Tp-Link T2600G-28MPS V4 [713/1124] Default settings of class of service are listed in the following tables

Содержание

• T2600g series switches 1
• User guide 1
• About this guide 2
• Accessing the switch 2
• Command line interface access 10 2
• Contents 2
• Conventions 2
• Intended readers 2
• Managing system 2
• More information 2
• Overview 2
• System 21 2
• System info configurations 23 2
• Web interface access 2
• Eee configuration 57 3
• Poe configurations 59 3
• Sdm template configuration 71 3
• System tools configurations 44 3
• User management configurations 37 3
• Appendix default parameters 85 4
• Basic parameters configurations 90 4
• Configuration examples 01 4
• Example for poe configurations 80 4
• Loopback detection configuration 97 4
• Managing physical interfaces 4
• Physical interface 89 4
• Port isolation configurations 94 4
• Time range configuration 74 4
• Appendix default parameters 07 5
• Appendix default parameters 25 5
• Configuration examples 19 5
• Configuring ddm 5
• Configuring lag 5
• Ddm configuration 28 5
• Lag 09 5
• Lag configuration 10 5
• Overview 27 5
• Address configurations 48 6
• Appendix default parameters 44 6
• Appendix default parameters 66 6
• Configuring 802 q vlan 6
• Example for security configurations 63 6
• Mac address table 46 6
• Managing mac address table 6
• Overview 68 6
• Q vlan configuration 69 6
• Security configurations 56 6
• Appendix default parameters 00 7
• Appendix default parameters 83 7
• Configuration example 76 7
• Configuration example 90 7
• Configuring mac vlan 7
• Configuring protocol vlan 7
• Mac vlan configuration 86 7
• Overview 02 7
• Overview 85 7
• Protocol vlan configuration 03 7
• Appendix default parameters 22 8
• Basic vlan vpn configuration 26 8
• Configuration example 10 8
• Configuration examples 34 8
• Configuring vlan vpn 8
• Flexible vlan vpn configuration 31 8
• Vlan vpn 24 8
• Appendix default parameters 57 9
• Appendix default parameters 74 9
• Appendix default parameters 94 9
• Configuration example 65 9
• Configuration example 85 9
• Configuring gvrp 9
• Configuring layer 2 multicast 9
• Configuring private vlan 9
• Gvrp configuration 60 9
• Igmp snooping configuration 99 9
• Layer 2 multicast 96 9
• Overview 59 9
• Overview 76 9
• Private vlan configurations 78 9
• Mld snooping configuration 18 10
• Multicast filtering configuration 42 10
• Mvr configuration 32 10
• Appendix default parameters 81 11
• Configuration examples 57 11
• Viewing multicast snooping information 52 11
• Appendix default parameters 44 12
• Configuration example for mstp 29 12
• Configuring spanning tree 12
• Mstp configurations 05 12
• Spanning tree 85 12
• Stp rstp configurations 93 12
• Stp security configurations 25 12
• Configuration examples 71 13
• Configuring lldp 13
• Lldp 47 13
• Lldp configurations 48 13
• Lldp med configurations 56 13
• Viewing lldp med settings 68 13
• Viewing lldp settings 63 13
• Appendix default parameters 03 14
• Appendix default parameters 84 14
• Appendix default parameters 96 14
• Configuration example 19 14
• Configuration example 93 14
• Configuring l2pt 14
• Configuring layer 3 interfaces 14
• Configuring pppoe id insertion 14
• L2pt configuration 88 14
• Layer 3 interface configurations 06 14
• Overview 05 14
• Overview 86 14
• Overview 98 14
• Pppoe id insertion configuration 99 14
• Appendix default parameters 22 15
• Configuring dhcp service 15
• Configuring routing 15
• Dhcp 38 15
• Dhcp server configuration 41 15
• Example for static routing 32 15
• Ipv4 static routing configuration 25 15
• Ipv6 static routing configuration 27 15
• Overview 24 15
• Viewing routing table 29 15
• Configuration examples 68 16
• Dhcp l2 relay configuration 63 16
• Dhcp relay configuration 53 16
• Appendix default parameters 10 17
• Appendix default parameters 93 17
• Arp configurations 99 17
• Bandwidth control configuration 39 17
• Class of service configuration 14 17
• Configuring arp 17
• Configuring qos 17
• Overview 97 17
• Qos 12 17
• Access security 87 18
• Access security configurations 88 18
• Appendix default parameters 82 18
• Auto voip configuration 51 18
• Configuration examples 56 18
• Configuring access security 18
• Voice vlan configuration 45 18
• Aaa configuration 12 19
• Appendix default parameters 08 19
• Appendix default parameters 36 19
• Configuration examples 30 19
• Configuring aaa 19
• Overview 11 19
• Acl configuration 71 20
• Appendix default parameters 61 20
• Appendix default parameters 68 20
• Configuration example 55 20
• Configuring 802 x 20
• Configuring acl 20
• Configuring port security 20
• Overview 39 20
• Overview 63 20
• Overview 70 20
• Port security configuration 64 20
• X configuration 40 20
• Appendix default parameters 34 21
• Configuration example for acl 08 21
• Configuring ipv4 impb 21
• Ip mac binding configuration 38 21
• Ipv4 impb 37 21
• Appendix default parameters 67 22
• Arp detection configuration 48 22
• Configuration examples 58 22
• Ipv4 source guard configuration 55 22
• Configuration examples 91 23
• Configuring ipv6 impb 23
• Ipv6 impb 70 23
• Ipv6 mac binding configuration 72 23
• Ipv6 source guard configuration 88 23
• Nd detection configuration 83 23
• Appendix default parameters 99 24
• Configuration examples 15 24
• Configuring dhcp filter 24
• Dhcp filter 02 24
• Dhcpv4 filter configuration 04 24
• Dhcpv6 filter configuration 10 24
• Appendix default parameters 22 25
• Appendix default parameters 29 25
• Appendix default parameters 42 25
• Appendix default parameters 51 25
• Configuration examples 48 25
• Configuring dos defend 25
• Dos defend configuration 25 25
• Mirroring 44 25
• Mirroring traffic 25
• Monitoring the cpu 32 25
• Monitoring the memory 34 25
• Monitoring the system 25
• Monitoring traffic 25
• Overview 24 25
• Overview 31 25
• Traffic monitor 37 25
• Appendix default parameters 63 26
• Configuration example 60 26
• Configuring oam 26
• Configuring sflow 26
• Ethernet oam 65 26
• Ethernet oam configurations 69 26
• Overview 53 26
• Sflow configuration 54 26
• Viewing oam statistics 88 26
• Appendix default parameters 003 27
• Appendix default parameters 010 27
• Configuration example 95 27
• Configuring dldp 27
• Configuring snmp rmon 27
• Dldp configuration 006 27
• Notification configurations 029 27
• Overview 005 27
• Snmp 012 27
• Snmp configurations 016 27
• Appendix default parameters 068 28
• Appendix default parameters 079 28
• Configuration example 056 28
• Configuring system logs 28
• Diagnosing the device 073 28
• Diagnosing the device network 28
• Diagnosing the network 075 28
• Overview 081 28
• Rmon 043 28
• Rmon configurations 044 28
• Appendix default parameters 091 29
• Configuration example 089 29
• System logs configurations 082 29
• About this guide 30
• Conventions 30
• Intended readers 30
• More information 31
• Accessing the switch 32
• Chapters 32
• Part 1 32
• Overview 33
• Web interface access 34
• Save the configuration file 35
• Configure the switch s ip address and default gateway 36
• Disable the web server 36
• Check the routing table to verify the default gateway you configured the entry marked in red box displays the valid default gateway 38
• To save the settings 38
• Command line interface access 39
• Console login only for switch with console port 39
• Enter enable to enter the user exec mode to further configure the switch 40
• Telnet login 41
• Password authentication mode 42
• Ssh login 42
• Key authentication mode 43
• After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 44
• Disable telnet login 46
• Change the switch s ip address and default gateway 47
• Copy running config startup config 47
• Disable ssh login 47
• Chapters 49
• Managing system 49
• Part 2 49
• Overview 50
• Supported features 50
• System 50
• System info 50
• System tools 50
• User management 50
• Sdm template 51
• Time range 51
• System info configurations 52
• Using the gui 52
• Viewing the system summary 52
• You can click a port to view the bandwidth utilization on this port 53
• You can move your cursor to a port to view the detailed information of the port 53
• In the system info section you can view the system information of the switch 54
• Viewing the system information 54
• Configuring the device description 56
• Configuring the system time 56
• Choose one method to set the system time and specify the related parameters 57
• Click apply 57
• Configuring the daylight saving time 57
• Daylight saving time to load the following page 57
• Follow these steps to configure daylight saving time 57
• In the dst config section enable the daylight saving time function 57
• In the time config section follow these steps to configure the system time 57
• Choose one method to set the daylight saving time and specify the related parameters 58
• Click apply 58
• On privileged exec mode or any other configuration mode you can use the following commands to view the system information of the switch 58
• Using the cli 58
• Viewing the system summary 58
• Configuring the device description 59
• Contact information https www tp link com 60
• Switch config contact info https www tp link com 60
• Switch config end 60
• Switch config hostname switch_a 60
• Switch config location beijing 60
• Switch config show system info 60
• Switch configure 60
• Switch copy running config startup config 60
• System description jetstream 24 port gigabit l2 managed switch with 4 sfp slots 60
• System location beijing 60
• System name switch_a 60
• The following example shows how to set the device name as switch_a set the location as beijing and set the contact information as https www tp link com 60
• Configuring the system time 61
• Follow these steps to configure the system time 61
• Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 62
• Switch configure 62
• The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 62
• Backup ntp server 139 8 00 63 63
• Configuring the daylight saving time 63
• Follow these steps to configure the daylight saving time 63
• Last successful ntp server 133 00 63
• Prefered ntp server 133 00 63
• Switch config end 63
• Switch config show system time ntp 63
• Switch copy running config startup config 63
• Time zone utc 08 00 63
• Update rate 11 hour s 63
• Creating accounts 66
• User management configurations 66
• Using the gui 66
• Click create 67
• Configure the following parameters 67
• Configuring enable password 67
• Follow these steps to create a new user account 67
• Global config to load the following page 67
• Creating accounts 68
• Using the cli 68
• Configuring enable password 70
• Follow these steps to create an account of other type 70
• The logged in users can enter the enable password on this page to get the administrative privileges 71
• Configuring the boot file 73
• System tools configurations 73
• Using the gui 73
• Click apply 74
• Follow these steps to configure the boot file 74
• In the boot table section select one or more units and configure the relevant parameters 74
• In the image table you can view the information of the current startup image next startup image and backup image the displayed information is as follows 74
• Backing up the configuration file 75
• Restoring the configuration of the switch 75
• Configuring dhcp auto install 76
• Upgrading the firmware 76
• Configuration file name image file path and tftp server ip address from the dhcp server and then downloads the new image and configuration file form the tftp server 77
• Configure the following parameters and click apply 77
• Dhcp auto install to load the following page 77
• Configuring reboot schedule 78
• Manually rebooting the switch 78
• Rebooting the switch 78
• Choose whether to save the current configuration before the reboot 79
• Click apply 79
• Configuring the boot file 79
• Follow these steps to configure the boot file 79
• In the system reset section select the desired unit and click reset after reset all configurations of the switch will be reset to the factory defaults 79
• Reseting the switch 79
• System reset to load the following page 79
• To delete the reboot schedule configurations you can click delete and the configurations will be empty 79
• Using the cli 79
• Backup config config2 cfg 80
• Backup image image2 bin 80
• Boot config 80
• Current startup config config2 cfg 80
• Current startup image image2 bin 80
• Next startup config config1 cfg 80
• Next startup image image1 bin 80
• Switch config boot application filename image1 startup 80
• Switch config boot application filename image2 backup 80
• Switch config boot config filename config1 startup 80
• Switch config boot config filename config2 backup 80
• Switch config end 80
• Switch config show boot 80
• Switch configure 80
• Switch copy running config startup config 80
• The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file as config2 80
• Backing up the configuration file 81
• Enable 81
• Follow these steps to back up the current configuration of the switch in a file 81
• Follow these steps to restore the configuration of the switch 81
• Operation ok now rebooting system 81
• Restoring the configuration of the switch 81
• Start to backup user config file 81
• Start to load user config file 81
• Switch copy startup config tftp ip address 192 68 00 filename file2 81
• Switch copy tftp startup config ip address 192 68 00 filename file1 81
• The following example shows how to backup the configuration file named file2 to tftp server with ip address 192 68 00 81
• The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 81
• Backup user config file ok 82
• Configuring dhcp auto install 82
• Enable 82
• Follow these steps to configure the dhcp auto install 82
• Follow these steps to upgrade the firmware 82
• It will only upgrade the backup image continue y n y 82
• Operation ok 82
• Reboot with the backup image y n y 82
• Switch firmware upgrade ip address 192 68 00 filename file3 bin 82
• The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 82
• This feature is used to download configuration files and images from the tftp server automatically it requires a tftp server and a dhcp server that supports option 67 125 and 150 on your network when auto install function starts the switch tries to get configuration file name image file path and tftp server ip address from the dhcp server and then downloads the new image and configuration file form the tftp server 82
• Upgrading the firmware 82
• Auto insatll mode stop 83
• Auto insatll persistent mode enabled 83
• Auto insatll retry count 83
• Auto reboot mode enabled 83
• Auto save mode enabled 83
• Switch config boot autoinstall auto reboot 83
• Switch config boot autoinstall auto save 83
• Switch config boot autoinstall persistent mode 83
• Switch config boot autoinstall retry count 2 83
• Switch config show boot autoinstall 83
• Switch configure 83
• The following example shows how to configure the auto install function 83
• Auto insatll sate stopped 84
• Configuring reboot schedule 84
• Follow these steps to configure the reboot schedule 84
• Follow these steps to reboot the switch 84
• Manually rebooting the switch 84
• Rebooting the switch 84
• Reseting the switch 85
• Click apply 86
• Eee configuration 86
• Eee to load the following page 86
• Enable or disable eee on the selected port s 86
• Follow these steps to configure eee 86
• In the eee config section select one or more ports to be configured 86
• Using the cli 86
• Poe configurations 88
• And configure the system power limit click apply 89
• Configuring the poe parameters manually 89
• Follow these steps to configure the basic poe parameters 89
• In addition you can click 89
• In the poe config section you can view the current poe parameters 89
• Poe config to load the following page 89
• Using the gui 89
• In the port config section select the port you want to configure and specify the parameters click apply 90
• Click create 92
• Configuring the poe parameters using the profile 92
• Creating a poe profile 92
• Follow these steps to create a poe profile 92
• In the create poe profile section specify the desired configurations of the profile 92
• Poe profile and click 92
• To load the following page 92
• In the port config section select one or more ports and configure the following two parameters time range and poe profile click apply and the poe parameters of the selected poe profile such as poe status and poe priority will be displayed in the table 94
• Configuring the poe parameters manually 95
• Follow these steps to configure the basic poe parameters 95
• Using the cli 95
• Gi1 0 5 enable middle class3 no limit none 96
• Interface poe status poe prio power limit w time range poe profile 96
• Switch config if power inline consumption class3 96
• Switch config if power inline priority middle 96
• Switch config if power inline supply enable 96
• Switch config if show power inline 96
• Switch config if show power inline configuration interface gigabitethernet 1 0 5 96
• Switch config if show power inline information interface gigabitethernet 1 0 5 96
• Switch config interface gigabitethernet 1 0 5 96
• Switch config power inline consumption 160 96
• Switch configure 96
• System power consumption 0 w 96
• System power limit 160 w 96
• System power remain 160 w 96
• The following example shows how to set the system power limit as 160w set the priority as middle and set the power limit as class3 for the port 1 0 5 96
• Configuring the poe parameters using the profile 97
• Follow these steps to configure the poe profile 97
• Gi1 0 5 1 26 53 class 2 on 97
• Interface power w current ma voltage v pd class power status 97
• Switch config if end 97
• Switch copy running config startup config 97
• Index name status priority power limit w 98
• Profile1 enable middle class2 98
• Switch config interface gigabitethernet 1 0 6 98
• Switch config power profile profile1 supply enable priority middle consumption class2 98
• Switch config show power profile 98
• Switch configure 98
• The following example shows how to create a profile named profile1and bind the profile to the port 1 0 6 98
• Sdm template configuration 100
• Using the gui 100
• Follow these steps to configure the sdm template 101
• The template table displays the resources allocation of each template the values are different for different switch models 101
• Using the cli 101
• Changes to the running sdm preferences have been stored but cannot take effect until reboot the switch 102
• Enterprisev4 template 102
• Number of combined acl rules 50 102
• Number of ip acl rules 360 102
• Number of ipv6 acl rules 0 102
• Number of ipv6 source guard entries 0 102
• Number of mac acl rules 100 102
• Number of packet content acl rules 50 102
• Switch config 102
• Switch config end 102
• Switch config sdm prefer enterprisev4 102
• Switch config show sdm prefer enterprisev4 102
• Switch copy running config startup config 102
• Switch to enterprisev4 tempale 102
• The following example shows how to set the sdm template as enterprisev4 102
• Adding time range entries 103
• Time range configuration 103
• Using the gui 103
• Configure the following parameters and click create 104
• Similarly you can add more entries of period time according to your needs the final period time is the sum of all the periods in the table click create 104
• Configuring holiday 105
• Adding time range entries 106
• Follow these steps to add time range entries 106
• Using the cli 106
• 08 00 to 20 00 on 1 2 107
• 10 01 2017 to 10 31 2017 107
• Configuring holiday 107
• Follow these steps to configure holiday time range 107
• Holiday exclude 107
• Number of time slice 1 107
• Switch config 107
• Switch config time range absolute from 10 01 2017 to 10 31 2017 107
• Switch config time range end 107
• Switch config time range holiday exclude 107
• Switch config time range periodic start 08 00 end 20 00 day of the week 1 2 107
• Switch config time range show time range 107
• Switch config time range time1 107
• Switch copy running config startup config 107
• The following example shows how to create a time range entry and set the name as time1 holiday mode as exclude absolute time as 10 01 2017 to 10 31 2017 and periodic time as 8 00 to 20 00 on every monday and tuesday 107
• Time range entry 12 inactive 107
• Time range entry time1 inactive 107
• Configuring scheme 109
• Example for poe configurations 109
• Network requirements 109
• Using the gui 109
• Using the cli 112
• Verify the configuration 112
• Gi1 0 3 enable low class4 office time none 113
• Interface poe status poe prio power limit w time range poe profile 113
• Appendix default parameters 114
• Default settings of system info are listed in the following tables 114
• Default settings of system tools are listed in the following table 114
• Default settings of user management are listed in the following table 114
• Default setting of eee is listed in the following table 115
• Default settings of poe is listed in the following table 115
• Default settings of sdm template are listed in the following table 115
• Default settings of time range are listed in the following table 116
• Chapters 117
• Managing physical interfaces 117
• Part 3 117
• Basic parameters 118
• Loopback detection 118
• Overview 118
• Physical interface 118
• Port isolation 118
• Supported features 118
• Basic parameters configurations 119
• Configure the mtu size of jumbo frames for all the ports then click apply 119
• Follow these steps to configure basic parameters for the ports 119
• Port config to load the following page 119
• Select one or more ports to configure the basic parameters then click apply 119
• Using the gui 119
• Follow these steps to set basic parameters for the ports 120
• Using the cli 120
• Switch config if no shutdown 121
• Switch config interface gigabitethernet 1 0 1 121
• Switch configure 121
• Switch jumbo size 9216 121
• The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port configuring the jumbo frame making the port automatically negotiate speed and duplex with the neighboring port and enabling the flow control 121
• Port isolation configurations 123
• Using the gui 123
• Click apply 124
• Follow these steps to configure port isolation 124
• In the forwarding port list section select the forwarding ports or lags which the isolated ports can only communicate with it is multi optional 124
• In the port section select one or multiple ports to be isolated 124
• Using the cli 124
• Gi1 0 5 n a gi1 0 1 3 po4 125
• Port lag forward list 125
• Switch config if end 125
• Switch config if port isolation gi forward list 1 0 1 3 po forward list 4 125
• Switch config if show port isolation interface gigabitethernet 1 0 5 125
• Switch config interface gigabitethernet 1 0 5 125
• Switch configure 125
• Switch copy running config startup config 125
• The following example shows how to add ports 1 0 1 3 and lag 4 to the forwarding list of port 1 0 5 125
• Loopback detection configuration 126
• Using the gui 126
• In the port config section select one or more ports to configure the loopback detection parameters then click apply 127
• Optional view the loopback detection information 127
• Follow these steps to configure loopback detection 128
• Using the cli 128
• Configuration examples 130
• Configuration scheme 130
• Example for port isolation 130
• Network requirements 130
• Using the gui 130
• Using the cli 132
• Verify the configuration 132
• Configuration scheme 133
• Example for loopback detection 133
• Network requirements 133
• Using the gui 134
• Using the cli 135
• Verify the configuration 135
• Appendix default parameters 136
• Default settings of switching are listed in th following tables 136
• Chapters 137
• Configuring lag 137
• Part 4 137
• Overview 138
• Static lag 138
• Supported features 138
• Configuration guidelines 139
• Lag configuration 139
• Configuring load balancing algorithm 140
• In the global config section select the load balancing algorithm hash algorithm then click apply 140
• Lag table to load the following page 140
• Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 140
• Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address you can set the algorithm 140
• Using the gui 140
• Configuring static lag or lacp 141
• Configuring lacp 142
• Follow these steps to configure lacp 142
• Lacp to load the following page 142
• Select member ports for the lag and configure the related parameters click apply 142
• Specify the system priority for the switch and click apply 142
• Configuring load balancing algorithm 143
• Follow these steps to configure the load balancing algorithm 143
• Using the cli 143
• Configuring static lag or lacp 144
• Etherchannel load balancing addresses used per protocol 144
• Etherchannel load balancing configuration src dst mac 144
• Ipv4 source xor destination mac address 144
• Ipv6 source xor destination mac address 144
• Non ip source xor destination mac address 144
• Switch config end 144
• Switch config port channel load balance src dst mac 144
• Switch config show etherchannel load balance 144
• Switch configure 144
• Switch copy running config startup config 144
• The following example shows how to set the global load balancing mode as src dst mac 144
• You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 144
• Configuring static lag 145
• Flags d down p bundled in port channel u in use 145
• Follow these steps to configure static lag 145
• Group port channel protocol ports 145
• I stand alone h hot standby lacp only s suspended 145
• Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 145
• R layer3 s layer2 f failed to allocate aggregator 145
• Switch config if range channel group 2 mode on 145
• Switch config if range end 145
• Switch config if range show etherchannel 2 summary 145
• Switch config interface range gigabitethernet 1 0 5 8 145
• Switch configure 145
• Switch copy running config startup config 145
• The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 145
• U unsuitable for bundling w waiting to be aggregated d default port 145
• Configuring lacp 146
• Follow these steps to configure lacp 146
• Configuration examples 148
• Configuration scheme 148
• Example for static lag 148
• Network requirements 148
• Using the gui 148
• Using the cli 149
• Verify the configuration 149
• Configuration scheme 150
• Example for lacp 150
• Network requirements 150
• Using the cli 151
• Using the gui 151
• Verify the configuration 152
• Appendix default parameters 154
• Default settings of switching are listed in the following tables 154
• Chapters 155
• Configuring ddm 155
• Part 5 155
• Overview 156
• Configuring ddm globally 157
• Ddm configuration 157
• Using the gui 157
• Click apply 158
• Configuring the temperature threshold 158
• Configuring the threshold 158
• Follow these steps to configure ddm s temperature threshold 158
• In the temperature table select one or more sfp ports to configure temperature threshold of the sfp ports 158
• Threshold config to load the following page 158
• Click apply 159
• Configuring the voltage threshold 159
• Follow these steps to configure ddm s voltage threshold 159
• In the voltage table select one or more sfp ports to configure voltage threshold on the sfp ports 159
• Click apply 160
• Configuring the bias current threshold 160
• Follow these steps to configure ddm s bias current threshold 160
• In the bias current table select one or more sfp ports to configure bias current threshold on the sfp ports 160
• Click apply 161
• Configuring the rx power threshold 161
• Follow these steps to configure ddm s rx power threshold 161
• In the rx power table select one or more sfp ports to configure rx power threshold on the sfp ports 161
• Click apply 162
• Configuring the tx power threshold 162
• Follow these steps to configure ddm s tx power threshold 162
• In the tx power table select one or more sfp ports to configure tx power threshold on the sfp ports 162
• Configuring ddm globally 163
• Ddm status to load the following page 163
• Follow these steps to enable ddm on specified sfp ports 163
• In the port config table view the current operating parameters for the sfp modules inserted into the sfp ports 163
• Using the cli 163
• Viewing ddm status 163
• Configuring ddm shutdown 164
• Ddm status ddm status shutdown 164
• Follow these steps to configure settings for shutting down sfp ports when the alarm threshold or warning threshold is exceeded 164
• Gi1 0 25 enable none 164
• Switch config if ddm state enable 164
• Switch config if end 164
• Switch config if show ddm configuration state 164
• Switch config interface gigabitethernet 1 0 25 164
• Switch configure 164
• Switch copy running config startup config 164
• The following example shows how to enable ddm status on sfp port 1 0 25 164
• Configuring temperature threshold 165
• Configuring the threshold 165
• Ddm status ddm status shutdown 165
• Follow these steps to configure the threshold of the ddm temperature on the specified sfp port 165
• Gi1 0 25 enable warning 165
• Switch config if ddm shutdown warning 165
• Switch config if end 165
• Switch config if show ddm configuration state 165
• Switch config interface gigabitethernet 1 0 25 165
• Switch configure 165
• Switch copy running config startup config 165
• The following example shows how to set sfp port 1 0 25 to shut down when the warning threshold is exceeded 165
• Gi1 0 27 110 00000 166
• High alarm high alarm low alarm high warning low warning 166
• Switch config if ddm temperature_threshold high_alarm 110 166
• Switch config if end 166
• Switch config if show ddm configuration temperature 166
• Switch config interface gigabitethernet 1 0 27 166
• Switch configure 166
• Switch copy running config startup config 166
• Temperature threshold celsius 166
• The following example shows how to set sfp port 1 0 27 s high alarm temperature threshold as 110 celsius 166
• Configuring voltage threshold 167
• Follow these steps to configure the threshold of the ddm voltage on the specified sfp port 167
• Gi1 0 27 5 00000 167
• High alarm high alarm low alarm high warning low warning 167
• Switch config if ddm vlotage_threshold high_alarm 5 167
• Switch config if show ddm configuration voltage 167
• Switch config interface gigabitethernet 1 0 27 167
• Switch configure 167
• The following example shows how to set sfp port 1 0 27 s high alarm threshold voltage as 5 v 167
• Voltage threshold v 167
• Configuring bias current threshold 168
• Follow these steps to configure the threshold of the ddm bias current on the specified sfp port 168
• High alarm high alarm low alarm high warning low warning 168
• Switch config if ddm vlotage_threshold high_alarm 120 168
• Switch config if end 168
• Switch config if show ddm configuration bias_current 168
• Switch config interface gigabitethernet 1 0 17 168
• Switch configure 168
• Switch copy running config startup config 168
• The following example shows how to set sfp port 1 0 27 s high alarm threshold bias current as 120 ma 168
• Voltage threshold v 168
• Configuring rx power threshold 169
• Follow these steps to configure the threshold of the ddm rx power on the specified sfp port 169
• Gi1 0 27 120 00000 169
• Switch config if ddm rx_power_threshold high_alarm 6 169
• Switch config if end 169
• Switch config if show ddm configuration rx_power 169
• Switch config interface gigabitethernet 1 0 27 169
• Switch configure 169
• Switch copy running config startup config 169
• The following example shows how to set sfp port 1 0 27 s high alarm threshold rx power as 6 mw 169
• Configuring tx power threshold 170
• Follow these steps to configure the threshold of the ddm tx power on the specified sfp port 170
• Gi1 0 27 6 00000 170
• High alarm high alarm low alarm high warning low warning 170
• Rx power threshold mw 170
• Switch config if end 170
• Switch configure 170
• Switch copy running config startup config 170
• The following example shows how to set sfp port 1 0 27 s high alarm threshold tx power as 6 mw 170
• Viewing ddm configuration 171
• Viewing ddm status 172
• Appendix default parameters 173
• Default settings of ddm are listed in the following table 173
• Chapters 174
• Managing mac address table 174
• Part 6 174
• Address configurations 175
• Mac address table 175
• Overview 175
• Supported features 175
• Security configurations 176
• Adding static mac address entries 177
• Address configurations 177
• Using the gui 177
• Click apply 179
• Dynamic address to load the following page 179
• Follow these steps to modify the aging time of dynamic address entries 179
• In the aging config section enable auto aging and enter your desired length of time 179
• Modifying the aging time of dynamic address entries 179
• Adding mac filtering address entries 180
• Viewing address table entries 180
• Adding static mac address entries 181
• Address table and click 181
• Follow these steps to add static mac address entries 181
• To load the following page 181
• Using the cli 181
• Modifying the aging time of dynamic address entries 182
• Adding mac filtering address entries 183
• Aging time is 500 sec 183
• Follow these steps to add mac filtering address entries 183
• Switch config end 183
• Switch config mac address table aging time 500 183
• Switch config show mac address table aging time 183
• Switch configure 183
• Switch copy running config startup config 183
• The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 183
• Configuring mac notification traps 185
• Security configurations 185
• Using the gui 185
• Limiting the number of mac addresses learned in vlans 186
• Click create 187
• Enter the vlan id to limit the number of mac addresses that can be learned in the specified vlan 187
• Follow these steps to limit the number of mac addresses in vlans 187
• For t2600g 28ts t2600g 52ts t2600g 28mps t2600g 28sq 187
• In the mac vlan security table section click add to load the following page enter the vlan id and the max learned number to limit the number of mac addresses that can be learned in the specified vlan 187
• Mac vlan security and click add to load the following page 187
• Choose the mode that the switch adopts when the maximum number of mac addresses in the specified vlan is exceeded 188
• Click create 188
• Configuring mac notification traps 188
• Enter your desired value in max learned number to set a threshold 188
• Follow these steps to configure mac notification traps 188
• Using the cli 188
• Mac notification global config 189
• Notification global status enable 189
• Notification interval 10 189
• Now you have configured mac notification traps to receive notifications you need to further enable snmp and set a management host for detailed snmp configurations please refer to configuring snmp rmon 189
• Port lrnmode change new mac learned 189
• Switch config if mac address table notification new mac learned enable 189
• Switch config if show mac address table notification interface gigabitethernet 1 0 1 189
• Switch config interface gigabitethernet 1 0 1 189
• Switch config mac address table notification global status enable 189
• Switch config mac address table notification interval 10 189
• Switch configure 189
• Table full notification status disable 189
• The following example shows how to enable new mac learned trap on port 1 and set the interval time as 10 seconds after you have further configured snmp the switch will bundle notifications of new addresses in every 10 seconds and send to the management host 189
• Follow these steps to limit the number of mac addresses in vlans 190
• For t2600g 18ts 190
• Gi1 0 1 disable enable 190
• Limiting the number of mac addresses in vlans 190
• Switch config if end 190
• Switch config mac address table vlan security mode drop 190
• Switch config mac address table vlan security vid 10 max learn 100 190
• Switch config show mac address table vlan security vid 10 190
• Switch configure 190
• Switch copy running config startup config 190
• The following example shows how to limit the number of mac addresses to 100 in vlan 10 and configure the switch to drop packets of new source mac addresses when the limit is exceeded 190
• Vlanid max learn current learn status 190
• 100 0 drop 191
• Follow these steps to limit the number of mac addresses in vlans 191
• For t2600g 28ts t2600g 52ts t2600g 28mps t2600g 28sq 191
• Switch config end 191
• Switch config mac address table security vid 10 max learn 100 drop 191
• Switch config show mac address table security vid 10 191
• Switch configure 191
• Switch copy running config startup config 191
• The following example shows how to limit the number of mac addresses to 100 in vlan 10 and configure the switch to drop packets of new source mac addresses when the limit is exceeded 191
• Vlanid max learn current learn status 191
• Configuration scheme 192
• Example for security configurations 192
• Network requirements 192
• Using the gui 193
• Using the cli 194
• Verify the configurations 194
• Appendix default parameters 195
• Default settings of the mac address table are listed in the following tables 195
• Chapters 196
• Configuring 802 q vlan 196
• Part 7 196
• Overview 197
• Configuring the pvid of the port 198
• Q vlan configuration 198
• Using the gui 198
• Configuring the vlan 200
• Enter a vlan id and a description for identification to create a vlan 200
• Follow these steps to configure vlan 200
• Select the untagged port s and the tagged port s respectively to add to the created vlan based on the network topology 200
• To load the following page to load the following page 200
• Vlan config and click 200
• Click apply 201
• Creating a vlan 201
• Follow these steps to create a vlan 201
• Switch config vlan 2 201
• Switch config vlan name rd 201
• Switch config vlan show vlan id 2 201
• Switch configure 201
• The following example shows how to create vlan 2 and name it as rd 201
• Using the cli 201
• Configuring the port 202
• Follow these steps to configure the port 202
• Rd active 202
• Switch config if switchport pvid 2 202
• Switch config interface gigabitethernet 1 0 5 202
• Switch config vlan end 202
• Switch configure 202
• Switch copy running config startup config 202
• The following example shows how to configure the pvid of port 1 0 5 as 2 enable the ingress checking and set the acceptable frame type as all 202
• Vlan name status ports 202
• Acceptable frame type all 203
• Adding the port to the specified vlan 203
• Follow these steps to add the port to the specified vlan 203
• Ingress checking enable 203
• Link type general 203
• Member in lag n a 203
• Member in vlan 203
• Port gi1 0 5 203
• Pvid 2 203
• Switch config if end 203
• Switch config if show interface switchport gigabitethernet 1 0 5 203
• Switch config if switchport acceptable frame all 203
• Switch config if switchport check ingress 203
• Switch copy running config startup config 203
• System vlan untagged 203
• Vlan name egress rule 203
• Configuration example 205
• Configuration scheme 205
• Network requirements 205
• Demonstrated with t2600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 206
• Network topology 206
• The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 as an example 206
• The figure below shows the network topology host a1 and host a2 are in department a while host b1 and host b2 are in department b switch 1 and switch 2 are located in two different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 206
• To load the following page create vlan 10 with the description of department_a add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to vlan 10 click create 206
• Using the gui 206
• Vlan config and 206
• Using the cli 209
• Verify the configurations 210
• Appendix default parameters 212
• Default settings of 802 q vlan are listed in the following table 212
• Chapters 213
• Configuring mac vlan 213
• Part 8 213
• Overview 214
• Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 214
• The figure below shows a common application scenario of mac vlan 214
• Two departments share all the meeting rooms in the company but use different servers and l 214
• Vlan is generally divided by ports it is a common way of division but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office at different times a terminal device may access the network via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their mac vlans even when their access ports change 214
• Binding the mac address to the vlan 215
• Configuring 802 q vlan 215
• Mac vlan configuration 215
• Using the gui 215
• Enabling mac vlan for the port 216
• 19 56 8a 4c 71 dept a 10 217
• Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 217
• Binding the mac address to the vlan 217
• Configuring 802 q vlan 217
• Follow these steps to bind the mac address to the vlan 217
• Mac addr name vlan id 217
• Switch config end 217
• Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 217
• Switch config show mac vlan vlan 10 217
• Switch configure 217
• Switch copy running config startup config 217
• The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 217
• Using the cli 217
• Enabling mac vlan for the port 218
• Follow these steps to enable mac vlan for the port 218
• Gi1 0 1 enable 218
• Gi1 0 2 disable 218
• Port status 218
• Switch config if end 218
• Switch config if mac vlan 218
• Switch config if show mac vlan interface 218
• Switch config interface gigabitethernet 1 0 1 218
• Switch configure 218
• Switch copy running config startup config 218
• The following example shows how to enable mac vlan for port 1 0 1 218
• Configuration example 219
• Configuration scheme 219
• Create vlan 10 and vlan 20 on each of the three switches and add the ports to the vlans based on the network topology for the ports connecting to the laptops set the 219
• Network requirements 219
• Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 219
• You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 219
• Using the gui 220
• Using the cli 225
• Verify the configurations 227
• Appendix default parameters 229
• Default settings of mac vlan are listed in the following table 229
• Chapters 230
• Configuring protocol vlan 230
• Part 9 230
• Overview 231
• Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze specific fields of received packets encapsulate the packets in specific formats and forward the packets with different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services 231
• The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 231
• Configuring 802 q vlan 232
• Protocol vlan configuration 232
• Using the gui 232
• Check whether your desired template already exists in the protocol template config 233
• Creating protocol template 233
• Follow these steps to create a protocol template 233
• Protocol template to load the following page 233
• Section if not click 233
• To create a new template 233
• Click create 234
• Configuring protocol vlan 234
• Follow these steps to configure the protocol group 234
• In the protocol group config section specify the following parameters 234
• Protocol vlan group and 234
• To load the following page 234
• Before configuring protocol vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 235
• Configuring 802 q vlan 235
• Creating a protocol template 235
• Follow these steps to create a protocol template 235
• Select the desired ports click create 235
• Using the cli 235
• Arp ethernetii ether type 0806 236
• At snap ether type 809b 236
• Configuring protocol vlan 236
• Follow these steps to configure protocol vlan 236
• Index protocol name protocol type 236
• Ip ethernetii ether type 0800 236
• Ipv6 ethernetii ether type 86dd 236
• Ipx snap ether type 8137 236
• Rarp ethernetii ether type 8035 236
• Switch config end 236
• Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 236
• Switch config show protocol vlan template 236
• Switch configure 236
• Switch copy running config startup config 236
• The following example shows how to create an ipv6 protocol template 236
• Arp ethernetii ether type 0806 237
• At snap ether type 809b 237
• Index protocol name protocol type 237
• Index protocol name vid priority member 237
• Ip ethernetii ether type 0800 237
• Ipv6 10 0 237
• Ipv6 ethernetii ether type 86dd 237
• Ipx snap ether type 8137 237
• Rarp ethernetii ether type 8035 237
• Switch config if protocol vlan group 1 237
• Switch config if show protocol vlan vlan 237
• Switch config interface gigabitethernet 1 0 2 237
• Switch config protocol vlan vlan 10 priority 5 template 6 237
• Switch config show protocol vlan template 237
• Switch config show protocol vlan vlan 237
• Switch configure 237
• The following example shows how to bind the ipv6 protocol template to vlan 10 and add port 1 0 2 to protocol vlan 237
• A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 239
• Configuration example 239
• Configuration scheme 239
• Network requirements 239
• The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 239
• You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 239
• Using the gui 241
• To save the settings 246
• Using the cli 247
• Verify the configurations 249
• Appendix default parameters 251
• Default settings of protocol vlan are listed in the following table 251
• Chapters 252
• Configuring vlan vpn 252
• Part 10 252
• Overview 253
• Vlan vpn 253
• Basic vlan vpn 254
• Flexible vlan vpn 254
• Supported features 254
• Basic vlan vpn configuration 255
• Configuring 802 q vlan 255
• Using the gui 255
• Configuring basic vlan vpn 256
• Before configuring vlan vpn create 802 q vlan add ports to corresponding vlans and configure ingress checking on ports according to your needs for details refer to configuring 802 q vlan 257
• Configuring 802 q vlan 257
• Configuring basic vlan vpn 257
• Follow these steps to configure basic vlan vpn 257
• Using the cli 257
• Configuration guidelines 260
• Flexible vlan vpn configuration 260
• Using the gui 260
• Click create 261
• Follow these steps to configure flexible vlan vpn 261
• Using the cli 261
• Gi1 0 3 15 1040 mapping1 262
• Mapping mode enabled 262
• Port c vlan sp vlan name 262
• Switch config dot1q tunnel mapping 262
• Switch config if end 262
• Switch config if show dot1q tunnel mapping 262
• Switch config if switchport dot1q tunnel mapping 15 1040 mapping1 262
• Switch config interface gigabitethernet 1 0 3 262
• Switch config show dot1q tunnel 262
• Switch configure 262
• Switch copy running config startup config 262
• The following example shows how to enable vlan mapping and set a vlan mapping entry named mapping1 on port 1 0 3 to map customer network vlan 15 to isp network vlan 1040 262
• Vlan vpn mode enabled 262
• Configuration examples 263
• Configuration scheme 263
• Example for basic vlan vpn 263
• Network requirements 263
• Configure 802 q vlan on switch 1 the parameters are shown below 264
• Configure 802 q vlan on switch 3 the parameters are shown below 264
• Configure vlan vpn on switch 1 set port 1 0 1 as nni port and port 1 0 2 as uni port configure the tpid as 0x9100 264
• Configuring switch 1 264
• Demonstrated with t2600g 28ts this chapter provides configuration procedures in two ways using the gui and using the cli 264
• Q vlan to create vlan 100 vlan 200 and vlan 1050 configure the egress rule of port 1 0 2 in vlan 100 and vlan 200 as tagged and in vlan 1050 as untagged configure the egress rule of port 1 0 1 in vlan 1050 as tagged 264
• Using the gui 264
• Using the cli 270
• Verify the vlan vpn configurations on switch 1 272
• Configuration scheme 274
• Example for flexible vlan vpn 274
• Network requirements 274
• Configure 802 q vlan on switch 1 the parameters are shown below 275
• Configure 802 q vlan on switch 3 the parameters are shown below 275
• Configure vlan vpn on switch 1 set port 1 0 1 as nni port and port 1 0 2 as uni port configure the tpid as 0x9100 map vlan 100 to vlan 1050 and vlan 200 to vlan 1060 275
• Configuring switch 1 275
• Demonstrated with t2600g 28ts this chapter provides configuration procedures in two ways using the gui and using the cli 275
• Here we only introduce the configuration scheme on switch 1 and switch 3 for the configurations on switch 2 are the same as that on switch 1 and the configurations on switch 4 are the same as that on switch 3 275
• Q vlan to create vlan 100 vlan 200 vlan 1050 and vlan 1060 configure the egress rule of port 1 0 2 in vlan 100 and vlan 200 as tagged and untagged in vlan 1050 and vlan 1060 configure the egress rule of port 1 0 1 in vlan 1050 and vlan 1060 as tagged 275
• Using the gui 275
• Vlan mapping enable vlan mapping globally then configure vlan mapping for the uni port 1 0 2 280
• Using the cli 283
• Appendix default parameters 286
• Default settings of vlan vpn are listed in the following table 286
• Chapters 287
• Configuring gvrp 287
• Part 11 287
• Gvrp garp vlan registration protocol is a garp generic attribute registration protocol application that allows registration and deregistration of vlan attribute values and dynamic vlan creation 288
• Overview 288
• The configuration may seem easy in this situation however for a larger or more complex network such manual configuration would be time costing and fallible gvrp can be used to implement dynamic vlan configuration with gvrp the switch can exchange vlan configuration information with the adjacent gvrp switches and dynamically create and manage the vlans this reduces vlan configuration workload and ensures correct vlan configuration 288
• Without gvrp operating configuring the same vlan on a network would require manual configuration on each device as shown in figure 1 1 switch a b and c are connected through trunk ports vlan 10 is configured on switch a and vlan 1 is configured on switch b and switch c switch c can receive messages sent from switch a in vlan 10 only when the network administrator has manually created vlan 10 on switch b and switch c 288
• Configuration guidelines 289
• Gvrp configuration 289
• Follow these steps to configure gvrp 290
• Gvrp config to load the following page 290
• In the gvrp section enable gvrp globally then click apply 290
• In the port config section select one or more ports set the status as enable and configure the related parameters according to your needs 290
• Using the gui 290
• Click apply 291
• Using the cli 291
• Configuration example 294
• Configuration scheme 294
• Department a and department b of a company are connected using switches offices of one department are distributed on different floors as shown in figure 3 1 the network topology is complicated configuration of the same vlan on different switches is required so that computers in the same department can communicate with each other 294
• Network requirements 294
• The two departments are in separate vlans to make sure the switches only dynamically create vlan of their own department you need to set the registration mode for ports on switch 1 to switch 4 as fixed to prevents dynamic registration and deregistration of vlans and allow the port to transmit only the static vlan registration information 294
• To configure dynamic vlan creation on other switches set the registration mode of the corresponding ports as normal to allow dynamic registration and deregistration of vlans 294
• To reduce manual configuration and maintenance workload gvrp can be enabled to implement dynamic vlan registration and update on the switches 294
• When configuring gvrp please note the following 294
• Using the gui 295
• Using the cli 299
• Verify the configuration 301
• Appendix default parameters 303
• Default settings of gvrp are listed in the following tables 303
• Chapters 304
• Configuring private vlan 304
• Part 12 304
• Overview 305
• If private vlan is configured on switch b switch a only needs to recognize primary vlan vlan5 and end users can be isolated by secondary vlans vlan2 vlan3 and vlan4 saving vlan resources for switch a 306
• Private vlan configurations 307
• Using the gui 307
• Click create 308
• Creating private vlan 308
• Enter the ids of primary vlan and secondary vlan and select secondary vlan type 308
• Follow these steps to create private vlan 308
• Select promiscuous ports and host ports to be added to the private vlan 308
• Using the cli 308
• Community 310
• Configuring the up link port 310
• Follow these steps to add up link ports to private vlan 310
• Primary secondary type ports 310
• Switch config end 310
• Switch config show vlan private vlan 310
• Switch config vlan 5 310
• Switch config vlan 6 310
• Switch config vlan exit 310
• Switch config vlan private vlan association 5 310
• Switch config vlan private vlan community 310
• Switch config vlan private vlan primary 310
• Switch configure 310
• Switch copy running config startup config 310
• The following example shows how to create primary vlan 6 and secondary vlan 5 set the secondary vlan type as community and pair primary vlan 6 with secondary vlan 5 as a private vlan 310
• Community gi1 0 2 311
• Port type 311
• Primary secondary type ports 311
• Switch config if exit 311
• Switch config if switchport private vlan promiscuous 311
• Switch config interface gigabitethernet 1 0 2 311
• Switch config show vlan private vlan 311
• Switch config show vlan private vlan interface gigabitethernet 1 0 2 311
• Switch configure 311
• Swtich config if switchport private vlan mapping 6 5 311
• The following example shows how to configure the port type of port 1 0 2 as promiscuous and add it to the private vlan composed of primary vlan 6 and secondary vlan 5 311
• Configuring the down link port 312
• Follow these steps to add down link ports to private vlan 312
• Gi1 0 2 promiscuous 312
• Switch config end 312
• Switch configure 312
• Switch copy running config startup config 312
• The following example shows how to configure the port type of port 1 0 3 as host and add it to the private vlan composed of primary vlan 6 and secondary vlan 5 312
• Configuration example 314
• Configuration scheme 314
• Network requirements 314
• Network topology 314
• Configurations for switch a 315
• Private vlan and click 315
• To load the following page create primary vlan 6 and secondary vlan 5 select community as the secondary vlan type add promiscuous port 1 0 2 and host port 1 0 10 to private vlan 315
• Using the gui 315
• Using the cli 319
• Verify the configurations 321
• Appendix default parameters 323
• Default settings of private vlan are listed in the following tables 323
• Chapters 324
• Configuring layer 2 multicast 324
• Part 13 324
• Layer 2 multicast 325
• Overview 325
• A member port is a port on snooping switch that is connecting to the host 326
• A router port is a port on snooping switch that is connecting to the igmp querier 326
• A snooping switch indicates a switch with igmp snooping enabled the switch maintains a multicast forwarding table by snooping on the igmp transmissions between the host and the querier with the multicast forwarding table the switch can forward multicast data only to the ports that are in the corresponding multicast group so as to constrain the flooding of multicast data in the layer 2 network 326
• An igmp querier is a multicast router a router or a layer 3 switch that sends query messages to maintain a list of multicast group memberships for each attached network and a timer for each membership 326
• Demonstrated as below 326
• Igmp querier 326
• Member port 326
• Normally only one device acts as querier per physical network if there are more than one multicast router in the network a querier election process will be implemented to determine which one acts as the querier 326
• Router port 326
• Snooping switch 326
• The following basic concepts of igmp snooping will be introduced igmp querier snooping switch router port and member port 326
• Layer 2 multicast protocol for ipv4 igmp snooping 327
• Layer 2 multicast protocol for ipv6 mld snooping 327
• Multicast filtering 327
• Multicast vlan registration mvr 327
• Supported features 327
• Configuring igmp snooping globally 328
• Igmp snooping configuration 328
• Using the gui 328
• And click 329
• Before configuring igmp snooping for vlans set up the vlans that the router ports and the member ports are in for details please refer to configuring 802 q vlan 329
• Choose the menu 329
• Click apply 329
• Configuring igmp snooping for vlans 329
• Global config 329
• Igmp vlan confi 329
• In your desired vlan entry in the 329
• Section to load the following page 329
• The switch supports configuring igmp snooping on a per vlan basis after igmp snooping is enabled globally you also need to enable igmp snooping and configure the corresponding parameters for the vlans that the router ports and the member ports are in 329
• Enable igmp snooping for the vlan and configure the corresponding parameters 330
• Follow these steps to configure igmp snooping for a specific vlan 330
• Click save 332
• Click apply 333
• Configuring hosts to statically join a group 333
• Configuring igmp snooping for ports 333
• Enable igmp snooping for the port and enable fast leave if there is only one receiver connected to the port 333
• Follow these steps to configure igmp snooping for ports 333
• Following page 333
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 333
• Port confi 333
• To load the 333
• Configuring igmp accounting and authentication features 334
• Configuring igmp snooping globally 336
• Follow these steps to configure igmp snooping globally 336
• Using the cli 336
• Configuring igmp snooping for vlans 337
• Switch config ip igmp snooping vlan config 1 mtime 300 340
• Switch config ip igmp snooping vlan config 1 rtime 320 340
• Switch configure 340
• The following example shows how to enable igmp snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 340
• Configuring igmp snooping for ports 342
• Follow these steps to configure igmp snooping for ports 342
• General query source ip 192 68 342
• Last member query count 3 342
• Switch config end 342
• Switch config if range ip igmp snooping 342
• Switch config interface range gigabitehternet 1 0 1 3 342
• Switch configure 342
• Switch copy running config startup config 342
• The following example shows how to enable igmp snooping and fast leave for port 1 0 1 3 342
• Configuring hosts to statically join a group 343
• 2 static gi1 0 1 3 344
• Configuring igmp accounting and authentication features 344
• Follow these steps to add the radius server and enable igmp accounting globally 344
• Multicast ip vlan id addr type switch port 344
• Switch config end 344
• Switch config show ip igmp snooping groups static 344
• Switch copy running config startup config 344
• To use these features you need to set up a radius server and configure add the radius server for the switch 344
• You can enable igmp accounting and authentication according to your need igmp accounting is configured globally and igmp authentication can be enabled on a per port basis 344
• Enable port gi1 0 1 28 po1 14 345
• Enable vlan 345
• Follow these steps to enable igmp authentication for ports 345
• Global authentication accounting enable 345
• Switch config ip igmp snooping accounting 345
• Switch config show ip igmp snooping 345
• Switch configure 345
• The following example shows how to enable igmp accounting globally 345
• Configuring mld snooping globally 347
• Mld snooping configuration 347
• Using the gui 347
• Configuring mld snooping for vlans 348
• Click save 350
• Click apply 351
• Configuring hosts to statically join a group 351
• Configuring mld snooping for ports 351
• Enable mld snooping for the port and enable fast leave if there is only one receiver connected to the port 351
• Follow these steps to configure mld snooping for ports 351
• Following page 351
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 351
• Port config to load the 351
• Choose the menu 352
• Click create 352
• Configuring mld snooping globally 352
• Follow these steps to configure hosts to statically join a group 352
• Follow these steps to configure mld snooping globally 352
• Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 352
• Static group config 352
• To load the following page 352
• Using the cli 352
• Configuring mld snooping for vlans 353
• Follow these steps to configure mld snooping for vlans 354
• Switch config ipv6 mld snooping vlan config 1 immediate leave 356
• Switch config ipv6 mld snooping vlan config 1 mtime 300 356
• Switch config ipv6 mld snooping vlan config 1 report suppression 356
• Switch config ipv6 mld snooping vlan config 1 rtime 320 356
• Switch configure 356
• The following example shows how to enable mld snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 356
• Configuring mld snooping for ports 358
• Follow these steps to configure mld snooping for ports 358
• Switch config end 358
• Switch config if range ipv6 mld snooping 358
• Switch config if range ipv6 mld snooping immediate leave 358
• Switch config if range show ipv6 mld snooping interface gigabitethernet 1 0 1 3 358
• Switch config interface range gigabitehternet 1 0 1 3 358
• Switch configure 358
• Switch copy running config startup config 358
• The following example shows how to enable mld snooping and fast leave for port 1 0 1 3 358
• Configuring hosts to statically join a group 359
• Follow these steps to configure hosts to statically join a group 359
• Gi1 0 1 enable enable 359
• Gi1 0 2 enable enable 359
• Gi1 0 3 enable enable 359
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 359
• Port mld snooping fast leave 359
• Switch config if range end 359
• Switch config ipv6 mld snooping vlan config 2 static ff80 1001 interface gigabitethernet 1 0 1 3 359
• Switch config show ipv6 mld snooping groups static 359
• Switch configure 359
• Switch copy running config startup config 359
• The following example shows how to configure port 1 0 1 3 in vlan 2 to statically join the multicast group ff80 1001 359
• Configuring 802 q vlans 361
• Mvr configuration 361
• Using the gui 361
• Choose the menu 362
• Click apply 362
• Configuring mvr globally 362
• Enable mvr globally and configure the global parameters 362
• Follow these steps to configure mvr globally 362
• Mvr config 362
• To load the following page 362
• Adding multicast groups to mvr 363
• And click 363
• Click create 363
• Follow these steps to add multicast groups to mvr 363
• Mvr group config 363
• Specify the ip address of the multicast groups 363
• Then the added multicast groups will appear in the mvr group table as the following figure shows 363
• To load the following page 363
• You need to manually add multicast groups to the mvr choose the menu 363
• Choose the menu 364
• Configuring mvr for the port 364
• Enable mvr and configure the port type and fast leave feature for the port 364
• Follow these steps to add multicast groups to mvr 364
• Port config 364
• Select one or more ports to configure 364
• To load the following page 364
• And click 365
• Choose the menu 365
• Click apply 365
• Optional adding ports to mvr groups statically 365
• Static group members 365
• You can add only receiver ports to mvr groups statically the switch adds or removes receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts you can also statically add a receiver port to an mvr group 365
• Your desired mvr group entry to load the following page 365
• Before configuring mvr create an 802 q vlan as the multicast vlan add the all source ports to the multicast vlan as tagged ports configure 802 q vlans for the receiver ports according to network requirements note that receiver ports can only belong to one vlan and cannot be added to the multicast vlan for details refer to configuring 802 q vlan 366
• Click save 366
• Configuring 802 q vlans 366
• Configuring mvr globally 366
• Follow these steps to configure mvr globally 366
• Follow these steps to statically add ports to an mvr group 366
• Select the ports to add them to the mvr group 366
• Using the cli 366
• Mvr current multicast groups 3 367
• Mvr enable 367
• Mvr max multicast groups 256 367
• Mvr multicast vlan 2 367
• Switch config mvr group 239 3 367
• Switch config mvr mode compatible 367
• Switch config mvr querytime 5 367
• Switch config mvr vlan 2 367
• Switch config show mvr 367
• Switch configure 367
• The following example shows how to enable mvr globally and configure the mvr mode as compatible the multicast vlan as vlan 2 and the query response time as 5 tenths of a second then add 239 239 to mvr group 367
• Active 368
• Configuring mvr for the ports 368
• Follow these steps to configure mld snooping globally 368
• Mvr global query response time 5 tenths of sec 368
• Mvr group ip status members 368
• Mvr mode type compatible 368
• Switch config end 368
• Switch config show mvr members 368
• Switch copy running config startup config 368
• Port mode type status immediate leave 369
• Switch config if exit 369
• Switch config if mvr 369
• Switch config if mvr type source 369
• Switch config if range mvr 369
• Switch config if range mvr immediate 369
• Switch config if range mvr type receiver 369
• Switch config if range mvr vlan 2 group 239 369
• Switch config if range show mvr interface gigabitetnernet 1 0 1 3 1 0 7 369
• Switch config interface gigabitethernet 1 0 7 369
• Switch config interface range gigabitethernet 1 0 1 3 369
• Switch configure 369
• The following example shows how to configure port 1 0 7 as source port and port 1 0 1 3 as receiver ports then statically add port 1 0 1 3 to group 239 and enable mvr fast leave for these ports the multicast vlan is vlan 2 369
• Creating the multicast profile 371
• Multicast filtering configuration 371
• Using the gui 371
• Follow these steps to create a profile 372
• In the general config section specify the profile id and mode 372
• In the ip range section click 372
• To load the following page configure the start ip address and end ip address of the multicast groups to be filtered and click create 372
• Configure multicast filtering for ports 373
• Click apply 374
• Creating igmp profile multicast profile for ipv4 374
• Creating the multicast profile 374
• Follow these steps to bind the profile to ports and configure the corresponding parameters for the ports 374
• Select one or more ports to configure 374
• Specify the profile to be bound and configure the maximum groups the port can join and the overflow action 374
• Using the cli 374
• You can create multicast profiles for both ipv4 and ipv6 network with multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources 374
• Creating mld profile multicast profile for ipv6 375
• Deny deny 375
• Igmp profile 1 375
• Range 226 226 0 range 226 226 0 375
• Switch config end 375
• Switch config igmp profile deny 375
• Switch config igmp profile range 226 226 0 375
• Switch config igmp profile show ip igmp profile 375
• Switch config ip igmp profile 1 375
• Switch config ip igmp snooping 375
• Switch configure 375
• Switch copy running config startup config 375
• The following example shows how to configure profile 1 so that the switch filters multicast streams sent to 226 226 0 375
• Deny deny 376
• Mld profile 1 376
• Range ff01 1234 5 ff01 1234 8 range ff01 1234 5 ff01 1234 8 376
• Switch config end 376
• Switch config ipv6 mld profile 1 376
• Switch config ipv6 mld snooping 376
• Switch config mld profile deny 376
• Switch config mld profile range ff01 1234 5 ff01 1234 8 376
• Switch config mld profile show ipv6 mld profile 376
• Switch configure 376
• Switch copy running config startup config 376
• The following example shows how to configure profile 1 so that the switch filters multicast streams sent to ff01 1234 5 ff01 1234 8 376
• Binding the igmp profile to ports 377
• Binding the profile to ports 377
• You can bind the created igmp profile or mld profile to ports and configure the number of multicast groups a port can join and the overflow action 377
• Binding the mld profile to ports 378
• Binding port s binding port s 379
• Mld profile 1 379
• Switch config if ipv6 mld filter 1 379
• Switch config if ipv6 mld snooping 379
• Switch config if ipv6 mld snooping max groups 50 379
• Switch config if ipv6 mld snooping max groups action drop 379
• Switch config if show ipv6 mld profile 379
• Switch config interface gigabitethernet 1 0 2 379
• Switch configure 379
• The following example shows how to bind the existing profile 1 to port 1 0 2 and specify the maximum number of multicast groups that port 1 0 2 can join as 50 and the overflow action as drop 379
• Using the gui 381
• Viewing ipv4 multicast table 381
• Viewing multicast snooping information 381
• Follow these steps to view ipv4 multicast statistics on each port 382
• In the port statistics section view ipv4 multicast statistics on each port 382
• Ipv4 multicast statistics to load the following page 382
• To get the real time multicast statistics enable auto refresh or click refresh 382
• Viewing ipv4 multicast statistics on each port 382
• Ipv6 multicast table to load the following pag 383
• The multicast ip address table shows all valid multicast ip vlan port entries 383
• Viewing ipv6 multicast table 383
• Follow these steps to view ipv6 multicast statistics on each port 384
• In the port statistics section view ipv6 multicast statistics on each port 384
• Ipv6 multicast statistics to load the following page 384
• To get the real time ipv6 multicast statistics enable auto refresh or click refresh 384
• Viewing ipv6 multicast statistics on each port 384
• Using the cli 385
• Viewing ipv4 multicast snooping information 385
• Viewing ipv6 multicast snooping configurations 385
• Configuration examples 386
• Configuration scheme 386
• Example for configuring basic igmp snooping 386
• Network requirements 386
• Using the gui 387
• Using the cli 389
• Verify the configurations 390
• Example for configuring mvr 391
• Network requirements 391
• Network topology 391
• Add port 1 0 1 3 to vlan 10 vlan 20 and vlan 30 as untagged ports respectively and configure the pvid of port 1 0 1 as 10 port 1 0 2 as 20 port 1 0 3 as 30 make sure port1 0 1 3 only belong to vlan 10 vlan 20 and vlan 30 respectively for details refer to configuring 802 q vlan 392
• As the hosts are in different vlans in igmp snooping the querier need to duplicate multicast streams for hosts in each vlan to avoid duplication of multicast streams being sent between querier and the switch you can configure mvr on the switch 392
• Configuration scheme 392
• Demonstrated with t2600g 28ts this section provides configuration procedures in two ways using the gui and using the cli 392
• Internet 392
• The switch can work in either mvr compatible mode or mvr dynamic mode when in compatible mode remember to statically configure the querier to transmit the streams of multicast group 225 to the switch via the multicast vlan here we take the mvr dynamic mode as an example 392
• Using the gui 392
• To load the following page create vlan 40 and add port 1 0 4 to the vlan as tagged port 393
• Vlan config and click 393
• Using the cli 395
• Verify the configurations 397
• Example for configuring unknown multicast and fast leave 398
• Network requirement 398
• Configuration scheme 399
• Using the gui 399
• In the igmp vlan config section click 400
• In vlan 10 to load the following page enable igmp snooping for vlan 10 400
• Using the cli 401
• Configuration scheme 402
• Example for configuring multicast filtering 402
• Network requirements 402
• Verify the configurations 402
• As shown in the following network topology host b is connected to port 1 0 1 host c is connected to port 1 0 2 and host d is connected to port 1 0 3 they are all in vlan 10 403
• Create vlan 10 add port 1 0 1 3 to the vlan as untagged port and port 1 0 4 as tagged port configure the pvid of the four ports as 10 for details refer to configuring 802 q vlan 403
• Demonstrated with t2600g 28ts this section provides configuration procedures in two ways using the gui and using the cli 403
• Global config to load the following page in the global config section enable igmp snooping globally 403
• Internet 403
• Network topology 403
• Using the gui 403
• In the igmp vlan config section click 404
• In vlan 10 to load the following page enable igmp snooping for vlan 10 404
• Using the cli 407
• Verify the configurations 409
• Appendix default parameters 410
• Default parameters for igmp snooping 410
• Default parameters for mld snooping 411
• Default parameters for multicast filtering 412
• Default parameters for mvr 412
• Chapters 413
• Configuring spanning tree 413
• Part 14 413
• Basic concepts 414
• Overview 414
• Spanning tree 414
• Stp rstp concepts 414
• Bridge id 415
• Port role 415
• Root bridge 415
• Port status 416
• Path cost 417
• Root path cost 417
• Mst region 418
• Mstp concepts 418
• Mst instance 419
• Stp security 419
• Vlan instance mapping 419
• Configuring stp rstp parameters on ports 422
• Stp rstp configurations 422
• Using the gui 422
• Follow these steps to configure stp rstp parameters on ports 423
• In the port config section configure stp rstp parameters on ports 423
• Click apply 424
• Configuring stp rstp globally 424
• Stp config to load the following page 424
• Follow these steps to configure stp rstp globally 425
• In the parameters config section configure the global parameters of stp rstp and click apply 425
• In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 426
• Stp summary to load the following page 426
• Verify the stp rstp information of your switch after all the configurations are finished 426
• Verifying the stp rstp configurations 426
• The stp summary section shows the summary information of spanning tree 427
• Configuring stp rstp parameters on ports 428
• Follow these steps to configure stp rstp parameters on ports 428
• Using the cli 428
• Configuring global stp rstp parameters 430
• This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 431
• Enable rstp 36864 2 12 20 5 20 432
• Enabling stp rstp globally 432
• Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 432
• State mode priority hello time fwd time max age hold count max hops 432
• Switch config end 432
• Switch config show spanning tree bridge 432
• Switch config spanning tree 432
• Switch config spanning tree mode rstp 432
• Switch config spanning tree priority 36864 432
• Switch config spanning tree timer forward time 12 432
• Switch configure 432
• Switch copy running config startup config 432
• This example shows how to enable spanning tree function configure the spanning tree mode as rstp and verify the configurations 432
• Configuring parameters on ports in cist 434
• Mstp configurations 434
• Using the gui 434
• Follow these steps to configure parameters on ports in cist 435
• In the port config section configure the parameters on ports 435
• Besides configure the priority of the switch the priority and path cost of ports in the desired instance 437
• Click apply 437
• Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 437
• Configuring the mstp region 437
• Configuring the region name and revision level 437
• Follow these steps to create an mst region 437
• In the region config section set the name and revision level to specify an mstp region 437
• Region config to load the following page 437
• Configure port parameters in the desired instance 439
• Configuring parameters on ports in the instance 439
• Follow these steps to configure port parameters in the instance 439
• In the instance port config section select the desired instance id 439
• Instance port config to load the following page 439
• Configuring mstp globally 441
• Follow these steps to configure mstp globally 441
• In the parameters config section configure the global parameters of mstp and click apply 441
• Stp config to load the following page 441
• In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 442
• Stp summary to load the following page 443
• The stp summary section shows the summary information of cist 443
• Verifying the mstp configurations 443
• Configuring parameters on ports in cist 444
• Follow these steps to configure the parameters of the port in cist 444
• The mstp instance summary section shows the information in mst instances 444
• Using the cli 444
• Configuring the mstp region 446
• Switch configure 447
• This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 447
• 7 4094 448
• Configuring the parameters on ports in instance 448
• Follow these steps to configure the priority and path cost of ports in the specified instance 448
• Mst instance vlans mapped 448
• Region name r1 448
• Revision 100 448
• Switch config mst end 448
• Switch config mst instance 5 vlan 2 6 448
• Switch config mst name r1 448
• Switch config mst revision 100 448
• Switch config mst show spanning tree mst configuration 448
• Switch config spanning tree mst configuration 448
• Switch copy running config startup config 448
• Configuring global mstp parameters 449
• Follow these steps to configure the global mstp parameters of the switch 449
• Gi1 0 3 144 200 n a lnkdwn n a 449
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn n a 449
• Interface prio cost role status lag 449
• Interface state prio ext cost int cost edge p2p mode role status lag 449
• Mst instance 0 cist 449
• Mst instance 5 449
• Switch config if end 449
• Switch config if show spanning tree interface gigabitethernet 1 0 3 449
• Switch config if spanning tree mst instance 5 port priority 144 cost 200 449
• Switch config interface gigabitethernet 1 0 3 449
• Switch configure 449
• Switch copy running config startup config 449
• This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in instance 5 449
• Enable mstp 36864 2 12 20 8 25 451
• Enabling spanning tree globally 451
• Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 451
• State mode priority hello time fwd time max age hold count max hops 451
• Switch config if end 451
• Switch config if show spanning tree bridge 451
• Switch config if spanning tree hold count 8 451
• Switch config if spanning tree max hops 25 451
• Switch config if spanning tree timer forward time 12 451
• Switch config spanning tree priority 36864 451
• Switch configure 451
• Switch copy running config startup config 451
• This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 451
• Configure the port protect features for the selected ports and click apply 454
• Stp security configurations 454
• Stp security to load the following page 454
• Using the gui 454
• Configuring the stp security 455
• Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 455
• Using the cli 455
• Gi1 0 3 enable enable enable enable disable enable 457
• Interface bpdu filter bpdu guard loop protect root protect tc protect bpdu flood 457
• Switch config if end 457
• Switch config if show spanning tree interface security gigabitethernet 1 0 3 457
• Switch config if spanning tree bpdufilter 457
• Switch config if spanning tree bpduguard 457
• Switch config if spanning tree guard loop 457
• Switch config if spanning tree guard root 457
• Switch config interface gigabitethernet 1 0 3 457
• Switch configure 457
• Switch copy running config startup config 457
• This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 457
• As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 458
• Configuration example for mstp 458
• Configuration scheme 458
• Here we configure two instances to meet the requirement as is shown below 458
• It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 458
• Mstp backwards compatible with stp and rstp can map vlans to instances to implement load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 458
• Network requirements 458
• To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 458
• Using the gui 459
• Using the cli 466
• Verify the configurations 468
• Appendix default parameters 473
• Default settings of the spanning tree feature are listed in the following table 473
• Chapters 475
• Configuring lldp 475
• Part 15 475
• Overview 476
• Supported features 476
• Configuring lldp globally 477
• Lldp configurations 477
• Using the gui 477
• Follow these steps to configure the lldp feature globally 478
• In the global config section enable lldp you can also enable the switch to forward lldp messages when lldp function is disabled click apply 478
• In the parameter config section configure the lldp parameters click apply 478
• Configure the admin status and notification mode for the port 479
• Configuring lldp for the port 479
• Follow these steps to configure the lldp feature for the interface 479
• Port config to load the following page 479
• Select one or more ports to configure 479
• Select the tlvs type length value included in the lldp packets according to your needs 479
• Click apply 480
• Enable the lldp feature on the switch and configure the lldp parameters 480
• Global config 480
• Using the cli 480
• Switch config lldp 481
• Switch config lldp hold multiplier 4 481
• Switch configure 481
• The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 481
• Fast packet count 3 482
• Initialization delay 2 seconds 482
• Lldp forward message disabled 482
• Lldp med fast start repeat count 4 482
• Lldp status enabled 482
• Port config 482
• Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 482
• Switch config end 482
• Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 482
• Switch config show lldp 482
• Switch copy running config startup config 482
• Trap notification interval 5 seconds 482
• Ttl multiplier 4 482
• Tx delay 2 seconds 482
• Tx interval 30 seconds 482
• Configuring lldp globally 485
• Configuring lldp med globally 485
• Lldp med configurations 485
• Using the gui 485
• Configuring lldp med for ports 486
• Global config 488
• Lldp status enabled 488
• Switch config lldp 488
• Switch config lldp med fast count 4 488
• Switch config show lldp 488
• Switch configure 488
• The following example shows how to configure lldp med fast count as 4 488
• Tx interval 30 seconds 488
• Using the cli 488
• Fast packet count 3 489
• Initialization delay 2 seconds 489
• Lldp med fast start repeat count 4 489
• Port config 489
• Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 489
• Switch config end 489
• Switch copy running config startup config 489
• Trap notification interval 5 seconds 489
• Ttl multiplier 4 489
• Tx delay 2 seconds 489
• Using gui 492
• Viewing lldp device info 492
• Viewing lldp settings 492
• Follow these steps to view the local information 493
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 493
• In the local info section select the desired port and view its associated local device information 493
• Viewing lldp statistics 495
• In the neighbors statistics section view the statistics of the corresponding port 496
• Using cli 496
• Viewing lldp statistics 496
• Viewing the local info 496
• Viewing the neighbor info 496
• Using gui 497
• Viewing lldp med settings 497
• Follow these steps to view lldp med neighgbor information 498
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 498
• In the neighbor info section select the desired port and view the lldp med settings 498
• Neighbor info to load the following page 498
• Viewing the neighbor info 498
• Using cli 499
• Viewing lldp statistics 499
• Viewing the local info 499
• Viewing the neighbor info 499
• Configuration examples 500
• Configuration scheme 500
• Example for lldp 500
• Network requirements 500
• Using the gui 500
• Using cli 501
• Verify the configurations 502
• Configuration scheme 507
• Example for lldp med 507
• Network requirements 507
• Using the gui 507
• Using cli 510
• Verify the configurations 511
• Appendix default parameters 513
• Default lldp med settings 513
• Default lldp settings 513
• Default settings of lldp are listed in the following tables 513
• Chapters 514
• Configuring l2pt 514
• Part 16 514
• Overview 515
• Follow these steps to configure l2pt 517
• In the l2pt config section enable l2pt globally and click apply 517
• In the port config section configure the port that is connected to the customer network as a uni port and specify your desired protocols on the port in addition you can also set the threshold for packets per second to be processed on the uni port 517
• L2pt configuration 517
• L2pt to load the following page 517
• Using the gui 517
• Click apply 518
• Follow these steps to configure l2pt feature 518
• In the port config section configure the port that is connected to the isp network as an nni port note that the protocols and threshold cannot be configured on the nni port 518
• Using the cli 518
• Configuration example 522
• Configuration scheme 522
• Network requirements 522
• Using the gui 522
• Using the cli 523
• Verify the configuration 524
• Appendix default parameters 525
• Default settings of l2pt are listed in the following table 525
• Chapters 526
• Configuring pppoe id insertion 526
• Part 17 526
• Overview 527
• Pppoe id insertion configuration 528
• Using the gui 528
• Follow these steps to configure pppoe id insertion 529
• Using the cli 529
• Pppoe id insertion state enabled 530
• Switch config if interface gigabitethernet 1 0 1 530
• Switch config if pppoe circuit id 530
• Switch config if pppoe circuit id type udf only 123 530
• Switch config if pppoe remote id host1 530
• Switch config if show pppoe id insertion global 530
• Switch config pppoe id insertion 530
• Switch configure 530
• The following example shows how to enable pppoe id insertion globally and on port 1 0 1 and configure the circuit id as 123 without other information and remote id as host1 530
• Appendix default parameters 532
• Default settings of l2pt are listed in the following table 532
• Chapters 533
• Configuring layer 3 interfaces 533
• Part 18 533
• Interfaces are used to exchange data and interact with interfaces of other network devices interfaces are classified into layer 2 interfaces and layer 3 interfaces 534
• Layer 2 interfaces are the physical ports on the switch panel they forward packets based on mac address table 534
• Layer 3 interfaces are used to forward ipv4 and ipv6 packets using static or dynamic routing protocols you can use layer 3 interfaces for ip routing and inter vlan routing 534
• Overview 534
• This chapter introduces the configurations for layer 3 interfaces the supported types of layer 3 interfaces are shown as below 534
• Creating a layer 3 interface 535
• Layer 3 interface configurations 535
• Using the gui 535
• In the interface config section click 536
• To load the following page and configure the corresponding parameters for the layer 3 interface then click create 536
• Config section on the corresponding interface entry click edit ipv4 to load the following page and edit the ipv4 parameters of the interface 537
• Configuring ipv4 parameters of the interface 537
• Figure 2 537
• In the modify ipv4 interface section configure relevant parameters for the interface according to your actual needs then click apply 537
• You can view the corresponding interface you have created in the interface 537
• Configuring ipv6 parameters of the interface 538
• In the modify ipv6 interface section enable ipv6 feature for the interface and configure the corresponding parameters then click apply 539
• Configure ipv6 global address of the interface via following three ways 540
• In the global address config section click 540
• Manually 540
• To manually assign an ipv6 global address to the interface 540
• Via dhcpv6 server 540
• Via ra message 540
• Figure 2 541
• Interface config section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 541
• View the global address entry in the global address config 541
• Viewing detail information of the interface 541
• You can view the corresponding interface entry you have created in the 541
• Creating a layer 3 interface 542
• Follow these steps to create a layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 542
• Using the cli 542
• Switch config if description vlan 2 543
• Switch config if end 543
• Switch config interface vlan 2 543
• Switch configure 543
• The following example shows how to create a vlan interface with a description of vlan 2 543
• Configuring ipv4 parameters of the interface 544
• Follow these steps to configure the ipv4 parameters of the interface 544
• Switch config if ip address 192 68 00 255 55 55 544
• Switch config if no switchport 544
• Switch config interface gigabitethernet 1 0 1 544
• Switch configure 544
• Switch copy running config startup config 544
• The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 544
• Configuring ipv6 parameters of the interface 545
• Follow these steps to configure the ipv6 parameters of the interface 545
• Interface ip address method status protocol shutdown gi1 0 1 192 68 00 24 static up up no 545
• Switch config if end 545
• Switch config if show ip interface brief 545
• Switch copy running config startup config 545
• Global address dhcpv6 enable 546
• Global address ra disable 546
• Global unicast address es ff02 1 ff13 237b 546
• Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 546
• Joined group address es ff02 1 546
• Switch config if ipv6 address autoconfig 546
• Switch config if ipv6 address dhcp 546
• Switch config if ipv6 enable 546
• Switch config if show ipv6 interface 546
• Switch config interface vlan 2 546
• Switch configure 546
• The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 546
• Vlan2 is up line protocol is up 546
• Configuration example 548
• Configuration scheme 548
• Network requirement 548
• Using the gui 548
• Using the cli 549
• Verify the vlan interface configurations 550
• Appendix default parameters 551
• Default settings of interface are listed in the following tables 551
• Chapters 552
• Configuring routing 552
• Part 19 552
• Overview 553
• Configure the corresponding parameters to add an ipv4 static routing entry then click create 554
• Ipv4 static routing and click 554
• Ipv4 static routing configuration 554
• To load the following page to load the following page 554
• Using the gui 554
• C 192 68 24 is directly connected vlan1 555
• Candidate default 555
• Codes c connected s static 555
• Follow these steps to create an ipv4 static route 555
• S 192 68 24 1 0 via 192 68 vlan1 555
• Switch config end 555
• Switch config ip route 192 68 255 55 55 192 68 555
• Switch config show ip route 555
• Switch configure 555
• Switch copy running config startup config 555
• The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 555
• Using the cli 555
• Configure the corresponding parameters to add an ipv6 static routing entry then click create 556
• Follow these steps to enable ipv6 routing function and create an ipv6 static route 556
• Ipv6 static 556
• Ipv6 static routing configuration 556
• Routing table and click 556
• To load the following page 556
• Using the cli 556
• Using the gui 556
• C 3000 64 is directly connected vlan1 557
• Candidate default 557
• Codes c connected s static 557
• S 3200 64 1 0 via 3100 1234 vlan2 557
• Switch config end 557
• Switch config ipv6 route 3200 64 3100 1234 557
• Switch config show ipv6 route static 557
• Switch configure 557
• Switch copy running config startup config 557
• The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 557
• Using the gui 558
• Viewing ipv4 routing table 558
• Viewing routing table 558
• Ipv6 routing table to load the following page 559
• On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 559
• Using the cli 559
• View the ipv6 routing entries 559
• Viewing ipv4 routing table 559
• Viewing ipv6 routing table 559
• On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 560
• Viewing ipv6 routing table 560
• As shown below host a and host b are on different network segments to meet business needs host a and host b need to establish a connection without using dynamic routing protocols to ensure stable connectivity 561
• Configuration scheme 561
• Demonstrated with t2600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 561
• Example for static routing 561
• Interface to create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as 255 55 55 and the admin status as enable create a routed port gi1 0 2 with the mode as static the ip address as 10 0 the mask as 255 55 55 and the admin status as enable 561
• Network requirements 561
• The configurations of switch a and switch b are similar the following introductions take switch a as an example 561
• To implement this requirement you can configure the default gateway of host a as 10 24 the default gateway of host b as 10 24 and configure ipv4 static routes on switch a and switch b so that hosts on different network segments can communicate with each other 561
• Using the gui 561
• Ipv4 static routing to load the following page add a static routing entry with the destination as 10 the subnet 562
• Using the cli 563
• Verify the configurations 564
• Chapters 566
• Configuring dhcp service 566
• Part 20 566
• Dhcp relay 567
• Dhcp server 567
• Overview 567
• Supported features 567
• As the following figure shows no ip addresses are assigned to vlan 10 and vlan 20 but a default relay agent interface is configured with the ip address 192 68 24 the switch uses ip address of the default agent interface 192 68 24 to apply for ip addresses for clients in both vlan 10 and vlan 20 as a result the dhcp server will assign ip addresses on 192 68 24 the same subnet with the ip address of the default agent interface to clients in both vlan 10 and vlan 20 569
• Dhcp l2 relay 569
• Unlike dhcp relay dhcp l2 relay is used in the situation that the dhcp server and client are in the same vlan in dhcp l2 relay in addition to normally assigning ip addresses to clients from the dhcp server the switch can record the location information of the dhcp client using option 82 the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server the dhcp server which supports option 82 can set the distribution policy of ip addresses and the other parameters providing a more flexible address distribution way 569
• Dhcp server configuration 570
• Enabling dhcp server 570
• Using the gui 570
• Enter the starting ip address and ending ip address to specify the range of reserved ip addresses click create 571
• In the excluded ip address config section click 571
• In the ping time config section configure ping packets and ping timeout for ping tests click apply 571
• To load the following page to specify the ip addresses that should not be assigned to the clients 571
• Configure the parameters for the dhcp server pool then click create 572
• Configuring dhcp server pool 572
• Pool setting and click 572
• The dhcp server pool defines the parameters that will be assigned to the dhcp clients 572
• To load the following page 572
• Configuring manual binding 573
• Some devices like web servers require static ip addresses to meet this requirement you can manually bind the mac address or client id of the device to an ip address and the dhcp server will reserve the bound ip address to this device at all times 573
• Enabling dhcp server 574
• Follow these steps to enable dhcp server and to configure ping packets and ping timeout 574
• Manual binding and 574
• Select a pool name and enter the ip address to be bound select a binding mode and finish the configuration accordingly click create 574
• To load the following page 574
• Using the cli 574
• 68 192 68 577
• Configuring dhcp server pool 577
• Follow these steps to configure dhcp server pool 577
• No start ip address end ip address 577
• Switch config end 577
• Switch config ip dhcp server excluded address 192 68 192 68 577
• Switch config show ip dhcp server excluded address 577
• Switch configure 577
• Switch copy running config startup config 577
• The following example shows how to configure the 192 68 as the default gateway address and excluded ip address 577
• Configuring manual binding 580
• Follow these steps to configure manual binding 580
• Some hosts www server for example requires a static ip address to satisfy this requirement you can manually bind the mac address or client id of the host to an ip address and the dhcp server will reserve the bound ip address to this host at all times 580
• Switch copy running config startup config 580
• Dhcp relay configuration 582
• Enabling dhcp relay and configuring option 82 582
• Using the gui 582
• Optional in the option 82 config section configure option 82 583
• Configuring dhcp interface relay 584
• Configuring dhcp vlan relay 584
• Follow these steps to specify dhcp server for the specific vlan 585
• In the default relay agent interface section specify a layer 3 interface as the default relay agent interface then click apply 585
• In the dhcp vlan relay config section click 585
• Specify the vlan the clients belongs to and the server address click create 585
• To load the configuration page 585
• Enabling dhcp relay 586
• Follow these steps to enable dhcp relay and configure the corresponding parameters 586
• Switch config service dhcp relay 586
• Switch configure 586
• The following example shows how to enable dhcp relay configure the relay hops as 5 and configure the relay time as 10 seconds 586
• Using the cli 586
• Dhcp relay hops 5 587
• Dhcp relay state enabled 587
• Dhcp relay time threshold 10 seconds 587
• Follow these steps to configure option 82 587
• Optional configuring option 82 587
• Switch config end 587
• Switch config ip dhcp relay hops 5 587
• Switch config ip dhcp relay time 10 587
• Switch config show ip dhcp relay 587
• Switch copy running config startup config 587
• Gi1 0 7 enable replace normal vlan20 host1 n a 588
• Interface option 82 status operation strategy format circuit id remote id lag 588
• Switch config if end 588
• Switch config if ip dhcp relay information circut id vlan20 588
• Switch config if ip dhcp relay information format normal 588
• Switch config if ip dhcp relay information option 588
• Switch config if ip dhcp relay information remote id host1 588
• Switch config if ip dhcp relay information strategy replace 588
• Switch config if show ip dhcp relay information interface gigabitethernet 1 0 7 588
• Switch config interface gigabitethernet 1 0 7 588
• Switch configure 588
• Switch copy running config startup config 588
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 588
• Configuring dhcp interface relay 589
• Follow these steps to dhcp interface relay 589
• The following example shows how to configure the dhcp server address as 192 68 on vlan interface 66 589
• You can specify dhcp server for an layer 3 interface or for a vlan the following respectively introduces how to configure dhcp interface relay and dhcp vlan relay 589
• Configuring dhcp vlan relay 590
• Dhcp relay helper address is configured on the following interfaces 590
• Follow these steps to configure dhcp vlan relay 590
• Interface helper address 590
• Switch config if end 590
• Switch config if ip helper address 192 68 590
• Switch config if show ip dhcp relay 590
• Switch config interface vlan 66 590
• Switch configure 590
• Switch copy running config startup config 590
• Vlan 66 192 68 590
• Dhcp vlan relay helper address is configured on the following vlan 591
• Switch config end 591
• Switch config if exit 591
• Switch config if ip dhcp relay default interface 591
• Switch config if no switchport 591
• Switch config interface gigabitethernet 1 0 2 591
• Switch config ip dhcp relay vlan 10 helper address 192 68 591
• Switch config show ip dhcp relay 591
• Switch configure 591
• Switch copy running config startup config 591
• The following example shows how to set the routed port 1 0 2 as the default relay agent interface and configure the dhcp server address as 192 68 on vlan 10 591
• Vlan 10 192 68 591
• Vlan helper address 591
• Dhcp l2 relay configuration 592
• Enabling dhcp l2 relay 592
• Using the gui 592
• Configuring option 82 for ports 593
• Follow these steps to enable dhcp relay and configure option 82 593
• Port config to load the following page 593
• Select one or more ports to configure option 82 593
• Click apply 594
• Enabling dhcp l2 relay 594
• Follow these steps to enable dhcp l2 relay 594
• Switch config ip dhcp l2relay 594
• Switch configure 594
• The following example shows how to enable dhcp l2 relay globally and for vlan 2 594
• Using the cli 594
• Configuring option 82 for ports 595
• Follow these steps to configure option 82 595
• Global status enable 595
• Switch config end 595
• Switch config ip dhcp l2relay vlan 2 595
• Switch config show ip dhcp l2relay 595
• Switch copy running config startup config 595
• Vlan id 2 595
• Gi1 0 7 enable replace normal vlan20 host1 n a 596
• Interface option 82 status operation strategy format circuit id remote id lag 596
• Switch config if end 596
• Switch config if ip dhcp l2relay information circut id vlan20 596
• Switch config if ip dhcp l2relay information format normal 596
• Switch config if ip dhcp l2relay information option 596
• Switch config if ip dhcp l2relay information remote id host1 596
• Switch config if ip dhcp l2relay information strategy replace 596
• Switch config if show ip dhcp l2relay information interface gigabitethernet 1 0 7 596
• Switch config interface gigabitethernet 1 0 7 596
• Switch configure 596
• Switch copy running config startup config 596
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 596
• Configuration examples 597
• Configuration scheme 597
• Example for dhcp server 597
• Network requirements 597
• Using the gui 597
• Using the cli 598
• Example for dhcp interface relay 599
• Network requirements 599
• Verify the configuration 599
• Configuration scheme 600
• Using the gui 600
• Using the cli 608
• Example for dhcp vlan relay 610
• Network requirements 610
• Verify the configurations of the dhcp relay agent 610
• Configuration scheme 611
• Using the gui 611
• Using the cli 615
• Example for dhcp l2 relay 617
• Network requirements 617
• Verify the configurations of the dhcp relay agent 617
• Configuration scheme 618
• Using the gui 618
• Using cli 620
• Verify the configurations 621
• Appendix default parameters 622
• Default settings of dhcp server are listed in the following table 622
• Default settings of dhcp relay are listed in the following table 623
• Default settings of dhcp l2 relay are listed in the following table 624
• Chapters 625
• Configuring arp 625
• Part 21 625
• Arp table 626
• Gratuitous arp 626
• Overview 626
• Proxy arp 626
• Static arp 626
• Supported features 626
• Local proxy arp 627
• Local proxy arp is similar with proxy arp as shown below two hosts are in the same vlan and connected to vlan interface 1 but port 1 0 1 and port 1 0 2 are isolated on layer 2 in this case both of the hosts cannot receive each other s arp request so they cannot communicate with each other because they cannot learn each other s mac address using arp packets 627
• To solve this problem you can enable local proxy arp on the layer 3 interface and the interface will respond the arp request sender with its own mac address after that the arp request sender sends packets to the layer 3 interface and the interface forwards the packets to the intended device 627
• Arp configurations 628
• Using the gui 628
• Viewing the arp entries 628
• Adding static arp entries manually 629
• Configuring gratuitous arp 629
• Enter the ip address and mac address then click create 629
• Gratuitous arp to load the following page 629
• Static arp and click 629
• To load the following page 629
• You can add desired static arp entries by mannually specifying the ip addresses and mac addresses 629
• Configuring proxy arp 630
• Follow these steps to configure the gratuitous feature for the interface 630
• In the gratuitous arp global settings section configure the global parameters for gratuitous arp then click apply 630
• In the gratuitous arp table section configure the interval of sending gratuitous arp request packets for the interface then click apply 630
• Proxy arp is used in the situation that two devices are in the same network segment but connected to different layer 3 interfaces 630
• Proxy arp to load the following page 630
• Configuring local proxy arp 631
• Local proxy arp is used in the situation that two devices are in the same vlan but isolated on the layer 2 ports 631
• Local proxy arp to load the following page 631
• Select the desired interface and enable local proxy arp then click apply 631
• Select the desired interface and enable proxy arp then click apply 631
• Adding static arp entries 632
• Configuring the arp entry 632
• Follow these steps to add static arp entries 632
• Interface address hardware addr type 632
• Switch config arp 192 68 00 11 22 33 44 55 arpa 632
• Switch config show arp 192 68 632
• Switch configure 632
• This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 632
• Using the cli 632
• Vlan1 192 68 00 11 22 33 44 55 static 632
• Clearing dynamic entries 633
• Configuring the aging time of dynamic arp entries 633
• Follow these steps to configure the aging time of dynamic arp entries 633
• Renewing dynamic entries automatically 633
• Switch config arp timeout 1000 633
• Switch config end 633
• Switch configure 633
• Switch copy running config startup config 633
• This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for vlan interface 2 633
• Configuring gratuitous arp globally 634
• Configuring the gratuitous arp 634
• Follow these steps to add static arp entries 634
• On privileged exec mode or any other configuration mode you can use the following command to view arp entries 634
• Viewing arp entries 634
• Interface gratuitous arp periodical send interval 636
• Switch config if end 636
• Switch config if gratuitous arp send interval 10 636
• Switch config if show gratuitous arp 636
• Switch config interface vlan 1 636
• Switch configure 636
• Switch copy running config startup config 636
• This example shows how to configure the interval of sending gratuitous arp packets for vlan interface 1 as 10 seconds 636
• Vlan1 10 636
• Configuring proxy arp 637
• Follow these steps to proxy arp on the vlan interface routed port or port channel 637
• Interface ip address ip mask status vlan 1 192 68 255 55 55 enabled 637
• Switch config if end 637
• Switch config if ip proxy arp 637
• Switch config if show ip proxy arp 637
• Switch config interface vlan 1 637
• Switch configure 637
• Switch copy running config startup config 637
• This example shows how to enable proxy arp function for vlan interface 1 637
• You can configure proxy arp and local proxy arp 637
• Configuring local proxy arp 638
• Follow these steps to local proxy arp on the vlan interface routed port or port channel 638
• Interface ip address ip mask status 638
• Switch config if end 638
• Switch config if ip local proxy arp 638
• Switch config if show ip local proxy arp 638
• Switch config interface vlan 1 638
• Switch configure 638
• Switch copy running config startup config 638
• This example shows how to enable local proxy arp function for vlan interface 1 638
• Vlan 1 192 68 255 55 55 enabled 638
• Appendix default parameters 639
• Default arp settings are listed in the following tables 639
• Chapters 640
• Configuring qos 640
• Part 22 640
• Bandwidth control 641
• Class of service 641
• Overview 641
• Supported features 641
• Voice vlan and auto voip 641
• 802 p priority 643
• Class of service configuration 643
• Configuration guidelines 643
• Dscp priority 643
• Port priority 643
• Click apply 644
• Configuring port priority 644
• Configuring the trust mode and port to 802 p mapping 644
• Follow these steps to configure the parameters of the port priority 644
• Port priority to load the following page 644
• Select the desired ports specify the 802 p priority and set the trust mode as untrusted 644
• Using the gui 644
• Configuring the 802 p to queue mapping 645
• In the 802 p to queue mapping section configure the mappings and click apply 645
• P priority to load the following page 645
• Configuring 802 p priority 646
• Configuring the 802 p to queue mapping and 802 p remap 647
• Follow these steps to configure the parameters of the 802 p priority 647
• For t2600g 28ts t2600g 28mps t2600g 28sq t2600g 52ts 647
• In the 802 p to queue mapping section configure the mappings and click apply 647
• P priority to load the following page 647
• For t2600g 18ts 648
• Configuring dscp priority 649
• Configuring the trust mode 649
• Follow these steps to configure the trust mode 649
• Optional in the 802 p remap section configure the 802 p to 802 p mappings and click apply the remapping will take effect globally 649
• Port priority to load the following page 649
• Select the desired ports and set the trust mode as trust dscp 649
• Click apply 650
• Configuring the 802 p to queue mapping 650
• In the 802 p to queue mapping section configure the mappings and click apply 650
• P priority to load the following page 650
• Click apply 651
• Configuring the dscp to 802 p mapping and the dscp remap 651
• Dscp priority to load the following page 651
• Follow these steps to configure the dscp priority 651
• For t2600g 28ts t2600g 28mps t2600g 28sq t2600g 52ts 651
• Select the desired port configure the dscp to 802 p mapping and the dscp remap 651
• Click apply 652
• Dscp priority to load the following page 652
• Follow these steps to configure the dscp priority 652
• For t2600g 18ts 652
• In the dscp priority config section configure the dscp to 802 p mapping and the dscp remap 652
• Specifying the scheduler settings 653
• Follow these steps to configure the schedule mode 654
• In the scheduler config section select the desired port 654
• Select the desired queue and configure the parameters 654
• Click apply 655
• Configuring port priority 655
• Configuring the trust mode and the port to 802 p mapping 655
• Follow these steps to configure the trust mode and the port to 802 p mapping 655
• Using cli 655
• Configuring the 802 p to queue mapping 656
• Follow these steps to configure the 802 p to queue mapping 656
• Configuring 802 p priority 657
• Configuring the 802 p to queue mapping and 802 p remap 658
• Follow these steps to configure the 802 p to queue mapping and 802 p remap 658
• Configuring dscp priority 660
• Configuring the 802 p to queue mapping 661
• Follow these steps to configure the 802 p to queue mapping 661
• Configuring the dscp to 802 p mapping and dscp remap 662
• Follow these steps to configure the dscp to 802 p mapping and dscp remap 662
• Port trust mode lag 663
• Switch config if exit 663
• Switch config if qos dscp map 1 3 5 7 3 663
• Switch config if qos dscp remap 9 5 663
• Switch config if qos trust mode dscp 663
• Switch config if show qos trust interface gigabitethernet 1 0 1 663
• Switch config interface gigabitethernet 1 0 1 663
• Switch config qos cos map 3 4 663
• Switch configure 663
• The following example shows how to configure the trust mode of port 1 0 1 as dscp map 802 p priority 3 to tc4 map dscp priority 1 3 5 7 to 802 p priority 3 and configure to map the original dscp priority 9 to dscp priority 5 663
• Follow these steps to specify the scheduler settings to control the forwarding sequence of different tc queues when congestion occurs 666
• Specifying the scheduler settings 666
• Switch config if end 666
• Switch copy running config startup config 666
• Bandwidth control configuration 668
• Configuring rate limit 668
• Using the gui 668
• Configuring storm control 669
• Follow these steps to configure the storm control function 669
• Select the desired port and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames unknown unicast frames 669
• Storm control to load the following page 669
• Click apply 670
• Configuring rate limit 670
• Follow these steps to configure the upper rate limit for the port to receive and send packets 670
• Using the cli 670
• Configuring storm control 671
• Follow these steps to configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames 671
• Gi1 0 5 5120 1024 n a 671
• Port ingressrate kbps egressrate kbps lag 671
• Switch config if bandwidth ingress 5120 egress 1024 671
• Switch config if end 671
• Switch config if show bandwidth interface gigabitethernet 1 0 5 671
• Switch config interface gigabitethernet 1 0 5 671
• Switch configure 671
• Switch copy running config startup config 671
• The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 671
• Gi1 0 5 pps 148800 0 0 shutdown 10 n a 673
• Port rate mode bcrate mcrate ulrate exceed recover time lag 673
• Switch config if end 673
• Switch config interface gigabitethernet 1 0 5 673
• Switch configure 673
• Switch copy running config startup config 673
• T2600g 28ts config if show storm control interface gigabitethernet 1 0 5 673
• T2600g 28ts config if storm control broadcast 148800 673
• T2600g 28ts config if storm control exceed shutdown recover time 10 673
• T2600g 28ts config if storm control rate mode pps 673
• The following example shows how to configure the upper rate limit of broadcast packets as 148800 pps specify the action as shutdown and set the recover time as 10 for port 1 0 5 673
• Configuring oui addresses 674
• Using the gui 674
• Voice vlan configuration 674
• Click create 675
• Configuring voice vlan globally 675
• Follow these steps to configure the oui addresses 675
• Global config to load the following page 675
• Specify the oui and the description 675
• To load the following page 675
• Adding ports to voice vlan 676
• Click apply 676
• Enable the voice vlan feature and specify the parameters 676
• Follow these steps to configure voice vlan globally 676
• Port config to load the following page 676
• Select the desired ports and choose enable in voice vlan filed 676
• Click apply 677
• Follow these steps to configure voice vlan 677
• Using the cli 677
• Auto voip configuration 680
• Configuration guidelines 680
• Using the gui 680
• Click apply 681
• Follow these steps to configure auto voip 681
• Using the cli 681
• Configuration examples 685
• Configuration scheme 685
• Example for class of service 685
• Network requirements 685
• Using the gui 686
• Using the cli 688
• Verify the configurations 689
• Example for voice vlan 690
• Network requirements 690
• Configuration scheme 691
• Configure 802 q vlan for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 691
• Configure voice vlan feature on port 1 0 1 and port 1 0 2 691
• Demonstrated with t2600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 691
• Internet 691
• To implement this requirement you can configure voice vlan to ensure that the voice traffic can be transmitted in the same vlan and the data traffic is transmitted in another vlan in addition specify the priority to make the voice traffic can take precedence when the congestion occurs 691
• To load the following page create vlan 2 and add untagged port 1 0 1 port 1 0 2 and port 1 0 4 to vlan 2 click create 691
• Using the gui 691
• Vlan config and click 691
• Using the cli 695
• Verify the configurations 697
• Example for auto voip 698
• Network requirements 698
• Configuration scheme 699
• Using the gui 699
• Select port 1 0 1 and specify the 802 p priority as 5 for other dscp priorities click apply 701
• Select port 1 0 2 set the scheduler mode as weighted and specify the queue weight as 10 for tc 7 click apply 703
• Using the cli 706
• Verify the configurations 707
• Appendix default parameters 711
• Default settings of class of service are listed in the following tables 711
• Default settings of class of service are listed in the following tables 713
• Default settings of voice vlan are listed in the following tables 713
• Default settings of auto voip are listed in the following tables 714
• Chapters 715
• Configuring access security 715
• Part 23 715
• Access control 716
• Access security 716
• Overview 716
• Serial port 716
• Supported features 716
• Telnet 716
• Access security configurations 717
• Configuring the access control feature 717
• Using the gui 717
• In the entry table section click 718
• To add an access control entry 718
• When the ip based mode is selected the following window will pop up 718
• When the mac based mode is selected the following window will pop up 718
• When the port based mode is selected the following window will pop up 719
• Click create then you can view the created entries in the entry table 720
• Configuring the http function 720
• Http config to load the following page 720
• In the global control section enable http function specify the port using for http and click apply to enable the http function 720
• In the number of access users section enable number control function specify the following parameters and click apply 721
• In the session config section specify the session timeout and click apply 721
• Configuring the https function 722
• In the ciphersuite config section select the algorithm to be enabled and click apply 723
• In the number of access users section enable number control function specify the following parameters and click apply 723
• In the session config section specify the session timeout and click apply 723
• In the load certificate and load key section download the certificate and key 724
• Configuring the ssh feature 725
• Configuring the telnet function 726
• Enable telnet and click apply 726
• In data integrity algorithm section enable the integrity algorithm you want the switch to support and click apply 726
• In import key file section select key type from the drop down list and click browse to download the desired key file 726
• In the encryption algorithm section enable the encryption algorithm you want the switch to support and click apply 726
• Telnet config to load the following page 726
• Configure the baud rate and click apply 727
• Configuring the access control 727
• Configuring the serial port parameters 727
• Follow these steps to configure the access control 727
• Serial port config to load the following page 727
• Using the cli 727
• 68 00 32 snmp telnet http https 729
• Configuring the http function 729
• Follow these steps to configure the http function 729
• Index ip address access interface 729
• Switch config end 729
• Switch config show user configuration 729
• Switch config user access control ip based 192 68 00 255 55 55 55 snmp telnet http https 729
• Switch config user access control ip based enable 729
• Switch configure 729
• Switch copy running config startup config 729
• The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 55 and make the switch support snmp telnet http and https 729
• User authentication mode ip based 729
• Http max users as admin 6 730
• Http max users as operator 2 730
• Http max users as power user 2 730
• Http max users as user 2 730
• Http port 80 730
• Http session timeout 9 730
• Http status enabled 730
• Http user limitation enabled 730
• Switch config end 730
• Switch config ip http max user 6 2 2 2 730
• Switch config ip http server 730
• Switch config ip http session timeout 9 730
• Switch config show ip http configuration 730
• Switch configure 730
• Switch copy running config startup config 730
• The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 730
• Configuring the https function 731
• Follow these steps to configure the https function 731
• Download ssl certificate ok 732
• Start to download ssl certificate 732
• Switch config ip http secure ciphersuite 3des ede cbc sha 732
• Switch config ip http secure max users 2 2 2 2 732
• Switch config ip http secure protocol ssl3 tls1 732
• Switch config ip http secure server 732
• Switch config ip http secure server download certificate ca crt ip address 192 68 00 732
• Switch config ip http secure server download key ca key ip address 192 68 00 732
• Switch config ip http secure session timeout 15 732
• Switch configure 732
• The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the maximum admin number as 2 the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 732
• Configuring the ssh feature 733
• Switch config ip ssh algorithm aes128 cbc 734
• Switch config ip ssh max client 4 734
• Switch config ip ssh server 734
• Switch config ip ssh timeout 100 734
• Switch config ip ssh version v1 734
• Switch config ip ssh version v2 734
• The following example shows how to configure the ssh function set the version as ssh v1 and ssh v2 enable the aes128 cbc and cast128 cbc encryption algorithm enable the hmac md5 data integrity algorithm choose the key type as ssh 2 rsa dsa 734
• Configuring the serial port parameters 736
• Configuring the telnet function 736
• Follow these steps enable the serial port parameters 736
• Follow these steps enable the telnet function 736
• Appendix default parameters 737
• Default settings of access security are listed in the following tables 737
• Chapters 739
• Configuring aaa 739
• Part 24 739
• Overview 740
• Aaa configuration 741
• Configuration guidelines 741
• Adding servers 742
• Using the gui 742
• Adding tacacs server 743
• Click create to add the radius server on the switch 743
• Click create to add the tacacs server on the switch 743
• Configure the following parameters 743
• Follow these steps to add a tacacs server 743
• Tacacs config and click 743
• To load the following page 743
• Configuring server groups 744
• Configuring the method list 744
• Click apply 746
• Click create to add the new method 746
• Configuring the aaa application list 746
• Follow these steps to configure the aaa application list 746
• Global config to load the following page 746
• In the aaa application list section select an access application and configure the login list and enable list 746
• Configuring login account and enable password 747
• Adding radius server 748
• Adding servers 748
• Follow these steps to add radius server on the switch 748
• Using the cli 748
• You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server with the highest priority authenticates the users trying to access the switch and the others act as backup servers in case the first one breaks down 748
• 68 0 1812 1813 5 2 000aeb132397 123456 749
• Adding tacacs server 749
• Follow these steps to add tacacs server on the switch 749
• Server ip auth port acct port timeout retransmit nas identifier shared key 749
• Switch config end 749
• Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 749
• Switch config show radius server 749
• Switch configure 749
• Switch copy running config startup config 749
• The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 749
• 68 0 49 8 123456 750
• Configuring server groups 750
• Server ip port timeout shared key 750
• Switch config end 750
• Switch config show tacacs server 750
• Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 750
• Switch configure 750
• Switch copy running config startup config 750
• The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 750
• The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 750
• The two default server groups cannot be deleted or edited follow these steps to add a server group 750
• A method list describes the authentication methods and their sequence to authenticate the users the switch supports login method list for users of all types to gain access to the switch and enable method list for guests to get administrative privileges 751
• Configuring the method list 751
• Follow these steps to configure the method list 751
• Switch aaa group end 751
• Switch aaa group server 192 68 0 751
• Switch aaa group show aaa group radius1 751
• Switch config aaa group radius radius1 751
• Switch configure 751
• Switch copy running config startup config 751
• The following example shows how to create a radius server group named radius1 and add the existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 751
• Default local 752
• Enable1 radius local 752
• Login1 radius local 752
• Methodlist pri1 pri2 pri3 pri4 752
• Switch config aaa authentication enable enable1 radius local 752
• Switch config aaa authentication login login1 radius local 752
• Switch config end 752
• Switch config show aaa authentication enable 752
• Switch config show aaa authentication login 752
• Switch configure 752
• Switch copy running config startup config 752
• The following example shows how to create a login method list named login1 and configure the method 1 as the default radius server group and the method 2 as local 752
• The following example shows how to create an enable method list named enable1 and configure the method 1 as the default radius server group and the method 2 as local 752
• Configuring the aaa application list 753
• Console 753
• Follow these steps to apply the login and enable method lists for the application console 753
• Switch config line console 0 753
• Switch config line enable authentication enable1 753
• Switch config line login authentication login1 753
• Switch config line show aaa global 753
• Switch configure 753
• Switch copy running config startup config 753
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application console 753
• You can configure authentication method lists on the following access applications console telnet ssh and http 753
• Console login1 enable1 754
• Follow these steps to apply the login and enable method lists for the application telnet 754
• Http default default 754
• Module login list enable list 754
• Ssh default default 754
• Switch config line enable authentication enable1 754
• Switch config line end 754
• Switch config line login authentication login1 754
• Switch config line telnet 754
• Switch configure 754
• Switch copy running config startup config 754
• Telnet 754
• Telnet default default 754
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 754
• Console default default 755
• Follow these steps to apply the login and enable method lists for the application ssh 755
• Http default default 755
• Module login list enable list 755
• Ssh default default 755
• Switch config line end 755
• Switch config line login authentication login1 755
• Switch config line show aaa global 755
• Switch config line ssh 755
• Switch configure 755
• Switch copy running config startup config 755
• Telnet login1 enable1 755
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 755
• Console default default 756
• Follow these steps to apply the login and enable method lists for the application http 756
• Http default default 756
• Module login list enable list 756
• Ssh login1 enable1 756
• Switch config ip http enable authentication enable1 756
• Switch config ip http login authentication login1 756
• Switch config line enable authentication enable1 756
• Switch config line end 756
• Switch config line show aaa global 756
• Switch config show aaa global 756
• Switch configure 756
• Switch copy running config startup config 756
• Telnet default default 756
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application http 756
• Configuring login account and enable password 757
• Console default default 757
• Http login1 enable1 757
• Module login list enable list 757
• On the switch 757
• Ssh default default 757
• Switch config end 757
• Switch copy running config startup config 757
• Telnet default default 757
• The local username and password for login can be configured in the user management feature for details refer to managing system 757
• The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 757
• To configure the local enable password for getting administrative privileges follow these steps 757
• Configuration examples 759
• Configuration scheme 759
• Network requirements 759
• Using the gui 760
• Using the cli 763
• Verify the configuration 764
• Appendix default parameters 765
• Default settings of aaa are listed in the following tables 765
• Chapters 767
• Configuring 802 x 767
• Part 25 767
• Overview 768
• Configuring the radius server 769
• Using the gui 769
• X configuration 769
• Click apply 770
• Configure the parameters of the radius server 770
• Configuring the radius server group 770
• Follow these steps to add the radius server to a server group 770
• If you click 770
• Server group to load the following page 770
• The following window will pop up select a radius server and click save 770
• To add a new server group 770
• To edit the default radius server group or click 770
• Configuring 802 x globally 772
• Follow these steps to configure 802 x global parameters 772
• Global config to load the following page 772
• In the accounting dot1x method section select an existing radius server group for accounting from the pri1 drop down list and click apply 772
• In the global config section configure the following parameters 772
• Click apply 773
• Configuring 802 x on ports 773
• Follow these steps to configure 802 x authentication on the desired port 773
• Port config to load the following page 773
• Select one or more ports and configure the following parameters 773
• Click apply 774
• Authenticator state to load the following page 775
• On this page you can view the authentication status of each port 775
• View the authenticator state 775
• Configuring the radius server 776
• Follow these steps to configure radius 776
• Using the cli 776
• The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 777
• Configuring 802 x globally 778
• The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 779
• Authentication protocol pap 780
• Configuring 802 x on ports 780
• Follow these steps to configure the port 780
• Handshake state enabled 780
• Switch config dot1x auth protocol pap 780
• Switch config dot1x system auth control 780
• Switch config end 780
• Switch config show dot1x global 780
• Switch configure 780
• Switch copy running config startup config 780
• X accounting state disabled 780
• X state enabled 780
• X vlan assignment state disabled 780
• Viewing authenticator state 782
• Configuration example 784
• Configuration scheme 784
• Network requirements 784
• Network topology 784
• Demonstrated with t2600g 28ts acting as the authenticator the following sections provide configuration procedure in two ways using the gui and using the cli 785
• Internet 785
• Radius config and click 785
• To load the following page configure the parameters of the radius server and click create 785
• Using the gui 785
• Using the cli 787
• Verify the configurations 788
• Appendix default parameters 790
• Default settings of 802 x are listed in the following table 790
• Chapters 791
• Configuring port security 791
• Part 26 791
• Overview 792
• Follow these steps to configure port security 793
• Port security configuration 793
• Port security to load the following page 793
• Select one or more ports and configure the following parameters 793
• Using the gui 793
• Click apply 794
• Follow these steps to configure port security 794
• Using the cli 794
• Switch config interface gigabitethernet 1 0 1 795
• Switch configure 795
• The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 enable exceed max leaned feature and configure the mode as permanent and the status as drop 795
• Appendix default parameters 797
• Default settings of port security are listed in the following table 797
• Chapters 798
• Configuring acl 798
• Part 27 798
• Configuration guidelines 799
• Overview 799
• Acl configuration 800
• Configuring time range 800
• Creating an acl 800
• Using the gui 800
• Configuring acl rules 801
• Configuring mac acl rule 801
• And the following page will appear 802
• Follow these steps to configure the mac acl rule 802
• In acl rules table section click 802
• In the mac acl rule section configure the following parameters 802
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 803
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 803
• Click apply 804
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 804
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 804
• Configuring ip acl rule 805
• Follow these steps to configure the ip acl rule 806
• In the ip acl rule section configure the following parameters 806
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 807
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 808
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 808
• Click apply 809
• Click edit acl for a combined acl entry to load the following page 809
• Configuring combined acl rule 809
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 809
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 812
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 812
• Click apply 813
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 813
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 813
• Configuring the ipv6 acl rule 814
• Follow these steps to configure the ipv6 acl rule 815
• In the ipv6 acl rule section configure the following parameters 815
• Click apply 817
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 817
• Click edit acl for a packet content acl entry to load the following page 818
• Configuring the packet content acl rule 818
• And the following page will appear 819
• In acl rules table section click 819
• In the packet content offset profile global config section configure the chunk offset click apply 819
• Follow these steps to configure the packet content acl rule 820
• In the packet content rule section configure the following parameters 820
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 820
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 820
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 821
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 821
• Configuring acl binding 822
• Viewing the acl rules 822
• Choose id or name to be used for matching the acl then select an acl from the drop down list 824
• Click create 824
• Configuring acl 824
• Configuring time range 824
• Enter the id of the vlan to be bound 824
• Follow the steps to create different types of acl and configure the acl rules 824
• Follow these steps to bind the acl to a vlan 824
• Mac acl 824
• Some acl based services or features may need to be limited to take effect only during a specified time period in this case you can configure a time range for the acl for details about time range configuration please refer to managing system 824
• Using the cli 824
• You can define the rules based on source or destination ip address source or destination mac address protocol type port number and others 824
• Switch config access list create 50 825
• Switch configure 825
• The following example shows how to create mac acl 50 and configure rule 5 to permit packets with source mac address 00 34 a2 d4 34 b5 825
• Ip acl 826
• Mac access list 50 name acl_50 826
• Rule 5 permit logging disable smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 826
• Switch config end 826
• Switch config mac acl access list mac 50 rule 5 permit logging disable smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 826
• Switch config mac acl exit 826
• Switch config show access list 50 826
• Switch copy running config startup config 826
• Ip access list 600 name acl_600 827
• Rule 1 permit logging disable sip 192 68 00 smask 255 55 55 55 827
• Switch config access list create 600 827
• Switch config access list ip 600 rule 1 permit logging disable sip 192 68 00 sip mask 255 55 55 55 827
• Switch config end 827
• Switch config show access list 600 827
• Switch configure 827
• Switch copy running config startup config 827
• The following example shows how to create ip acl 600 and configure rule 1 to permit packets with source ip address 192 68 00 827
• Combined acl 828
• Combined access list 2600 name acl_2600 829
• Ipv6 acl 829
• Rule 1 permit logging disable vid 2 sip 192 68 00 sip mask 255 55 55 55 829
• Switch config access list combined 1100 logging disable rule 1 permit vid 2 sip 192 68 00 sip mask 255 55 55 55 829
• Switch config access list create 1100 829
• Switch config end 829
• Switch config show access list 2600 829
• Switch configure 829
• Switch copy running config startup config 829
• The following example shows how to create combined acl 1100 and configure rule 1 to deny packets with source ip address 192 68 00 in vlan 2 829
• Ff ffff ffff 831
• Ipv6 access list 1600 name acl_1600 831
• Packet content acl 831
• Rule 1 deny logging disable sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff 831
• Switch config access list create 1600 831
• Switch config access list ipv6 1600 rule 1 deny logging disable sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 831
• Switch config end 831
• Switch config show access list 1600 831
• Switch configure 831
• Switch copy running config startup config 831
• The following example shows how to create ipv6 acl 1600 and configure rule 1 to deny packets with source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 831
• Packet content access list 2000 name acl_2000 832
• Rule 10 deny logging disable chunk1 value 0x58 mask 0xffffffff 832
• Switch config access list create 2000 832
• Switch config access list packet content profile chunk offset0 offset0 chunk offset1 offset1 chunk offset2 offset2 chunk offset3 offset3 832
• Switch config end 832
• Switch config packet content config 2000 rule 10 deny logging disable chunk 1 58 mask1 ffffffff 832
• Switch config show access list 2000 832
• Switch configure 832
• Switch copy running config startup config 832
• The following example shows how to create packet content acl 2000 and deny the packets with the value of its chunk1 0x58 832
• Configuring policy 833
• Follow the steps below to configure the policy actions for an acl rule 833
• Mac access list 100 name acl_100 833
• Policy allows you to further process the matched packets through operations such as mirroring rate limiting redirecting or changing priority 833
• Resequencing rules 833
• Rule 1 deny logging disable smac aa bb cc dd ee ff smask ff ff ff ff ff ff 833
• Rule 11 permit logging disable vid 18 833
• Rule 21 permit logging disable dmac aa cc ee ff dd 33 dmask ff ff ff ff ff ff 833
• Switch config access list resequence 100 start 1 step 10 833
• Switch config end 833
• Switch config show access list 100 833
• Switch configure 833
• Switch copy running config startup config 833
• The following example shows how to resequence the rules of mac acl 100 set the start rule id as 1 and the step value as 10 833
• You can resequence the rules by providing a start rule id and step value 833
• Redirect the matched packets to port 1 0 4 for rule 1 of mac acl 10 834
• Switch config access list action 10 rule 1 834
• Switch configure 834
• Configuring acl binding 835
• Follow the steps below to bind acl to a port or a vlan 835
• Mac access list 10 name acl_10 835
• Rule 5 permit logging disable action redirect gi1 0 4 835
• Switch config action exit 835
• Switch config action redirect interface gigabitethernet 1 0 4 835
• Switch config end 835
• Switch config show access list 10 835
• Switch copy running config startup config 835
• The following example shows how to bind acl 1 to port 3 and vlan 4 835
• You can bind the acl to a port or a vlan the received packets on the port or in the vlan will then be matched and processed according to the acl rules an acl takes effect only after it is bound to a port or vlan 835
• Viewing acl counting 836
• Configuration example for acl 837
• Configuration example for mac acl 837
• Configuration scheme 837
• Network requirements 837
• Using the gui 838
• In the same way configure rule 15 to deny packets with destination mac address 40 61 86 fc 71 56 and apply the time range of work hours 841
• Configure rule 25 to permit all the packets that do not match neither of the above rules 842
• Acl binding and click 843
• To load the following page bind acl 100 to port 1 0 2 to make it take effect 843
• Using the cli 844
• Verify the configurations 844
• Configuration example for ip acl 845
• Network requirements 845
• Configuration scheme 846
• Using the gui 846
• In the same way configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and tcp 443 https service port 848
• In the same way configure rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 53 or udp 53 dns service port 851
• In the same way configure rule 6 to deny packets with source ip 10 0 0 852
• Using the cli 853
• Verify the configurations 854
• Configuration example for combined acl 855
• Configuration scheme 855
• Network requirements 855
• Using the gui 856
• Configure rule 5 to permit packets with the source mac address 6c 62 6d f5 ba 48 and destination port tcp 23 telnet service port 857
• Configure rule 15 to deny all the packets except the packet with source mac address 6c 62 6d f5 ba 48 and destination port tcp 23 telnet service port 858
• In the same way configure rule 25 to permit all the packets the rule makes sure that all devices can get other network services normally 859
• Using the cli 861
• Verify the configurations 862
• Appendix default parameters 863
• The default settings of acl are listed in the following tables 863
• Chapters 865
• Configuring ipv4 impb 865
• Part 28 865
• Arp detection 866
• Ip mac binding 866
• Ipv4 impb 866
• Ipv4 source guard 866
• Overview 866
• Supported features 866
• Binding entries manually 867
• Ip mac binding configuration 867
• Using the gui 867
• Enter the following information to specify a host 868
• Follow these steps to manually create an ip mac binding entry 868
• Manual binding and click 868
• Select protect type for the entry 868
• To load the following page 868
• Binding entries via arp scanning 869
• Binding entries via dhcp snooping 870
• In the scanning result section select one or more entries and configure the relevant parameters then click bind 870
• With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 870
• Additionally you select one or more entries to edit the host name and protect type and click apply 872
• Binding table to load the following page 872
• Binding table to view or edit the entries 872
• In the binding table you can view search and edit the specified binding entries 872
• Viewing the binding entries 872
• You can specify the search criteria to search your desired entries 872
• Binding entries manually 873
• Binding entries via arp scanning is not supported by the cli the following sections introduce how to bind entries manually and via dhcp snooping and view the binding entries 873
• Follow these steps to manually bind entries 873
• Using the cli 873
• You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 873
• Here arp d for arp detection and ip v s for ip verify source 874
• Host1 192 68 5 74 d4 35 76 a4 d8 10 gi1 0 5 arp d manual 874
• Notice 874
• Switch config end 874
• Switch config ip source binding host1 192 68 5 74 d4 35 76 a4 d8 vlan 10 interface gigabitethernet 1 0 5 arp detection 874
• Switch config show ip source binding 874
• Switch configure 874
• Switch copy running config startup config 874
• The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address 74 d4 35 76 a4 d8 vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 874
• U host ip addr mac addr vid port acl source 874
• Binding entries via dhcp snooping 875
• Follow these steps to bind entries via dhcp snooping 875
• Global status enable 875
• Switch config if ip dhcp snooping max entries 100 875
• Switch config if show ip dhcp snooping 875
• Switch config interface gigabitethernet 1 0 1 875
• Switch config ip dhcp snooping 875
• Switch config ip dhcp snooping vlan 5 875
• Switch configure 875
• The following example shows how to enable dhcp snooping globally and on vlan 5 and set the maximum number of binding entries port 1 0 1 can learn via dhcp snooping as 100 875
• Viewing binding entries 876
• Adding ip mac binding entries 877
• Arp detection configuration 877
• Enabling arp detection 877
• Using the gui 877
• Configuring arp detection on ports 878
• In the vlan config section enable arp detection on the selected vlans click apply 878
• Port config to load the following page 878
• Arp statistics to load the following page 879
• Click apply 879
• Follow these steps to configure arp detection on ports 879
• Select one or more ports and configure the parameters 879
• Viewing arp statistics 879
• You can view the number of the illegal arp packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 879
• Adding ip mac binding entries 880
• Enabling arp detection 880
• Follow these steps to enable arp detection 880
• In arp detection the switch detects the arp packets based on the binding entries in the ip mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 880
• In the auto refresh section you can enable the auto refresh feature and specify the refresh interval and thus the web page will be automatically refreshed 880
• In the illegal arp packet section you can view the number of illegal arp packets in each vlan 880
• Using the cli 880
• Disable disable 881
• Enable disable 881
• Global status enable 881
• Switch config end 881
• Switch config ip arp inspection 881
• Switch config ip arp inspection validate src mac 881
• Switch config ip arp inspection vlan 2 881
• Switch config show ip arp inspection 881
• Switch config show ip arp inspection vlan 881
• Switch configure 881
• Switch copy running config startup config 881
• The following example shows how to enable arp detection globally and on vlan 2 and enable the switch to check whether the source mac address and the sender mac address are the same when receiving an arp packet 881
• Verify dmac disable 881
• Verify ip disable 881
• Verify smac enable 881
• Vid enable status log status 881
• Configuring arp detection on ports 882
• Follow these steps to configure arp detection on ports 882
• Switch config if ip arp inspection limit rate 20 882
• Switch config if ip arp inspection trust 882
• Switch config interface gigabitethernet 1 0 2 882
• Switch configure 882
• The following example shows how to set port 1 02 as a trusted port and set limit rate as 20 pps and burst interval as 2 seconds on port 1 0 2 882
• Viewing arp statistics 883
• Adding ip mac binding entries 884
• Configuring ipv4 source guard 884
• Ipv4 source guard configuration 884
• Using the gui 884
• Adding ip mac binding entries 885
• Configuring ipv4 source guard 885
• Follow these steps to configure ipv4 source guard 885
• In ipv4 source guard the switch filters the packets that do not match the rules of ipv4 mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 885
• In the global config section choose whether to enable the log feature click apply 885
• In the port config section configure the protect type for ports and click apply 885
• Using the cli 885
• Gi1 0 1 sip mac n a 886
• Port security type lag 886
• Switch config if end 886
• Switch config if ip verify source sip mac 886
• Switch config if show ip verify source interface gigabitethernet 1 0 1 886
• Switch config interface gigabitethernet 1 0 1 886
• Switch configure 886
• Switch copy running config startup config 886
• The following example shows how to enable ipv4 source guard on port 1 0 1 886
• Configuration examples 887
• Configuration scheme 887
• Example for arp detection 887
• Network requirements 887
• Using the gui 888
• Using the cli 890
• Verify the configuration 891
• Configuration scheme 892
• Example for ip source guard 892
• Network requirements 892
• Using the gui 892
• Using the cli 894
• Verify the configuration 894
• Appendix default parameters 896
• Default settings of arp detection are listed in the following table 896
• Default settings of dhcp snooping are listed in the following table 896
• Default settings of ipv4 source guard are listed in the following table 897
• Chapters 898
• Configuring ipv6 impb 898
• Part 29 898
• Ipv6 impb 899
• Ipv6 mac binding 899
• Nd detection 899
• Overview 899
• Supported features 899
• Internet 900
• Ipv6 source guard 900
• Ipv6 source guard is used to filter the ipv6 packets based on the ipv6 mac binding table only the packets that match the binding rules are forwarded 900
• Binding entries manually 901
• Ipv6 mac binding configuration 901
• Using the gui 901
• Click apply 902
• Enter or select the port that is connected to this host 902
• Enter the following information to specify a host 902
• Follow these steps to manually create an ipv6 mac binding entry 902
• Select protect type for the entry 902
• Binding entries via nd snooping 903
• Binding entries via dhcpv6 snooping 904
• Additionally you select one or more entries to edit the host name and protect type and click apply 906
• Binding table to load the following page 906
• Binding table to view or edit the entries 906
• In the binding table you can view search and edit the specified binding entries 906
• Viewing the binding entries 906
• You can specify the search criteria to search your desired entries 906
• Binding entries manually 907
• Follow these steps to manually bind entries 907
• The following sections introduce how to bind entries manually and via nd snooping and dhcp snooping and how to view the binding entries 907
• Using the cli 907
• You can manually bind the ipv6 address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 907
• Host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff 10 gi1 0 5 nd d manual 908
• Switch config end 908
• Switch config ipv6 source binding host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff vlan 10 interface gigabitethernet 1 0 5 nd detection 908
• Switch config show ipv6 source binding 908
• Switch configure 908
• Switch copy running config startup config 908
• The following example shows how to bind an entry with the hostname host1 ipv6 address 2001 0 9d38 90d5 34 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for nd detection 908
• U host ip addr mac addr vid port acl source 908
• Binding entries via nd snooping 909
• Follow these steps to bind entries via nd snooping 909
• Global status enable 909
• Switch config ipv6 nd snooping 909
• Switch config ipv6 nd snooping vlan 1 909
• Switch config show ipv6 nd snooping 909
• Switch configure 909
• The following example shows how to enable nd snooping globally and on vlan 1 909
• Vlan id 1 909
• Binding entries via dhcpv6 snooping 910
• Follow these steps to bind entries via dhcp snooping 910
• Gi1 0 1 1000 n a 910
• Interface max entries lag 910
• Switch config end 910
• Switch config if end 910
• Switch config if ipv6 nd snooping max entries 1000 910
• Switch config if show ipv6 nd snooping interface gigabitethernet 1 0 1 910
• Switch config interface gigabitethernet 1 0 1 910
• Switch configure 910
• Switch copy running config startup config 910
• The following example shows how to configure the maximum number of entries that can be learned on port 1 0 1 910
• Viewing binding entries 911
• Adding ipv6 mac binding entries 912
• Enabling nd detection 912
• Nd detection configuration 912
• Using the gui 912
• Click apply 913
• Configuring nd detection on ports 913
• Follow these steps to configure nd detection on ports 913
• Port config to load the following page 913
• Select one or more ports and configure the parameters 913
• Viewing nd statistics 913
• You can view the number of the illegal nd packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 913
• Adding ipv6 mac binding entries 914
• Enabling nd detection 914
• Using the cli 914
• Configuring nd detection on ports 915
• Follow these steps to configure nd detection on ports 915
• Global status enable 915
• Switch config end 915
• Switch config ipv6 nd detection 915
• Switch config ipv6 nd detection vlan 1 915
• Switch config show ipv6 nd detection 915
• Switch configure 915
• Switch copy running config startup config 915
• The following example shows how to enable nd detection globally and on vlan 1 915
• Vlan id 1 915
• Viewing nd statistics 916
• Adding ipv6 mac binding entries 917
• Configuring ipv6 source guard 917
• Ipv6 source guard configuration 917
• Using the gui 917
• Adding ipv6 mac binding entries 918
• Before configuring ipv6 source guard you need to configure the sdm template as enterprisev6 918
• Click apply 918
• Configuring ipv6 source guard 918
• Follow these steps to configure ipv6 source guard 918
• The nd detection feature allows the switch to detect the nd packets based on the binding entries in the ipv6 mac binding table and filter out the illegal nd packets before configuring nd detection complete ipv6 mac binding configuration for details refer to ipv6 mac binding configuration 918
• Using the cli 918
• Gi1 0 1 sipv6 mac n a 919
• Port security type lag 919
• Switch config if end 919
• Switch config if ipv6 verify source sipv6 mac 919
• Switch config if show ipv6 verify source interface gigabitethernet 1 0 1 919
• Switch config interface gigabitethernet 1 0 1 919
• Switch configure 919
• Switch copy running config startup config 919
• The following example shows how to enable ipv6 source guard on port 1 0 1 919
• Configuration examples 920
• Configuration scheme 920
• Example for nd detection 920
• Network requirements 920
• Using the gui 921
• Using the cli 923
• Verify the configuration 923
• Example for ipv6 source guard 924
• Network requirements 924
• Configuration scheme 925
• Using the gui 925
• Using the cli 927
• Verify the configuration 927
• Appendix default parameters 928
• Default settings of dhcp snooping are listed in the following table 928
• Default settings of nd detection are listed in the following table 928
• Default settings of ipv6 source guard are listed in the following table 929
• Chapters 930
• Configuring dhcp filter 930
• Part 30 930
• Dhcp filter 931
• Overview 931
• Supported features 931
• Dhcpv4 filter 932
• Dhcpv4 filter is used for dhcpv4 servers and ipv4 clients 932
• Dhcpv6 filter 932
• Dhcpv6 filter is used for dhcpv6 servers and ipv6 clients 932
• Configuring the basic dhcpv4 filter parameters 933
• Dhcpv4 filter configuration 933
• Using the gui 933
• Click apply 934
• Click create 935
• Configure the following parameters 935
• Configuring legal dhcpv4 servers 935
• Configuring the basic dhcpv4 filter parameters 935
• Follow these steps to add a legal dhcpv4 server 935
• Follow these steps to complete the basic settings of dhcpv4 filter 935
• Legal dhcpv4 servers and 935
• To load the following page 935
• Using the cli 935
• Configuring legal dhcpv4 servers 937
• Follow these steps configure legal dhcpv4 servers 937
• Gi1 0 1 enable enable 10 20 n a 937
• Global status enable 937
• Interface state mac verify limit rate dec rate lag 937
• Switch config if end 937
• Switch config if ip dhcp filter 937
• Switch config if ip dhcp filter decline rate 20 937
• Switch config if ip dhcp filter limit rate 10 937
• Switch config if ip dhcp filter mac verify 937
• Switch config if show ip dhcp filter 937
• Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 937
• Switch config interface gigabitethernet 1 0 1 937
• Switch config ip dhcp filter 937
• Switch configure 937
• Switch copy running config startup config 937
• The following example shows how to enable dhcpv4 filter globally and how to enable dhcpv4 filter enable the mac verify feature set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 937
• Configuring the basic dhcpv6 filter parameters 939
• Dhcpv6 filter configuration 939
• Using the gui 939
• Click apply 940
• Click create 940
• Configure the following parameters 940
• Configuring legal dhcpv6 servers 940
• Follow these steps to add a legal dhcpv6 server 940
• Legal dhcpv6 servers and 940
• To load the following page 940
• Configuring the basic dhcpv6 filter parameters 941
• Follow these steps to complete the basic settings of dhcpv6 filter 941
• Using the cli 941
• Configuring legal dhcpv6 servers 942
• Follow these steps configure legal dhcpv6 servers 942
• Gi1 0 1 enable 10 20 n a 942
• Global status enable 942
• Interface state limit rate dec rate lag 942
• Switch config if end 942
• Switch config if ipv6 dhcp filter 942
• Switch config if ipv6 dhcp filter decline rate 20 942
• Switch config if ipv6 dhcp filter limit rate 10 942
• Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 942
• Switch config if show ipv6 dhcp filter 942
• Switch config interface gigabitethernet 1 0 1 942
• Switch config ipv6 dhcp filter 942
• Switch configure 942
• Switch copy running config startup config 942
• The following example shows how to enable dhcpv6 filter globally and how to enable dhcpv6 filter set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 942
• Configuration examples 944
• Configuration scheme 944
• Example for dhcpv4 filter 944
• Network requirements 944
• Using the gui 945
• Using the cli 946
• Verify the configuration 946
• Example for dhcpv6 filter 947
• Network requirements 947
• Configuration scheme 948
• Using the gui 948
• Using the cli 950
• Verify the configuration 950
• Appendix default parameters 951
• Default settings of dhcpv4 filter are listed in the following table 951
• Chapters 952
• Configuring dos defend 952
• Part 31 952
• Overview 953
• Dos defend configuration 954
• Dos defend to load the following page 954
• Follow these steps to configure dos defend 954
• In the dos defend config section select one or more defend types according to your needs and click apply the following table introduces each type of dos attack 954
• In the dos defend section enable dos protection and click apply 954
• Using the gui 954
• Click apply 955
• Follow these steps to configure dos defend 955
• Using the cli 955
• Appendix default parameters 958
• Default settings of network security are listed in the following tables 958
• Chapters 959
• Monitoring the system 959
• Part 32 959
• Overview 960
• Monitoring the cpu 961
• Using the cli 961
• Using the gui 961
• Monitoring the memory 963
• Using the cli 963
• Using the gui 963
• Unit current memory utilization 964
• Traffic monitor 966
• Using the gui 966
• To view a port s traffic statistics in detail click statistics on the right side of the entry 967
• On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 970
• Using the cli 970
• Appendix default parameters 971
• Chapters 972
• Mirroring traffic 972
• Part 34 972
• Mirroring 973
• Using the gui 973
• Follow these steps to configure the mirroring session 974
• In the destination port config section specify a destination port for the mirroring session and click apply 974
• In the source interfaces config section specify the source interfaces and click apply traffic passing through the source interfaces will be mirrored to the destination port there are three source interface types port lag and cpu choose one or more types according to your need 974
• Follow these steps to configure mirroring 975
• Switch config monitor session 1 destination interface gigabitethernet 1 0 10 975
• Switch configure 975
• The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 and the cpu to port 1 0 10 975
• Using the cli 975
• Configuration examples 977
• Configuration scheme 977
• Network requirements 977
• Using the gui 977
• Using the cli 978
• Verify the configuration 979
• Appendix default parameters 980
• Default settings of switching are listed in th following tables 980
• Chapters 981
• Configuring sflow 981
• Part 35 981
• Overview 982
• Sflow agent 982
• Sflow collector 982
• Configuring the sflow agent 983
• Sflow configuration 983
• Using the gui 983
• An sflow sampler is a data source that collects flow samples usually the ports act as sflow samplers 984
• Click apply 984
• Configuring the sflow collector 984
• Configuring the sflow sampler 984
• Follow these steps to configure the sflow collector 984
• Select a collector and configure the relevant parameters 984
• Sflow collector to load the following page 984
• Click apply 985
• Follow these steps to configure the sflow sampler 985
• Set one or more ports to be samplers and configure the relevant parameters one port can be bound to only one collector 985
• Sflow sampler to load the following page 985
• Follow these steps to configure the sflow 986
• Using the cli 986
• Configuration example 989
• Configuration scheme 989
• Network requirements 989
• Using the gui 989
• Using the cli 990
• Verify the configurations 991
• Appendix default parameters 992
• Default settings of maintenance are listed in the following tables 992
• Chapters 993
• Configuring oam 993
• Part 36 993
• Ethernet oam 994
• Oam connection 994
• Oam entity 994
• Oampdus 994
• Overview 994
• As the above figure shows the oam entity on switch a is in active mode and that on switch b is in passive mode switch a initiates an oam connection by sending an information oampdu switch b compares the oam information in the received oampdu with its own and sends back an information oampdu to switch a if the oam information of the two entities matches an oam connection will be established after that the two oam entities will exchange information oampdus periodically to keep the oam connection valid 995
• Link monitoring 995
• Link monitoring is for monitoring link performance under various circumstances when problems are detected on the link the oam entity will send its remote peer the event notification oampdus to report link events 995
• Supported features 995
• The link events are described as follows 995
• The switch supports the following oam features link monitoring remote failure indication rfi and remote loopback 995
• Remote failure indication rfi 996
• Remote loopback 996
• Enabling oam and configuring oam mode 998
• Ethernet oam configurations 998
• Using the gui 998
• Click apply 999
• Configuring link monitoring 999
• Follow these steps to configure link monitoring 999
• In the link event section select a link event type to configure 999
• Link monitoring to load the following page 999
• Click apply 1000
• In the link monitoring config section select one or more ports and configure the threshold and period for the selected link event 1000
• Click apply 1001
• Configuring rfi 1001
• Follow these steps to configure remote failure indication 1001
• Remote failure indication to load the following page 1001
• Select one or more ports and configure the dying gasp notification and critical event notification features 1001
• Click apply 1002
• Configuring remote loopback 1002
• Follow these steps to configure remote loopback 1002
• Remote loopbak to load the following page 1002
• Select one or more ports and configure the relevant options 1002
• Discovery info to load the following page 1003
• Select a port to view whether the oam connection is established with the peer additionally you can view the oam information of the local and the remote entities 1003
• The oam information of the local entity is as follows 1003
• Viewing oam status 1003
• The oam information of the remote entity is as follows 1004
• Enabling oam and configuring oam mode 1005
• Follow these steps to enable oam and configure oam mode on the port 1005
• Using the cli 1005
• An error symbol period event occurs if the number of symbol errors exceeds the defined threshold within a specific period of time 1006
• Configuring error symbol period event 1006
• Configuring link monitoring 1006
• Follow these steps to configure the error symbol period event 1006
• Gi1 0 1 1006
• Mode passive 1006
• Oam enabled 1006
• Switch config if end 1006
• Switch config if ethernet oam 1006
• Switch config if ethernet oam mode passive 1006
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 1006
• Switch config interface gigabitethernet 1 0 1 1006
• Switch configure 1006
• Switch copy running config startup config 1006
• The following example shows how to enable oam and configure the oam mode as passive on port 1 0 1 1006
• With link monitoring the following link events can be reported error symbol period error frame error frame period error frame seconds 1006
• Gi1 0 1 1007
• Notify state enabled 1007
• Switch config if end 1007
• Switch config if ethernet oam link monitor symbol period threshold 1 window 10 notify enable 1007
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 1007
• Switch config interface gigabitethernet 1 0 1 1007
• Switch configure 1007
• Switch copy running config startup config 1007
• Symbol period error 1007
• The following example shows how to enable error frame event notification and configure the threshold as 1 and the window as 1000 ms 10 100 ms on port 1 0 1 1007
• Threshold 1 error symbol 1007
• Window 1000 milliseconds 1007
• An error frame event occurs if the number of frame errors exceeds the defined threshold within a specific period of time 1008
• Configuring error frame event 1008
• Follow these steps to configure the error frame event 1008
• Gi1 0 1 1008
• Switch config if ethernet oam link monitor frame threshold 1 window 20 notify enable 1008
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 1008
• Switch config interface gigabitethernet 1 0 1 1008
• Switch configure 1008
• The following example shows how to enable error frame notification and configure the threshold as 1 and the window as 2000 ms 20 100 ms on port 1 0 1 1008
• An error frame period event occurs if the number of frame errors in specific number of received frames exceeds the defined threshold 1009
• Configuring error frame period event 1009
• Follow these steps to configure the error frame period event 1009
• Frame error 1009
• Notify state enabled 1009
• Switch config if end 1009
• Switch copy running config startup config 1009
• Threshold 1 error frame 1009
• Window 2000 milliseconds 1009
• Frame seconds error 1011
• Gi1 0 1 1011
• Notify state enabled 1011
• Switch config if end 1011
• Switch config if ethernet oam link monitor frame seconds threshold 1 window 800 notify enable 1011
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 1011
• Switch config interface gigabitethernet 1 0 1 1011
• Switch configure 1011
• Switch copy running config startup config 1011
• The following example shows how to enable error frame seconds notification and configure the threshold as 1 and the window as 80000 ms 800 100 ms on port 1 0 1 1011
• Threshold 1 error seconds 1011
• Window 80000 milliseconds 1011
• Configuring remote failure indication 1012
• Dying gasp enabled 1012
• Follow these steps to configure remote failure indication 1012
• Gi1 0 1 1012
• Switch config if ethernet oam remote failure critical event notify enable 1012
• Switch config if ethernet oam remote failure dying gasp notify enable 1012
• Switch config if show ethernet oam configuration interface gigabitethernet 1 0 1 1012
• Switch config interface gigabitethernet 1 0 1 1012
• Switch configure 1012
• The following example shows how to enable dying gasp and critical event on port 1 0 1 1012
• Configuring remote loopback 1013
• Critical event enabled 1013
• Follow these steps to configure remote loopback 1013
• Switch config if end 1013
• Switch config if ethernet oam remote loopback start 1013
• Switch config interface gigabitethernet 1 0 1 1013
• Switch configure 1013
• Switch copy running config startup config 1013
• The following example shows how to start the oam remote loopback mode of the peer on port 1 0 1 1013
• On privileged exec mode or any other configuration mode you can use the following command to view whether the oam connection is established with the peer additionally you can view the oam information of the local entity and the remote entity 1014
• Verifying oam connection 1014
• Gi1 0 1 1015
• Local client 1015
• Max oampdu 1518 bytes 1015
• Mode active 1015
• Oam enabled 1015
• Remote loopback supported 1015
• Switch config show ethernet oam status interface gigabitethernet 1 0 1 1015
• The following example shows how to view the oam status of port 1 0 1 1015
• Unidirection not supported 1015
• Using the gui 1017
• Viewing oam statistics 1017
• Viewing oampdus 1017
• Event logs statistics to load the following page 1019
• Select a port and view the local and remote event logs on it 1019
• Viewing event logs 1019
• Additionally you can view the detailed information of the event logs in the event log table section 1020
• Gi1 0 1 1020
• Information oampdu rx 28 1020
• Information oampdu tx 28 1020
• On privileged exec mode or any other configuration mode you can use the following command to view the number of oampdus received and sent on the specified port 1020
• Switch show ethernet oam statistics interface gigabitethernet 1 0 1 1020
• The following example shows how to view the transmitted and received oamdpus on port 1 0 1 1020
• Unique event notification oampdu tx 0 1020
• Using the cli 1020
• Viewing oampdus 1020
• Critical event remote 2016 01 01 08 08 00 1022
• Error symbol event 0 1022
• Event listing 1022
• Gi1 0 1 1022
• Local event statistics 1022
• On privileged exec mode or any other configuration mode you can use the following command to view the local and remote event logs on the specified port 1022
• Switch show ethernet oam event log interface gigabitethernet 1 0 1 1022
• The following example shows how to view the event logs on port 1 0 1 1022
• Type location time stamp 1022
• Viewing event logs 1022
• Configuration example 1024
• Configuration scheme 1024
• Network requirements 1024
• Using the gui 1024
• Using the cli 1028
• Verify the configuration 1029
• Appendix default parameters 1032
• Default settings of ethernet oam are listed in the following tables 1032
• Chapters 1033
• Configuring dldp 1033
• Part 37 1033
• Overview 1034
• Configuration guidelines 1035
• Dldp configuration 1035
• Using the gui 1035
• In the port config section select one or more ports enable dldp and click apply then you can view the relevant dldp information in the table 1036
• Follow these steps to configure dldp 1037
• Switch configure 1037
• The following example shows how to enable dldp globally configure the dldp interval as 10 seconds and specify the shutdown mode as auto 1037
• Using the cli 1037
• Appendix default parameters 1039
• Default settings of dldp are listed in the following table 1039
• Chapters 1040
• Configuring snmp rmon 1040
• Part 38 1040
• Basic concepts 1041
• Overview 1041
• Snmp agent 1041
• Snmp manager 1041
• A mib is a collection of managed objects that is organized hierarchically the objects define the attributes of the managed device including the names status access rights and data types each object can be addressed through an object identifier oid 1042
• Also tp link switches support the following public mibs 1042
• As the following figure shows the mib hierarchy can be depicted as a tree with a nameless root the levels of which are assigned by different organizations the top level mib object ids belong to different standards organizations while lower level object ids are allocated by associated organizations vendors can define private branches that include managed objects for their own products 1042
• Lldp ext dot1 mib 1042
• Lldp ext med mib 1042
• Lldp mib 1042
• Rfc1213 mib 1042
• Rfc1493 bridge mib 1042
• Rfc1757 rmon mib 1042
• Rfc2618 radius auth client mib 1042
• Tp link switches provide private mibs that can be identified by the oid 1 1863 the mib file can be found on the provided cd or the download center of our official website https www tp link com en download center html 1042
• An snmp engine can be uniquely identified by an engine id within an administrative domain since there is a one to one association between snmp engines and snmp entities we can also use the engine id to uniquely and unambiguously identify the snmp entity within that administrative domain 1043
• An snmp engine is a part of the snmp entity every snmp entity has one and only one engine an snmp engine provides services for ending and receiving messages authenticating and encrypting messages and controlling access to managed objects 1043
• An snmp entity is a device running the snmp protocol both the snmp manager and snmp agent are snmp entities 1043
• For detail information about the supported public mibs see supported public mibs for tp link switches which can be found on the training center of our website 1043
• Https www tp link com en configuration guides html 1043
• Rfc2620 radius acc client mib 1043
• Rfc2674 pbridge mib 1043
• Rfc2674 qbridge mib 1043
• Rfc2863 pbridge mib 1043
• Rfc2925 disman ping mib 1043
• Rfc2925 disman traceroute mib 1043
• Snmp engine 1043
• Snmp entity 1043
• Snmp version 1043
• The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 1043
• Enabling snmp 1045
• Snmp configurations 1045
• Using the gui 1045
• Click apply 1046
• Creating an snmp view 1046
• Follow these steps to create an snmp view 1046
• Global config to load the following page 1046
• Nms manages mib objects based on the snmp view an snmp view is a subset of a mib the system provides a default view named viewdefault and you can create other snmp views according to your needs 1046
• To load the following page enter a view name and specify the view type and a mib object that is related to the view 1046
• Click create 1047
• Creating snmp communities for snmp v1 v2c 1047
• Set the community name access rights and the related view 1047
• Snmp v1 v2c and click 1047
• To load the following page 1047
• Assign a name to the group then set the security level and the read view write view and notify view 1048
• Click create 1048
• Create an snmp group and configure related parameters 1048
• Creating an snmp group for snmp v3 1048
• Follow these steps to create an snmp group 1048
• Snmp group and click 1048
• To load the following page 1048
• Click create 1049
• Creating snmp users for snmp v3 1049
• Follow these steps to create an snmp user 1049
• Snmp user and click 1049
• Specify the user name user type and the group which the user belongs to then configure the security level 1049
• To load the following page 1049
• Click create 1050
• Enabling snmp 1050
• If you have chosen authnopriv or authpriv as the security level you need to set corresponding authentication mode or privacy mode if not skip the step 1050
• Using the cli 1050
• Bad snmp version errors 1051
• Snmp agent is enabled 1051
• Snmp packets input 1051
• Switch config show snmp server 1051
• Switch config snmp server 1051
• Switch config snmp server engineid remote 123456789a 1051
• Switch configure 1051
• The following example shows how to enable snmp and set 123456789a as the remote engine id 1051
• Unknown community name 1051
• Bad value errors 1052
• Creating an snmp view 1052
• Encoding errors 1052
• General errors 1052
• Get next pdus 1052
• Get request pdus 1052
• Illegal operation for community name supplied 1052
• Local engine id 80002e5703000aeb13a23d 1052
• No such name errors 1052
• Number of altered variables 1052
• Number of requested variables 1052
• Remote engine id 123456789a 1052
• Response pdus 1052
• Set request pdus 1052
• Snmp packets output 1052
• Specify the oid object identifier of the view to determine objects to be managed 1052
• Switch config end 1052
• Switch config show snmp server engineid 1052
• Switch copy running config startup config 1052
• Too big errors maximum packet size 1500 1052
• Trap pdus 1052
• Creating snmp communities for snmp v1 v2c 1053
• Create an snmp group and set user access control with read write and notify views meanwhile set the authentication and privacy modes to secure the communication between the nms and managed devices 1054
• Creating an snmp group for snmpv3 1054
• Index name type mib view 1054
• Nms monitor read write view 1054
• Switch config end 1054
• Switch config show snmp server community 1054
• Switch config snmp server community nms monitor read write view 1054
• Switch configure 1054
• Switch copy running config startup config 1054
• The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 1054
• 1 nms1 v3 authpriv view1 view1 1055
• No name sec mode sec lev read view write view notify view 1055
• Switch config end 1055
• Switch config show snmp server group 1055
• Switch config snmp server group nms1 smode v3 slev authpriv read view1 notify view1 1055
• Switch configure 1055
• Switch copy running config startup config 1055
• The following example shows how to create an snmpv3 group with the group name as nms1 the security level as authpriv and the read and notify view are both view1 1055
• Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 1056
• Creating snmp users for snmpv3 1056
• Configuring the information of nms hosts 1058
• Notification configurations 1058
• Using the gui 1058
• Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 1059
• Click create 1059
• Specify the user name or community name used by the nms host and configure the security model and security level based on the settings of the user or community 1059
• Enabling snmp traps 1060
• Select the traps to enable according to your needs 1060
• The supported traps are listed on the page follow these steps to enable any or all of these traps 1060
• Trap config to load the following page 1060
• Click apply 1062
• Configure parameters of the nms host and packet handling mechanism 1062
• Configuring the nms host 1062
• Using the cli 1062
• The following example shows how to set the nms host ip address as 192 0 22 udp port as port 162 name used by the nms host as admin security model as snmpv3 1063
• 0 22 162 admin v3 authpriv inform 3 100 1064
• Enabling snmp traps 1064
• Enabling the snmp standard traps globally 1064
• No des ip udp name secmode seclev type retry timeout 1064
• Security level as authpriv notification type as inform retry times as 3 and the timeout interval as 100 seconds 1064
• Switch config end 1064
• Switch config show snmp server host 1064
• Switch config snmp server host 192 0 22 162 admin smode v3 slev authpriv type inform retries 3 timeout 100 1064
• Switch configure 1064
• Switch copy running config startup config 1064
• The switch supports multiple snmp traps like snmp standard traps acl traps and vlan traps you can enable any or all of the traps according to your needs 1064
• Enabling the snmp extended traps globally 1065
• Switch config end 1065
• Switch config snmp server traps snmp linkup 1065
• Switch configure 1065
• Switch copy running config startup config 1065
• The following example shows how to configure the switch to send linkup traps 1065
• Enabling the ddm traps globally 1066
• Switch config end 1066
• Switch config snmp server traps bandwidth control 1066
• Switch configure 1066
• Switch copy running config startup config 1066
• The following example shows how to configure the switch to enable bandwidth control traps 1066
• Enabling the snmp security traps globally 1067
• Enabling the vlan traps globally 1067
• Switch config end 1067
• Switch config snmp server traps ddm temperature 1067
• Switch config snmp server traps vlan 1067
• Switch configure 1067
• Switch copy running config startup config 1067
• The following example shows how to configure the switch to enable all the snmp vlan traps 1067
• The following example shows how to configure the switch to enable ddm temperature trap 1067
• Enabling the acl trap globally 1068
• Enabling the ip traps globally 1068
• Switch config end 1068
• Switch config snmp server traps acl 1068
• Switch config snmp server traps security dhcp filter 1068
• Switch configure 1068
• Switch copy running config startup config 1068
• The following example shows how to configure the switch to enable acl trap 1068
• The following example shows how to configure the switch to enable dhcp filter trap 1068
• Enabling the snmp poe traps globally 1069
• Switch config end 1069
• Switch config snmp server traps ip change 1069
• Switch configure 1069
• Switch copy running config startup config 1069
• The following example shows how to configure the switch to enable ip change trap 1069
• Enabling the link status trap for ports 1070
• Switch config end 1070
• Switch config snmp server traps power 1070
• Switch configure 1070
• Switch copy running config startup config 1070
• The following example shows how to configure the switch to enable all poe traps 1070
• Switch config if end 1071
• Switch config if snmp server traps link status 1071
• Switch config interface gigabitethernet 1 0 1 1071
• Switch configure 1071
• Switch copy running config startup config 1071
• The following example shows how to configure the switch to enable link status trap 1071
• Configuring statistics group 1073
• Rmon configurations 1073
• Using the gui 1073
• Click create 1074
• Configuring history group 1074
• Follow these steps to configure the history group 1074
• History to load the following page 1074
• Select a history entry and specify a port to be monitored 1074
• Set the sample interval and the maximum buckets of history entries 1074
• Choose an event entry and set the snmp user of the entry 1075
• Configuring event group 1075
• Enter the owner name and set the status of the entry click apply 1075
• Event to load the following page 1075
• Follow these steps to configure the event group 1075
• Set the description and action to be taken when the event is triggered 1075
• Alarm to load the following page 1076
• Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 1076
• Configuring alarm group 1076
• Enter the owner name and set the status of the entry click apply 1076
• Follow these steps to configure the alarm group 1077
• Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 1077
• Set the sample type the rising and falling threshold the corresponding event action mode and the alarm type of the entry 1077
• Configuring statistics 1078
• Enter the owner name and set the status of the entry click apply 1078
• Using the cli 1078
• Gi1 0 1 monitor valid 1079
• Gi1 0 2 monitor valid 1079
• Index port owner state 1079
• Switch config end 1079
• Switch config rmon statistics 1 interface gigabitethernet 1 0 1 owner monitor status valid 1079
• Switch config rmon statistics 2 interface gigabitethernet 1 0 2 owner monitor status valid 1079
• Switch config show rmon statistics 1079
• Switch configure 1079
• Switch copy running config startup config 1079
• The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entries are both monitor and the status are both valid 1079
• Configuring history 1080
• Gi1 0 1 100 50 monitor enable 1080
• Index port interval buckets owner state 1080
• Switch config end 1080
• Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor buckets 50 1080
• Switch config show rmon history 1080
• Switch configure 1080
• The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds maximum buckets as 50 and the owner as monitor 1080
• Configuring event 1081
• Switch config rmon event 1 user admin description rising notify type notify owner monitor 1081
• Switch configure 1081
• Switch copy running config startup config 1081
• The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 1081
• Admin rising notify notify monitor enable 1082
• Configuring alarm 1082
• Index user description type owner state 1082
• Switch config end 1082
• Switch config show rmon event 1082
• Switch copy running config startup config 1082
• Configuration example 1085
• Network requirements 1085
• Configuration scheme 1086
• Using the gui 1086
• Using the cli 1091
• Verify the configurations 1093
• Appendix default parameters 1097
• Default settings of snmp are listed in the following tables 1097
• Default settings of notification are listed in the following table 1098
• Default settings of rmon are listed in the following tables 1099
• Chapters 1101
• Diagnosing the device network 1101
• Part 39 1101
• Check the test results in the result section 1102
• Device diagnostics to load the following page 1102
• Diagnosing the device 1102
• Follow these steps to diagnose the cable 1102
• Select your desired port for the test and click apply 1102
• The device diagnostics feature provides cable testing which allows you to troubleshoot based on the connection status cable length and fault location 1102
• Using the gui 1102
• Gi1 0 2 pair a normal 2 10m 1103
• On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 1103
• Pair b normal 2 10m 1103
• Pair c normal 0 10m 1103
• Pair d normal 2 10m 1103
• Port pair status length error 1103
• Switch show cable diagnostics interface gigabitehternet 1 0 2 1103
• The following example shows how to check the cable diagnostics of port 1 0 2 1103
• Using the cli 1103
• Diagnosing the network 1104
• Troubleshooting with ping testing 1104
• Using the gui 1104
• Troubleshooting with tracert testing 1105
• Approximate round trip times in milli seconds 1106
• Configuring the ping test 1106
• In the tracert result section check the test results 1106
• Minimum 0ms maximum 0ms average 0ms 1106
• On privileged exec mode you can use the following command to test the connectivity between the switch and one node of the network 1106
• Packets sent 3 received 3 lost 0 0 loss 1106
• Ping statistics for 192 68 0 1106
• Pinging 192 68 0 with 1000 bytes of data 1106
• Reply from 192 68 0 bytes 1000 time 16ms ttl 64 1106
• Switch ping ip 192 68 0 n 3 l 1000 i 500 1106
• The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 1106
• Using the cli 1106
• Configuring the tracert test 1107
• Ms 1 ms 2 ms 192 68 1107
• Ms 2 ms 2 ms 192 68 00 1107
• On privileged exec mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 1107
• Switch tracert 192 68 00 2 1107
• The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 1107
• Trace complete 1107
• Tracing route to 192 68 00 over a maximum of 2 hops 1107
• Appendix default parameters 1108
• Default settings of network diagnostics are listed in the following tables 1108
• Chapters 1109
• Configuring system logs 1109
• Part 40 1109
• Overview 1110
• Backing up the logs 1111
• Configuration guidelines 1111
• Configure the local logs 1111
• Configure the remote logs 1111
• Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 1111
• System logs configurations 1111
• System logs configurations include 1111
• Viewing the log table 1111
• Click apply 1112
• Configuring the local logs 1112
• Configuring the remote logs 1112
• Follow these steps to configure the local logs 1112
• Local logs to load the following page 1112
• Select your desired channel and configure the corresponding severity and status 1112
• Using the gui 1112
• You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log 1112
• Backing up the logs 1113
• Log table to load the following page 1114
• Select a module and a severity to view the corresponding log information 1114
• Viewing the log table 1114
• Configuring the local logs 1115
• Follow these steps to configure the local logs 1115
• Using the cli 1115
• Configuring the remote logs 1116
• 6 disable 1117
• 68 48 5 enable 1117
• Index host ip severity status 1117
• Switch config end 1117
• Switch config logging host index 2 192 68 48 5 1117
• Switch config show logging loghost 1117
• Switch configure 1117
• Switch copy running config startup config 1117
• The following example shows how to set the remote log on the switch enable log server 2 set its ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the server 1117
• Configuration example 1118
• Configuration scheme 1118
• Network requirements 1118
• Using the gui 1118
• Using the cli 1119
• Verify the configurations 1119
• Appendix default parameters 1120
• Default settings of maintenance are listed in the following tables 1120
• Copyright trademarks 1121
• Fcc statement 1121
• Canadian compliance statement 1122
• Ce mark warning 1122
• Eu declaration of conformity 1122
• Industry canada statement 1122
• Ncc notice 1122
• Bsmi notice 1123
• Продукт сертифіковано згідно с правилами системи укрсепро на відповідність вимогам нормативних документів та вимогам що передбачені чинними законодавчими актами україни 1123
• 安全諮詢及注意事項 1123
• 插槽與開口供通風使用 以確保本產品的操作可靠並防止過熱 請勿堵塞或覆蓋開口 1123
• 此為甲類資訊技術設備 于居住環境中使用時 可能會造成射頻擾動 在此種情況下 使用者 會被要求採取某些適當的對策 1123
• 注意防潮 請勿將水或其他液體潑灑到本產品上 1123
• 清潔本產品之前請先拔掉電源線 請勿使用液體 噴霧清潔劑或濕布進行清潔 1123
• 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通行 經發現有干擾現象時 應立即停用 並改善至無干擾時方得繼續使用 前項合法通信 指依電信規定作業之無線電信 低功率射頻電機需忍受合法通信或工業 科學以及醫療用電波輻射性電機設備之干擾 1123
• 請不要私自打開機殼 不要嘗試自行維修本產品 請由授權的專業人士進行此項工作 1123
• 請使用原裝電源供應器或只能按照本產品注明的電源類型使用本產品 1123
• 請勿將本產品置放於靠近熱源的地方 除非有正常的通風 否則不可放在密閉位置中 1123
• 限用物質含有情況標示聲明書 1123
• Explanation of the symbols on the product label 1124
• Safety information 1124