Tp-Link T1600G-52PS V3 [3/886] Eee configuration 54

Содержание

• Configuration guide 1
• T1600g 52ts tl sg2452 t1600g 52ps tl sg2452p 1
• T1600g series switches 1
• About this guide 2
• Accessing the switch 2
• Command line interface access 10 2
• Contents 2
• Conventions 2
• Intended readers 2
• Managing system 2
• More information 2
• Overview 2
• System 21 2
• System info configurations 23 2
• Web interface access 2
• Eee configuration 54 3
• Poe configurations 56 3
• Sdm template configuration 68 3
• System tools configurations 43 3
• Time range configuration 71 3
• User management configurations 36 3
• Appendix default parameters 04 4
• Appendix default parameters 82 4
• Basic parameters configurations 87 4
• Configuration examples 98 4
• Example for poe configurations 77 4
• Loopback detection configuration 94 4
• Managing physical interfaces 4
• Physical interface 86 4
• Port isolation configurations 91 4
• Appendix default parameters 20 5
• Appendix default parameters 31 5
• Configuration example 16 5
• Configuring 802 q vlan 5
• Configuring lag 5
• Lag 06 5
• Lag configuration 07 5
• Mac address configurations 23 5
• Mac address table 22 5
• Managing mac address table 5
• Overview 33 5
• Q vlan configuration 34 5
• Appendix default parameters 46 6
• Appendix default parameters 61 6
• Configuration example 40 6
• Configuration example 53 6
• Configuring mac vlan 6
• Configuring protocol vlan 6
• Mac vlan configuration 49 6
• Overview 48 6
• Overview 63 6
• Protocol vlan configuration 64 6
• Appendix default parameters 82 7
• Appendix default parameters 99 7
• Configuration example 71 7
• Configuration example 90 7
• Configuring gvrp 7
• Configuring layer 2 multicast 7
• Gvrp configuration 85 7
• Igmp snooping configuration 04 7
• Layer 2 multicast 01 7
• Overview 84 7
• Mld snooping configuration 20 8
• Multicast filtering configuration 44 8
• Mvr configuration 34 8
• Viewing multicast snooping information 54 8
• Appendix default parameters 83 9
• Configuration examples 59 9
• Configuring spanning tree 9
• Spanning tree 87 9
• Appendix default parameters 45 10
• Configuration example for mstp 31 10
• Configuring lldp 10
• Lldp 48 10
• Mstp configurations 07 10
• Stp rstp configurations 95 10
• Stp security configurations 27 10
• Appendix default parameters 79 11
• Configuration example 72 11
• Configuring layer 3 interfaces 11
• Layer 3 interface configurations 82 11
• Lldp configurations 49 11
• Lldp med configurations 57 11
• Overview 81 11
• Viewing lldp med settings 69 11
• Viewing lldp settings 64 11
• Appendix default parameters 95 12
• Configuring dhcp service 12
• Configuring routing 12
• Dhcp 11 12
• Dhcp server configuration 14 12
• Example for static routing 05 12
• Ipv4 static routing configuration 98 12
• Ipv6 static routing configuration 00 12
• Overview 97 12
• Viewing routing table 02 12
• Appendix default parameters 46 13
• Configuration examples 40 13
• Dhcp l2 relay configuration 35 13
• Dhcp relay configuration 25 13
• Appendix default parameters 63 14
• Arp configurations 52 14
• Bandwidth control configuration 88 14
• Class of service configuration 67 14
• Configuring arp 14
• Configuring qos 14
• Overview 50 14
• Qos 65 14
• Access security 36 15
• Access security configurations 37 15
• Appendix default parameters 31 15
• Auto voip configuration 00 15
• Configuration examples 05 15
• Configuring access security 15
• Voice vlan configuration 94 15
• Aaa configuration 60 16
• Appendix default parameters 56 16
• Appendix default parameters 83 16
• Configuration example 77 16
• Configuring 802 x 16
• Configuring aaa 16
• Overview 59 16
• Overview 86 16
• X configuration 88 16
• Acl configuration 19 17
• Appendix default parameters 09 17
• Appendix default parameters 16 17
• Configuration example 03 17
• Configuring acl 17
• Configuring port security 17
• Overview 11 17
• Overview 18 17
• Port security configuration 12 17
• Appendix default parameters 52 18
• Arp detection configuration 66 18
• Configuration example for acl 44 18
• Configuring ipv4 impb 18
• Ip mac binding configuration 56 18
• Ipv4 impb 55 18
• Ipv4 source guard configuration 73 18
• Appendix default parameters 85 19
• Configuration examples 76 19
• Configuring ipv6 impb 19
• Ipv6 impb 88 19
• Ipv6 mac binding configuration 90 19
• Nd detection configuration 01 19
• Appendix default parameters 18 20
• Configuration examples 10 20
• Configuring dhcp filter 20
• Dhcp filter 21 20
• Dhcpv4 filter configuration 23 20
• Ipv6 source guard configuration 07 20
• Appendix default parameters 42 21
• Appendix default parameters 49 21
• Configuration examples 34 21
• Configuring dos defend 21
• Dhcpv6 filter configuration 29 21
• Dos defend configuration 45 21
• Monitoring the cpu 52 21
• Monitoring the memory 54 21
• Monitoring the system 21
• Overview 44 21
• Overview 51 21
• Appendix default parameters 62 22
• Appendix default parameters 71 22
• Appendix default parameters 78 22
• Configuration examples 68 22
• Configuring dldp 22
• Configuring snmp rmon 22
• Dldp configuration 74 22
• Mirroring 64 22
• Mirroring traffic 22
• Monitoring traffic 22
• Overview 73 22
• Snmp 80 22
• Snmp configurations 84 22
• Traffic monitor 57 22
• Appendix default parameters 34 23
• Configuration example 22 23
• Diagnosing the device 39 23
• Diagnosing the device network 23
• Diagnosing the network 41 23
• Notification configurations 97 23
• Rmon 09 23
• Rmon configurations 10 23
• Appendix default parameters 45 24
• Appendix default parameters 57 24
• Configuration example 55 24
• Configuring system logs 24
• Overview 47 24
• System logs configurations 48 24
• About this guide 25
• Conventions 25
• Intended readers 25
• More information 26
• Accessing the switch 27
• Chapters 27
• Part 1 27
• Overview 28
• Web interface access 29
• Save config function 30
• Disable the web server 31
• Configure the switch s ip address and default gateway 32
• Command line interface access 34
• Console login only for switch with console port 34
• Enter enable to enter the user exec mode to further configure the switch 35
• Telnet login 36
• Password authentication mode 37
• Ssh login 37
• Key authentication mode 38
• After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 39
• After negotiation is completed enter the username to log in if you can log in without entering the password the key authentication completed successfully 41
• Disable telnet login 41
• Telnet config disable the telnet function and click apply 41
• Using the gui 41
• You can shut down the telnet function to block any telnet access to the cli interface 41
• Copy running config startup config 42
• Disable ssh login 42
• Change the switch s ip address and default gateway 43
• Chapters 44
• Managing system 44
• Part 2 44
• Overview 45
• Supported features 45
• System 45
• System info 45
• System tools 45
• User management 45
• Sdm template 46
• Time range 46
• System info configurations 47
• Using the gui 47
• Viewing the system summary 47
• You can click a port to view the bandwidth utilization on this port 48
• You can move your cursor to a port to view the detailed information of the port 48
• In the system info section you can view the system information of the switch 49
• Viewing the system information 49
• Configuring the device description 50
• Device description to load the following page 50
• In the device description section configure the following parameters 50
• Choose one method to set the system time and specify the related parameters 51
• Click apply 51
• Configuring the system time 51
• In the time config section follow these steps to configure the system time 51
• In the time info section you can view the current time information of the switch 51
• System time to load the following page 51
• Choose one method to set the daylight saving time and specify the related parameters 52
• Click apply 52
• Configuring the daylight saving time 52
• Daylight saving time to load the following page 52
• Follow these steps to configure daylight saving time 52
• In the dst config section enable the daylight saving time function 52
• Click apply 53
• Gi1 0 1 linkdown n a n a n a disable copper 53
• Gi1 0 2 linkdown n a n a n a disable copper 53
• On privileged exec mode or any other configuration mode you can use the following commands to view the system information of the switch 53
• Port status speed duplex flowctrl jumbo active medium 53
• Switch show interface status 53
• The following example shows how to view the interface status and the system information of the switch 53
• Using the cli 53
• Viewing the system summary 53
• Bootloader version tp link bootutil v1 54
• Configuring the device description 54
• Contact information www tp link com 54
• Follow these steps to configure the device description 54
• Gi1 0 3 linkup 1000m full disable disable copper 54
• Hardware version t1600g 52ts 3 54
• Mac address 00 0a eb 13 23 a0 54
• Running time 1 day 2 hour 33 min 42 sec 54
• Serial number 54
• Software version 3 build 20171029 rel 8400 s 54
• Switch show system info 54
• System description jetstream 48 port gigabit smart switch with 4 sfp slots 54
• System location shenzhen 54
• System name t1600g 52ts 54
• System time 2017 10 27 11 23 32 54
• Configuring the system time 55
• Backup ntp server 139 8 00 63 57
• Last successful ntp server 133 00 57
• Prefered ntp server 133 00 57
• Switch config show system time ntp 57
• Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 57
• Switch configure 57
• The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 57
• Time zone utc 08 00 57
• Configuring the daylight saving time 58
• Follow these steps to configure the daylight saving time 58
• Switch config end 58
• Switch copy running config startup config 58
• Update rate 11 hour s 58
• Dst configuration is one off 59
• Dst ends at 01 00 00 on sep 1 2017 59
• Dst offset is 50 minutes 59
• Dst starts at 01 00 00 on aug 1 2017 59
• Switch config end 59
• Switch config show system time dst 59
• Switch config system time dst date aug 1 01 00 2017 sep 1 01 00 2017 50 59
• Switch configure 59
• Switch copy running config startup config 59
• The following example shows how to set the daylight saving time by date mode set the start time as 01 00 august 1st 2017 set the end time as 01 00 september 1st 2017 and set the offset as 50 59
• Creating accounts 60
• User management configurations 60
• Using the gui 60
• Click create 61
• Configure the following parameters 61
• Configuring enable password 61
• Follow these steps to create a new user account 61
• Global config to load the following page 61
• Creating accounts 62
• Using the cli 62
• Configuring enable password 64
• Follow these steps to create an account of other type 64
• The logged in users can enter the enable password on this page to get the administrative privileges 65
• Configuring the boot file 67
• System tools configurations 67
• Using the gui 67
• Click apply 68
• Follow these steps to configure the boot file 68
• In the boot table section select one or more units and configure the relevant parameters 68
• In the image table you can view the information of the current startup image next startup image and backup image the displayed information is as follows 68
• Restore config to load the following page 68
• Restoring the configuration of the switch 68
• Backing up the configuration file 69
• Upgrading the firmware 70
• Configuring reboot schedule 71
• Manually rebooting the switch 71
• Rebooting the switch 71
• Choose whether to save the current configuration before the reboot 72
• Click apply 72
• Configuring the boot file 72
• Follow these steps to configure the boot file 72
• In the system reset section select the desired unit and click reset after reset all configurations of the switch will be reset to the factory defaults 72
• Reseting the switch 72
• System reset to load the following page 72
• Using the cli 72
• Backup config config2 cfg 73
• Backup image image2 bin 73
• Boot config 73
• Current startup config config2 cfg 73
• Current startup image image2 bin 73
• Follow these steps to restore the configuration of the switch 73
• Next startup config config1 cfg 73
• Next startup image image1 bin 73
• Restoring the configuration of the switch 73
• Switch config boot application filename image1 startup 73
• Switch config boot application filename image2 backup 73
• Switch config boot config filename config1 startup 73
• Switch config boot config filename config2 backup 73
• Switch config end 73
• Switch config show boot 73
• Switch configure 73
• Switch copy running config startup config 73
• The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file as config2 73
• Backing up the configuration file 74
• Backup user config file ok 74
• Enable 74
• Follow these steps to back up the current configuration of the switch in a file 74
• Follow these steps to upgrade the firmware 74
• Operation ok now rebooting system 74
• Start to backup user config file 74
• Start to load user config file 74
• Switch copy startup config tftp ip address 192 68 00 filename file2 74
• Switch copy tftp startup config ip address 192 68 00 filename file1 cfg 74
• The following example shows how to backup the configuration file named file2 to tftp server with ip address 192 68 00 74
• The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 74
• Upgrading the firmware 74
• Configuring reboot schedule 75
• Enable 75
• Follow these steps to configure the reboot schedule 75
• Follow these steps to reboot the switch 75
• It will only upgrade the backup image continue y n y 75
• Manually rebooting the switch 75
• Operation ok 75
• Reboot with the backup image y n y 75
• Rebooting the switch 75
• Switch firmware upgrade ip address 192 68 00 filename file3 bin 75
• The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 75
• Reboot schedule at 2017 08 15 12 00 in 25582 minutes 76
• Reboot schedule settings 76
• Reboot system at 15 08 2017 12 00 continue y n y 76
• Save before reboot yes 76
• Switch config end 76
• Switch config reboot schedule at 12 00 15 08 2017 save_before_reboot 76
• Switch configure 76
• Switch copy running config startup config 76
• The following example shows how to set the switch to reboot at 12 00 on 15 08 2017 76
• Follow these steps to reset the switch 77
• Reseting the switch 77
• Click apply 78
• Eee configuration 78
• Eee to load the following page 78
• Enable or disable eee on the selected port s 78
• Follow these steps to configure eee 78
• In the eee config section select one or more ports to be configured 78
• Using the cli 78
• Poe configurations 80
• And configure the system power limit click apply 81
• Configuring the poe parameters manually 81
• Follow these steps to configure the basic poe parameters 81
• In addition you can click 81
• In the poe config section you can view the current poe parameters 81
• Poe config to load the following page 81
• Using the gui 81
• In the port config section select the port you want to configure and specify the parameters click apply 82
• Click create 84
• Configuring the poe parameters using the profile 84
• Creating a poe profile 84
• Follow these steps to create a poe profile 84
• In the create poe profile section specify the desired configurations of the profile 84
• Poe profile and click 84
• To load the following page 84
• In the port config section select one or more ports and configure the following two parameters time range and poe profile click apply and the poe parameters of the selected poe profile such as poe status and poe priority will be displayed in the table 86
• Configuring the poe parameters manually 87
• Follow these steps to configure the basic poe parameters 87
• Using the cli 87
• Gi1 0 5 enable middle class3 no limit none 88
• Interface poe status poe prio power limit w time range poe profile 88
• Switch config if power inline consumption class3 88
• Switch config if power inline priority middle 88
• Switch config if power inline supply enable 88
• Switch config if show power inline 88
• Switch config if show power inline configuration interface gigabitethernet 1 0 5 88
• Switch config if show power inline information interface gigabitethernet 1 0 5 88
• Switch config interface gigabitethernet 1 0 5 88
• Switch config power inline consumption 160 88
• Switch configure 88
• System power consumption 0 w 88
• System power limit 160 w 88
• System power remain 160 w 88
• The following example shows how to set the system power limit as 160w set the priority as middle and set the power limit as class3 for the port 1 0 5 88
• Configuring the poe parameters using the profile 89
• Follow these steps to configure the poe profile 89
• Gi1 0 5 1 26 53 class 2 on 89
• Interface power w current ma voltage v pd class power status 89
• Switch config if end 89
• Switch copy running config startup config 89
• Index name status priority power limit w 90
• Profile1 enable middle class2 90
• Switch config interface gigabitethernet 1 0 6 90
• Switch config power profile profile1 supply enable priority middle consumption class2 90
• Switch config show power profile 90
• Switch configure 90
• The following example shows how to create a profile named profile1and bind the profile to the port 1 0 6 90
• In sdm template config section select one template and click apply the setting will be effective after the switch is rebooted 92
• Sdm template configuration 92
• Sdm template to load the following page 92
• The template table displays the resources allocation of each template 92
• Using the gui 92
• Enterprisev4 template 93
• Follow these steps to configure the sdm template 93
• Number of ip acl rules 360 93
• Number of mac acl rules 100 93
• Switch config 93
• Switch config show sdm prefer enterprisev4 93
• The following example shows how to set the sdm template as enterprisev4 93
• Using the cli 93
• Adding time range entries 95
• Time range configuration 95
• Using the gui 95
• Configure the following parameters and click create 96
• Similarly you can add more entries of period time according to your needs the final period time is the sum of all the periods in the table click create 96
• Configuring holiday 97
• Adding time range entries 98
• Follow these steps to add time range entries 98
• Using the cli 98
• 08 00 to 20 00 on 1 2 99
• 10 01 2017 to 10 31 2017 99
• Configuring holiday 99
• Follow these steps to configure holiday time range 99
• Holiday exclude 99
• Number of time slice 1 99
• Switch config 99
• Switch config time range absolute from 10 01 2017 to 10 31 2017 99
• Switch config time range end 99
• Switch config time range holiday exclude 99
• Switch config time range periodic start 08 00 end 20 00 day of the week 1 2 99
• Switch config time range show time range 99
• Switch config time range time1 99
• Switch copy running config startup config 99
• The following example shows how to create a time range entry and set the name as time1 holiday mode as exclude absolute time as 10 01 2017 to 10 31 2017 and periodic time as 8 00 to 20 00 on every monday and tuesday 99
• Time range entry 12 inactive 99
• Time range entry time1 inactive 99
• Configuring scheme 101
• Example for poe configurations 101
• Network requirements 101
• Using the gui 101
• Using the cli 104
• Verify the configuration 104
• Gi1 0 3 enable low class4 office time none 105
• Interface poe status poe prio power limit w time range poe profile 105
• Appendix default parameters 106
• Default settings of system info are listed in the following tables 106
• Default settings of system tools are listed in the following table 106
• Default settings of user management are listed in the following table 106
• Default setting of eee is listed in the following table 107
• Default settings of poe is listed in the following table 107
• Default settings of sdm template are listed in the following table 107
• Default settings of time range are listed in the following table 108
• Chapters 109
• Managing physical interfaces 109
• Part 3 109
• Basic parameters 110
• Loopback detection 110
• Overview 110
• Physical interface 110
• Port isolation 110
• Supported features 110
• Basic parameters configurations 111
• Configure the mtu size of jumbo frames for all the ports then click apply 111
• Follow these steps to configure basic parameters for the ports 111
• Port config to load the following page 111
• Select one or more ports to configure the basic parameters then click apply 111
• Using the gui 111
• Follow these steps to set basic parameters for the ports 112
• Using the cli 112
• Switch config if no shutdown 113
• Switch config interface gigabitethernet 1 0 1 113
• Switch configure 113
• Switch jumbo size 9216 113
• The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port configuring the jumbo frame making the port automatically negotiate speed and duplex with the neighboring port and enabling the flow control 113
• Port isolation configurations 115
• Using the gui 115
• Click apply 116
• Follow these steps to configure port isolation 116
• In the forwarding port list section select the forwarding ports or lags which the isolated ports can only communicate with it is multi optional 116
• In the port section select one or multiple ports to be isolated 116
• Using the cli 116
• Gi1 0 5 n a gi1 0 1 3 po4 117
• Port lag forward list 117
• Switch config if end 117
• Switch config if port isolation gi forward list 1 0 1 3 po forward list 4 117
• Switch config if show port isolation interface gigabitethernet 1 0 5 117
• Switch config interface gigabitethernet 1 0 5 117
• Switch configure 117
• Switch copy running config startup config 117
• The following example shows how to add ports 1 0 1 3 and lag 4 to the forwarding list of port 1 0 5 117
• Loopback detection configuration 118
• Using the gui 118
• In the port config section select one or more ports to configure the loopback detection parameters then click apply 119
• Optional view the loopback detection information 119
• Follow these steps to configure loopback detection 120
• Using the cli 120
• Configuration examples 122
• Configuration scheme 122
• Example for port isolation 122
• Network requirements 122
• Using the gui 122
• Using the cli 124
• Verify the configuration 124
• Configuration scheme 125
• Example for loopback detection 125
• Network requirements 125
• Using the gui 126
• Using the cli 127
• Verify the configuration 127
• Appendix default parameters 128
• Default settings of switching are listed in th following tables 128
• Chapters 129
• Configuring lag 129
• Part 4 129
• Overview 130
• Static lag 130
• Supported features 130
• Configuration guidelines 131
• Lag configuration 131
• Configuring load balancing algorithm 132
• In the global config section select the load balancing algorithm hash algorithm then click apply 132
• Lag table to load the following page 132
• Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 132
• Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address you can set the algorithm 132
• Using the gui 132
• Configuring static lag or lacp 133
• Configuring lacp 134
• Follow these steps to configure lacp 134
• Lacp to load the following page 134
• Select member ports for the lag and configure the related parameters click apply 134
• Specify the system priority for the switch and click apply 134
• Configuring load balancing algorithm 135
• Follow these steps to configure the load balancing algorithm 135
• Using the cli 135
• Configuring static lag or lacp 136
• Etherchannel load balancing addresses used per protocol 136
• Etherchannel load balancing configuration src dst mac 136
• Ipv4 source xor destination mac address 136
• Ipv6 source xor destination mac address 136
• Non ip source xor destination mac address 136
• Switch config end 136
• Switch config port channel load balance src dst mac 136
• Switch config show etherchannel load balance 136
• Switch configure 136
• Switch copy running config startup config 136
• The following example shows how to set the global load balancing mode as src dst mac 136
• You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 136
• Configuring static lag 137
• Flags d down p bundled in port channel u in use 137
• Follow these steps to configure static lag 137
• Group port channel protocol ports 137
• I stand alone h hot standby lacp only s suspended 137
• Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 137
• R layer3 s layer2 f failed to allocate aggregator 137
• Switch config if range channel group 2 mode on 137
• Switch config if range end 137
• Switch config if range show etherchannel 2 summary 137
• Switch config interface range gigabitethernet 1 0 5 8 137
• Switch configure 137
• Switch copy running config startup config 137
• The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 137
• U unsuitable for bundling w waiting to be aggregated d default port 137
• Configuring lacp 138
• Follow these steps to configure lacp 138
• Configuration example 140
• Configuration scheme 140
• Network requirements 140
• Using the gui 141
• Using the cli 142
• Verify the configuration 142
• Appendix default parameters 144
• Default settings of switching are listed in the following tables 144
• Chapters 145
• Managing mac address table 145
• Part 5 145
• Address configurations 146
• Mac address table 146
• Overview 146
• Supported features 146
• Adding static mac address entries 147
• Mac address configurations 147
• Using the gui 147
• Click apply 149
• Dynamic address to load the following page 149
• Follow these steps to modify the aging time of dynamic address entries 149
• In the aging config section enable auto aging and enter your desired length of time 149
• Modifying the aging time of dynamic address entries 149
• Adding mac filtering address entries 150
• Viewing address table entries 150
• Adding static mac address entries 151
• Address table and click 151
• Follow these steps to add static mac address entries 151
• To load the following page 151
• Using the cli 151
• Modifying the aging time of dynamic address entries 152
• Adding mac filtering address entries 153
• Aging time is 500 sec 153
• Follow these steps to add mac filtering address entries 153
• Switch config end 153
• Switch config mac address table aging time 500 153
• Switch config show mac address table aging time 153
• Switch configure 153
• Switch copy running config startup config 153
• The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 153
• Appendix default parameters 155
• Default settings of the mac address table are listed in the following tables 155
• Chapters 156
• Configuring 802 q vlan 156
• Part 6 156
• Overview 157
• Configuring the pvid of the port 158
• Q vlan configuration 158
• Using the gui 158
• Configuring the vlan 159
• Enter a vlan id and a description for identification to create a vlan 159
• Follow these steps to configure vlan 159
• To load the following page to load the following page 159
• Vlan config and click 159
• Click apply 160
• Creating a vlan 160
• Follow these steps to create a vlan 160
• Select the untagged port s and the tagged port s respectively to add to the created vlan based on the network topology 160
• Switch configure 160
• The following example shows how to create vlan 2 and name it as rd 160
• Using the cli 160
• Configuring the port 161
• Follow these steps to configure the port 161
• Rd active 161
• Switch config vlan 2 161
• Switch config vlan end 161
• Switch config vlan name rd 161
• Switch config vlan show vlan id 2 161
• Switch copy running config startup config 161
• The following example shows how to configure the pvid of port 1 0 5 as 2 enable the ingress checking and set the acceptable frame type as all 161
• Vlan name status ports 161
• Acceptable frame type all 162
• Adding the port to the specified vlan 162
• Follow these steps to add the port to the specified vlan 162
• Ingress checking enable 162
• Link type general 162
• Member in lag n a 162
• Member in vlan 162
• Port gi1 0 5 162
• Pvid 2 162
• Switch config if end 162
• Switch config if show interface switchport gigabitethernet 1 0 5 162
• Switch config if switchport acceptable frame all 162
• Switch config if switchport check ingress 162
• Switch config if switchport pvid 2 162
• Switch config interface gigabitethernet 1 0 5 162
• Switch configure 162
• Switch copy running config startup config 162
• System vlan untagged 162
• Vlan name egress rule 162
• Configuration example 164
• Configuration scheme 164
• Network requirements 164
• Demonstrated with t1600g 52ts the following sections provide configuration procedure in two ways using the gui and using the cli 165
• Network topology 165
• The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 as an example 165
• The figure below shows the network topology host a1 and host a2 are in department a while host b1 and host b2 are in department b switch 1 and switch 2 are located in two different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 165
• To load the following page create vlan 10 with the description of department_a add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to vlan 10 click create 165
• Using the gui 165
• Vlan config and 165
• Using the cli 168
• Verify the configurations 169
• Appendix default parameters 170
• Default settings of 802 q vlan are listed in the following table 170
• Chapters 171
• Configuring mac vlan 171
• Part 7 171
• Overview 172
• Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 172
• The figure below shows a common application scenario of mac vlan 172
• Two departments share all the meeting rooms in the company but use different servers and l 172
• Vlan is generally divided by ports it is a common way of division but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office at different times a terminal device may access the network via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their mac vlans even when their access ports change 172
• Binding the mac address to the vlan 173
• Configuring 802 q vlan 173
• Mac vlan configuration 173
• Using the gui 173
• Enabling mac vlan for the port 174
• 19 56 8a 4c 71 dept a 10 175
• Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 175
• Binding the mac address to the vlan 175
• Configuring 802 q vlan 175
• Follow these steps to bind the mac address to the vlan 175
• Mac addr name vlan id 175
• Switch config end 175
• Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 175
• Switch config show mac vlan vlan 10 175
• Switch configure 175
• The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 175
• Using the cli 175
• Enabling mac vlan for the port 176
• Follow these steps to enable mac vlan for the port 176
• Gi1 0 1 enable 176
• Gi1 0 2 disable 176
• Port status 176
• Switch config if end 176
• Switch config if mac vlan 176
• Switch config if show mac vlan interface 176
• Switch config interface gigabitethernet 1 0 1 176
• Switch configure 176
• Switch copy running config startup config 176
• The following example shows how to enable mac vlan for port 1 0 1 176
• Configuration example 177
• Configuration scheme 177
• Create vlan 10 and vlan 20 on each of the three switches and add the ports to the vlans based on the network topology for the ports connecting the laptops set the 177
• Network requirements 177
• Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 177
• You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 177
• Using the gui 178
• Using the cli 182
• Verify the configurations 184
• Appendix default parameters 185
• Default settings of mac vlan are listed in the following table 185
• Chapters 186
• Configuring protocol vlan 186
• Part 8 186
• Overview 187
• Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze specific fields of received packets encapsulate the packets in specific formats and forward the packets with different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services 187
• The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 187
• Configuring 802 q vlan 188
• Protocol vlan configuration 188
• Using the gui 188
• Check whether your desired template already exists in the protocol template config 189
• Creating protocol template 189
• Follow these steps to create a protocol template 189
• Protocol template to load the following page 189
• Section if not click 189
• To create a new template 189
• Click create 190
• Configuring protocol vlan 190
• Follow these steps to configure the protocol group 190
• In the protocol group config section specify the following parameters 190
• Protocol vlan group and 190
• To load the following page 190
• Before configuring protocol vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 191
• Configuring 802 q vlan 191
• Creating a protocol template 191
• Follow these steps to create a protocol template 191
• Select the desired ports click create 191
• Switch configure 191
• The following example shows how to create an ipv6 protocol template 191
• Using the cli 191
• Arp ethernetii ether type 0806 192
• At snap ether type 809b 192
• Configuring protocol vlan 192
• Follow these steps to configure protocol vlan 192
• Index protocol name protocol type 192
• Ip ethernetii ether type 0800 192
• Ipv6 ethernetii ether type 86dd 192
• Ipx snap ether type 8137 192
• Rarp ethernetii ether type 8035 192
• Switch config end 192
• Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 192
• Switch config show protocol vlan template 192
• Switch copy running config startup config 192
• Switch config if end 194
• Switch copy running config startup config 194
• A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 195
• Configuration example 195
• Configuration scheme 195
• Network requirements 195
• The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 195
• You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 195
• Using the gui 196
• Using the cli 201
• Verify the configurations 204
• Appendix default parameters 206
• Default settings of protocol vlan are listed in the following table 206
• Chapters 207
• Configuring gvrp 207
• Part 9 207
• Gvrp garp vlan registration protocol is a garp generic attribute registration protocol application that allows registration and deregistration of vlan attribute values and dynamic vlan creation 208
• Overview 208
• The configuration may seem easy in this situation however for a larger or more complex network such manual configuration would be time costing and fallible gvrp can be used to implement dynamic vlan configuration with gvrp the switch can exchange vlan configuration information with the adjacent gvrp switches and dynamically create and manage the vlans this reduces vlan configuration workload and ensures correct vlan configuration 208
• Without gvrp operating configuring the same vlan on a network would require manual configuration on each device as shown in figure 1 1 switch a b and c are connected through trunk ports vlan 10 is configured on switch a and vlan 1 is configured on switch b and switch c switch c can receive messages sent from switch a in vlan 10 only when the network administrator has manually created vlan 10 on switch b and switch c 208
• Configuration guidelines 209
• Gvrp configuration 209
• Follow these steps to configure gvrp 210
• Gvrp config to load the following page 210
• In the gvrp section enable gvrp globally then click apply 210
• In the port config section select one or more ports set the status as enable and configure the related parameters according to your needs 210
• Using the gui 210
• Click apply 211
• Using the cli 211
• Configuration example 214
• Configuration scheme 214
• Demonstrated with t1600g 52ts the following sections provide configuration procedure in two ways using the gui and using the cli 214
• Department a and department b of a company are connected using switches offices of one department are distributed on different floors as shown in figure 3 1 the network topology is complicated configuration of the same vlan on different switches is required so that computers in the same department can communicate with each other 214
• Network requirements 214
• The two departments are in separate vlans to make sure the switches only dynamically create vlan of their own department you need to set the registration mode for ports on switch 1 to switch 4 as fixed to prevents dynamic registration and deregistration of vlans and allow the port to transmit only the static vlan registration information 214
• To configure dynamic vlan creation on other switches set the registration mode of the corresponding ports as normal to allow dynamic registration and deregistration of vlans 214
• To reduce manual configuration and maintenance workload gvrp can be enabled to implement dynamic vlan registration and update on the switches 214
• When configuring gvrp please note the following 214
• Using the gui 215
• Using the cli 219
• Verify the configuration 221
• Appendix default parameters 223
• Default settings of gvrp are listed in the following tables 223
• Chapters 224
• Configuring layer 2 multicast 224
• Part 10 224
• Layer 2 multicast 225
• Overview 225
• A member port is a port on snooping switch that is connecting to the host 226
• A router port is a port on snooping switch that is connecting to the igmp querier 226
• A snooping switch indicates a switch with igmp snooping enabled the switch maintains a multicast forwarding table by snooping on the igmp transmissions between the host and the querier with the multicast forwarding table the switch can forward multicast data only to the ports that are in the corresponding multicast group so as to constrain the flooding of multicast data in the layer 2 network 226
• An igmp querier is a multicast router a router or a layer 3 switch that sends query messages to maintain a list of multicast group memberships for each attached network and a timer for each membership 226
• Demonstrated as below 226
• Igmp querier 226
• Member port 226
• Normally only one device acts as querier per physical network if there are more than one multicast router in the network a querier election process will be implemented to determine which one acts as the querier 226
• Router port 226
• Snooping switch 226
• The following basic concepts of igmp snooping will be introduced igmp querier snooping switch router port and member port 226
• Layer 2 multicast protocol for ipv4 igmp snooping 227
• Layer 2 multicast protocol for ipv6 mld snooping 227
• Multicast filtering 227
• Multicast vlan registration mvr 227
• Supported features 227
• Configuring igmp snooping globally 228
• Igmp snooping configuration 228
• Using the gui 228
• And click 229
• Before configuring igmp snooping for vlans set up the vlans that the router ports and the member ports are in for details please refer to configuring 802 q vlan 229
• Choose the menu 229
• Click apply 229
• Configuring igmp snooping for vlans 229
• Global config 229
• Igmp vlan confi 229
• In your desired vlan entry in the 229
• Section to load the following page 229
• The switch supports configuring igmp snooping on a per vlan basis after igmp snooping is enabled globally you also need to enable igmp snooping and configure the corresponding parameters for the vlans that the router ports and the member ports are in 229
• Enable igmp snooping for the vlan and configure the corresponding parameters 230
• Follow these steps to configure igmp snooping for a specific vlan 230
• Click save 232
• Click apply 233
• Configuring hosts to statically join a group 233
• Configuring igmp snooping for ports 233
• Enable igmp snooping for the port and enable fast leave if there is only one receiver connected to the port 233
• Follow these steps to configure igmp snooping for ports 233
• Following page 233
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 233
• Port confi 233
• To load the 233
• Choose the menu 234
• Click create 234
• Configuring igmp snooping globally 234
• Follow these steps to configure hosts to statically join a group 234
• Follow these steps to configure igmp snooping globally 234
• Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 234
• Static group config 234
• To load the following page 234
• Using the cli 234
• Switch config ip igmp snooping 235
• Switch config ip igmp snooping drop unknown 235
• Switch config ip igmp snooping version v3 235
• Switch config ipv6 mld snooping 235
• Switch configure 235
• The following example shows how to enable igmp snooping and header validation globally and specify the igmp snooping version as igmpv3 the way how the switch processes multicast streams that are sent to unknown multicast groups as discard 235
• Configuring igmp snooping for vlans 236
• Switch config ip igmp snooping vlan config 1 mtime 300 239
• Switch config ip igmp snooping vlan config 1 rtime 320 239
• Switch configure 239
• The following example shows how to enable igmp snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 239
• Configuring igmp snooping for ports 241
• Follow these steps to configure igmp snooping for ports 241
• General query source ip 192 68 241
• Last member query count 3 241
• Switch config end 241
• Switch config if range ip igmp snooping 241
• Switch config interface range gigabitehternet 1 0 1 3 241
• Switch configure 241
• Switch copy running config startup config 241
• The following example shows how to enable igmp snooping and fast leave for port 1 0 1 3 241
• Configuring hosts to statically join a group 242
• Configuring mld snooping globally 244
• Mld snooping configuration 244
• Using the gui 244
• Configuring mld snooping for vlans 245
• Click save 247
• Click apply 248
• Configuring hosts to statically join a group 248
• Configuring mld snooping for ports 248
• Enable mld snooping for the port and enable fast leave if there is only one receiver connected to the port 248
• Follow these steps to configure mld snooping for ports 248
• Following page 248
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 248
• Port config to load the 248
• Choose the menu 249
• Click create 249
• Configuring mld snooping globally 249
• Follow these steps to configure hosts to statically join a group 249
• Follow these steps to configure mld snooping globally 249
• Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 249
• Static group config 249
• To load the following page 249
• Using the cli 249
• Configuring mld snooping for vlans 250
• Follow these steps to configure mld snooping for vlans 251
• Switch config ipv6 mld snooping vlan config 1 immediate leave 253
• Switch config ipv6 mld snooping vlan config 1 mtime 300 253
• Switch config ipv6 mld snooping vlan config 1 report suppression 253
• Switch config ipv6 mld snooping vlan config 1 rtime 320 253
• Switch configure 253
• The following example shows how to enable mld snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 253
• Configuring mld snooping for ports 255
• Follow these steps to configure mld snooping for ports 255
• Switch config end 255
• Switch config if range ipv6 mld snooping 255
• Switch config if range ipv6 mld snooping immediate leave 255
• Switch config if range show ipv6 mld snooping interface gigabitethernet 1 0 1 3 255
• Switch config interface range gigabitehternet 1 0 1 3 255
• Switch configure 255
• Switch copy running config startup config 255
• The following example shows how to enable mld snooping and fast leave for port 1 0 1 3 255
• Configuring hosts to statically join a group 256
• Follow these steps to configure hosts to statically join a group 256
• Gi1 0 1 enable enable 256
• Gi1 0 2 enable enable 256
• Gi1 0 3 enable enable 256
• Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 256
• Port mld snooping fast leave 256
• Switch config if range end 256
• Switch config ipv6 mld snooping vlan config 2 static 239 interface gigabitethernet 1 0 1 3 256
• Switch config show ipv6 mld snooping groups static 256
• Switch configure 256
• Switch copy running config startup config 256
• The following example shows how to configure port 1 0 1 3 in vlan 2 to statically join the multicast group 239 256
• Configuring 802 q vlans 258
• Mvr configuration 258
• Using the gui 258
• Choose the menu 259
• Click apply 259
• Configuring mvr globally 259
• Enable mvr globally and configure the global parameters 259
• Follow these steps to configure mvr globally 259
• Mvr config 259
• To load the following page 259
• Adding multicast groups to mvr 260
• And click 260
• Click create 260
• Follow these steps to add multicast groups to mvr 260
• Mvr group config 260
• Specify the ip address of the multicast groups 260
• Then the added multicast groups will appear in the mvr group table as the following figure shows 260
• To load the following page 260
• You need to manually add multicast groups to the mvr choose the menu 260
• Choose the menu 261
• Configuring mvr for the port 261
• Enable mvr and configure the port type and fast leave feature for the port 261
• Follow these steps to add multicast groups to mvr 261
• Port config 261
• Select one or more ports to configure 261
• To load the following page 261
• And click 262
• Choose the menu 262
• Click apply 262
• Optional adding ports to mvr groups statically 262
• Static group members 262
• You can add only receiver ports to mvr groups statically the switch adds or removes receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts you can also statically add a receiver port to an mvr group 262
• Your desired mvr group entry to load the following page 262
• Before configuring mvr create an 802 q vlan as the multicast vlan add the all source ports to the multicast vlan as tagged ports configure 802 q vlans for the receiver ports according to network requirements note that receiver ports can only belong to one vlan and cannot be added to the multicast vlan for details refer to configuring 802 q vlan 263
• Click save 263
• Configuring 802 q vlans 263
• Configuring mvr globally 263
• Follow these steps to configure mvr globally 263
• Follow these steps to statically add ports to an mvr group 263
• Select the ports to add them to the mvr group 263
• Using the cli 263
• Active 265
• Configuring mvr for the ports 265
• Follow these steps to configure mvr for the ports 265
• Mvr group ip status members 265
• Switch config end 265
• Switch copy running config startup config 265
• Creating the multicast profile 268
• Multicast filtering configuration 268
• Using the gui 268
• Follow these steps to create a profile 269
• In the general config section specify the profile id and mode 269
• In the ip range section click 269
• To load the following page configure the start ip address and end ip address of the multicast groups to be filtered and click create 269
• Configure multicast filtering for ports 270
• Click apply 271
• Creating igmp profile multicast profile for ipv4 271
• Creating the multicast profile 271
• Follow these steps to bind the profile to ports and configure the corresponding parameters for the ports 271
• Select one or more ports to configure 271
• Specify the profile to be bound and configure the maximum groups the port can join and the overflow action 271
• Using the cli 271
• You can create multicast profiles for both ipv4 and ipv6 network with multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources 271
• Creating mld profile multicast profile for ipv6 272
• Deny deny 272
• Igmp profile 1 272
• Range 226 226 0 range 226 226 0 272
• Switch config end 272
• Switch config igmp profile deny 272
• Switch config igmp profile range 226 226 0 272
• Switch config igmp profile show ip igmp profile 272
• Switch config ip igmp profile 1 272
• Switch config ip igmp snooping 272
• Switch configure 272
• Switch copy running config startup config 272
• The following example shows how to configure profile 1 so that the switch filters multicast streams sent to 226 226 0 272
• Deny deny 273
• Mld profile 1 273
• Range ff01 1234 5 ff01 1234 8 range ff01 1234 5 ff01 1234 8 273
• Switch config end 273
• Switch config ipv6 mld profile 1 273
• Switch config ipv6 mld snooping 273
• Switch config mld profile deny 273
• Switch config mld profile range ff01 1234 5 ff01 1234 8 273
• Switch config mld profile show ipv6 mld profile 273
• Switch configure 273
• Switch copy running config startup config 273
• The following example shows how to configure profile 1 so that the switch filters multicast streams sent to ff01 1234 5 ff01 1234 8 273
• Binding the igmp profile to ports 274
• Binding the profile to ports 274
• You can bind the created igmp profile or mld profile to ports and configure the number of multicast groups a port can join and the overflow action 274
• Binding the mld profile to ports 275
• Binding port s binding port s 276
• Mld profile 1 276
• Switch config if ipv6 mld filter 1 276
• Switch config if ipv6 mld snooping 276
• Switch config if ipv6 mld snooping max groups 50 276
• Switch config if ipv6 mld snooping max groups action drop 276
• Switch config if show ipv6 mld profile 276
• Switch config interface gigabitethernet 1 0 2 276
• Switch configure 276
• The following example shows how to bind the existing profile 1 to port 1 0 2 and specify the maximum number of multicast groups that port 1 0 2 can join as 50 and the overflow action as drop 276
• Using the gui 278
• Viewing ipv4 multicast table 278
• Viewing multicast snooping information 278
• Follow these steps to view ipv4 multicast statistics on each port 279
• In the port statistics section view ipv4 multicast statistics on each port 279
• Ipv4 multicast statistics to load the following page 279
• To get the real time multicast statistics enable auto refresh or click refresh 279
• Viewing ipv4 multicast statistics on each port 279
• Ipv6 multicast table to load the following pag 280
• The multicast ip address table shows all valid multicast ip vlan port entries 280
• Viewing ipv6 multicast table 280
• Follow these steps to view ipv6 multicast statistics on each port 281
• In the port statistics section view ipv6 multicast statistics on each port 281
• Ipv6 multicast statistics to load the following page 281
• To get the real time ipv6 multicast statistics enable auto refresh or click refresh 281
• Viewing ipv6 multicast statistics on each port 281
• Using the cli 282
• Viewing ipv4 multicast snooping information 282
• Viewing ipv6 multicast snooping configurations 282
• Configuration examples 283
• Configuration scheme 283
• Example for configuring basic igmp snooping 283
• Network requirements 283
• Using the gui 284
• Using the cli 286
• Verify the configurations 287
• Example for configuring mvr 288
• Network requirements 288
• Network topology 288
• Add port 1 0 1 3 to vlan 10 vlan 20 and vlan 30 as untagged ports respectively and configure the pvid of port 1 0 1 as 10 port 1 0 2 as 20 port 1 0 3 as 30 make sure port1 0 1 3 only belong to vlan 10 vlan 20 and vlan 30 respectively for details refer to configuring 802 q vlan 289
• As the hosts are in different vlans in igmp snooping the querier need to duplicate multicast streams for hosts in each vlan to avoid duplication of multicast streams being sent between querier and the switch you can configure mvr on the switch 289
• Configuration scheme 289
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways using the gui and using the cli 289
• Internet 289
• The switch can work in either mvr compatible mode or mvr dynamic mode when in compatible mode remember to statically configure the querier to transmit the streams of multicast group 225 to the switch via the multicast vlan here we take the mvr dynamic mode as an example 289
• Using the gui 289
• To load the following page create vlan 40 and add port 1 0 4 to the vlan as tagged port 290
• Vlan config and click 290
• Using the cli 293
• Verify the configurations 295
• Configuration scheme 296
• Example for configuring unknown multicast and fast leave 296
• Network requirement 296
• Using the gui 297
• Using the cli 298
• Verify the configurations 299
• Configuration scheme 300
• Example for configuring multicast filtering 300
• Network requirements 300
• Network topology 300
• Using the gui 301
• Using the cli 304
• Verify the configurations 306
• Appendix default parameters 307
• Default parameters for igmp snooping 307
• Default parameters for mld snooping 308
• Default parameters for multicast filtering 309
• Default parameters for mvr 309
• Chapters 310
• Configuring spanning tree 310
• Part 11 310
• Basic concepts 311
• Overview 311
• Spanning tree 311
• Stp rstp concepts 311
• Bridge id 312
• Port role 312
• Root bridge 312
• Port status 313
• Path cost 314
• Root path cost 314
• Mst region 315
• Mstp concepts 315
• Mst instance 316
• Stp security 316
• Vlan instance mapping 316
• Configuring stp rstp parameters on ports 319
• Stp rstp configurations 319
• Using the gui 319
• In the port config section configure stp rstp parameters on ports 320
• Click apply 321
• Configuring stp rstp globally 321
• Stp config to load the following page 321
• Follow these steps to configure stp rstp globally 322
• In the parameters config section configure the global parameters of stp rstp and click apply 322
• In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 323
• Stp summary to load the following page 323
• Verify the stp rstp information of your switch after all the configurations are finished 323
• Verifying the stp rstp configurations 323
• The stp summary section shows the summary information of spanning tree 324
• Configuring stp rstp parameters on ports 325
• Follow these steps to configure stp rstp parameters on ports 325
• Using the cli 325
• Configuring global stp rstp parameters 327
• This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 328
• Enable rstp 36864 2 12 20 5 20 329
• Enabling stp rstp globally 329
• Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 329
• State mode priority hello time fwd time max age hold count max hops 329
• Switch config end 329
• Switch config show spanning tree bridge 329
• Switch config spanning tree 329
• Switch config spanning tree mode rstp 329
• Switch config spanning tree priority 36864 329
• Switch config spanning tree timer forward time 12 329
• Switch configure 329
• Switch copy running config startup config 329
• This example shows how to enable spanning tree function configure the spanning tree mode as rstp and verify the configurations 329
• Configuring parameters on ports in cist 331
• Mstp configurations 331
• Using the gui 331
• Follow these steps to configure parameters on ports in cist 332
• In the port config section configure the parameters on ports 332
• Besides configure the priority of the switch the priority and path cost of ports in the desired instance 334
• Click apply 334
• Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 334
• Configuring the mstp region 334
• Configuring the region name and revision level 334
• Follow these steps to create an mst region 334
• In the region config section set the name and revision level to specify an mstp region 334
• Region config to load the following page 334
• Configure port parameters in the desired instance 336
• Configuring parameters on ports in the instance 336
• Follow these steps to configure port parameters in the instance 336
• In the instance port config section select the desired instance id 336
• Instance port config to load the following page 336
• Configuring mstp globally 338
• Follow these steps to configure mstp globally 338
• In the parameters config section configure the global parameters of mstp and click apply 338
• Stp config to load the following page 338
• In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 339
• Stp summary to load the following page 340
• The stp summary section shows the summary information of cist 340
• Verifying the mstp configurations 340
• Configuring parameters on ports in cist 341
• Follow these steps to configure the parameters of the port in cist 341
• The mstp instance summary section shows the information in mst instances 341
• Using the cli 341
• Configuring the mstp region 343
• Switch configure 344
• This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 344
• 7 4094 345
• Configuring the parameters on ports in instance 345
• Follow these steps to configure the priority and path cost of ports in the specified instance 345
• Mst instance vlans mapped 345
• Region name r1 345
• Revision 100 345
• Switch config mst end 345
• Switch config mst instance 5 vlan 2 6 345
• Switch config mst name r1 345
• Switch config mst revision 100 345
• Switch config mst show spanning tree mst configuration 345
• Switch config spanning tree mst configuration 345
• Switch copy running config startup config 345
• Configuring global mstp parameters 346
• Follow these steps to configure the global mstp parameters of the switch 346
• Gi1 0 3 144 200 n a lnkdwn n a 346
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn n a 346
• Interface prio cost role status lag 346
• Interface state prio ext cost int cost edge p2p mode role status lag 346
• Mst instance 0 cist 346
• Mst instance 5 346
• Switch config if end 346
• Switch config if show spanning tree interface gigabitethernet 1 0 3 346
• Switch config if spanning tree mst instance 5 port priority 144 cost 200 346
• Switch config interface gigabitethernet 1 0 3 346
• Switch configure 346
• Switch copy running config startup config 346
• This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in instance 5 346
• Enable mstp 36864 2 12 20 8 25 348
• Enabling spanning tree globally 348
• Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 348
• State mode priority hello time fwd time max age hold count max hops 348
• Switch config if end 348
• Switch config if show spanning tree bridge 348
• Switch config if spanning tree hold count 8 348
• Switch config if spanning tree max hops 25 348
• Switch config if spanning tree timer forward time 12 348
• Switch config spanning tree priority 36864 348
• Switch configure 348
• Switch copy running config startup config 348
• This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 348
• Configure the port protect features for the selected ports and click apply 351
• Stp security configurations 351
• Stp security to load the following page 351
• Using the gui 351
• Configuring the stp security 352
• Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 352
• Using the cli 352
• Gi1 0 3 enable enable enable enable disable enable 354
• Interface bpdu filter bpdu guard loop protect root protect tc protect bpdu flood 354
• Switch config if end 354
• Switch config if show spanning tree interface security gigabitethernet 1 0 3 354
• Switch config if spanning tree bpdufilter 354
• Switch config if spanning tree bpduguard 354
• Switch config if spanning tree guard loop 354
• Switch config if spanning tree guard root 354
• Switch config interface gigabitethernet 1 0 3 354
• Switch configure 354
• Switch copy running config startup config 354
• This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 354
• As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 355
• Configuration example for mstp 355
• Configuration scheme 355
• Here we configure two instances to meet the requirement as is shown below 355
• It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 355
• Mstp backwards compatible with stp and rstp can map vlans to instances to implement load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 355
• Network requirements 355
• To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 355
• Using the gui 356
• Using the cli 362
• Verify the configurations 364
• Appendix default parameters 369
• Default settings of the spanning tree feature are listed in the following table 369
• Chapters 371
• Configuring lldp 371
• Part 12 371
• Overview 372
• Supported features 372
• Configuring lldp globally 373
• Lldp configurations 373
• Using the gui 373
• Follow these steps to configure the lldp feature globally 374
• In the global config section enable lldp you can also enable the switch to forward lldp messages when lldp function is disabled click apply 374
• In the parameter config section configure the lldp parameters click apply 374
• Configure the admin status and notification mode for the port 375
• Configuring lldp for the port 375
• Follow these steps to configure the lldp feature for the interface 375
• Port config to load the following page 375
• Select one or more ports to configure 375
• Select the tlvs type length value included in the lldp packets according to your needs 375
• Click apply 376
• Enable the lldp feature on the switch and configure the lldp parameters 376
• Global config 376
• Using the cli 376
• Switch config lldp 377
• Switch config lldp hold multiplier 4 377
• Switch configure 377
• The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 377
• Fast packet count 3 378
• Initialization delay 2 seconds 378
• Lldp forward message disabled 378
• Lldp med fast start repeat count 4 378
• Lldp status enabled 378
• Port config 378
• Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 378
• Switch config end 378
• Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 378
• Switch config show lldp 378
• Switch copy running config startup config 378
• Trap notification interval 5 seconds 378
• Ttl multiplier 4 378
• Tx delay 2 seconds 378
• Tx interval 30 seconds 378
• Configuring lldp globally 381
• Configuring lldp med globally 381
• Lldp med configurations 381
• Using the gui 381
• Configuring lldp med for ports 382
• Global config 384
• Lldp status enabled 384
• Switch config lldp 384
• Switch config lldp med fast count 4 384
• Switch config show lldp 384
• Switch configure 384
• The following example shows how to configure lldp med fast count as 4 384
• Tx interval 30 seconds 384
• Using the cli 384
• Fast packet count 3 385
• Initialization delay 2 seconds 385
• Lldp med fast start repeat count 4 385
• Port config 385
• Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 385
• Switch config end 385
• Switch copy running config startup config 385
• Trap notification interval 5 seconds 385
• Ttl multiplier 4 385
• Tx delay 2 seconds 385
• Using gui 388
• Viewing lldp device info 388
• Viewing lldp settings 388
• Follow these steps to view the local information 389
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 389
• In the local info section select the desired port and view its associated local device information 389
• Viewing lldp statistics 391
• In the neighbors statistics section view the statistics of the corresponding port 392
• Using cli 392
• Viewing lldp statistics 392
• Viewing the local info 392
• Viewing the neighbor info 392
• Using gui 393
• Viewing lldp med settings 393
• Follow these steps to view lldp med neighgbor information 394
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 394
• In the neighbor info section select the desired port and view the lldp med settings 394
• Neighbor info to load the following page 394
• Viewing the neighbor info 394
• Using cli 395
• Viewing lldp statistics 395
• Viewing the local info 395
• Viewing the neighbor info 395
• Configuration example 396
• Configuration scheme 396
• Network requirements 396
• Network topology 396
• Using the gui 396
• Using cli 397
• Verify the configurations 398
• Appendix default parameters 403
• Default lldp med settings 403
• Default lldp settings 403
• Default settings of lldp are listed in the following tables 403
• Chapters 404
• Configuring layer 3 interfaces 404
• Part 13 404
• Interfaces are used to exchange data and interact with interfaces of other network devices interfaces are classified into layer 2 interfaces and layer 3 interfaces 405
• Layer 2 interfaces are the physical ports on the switch panel they forward packets based on mac address table 405
• Layer 3 interfaces are used to forward ipv4 and ipv6 packets using static or dynamic routing protocols you can use layer 3 interfaces for ip routing and inter vlan routing 405
• Overview 405
• This chapter introduces the configurations for layer 3 interfaces the supported types of layer 3 interfaces are shown as below 405
• Creating an layer 3 interface 406
• Layer 3 interface configurations 406
• Using the gui 406
• In the interface list section click 407
• To load the following page and configure the corresponding parameters for the layer 3 interface then click create 407
• Configuring ipv4 parameters of the interface 408
• Figure 2 408
• In the modify ipv4 interface section configure relevant parameters for the interface according to your actual needs then click apply 408
• List section on the corresponding interface entry click edit ipv4 to load the following page and edit the ipv4 parameters of the interface 408
• You can view the corresponding interface you have created in the interface 408
• Configuring ipv6 parameters of the interface 409
• In the modify ipv6 interface section enable ipv6 feature for the interface and configure the corresponding parameters then click apply 410
• Configure ipv6 global address of the interface via following three ways 411
• In the global address table section click 411
• Manually 411
• To manually assign an ipv6 global address to the interface 411
• Via dhcpv6 server 411
• Via ra message 411
• Figure 2 412
• Interface list section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 412
• View the global address entry in the global address table 412
• Viewing detail information of the interface 412
• You can view the corresponding interface entry you have created in the 412
• Creating an layer 3 interface 413
• Follow these steps to create an layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 413
• Using the cli 413
• Switch config if description vlan 2 414
• Switch config if end 414
• Switch config interface vlan 2 414
• Switch configure 414
• The following example shows how to create a vlan interface with a description of vlan 2 414
• Configuring ipv4 parameters of the interface 415
• Follow these steps to configure the ipv4 parameters of the interface 415
• Switch config if ip address 192 68 00 255 55 55 415
• Switch config if no switchport 415
• Switch config interface gigabitethernet 1 0 1 415
• Switch configure 415
• Switch copy running config startup config 415
• The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 415
• Configuring ipv6 parameters of the interface 416
• Follow these steps to configure the ipv6 parameters of the interface 416
• Interface ip address method status protocol shutdown gi1 0 1 192 68 00 24 static up up no 416
• Switch config if end 416
• Switch config if show ip interface brief 416
• Switch copy running config startup config 416
• Global address dhcpv6 enable 417
• Global address ra disable 417
• Global unicast address es ff02 1 ff13 237b 417
• Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 417
• Joined group address es ff02 1 417
• Switch config if ipv6 address autoconfig 417
• Switch config if ipv6 address dhcp 417
• Switch config if ipv6 enable 417
• Switch config if show ipv6 interface 417
• Switch config interface vlan 2 417
• Switch configure 417
• The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 417
• Vlan2 is up line protocol is up 417
• Appendix default parameters 419
• Default settings of interface are listed in the following tables 419
• Chapters 420
• Configuring routing 420
• Part 14 420
• Overview 421
• Configure the corresponding parameters to add an ipv4 static routing entry then click create 422
• Ipv4 static routing and click 422
• Ipv4 static routing configuration 422
• To load the following page to load the following page 422
• Using the gui 422
• C 192 68 24 is directly connected vlan1 423
• Candidate default 423
• Codes c connected s static 423
• Follow these steps to create an ipv4 static route 423
• S 192 68 24 1 0 via 192 68 vlan1 423
• Switch config end 423
• Switch config ip route 192 68 255 55 55 192 68 423
• Switch config show ip route 423
• Switch configure 423
• Switch copy running config startup config 423
• The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 423
• Using the cli 423
• Configure the corresponding parameters to add an ipv6 static routing entry then click create 424
• Follow these steps to enable ipv6 routing function and create an ipv6 static route 424
• Ipv6 static 424
• Ipv6 static routing configuration 424
• Routing table and click 424
• To load the following page 424
• Using the cli 424
• Using the gui 424
• C 3000 64 is directly connected vlan1 425
• Candidate default 425
• Codes c connected s static 425
• S 3200 64 1 0 via 3100 1234 vlan2 425
• Switch config end 425
• Switch config ipv6 route 3200 64 3100 1234 425
• Switch config show ipv6 route static 425
• Switch configure 425
• Switch copy running config startup config 425
• The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 425
• Using the gui 426
• Viewing ipv4 routing table 426
• Viewing routing table 426
• Ipv6 routing information summary to load the following page 427
• On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 427
• Using the cli 427
• View the ipv6 routing entries 427
• Viewing ipv4 routing table 427
• Viewing ipv6 routing table 427
• On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 428
• Viewing ipv6 routing table 428
• As shown below host a and host b are on different network segments to meet business needs host a and host b need to establish a connection without using dynamic routing protocols to ensure stable connectivity 429
• Configuration scheme 429
• Demonstrated with t1600g 52ts the following sections provide configuration procedure in two ways using the gui and using the cli 429
• Example for static routing 429
• Interface to create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as 255 55 55 and the admin status as enable create a routed port gi1 0 2 with the mode as static the ip address as 10 0 the mask as 255 55 55 and the admin status as enable 429
• Network requirements 429
• The configurations of switch a and switch b are similar the following introductions take switch a as an example 429
• To implement this requirement you can configure the default gateway of host a as 10 24 the default gateway of host b as 10 24 and configure ipv4 static routes on switch a and switch b so that hosts on different network segments can communicate with each other 429
• Using the gui 429
• Ipv4 static routing to load the following page add a static routing entry with the destination as 10 the subnet 430
• Using the cli 431
• Verify the configurations 432
• Chapters 434
• Configuring dhcp service 434
• Part 15 434
• Dhcp relay 435
• Dhcp server 435
• Overview 435
• Supported features 435
• As the following figure shows no ip addresses are assigned to vlan 10 and vlan 20 but a default relay agent interface is configured with the ip address 192 68 24 the switch uses ip address of the default agent interface 192 68 24 to apply for ip addresses for clients in both vlan 10 and vlan 20 as a result the dhcp server will assign ip addresses on 192 68 24 the same subnet with the ip address of the default agent interface to clients in both vlan 10 and vlan 20 437
• Dhcp l2 relay 437
• Unlike dhcp relay dhcp l2 relay is used in the situation that the dhcp server and client are in the same vlan in dhcp l2 relay in addition to normally assigning ip addresses to clients from the dhcp server the switch can record the location information of the dhcp client using option 82 the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server the dhcp server which supports option 82 can set the distribution policy of ip addresses and the other parameters providing a more flexible address distribution way 437
• Dhcp server configuration 438
• Enabling dhcp server 438
• Using the gui 438
• Enter the starting ip address and ending ip address to specify the range of reserved ip addresses click create 439
• In the excluded ip address table section click 439
• In the ping time config section configure ping packets and ping timeout for ping tests click apply 439
• To load the following page to specify the ip addresses that should not be assigned to the clients 439
• Configure the parameters for the dhcp server pool then click create 440
• Configuring dhcp server pool 440
• Pool setting and click 440
• The dhcp server pool defines the parameters that will be assigned to the dhcp clients 440
• To load the following page 440
• Configuring manual binding 441
• Manual binding and 441
• Select a pool name and enter the ip address to be bound select a binding mode and finish the configuration accordingly click create 441
• Some devices like web servers require static ip addresses to meet this requirement you can manually bind the mac address or client id of the device to an ip address and the dhcp server will reserve the bound ip address to this device at all times 441
• To load the following page 441
• Enabling dhcp server 442
• Follow these steps to enable dhcp server and to configure ping packets and ping timeout 442
• Using the cli 442
• Switch config service dhcp server 443
• Switch configure 443
• The following example shows how to enable dhcp server globally on switch configure the number of ping packets as 2 and configure the ping timeout period as 200 ms 443
• Configuring dhcp server pool 445
• Follow these steps to configure dhcp server pool 445
• Switch config ip dhcp server pool pool1 446
• Switch configure 446
• Switch dhcp config lease 180 446
• Switch dhcp config network 192 68 255 55 55 446
• The following example shows how to create a dhcp server pool and name it as pool1 and configure its network address as 192 68 subnet mask as 255 55 55 lease time as 180 minute default gateway as 192 68 dns server as 192 68 netbios server as 192 68 9 netbios type as broadcast tftp server as 192 68 0 domain name as com and bootfile name as bootfile 446
• Configuring manual binding 447
• Pool name client id hardware address ip address hardware type bind mode 448
• Pool1 74 d4 68 22 3f 34 192 68 3 ethernet mac address 448
• Switch config 448
• Switch config ip dhcp server pool pool1 448
• Switch copy running config startup config 448
• Switch dhcp config address 192 68 3 hardware address 74 d4 68 22 3f 34 hardware type ethernet 448
• Switch dhcp config end 448
• Switch dhcp config show ip dhcp server manual binding 448
• The following example shows how to bind the ip address 192 68 3 in pool1 on the subnet of 192 68 to the host with the mac address 74 d4 68 22 3f 34 448
• Dhcp relay configuration 449
• Enabling dhcp relay and configuring option 82 449
• Using the gui 449
• Optional in the option 82 configuration section configure option 82 450
• Configuring dhcp interface relay 451
• Configuring dhcp vlan relay 451
• Follow these steps to specify dhcp server for the specific vlan 452
• In the default relay agent interface section specify a layer 3 interface as the default relay agent interface then click apply 452
• In the dhcp vlan relay list section click 452
• Specify the vlan the clients belongs to and the server address click create 452
• To load the configuration page 452
• Enabling dhcp relay 453
• Follow these steps to enable dhcp relay and configure the corresponding parameters 453
• Switch config service dhcp relay 453
• Switch configure 453
• The following example shows how to enable dhcp relay configure the relay hops as 5 and configure the relay time as 10 seconds 453
• Using the cli 453
• Dhcp relay hops 5 454
• Dhcp relay state enabled 454
• Dhcp relay time threshold 10 seconds 454
• Follow these steps to configure option 82 454
• Optional configuring option 82 454
• Switch config end 454
• Switch config ip dhcp relay hops 5 454
• Switch config ip dhcp relay time 10 454
• Switch config show ip dhcp relay 454
• Switch copy running config startup config 454
• Gi1 0 7 enable replace normal vlan20 host1 n a 455
• Interface option 82 status operation strategy format circuit id remote id lag 455
• Switch config if end 455
• Switch config if ip dhcp relay information circut id vlan20 455
• Switch config if ip dhcp relay information format normal 455
• Switch config if ip dhcp relay information option 455
• Switch config if ip dhcp relay information remote id host1 455
• Switch config if ip dhcp relay information strategy replace 455
• Switch config if show ip dhcp relay information interface gigabitethernet 1 0 7 455
• Switch config interface gigabitethernet 1 0 7 455
• Switch configure 455
• Switch copy running config startup config 455
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 455
• Configuring dhcp interface relay 456
• Follow these steps to dhcp interface relay 456
• The following example shows how to configure the dhcp server address as 192 68 on vlan interface 66 456
• You can specify dhcp server for an layer 3 interface or for a vlan the following respectively introduces how to configure dhcp interface relay and dhcp vlan relay 456
• Configuring dhcp vlan relay 457
• Dhcp relay helper address is configured on the following interfaces 457
• Follow these steps to configure dhcp vlan relay 457
• Interface helper address 457
• Switch config if end 457
• Switch config if ip helper address 192 68 457
• Switch config if show ip dhcp relay 457
• Switch config interface vlan 66 457
• Switch configure 457
• Switch copy running config startup config 457
• Vlan 66 192 68 457
• Dhcp vlan relay helper address is configured on the following vlan 458
• Switch config end 458
• Switch config if exit 458
• Switch config if ip dhcp relay default interface 458
• Switch config if no switchport 458
• Switch config interface gigabitethernet 1 0 2 458
• Switch config ip dhcp relay vlan 10 helper address 192 68 458
• Switch config show ip dhcp relay 458
• Switch configure 458
• Switch copy running config startup config 458
• The following example shows how to set the routed port 1 0 2 as the default relay agent interface and configure the dhcp server address as 192 68 on vlan 10 458
• Vlan 10 192 68 458
• Vlan helper address 458
• Dhcp l2 relay configuration 459
• Enabling dhcp l2 relay 459
• Using the gui 459
• Configuring option 82 for ports 460
• Follow these steps to enable dhcp relay and configure option 82 460
• Port config to load the following page 460
• Select one or more ports to configure option 82 460
• Click apply 461
• Enabling dhcp relay 461
• Follow these steps to enable dhcp l2 relay 461
• Switch config ip dhcp l2relay 461
• Switch configure 461
• The following example shows how to enable dhcp l2 relay globally and for vlan 2 461
• Using the cli 461
• Configuring option 82 for ports 462
• Follow these steps to configure option 82 462
• Global status enable 462
• Switch config end 462
• Switch config ip dhcp l2relay vlan 2 462
• Switch config show ip dhcp l2relay 462
• Switch copy running config startup config 462
• Vlan id 2 462
• Gi1 0 7 enable replace normal vlan20 host1 n a 463
• Interface option 82 status operation strategy format circuit id remote id lag 463
• Switch config if end 463
• Switch config if ip dhcp l2relay information circut id vlan20 463
• Switch config if ip dhcp l2relay information format normal 463
• Switch config if ip dhcp l2relay information option 463
• Switch config if ip dhcp l2relay information remote id host1 463
• Switch config if ip dhcp l2relay information strategy replace 463
• Switch config if show ip dhcp l2relay information interface gigabitethernet 1 0 7 463
• Switch config interface gigabitethernet 1 0 7 463
• Switch configure 463
• Switch copy running config startup config 463
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 463
• Configuration examples 464
• Configuration scheme 464
• Example for dhcp server 464
• Network requirements 464
• Using the gui 464
• Using the cli 466
• Verify the configuration 466
• Configuration scheme 467
• Example for dhcp interface relay 467
• Network requirements 467
• Using the gui 468
• Using the cli 469
• Verify the configurations 469
• Appendix default parameters 470
• Default settings of dhcp server are listed in the following table 470
• Default settings of dhcp relay are listed in the following table 471
• Default settings of dhcp l2 relay are listed in the following table 472
• Chapters 473
• Configuring arp 473
• Part 16 473
• Arp table 474
• Gratuitous arp 474
• Overview 474
• Proxy arp 474
• Static arp 474
• Supported features 474
• Local proxy arp 475
• Local proxy arp is similar with proxy arp as shown below two hosts are in the same vlan and connected to vlan interface 1 but port 1 0 1 and port 1 0 2 are isolated on layer 2 in this case both of the hosts cannot receive each other s arp request so they cannot communicate with each other because they cannot learn each other s mac address using arp packets 475
• To solve this problem you can enable local proxy arp on the layer 3 interface and the interface will respond the arp request sender with its own mac address after that the arp request sender sends packets to the layer 3 interface and the interface forwards the packets to the intended device 475
• Arp configurations 476
• Using the gui 476
• Viewing the arp entries 476
• Adding static arp entries manually 477
• Configuring gratuitous arp 477
• Enter the ip address and mac address then click create 477
• Gratuitous arp to load the following page 477
• Static arp and click 477
• To load the following page 477
• You can add desired static arp entries by mannually specifying the ip addresses and mac addresses 477
• Configuring proxy arp 478
• Follow these steps to configure the gratuitous feature for the interface 478
• In the gratuitous arp global settings section configure the global parameters for gratuitous arp then click apply 478
• In the gratuitous arp table section configure the interval of sending gratuitous arp request packets for the interface then click apply 478
• Proxy arp is used in the situation that two devices are in the same network segment but connected to different layer 3 interfaces 478
• Proxy arp to load the following page 478
• Configuring local proxy arp 479
• Local proxy arp is used in the situation that two devices are in the same vlan but isolated on the layer 2 ports 479
• Local proxy arp to load the following page 479
• Select the desired interface and enable local proxy arp then click apply 479
• Select the desired interface and enable proxy arp then click apply 479
• Adding static arp entries 480
• Configuring the aging time of dynamic arp entries 480
• Configuring the arp entry 480
• Follow these steps to add static arp entries 480
• Follow these steps to configure the aging time of dynamic arp entries 480
• Interface address hardware addr type 480
• Switch config arp 192 68 00 11 22 33 44 55 arpa 480
• Switch config end 480
• Switch config show arp 192 68 480
• Switch configure 480
• Switch copy running config startup config 480
• This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 480
• Using the cli 480
• Vlan1 192 68 00 11 22 33 44 55 static 480
• Clearing dynamic entries 481
• Renewing dynamic arp entries automatically 481
• Switch config arp timeout 1000 481
• Switch config end 481
• Switch configure 481
• Switch copy running config startup config 481
• This example shows how to configure the aging time of dynamic arp entries as 1000 seconds 481
• Configuring gratuitous arp globally 482
• Configuring the gratuitous arp 482
• Follow these steps to add static arp entries 482
• On privileged exec mode or any other configuration mode you can use the following command to view arp entries 482
• This example shows how to enable send on ip interface status up send on duplicate ip detected and gratuitous arp learning features 482
• Viewing arp entries 482
• Configuring interval of sending gratuitous arp packets 483
• Follow these steps to configure gratuitous arp packets for layer 3 interfaces 483
• Gi1 0 18 0 483
• Gratuitous arp learning enabled 483
• Interface gratuitous arp periodical send interval 483
• Send on duplicate ip detected enabled 483
• Send on ip interface status up enabled 483
• Switch config end 483
• Switch config gratuitous arp dup ip detected enable 483
• Switch config gratuitous arp intf status up enable 483
• Switch config gratuitous arp learning enable 483
• Switch config show gratuitous arp 483
• Switch configure 483
• Switch copy running config startup config 483
• Vlan1 0 483
• Configuring proxy arp 484
• Configuring local proxy arp 485
• Follow these steps to local proxy arp on the vlan interface routed port or port channel 485
• Interface ip address ip mask status vlan 1 192 68 255 55 55 enabled 485
• Switch config if end 485
• Switch config if ip proxy arp 485
• Switch config if show ip proxy arp 485
• Switch config interface vlan 1 485
• Switch configure 485
• Switch copy running config startup config 485
• This example shows how to enable proxy arp function for vlan interface 1 485
• Interface ip address ip mask status 486
• Switch config if end 486
• Switch config if ip local proxy arp 486
• Switch config if show ip local proxy arp 486
• Switch config interface vlan 1 486
• Switch configure 486
• Switch copy running config startup config 486
• This example shows how to enable local proxy arp function for vlan interface 1 486
• Vlan 1 192 68 255 55 55 enabled 486
• Appendix default parameters 487
• Default arp settings are listed in the following tables 487
• Chapters 488
• Configuring qos 488
• Part 17 488
• Bandwidth control 489
• Class of service 489
• Overview 489
• Supported features 489
• Voice vlan and auto voip 489
• 802 p priority 491
• Class of service configuration 491
• Configuration guidelines 491
• Dscp priority 491
• Port priority 491
• Click apply 492
• Configuring port priority 492
• Configuring the trust mode and port to 802 p mapping 492
• Follow these steps to configure the parameters of the port priority 492
• Port priority to load the following page 492
• Select the desired ports specify the 802 p priority and set the trust mode as untrusted 492
• Using the gui 492
• Configuring the 802 p to queue mapping 493
• In the 802 p to queue mapping section configure the mappings and click apply 493
• P priority to load the following page 493
• Configuring 802 p priority 494
• Click apply 496
• Configuring dscp priority 496
• Configuring the trust mode 496
• Follow these steps to configure the trust mode 496
• Port priority to load the following page 496
• Select the desired ports and set the trust mode as trust dscp 496
• Configuring the 802 p to queue mapping 497
• In the 802 p to queue mapping section configure the mappings and click apply 497
• P priority to load the following page 497
• Click apply 498
• Configuring the dscp to 802 p mapping and the dscp remap 498
• Dscp priority to load the following page 498
• Follow these steps to configure the dscp priority 498
• Select the desired port configure the dscp to 802 p mapping and the dscp remap 498
• Specifying the scheduler settings 499
• Click apply 500
• Configuring port priority 500
• Configuring the trust mode and the port to 802 p mapping 500
• Follow these steps to configure the trust mode and the port to 802 p mapping 500
• Using cli 500
• Configuring the 802 p to queue mapping 501
• Follow these steps to configure the 802 p to queue mapping 501
• Configuring 802 p priority 502
• Configuring the 802 p to queue mapping and 802 p remap 503
• Follow these steps to configure the 802 p to queue mapping and 802 p remap 503
• Gi1 0 1 trust 802 p n a 504
• Port trust mode lag 504
• Switch config if exit 504
• Switch config if interface gigabitethernet 1 0 1 504
• Switch config if qos dot1p remap 1 3 504
• Switch config if qos trust mode dot1p 504
• Switch config if show qos cos map 504
• Switch config if show qos trust interface gigabitethernet 1 0 1 504
• Switch config interface gigabitethernet 1 0 1 504
• Switch config qos cos map 3 4 504
• Switch configure 504
• Tag 0 1 2 3 4 5 6 7 504
• The following example shows how to configure the trust mode of port 1 0 1 as dot1p map 802 p priority 3 to tc4 and configure to map the original 802 p 1 to 802 p priority 3 504
• Configuring dscp priority 505
• Configuring the 802 p to queue mapping 505
• Configuring the trust mode 505
• Follow these steps to configure the 802 p to queue mapping 505
• Follow these steps to configure the trust mode 505
• Gi1 0 1 0 3 2 3 4 5 6 7 n a 505
• Port 0 1 2 3 4 5 6 7 lag 505
• Switch config if end 505
• Switch config if show qos dot1p remap interface gigabitethernet 1 0 1 505
• Switch copy running config startup config 505
• Tc tc0 tc1 tc2 tc4 tc4 tc5 tc6 tc7 505
• Configuring the dscp to 802 p mapping and dscp remp 506
• Follow these steps to configure the dscp to 802 p mapping and dscp remap 506
• Port trust mode lag 507
• Switch config if exit 507
• Switch config if qos dscp map 1 3 5 7 3 507
• Switch config if qos dscp remap 9 5 507
• Switch config if qos trust mode dscp 507
• Switch config if show qos trust interface gigabitethernet 1 0 1 507
• Switch config interface gigabitethernet 1 0 1 507
• Switch config qos cos map 3 4 507
• Switch configure 507
• The following example shows how to configure the trust mode of port 1 0 1 as dscp map 802 p priority 3 to tc4 map dscp priority 1 3 5 7 to 802 p priority 3 and configure to map the original dscp priority 9 to dscp priority 5 507
• Follow these steps to specify the scheduler settings to control the forwarding sequence of different tc queues when congestion occurs 510
• Specifying the scheduler settings 510
• Switch config if end 510
• Switch copy running config startup config 510
• Bandwidth control configuration 512
• Configuring rate limit 512
• Using the gui 512
• Configuring storm control 513
• Follow these steps to configure the storm control function 513
• Select the desired port and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames unknown unicast frames 513
• Storm control to load the following page 513
• Click apply 514
• Configuring rate limit 514
• Follow these steps to configure the upper rate limit for the port to receive and send packets 514
• Using the cli 514
• Configuring storm control 515
• Follow these steps to configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames 515
• Gi1 0 5 5120 1024 n a 515
• Port ingressrate kbps egressrate kbps lag 515
• Switch config if bandwidth ingress 5120 egress 1024 515
• Switch config if end 515
• Switch config if show bandwidth interface gigabitethernet 1 0 5 515
• Switch config interface gigabitethernet 1 0 5 515
• Switch configure 515
• Switch copy running config startup config 515
• The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 515
• Gi1 0 5 pps 148800 0 0 shutdown 10 n a 517
• Port rate mode bcrate mcrate ulrate exceed recover time lag 517
• Switch config if end 517
• Switch config if show storm control interface gigabitethernet 1 0 5 517
• Switch config if storm control broadcast 148800 517
• Switch config if storm control exceed shutdown recover time 10 517
• Switch config if storm control rate mode pps 517
• Switch config interface gigabitethernet 1 0 5 517
• Switch configure 517
• Switch copy running config startup config 517
• The following example shows how to configure the upper rate limit of broadcast packets as 148800 pps specify the action as shutdown and set the recover time as 10 for port 1 0 5 517
• Configuring oui addresses 518
• Using the gui 518
• Voice vlan configuration 518
• Click create 519
• Configuring voice vlan globally 519
• Follow these steps to configure the oui addresses 519
• Global config to load the following page 519
• Specify the oui and the description 519
• To load the following page 519
• Adding ports to voice vlan 520
• Click apply 520
• Enable the voice vlan feature and specify the parameters 520
• Follow these steps to configure voice vlan globally 520
• Port config to load the following page 520
• Select the desired ports and choose enable in voice vlan filed 520
• Click apply 521
• Follow these steps to configure voice vlan 521
• Using the cli 521
• Auto voip configuration 524
• Configuration guidelines 524
• Using the gui 524
• Click apply 525
• Follow these steps to configure auto voip 525
• Using the cli 525
• Configuration examples 529
• Configuration scheme 529
• Example for class of service 529
• Network requirements 529
• Using the gui 530
• Using the cli 532
• Verify the configurations 533
• Example for voice vlan 534
• Network requirements 534
• Configuration scheme 535
• Configure 802 q vlan for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 535
• Configure voice vlan feature on port 1 0 1 and port 1 0 2 535
• Demonstrated with t1600g 52ts the following sections provide configuration procedure in two ways using the gui and using the cli 535
• Internet 535
• To implement this requirement you can configure voice vlan to ensure that the voice traffic can be transmitted in the same vlan and the data traffic is transmitted in another vlan in addition specify the priority to make the voice traffic can take precedence when the congestion occurs 535
• To load the following page create vlan 2 and add untagged port 1 0 1 port 1 0 2 and port 1 0 4 to vlan 2 click create 535
• Using the gui 535
• Vlan config and click 535
• Using the cli 539
• Verify the configurations 541
• Configuration scheme 542
• Example for auto voip 542
• Network requirements 542
• Using the gui 543
• Select port 1 0 1 and specify the 802 p priority as 5 for other dscp priorities click apply 545
• Select port 1 0 2 set the scheduler mode as weighted and specify the queue weight as 10 for tc 7 click apply 547
• Using the cli 550
• Verify the configurations 551
• Appendix default parameters 555
• Default settings of class of service are listed in the following tables 555
• Default settings of class of service are listed in the following tables 557
• Default settings of voice vlan are listed in the following tables 557
• Default settings of auto voip are listed in the following tables 558
• Chapters 559
• Configuring access security 559
• Part 18 559
• Access control 560
• Access security 560
• Overview 560
• Supported features 560
• Telnet 560
• Access security configurations 561
• Configuring the access control feature 561
• Using the gui 561
• In the entry table section click 562
• To add an access control entry 562
• When the ip based mode is selected the following window will pop up 562
• When the mac based mode is selected the following window will pop up 562
• Click create then you can view the created entries in the entry table 563
• When the port based mode is selected the following window will pop up 563
• Configuring the http function 564
• Configuring the https function 566
• In the ciphersuite config section select the algorithm to be enabled and click apply 567
• In the number of access users section enable number control function specify the following parameters and click apply 567
• In the session config section specify the session timeout and click apply 567
• In the load certificate and load key section download the certificate and key 568
• Configuring the ssh feature 569
• Configuring the telnet function 570
• Enable telnet and click apply 570
• In data integrity algorithm section enable the integrity algorithm you want the switch to support and click apply 570
• In import key file section select key type from the drop down list and click browse to download the desired key file 570
• In the encryption algorithm section enable the encryption algorithm you want the switch to support and click apply 570
• Telnet config to load the following page 570
• Configuring the access control 571
• Follow these steps to configure the access control 571
• Using the cli 571
• 68 00 32 snmp telnet http https 572
• Configuring the http function 572
• Follow these steps to configure the http function 572
• Index ip address access interface 572
• Switch config end 572
• Switch config show user configuration 572
• Switch config user access control ip based 192 68 00 255 55 55 55 snmp telnet http https 572
• Switch config user access control ip based enable 572
• Switch configure 572
• Switch copy running config startup config 572
• The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 55 and make the switch support snmp telnet http and https 572
• User authentication mode ip based 572
• Http max users as admin 6 573
• Http max users as operator 2 573
• Http max users as power user 2 573
• Http max users as user 2 573
• Http port 80 573
• Http session timeout 9 573
• Http status enabled 573
• Http user limitation enabled 573
• Switch config end 573
• Switch config ip http max user 6 2 2 2 573
• Switch config ip http server 573
• Switch config ip http session timeout 9 573
• Switch config show ip http configuration 573
• Switch configure 573
• The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 573
• Configuring the https function 574
• Follow these steps to configure the https function 574
• Switch copy running config startup config 574
• Switch config ip http secure protocol ssl3 tls1 575
• Switch config ip http secure server 575
• Switch configure 575
• The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the maximum admin number as 2 the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 575
• Configuring the ssh feature 576
• Begin ssh2 public key 579
• Comment dsa key 20160711 579
• Configuring the telnet function 579
• Follow these steps enable the telnet function 579
• Hmac md5 enabled 579
• Key file 579
• Key type ssh 2 rsa dsa 579
• Switch config end 579
• Switch copy running config startup config 579
• Appendix default parameters 580
• Default settings of access security are listed in the following tables 580
• Chapters 582
• Configuring aaa 582
• Part 19 582
• Overview 583
• Aaa configuration 584
• Configuration guidelines 584
• Aaa application list 585
• Adding radius server 585
• Adding servers 585
• Configure the following parameters 585
• Follow these steps to add a radius server 585
• Radius config and click 585
• The switch supports the following access applications telnet ssh and http you can select the configured authentication method lists for each application 585
• To load the following page 585
• Using the gui 585
• You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server that is first added to the group has the highest priority and authenticates the users trying to access the switch the others act as backup servers in case the first one breaks down 585
• Adding tacacs server 586
• Click create to add the radius server on the switch 586
• Click create to add the tacacs server on the switch 586
• Configure the following parameters 586
• Follow these steps to add a tacacs server 586
• Tacacs config and click 586
• To load the following page 586
• And the following window will pop up 587
• Click create 587
• Configure the following parameters 587
• Configuring server groups 587
• Server group to load the following page 587
• The switch has two built in server groups one for radius servers and the other for tacacs servers the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 587
• There are two default server groups in the list you can edit the default server groups or follow these steps to configure a new server group 587
• Configuring the method list 588
• Click apply 589
• Click create to add the new method 589
• Configuring the aaa application list 589
• Follow these steps to configure the aaa application list 589
• Global config to load the following page 589
• In the aaa application list section select an access application and configure the login list and enable list 589
• Configuring login account and enable password 590
• Adding radius server 591
• Adding servers 591
• Follow these steps to add radius server on the switch 591
• Using the cli 591
• You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server with the highest priority authenticates the users trying to access the switch and the others act as backup servers in case the first one breaks down 591
• 68 0 1812 1813 5 2 000aeb132397 123456 592
• Adding tacacs server 592
• Follow these steps to add tacacs server on the switch 592
• Server ip auth port acct port timeout retransmit nas identifier shared key 592
• Switch config end 592
• Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 592
• Switch config show radius server 592
• Switch configure 592
• Switch copy running config startup config 592
• The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 592
• 68 0 49 8 123456 593
• Configuring server groups 593
• Server ip port timeout shared key 593
• Switch config end 593
• Switch config show tacacs server 593
• Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 593
• Switch configure 593
• Switch copy running config startup config 593
• The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 593
• The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 593
• The two default server groups cannot be deleted or edited follow these steps to add a server group 593
• Configuring the method list 594
• Default local 595
• Login1 radius local 595
• Methodlist pri1 pri2 pri3 pri4 595
• Switch config aaa authentication login login1 radius local 595
• Switch config end 595
• Switch config show aaa authentication login 595
• Switch configure 595
• Switch copy running config startup config 595
• The following example shows how to create a login method list named login1 and configure the method 1 as the default radius server group and the method 2 as local 595
• The following example shows how to create an enable method list named enable1 and configure the method 1 as the default radius server group and the method 2 as local 595
• Configuring the aaa application list 596
• Default local 596
• Enable1 radius local 596
• Follow these steps to apply the login and enable method lists for the application telnet 596
• Methodlist pri1 pri2 pri3 pri4 596
• Switch config aaa authentication enable enable1 radius local 596
• Switch config end 596
• Switch config show aaa authentication enable 596
• Switch copy running config startup config 596
• Telnet 596
• You can configure authentication method lists on the following access applications telnet ssh and http 596
• Follow these steps to apply the login and enable method lists for the application ssh 597
• Http default default 597
• Module login list enable list 597
• Ssh default default 597
• Switch config line enable authentication enable1 597
• Switch config line end 597
• Switch config line login authentication login1 597
• Switch config line show aaa global 597
• Switch config line telnet 597
• Switch configure 597
• Switch copy running config startup config 597
• Telnet login1 enable1 597
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 597
• Follow these steps to apply the login and enable method lists for the application http 598
• Http default default 598
• Module login list enable list 598
• Ssh login1 enable1 598
• Switch config line enable authentication enable1 598
• Switch config line end 598
• Switch config line login authentication login1 598
• Switch config line show aaa global 598
• Switch config line ssh 598
• Switch configure 598
• Switch copy running config startup config 598
• Telnet default default 598
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 598
• Configuring login account and enable password 599
• For enable password configuration 600
• For login authentication configuration more than one login account can be created on the server besides both the user name and password can be customized 600
• On radius server the user name should be set as enable and the enable password is customizable all the users trying to get administrative privileges share this enable password 600
• On tacacs server configure the value of enable 15 as the enable password in the configuration file all the users trying to get administrative privileges share this enable password 600
• On the server 600
• Some configuration principles on the server are as follows 600
• The accounts created by the radius tacacs server can only view the configurations and some network information without the enable password 600
• Tips the logged in guests can get administrative privileges by using the command enable admin and providing the enable password 600
• Configuration example 601
• Configuration scheme 601
• Network requirements 601
• Using the gui 602
• Using the cli 604
• Verify the configuration 605
• Appendix default parameters 607
• Default settings of aaa are listed in the following tables 607
• Chapters 609
• Configuring 802 x 609
• Part 20 609
• Overview 610
• Authentication server 611
• The authentication server is usually the host running the radius server program it stores information of clients confirms whether a client is legal and informs the authenticator whether a client is authenticated 611
• Configuring the radius server 612
• Using the gui 612
• X configuration 612
• Click apply 613
• Configure the parameters of the radius server 613
• Configuring the radius server group 613
• Follow these steps to add a radius server 613
• Follow these steps to add the radius server to a server group 613
• If you click 613
• Server group to load the following page 613
• The following window will pop up select a radius server and click save 613
• To add a new server group 613
• To edit the default radius server group or click 613
• Configuring 802 x globally 615
• Follow these steps to configure 802 x global parameters 615
• Global config to load the following page 615
• In the accounting dot1x method section select an existing radius server group for accounting from the pri1 drop down list and click apply 615
• In the authentication dot1x method section select an existing radius server group for authentication from the pri1 drop down list and click apply 615
• In the global config section configure the following parameters 615
• Click apply 616
• Configuring 802 x on ports 616
• Follow these steps to configure 802 x authentication on the desired port 616
• Port config to load the following page 616
• Select one or more ports and configure the following parameters 616
• Click apply 617
• Authenticator state to load the following page 618
• On this page you can view the authentication status of each port 618
• View the authenticator state 618
• Configuring the radius server 619
• Follow these steps to configure radius 619
• Using the cli 619
• The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 620
• Configuring 802 x globally 621
• The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 622
• Authentication protocol pap 623
• Configuring 802 x on ports 623
• Follow these steps to configure the port 623
• Handshake state enabled 623
• Switch config dot1x auth protocol pap 623
• Switch config dot1x system auth control 623
• Switch config end 623
• Switch config show dot1x global 623
• Switch configure 623
• Switch copy running config startup config 623
• X accounting state disabled 623
• X state enabled 623
• X vlan assignment state disabled 623
• Viewing authenticator state 625
• Configuration example 627
• Configuration scheme 627
• Network requirements 627
• Network topology 627
• Demonstrated with t1600g 52ts acting as the authenticator the following sections provide configuration procedure in two ways using the gui and using the cli 628
• Internet 628
• Radius config and click 628
• To load the following page configure the parameters of the radius server and click create 628
• Using the gui 628
• Using the cli 630
• Verify the configurations 631
• Appendix default parameters 633
• Default settings of 802 x are listed in the following table 633
• Chapters 634
• Configuring port security 634
• Part 21 634
• Overview 635
• Follow these steps to configure port security 636
• Port security configuration 636
• Select one or more ports and configure the following parameters 636
• Using the gui 636
• Click apply 637
• Follow these steps to configure port security 637
• Using the cli 637
• Switch configure 638
• The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 enable exceed max leaned feature and configure the mode as permanent and the status as drop 638
• Appendix default parameters 640
• Default settings of port security are listed in the following table 640
• Chapters 641
• Configuring acl 641
• Part 22 641
• Configuration guidelines 642
• Overview 642
• Acl configuration 643
• Configuring time range 643
• Creating an acl 643
• Using the gui 643
• Configuring acl rules 644
• Configuring mac acl rule 644
• Follow these steps to configure the mac acl rule 645
• In the mac acl rule section configure the following parameters 645
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 646
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 646
• Click apply 647
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 647
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 647
• Configuring ip acl rule 648
• Follow these steps to configure the ip acl rule 649
• In the ip acl rule section configure the following parameters 649
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 650
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 651
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 651
• Click apply 652
• Click edit acl for an ipv6 acl entry to load the following page 652
• Configuring the ipv6 acl rule 652
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 652
• And the following page will appear 653
• Follow these steps to configure the ipv6 acl rule 653
• In acl rules table section click 653
• In the ipv6 acl rule section configure the following parameters 653
• In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 654
• In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 654
• In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 655
• In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 655
• Configuring acl binding 656
• Viewing the acl rules 656
• Choose id or name to be used for matching the acl then select an acl from the drop down list 658
• Click create 658
• Configuring acl 658
• Configuring time range 658
• Enter the id of the vlan to be bound 658
• Follow the steps to create different types of acl and configure the acl rules 658
• Mac acl 658
• Some acl based services or features may need to be limited to take effect only during a specified time period in this case you can configure a time range for the acl for details about time range configuration please refer to managing system 658
• Using the cli 658
• You can define the rules based on source or destination ip address source or destination mac address protocol type port number and others 658
• Switch config access list create 50 659
• Switch configure 659
• The following example shows how to create mac acl 50 and configure rule 5 to permit packets with source mac address 00 34 a2 d4 34 b5 659
• Ip acl 660
• Mac access list 50 name acl_50 660
• Rule 5 permit logging disable smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 660
• Switch config end 660
• Switch config mac acl access list mac 50 rule 5 permit logging disable smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 660
• Switch config mac acl exit 660
• Switch config show access list 50 660
• Switch copy running config startup config 660
• Ip access list 600 name acl_600 661
• Rule 1 permit logging disable sip 192 68 00 smask 255 55 55 55 661
• Switch config access list create 600 661
• Switch config access list ip 600 rule 1 permit logging disable sip 192 68 00 sip mask 255 55 55 55 661
• Switch config end 661
• Switch config show access list 600 661
• Switch configure 661
• Switch copy running config startup config 661
• The following example shows how to create ip acl 600 and configure rule 1 to permit packets with source ip address 192 68 00 661
• Ipv6 acl 662
• Resequencing rules 663
• Configuring policy 664
• Follow the steps below to configure the policy actions for an acl rule 664
• Mac access list 100 name acl_100 664
• Policy allows you to further process the matched packets through operations such as mirroring rate limiting redirecting or changing priority 664
• Rule 1 deny logging disable smac aa bb cc dd ee ff smask ff ff ff ff ff ff 664
• Rule 11 permit logging disable vid 18 664
• Rule 21 permit logging disable dmac aa cc ee ff dd 33 dmask ff ff ff ff ff ff 664
• Switch config end 664
• Switch copy running config startup config 664
• Mac access list 10 name acl_10 665
• Redirect the matched packets to port 1 0 4 for rule 1 of mac acl 10 665
• Switch config access list action 10 rule 1 665
• Switch config action exit 665
• Switch config action redirect interface gigabitethernet 1 0 4 665
• Switch config show access list 10 665
• Switch configure 665
• Acl id acl name interface vid direction type 666
• Configuring acl binding 666
• Follow the steps below to bind acl to a port or a vlan 666
• Rule 5 permit logging disable action redirect gi1 0 4 666
• Sswitch config show access list bind 666
• Switch config access list bind 1 interface vlan 4 gigabitethernet 1 0 3 666
• Switch config end 666
• Switch configure 666
• Switch copy running config startup config 666
• The following example shows how to bind acl 1 to port 3 and vlan 4 666
• You can bind the acl to a port or a vlan the received packets on the port or in the vlan will then be matched and processed according to the acl rules an acl takes effect only after it is bound to a port or vlan 666
• Acl_1 4 ingress vlan 667
• Acl_1 gi1 0 3 ingress port 667
• Switch config end 667
• Switch copy running config startup config 667
• Viewing acl counting 667
• You can use the following command to view the number of matched packets of each acl in the privileged exec mode and any other configuration mode 667
• Configuration example for acl 668
• Configuration scheme 668
• Network requirements 668
• Using the gui 669
• Configure rule 1 to permit packets with the source ip address 10 0 0 24 and destination ip address 10 0 0 24 670
• In the same way configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and tcp 443 https service port 670
• In the same way configure rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 53 or udp 53 dns service port 672
• In the same way configure rule 6 to deny packets with source ip 10 0 0 672
• Using the cli 673
• Verify the configurations 674
• Appendix default parameters 676
• The default settings of acl are listed in the following tables 676
• Chapters 678
• Configuring ipv4 impb 678
• Part 23 678
• Arp detection 679
• Ip mac binding 679
• Ipv4 impb 679
• Ipv4 source guard 679
• Overview 679
• Supported features 679
• Binding entries manually 680
• Ip mac binding configuration 680
• Using the gui 680
• Enter the following information to specify a host 681
• Follow these steps to manually create an ip mac binding entry 681
• Manual binding and click 681
• Select protect type for the entry 681
• To load the following page 681
• Binding entries via arp scanning 682
• Binding entries via dhcp snooping 683
• In the scanning result section select one or more entries and configure the relevant parameters then click bind 683
• With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 683
• Additionally you select one or more entries to edit the host name and protect type and click apply 685
• Binding table to load the following page 685
• Binding table to view or edit the entries 685
• In the binding table you can view search and edit the specified binding entries 685
• Viewing the binding entries 685
• You can specify the search criteria to search your desired entries 685
• Binding entries manually 686
• Binding entries via arp scanning is not supported by the cli the following sections introduce how to bind entries manually and via dhcp snooping and view the binding entries 686
• Follow these steps to manually bind entries 686
• Using the cli 686
• You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 686
• Here arp d for arp detection and ip v s for ip verify source 687
• Host1 192 68 5 74 d4 35 76 a4 d8 10 gi1 0 5 arp d manual 687
• Notice 687
• Switch config end 687
• Switch config ip source binding host1 192 68 5 74 d4 35 76 a4 d8 vlan 10 interface gigabitethernet 1 0 5 arp detection 687
• Switch config show ip source binding 687
• Switch configure 687
• Switch copy running config startup config 687
• The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address 74 d4 35 76 a4 d8 vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 687
• U host ip addr mac addr vid port acl source 687
• Binding entries via dhcp snooping 688
• Follow these steps to bind entries via dhcp snooping 688
• Global status enable 688
• Switch config if ip dhcp snooping max entries 100 688
• Switch config if show ip dhcp snooping 688
• Switch config interface gigabitethernet 1 0 1 688
• Switch config ip dhcp snooping 688
• Switch config ip dhcp snooping vlan 5 688
• Switch configure 688
• The following example shows how to enable dhcp snooping globally and on vlan 5 and set the maximum number of binding entries port 1 0 1 can learn via dhcp snooping as 100 688
• Viewing binding entries 689
• Adding ip mac binding entries 690
• Arp detection configuration 690
• Enabling arp detection 690
• Using the gui 690
• Configuring arp detection on ports 691
• In the vlan config section enable arp detection on the selected vlans click apply 691
• Port config to load the following page 691
• Arp statistics to load the following page 692
• Click apply 692
• Follow these steps to configure arp detection on ports 692
• Select one or more ports and configure the parameters 692
• Viewing arp statistics 692
• You can view the number of the illegal arp packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 692
• Adding ip mac binding entries 693
• Enabling arp detection 693
• Follow these steps to enable arp detection 693
• In arp detection the switch detects the arp packets based on the binding entries in the ip mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 693
• In the auto refresh section you can enable the auto refresh feature and specify the refresh interval and thus the web page will be automatically refreshed 693
• In the illegal arp packet section you can view the number of illegal arp packets in each vlan 693
• Using the cli 693
• Configuring arp detection on ports 694
• Switch config if ip arp inspection limit rate 20 695
• Switch config if ip arp inspection trust 695
• Switch config interface gigabitethernet 1 0 2 695
• Switch configure 695
• The following example shows how to set port 1 02 as a trusted port and set limit rate as 20 pps and burst interval as 2 seconds on port 1 0 2 695
• Viewing arp statistics 696
• Adding ip mac binding entries 697
• Configuring ipv4 source guard 697
• Ipv4 source guard configuration 697
• Using the gui 697
• Adding ip mac binding entries 698
• Configuring ipv4 source guard 698
• Follow these steps to configure ipv4 source guard 698
• In ipv4 source guard the switch filters the packets that do not match the rules of ipv4 mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 698
• In the global config section choose whether to enable the log feature click apply 698
• In the port config section configure the protect type for ports and click apply 698
• Using the cli 698
• Gi1 0 1 sip mac n a 699
• Port security type lag 699
• Switch config if end 699
• Switch config if ip verify source sip mac 699
• Switch config if show ip verify source interface gigabitethernet 1 0 1 699
• Switch config interface gigabitethernet 1 0 1 699
• Switch configure 699
• Switch copy running config startup config 699
• The following example shows how to enable ipv4 source guard on port 1 0 1 699
• Configuration examples 700
• Configuration scheme 700
• Example for arp detection 700
• Network requirements 700
• Using the gui 701
• Using the cli 703
• Verify the configuration 704
• Configuration scheme 705
• Example for ip source guard 705
• Network requirements 705
• Using the gui 705
• Using the cli 707
• Verify the configuration 707
• Appendix default parameters 709
• Default settings of arp detection are listed in the following table 709
• Default settings of dhcp snooping are listed in the following table 709
• Default settings of ipv4 source guard are listed in the following table 710
• Chapters 711
• Configuring ipv6 impb 711
• Part 24 711
• Ipv6 impb 712
• Ipv6 mac binding 712
• Nd detection 712
• Overview 712
• Supported features 712
• Internet 713
• Ipv6 source guard 713
• Ipv6 source guard is used to filter the ipv6 packets based on the ipv6 mac binding table only the packets that match the binding rules are forwarded 713
• Binding entries manually 714
• Ipv6 mac binding configuration 714
• Using the gui 714
• Click apply 715
• Enter or select the port that is connected to this host 715
• Enter the following information to specify a host 715
• Follow these steps to manually create an ipv6 mac binding entry 715
• Select protect type for the entry 715
• Binding entries via nd snooping 716
• Binding entries via dhcpv6 snooping 717
• Additionally you select one or more entries to edit the host name and protect type and click apply 719
• Binding table to load the following page 719
• Binding table to view or edit the entries 719
• In the binding table you can view search and edit the specified binding entries 719
• Viewing the binding entries 719
• You can specify the search criteria to search your desired entries 719
• Binding entries manually 720
• Follow these steps to manually bind entries 720
• The following sections introduce how to bind entries manually and via nd snooping and dhcp snooping and how to view the binding entries 720
• Using the cli 720
• You can manually bind the ipv6 address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 720
• Host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff 10 gi1 0 5 nd d manual 721
• Switch config end 721
• Switch config ipv6 source binding host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff vlan 10 interface gigabitethernet 1 0 5 nd detection 721
• Switch config show ipv6 source binding 721
• Switch configure 721
• Switch copy running config startup config 721
• The following example shows how to bind an entry with the hostname host1 ipv6 address 2001 0 9d38 90d5 34 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for nd detection 721
• U host ip addr mac addr vid port acl source 721
• Binding entries via nd snooping 722
• Follow these steps to bind entries via nd snooping 722
• Global status enable 722
• Switch config ipv6 nd snooping 722
• Switch config ipv6 nd snooping vlan 1 722
• Switch config show ipv6 nd snooping 722
• Switch configure 722
• The following example shows how to enable nd snooping globally and on vlan 1 722
• Vlan id 1 722
• Binding entries via dhcpv6 snooping 723
• Follow these steps to bind entries via dhcp snooping 723
• Gi1 0 1 1000 n a 723
• Interface max entries lag 723
• Switch config end 723
• Switch config if end 723
• Switch config if ipv6 nd snooping max entries 1000 723
• Switch config if show ipv6 nd snooping interface gigabitethernet 1 0 1 723
• Switch config interface gigabitethernet 1 0 1 723
• Switch configure 723
• Switch copy running config startup config 723
• The following example shows how to configure the maximum number of entries that can be learned on port 1 0 1 723
• Viewing binding entries 724
• Adding ipv6 mac binding entries 725
• Enabling nd detection 725
• Nd detection configuration 725
• Using the gui 725
• Click apply 726
• Configuring nd detection on ports 726
• Follow these steps to configure nd detection on ports 726
• In the vlan config section enable nd detection on the selected vlans click apply 726
• Port config to load the following page 726
• Select one or more ports and configure the parameters 726
• Adding ipv6 mac binding entries 727
• Enabling nd detection 727
• Using the cli 727
• Viewing nd statistics 727
• Enable disable 728
• Global status enable 728
• Switch config end 728
• Switch config ipv6 nd detection 728
• Switch config ipv6 nd detection vlan 1 728
• Switch config show ipv6 nd detection 728
• Switch config show ipv6 nd detection vlan 728
• Switch configure 728
• Switch copy running config startup config 728
• The following example shows how to enable nd detection globally and on vlan 1 728
• Vid enable status log status 728
• Configuring nd detection on ports 729
• Follow these steps to configure nd detection on ports 729
• Gi1 0 1 enable n a 729
• Interface trusted lag 729
• On privileged exec mode or any other configuration mode you can use the following command to view nd statistics 729
• Switch config if end 729
• Switch config if ipv6 nd detection trust 729
• Switch config if show ipv6 nd detection interface gigabitethernet 1 0 1 729
• Switch config interface gigabitethernet 1 0 1 729
• Switch configure 729
• Switch copy running config startup config 729
• The following example shows how to configure port 1 0 1 as trusted port 729
• Viewing nd statistics 729
• Adding ipv6 mac binding entries 731
• Configuring ipv6 source guard 731
• Ipv6 source guard configuration 731
• Using the gui 731
• Adding ipv6 mac binding entries 732
• Before configuring ipv6 source guard you need to configure the sdm template as enterprisev6 732
• Click apply 732
• Configuring ipv6 source guard 732
• Follow these steps to configure ipv6 source guard 732
• Select one or more ports and configure the protect type for ports 732
• The nd detection feature allows the switch to detect the nd packets based on the binding entries in the ipv6 mac binding table and filter out the illegal nd packets before configuring nd detection complete ipv6 mac binding configuration for details refer to ipv6 mac binding configuration 732
• Using the cli 732
• Gi1 0 1 sipv6 mac n a 733
• Port security type lag 733
• Switch config if end 733
• Switch config if ipv6 verify source sipv6 mac 733
• Switch config if show ipv6 verify source interface gigabitethernet 1 0 1 733
• Switch config interface gigabitethernet 1 0 1 733
• Switch configure 733
• Switch copy running config startup config 733
• The following example shows how to enable ipv6 source guard on port 1 0 1 733
• Configuration examples 734
• Configuration scheme 734
• Example for nd detection 734
• Network requirements 734
• Using the gui 735
• Using the cli 737
• Verify the configuration 737
• Configuration scheme 739
• Example for ipv6 source guard 739
• Network requirements 739
• Using the gui 739
• Using the cli 741
• Verify the configuration 741
• Appendix default parameters 742
• Default settings of dhcp snooping are listed in the following table 742
• Default settings of nd detection are listed in the following table 742
• Default settings of ipv6 source guard are listed in the following table 743
• Chapters 744
• Configuring dhcp filter 744
• Part 25 744
• Dhcp filter 745
• Overview 745
• Supported features 745
• Dhcpv4 filter 746
• Dhcpv4 filter is used for dhcpv4 servers and ipv4 clients 746
• Dhcpv6 filter 746
• Dhcpv6 filter is used for dhcpv6 servers and ipv6 clients 746
• Configuring the basic dhcpv4 filter parameters 747
• Dhcpv4 filter configuration 747
• Using the gui 747
• Click apply 748
• Click create 749
• Configure the following parameters 749
• Configuring legal dhcpv4 servers 749
• Configuring the basic dhcpv4 filter parameters 749
• Follow these steps to add a legal dhcpv4 server 749
• Follow these steps to complete the basic settings of dhcpv4 filter 749
• Legal dhcpv4 servers and 749
• To load the following page 749
• Using the cli 749
• Configuring legal dhcpv4 servers 751
• Follow these steps configure legal dhcpv4 servers 751
• Gi1 0 1 enable enable 10 20 n a 751
• Global status enable 751
• Interface state mac verify limit rate dec rate lag 751
• Switch config if end 751
• Switch config if ip dhcp filter 751
• Switch config if ip dhcp filter decline rate 20 751
• Switch config if ip dhcp filter limit rate 10 751
• Switch config if ip dhcp filter mac verify 751
• Switch config if show ip dhcp filter 751
• Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 751
• Switch config interface gigabitethernet 1 0 1 751
• Switch config ip dhcp filter 751
• Switch configure 751
• Switch copy running config startup config 751
• The following example shows how to enable dhcpv4 filter globally and how to enable dhcpv4 filter enable the mac verify feature set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 751
• Configuring the basic dhcpv6 filter parameters 753
• Dhcpv6 filter configuration 753
• Using the gui 753
• Click apply 754
• Configure the following parameters 754
• Configuring legal dhcpv6 servers 754
• Follow these steps to add a legal dhcpv6 server 754
• Legal dhcpv6 servers and 754
• To load the following page 754
• Click create 755
• Configuring the basic dhcpv6 filter parameters 755
• Follow these steps to complete the basic settings of dhcpv6 filter 755
• Using the cli 755
• Configuring legal dhcpv6 servers 756
• 54 gi1 0 1 757
• Server ip interface 757
• Switch config end 757
• Switch config ipv6 dhcp filter server permit entry server ip 2001 54 interface gigabitethernet 1 0 1 757
• Switch config show ipv6 dhcp filter server permit entry 757
• Switch configure 757
• Switch copy running config startup config 757
• The following example shows how to create an entry for the legal dhcpv6 server whose ipv6 address is 2001 54 and connected port number is 1 0 1 757
• Configuration examples 758
• Configuration scheme 758
• Example for dhcpv4 filter 758
• Network requirements 758
• Using the gui 759
• Using the cli 760
• Verify the configuration 760
• Example for dhcpv6 filter 761
• Network requirements 761
• Configuration scheme 762
• Using the gui 762
• Using the cli 764
• Verify the configuration 764
• 54 gi1 0 1 765
• Server ip interface 765
• Appendix default parameters 766
• Default settings of dhcpv4 filter are listed in the following table 766
• Chapters 767
• Configuring dos defend 767
• Part 26 767
• Overview 768
• Dos defend configuration 769
• Follow these steps to configure dos defend 769
• In the dos defend config section select one or more defend types according to your needs and click apply the following table introduces each type of dos attack 769
• In the dos defend section enable dos protection and click apply 769
• Using the gui 769
• Click apply 770
• Follow these steps to configure dos defend 770
• Using the cli 770
• Switch configure 771
• The following example shows how to enable the dos defend type named land 771
• Appendix default parameters 773
• Default settings of network security are listed in the following tables 773
• Chapters 774
• Monitoring the system 774
• Part 27 774
• Overview 775
• Monitoring the cpu 776
• Using the cli 776
• Using the gui 776
• Monitoring the memory 778
• Using the cli 778
• Using the gui 778
• Unit current memory utilization 779
• Traffic monitor 781
• Using the gui 781
• To view a port s traffic statistics in detail click statistics on the right side of the entry 782
• On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 785
• Using the cli 785
• Appendix default parameters 786
• Chapters 787
• Mirroring traffic 787
• Part 29 787
• Mirroring 788
• Using the gui 788
• Follow these steps to configure the mirroring session 789
• In the destination port config section specify a destination port for the mirroring session and click apply 789
• In the source interfaces config section specify the source interfaces and click apply traffic passing through the source interfaces will be mirrored to the destination port there are three source interface types port lag and cpu choose one or more types according to your need 789
• Follow these steps to configure mirroring 790
• Switch config monitor session 1 destination interface gigabitethernet 1 0 10 790
• Switch configure 790
• The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 and the cpu to port 1 0 10 790
• Using the cli 790
• Configuration examples 792
• Configuration scheme 792
• Network requirements 792
• Using the gui 792
• Using the cli 793
• Verify the configuration 794
• Appendix default parameters 795
• Default settings of switching are listed in th following tables 795
• Chapters 796
• Configuring dldp 796
• Part 30 796
• Overview 797
• Configuration guidelines 798
• Dldp configuration 798
• Using the gui 798
• In the port config section select one or more ports enable dldp and click apply then you can view the relevant dldp information in the table 799
• Follow these steps to configure dldp 800
• Switch configure 800
• The following example shows how to enable dldp globally configure the dldp interval as 10 seconds and specify the shutdown mode as auto 800
• Using the cli 800
• Appendix default parameters 802
• Default settings of dldp are listed in the following table 802
• Chapters 803
• Configuring snmp rmon 803
• Part 31 803
• Basic concepts 804
• Overview 804
• Snmp agent 804
• Snmp manager 804
• A mib is a collection of managed objects that is organized hierarchically the objects define the attributes of the managed device including the names status access rights and data types each object can be addressed through an object identifier oid 805
• Also tp link switches support the following public mibs 805
• As the following figure shows the mib hierarchy can be depicted as a tree with a nameless root the levels of which are assigned by different organizations the top level mib object ids belong to different standards organizations while lower level object ids are allocated by associated organizations vendors can define private branches that include managed objects for their own products 805
• Lldp ext dot1 mib 805
• Lldp ext med mib 805
• Lldp mib 805
• Rfc1213 mib 805
• Rfc1493 bridge mib 805
• Rfc1757 rmon mib 805
• Rfc2618 radius auth client mib 805
• Tp link switches provide private mibs that can be identified by the oid 1 1863 the mib file can be found on the provided cd or the download center of our official website http www tp link com en download center html 805
• An snmp engine can be uniquely identified by an engine id within an administrative domain since there is a one to one association between snmp engines and snmp entities we can also use the engine id to uniquely and unambiguously identify the snmp entity within that administrative domain 806
• An snmp engine is a part of the snmp entity every snmp entity has one and only one engine an snmp engine provides services for ending and receiving messages authenticating and encrypting messages and controlling access to managed objects 806
• An snmp entity is a device running the snmp protocol both the snmp manager and snmp agent are snmp entities 806
• For detail information about the supported public mibs see supported public mibs for tp link switches which can be found on the training center of our website 806
• Http www tp link com en configuration guides html 806
• Rfc2620 radius acc client mib 806
• Rfc2674 pbridge mib 806
• Rfc2674 qbridge mib 806
• Rfc2863 pbridge mib 806
• Rfc2925 disman ping mib 806
• Rfc2925 disman traceroute mib 806
• Snmp engine 806
• Snmp entity 806
• Snmp version 806
• The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 806
• Enabling snmp 808
• Snmp configurations 808
• Using the gui 808
• Click apply 809
• Creating an snmp view 809
• Follow these steps to create an snmp view 809
• Global config to load the following page 809
• Nms manages mib objects based on the snmp view an snmp view is a subset of a mib the system provides a default view named viewdefault and you can create other snmp views according to your needs 809
• To load the following page enter a view name and specify the view type and a mib object that is related to the view 809
• Click create 810
• Creating snmp communities for snmp v1 v2c 810
• Set the community name access rights and the related view 810
• Snmp v1 v2c and click 810
• To load the following page 810
• Assign a name to the group then set the security level and the read view write view and notify view 811
• Click create 811
• Create an snmp group and configure related parameters 811
• Creating an snmp group for snmp v3 811
• Follow these steps to create an snmp group 811
• Snmp group and click 811
• To load the following page 811
• Click create 812
• Creating snmp users for snmp v3 812
• Follow these steps to create an snmp user 812
• Snmp user and click 812
• Specify the user name user type and the group which the user belongs to then configure the security level 812
• To load the following page 812
• Click create 813
• Enabling snmp 813
• If you have chosen authnopriv or authpriv as the security level you need to set corresponding authentication mode or privacy mode if not skip the step 813
• Using the cli 813
• Bad snmp version errors 814
• Snmp agent is enabled 814
• Snmp packets input 814
• Switch config show snmp server 814
• Switch config snmp server 814
• Switch config snmp server engineid remote 123456789a 814
• Switch configure 814
• The following example shows how to enable snmp and set 123456789a as the remote engine id 814
• Unknown community name 814
• Bad value errors 815
• Creating an snmp view 815
• Encoding errors 815
• General errors 815
• Get next pdus 815
• Get request pdus 815
• Illegal operation for community name supplied 815
• Local engine id 80002e5703000aeb13a23d 815
• No such name errors 815
• Number of altered variables 815
• Number of requested variables 815
• Remote engine id 123456789a 815
• Response pdus 815
• Set request pdus 815
• Snmp packets output 815
• Specify the oid object identifier of the view to determine objects to be managed 815
• Switch config end 815
• Switch config show snmp server engineid 815
• Switch copy running config startup config 815
• Too big errors maximum packet size 1500 815
• Trap pdus 815
• Creating snmp communities for snmp v1 v2c 816
• Create an snmp group and set user access control with read write and notify views meanwhile set the authentication and privacy modes to secure the communication between the nms and managed devices 817
• Creating an snmp group for snmpv3 817
• Index name type mib view 817
• Nms monitor read write view 817
• Switch config end 817
• Switch config show snmp server community 817
• Switch config snmp server community nms monitor read write view 817
• Switch configure 817
• Switch copy running config startup config 817
• The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 817
• 1 nms1 v3 authpriv view1 view1 818
• No name sec mode sec lev read view write view notify view 818
• Switch config end 818
• Switch config show snmp server group 818
• Switch config snmp server group nms1 smode v3 slev authpriv read view1 notify view1 818
• Switch configure 818
• Switch copy running config startup config 818
• The following example shows how to create an snmpv3 group with the group name as nms1 the security level as authpriv and the read and notify view are both view1 818
• Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 819
• Creating snmp users for snmpv3 819
• Configuring the information of nms hosts 821
• Notification configurations 821
• Using the gui 821
• Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 822
• Click create 822
• Specify the user name or community name used by the nms host and configure the security model and security level based on the settings of the user or community 822
• Enabling snmp traps 823
• Select the traps to enable according to your needs 823
• The supported traps are listed on the page follow these steps to enable any or all of these traps 823
• Trap config to load the following page 823
• Click apply 824
• Configure parameters of the nms host and packet handling mechanism 825
• Configuring the nms host 825
• Using the cli 825
• Enabling snmp traps 826
• Enabling the snmp extended traps globally 827
• Switch config end 827
• Switch config snmp server traps snmp linkup 827
• Switch configure 827
• Switch copy running config startup config 827
• The following example shows how to configure the switch to send linkup traps 827
• Switch config end 828
• Switch config snmp server traps bandwidth control 828
• Switch configure 828
• Switch copy running config startup config 828
• The following example shows how to configure the switch to enable bandwidth control traps 828
• Enabling the snmp security traps globally 829
• Enabling the vlan traps globally 829
• Switch config end 829
• Switch config snmp server traps vlan 829
• Switch configure 829
• Switch copy running config startup config 829
• The following example shows how to configure the switch to enable all the snmp vlan traps 829
• Enabling the acl trap globally 830
• Enabling the ip traps globally 830
• Switch config end 830
• Switch config snmp server traps acl 830
• Switch config snmp server traps security dhcp filter 830
• Switch configure 830
• Switch copy running config startup config 830
• The following example shows how to configure the switch to enable acl trap 830
• The following example shows how to configure the switch to enable dhcp filter trap 830
• Enabling the snmp poe traps globally 831
• Switch config end 831
• Switch config snmp server traps ip change 831
• Switch configure 831
• Switch copy running config startup config 831
• The following example shows how to configure the switch to enable ip change trap 831
• Enabling the link status trap for ports 832
• Switch config end 832
• Switch config if end 832
• Switch config if snmp server traps link status 832
• Switch config interface gigabitethernet 1 0 1 832
• Switch config snmp server traps power 832
• Switch configure 832
• Switch copy running config startup config 832
• The following example shows how to configure the switch to enable all poe traps 832
• The following example shows how to configure the switch to enable link status trap 832
• Configuring statistics group 834
• Rmon configurations 834
• Using the gui 834
• Click create 835
• Configuring history group 835
• Follow these steps to configure the history group 835
• History to load the following page 835
• Select a history entry and specify a port to be monitored 835
• Set the sample interval and the maximum buckets of history entries 835
• Choose an event entry and set the snmp user of the entry 836
• Configuring event group 836
• Enter the owner name and set the status of the entry click apply 836
• Event to load the following page 836
• Follow these steps to configure the event group 836
• Set the description and action to be taken when the event is triggered 836
• Alarm to load the following page 837
• Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 837
• Configuring alarm group 837
• Enter the owner name and set the status of the entry click apply 837
• Follow these steps to configure the alarm group 838
• Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 838
• Set the sample type the rising and falling threshold the corresponding event action mode and the alarm type of the entry 838
• Configuring statistics 839
• Enter the owner name and set the status of the entry click apply 839
• Using the cli 839
• Gi1 0 1 monitor valid 840
• Gi1 0 2 monitor valid 840
• Index port owner state 840
• Switch config end 840
• Switch config rmon statistics 1 interface gigabitethernet 1 0 1 owner monitor status valid 840
• Switch config rmon statistics 2 interface gigabitethernet 1 0 2 owner monitor status valid 840
• Switch config show rmon statistics 840
• Switch configure 840
• Switch copy running config startup config 840
• The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entries are both monitor and the status are both valid 840
• Configuring history 841
• Gi1 0 1 100 50 monitor enable 841
• Index port interval buckets owner state 841
• Switch config end 841
• Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor buckets 50 841
• Switch config show rmon history 841
• Switch configure 841
• The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds maximum buckets as 50 and the owner as monitor 841
• Configuring event 842
• Switch config rmon event 1 user admin description rising notify type notify owner monitor 842
• Switch configure 842
• Switch copy running config startup config 842
• The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 842
• Admin rising notify notify monitor enable 843
• Configuring alarm 843
• Index user description type owner state 843
• Switch config end 843
• Switch config show rmon event 843
• Switch copy running config startup config 843
• Configuration example 846
• Network requirements 846
• Configuration scheme 847
• Using the gui 847
• Using the cli 852
• Verify the configurations 854
• Appendix default parameters 858
• Default settings of snmp are listed in the following tables 858
• Default settings of notification are listed in the following table 859
• Default settings of rmon are listed in the following tables 860
• Chapters 862
• Diagnosing the device network 862
• Part 32 862
• Check the test results in the result section 863
• Device diagnostics to load the following page 863
• Diagnosing the device 863
• Follow these steps to diagnose the cable 863
• Select your desired port for the test and click apply 863
• The device diagnostics feature provides cable testing which allows you to troubleshoot based on the connection status cable length and fault location 863
• Using the gui 863
• Gi1 0 2 pair a normal 2 10m 864
• On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 864
• Pair b normal 2 10m 864
• Pair c normal 0 10m 864
• Pair d normal 2 10m 864
• Port pair status length error 864
• Switch show cable diagnostics interface gigabitehternet 1 0 2 864
• The following example shows how to check the cable diagnostics of port 1 0 2 864
• Using the cli 864
• Diagnosing the network 865
• Troubleshooting with ping testing 865
• Using the gui 865
• Troubleshooting with tracert testing 866
• Approximate round trip times in milli seconds 867
• Configuring the ping test 867
• In the tracert result section check the test results 867
• Minimum 0ms maximum 0ms average 0ms 867
• On privileged exec mode you can use the following command to test the connectivity between the switch and one node of the network 867
• Packets sent 3 received 3 lost 0 0 loss 867
• Ping statistics for 192 68 0 867
• Pinging 192 68 0 with 1000 bytes of data 867
• Reply from 192 68 0 bytes 1000 time 16ms ttl 64 867
• Switch ping ip 192 68 0 n 3 l 1000 i 500 867
• The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 867
• Using the cli 867
• Configuring the tracert test 868
• Ms 1 ms 2 ms 192 68 868
• Ms 2 ms 2 ms 192 68 00 868
• On privileged exec mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 868
• Switch tracert 192 68 00 2 868
• The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 868
• Trace complete 868
• Tracing route to 192 68 00 over a maximum of 2 hops 868
• Appendix default parameters 869
• Default settings of network diagnostics are listed in the following tables 869
• Chapters 870
• Configuring system logs 870
• Part 33 870
• Overview 871
• Backing up the logs 872
• Configuration guidelines 872
• Configure the local logs 872
• Configure the remote logs 872
• Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 872
• System logs configurations 872
• System logs configurations include 872
• Viewing the log table 872
• Click apply 873
• Configuring the local logs 873
• Configuring the remote logs 873
• Follow these steps to configure the local logs 873
• Local logs to load the following page 873
• Select your desired channel and configure the corresponding severity and status 873
• Using the gui 873
• You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log 873
• Backing up the logs 874
• Log table to load the following page 875
• Select a module and a severity to view the corresponding log information 875
• Viewing the log table 875
• Configuring the local logs 876
• Follow these steps to configure the local logs 876
• Using the cli 876
• Configuring the remote logs 877
• 6 disable 878
• 68 48 5 enable 878
• Index host ip severity status 878
• Switch config end 878
• Switch config logging host index 2 192 68 48 5 878
• Switch config show logging loghost 878
• Switch configure 878
• Switch copy running config startup config 878
• The following example shows how to set the remote log on the switch enable log server 2 set its ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the server 878
• Configuration example 879
• Configuration scheme 879
• Network requirements 879
• Using the gui 879
• Using the cli 880
• Verify the configurations 880
• Appendix default parameters 881
• Default settings of maintenance are listed in the following tables 881
• Fcc statement 882
• Bsmi notice 883
• Ce mark warning 883
• Eu declaration of conformity 883
• Industry canada statement 883
• Safety information 884
• 限用物質含有情況標示聲明書 884
• Explanation of the symbols on the product label 885
• Copyright trademarks 886