Configuring local proxy arp 597
• Local proxy arp is used in the situation that two devices are in the same vlan but isolated on the layer 2 ports 597
• Local proxy arp to load the following page 597
• Select the desired interface and enable local proxy arp then click apply 597
• Select the desired interface and enable proxy arp then click apply 597
• Adding static arp entries 598
• Configuring the arp entry 598
• Follow these steps to add static arp entries 598
• Interface address hardware addr type 598
• Switch config arp 192 68 00 11 22 33 44 55 arpa 598
• Switch config show arp 192 68 598
• Switch configure 598
• This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 598
• Using the cli 598
• Vlan1 192 68 00 11 22 33 44 55 static 598
• Configuring the aging time of dynamic arp entries 599
• Follow these steps to configure the aging time of dynamic arp entries for lay 3 interfaces 599
• Switch config end 599
• Switch copy running config startup config 599
• This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for vlan interface 2 599
• Clearing dynamic entries 600
• Configuring gratuitous arp globally 600
• Configuring the gratuitous arp 600
• Follow these steps to add static arp entries 600
• On privileged exec mode or any other configuration mode you can use the following command to view arp entries 600
• Switch config if arp timeout 1000 600
• Switch config if end 600
• Switch config interface vlan 2 600
• Switch configure 600
• Switch copy running config startup config 600
• Viewing arp entries 600
• Configuring interval of sending gratuitous arp packets 601
• Follow these steps to configure gratuitous arp packets for layer 3 interfaces 601
• Gi1 0 18 0 601
• Gratuitous arp learning enabled 601
• Interface gratuitous arp periodical send interval 601
• Send on duplicate ip detected enabled 601
• Send on ip interface status up enabled 601
• Switch config end 601
• Switch config gratuitous arp dup ip detected enable 601
• Switch config gratuitous arp intf status up enable 601
• Switch config gratuitous arp learning enable 601
• Switch config show gratuitous arp 601
• Switch configure 601
• Switch copy running config startup config 601
• This example shows how to enable send on ip interface status up send on duplicate ip detected and gratuitous arp learning features 601
• Vlan1 0 601
• Interface gratuitous arp periodical send interval 602
• Switch config if end 602
• Switch config if gratuitous arp send interval 10 602
• Switch config if show gratuitous arp 602
• Switch config interface vlan 1 602
• Switch configure 602
• Switch copy running config startup config 602
• This example shows how to configure the interval of sending gratuitous arp packets for vlan interface 1 as 10 seconds 602
• Vlan1 10 602
• Configuring proxy arp 603
• Follow these steps to proxy arp on the vlan interface routed port or port channel 603
• Interface ip address ip mask status vlan 1 192 68 255 55 55 enabled 603
• Switch config if end 603
• Switch config if ip proxy arp 603
• Switch config if show ip proxy arp 603
• Switch config interface vlan 1 603
• Switch configure 603
• Switch copy running config startup config 603
• This example shows how to enable proxy arp function for vlan interface 1 603
• You can configure proxy arp and local proxy arp 603
• Configuring local proxy arp 604
• Follow these steps to local proxy arp on the vlan interface routed port or port channel 604
• Interface ip address ip mask status 604
• Switch config if end 604
• Switch config if ip local proxy arp 604
• Switch config if show ip local proxy arp 604
• Switch config interface vlan 1 604
• Switch configure 604
• Switch copy running config startup config 604
• This example shows how to enable local proxy arp function for vlan interface 1 604
• Vlan 1 192 68 255 55 55 enabled 604
• Appendix default parameters 605
• Default arp settings are listed in the following tables 605
• Chapters 606
• Configuring qos 606
• Part 22 606
• Bandwidth control 607
• Class of service 607
• Overview 607
• Supported features 607
• Voice vlan and auto voip 607
• 802 p priority 609
• Class of service configuration 609
• Configuration guidelines 609
• Dscp priority 609
• Port priority 609
• Click apply 610
• Configuring port priority 610
• Configuring the trust mode and port to 802 p mapping 610
• Follow these steps to configure the parameters of the port priority 610
• Port priority to load the following page 610
• Select the desired ports specify the 802 p priority and set the trust mode as untrusted 610
• Using the gui 610
• Configuring the 802 p to queue mapping 611
• In the 802 p to queue mapping section configure the mappings and click apply 611
• P priority to load the following page 611
• Configuring 802 p priority 612
• Click apply 614
• Configuring dscp priority 614
• Configuring the trust mode 614
• Follow these steps to configure the trust mode 614
• Port priority to load the following page 614
• Select the desired ports and set the trust mode as trust dscp 614
• Configuring the 802 p to queue mapping 615
• In the 802 p to queue mapping section configure the mappings and click apply 615
• P priority to load the following page 615
• Click apply 616
• Configuring the dscp to 802 p mapping and the dscp remap 616
• Dscp priority to load the following page 616
• Follow these steps to configure the dscp priority 616
• Select the desired port configure the dscp to 802 p mapping and the dscp remap 616
• Specifying the scheduler settings 617
• Click apply 618
• Configuring port priority 618
• Configuring the trust mode and the port to 802 p mapping 618
• Follow these steps to configure the trust mode and the port to 802 p mapping 618
• Using cli 618
• Configuring the 802 p to queue mapping 619
• Follow these steps to configure the 802 p to queue mapping 619
• Configuring 802 p priority 620
• Configuring the 802 p to queue mapping and 802 p remap 621
• Follow these steps to configure the 802 p to queue mapping and 802 p remap 621
• Gi1 0 1 trust 802 p n a 622
• Port trust mode lag 622
• Switch config if exit 622
• Switch config if interface gigabitethernet 1 0 1 622
• Switch config if qos dot1p remap 1 3 622
• Switch config if qos trust mode dot1p 622
• Switch config if show qos cos map 622
• Switch config if show qos trust interface gigabitethernet 1 0 1 622
• Switch config interface gigabitethernet 1 0 1 622
• Switch config qos cos map 3 4 622
• Switch configure 622
• Tag 0 1 2 3 4 5 6 7 622
• The following example shows how to configure the trust mode of port 1 0 1 as dot1p map 802 p priority 3 to tc4 and configure to map the original 802 p 1 to 802 p priority 3 622
• Configuring dscp priority 623
• Configuring the 802 p to queue mapping 623
• Configuring the trust mode 623
• Follow these steps to configure the 802 p to queue mapping 623
• Follow these steps to configure the trust mode 623
• Gi1 0 1 0 3 2 3 4 5 6 7 n a 623
• Port 0 1 2 3 4 5 6 7 lag 623
• Switch config if end 623
• Switch config if show qos dot1p remap interface gigabitethernet 1 0 1 623
• Switch copy running config startup config 623
• Tc tc0 tc1 tc2 tc4 tc4 tc5 tc6 tc7 623
• Configuring the dscp to 802 p mapping and dscp remp 624
• Follow these steps to configure the dscp to 802 p mapping and dscp remap 624
• Port trust mode lag 625
• Switch config if exit 625
• Switch config if qos dscp map 1 3 5 7 3 625
• Switch config if qos dscp remap 9 5 625
• Switch config if qos trust mode dscp 625
• Switch config if show qos trust interface gigabitethernet 1 0 1 625
• Switch config interface gigabitethernet 1 0 1 625
• Switch config qos cos map 3 4 625
• Switch configure 625
• The following example shows how to configure the trust mode of port 1 0 1 as dscp map 802 p priority 3 to tc4 map dscp priority 1 3 5 7 to 802 p priority 3 and configure to map the original dscp priority 9 to dscp priority 5 625
• Follow these steps to specify the scheduler settings to control the forwarding sequence of different tc queues when congestion occurs 628
• Specifying the scheduler settings 628
• Switch config if end 628
• Switch copy running config startup config 628
• Bandwidth control configuration 630
• Configuring rate limit 630
• Using the gui 630
• Configuring storm control 631
• Follow these steps to configure the storm control function 631
• Select the desired port and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames unknown unicast frames 631
• Storm control to load the following page 631
• Click apply 632
• Configuring rate limit 632
• Follow these steps to configure the upper rate limit for the port to receive and send packets 632
• Using the cli 632
• Configuring storm control 633
• Follow these steps to configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames 633
• Gi1 0 5 5120 1024 n a 633
• Port ingressrate kbps egressrate kbps lag 633
• Switch config if bandwidth ingress 5120 egress 1024 633
• Switch config if end 633
• Switch config if show bandwidth interface gigabitethernet 1 0 5 633
• Switch config interface gigabitethernet 1 0 5 633
• Switch configure 633
• Switch copy running config startup config 633
• The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 633
• Gi1 0 5 pps 148800 0 0 shutdown 10 n a 635
• Port rate mode bcrate mcrate ulrate exceed recover time lag 635
• Switch config if end 635
• Switch config interface gigabitethernet 1 0 5 635
• Switch configure 635
• Switch copy running config startup config 635
• T2600g 28ts config if show storm control interface gigabitethernet 1 0 5 635
• T2600g 28ts config if storm control broadcast 148800 635
• T2600g 28ts config if storm control exceed shutdown recover time 10 635
• T2600g 28ts config if storm control rate mode pps 635
• The following example shows how to configure the upper rate limit of broadcast packets as 148800 pps specify the action as shutdown and set the recover time as 10 for port 1 0 5 635
• Configuring oui addresses 636
• Using the gui 636
• Voice vlan configuration 636
• Click create 637
• Configuring voice vlan globally 637
• Follow these steps to configure the oui addresses 637
• Global config to load the following page 637
• Specify the oui and the description 637
• To load the following page 637
• Adding ports to voice vlan 638
• Click apply 638
• Enable the voice vlan feature and specify the parameters 638
• Follow these steps to configure voice vlan globally 638
• Port config to load the following page 638
• Select the desired ports and choose enable in voice vlan filed 638
• Click apply 639
• Follow these steps to configure voice vlan 639
• Using the cli 639
• Auto voip configuration 642
• Configuration guidelines 642
• Using the gui 642
• Click apply 643
• Follow these steps to configure auto voip 643
• Using the cli 643
• Configuration examples 647
• Configuration scheme 647
• Example for class of service 647
• Network requirements 647
• Using the gui 648
• Using the cli 650
• Verify the configurations 651
• Example for voice vlan 652
• Network requirements 652
• Configuration scheme 653
• Configure 802 q vlan for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 653
• Configure voice vlan feature on port 1 0 1 and port 1 0 2 653
• Demonstrated with t2600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 653
• Internet 653
• To implement this requirement you can configure voice vlan to ensure that the voice traffic can be transmitted in the same vlan and the data traffic is transmitted in another vlan in addition specify the priority to make the voice traffic can take precedence when the congestion occurs 653
• To load the following page create vlan 2 and add untagged port 1 0 1 port 1 0 2 and port 1 0 4 to vlan 2 click create 653
• Using the gui 653
• Vlan config and click 653
• Using the cli 657
• Verify the configurations 659
• Example for auto voip 660
• Network requirements 660
• Configuration scheme 661
• Using the gui 661
• Select port 1 0 1 and specify the 802 p priority as 5 for other dscp priorities click apply 663
• Select port 1 0 2 set the scheduler mode as weighted and specify the queue weight as 10 for tc 7 click apply 665
• Using the cli 668
• Verify the configurations 669
• Appendix default parameters 673
• Default settings of class of service are listed in the following tables 673
• Default settings of class of service are listed in the following tables 675
• Default settings of voice vlan are listed in the following tables 675
• Default settings of auto voip are listed in the following tables 676
• Chapters 677
• Configuring access security 677
• Part 23 677
• Access control 678
• Access security 678
• Overview 678
• Serial port 678
• Supported features 678
• Telnet 678
• Access security configurations 679
• Configuring the access control feature 679
• Using the gui 679
• In the entry table section click 680
• To add an access control entry 680
• When the ip based mode is selected the following window will pop up 680
• When the mac based mode is selected the following window will pop up 680
• When the port based mode is selected the following window will pop up 681
• Click create then you can view the created entries in the entry table 682
• Configuring the http function 682
• Http config to load the following page 682
• In the global control section enable http function specify the port using for http and click apply to enable the http function 682
• In the number of access users section enable number control function specify the following parameters and click apply 683
• In the session config section specify the session timeout and click apply 683
• Configuring the https function 684
• In the ciphersuite config section select the algorithm to be enabled and click apply 685
• In the number of access users section enable number control function specify the following parameters and click apply 685
• In the session config section specify the session timeout and click apply 685
• In the load certificate and load key section download the certificate and key 686
• Configuring the ssh feature 687
• Configuring the telnet function 688
• Enable telnet and click apply 688
• In data integrity algorithm section enable the integrity algorithm you want the switch to support and click apply 688
• In import key file section select key type from the drop down list and click browse to download the desired key file 688
• In the encryption algorithm section enable the encryption algorithm you want the switch to support and click apply 688
• Telnet config to load the following page 688
• Configure the baud rate and click apply 689
• Configuring the access control 689
• Configuring the serial port parameters 689
• Follow these steps to configure the access control 689
• Serial port config to load the following page 689
• Using the cli 689
• 68 00 32 snmp telnet http https 691
• Configuring the http function 691
• Follow these steps to configure the http function 691
• Index ip address access interface 691
• Switch config end 691
• Switch config show user configuration 691
• Switch config user access control ip based 192 68 00 255 55 55 55 snmp telnet http https 691
• Switch config user access control ip based enable 691
• Switch configure 691
• Switch copy running config startup config 691
• The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 55 and make the switch support snmp telnet http and https 691
• User authentication mode ip based 691
• Http max users as admin 6 692
• Http max users as operator 2 692
• Http max users as power user 2 692
• Http max users as user 2 692
• Http port 80 692
• Http session timeout 9 692
• Http status enabled 692
• Http user limitation enabled 692
• Switch config end 692
• Switch config ip http max user 6 2 2 2 692
• Switch config ip http server 692
• Switch config ip http session timeout 9 692
• Switch config show ip http configuration 692
• Switch configure 692
• Switch copy running config startup config 692
• The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 692
• Configuring the https function 693
• Follow these steps to configure the https function 693
• Download ssl certificate ok 694
• Start to download ssl certificate 694
• Switch config ip http secure ciphersuite 3des ede cbc sha 694
• Switch config ip http secure max users 2 2 2 2 694
• Switch config ip http secure protocol ssl3 tls1 694
• Switch config ip http secure server 694
• Switch config ip http secure server download certificate ca crt ip address 192 68 00 694
• Switch config ip http secure server download key ca key ip address 192 68 00 694
• Switch config ip http secure session timeout 15 694
• Switch configure 694
• The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the maximum admin number as 2 the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 694
• Configuring the ssh feature 695
• Switch config ip ssh algorithm aes128 cbc 696
• Switch config ip ssh max client 4 696
• Switch config ip ssh server 696
• Switch config ip ssh timeout 100 696
• Switch config ip ssh version v1 696
• Switch config ip ssh version v2 696
• The following example shows how to configure the ssh function set the version as ssh v1 and ssh v2 enable the aes128 cbc and cast128 cbc encryption algorithm enable the hmac md5 data integrity algorithm choose the key type as ssh 2 rsa dsa 696
• Configuring the serial port parameters 698
• Configuring the telnet function 698
• Follow these steps enable the serial port parameters 698
• Follow these steps enable the telnet function 698
• Appendix default parameters 699
• Default settings of access security are listed in the following tables 699
• Chapters 701
• Configuring aaa 701
• Part 24 701
• Overview 702
• Aaa configuration 703
• Configuration guidelines 703
• Adding servers 704
• Using the gui 704
• Adding tacacs server 705
• Click create to add the radius server on the switch 705
• Click create to add the tacacs server on the switch 705
• Configure the following parameters 705
• Follow these steps to add a tacacs server 705
• Tacacs config and click 705
• To load the following page 705
• Configuring server groups 706
• Configuring the method list 706
• Click apply 708
• Click create to add the new method 708
• Configuring the aaa application list 708
• Follow these steps to configure the aaa application list 708
• Global config to load the following page 708
• In the aaa application list section select an access application and configure the login list and enable list 708
• Configuring login account and enable password 709
• Adding radius server 710
• Adding servers 710
• Follow these steps to add radius server on the switch 710
• Using the cli 710
• You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server with the highest priority authenticates the users trying to access the switch and the others act as backup servers in case the first one breaks down 710
• 68 0 1812 1813 5 2 000aeb132397 123456 711
• Adding tacacs server 711
• Follow these steps to add tacacs server on the switch 711
• Server ip auth port acct port timeout retransmit nas identifier shared key 711
• Switch config end 711
• Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 711
• Switch config show radius server 711
• Switch configure 711
• Switch copy running config startup config 711
• The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 711
• 68 0 49 8 123456 712
• Configuring server groups 712
• Server ip port timeout shared key 712
• Switch config end 712
• Switch config show tacacs server 712
• Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 712
• Switch configure 712
• Switch copy running config startup config 712
• The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 712
• The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 712
• The two default server groups cannot be deleted or edited follow these steps to add a server group 712
• A method list describes the authentication methods and their sequence to authenticate the users the switch supports login method list for users of all types to gain access to the switch and enable method list for guests to get administrative privileges 713
• Configuring the method list 713
• Follow these steps to configure the method list 713
• Switch aaa group end 713
• Switch aaa group server 192 68 0 713
• Switch aaa group show aaa group radius1 713
• Switch config aaa group radius radius1 713
• Switch configure 713
• Switch copy running config startup config 713
• The following example shows how to create a radius server group named radius1 and add the existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 713
• Default local 714
• Enable1 radius local 714
• Login1 radius local 714
• Methodlist pri1 pri2 pri3 pri4 714
• Switch config aaa authentication enable enable1 radius local 714
• Switch config aaa authentication login login1 radius local 714
• Switch config end 714
• Switch config show aaa authentication enable 714
• Switch config show aaa authentication login 714
• Switch configure 714
• Switch copy running config startup config 714
• The following example shows how to create a login method list named login1 and configure the method 1 as the default radius server group and the method 2 as local 714
• The following example shows how to create an enable method list named enable1 and configure the method 1 as the default radius server group and the method 2 as local 714
• Configuring the aaa application list 715
• Console 715
• Follow these steps to apply the login and enable method lists for the application console 715
• Switch config line console 0 715
• Switch config line enable authentication enable1 715
• Switch config line login authentication login1 715
• Switch config line show aaa global 715
• Switch configure 715
• Switch copy running config startup config 715
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application console 715
• You can configure authentication method lists on the following access applications console telnet ssh and http 715
• Console login1 enable1 716
• Follow these steps to apply the login and enable method lists for the application telnet 716
• Http default default 716
• Module login list enable list 716
• Ssh default default 716
• Switch config line enable authentication enable1 716
• Switch config line end 716
• Switch config line login authentication login1 716
• Switch config line telnet 716
• Switch configure 716
• Switch copy running config startup config 716
• Telnet 716
• Telnet default default 716
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 716
• Console default default 717
• Follow these steps to apply the login and enable method lists for the application ssh 717
• Http default default 717
• Module login list enable list 717
• Ssh default default 717
• Switch config line end 717
• Switch config line login authentication login1 717
• Switch config line show aaa global 717
• Switch config line ssh 717
• Switch configure 717
• Switch copy running config startup config 717
• Telnet login1 enable1 717
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 717
• Console default default 718
• Follow these steps to apply the login and enable method lists for the application http 718
• Http default default 718
• Module login list enable list 718
• Ssh login1 enable1 718
• Switch config ip http enable authentication enable1 718
• Switch config ip http login authentication login1 718
• Switch config line enable authentication enable1 718
• Switch config line end 718
• Switch config line show aaa global 718
• Switch config show aaa global 718
• Switch configure 718
• Switch copy running config startup config 718
• Telnet default default 718
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application http 718
• Configuring login account and enable password 719
• Console default default 719
• Http login1 enable1 719
• Module login list enable list 719
• On the switch 719
• Ssh default default 719
• Switch config end 719
• Switch copy running config startup config 719
• Telnet default default 719
• The local username and password for login can be configured in the user management feature for details refer to managing system 719
• The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 719
• To configure the local enable password for getting administrative privileges follow these steps 719
• Configuration examples 721
• Configuration scheme 721
• Network requirements 721
• Using the gui 722
• Using the cli 725
• Verify the configuration 726
• Appendix default parameters 727
• Default settings of aaa are listed in the following tables 727
• Chapters 729
• Configuring 802 x 729
• Part 25 729
• Overview 730
• Configuring the radius server 731
• Using the gui 731
• X configuration 731
• Click apply 732
• Configure the parameters of the radius server 732
• Configuring the radius server group 732
• Follow these steps to add the radius server to a server group 732
• If you click 732
• Server group to load the following page 732
• The following window will pop up select a radius server and click save 732
• To add a new server group 732
• To edit the default radius server group or click 732
• Configuring 802 x globally 734
• Follow these steps to configure 802 x global parameters 734
• Global config to load the following page 734
• In the accounting dot1x method section select an existing radius server group for accounting from the pri1 drop down list and click apply 734
• In the global config section configure the following parameters 734
• Click apply 735
• Configuring 802 x on ports 735
• Follow these steps to configure 802 x authentication on the desired port 735
• Port config to load the following page 735
• Select one or more ports and configure the following parameters 735
• Click apply 736
• Authenticator state to load the following page 737
• On this page you can view the authentication status of each port 737
• View the authenticator state 737
• Configuring the radius server 738
• Follow these steps to configure radius 738
• Using the cli 738
• The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 739
• Configuring 802 x globally 740
• The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 741
• Authentication protocol pap 742
• Configuring 802 x on ports 742
• Follow these steps to configure the port 742
• Handshake state enabled 742
• Switch config dot1x auth protocol pap 742
• Switch config dot1x system auth control 742
• Switch config end 742
• Switch config show dot1x global 742
• Switch configure 742
• Switch copy running config startup config 742
• X accounting state disabled 742
• X state enabled 742
• X vlan assignment state disabled 742
• Viewing authenticator state 744
• Configuration example 746
• Configuration scheme 746
• Network requirements 746
• Network topology 746
• Demonstrated with t2600g 28ts acting as the authenticator the following sections provide configuration procedure in two ways using the gui and using the cli 747
• Internet 747
• Radius config and click 747
• To load the following page configure the parameters of the radius server and click create 747
• Using the gui 747
• Using the cli 749
• Verify the configurations 750
• Appendix default parameters 752
• Default settings of 802 x are listed in the following table 752
• Chapters 753
• Configuring port security 753
• Part 26 753
• Overview 754
• Follow these steps to configure port security 755
• Port security configuration 755
• Port security to load the following page 755
• Select one or more ports and configure the following parameters 755
• Using the gui 755
• Click apply 756
• Follow these steps to configure port security 756
• Using the cli 756
• Switch config interface gigabitethernet 1 0 1 757
• Switch configure 757
• The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 enable exceed max leaned feature and configure the mode as permanent and the status as drop 757
• Appendix default parameters 759
• Default settings of port security are listed in the following table 759
• Chapters 760
• Configuring acl 760
• Part 27 760
• Configuration guidelines 761
• Overview 761
• Acl configuration 762
• Configuring time range 762
• Creating an acl 762
• Using the gui 762
• Configuring acl rules 763
• Configuring mac acl rule 763
• Follow these steps to configure the mac acl rule 764
• In the mac acl rule section configure the following parameters 764
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 765
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 765
• Click apply 766
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 766
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 766
• Configuring ip acl rule 767
• Follow these steps to configure the ip acl rule 768
• In the ip acl rule section configure the following parameters 768
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 769
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 770
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 770
• Click apply 771
• Click edit acl for a combined acl entry to load the following page 771
• Configuring combined acl rule 771
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 771
• And the following page will appear 772
• Follow these steps to configure the combined acl rule 772
• In acl rules table section click 772
• In the combined acl rule section configure the following parameters 772
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 774
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 774
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 774
• Click apply 775
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 775
• Configuring the ipv6 acl rule 776
• Follow these steps to configure the ipv6 acl rule 777
• In the ipv6 acl rule section configure the following parameters 777
• Click apply 779
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 779
• Click edit acl for a packet content acl entry to load the following page 780
• Configuring the packet content acl rule 780
• And the following page will appear 781
• In acl rules table section click 781
• In the packet content offset profile global config section configure the chunk offset click apply 781
• Follow these steps to configure the packet content acl rule 782
• In the packet content rule section configure the following parameters 782
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 782
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 782
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 783
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 783
• Configuring acl binding 784
• Viewing the acl rules 784
• Choose id or name to be used for matching the acl then select an acl from the drop down list 786
• Click create 786
• Configuring acl 786
• Configuring time range 786
• Enter the id of the vlan to be bound 786
• Follow the steps to create different types of acl and configure the acl rules 786
• Follow these steps to bind the acl to a vlan 786
• Mac acl 786
• Some acl based services or features may need to be limited to take effect only during a specified time period in this case you can configure a time range for the acl for details about time range configuration please refer to managing system 786
• Using the cli 786
• You can define the rules based on source or destination ip address source or destination mac address protocol type port number and others 786
• Switch config access list create 50 787
• Switch configure 787
• The following example shows how to create mac acl 50 and configure rule 5 to permit packets with source mac address 00 34 a2 d4 34 b5 787
• Ip acl 788
• Mac access list 50 name acl_50 788
• Rule 5 permit logging disable smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 788
• Switch config end 788
• Switch config mac acl access list mac 50 rule 5 permit logging disable smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 788
• Switch config mac acl exit 788
• Switch config show access list 50 788
• Switch copy running config startup config 788
• Ip access list 600 name acl_600 789
• Rule 1 permit logging disable sip 192 68 00 smask 255 55 55 55 789
• Switch config access list create 600 789
• Switch config access list ip 600 rule 1 permit logging disable sip 192 68 00 sip mask 255 55 55 55 789
• Switch config end 789
• Switch config show access list 600 789
• Switch configure 789
• Switch copy running config startup config 789
• The following example shows how to create ip acl 600 and configure rule 1 to permit packets with source ip address 192 68 00 789
• Combined acl 790
• Combined access list 2600 name acl_2600 791
• Ipv6 acl 791
• Rule 1 permit logging disable vid 2 sip 192 68 00 sip mask 255 55 55 55 791
• Switch config access list combined 1100 logging disable rule 1 permit vid 2 sip 192 68 00 sip mask 255 55 55 55 791
• Switch config access list create 1100 791
• Switch config end 791
• Switch config show access list 2600 791
• Switch configure 791
• Switch copy running config startup config 791
• The following example shows how to create combined acl 1100 and configure rule 1 to deny packets with source ip address 192 68 00 in vlan 2 791
• Ff ffff ffff 793
• Ipv6 access list 1600 name acl_1600 793
• Packet content acl 793
• Rule 1 deny logging disable sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff 793
• Switch config access list create 1600 793
• Switch config access list ipv6 1600 rule 1 deny logging disable sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 793
• Switch config end 793
• Switch config show access list 1600 793
• Switch configure 793
• Switch copy running config startup config 793
• The following example shows how to create ipv6 acl 1600 and configure rule 1 to deny packets with source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 793
• Packet content access list 2000 name acl_2000 794
• Rule 10 deny logging disable chunk1 value 0x58 mask 0xffffffff 794
• Switch config access list create 2000 794
• Switch config access list packet content profile chunk offset0 offset0 chunk offset1 offset1 chunk offset2 offset2 chunk offset3 offset3 794
• Switch config end 794
• Switch config packet content config 2000 rule 10 deny logging disable chunk 1 58 mask1 ffffffff 794
• Switch config show access list 2000 794
• Switch configure 794
• Switch copy running config startup config 794
• The following example shows how to create packet content acl 2000 and deny the packets with the value of its chunk1 0x58 794
• Configuring policy 795
• Follow the steps below to configure the policy actions for an acl rule 795
• Mac access list 100 name acl_100 795
• Policy allows you to further process the matched packets through operations such as mirroring rate limiting redirecting or changing priority 795
• Resequencing rules 795
• Rule 1 deny logging disable smac aa bb cc dd ee ff smask ff ff ff ff ff ff 795
• Rule 11 permit logging disable vid 18 795
• Rule 21 permit logging disable dmac aa cc ee ff dd 33 dmask ff ff ff ff ff ff 795
• Switch config access list resequence 100 start 1 step 10 795
• Switch config end 795
• Switch config show access list 100 795
• Switch configure 795
• Switch copy running config startup config 795
• The following example shows how to resequence the rules of mac acl 100 set the start rule id as 1 and the step value as 10 795
• You can resequence the rules by providing a start rule id and step value 795
• Redirect the matched packets to port 1 0 4 for rule 1 of mac acl 10 796
• Switch config access list action 10 rule 1 796
• Switch config action redirect interface gigabitethernet 1 0 4 796
• Switch configure 796
• Configuring acl binding 797
• Follow the steps below to bind acl to a port or a vlan 797
• Mac access list 10 name acl_10 797
• Rule 5 permit logging disable action redirect gi1 0 4 797
• Switch config action exit 797
• Switch config end 797
• Switch config show access list 10 797
• Switch configure 797
• Switch copy running config startup config 797
• The following example shows how to bind acl 1 to port 3 and vlan 4 797
• You can bind the acl to a port or a vlan the received packets on the port or in the vlan will then be matched and processed according to the acl rules an acl takes effect only after it is bound to a port or vlan 797
• Viewing acl counting 798
• Configuration example for acl 799
• Configuration scheme 799
• Network requirements 799
• Using the gui 800
• Configure rule 1 to permit packets with the source ip address 10 0 0 24 and destination ip address 10 0 0 24 801
• In the same way configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and tcp 443 https service port 801
• In the same way configure rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 53 or udp 53 dns service port 804
• In the same way configure rule 6 to deny packets with source ip 10 0 0 805
• Using the cli 806
• Verify the configurations 807
• Appendix default parameters 808
• The default settings of acl are listed in the following tables 808
• Chapters 810
• Configuring ipv4 impb 810
• Part 28 810
• Arp detection 811
• Ip mac binding 811
• Ipv4 impb 811
• Ipv4 source guard 811
• Overview 811
• Supported features 811
• Binding entries manually 812
• Ip mac binding configuration 812
• Using the gui 812
• Enter the following information to specify a host 813
• Follow these steps to manually create an ip mac binding entry 813
• Manual binding and click 813
• Select protect type for the entry 813
• To load the following page 813
• Binding entries via arp scanning 814
• Binding entries via dhcp snooping 815
• In the scanning result section select one or more entries and configure the relevant parameters then click bind 815
• With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 815
• Additionally you select one or more entries to edit the host name and protect type and click apply 817
• Binding table to load the following page 817
• Binding table to view or edit the entries 817
• In the binding table you can view search and edit the specified binding entries 817
• Viewing the binding entries 817
• You can specify the search criteria to search your desired entries 817
• Binding entries manually 818
• Binding entries via arp scanning is not supported by the cli the following sections introduce how to bind entries manually and via dhcp snooping and view the binding entries 818
• Follow these steps to manually bind entries 818
• Using the cli 818
• You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 818
• Here arp d for arp detection and ip v s for ip verify source 819
• Host1 192 68 5 74 d4 35 76 a4 d8 10 gi1 0 5 arp d manual 819
• Notice 819
• Switch config end 819
• Switch config ip source binding host1 192 68 5 74 d4 35 76 a4 d8 vlan 10 interface gigabitethernet 1 0 5 arp detection 819
• Switch config show ip source binding 819
• Switch configure 819
• Switch copy running config startup config 819
• The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address 74 d4 35 76 a4 d8 vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 819
• U host ip addr mac addr vid port acl source 819
• Binding entries via dhcp snooping 820
• Follow these steps to bind entries via dhcp snooping 820
• Global status enable 820
• Switch config if ip dhcp snooping max entries 100 820
• Switch config if show ip dhcp snooping 820
• Switch config interface gigabitethernet 1 0 1 820
• Switch config ip dhcp snooping 820
• Switch config ip dhcp snooping vlan 5 820
• Switch configure 820
• The following example shows how to enable dhcp snooping globally and on vlan 5 and set the maximum number of binding entries port 1 0 1 can learn via dhcp snooping as 100 820
• Viewing binding entries 821
• Adding ip mac binding entries 822
• Arp detection configuration 822
• Enabling arp detection 822
• Using the gui 822
• Configuring arp detection on ports 823
• In the vlan config section enable arp detection on the selected vlans click apply 823
• Port config to load the following page 823
• Arp statistics to load the following page 824
• Click apply 824
• Follow these steps to configure arp detection on ports 824
• Select one or more ports and configure the parameters 824
• Viewing arp statistics 824
• You can view the number of the illegal arp packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 824
• Adding ip mac binding entries 825
• Enabling arp detection 825
• Follow these steps to enable arp detection 825
• In arp detection the switch detects the arp packets based on the binding entries in the ip mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 825
• In the auto refresh section you can enable the auto refresh feature and specify the refresh interval and thus the web page will be automatically refreshed 825
• In the illegal arp packet section you can view the number of illegal arp packets in each vlan 825
• Using the cli 825
• Disable disable 826
• Enable disable 826
• Global status enable 826
• Switch config end 826
• Switch config ip arp inspection 826
• Switch config ip arp inspection validate src mac 826
• Switch config ip arp inspection vlan 2 826
• Switch config show ip arp inspection 826
• Switch config show ip arp inspection vlan 826
• Switch configure 826
• Switch copy running config startup config 826
• The following example shows how to enable arp detection globally and on vlan 2 and enable the switch to check whether the source mac address and the sender mac address are the same when receiving an arp packet 826
• Verify dmac disable 826
• Verify ip disable 826
• Verify smac enable 826
• Vid enable status log status 826
• Configuring arp detection on ports 827
• Follow these steps to configure arp detection on ports 827
• Switch config if ip arp inspection limit rate 20 827
• Switch config if ip arp inspection trust 827
• Switch config interface gigabitethernet 1 0 2 827
• Switch configure 827
• The following example shows how to set port 1 02 as a trusted port and set limit rate as 20 pps and burst interval as 2 seconds on port 1 0 2 827
• Viewing arp statistics 828
• Adding ip mac binding entries 829
• Configuring ipv4 source guard 829
• Ipv4 source guard configuration 829
• Using the gui 829
• Adding ip mac binding entries 830
• Configuring ipv4 source guard 830
• Follow these steps to configure ipv4 source guard 830
• In ipv4 source guard the switch filters the packets that do not match the rules of ipv4 mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 830
• In the global config section choose whether to enable the log feature click apply 830
• In the port config section configure the protect type for ports and click apply 830
• Using the cli 830
• Gi1 0 1 sip mac n a 831
• Port security type lag 831
• Switch config if end 831
• Switch config if ip verify source sip mac 831
• Switch config if show ip verify source interface gigabitethernet 1 0 1 831
• Switch config interface gigabitethernet 1 0 1 831
• Switch configure 831
• Switch copy running config startup config 831
• The following example shows how to enable ipv4 source guard on port 1 0 1 831
• Configuration examples 832
• Configuration scheme 832
• Example for arp detection 832
• Network requirements 832
• Using the gui 833
• Using the cli 835
• Verify the configuration 836
• Configuration scheme 837
• Example for ip source guard 837
• Network requirements 837
• Using the gui 837
• Using the cli 839
• Verify the configuration 839
• Appendix default parameters 841
• Default settings of arp detection are listed in the following table 841
• Default settings of dhcp snooping are listed in the following table 841
• Default settings of ipv4 source guard are listed in the following table 842
• Chapters 843
• Configuring ipv6 impb 843
• Part 29 843
• Ipv6 impb 844
• Ipv6 mac binding 844
• Nd detection 844
• Overview 844
• Supported features 844
• Internet 845
• Ipv6 source guard 845
• Ipv6 source guard is used to filter the ipv6 packets based on the ipv6 mac binding table only the packets that match the binding rules are forwarded 845
• Binding entries manually 846
• Ipv6 mac binding configuration 846
• Using the gui 846
• Click apply 847
• Enter or select the port that is connected to this host 847
• Enter the following information to specify a host 847
• Follow these steps to manually create an ipv6 mac binding entry 847
• Select protect type for the entry 847
• Binding entries via nd snooping 848
• Binding entries via dhcpv6 snooping 849
• Additionally you select one or more entries to edit the host name and protect type and click apply 851
• Binding table to load the following page 851
• Binding table to view or edit the entries 851
• In the binding table you can view search and edit the specified binding entries 851
• Viewing the binding entries 851
• You can specify the search criteria to search your desired entries 851
• Binding entries manually 852
• Follow these steps to manually bind entries 852
• The following sections introduce how to bind entries manually and via nd snooping and dhcp snooping and how to view the binding entries 852
• Using the cli 852
• You can manually bind the ipv6 address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 852
• Host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff 10 gi1 0 5 nd d manual 853
• Switch config end 853
• Switch config ipv6 source binding host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff vlan 10 interface gigabitethernet 1 0 5 nd detection 853
• Switch config show ipv6 source binding 853
• Switch configure 853
• Switch copy running config startup config 853
• The following example shows how to bind an entry with the hostname host1 ipv6 address 2001 0 9d38 90d5 34 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for nd detection 853
• U host ip addr mac addr vid port acl source 853
• Binding entries via nd snooping 854
• Follow these steps to bind entries via nd snooping 854
• Global status enable 854
• Switch config ipv6 nd snooping 854
• Switch config ipv6 nd snooping vlan 1 854
• Switch config show ipv6 nd snooping 854
• Switch configure 854
• The following example shows how to enable nd snooping globally and on vlan 1 854
• Vlan id 1 854
• Binding entries via dhcpv6 snooping 855
• Follow these steps to bind entries via dhcp snooping 855
• Gi1 0 1 1000 n a 855
• Interface max entries lag 855
• Switch config end 855
• Switch config if end 855
• Switch config if ipv6 nd snooping max entries 1000 855
• Switch config if show ipv6 nd snooping interface gigabitethernet 1 0 1 855
• Switch config interface gigabitethernet 1 0 1 855
• Switch configure 855
• Switch copy running config startup config 855
• The following example shows how to configure the maximum number of entries that can be learned on port 1 0 1 855
• Viewing binding entries 856
• Adding ipv6 mac binding entries 857
• Enabling nd detection 857
• Nd detection configuration 857
• Using the gui 857
• Click apply 858
• Configuring nd detection on ports 858
• Follow these steps to configure nd detection on ports 858
• Port config to load the following page 858
• Select one or more ports and configure the parameters 858
• Viewing nd statistics 858
• You can view the number of the illegal nd packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 858
• Adding ipv6 mac binding entries 859
• Enabling nd detection 859
• Using the cli 859
• Configuring nd detection on ports 860
• Follow these steps to configure nd detection on ports 860
• Global status enable 860
• Switch config end 860
• Switch config ipv6 nd detection 860
• Switch config ipv6 nd detection vlan 1 860
• Switch config show ipv6 nd detection 860
• Switch configure 860
• Switch copy running config startup config 860
• The following example shows how to enable nd detection globally and on vlan 1 860
• Vlan id 1 860
• Viewing nd statistics 861
• Adding ipv6 mac binding entries 862
• Configuring ipv6 source guard 862
• Ipv6 source guard configuration 862
• Using the gui 862
• Adding ipv6 mac binding entries 863
• Before configuring ipv6 source guard you need to configure the sdm template as enterprisev6 863
• Click apply 863
• Configuring ipv6 source guard 863
• Follow these steps to configure ipv6 source guard 863
• The nd detection feature allows the switch to detect the nd packets based on the binding entries in the ipv6 mac binding table and filter out the illegal nd packets before configuring nd detection complete ipv6 mac binding configuration for details refer to ipv6 mac binding configuration 863
• Using the cli 863
• Gi1 0 1 sipv6 mac n a 864
• Port security type lag 864
• Switch config if end 864
• Switch config if ipv6 verify source sipv6 mac 864
• Switch config if show ipv6 verify source interface gigabitethernet 1 0 1 864
• Switch config interface gigabitethernet 1 0 1 864
• Switch configure 864
• Switch copy running config startup config 864
• The following example shows how to enable ipv6 source guard on port 1 0 1 864
• Configuration examples 865
• Configuration scheme 865
• Example for nd detection 865
• Network requirements 865
• Using the gui 866
• Using the cli 868
• Verify the configuration 868
• Example for ipv6 source guard 869
• Network requirements 869
• Configuration scheme 870
• Using the gui 870
• Using the cli 872
• Verify the configuration 872
• Appendix default parameters 873
• Default settings of dhcp snooping are listed in the following table 873
• Default settings of nd detection are listed in the following table 873
• Default settings of ipv6 source guard are listed in the following table 874
• Chapters 875
• Configuring dhcp filter 875
• Part 30 875
• Dhcp filter 876
• Overview 876
• Supported features 876
• Dhcpv4 filter 877
• Dhcpv4 filter is used for dhcpv4 servers and ipv4 clients 877
• Dhcpv6 filter 877
• Dhcpv6 filter is used for dhcpv6 servers and ipv6 clients 877
• Configuring the basic dhcpv4 filter parameters 878
• Dhcpv4 filter configuration 878
• Using the gui 878
• Click apply 879
• Click create 880
• Configure the following parameters 880
• Configuring legal dhcpv4 servers 880
• Configuring the basic dhcpv4 filter parameters 880
• Follow these steps to add a legal dhcpv4 server 880
• Follow these steps to complete the basic settings of dhcpv4 filter 880
• Legal dhcpv4 servers and 880
• To load the following page 880
• Using the cli 880
• Configuring legal dhcpv4 servers 882
• Follow these steps configure legal dhcpv4 servers 882
• Gi1 0 1 enable enable 10 20 n a 882
• Global status enable 882
• Interface state mac verify limit rate dec rate lag 882
• Switch config if end 882
• Switch config if ip dhcp filter 882
• Switch config if ip dhcp filter decline rate 20 882
• Switch config if ip dhcp filter limit rate 10 882
• Switch config if ip dhcp filter mac verify 882
• Switch config if show ip dhcp filter 882
• Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 882
• Switch config interface gigabitethernet 1 0 1 882
• Switch config ip dhcp filter 882
• Switch configure 882
• Switch copy running config startup config 882
• The following example shows how to enable dhcpv4 filter globally and how to enable dhcpv4 filter enable the mac verify feature set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 882
• Configuring the basic dhcpv6 filter parameters 884
• Dhcpv6 filter configuration 884
• Using the gui 884
• Click apply 885
• Click create 885
• Configure the following parameters 885
• Configuring legal dhcpv6 servers 885
• Follow these steps to add a legal dhcpv6 server 885
• Legal dhcpv6 servers and 885
• To load the following page 885
• Configuring the basic dhcpv6 filter parameters 886
• Follow these steps to complete the basic settings of dhcpv6 filter 886
• Using the cli 886
• Configuring legal dhcpv6 servers 887
• Follow these steps configure legal dhcpv6 servers 887
• Gi1 0 1 enable 10 20 n a 887
• Global status enable 887
• Interface state limit rate dec rate lag 887
• Switch config if end 887
• Switch config if ipv6 dhcp filter 887
• Switch config if ipv6 dhcp filter decline rate 20 887
• Switch config if ipv6 dhcp filter limit rate 10 887
• Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 887
• Switch config if show ipv6 dhcp filter 887
• Switch config interface gigabitethernet 1 0 1 887
• Switch config ipv6 dhcp filter 887
• Switch configure 887
• Switch copy running config startup config 887
• The following example shows how to enable dhcpv6 filter globally and how to enable dhcpv6 filter set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 887
• Configuration examples 889
• Configuration scheme 889
• Example for dhcpv4 filter 889
• Network requirements 889
• Using the gui 890
• Using the cli 891
• Verify the configuration 891
• Example for dhcpv6 filter 892
• Network requirements 892
• Configuration scheme 893
• Using the gui 893
• Using the cli 895
• Verify the configuration 895
• Appendix default parameters 896
• Default settings of dhcpv4 filter are listed in the following table 896
• Chapters 897
• Configuring dos defend 897
• Part 31 897
• Overview 898
• Dos defend configuration 899
• Dos defend to load the following page 899
• Follow these steps to configure dos defend 899
• In the dos defend config section select one or more defend types according to your needs and click apply the following table introduces each type of dos attack 899
• In the dos defend section enable dos protection and click apply 899
• Using the gui 899
• Click apply 900
• Follow these steps to configure dos defend 900
• Using the cli 900
• Switch configure 901
• The following example shows how to enable the dos defend type named land 901
• Appendix default parameters 903
• Default settings of network security are listed in the following tables 903
• Chapters 904
• Monitoring the system 904
• Part 32 904
• Overview 905
• Monitoring the cpu 906
• Using the cli 906
• Using the gui 906
• Monitoring the memory 908
• Using the cli 908
• Using the gui 908
• Unit current memory utilization 909
• Traffic monitor 911
• Using the gui 911
• To view a port s traffic statistics in detail click statistics on the right side of the entry 912
• On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 915
• Using the cli 915
• Appendix default parameters 916
• Chapters 917
• Mirroring traffic 917
• Part 34 917
• Mirroring 918
• Using the gui 918
• Follow these steps to configure the mirroring session 919
• In the destination port config section specify a destination port for the mirroring session and click apply 919
• In the source interfaces config section specify the source interfaces and click apply traffic passing through the source interfaces will be mirrored to the destination port there are three source interface types port lag and cpu choose one or more types according to your need 919
• Follow these steps to configure mirroring 920
• Switch config monitor session 1 destination interface gigabitethernet 1 0 10 920
• Switch configure 920
• The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 and the cpu to port 1 0 10 920
• Using the cli 920
• Configuration examples 922
• Configuration scheme 922
• Network requirements 922
• Using the gui 922
• Using the cli 923
• Verify the configuration 924
• Appendix default parameters 925
• Default settings of switching are listed in th following tables 925
• Chapters 926
• Configuring sflow 926
• Part 35 926
• Overview 927
• Sflow agent 927
• Sflow collector 927
• Configuring the sflow agent 928
• Sflow configuration 928
• Using the gui 928
• An sflow sampler is a data source that collects flow samples usually the ports act as sflow samplers 929
• Click apply 929
• Configuring the sflow collector 929
• Configuring the sflow sampler 929
• Follow these steps to configure the sflow collector 929
• Select a collector and configure the relevant parameters 929
• Sflow collector to load the following page 929
• Click apply 930
• Follow these steps to configure the sflow sampler 930
• Set one or more ports to be samplers and configure the relevant parameters one port can be bound to only one collector 930
• Sflow sampler to load the following page 930
• Follow these steps to configure the sflow 931
• Using the cli 931
• Configuration example 934
• Configuration scheme 934
• Network requirements 934
• Using the gui 934
• Using the cli 935
• Verify the configurations 936
• Appendix default parameters 937
• Default settings of maintenance are listed in the following tables 937
• Chapters 938
• Configuring oam 938
• Part 36 938
• Ethernet oam 939
• Oam connection 939
• Oam entity 939
• Oampdus 939
• Overview 939
• As the above figure shows the oam entity on switch a is in active mode and that on switch b is in passive mode switch a initiates an oam connection by sending an information oampdu switch b compares the oam information in the received oampdu with its own and sends back an information oampdu to switch a if the oam information of the two entities matches an oam connection will be established after that the two oam entities will exchange information oampdus periodically to keep the oam connection valid 940
• Link monitoring 940
• Link monitoring is for monitoring link performance under various circumstances when problems are detected on the link the oam entity will send its remote peer the event notification oampdus to report link events 940
• Supported features 940
• The link events are described as follows 940
• The switch supports the following oam features link monitoring remote failure indication rfi and remote loopback 940
• Remote failure indication rfi 941
• Remote loopback 941
• Enabling oam and configuring oam mode 943
• Ethernet oam configurations 943
• Using the gui 943
• Click apply 944
• Configuring link monitoring 944
• Follow these steps to configure link monitoring 944
• In the link event section select a link event type to configure 944
• Link monitoring to load the following page 944
• Click apply 945
• In the link monitoring config section select one or more ports and configure the threshold and period for the selected link event 945
• Click apply 946
• Configuring rfi 946
• Follow these steps to configure remote failure indication 946
• Remote failure indication to load the following page 946
• Select one or more ports and configure the dying gasp notification and critical event notification features 946
• Click apply 947
• Configuring remote loopback 947
• Follow these steps to configure remote loopback 947
• Remote loopbak to load the following page 947
• Select one or more ports and configure the relevant options 947
• Discovery info to load the following page 948
• Select a port to view whether the oam connection is established with the peer additionally you can view the oam information of the local and the remote entities 948
• The oam information of the local entity is as follows 948
• Viewing oam status 948
• The oam information of the remote entity is as follows 949
• Enabling oam and configuring oam mode 950
• Follow these steps to enable oam and configure oam mode on the port 950
• Using the cli 950
• An error symbol period event occurs if the number of symbol errors exceeds the defined threshold within a specific period of time 951
• Configuring error symbol period event 951
• Configuring link monitoring 951
• Follow these steps to configure the error symbol period event 951
• Gi1 0 1 951
• Mode passive 951
• Oam enabled 951
• Switch config if end 951
• Switch config if ethernet oam 951
• Switch config if ethernet oam mode passive 951
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 951
• Switch config interface gigabitethernet 1 0 1 951
• Switch configure 951
• Switch copy running config startup config 951
• The following example shows how to enable oam and configure the oam mode as passive on port 1 0 1 951
• With link monitoring the following link events can be reported error symbol period error frame error frame period error frame seconds 951
• Gi1 0 1 952
• Notify state enabled 952
• Switch config if end 952
• Switch config if ethernet oam link monitor symbol period threshold 1 window 10 notify enable 952
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 952
• Switch config interface gigabitethernet 1 0 1 952
• Switch configure 952
• Switch copy running config startup config 952
• Symbol period error 952
• The following example shows how to enable error frame event notification and configure the threshold as 1 and the window as 1000 ms 10 100 ms on port 1 0 1 952
• Threshold 1 error symbol 952
• Window 1000 milliseconds 952
• An error frame event occurs if the number of frame errors exceeds the defined threshold within a specific period of time 953
• Configuring error frame event 953
• Follow these steps to configure the error frame event 953
• Gi1 0 1 953
• Switch config if ethernet oam link monitor frame threshold 1 window 20 notify enable 953
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 953
• Switch config interface gigabitethernet 1 0 1 953
• Switch configure 953
• The following example shows how to enable error frame notification and configure the threshold as 1 and the window as 2000 ms 20 100 ms on port 1 0 1 953
• An error frame period event occurs if the number of frame errors in specific number of received frames exceeds the defined threshold 954
• Configuring error frame period event 954
• Follow these steps to configure the error frame period event 954
• Frame error 954
• Notify state enabled 954
• Switch config if end 954
• Switch copy running config startup config 954
• Threshold 1 error frame 954
• Window 2000 milliseconds 954
• Frame seconds error 956
• Gi1 0 1 956
• Notify state enabled 956
• Switch config if end 956
• Switch config if ethernet oam link monitor frame seconds threshold 1 window 800 notify enable 956
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 956
• Switch config interface gigabitethernet 1 0 1 956
• Switch configure 956
• Switch copy running config startup config 956
• The following example shows how to enable error frame seconds notification and configure the threshold as 1 and the window as 80000 ms 800 100 ms on port 1 0 1 956
• Threshold 1 error seconds 956
• Window 80000 milliseconds 956
• Configuring remote failure indication 957
• Dying gasp enabled 957
• Follow these steps to configure remote failure indication 957
• Gi1 0 1 957
• Switch config if ethernet oam remote failure critical event notify enable 957
• Switch config if ethernet oam remote failure dying gasp notify enable 957
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 957
• Switch config interface gigabitethernet 1 0 1 957
• Switch configure 957
• The following example shows how to enable dying gasp and critical event on port 1 0 1 957
• Configuring remote loopback 958
• Critical event enabled 958
• Follow these steps to configure remote loopback 958
• Switch config if end 958
• Switch config if ethernet oam remote loopback start 958
• Switch config interface gigabitethernet 1 0 1 958
• Switch configure 958
• Switch copy running config startup config 958
• The following example shows how to start the oam remote loopback mode of the peer on port 1 0 1 958
• On privileged exec mode or any other configuration mode you can use the following command to view whether the oam connection is established with the peer additionally you can view the oam information of the local entity and the remote entity 959
• Verifying oam connection 959
• Gi1 0 1 960
• Local client 960
• Max oampdu 1518 bytes 960
• Mode active 960
• Oam enabled 960
• Remote loopback supported 960
• Switch config show ethernet oam status interface gigabitethernet 1 0 1 960
• The following example shows how to view the oam status of port 1 0 1 960
• Unidirection not supported 960
• Using the gui 962
• Viewing oam statistics 962
• Viewing oampdus 962
• Event logs statistics to load the following page 964
• Select a port and view the local and remote event logs on it 964
• Viewing event logs 964
• Additionally you can view the detailed information of the event logs in the event log table section 965
• Gi1 0 1 965
• Information oampdu rx 28 965
• Information oampdu tx 28 965
• On privileged exec mode or any other configuration mode you can use the following command to view the number of oampdus received and sent on the specified port 965
• Switch show ethernet oam statistics interface gigabitethernet 1 0 1 965
• The following example shows how to view the transmitted and received oamdpus on port 1 0 1 965
• Unique event notification oampdu tx 0 965
• Using the cli 965
• Viewing oampdus 965
• Critical event remote 2016 01 01 08 08 00 967
• Error symbol event 0 967
• Event listing 967
• Gi1 0 1 967
• Local event statistics 967
• On privileged exec mode or any other configuration mode you can use the following command to view the local and remote event logs on the specified port 967
• Switch show ethernet oam event log interface gigabitethernet 1 0 1 967
• The following example shows how to view the event logs on port 1 0 1 967
• Type location time stamp 967
• Viewing event logs 967
• Configuration example 969
• Configuration scheme 969
• Network requirements 969
• Using the gui 969
• Using the cli 973
• Verify the configuration 974
• Appendix default parameters 977
• Default settings of ethernet oam are listed in the following tables 977
• Chapters 978
• Configuring dldp 978
• Part 37 978
• Overview 979
• Configuration guidelines 980
• Dldp configuration 980
• Using the gui 980
• In the port config section select one or more ports enable dldp and click apply then you can view the relevant dldp information in the table 981
• Follow these steps to configure dldp 982
• Switch configure 982
• The following example shows how to enable dldp globally configure the dldp interval as 10 seconds and specify the shutdown mode as auto 982
• Using the cli 982
• Appendix default parameters 984
• Default settings of dldp are listed in the following table 984
• Chapters 985
• Configuring snmp rmon 985
• Part 38 985
• Basic concepts 986
• Overview 986
• Snmp agent 986
• Snmp manager 986
• A mib is a collection of managed objects that is organized hierarchically the objects define the attributes of the managed device including the names status access rights and data types each object can be addressed through an object identifier oid 987
• Also tp link switches support the following public mibs 987
• As the following figure shows the mib hierarchy can be depicted as a tree with a nameless root the levels of which are assigned by different organizations the top level mib object ids belong to different standards organizations while lower level object ids are allocated by associated organizations vendors can define private branches that include managed objects for their own products 987
• Lldp ext dot1 mib 987
• Lldp ext med mib 987
• Lldp mib 987
• Rfc1213 mib 987
• Rfc1493 bridge mib 987
• Rfc1757 rmon mib 987
• Rfc2618 radius auth client mib 987
• Tp link switches provide private mibs that can be identified by the oid 1 1863 the mib file can be found on the provided cd or the download center of our official website https www tp link com en download center html 987
• An snmp engine can be uniquely identified by an engine id within an administrative domain since there is a one to one association between snmp engines and snmp entities we can also use the engine id to uniquely and unambiguously identify the snmp entity within that administrative domain 988
• An snmp engine is a part of the snmp entity every snmp entity has one and only one engine an snmp engine provides services for ending and receiving messages authenticating and encrypting messages and controlling access to managed objects 988
• An snmp entity is a device running the snmp protocol both the snmp manager and snmp agent are snmp entities 988
• For detail information about the supported public mibs see supported public mibs for tp link switches which can be found on the training center of our website 988
• Https www tp link com en configuration guides html 988
• Rfc2620 radius acc client mib 988
• Rfc2674 pbridge mib 988
• Rfc2674 qbridge mib 988
• Rfc2863 pbridge mib 988
• Rfc2925 disman ping mib 988
• Rfc2925 disman traceroute mib 988
• Snmp engine 988
• Snmp entity 988
• Snmp version 988
• The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 988
• Enabling snmp 990
• Snmp configurations 990
• Using the gui 990
• Click apply 991
• Creating an snmp view 991
• Follow these steps to create an snmp view 991
• Global config to load the following page 991
• Nms manages mib objects based on the snmp view an snmp view is a subset of a mib the system provides a default view named viewdefault and you can create other snmp views according to your needs 991
• To load the following page enter a view name and specify the view type and a mib object that is related to the view 991
• Click create 992
• Creating snmp communities for snmp v1 v2c 992
• Set the community name access rights and the related view 992
• Snmp v1 v2c and click 992
• To load the following page 992
• Assign a name to the group then set the security level and the read view write view and notify view 993
• Click create 993
• Create an snmp group and configure related parameters 993
• Creating an snmp group for snmp v3 993
• Follow these steps to create an snmp group 993
• Snmp group and click 993
• To load the following page 993
• Click create 994
• Creating snmp users for snmp v3 994
• Follow these steps to create an snmp user 994
• Snmp user and click 994
• Specify the user name user type and the group which the user belongs to then configure the security level 994
• To load the following page 994
• Click create 995
• Enabling snmp 995
• If you have chosen authnopriv or authpriv as the security level you need to set corresponding authentication mode or privacy mode if not skip the step 995
• Using the cli 995
• Bad snmp version errors 996
• Snmp agent is enabled 996
• Snmp packets input 996
• Switch config show snmp server 996
• Switch config snmp server 996
• Switch config snmp server engineid remote 123456789a 996
• Switch configure 996
• The following example shows how to enable snmp and set 123456789a as the remote engine id 996
• Unknown community name 996
• Bad value errors 997
• Creating an snmp view 997
• Encoding errors 997
• General errors 997
• Get next pdus 997
• Get request pdus 997
• Illegal operation for community name supplied 997
• Local engine id 80002e5703000aeb13a23d 997
• No such name errors 997
• Number of altered variables 997
• Number of requested variables 997
• Remote engine id 123456789a 997
• Response pdus 997
• Set request pdus 997
• Snmp packets output 997
• Specify the oid object identifier of the view to determine objects to be managed 997
• Switch config end 997
• Switch config show snmp server engineid 997
• Switch copy running config startup config 997
• Too big errors maximum packet size 1500 997
• Trap pdus 997
• Creating snmp communities for snmp v1 v2c 998
• Create an snmp group and set user access control with read write and notify views meanwhile set the authentication and privacy modes to secure the communication between the nms and managed devices 999
• Creating an snmp group for snmpv3 999
• Index name type mib view 999
• Nms monitor read write view 999
• Switch config end 999
• Switch config show snmp server community 999
• Switch config snmp server community nms monitor read write view 999
• Switch configure 999
• Switch copy running config startup config 999
• The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 999
• 1 nms1 v3 authpriv view1 view1 1000
• No name sec mode sec lev read view write view notify view 1000
• Switch config end 1000
• Switch config show snmp server group 1000
• Switch config snmp server group nms1 smode v3 slev authpriv read view1 notify view1 1000
• Switch configure 1000
• Switch copy running config startup config 1000
• The following example shows how to create an snmpv3 group with the group name as nms1 the security level as authpriv and the read and notify view are both view1 1000
• Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 1001
• Creating snmp users for snmpv3 1001
• Configuring the information of nms hosts 1003
• Notification configurations 1003
• Using the gui 1003
• Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 1004
• Click create 1004
• Specify the user name or community name used by the nms host and configure the security model and security level based on the settings of the user or community 1004
• Enabling snmp traps 1005
• Select the traps to enable according to your needs 1005
• The supported traps are listed on the page follow these steps to enable any or all of these traps 1005
• Trap config to load the following page 1005
• Click apply 1007
• Configure parameters of the nms host and packet handling mechanism 1007
• Configuring the nms host 1007
• Using the cli 1007
• The following example shows how to set the nms host ip address as 192 0 22 udp port as port 162 name used by the nms host as admin security model as snmpv3 1008
• 0 22 162 admin v3 authpriv inform 3 100 1009
• Enabling snmp traps 1009
• Enabling the snmp standard traps globally 1009
• No des ip udp name secmode seclev type retry timeout 1009
• Security level as authpriv notification type as inform retry times as 3 and the timeout interval as 100 seconds 1009
• Switch config end 1009
• Switch config show snmp server host 1009
• Switch config snmp server host 192 0 22 162 admin smode v3 slev authpriv type inform retries 3 timeout 100 1009
• Switch configure 1009
• Switch copy running config startup config 1009
• The switch supports multiple snmp traps like snmp standard traps acl traps and vlan traps you can enable any or all of the traps according to your needs 1009
• Enabling the snmp extended traps globally 1010
• Switch config end 1010
• Switch config snmp server traps snmp linkup 1010
• Switch configure 1010
• Switch copy running config startup config 1010
• The following example shows how to configure the switch to send linkup traps 1010
• Enabling the ddm traps globally 1011
• Switch config end 1011
• Switch config snmp server traps bandwidth control 1011
• Switch configure 1011
• Switch copy running config startup config 1011
• The following example shows how to configure the switch to enable bandwidth control traps 1011
• Enabling the snmp security traps globally 1012
• Enabling the vlan traps globally 1012
• Switch config end 1012
• Switch config snmp server traps ddm temperature 1012
• Switch config snmp server traps vlan 1012
• Switch configure 1012
• Switch copy running config startup config 1012
• The following example shows how to configure the switch to enable all the snmp vlan traps 1012
• The following example shows how to configure the switch to enable ddm temperature trap 1012
• Enabling the acl trap globally 1013
• Enabling the ip traps globally 1013
• Switch config end 1013
• Switch config snmp server traps acl 1013
• Switch config snmp server traps security dhcp filter 1013
• Switch configure 1013
• Switch copy running config startup config 1013
• The following example shows how to configure the switch to enable acl trap 1013
• The following example shows how to configure the switch to enable dhcp filter trap 1013
• Enabling the snmp poe traps globally 1014
• Switch config end 1014
• Switch config snmp server traps ip change 1014
• Switch configure 1014
• Switch copy running config startup config 1014
• The following example shows how to configure the switch to enable ip change trap 1014
• Enabling the link status trap for ports 1015
• Switch config end 1015
• Switch config snmp server traps power 1015
• Switch configure 1015
• Switch copy running config startup config 1015
• The following example shows how to configure the switch to enable all poe traps 1015
• Switch config if end 1016
• Switch config if snmp server traps link status 1016
• Switch config interface gigabitethernet 1 0 1 1016
• Switch configure 1016
• Switch copy running config startup config 1016
• The following example shows how to configure the switch to enable link status trap 1016
• Configuring statistics group 1018
• Rmon configurations 1018
• Using the gui 1018
• Click create 1019
• Configuring history group 1019
• Follow these steps to configure the history group 1019
• History to load the following page 1019
• Select a history entry and specify a port to be monitored 1019
• Set the sample interval and the maximum buckets of history entries 1019
• Choose an event entry and set the snmp user of the entry 1020
• Configuring event group 1020
• Enter the owner name and set the status of the entry click apply 1020
• Event to load the following page 1020
• Follow these steps to configure the event group 1020
• Set the description and action to be taken when the event is triggered 1020
• Alarm to load the following page 1021
• Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 1021
• Configuring alarm group 1021
• Enter the owner name and set the status of the entry click apply 1021
• Follow these steps to configure the alarm group 1022
• Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 1022
• Set the sample type the rising and falling threshold the corresponding event action mode and the alarm type of the entry 1022
• Configuring statistics 1023
• Enter the owner name and set the status of the entry click apply 1023
• Using the cli 1023
• Gi1 0 1 monitor valid 1024
• Gi1 0 2 monitor valid 1024
• Index port owner state 1024
• Switch config end 1024
• Switch config rmon statistics 1 interface gigabitethernet 1 0 1 owner monitor status valid 1024
• Switch config rmon statistics 2 interface gigabitethernet 1 0 2 owner monitor status valid 1024
• Switch config show rmon statistics 1024
• Switch configure 1024
• Switch copy running config startup config 1024
• The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entries are both monitor and the status are both valid 1024
• Configuring history 1025
• Gi1 0 1 100 50 monitor enable 1025
• Index port interval buckets owner state 1025
• Switch config end 1025
• Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor buckets 50 1025
• Switch config show rmon history 1025
• Switch configure 1025
• The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds maximum buckets as 50 and the owner as monitor 1025
• Configuring event 1026
• Switch config rmon event 1 user admin description rising notify type notify owner monitor 1026
• Switch configure 1026
• Switch copy running config startup config 1026
• The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 1026
• Admin rising notify notify monitor enable 1027
• Configuring alarm 1027
• Index user description type owner state 1027
• Switch config end 1027
• Switch config show rmon event 1027
• Switch copy running config startup config 1027
• Configuration example 1030
• Network requirements 1030
• Configuration scheme 1031
• Using the gui 1031
• Using the cli 1036
• Verify the configurations 1038
• Appendix default parameters 1042
• Default settings of snmp are listed in the following tables 1042
• Default settings of notification are listed in the following table 1043
• Default settings of rmon are listed in the following tables 1044
• Chapters 1046
• Diagnosing the device network 1046
• Part 39 1046
• Check the test results in the result section 1047
• Device diagnostics to load the following page 1047
• Diagnosing the device 1047
• Follow these steps to diagnose the cable 1047
• Select your desired port for the test and click apply 1047
• The device diagnostics feature provides cable testing which allows you to troubleshoot based on the connection status cable length and fault location 1047
• Using the gui 1047
• Gi1 0 2 pair a normal 2 10m 1048
• On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 1048
• Pair b normal 2 10m 1048
• Pair c normal 0 10m 1048
• Pair d normal 2 10m 1048
• Port pair status length error 1048
• Switch show cable diagnostics interface gigabitehternet 1 0 2 1048
• The following example shows how to check the cable diagnostics of port 1 0 2 1048
• Using the cli 1048
• Diagnosing the network 1049
• Troubleshooting with ping testing 1049
• Using the gui 1049
• Troubleshooting with tracert testing 1050
• Approximate round trip times in milli seconds 1051
• Configuring the ping test 1051
• In the tracert result section check the test results 1051
• Minimum 0ms maximum 0ms average 0ms 1051
• On privileged exec mode you can use the following command to test the connectivity between the switch and one node of the network 1051
• Packets sent 3 received 3 lost 0 0 loss 1051
• Ping statistics for 192 68 0 1051
• Pinging 192 68 0 with 1000 bytes of data 1051
• Reply from 192 68 0 bytes 1000 time 16ms ttl 64 1051
• Switch ping ip 192 68 0 n 3 l 1000 i 500 1051
• The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 1051
• Using the cli 1051
• Configuring the tracert test 1052
• Ms 1 ms 2 ms 192 68 1052
• Ms 2 ms 2 ms 192 68 00 1052
• On privileged exec mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 1052
• Switch tracert 192 68 00 2 1052
• The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 1052
• Trace complete 1052
• Tracing route to 192 68 00 over a maximum of 2 hops 1052
• Appendix default parameters 1053
• Default settings of network diagnostics are listed in the following tables 1053
• Chapters 1054
• Configuring system logs 1054
• Part 40 1054
• Overview 1055
• Backing up the logs 1056
• Configuration guidelines 1056
• Configure the local logs 1056
• Configure the remote logs 1056
• Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 1056
• System logs configurations 1056
• System logs configurations include 1056
• Viewing the log table 1056
• Click apply 1057
• Configuring the local logs 1057
• Configuring the remote logs 1057
• Follow these steps to configure the local logs 1057
• Local logs to load the following page 1057
• Select your desired channel and configure the corresponding severity and status 1057
• Using the gui 1057
• You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log 1057
• Backing up the logs 1058
• Log table to load the following page 1059
• Select a module and a severity to view the corresponding log information 1059
• Viewing the log table 1059
• Configuring the local logs 1060
• Follow these steps to configure the local logs 1060
• Using the cli 1060
• Configuring the remote logs 1061
• 6 disable 1062
• 68 48 5 enable 1062
• Index host ip severity status 1062
• Switch config end 1062
• Switch config logging host index 2 192 68 48 5 1062
• Switch config show logging loghost 1062
• Switch configure 1062
• Switch copy running config startup config 1062
• The following example shows how to set the remote log on the switch enable log server 2 set its ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the server 1062
• Configuration example 1063
• Configuration scheme 1063
• Network requirements 1063
• Using the gui 1063
• Using the cli 1064
• Verify the configurations 1064
• Appendix default parameters 1065
• Default settings of maintenance are listed in the following tables 1065
• Copyright trademarks 1066
• Fcc statement 1066
• Canadian compliance statement 1067
• Ce mark warning 1067
• Eu declaration of conformity 1067
• Industry canada statement 1067
• Ncc notice 1067
• Bsmi notice 1068
• Продукт сертифіковано згідно с правилами системи укрсепро на відповідність вимогам нормативних документів та вимогам що передбачені чинними законодавчими актами україни 1068
• 安全諮詢及注意事項 1068
• 插槽與開口供通風使用 以確保本產品的操作可靠並防止過熱 請勿堵塞或覆蓋開口 1068
• 此為甲類資訊技術設備 于居住環境中使用時 可能會造成射頻擾動 在此種情況下 使用者 會被要求採取某些適當的對策 1068
• 注意防潮 請勿將水或其他液體潑灑到本產品上 1068
• 清潔本產品之前請先拔掉電源線 請勿使用液體 噴霧清潔劑或濕布進行清潔 1068
• 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通行 經發現有干擾現象時 應立即停用 並改善至無干擾時方得繼續使用 前項合法通信 指依電信規定作業之無線電信 低功率射頻電機需忍受合法通信或工業 科學以及醫療用電波輻射性電機設備之干擾 1068
• 請不要私自打開機殼 不要嘗試自行維修本產品 請由授權的專業人士進行此項工作 1068
• 請使用原裝電源供應器或只能按照本產品注明的電源類型使用本產品 1068
• 請勿將本產品置放於靠近熱源的地方 除非有正常的通風 否則不可放在密閉位置中 1068
• 限用物質含有情況標示聲明書 1068
• Explanation of the symbols on the product label 1069
• Safety information 1069