Tp-Link T1600G-52TS V1 Configuration Guide онлайн

Содержание

• Configuration guide 1
• T1600g series switches 1
• About this guide 2
• Accessing the switch 2
• Command line interface access 1 2
• Contents 2
• Conventions 2
• Intended readers 2
• Managing system 2
• More information 2
• Overview 2
• System 3 2
• System info configurations 5 2
• Web interface access 2
• Access security configurations 6 3
• System tools configurations 6 3
• User management configurations 8 3
• Appendix default parameters 4 4
• Basic parameters configurations 9 4
• Configuration examples 7 4
• Loopback detection configuration 3 4
• Managing physical interfaces 4
• Physical interface 8 4
• Port isolation configurations 0 4
• Port mirror configuration 3 4
• Port security configuration 7 4
• Sdm template configuration 1 4
• Address configurations 33 5
• Appendix default parameters 06 5
• Appendix default parameters 23 5
• Appendix default parameters 29 5
• Configuration example 19 5
• Configuring lag 5
• Lag 09 5
• Lag configuration 10 5
• Mac address table 31 5
• Managing mac address table 5
• Monitoring traffic 5
• Traffic monitor 25 5
• Appendix default parameters 50 6
• Configuration example 59 6
• Configuring 802 q vlan 6
• Example for security configurations 47 6
• Overview 52 6
• Q vlan configuration 53 6
• Security configurations 41 6
• Appendix default parameters 64 7
• Appendix default parameters 80 7
• Configuration example 72 7
• Configuration example 89 7
• Configuring mac vlan 7
• Configuring protocol vlan 7
• Mac vlan configuration 67 7
• Overview 66 7
• Overview 82 7
• Protocol vlan configuration 83 7
• Appendix default parameters 99 8
• Configuring spanning tree 8
• Mstp configurations 19 8
• Spanning tree 01 8
• Stp rstp configurations 09 8
• Stp security configurations 38 8
• Appendix default parameters 62 9
• Configuration example for mstp 43 9
• Igmp snooping configurations 67 9
• Layer 2 multicast 65 9
• Managing layer 2 multicast 9
• Configuring mld snooping 05 11
• Viewing multicast snooping configurations 40 12
• Appendix default parameters 76 13
• Configuration examples 43 13
• Logical interfaces configurations 81 13
• Managing logical interfaces 13
• Overview 80 13
• Appendix default parameter 07 14
• Appendix default parameters 92 14
• Configuring dhcp relay 14
• Configuring static routing 14
• Dhcp relay configuration 10 14
• Example for static routing 02 14
• Ipv4 static routing configuration 95 14
• Ipv6 static routing configuration 97 14
• Overview 09 14
• Overview 94 14
• Viewing routing table 00 14
• Appendix default parameters 19 15
• Arp configurations 22 15
• Bandwidth control configuration 41 15
• Configuration example 16 15
• Configuration examples 47 15
• Configuring arp 15
• Configuring qos 15
• Diffserv configuration 29 15
• Overview 21 15
• Qos 28 15
• Acl 94 16
• Acl configurations 95 16
• Appendix default parameters 67 16
• Appendix default parameters 92 16
• Configuration example 80 16
• Configuring acl 16
• Configuring voice vlan 16
• Overview 70 16
• Voice vlan configuration 72 16
• Appendix default parameters 23 17
• Arp inspection configurations 43 17
• Configuration example for acl 15 17
• Configuring network security 17
• Dhcp snooping configuration 35 17
• Ip mac binding configurations 29 17
• Network security 25 17
• Aaa configuration 66 18
• Configuration examples 84 18
• Dos defend configuration 50 18
• X configuration 54 18
• Appendix default parameters 03 19
• Configuring lldp 19
• Lldp 08 19
• Lldp configurations 09 19
• Lldp med configurations 17 19
• Viewing lldp settings 24 19
• Appendix default parameters 54 20
• Configuration example 32 20
• Configuring maintenance 20
• Maintenance 56 20
• Monitoring the system 57 20
• System log configurations 60 20
• Viewing lldp med settings 29 20
• Appendix default parameters 75 21
• Configuration example for remote log 73 21
• Diagnosing the device 67 21
• Diagnosing the network 69 21
• Managing snmp rmon 21
• Notification configurations 92 21
• Snmp configurations 78 21
• Snmp overview 77 21
• Appendix default parameters 27 22
• Configuration example 13 22
• Rmon configurations 01 22
• Rmon overview 00 22
• About this guide 23
• Conventions 23
• Intended readers 23
• More information 24
• Accessing the switch 25
• Chapters 25
• Part 1 25
• Overview 26
• Web interface access 27
• Save config function 28
• Disable the web server 29
• Configure the switch s ip address and default gateway 30
• Box displays the valid default gateway 32
• Check the routing table to verify the default gateway you configured the entry marked in red 32
• Click save config to save the settings 32
• Command line interface access 33
• Console login only for switch with console port 33
• Telnet login 35
• Ssh login 36
• Password authentication mode 37
• Key authentication mode 38
• Disable ssh login 41
• Disable telnet login 41
• Change the switch s ip address and default gateway 42
• Copy running config startup config 42
• Chapters 44
• Managing system 44
• Part 2 44
• Access security 45
• Overview 45
• Supported features 45
• System 45
• System info 45
• System tools 45
• User management 45
• Sdm template 46
• System info configurations 47
• Using the gui 47
• Viewing the system summary 47
• Click a port to view the bandwidth utilization on this port 48
• Move the cursor to the port to view the detailed information of the port 48
• Setting the system time 49
• Specifying the device description 49
• Choose one method to set the system time and specify the information 50
• Click apply 50
• Daylight saving time to load the following page 50
• In the time config section follow these steps to configure the system time 50
• Setting the daylight saving time 50
• Choose one method to set the daylight saving time of the switch and specify the 51
• Follow these steps to configure daylight saving time 51
• In the dst config section select enable to enable the daylight saving time function 51
• Information 51
• Click apply 52
• Gi1 0 1 linkdown n a n a n a disable copper 52
• Gi1 0 2 linkdown n a n a n a disable copper 52
• Gi1 0 3 linkup 1000m full disable disable copper 52
• Gi1 0 50 linkdown n a n a n a disable fiber 52
• Gi1 0 51 linkdown n a n a n a disable fiber 52
• On privileged exec mode or any other configuration mode you can use the following command 52
• Port status speed duplex flowctrl jumbo active medium 52
• Switch 52
• Switch show interface status 52
• The following example shows how to view the interface status and the system information of the 52
• To view the system information of the switch 52
• Using the cli 52
• Viewing the system summary 52
• Contact information www tp link com 53
• Follow these steps to specify the device description 53
• Gi1 0 52 linkdown n a n a n a disable fiber 53
• Hardware version t1600g 52ts 1 53
• Running time 3 day 2 hour 8 min 26 sec 53
• Software version 1 build 20160412 rel 2132 s 53
• Specifying the device description 53
• Switch show system info 53
• System description jetstream 48 port gigabit smart switch with 4 sfp slots 53
• System location shenzhen 53
• System name t1600g 52ts 53
• System time 2016 01 04 10 07 38 53
• Setting the system time 54
• 8 00 63 and set the update rate as 11 57
• Backup ntp server 139 8 00 63 57
• Follow these steps and choose one method to set the daylight saving time 57
• Last successful ntp server 133 00 57
• Prefered ntp server 133 00 57
• Setting the daylight saving time 57
• Switch config end 57
• Switch config show system time ntp 57
• Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 57
• Switch configure 57
• Switch copy running config startup config 57
• The following example shows how to set the system time by get time from ntp server and set 57
• The time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 57
• Time zone utc 08 00 57
• Update rate 11 hour s 57
• Dst configuration is one off 59
• Dst ends at 01 00 00 on sep 1 2016 59
• Dst offset is 50 minutes 59
• Dst starts at 01 00 00 on aug 1 2016 59
• Switch config end 59
• Switch config show system time dst 59
• Switch config system time dst date aug 1 01 00 2016 sep 1 01 00 2016 50 59
• Switch configure 59
• Switch copy running config startup config 59
• The following example shows how to set the daylight saving time by date mode set the start 59
• Time as 01 00 august 1st 2016 set the end time as 01 00 september 1st 2016 and set the offset as 59
• Creating admin accounts 60
• User management configurations 60
• Using the gui 60
• Click create 61
• Creating accounts of other types 61
• Creating an account 61
• Need to go to the aaa section to create an enable password for these accounts the enable 61
• Password is used to change the users access level to admin 61
• User config to load the following page 61
• You can create accounts with the access level of operator power user and user here you also 61
• Configuring enable password 62
• Creating admin accounts 63
• Follow these steps to create an admin account 63
• Using the cli 63
• Creating accounts of other types 64
• Follow these steps to create an account of other type 64
• Need to go to the aaa section to create an enable password for these accounts the enable 64
• Password is used to change the users access level to admin 64
• You can create accounts with the access level of operator power user and user here you also 64
• For details refer to aaa configuration in configuring network security 66
• Privileges 66
• The aaa function applies another method to manage the access users name and password 66
• The logged in users can enter the enable password on this page to get the administrative 66
• Configuring the boot file 68
• System tools configurations 68
• Using the gui 68
• Click apply 69
• Click import to import the configuration file 69
• Config restore to load the following page 69
• Follow these steps to configure the boot file 69
• Follow these steps to restore the configuration of the switch 69
• In the boot table section select one or more units and configure the relevant parameters 69
• In the config restore section select one unit and one configuration file 69
• Restoring the configuration of the switch 69
• Backing up the configuration file 70
• Upgrading the firmware 70
• Configuring the reboot schedule 71
• Rebooting the switch 71
• Configuring the boot file 72
• Follow these steps to configure the boot file 72
• In the system reset section select the desired unit and click reset 72
• Reseting the switch 72
• System reset to load the following page 72
• Using the cli 72
• Backup image image2 bin 73
• Boot config 73
• Current startup image image1 bin 73
• Follow these steps to restore the configuration of the switch 73
• Image as image 2 73
• Next startup image image1 bin 73
• Restoring the configuration of the switch 73
• Switch config boot application filename image1 startup 73
• Switch config boot application filename image2 backup 73
• Switch config end 73
• Switch config show boot 73
• Switch configure 73
• Switch copy running config startup config 73
• The following example shows how to set the next startup image as image 1 and set the backup 73
• Backing up the configuration file 74
• Backup user config file ok 74
• Enable 74
• Follow these steps to back up the current configuration of the switch in a file 74
• Follow these steps to upgrade the firmware 74
• Operation ok now rebooting system 74
• Server with ip address 192 68 00 74
• Start to backup user config file 74
• Start to load user config file 74
• Switch copy startup config tftp ip address 192 68 00 filename file2 74
• Switch copy tftp startup config ip address 192 68 00 filename file1 74
• The following example shows how to backup the configuration file named file2 from tftp server 74
• The following example shows how to restore the configuration file named file1 from the tftp 74
• Upgrading the firmware 74
• With ip address 192 68 00 74
• Configuring the reboot schedule 75
• Enable 75
• File3 bin the tftp server is 190 68 00 75
• Follow these steps and choose one type to configure the reboot schedule 75
• Follow these steps to reboot the switch 75
• It will only upgrade the backup image continue y n y 75
• Operation ok 75
• Reboot with the backup image y n y 75
• Rebooting the switch 75
• Switch firmware upgrade ip address 192 68 00 filename file3 bin 75
• The following example shows how to upgrade the firmware using the configuration file named 75
• Reboot schedule at 2016 01 15 12 00 in 17007 minutes 76
• Reboot schedule settings 76
• Reboot system at 15 01 2016 12 00 continue y n y 76
• Save before reboot yes 76
• Switch config end 76
• Switch config reboot schedule at 12 00 15 01 2016 save_before_reboot 76
• Switch configure 76
• Switch copy running config startup config 76
• The following example shows how to set the switch to reboot at 12 00 on 15 01 2016 76
• Follow these steps to reset the switch 77
• Reseting the switch 77
• Access security configurations 78
• Configuring the access control feature 78
• Using the gui 78
• Click apply 79
• When the ip based mode is selected the following section will display 79
• When the port based mode is selected the following section will display 79
• Configuring the http function 80
• Configuring the https function 81
• Https config to load the following page 81
• In the global config section select enable to enable https function and select the protocol 81
• The switch supports click apply 81
• In the access user number section select enable and specify the parameters click apply 82
• In the certificate download and key download section download the certificate and key 82
• In the ciphersuite config section select the algorithm to be enabled and click apply 82
• In the session config section specify the session timeout and click apply 82
• Configuring the ssh feature 83
• In the global config section select enable to enable ssh function and specify other 83
• Parameters 83
• Ssh config to load the following page 83
• Configuring the access control 84
• Enabling the telnet function 84
• Using the cli 84
• As 192 68 00 set the subnet mask as 255 55 55 and make the switch support snmp telnet 85
• Http and https 85
• Switch config user access control ip based 192 68 00 255 55 55 snmp telnet http 85
• Switch configure 85
• The following example shows how to set the type of access control as ip based set the ip address 85
• 68 24 snmp telnet http https 86
• Configuring the http function 86
• Follow these steps to configure the http function 86
• Index ip address access interface 86
• Switch config end 86
• Switch config show user configuration 86
• Switch copy running config startup config 86
• User authentication mode ip based 86
• Configuring the https function 87
• Follow these steps to configure the https function 87
• Http max admin users 6 87
• Http max guest users 5 87
• Http session timeout 9 87
• Http status enabled 87
• Http user limitation enabled 87
• Number as 6 and set the maximum guest number as 5 87
• Switch config end 87
• Switch config ip http max user 6 5 87
• Switch config ip http server 87
• Switch config ip http session timeout 9 87
• Switch config show ip http configuration 87
• Switch configure 87
• Switch copy running config startup config 87
• The following example shows how to set the session timeout as 9 set the maximum admin 87
• Protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the 88
• The following example shows how to configure the https function enable ssl3 and tls1 88
• Configuring the ssh feature 90
• Follow these steps to configure the ssh function 90
• Aes192 cbc disabled 92
• Aes256 cbc disabled 92
• Begin ssh2 public key 92
• Blowfish cbc disabled 92
• Cast128 cbc enabled 92
• Comment dsa key 20160711 92
• Data integrity algorithm 92
• Des cbc disabled 92
• Enabling the telnet function 92
• Follow these steps enable the telnet function 92
• Hmac md5 enabled 92
• Hmac sha1 disabled 92
• Key file 92
• Key type ssh 2 rsa dsa 92
• Switch config end 92
• Switch copy running config startup config 92
• For specific features the switch provides three templates and the hardware resources allocation 93
• In select options section select one template and click apply the setting will be effective after 93
• Is different users can choose one according to how the switch is used in the network 93
• Sdm template configuration 93
• Sdm template function is used to configure system resources in the switch to optimize support 93
• Sdm template to load the following page 93
• The reboot 93
• The template table displays the resources allocation of each template 93
• Using the gui 93
• Follow these steps to configure the sdm template function 94
• Using the cli 94
• Appendix default parameters 96
• Default settings of system info are listed in the following tables 96
• Default settings of system tools are listed in the following table 96
• Default settings of user management are listed in the following table 96
• Default settings of access security are listed in the following tables 97
• Default settings of sdm template are listed in the following table 98
• Chapters 99
• Managing physical interfaces 99
• Part 3 99
• Basic parameters 100
• Loopback detection 100
• Overview 100
• Physical interface 100
• Port isolation 100
• Port mirror 100
• Port security 100
• Supported features 100
• Basic parameters configurations 101
• Follow these steps to set basic parameters for ports 101
• Port config to load the following page 101
• Select and configure your desired ports or lags then click apply 101
• Using the gui 101
• Follow these steps to set basic parameters for the ports 102
• Using the cli 102
• Neighboring port and enabling the flow control and jumbo feature 103
• Setting a description for the port making the port autonegotiate speed and duplex with the 103
• Switch config if no shutdown 103
• Switch config interface gigabitethernet 1 0 1 103
• Switch configure 103
• The following example shows how to implement the basic configurations of port1 0 1 including 103
• Port mirror configuration 105
• Using the gui 105
• Follow these steps to configure port mirror 106
• In the destination port section specify a monitoring port for the mirror session and click 106
• In the source port section select one or multiple monitored ports for configuration then set 106
• The parameters and click apply 106
• Destination port gi1 0 10 107
• Follow these steps to configure port mirror 107
• Monitor session 1 107
• Switch config monitor session 1 destination interface gigabitethernet 1 0 10 107
• Switch config monitor session 1 source interface gigabitethernet 1 0 1 3 both 107
• Switch config show monitor session 107
• Switch configure 107
• The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 107
• To port 1 0 10 107
• Using the cli 107
• Follow these steps to configure port security 109
• Port security configuration 109
• Port security to load the following page 109
• Select one or multiple ports for security configuration 109
• Specify the maximum number of the mac addresses that can be learned on the port and 109
• Then select the learn mode of the mac addresses 109
• Using the gui 109
• Click apply 110
• Follow these steps to configure port security 110
• Select the status of the port security feature 110
• Using the cli 110
• Gi1 0 1 30 0 permanent drop 111
• Learned on port 1 0 1 as 30 and configure the mode as permanent and the status as drop 111
• Port max learn current learn mode status 111
• Status drop 111
• Switch config if end 111
• Switch config if mac address table max mac count max number 30 mode permanent 111
• Switch config if show mac address table max mac count interface gigabitethernet 1 0 1 111
• Switch config interface gigabitethernet 1 0 1 111
• Switch configure 111
• Switch copy running config startup config 111
• The following example shows how to set the maximum number of mac addresses that can be 111
• Port isolation configurations 112
• Using the gui 112
• Click apply 113
• Follow these steps to configure port isolation 113
• In the forward portlist section select the forward ports or lags which the isolated ports can 113
• In the port section select one or multiple ports to be isolated 113
• Only communicate with it is multi optional 113
• Using the cli 113
• Loopback detection configuration 115
• Using the gui 115
• Follow these steps to configure loopback detection 116
• In the port config section select one or multiple ports for configuration then set the 116
• Parameters and click apply 116
• Using the cli 116
• View the loopback detection information on this page 116
• Loopback detection global status enable 117
• Loopback detection interval 30 s 117
• Parameters 117
• Switch config loopback detection 117
• Switch config show loopback detection global 117
• Switch configure 117
• The following example shows how to enable loopback detection globally keeping the default 117
• Configuration examples 119
• Configuration scheme 119
• Example for port mirror 119
• Network requirements 119
• Using the gui 120
• Using the cli 121
• Verify the configuration 121
• As shown below three hosts and a server are connected to the switch and all belong to vlan 10 122
• Configuration scheme 122
• Demonstrated with t1600g 28ts the following sections provide configuration procedure in two 122
• Example for port isolation 122
• Hosts except the server even if the mac address or ip address of host a is changed 122
• Network requirements 122
• Port for port 1 0 1 thus forbidding host a to forward packets to the other hosts 122
• Source ports egress gi1 0 2 5 122
• Ways using the gui and using the cli 122
• With the vlan configuration unchanged host a is not allowed to communicate with the other 122
• You can configure port isolation to implement the requirement set 1 0 4 as the only forwarding 122
• Using the gui 123
• Example for loopback detection 124
• Network requirements 124
• Using the cli 124
• Verify the configuration 124
• Configuration scheme 125
• Using the gui 125
• Using the cli 126
• Verify the configuration 127
• Appendix default parameters 128
• Default settings of switching are listed in th following tables 128
• Configuring lag 130
• Overview 131
• Static lag 131
• Supported features 131
• Configuration guidelines 132
• Lag configuration 132
• Configuring load balancing algorithm 133
• In the global config section select the load balancing algorithm click apply 133
• Lag table to load the following page 133
• Load balancing algorithm is effective only for outgoing traffic if the data stream is not well 133
• Mac addresses and source ip addresses of the received packets 133
• On one physical link for example switch a receives packets from several hosts and forwards 133
• Please properly choose the load balancing algorithm to avoid data stream transferring only 133
• Shared by each link you can change the algorithm of the outgoing interface 133
• Src mac src ip to allow switch a to determine the forwarding port based on the source 133
• Them to the server with the fixed mac address and ip address you can set the algorithm as 133
• Using the gui 133
• Configuring static lag 134
• Configuring static lag or lacp 134
• Configuring lacp 135
• Follow these steps to configure lacp 135
• Lacp to load the following page 135
• Select member ports for the lag and configure the related parameters click apply 135
• Specify the system priority for the switch and click apply 135
• Configuring load balancing algorithm 136
• Follow these steps to configure the load balancing algorithm 136
• Using the cli 136
• Configuring static lag 137
• Configuring static lag or lacp 137
• Etherchannel load balancing addresses used per protocol 137
• Etherchannel load balancing configuration src dst mac 137
• Follow these steps to configure static lag 137
• Ipv4 source xor destination mac address 137
• Ipv6 source xor destination mac address 137
• Link use the same lag mode 137
• Non ip source xor destination mac address 137
• Switch config if end 137
• Switch config port channel load balance src dst mac 137
• Switch config show etherchannel load balance 137
• Switch configure 137
• Switch copy running config startup config 137
• The following example shows how to set the global load balancing mode as src dst mac 137
• You can choose only one lag mode for a port static lag or lacp and make sure both ends of a 137
• Configuring lacp 138
• Flags d down p bundled in port channel u in use 138
• Follow these steps to configure lacp 138
• Group port channel protocol ports 138
• I stand alone h hot standby lacp only s suspended 138
• Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 138
• R layer3 s layer2 f failed to allocate aggregator 138
• Switch config if range channel group 2 mode on 138
• Switch config if range end 138
• Switch config if range show etherchannel 2 summary 138
• Switch config interface range gigabitethernet 1 0 5 8 138
• Switch configure 138
• Switch copy running config startup config 138
• The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 138
• U unsuitable for bundling w waiting to be aggregated d default port 138
• 000a eb13 397 139
• Select the lacpdu sending mode as active 139
• Switch config end 139
• Switch config lacp system priority 2 139
• Switch config show lacp sys id 139
• Switch configure 139
• Switch copy running config startup config 139
• The following example shows how to add ports 1 0 1 4 to lag 6 set the mode as lacp and 139
• The following example shows how to specify the system priority of the switch as 2 139
• Configuration example 141
• Configuration scheme 141
• Network requirements 141
• Using the gui 142
• Using the cli 143
• Verify the configuration 144
• Appendix default parameters 145
• Default settings of switching are listed in the following tables 145
• Monitoring traffic 146
• Traffic monitor 147
• Using the gui 147
• Viewing the traffic summary 147
• Click lags to show the information of the lags 148
• Follow these steps to view the traffic statistics in detail 148
• In the traffic summary section click 1 to show the information of the physical ports and 148
• Refresh at the bottom of the page 148
• To get the real time traffic statistics enable auto refresh in the auto refresh section or click 148
• Traffic statistics to load the following page 148
• Viewing the traffic statistics in detail 148
• In port select select a port or lag and click apply 149
• In the statistics section view the detailed information of the selected port or lag 149
• On privileged exec mode or any other configuration mode you can use the following command 150
• To view the traffic information of each port or lag 150
• Using the cli 150
• Appendix default parameters 151
• Chapters 152
• Managing mac address table 152
• Part 6 152
• Mac address table 153
• Overview 153
• Part 6 153
• Supported features 153
• Security configurations 154
• Adding static mac address entries 155
• Address configurations 155
• Using the gui 155
• Binding dynamic address entries 156
• Dynamic address to load the following page 157
• Follow these steps to modify the aging time of dynamic address entries 157
• In the aging config section enable auto aging and enter your desired length of time 157
• Modifying the aging time of dynamic address entries 157
• Adding mac filtering address entries 158
• Viewing address table entries 158
• Adding static mac address entries 159
• Address table to load the following page 159
• Follow these steps to add static mac address entries 159
• Using the cli 159
• Modifying the aging time of dynamic address entries 160
• Adding mac filtering address entries 161
• Aging time is 500 sec 161
• Follow these steps to add mac filtering address entries 161
• Remains in the mac address table for 500 seconds after the entry is used or updated 161
• Switch config end 161
• Switch config mac address table aging time 500 161
• Switch config show mac address table aging time 161
• Switch configure 161
• Switch copy running config startup config 161
• The following example shows how to modify the aging time to 500 seconds a dynamic entry 161
• Configuring mac notification traps 163
• Security configurations 163
• Using the gui 163
• Configure snmp and set a management host for detailed snmp configurations please refer 164
• Follow these steps to configure mac notification traps 164
• In the mac notification global config section enable this feature configure the relevant 164
• In the mac notification port config section select your desired port and enable its 164
• Learned and new mac learned click apply 164
• Limiting the number of mac addresses in vlans 164
• Mac vlan security to load the following page 164
• Notification traps you can enable these three types learned mode change exceed max 164
• Options and click apply 164
• To managing snmp rmon 164
• Choose the mode that the switch adopts when the maximum number of mac addresses in 165
• Click create 165
• Configuring mac notification traps 165
• Enter the vlan id to limit the number of mac addresses that can be learned in the specified 165
• Enter your desired value in max learned mac to set a threshold 165
• Follow these steps to configure mac notification traps 165
• Follow these steps to limit the number of mac addresses in vlans 165
• The specified vlan is exceeded 165
• Using the cli 165
• Enable snmp and set a management host for detailed snmp configurations please refer to 166
• Interval time as 10 seconds after you have further configured snmp the switch will bundle 166
• Managing snmp rmon 166
• Notifications of new addresses in every 10 seconds and send to the management host 166
• Now you have configured mac notification traps to receive notifications you need to further 166
• Switch configure 166
• The following example shows how to enable new mac learned trap on port 1 and set the 166
• Follow these steps to limit the number of mac addresses in vlans 167
• Gi1 0 1 disable disable enable 167
• Limiting the number of mac addresses in vlans 167
• Mac notification global config 167
• Notification global status enable 167
• Notification interval 10 167
• Port lrnmode change exceed max limit new mac learned 167
• Switch config if end 167
• Switch config if mac address table notification new mac learned enable 167
• Switch config if show mac address table notification interface gigabitethernet 1 0 1 167
• Switch config interface gigabitethernet 1 0 1 167
• Switch config mac address table notification global status enable 167
• Switch config mac address table notification interval 10 167
• Switch copy running config startup config 167
• Table full notification status disable 167
• Configuration scheme 169
• Example for security configurations 169
• Network requirements 169
• Using the gui 170
• Using the cli 171
• Verify the configurations 171
• Appendix default parameters 172
• Default settings of the mac address table are listed in the following tables 172
• Chapters 173
• Configuring 802 q vlan 173
• Part 7 173
• Overview 174
• Configuring the pvid of the port 175
• Q vlan configuration 175
• Using the gui 175
• Based on the network topology 176
• Configuring the vlan 176
• Enter a vlan id and a description for identification to create a vlan 176
• Follow these steps to configure vlan 176
• Select the untagged port s and the tagged port s respectively to add to the created vlan 176
• Vlan config and click create to load the following 176
• Click apply 177
• Creating a vlan 177
• Follow these steps to create a vlan 177
• Switch config vlan 2 177
• Switch config vlan name rd 177
• Switch config vlan show vlan id 2 177
• Switch configure 177
• The following example shows how to create vlan 2 and name it as rd 177
• Using the cli 177
• Will forward untagged packets in the target vlan 177
• Configuring the pvid of the port 178
• Follow these steps to configure the port 178
• Link type general 178
• Member in lag n a 178
• Member in vlan 178
• Port gi1 0 5 178
• Pvid 2 178
• Rd active 178
• Switch config if show interface switchport gigabitethernet 1 0 5 178
• Switch config if switchport pvid 2 178
• Switch config interface gigabitethernet 1 0 5 178
• Switch config vlan end 178
• Switch configure 178
• Switch copy running config startup config 178
• The following example shows how to configure the pvid of port 1 0 5 as vlan 2 178
• Vlan name status ports 178
• Adding the port to the specified vlan 179
• Follow these steps to add the port to the specified vlan 179
• Port gi1 0 5 179
• Pvid 2 179
• Switch config if end 179
• Switch config if show interface switchport gigabitethernet 1 0 5 179
• Switch config if switchport general allowed vlan 2 tagged 179
• Switch config interface gigabitethernet 1 0 5 179
• Switch configure 179
• Switch copy running config startup config 179
• System vlan untagged 179
• Tagged 179
• The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as 179
• Vlan name egress rule 179
• Configuration example 181
• Configuration scheme 181
• Network requirements 181
• As an example 182
• Demonstrated with t1600g 52ts the following sections provide configuration procedure in two 182
• Different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 182
• Following page create vlan 10 with the description of department a add port 1 0 2 as an 182
• Network topology 182
• Respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 182
• Respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 182
• The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 182
• The figure below shows the network topology host a1 and host a2 are used in department a 182
• Untagged port and port 1 0 4 as a tagged port to vlan 10 then click apply 182
• Using the gui 182
• Vlan config and click create to load the 182
• Ways using the gui and using the cli 182
• While host b1 and host b2 are used in department b switch 1 and switch 2 are located in two 182
• Using the cli 184
• Verify the configurations 185
• Appendix default parameters 186
• Default settings of 802 q vlan are listed in the following table 186
• Chapters 187
• Configuring mac vlan 187
• Part 8 187
• Access ports change 188
• B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access 188
• Being used in to meet this requirement simply bind the mac addresses of the laptops to the 188
• Corresponding vlans respectively in this way the mac address rather than the access port 188
• Determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 188
• Device may access the switch via different ports for example a terminal device that accessed the 188
• Devices in this way terminal devices always belong to their original vlans even when their 188
• Free the user from such a problem it divides vlans based on the mac addresses of terminal 188
• Networks that require frequent topology changes with the popularity of mobile office a terminal 188
• Overview 188
• Ptops department a uses server a and laptop a while department b uses server b and laptop 188
• Server a and laptop b can only access server b no matter which meeting room the laptops are 188
• Switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different 188
• The figure below shows a common application scenario of mac vlan 188
• Two departments share all the meeting rooms in the company but use different servers and 188
• Vlan is generally divided by ports this way of division is simple but isn t suitable for those 188
• Vlans the user has to re configure the switch to access the original vlan using mac vlan can 188
• Configuring 802 q vlan 189
• Mac vlan configuration 189
• Using the gui 189
• Binding the mac address to the vlan 190
• By default mac vlan is disabled on all ports you need to enable mac vlan for your desired 190
• Click create to create the mac vlan 190
• Enabling mac vlan for the port 190
• Enter the mac address of the device give it a description and enter the vlan id to bind it to 190
• Follow these steps to bind the mac address to the vlan 190
• Mac vlan to load the following page 190
• Ports manually 190
• The vlan 190
• Before configuring mac vlan create an 802 q vlan and set the port type according to network 191
• Binding the mac address to the vlan 191
• Configuring 802 q vlan 191
• Follow these steps to bind the mac address to the vlan 191
• Follow these steps to enable mac vlan for the port 191
• Port enable to load the following page 191
• Requirements for details refer to configuring 802 q vlan 191
• Select your desired ports to enable mac vlan and click apply 191
• Using the cli 191
• 19 56 8a 4c 71 dept a 10 192
• Enabling mac vlan for the port 192
• Follow these steps to enable mac vlan for the port 192
• Mac addr name vlan id 192
• Switch config end 192
• Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 192
• Switch config show mac vlan vlan 10 192
• Switch configure 192
• Switch copy running config startup config 192
• The address description as dept a 192
• The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with 192
• Access only the server in the vlan it joins no matter which meeting room the laptops are being 194
• Addresses of the laptops to the corresponding vlans respectively in this way each laptop can 194
• B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access 194
• Being used in the figure below shows the network topology 194
• Configuration example 194
• Configuration scheme 194
• Create vlan 10 and vlan 20 on each of the three switches set different port types and add 194
• Laptops department a uses server a and laptop a while department b uses server b and laptop 194
• Network requirements 194
• Server a and laptop b can only access server b no matter which meeting room the laptops are 194
• The ports to the vlans based on the network topology note for the ports connecting the 194
• Two departments share all the meeting rooms in the company but use different servers and 194
• Used in the overview of the configuration is as follows 194
• You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac 194
• Configurations for switch 1 and switch 2 195
• Using the gui 195
• Configurations for switch 3 197
• Configurations for switch 1 and switch 2 198
• Using the cli 198
• Configurations for switch 3 199
• Switch 1 200
• Switch 2 200
• Verify the configurations 200
• Switch 3 201
• Appendix default parameters 202
• Default settings of mac vlan are listed in the following table 202
• Chapters 203
• Configuring protocol vlan 203
• Part 9 203
• Configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 204
• Network based on specific applications and services of network users 204
• Networks respectively 204
• Overview 204
• Packets of different protocols to the corresponding vlans since different applications and 204
• Protocol vlan is a technology that divides vlans based on the network layer protocol with the 204
• Protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze 204
• Services use different protocols network administrators can use protocol vlan to manage the 204
• Special fields of received packets encapsulate the packets in specific formats and forward the 204
• The figure below shows a common application scenario of protocol vlan with protocol vlan 204
• Configuring 802 q vlan 205
• Protocol vlan configuration 205
• Using the gui 205
• Configuring protocol vlan 206
• Creating protocol template 206
• Configuring 802 q vlan 207
• Creating a protocol template 207
• Using the cli 207
• Arp ethernetii ether type 0806 208
• At snap ether type 809b 208
• Configuring protocol vlan 208
• Follow these steps to configure protocol vlan 208
• Index protocol name protocol type 208
• Ip ethernetii ether type 0800 208
• Ipv6 ethernetii ether type 86dd 208
• Ipx snap ether type 8137 208
• Rarp ethernetii ether type 8035 208
• Switch config end 208
• Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 208
• Switch config show protocol vlan template 208
• Switch configure 208
• Switch copy running config startup config 208
• The following example shows how to create an ipv6 protocol template 208
• Arp ethernetii ether type 0806 209
• At snap ether type 809b 209
• Index protocol name protocol type 209
• Ip ethernetii ether type 0800 209
• Ipx snap ether type 8137 209
• Rarp ethernetii ether type 8035 209
• Switch config show protocol vlan template 209
• Switch configure 209
• The following example shows how to bind the ipv6 protocol template to vlan 10 209
• A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 211
• Belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to 211
• Configuration example 211
• Configuration scheme 211
• Ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 211
• Network requirements 211
• Network respectively via different routers it is required that ipv4 packets are forwarded to the 211
• Port receives packets switch 2 will forward them to the corresponding vlans according to their 211
• Protocol types the overview of the configuration on switch 2 is as follows 211
• The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host 211
• Two routers to access the ipv4 network and ipv6 network respectively the routers belong to 211
• Vlan 10 and vlan 20 respectively 211
• You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this 211
• Configurations for switch 1 212
• Using the gui 212
• Configurations for switch 2 214
• Configurations for switch 1 217
• Using the cli 217
• Configurations for switch 2 218
• Switch 1 219
• Verify the configurations 219
• Switch 2 220
• Appendix default parameters 221
• Default settings of protocol vlan are listed in the following table 221
• Chapters 222
• Configuring spanning tree 222
• Part 10 222
• Basic concepts 223
• Overview 223
• Spanning tree 223
• Stp rstp concepts 223
• Bridge id 224
• Port role 224
• Root bridge 224
• Port status 225
• Path cost 226
• Root path cost 226
• A lot of information like bridge id root path cost port priority and so on switches share these 227
• An mst region consists of multiple interconnected switches the switches that have the following 227
• Bpdu to the downstream switch with the updated root path cost the value of the accumulated 227
• Characteristics are considered as in the same region 227
• Information to help determine the tree topology 227
• Mst region 227
• Mstp compatible with stp and rstp has the same basic elements used in stp and rstp based 227
• Mstp concepts 227
• On the networking topology this section will introduce some concepts only exist in mstp 227
• Receives this bpdu it increments the path cost of its local incoming port then it forwards this 227
• Root path cost increases as the bpdu propagates further 227
• The packets used to generate the spanning tree the bpdus bridge protocol data unit contain 227
• Mst instance 228
• Vlan instance mapping 228
• Stp security 229
• Configuring stp rstp parameters on ports 231
• Stp rstp configurations 231
• Using the gui 231
• Click apply 233
• Configuring stp rstp globally 233
• Stp config to load the following page 233
• Follow these steps to configure stp rstp globally 234
• In the global config section enable spanning tree function choose the stp mode as stp 234
• In the parameters config section configure the global parameters of stp rstp and click 234
• Rstp and click apply 234
• Stp summary to load the following page 235
• The stp summary section shows the summary information of spanning tree 235
• Verify the stp rstp information of your switch after all the configurations are finished 235
• Verifying the stp rstp configurations 235
• Configuring stp rstp parameters on ports 236
• Follow these steps to configure stp rstp parameters on ports 236
• Using the cli 236
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 237
• Interface state prio ext cost int cost edge p2p mode role status 237
• Switch config if end 237
• Switch config if show spanning tree interface gigabitethernet 1 0 3 237
• Switch config if spanning tree 237
• Switch config if spanning tree common config port priority 32 237
• Switch config interface gigabitethernet 1 0 3 237
• Switch configure 237
• Switch copy running config startup config 237
• The following example shows how to enable spanning tree function on port 1 0 3 and configure 237
• The port priority as 32 237
• Configuring global stp rstp parameters 238
• Follow these steps to configure global stp rstp parameters of the switch 238
• Seconds 238
• This example shows how to configure the priority of the switch as 36864 the forward delay as 12 238
• Enable rstp 36864 2 12 20 5 20 239
• Enabling stp rstp globally 239
• Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree 239
• Function globally 239
• Rstp and verify the configurations 239
• State mode priority hello time fwd time max age hold count max hops 239
• Switch config end 239
• Switch config show spanning tree bridge 239
• Switch config spanning tree 239
• Switch config spanning tree mode rstp 239
• Switch config spanning tree priority 36864 239
• Switch config spanning tree timer forward time 12 239
• Switch configure 239
• Switch copy running config startup config 239
• This example shows how to enable spanning tree function configure the spanning tree mode as 239
• Configuring parameters on ports in cist 241
• Mstp configurations 241
• Using the gui 241
• Besides configure the priority of the switch the priority and path cost of ports in the desired 243
• Click apply 243
• Configure the region name revision level vlan instance mapping of the switch the switches 243
• Configuring the mstp region 243
• Configuring the region name and revision level 243
• Considered as in the same region 243
• Instance 243
• Region config to load the following page 243
• With the same region name the same revision level and the same vlan instance mapping are 243
• Configuring the vlan instance mapping and switch priority 244
• And click apply 245
• In the instance config section configure the priority of the switch in the desired instance 245
• Configuring parameters on ports in the instance 246
• Follow these steps to configure port parameters in the instance 246
• In the instance id select section select the desired instance id for its port configuration 246
• In the instance port config section configure port parameters in the desired instance 246
• Instance port config to load the following 246
• Configuring mstp globally 248
• Follow these steps to configure mstp globally 248
• In the parameters config section configure the global parameters of mstp and click apply 248
• Stp config to load the following page 248
• In the global config section enable spanning tree function and choose the stp mode as 249
• Mstp and click apply 249
• Stp summary to load the following page 250
• The stp summary section shows the summary information of cist 250
• Verifying the mstp configurations 250
• Configuring parameters on ports in cist 251
• Follow these steps to configure the parameters of the port in cist 251
• The mstp summary section shows the information in mst instances 251
• Using the cli 251
• Mst instance 0 cist 252
• Priority as 32 252
• Switch config if show spanning tree interface gigabitethernet 1 0 3 252
• Switch config if spanning tree 252
• Switch config if spanning tree common config port priority 32 252
• Switch config interface gigabitethernet 1 0 3 252
• Switch configure 252
• This example shows how to enable spanning tree function for port 1 0 3 and configure the port 252
• Configuring the mst region 253
• Configuring the mstp region 253
• Follow these steps to configure the mst region and the priority of the switch in the instance 253
• Gi1 0 3 144 200 n a lnkdwn 253
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 253
• Interface prio cost role status 253
• Interface state prio ext cost int cost edge p2p mode role status 253
• Mst instance 5 253
• Switch config if end 253
• Switch copy running config startup config 253
• Configuring the parameters on ports in instance 254
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 255
• Instance 5 255
• Interface state prio ext cost int cost edge p2p mode role status 255
• Mst instance 0 cist 255
• Mst instance 5 255
• Switch config if show spanning tree interface gigabitethernet 1 0 3 255
• Switch config if spanning tree mst instance 5 port priority 144 cost 200 255
• Switch config interface gigabitethernet 1 0 3 255
• Switch configure 255
• This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in 255
• Configuring global mstp parameters 256
• Follow these steps to configure the global mstp parameters of the switch 256
• Gi1 0 3 144 200 n a lnkdwn 256
• Interface prio cost role status 256
• Switch config if end 256
• Switch copy running config startup config 256
• Enable mstp 36864 2 12 20 8 25 257
• Enabling spanning tree globally 257
• Follow these steps to configure the spanning tree mode as mstp and enable spanning tree 257
• Function globally 257
• State mode priority hello time fwd time max age hold count max hops 257
• Switch config if end 257
• Switch config if show spanning tree bridge 257
• Switch config if spanning tree hold count 8 257
• Switch config if spanning tree max hops 25 257
• Switch config if spanning tree timer forward time 12 257
• Switch config spanning tree priority 36864 257
• Switch configure 257
• Switch copy running config startup config 257
• The hold count as 8 and the max hop as 25 257
• This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds 257
• Address 00 0a eb 13 23 97 258
• Designated bridge 258
• External cost 200000 258
• Function globally 258
• Latest topology change time 2006 01 04 10 47 42 258
• Mst instance 0 cist 258
• Priority 32768 258
• Root bridge 258
• Root port gi 0 20 258
• Spanning tree is enabled 258
• Spanning tree s mode mstp 802 s multiple spanning tree protocol 258
• Switch config show spanning tree active 258
• Switch config spanning tree 258
• Switch config spanning tree mode mstp 258
• Switch configure 258
• This example shows how to configure the spanning tree mode as mstp and enable spanning tree 258
• Configuring the stp security 260
• Stp security configurations 260
• Using the gui 260
• Configure the port protect features for the selected ports and click apply 261
• Field the switch will not remove mac address entries in the tc protect cycle 261
• Optional configuring the threshold and cycle of tc protect 261
• The number of the received tc bpdus exceeds the maximum number you set in the tc threshold 261
• When you enable tc protect function on ports set the tc threshold and tc protect cycle here if 261
• Configure the parameters of tc protect feature and click apply 262
• Configuring the stp security 262
• Featur 262
• Feature for ports 262
• Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter 262
• Tc protect to load the following page 262
• Using the cli 262
• Configuring the tc protect 263
• Follow these steps to configure tc protect feature for ports 263
• Functions on port 1 0 3 263
• Gi1 0 3 enable enable enable enable disable 263
• Interface bpdu filter bpdu guard loop protect root protect tc protect 263
• Switch config if end 263
• Switch config if spanning tree bpdufilter 263
• Switch config if spanning tree bpduguard 263
• Switch config if spanning tree guard loop 263
• Switch config if spanning tree guard root 263
• Switch config if spanning tree interface security gigabitethernet 1 0 3 263
• Switch config interface gigabitethernet 1 0 3 263
• Switch configure 263
• Switch copy running config startup config 263
• This example shows how to enable loop protect root protect bpdu filter and bpdu protect 263
• And the tc protect cycle is 8 264
• Gi1 0 3 enable enable enable enable enable 264
• Interface bpdu filter bpdu guard loop protect root protect tc protect 264
• Switch config if end 264
• Switch config if spanning tree guard tc 264
• Switch config if spanning tree interface security gigabitethernet 1 0 3 264
• Switch config interface gigabitethernet 1 0 3 264
• Switch config spanning tree tc defend threshold 25 period 8 264
• Switch configure 264
• Switch copy running config startup config 264
• This example shows how to enable the tc protect function on port 1 0 3 with the tc threshold is 264
• As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is 265
• Balancing thus providing a more flexible method in network management here we take the 265
• Configuration example for mstp 265
• Configuration scheme 265
• Cost of the port is 200000 265
• Here we configure two instances to meet the requirement as is shown below 265
• Instance 265
• It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be 265
• Map the vlans to different instances to ensure traffic can be transmitted along the respective 265
• Mstp backwards compatible with stp and rstp can map vlans to instances to enable load 265
• Mstp configuration as an example 265
• Network requirements 265
• To meet this requirement you are suggested to configure mstp function on the switches 265
• Transmitted along different paths 265
• Transmitted in this network the link speed between the switches is 100mb s the default path 265
• 0 1 of switch a to be greater than the default path cost 200000 for instance 2 set the 266
• And the revision level as 100 map vlan 101 vlan 103 to instance 1 and vlan 104 vlan 266
• Configure switch a switch b and switch c in the same region configure the region name as 266
• Configure the path cost to block the specified ports for instance 1 set the path cost of port 266
• Configure the priority of switch b as 0 to set is as the root bridge in instance 1 configure the 266
• Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways 266
• Enable mstp function in all the switches 266
• Enable the spanning tree function on the ports in each switch 266
• Path cost of port 1 0 2 of switch b to be greater than the default path cost 200000 266
• Priority of switch c as 0 to set is as the root bridge in instance 2 266
• The overview of configuration is as follows 266
• To instance 2 266
• Using the gui and using the cli 266
• Configurations for switch a 267
• Using the gui 267
• Instance config to load the following 268
• Page map vlan101 vlan103 to instance 1 map vlan104 vlan106 to instance 2 268
• Following page set the path cost of port 1 0 1 in instance 1 as 400000 269
• Instance port config to load the 269
• Configurations for switch b 270
• Instance config to load the following 272
• Page configure the priority of switch b as 0 to set it as the root bridge in instance 1 272
• Following page set the path cost of port 1 0 2 in instance 2 as 400000 273
• Instance port config to load the 273
• Configurations for switch c 274
• Configurations for switch a 277
• Using the cli 277
• Configurations for switch b 278
• Configurations for switch c 279
• Switch a 279
• Verify the configurations 279
• Switch b 281
• Switch c 282
• Appendix default parameters 284
• Default settings of the spanning tree feature are listed in the following table 284
• Chapters 286
• Managing layer 2 multicast 286
• Part 11 286
• Layer 2 multicast 287
• Overview 287
• And maintain layer 2 multicast forwarding table 288
• Configuration guide 266 288
• Demand on data link layer by analyzing igmp packets between layer 3 devices and users to build 288
• Demonstrated as below 288
• Figure 1 1 igmp snooping 288
• Forwarding table 288
• Igmp packets between layer 3 devices and users to build and maintain layer 2 multicast 288
• Layer 2 multicast protocol for ipv4 igmp snooping 288
• Layer 2 multicast protocol for ipv6 mld snooping 288
• Managing layer 2 multicast layer 2 multicast 288
• On the layer 2 device igmp snooping transmits data on demand on data link layer by analyzing 288
• On the layer 2 device mld snooping multicast listener discovery snooping transmits data on 288
• Supported layer 2 multicast protocols 288
• Configuring igmp snooping globally 289
• Igmp snooping configurations 289
• Using the gui 289
• Click apply 290
• Configure unknown multicast as forward or discard 290
• Configuring router port time and member port time 290
• Enable or disable report message suppression globally 290
• Enabling report message suppression can reduce the number of packets in the network 290
• Follow these steps to configure report message suppression 290
• Follow these steps to configure the aging time of the router ports and the member ports 290
• Follow these steps to configure unknown multicast 290
• For switches that support mld snooping igmp snooping and mld snooping share the setting 290
• Optional configuring report message suppression 290
• Snooping config page at the same time 290
• Specify the aging time of the member ports 290
• Specify the aging time of the router ports 290
• Are sent and no report message is received the switch will delete the multicast address from the 291
• Click apply 291
• Configure the last listener query interval and last listener query count when the switch 291
• Configuring igmp snooping last listener query 291
• Follow these steps to configure last listener query interval and last listener query count in the 291
• Global config section 291
• Igmp snooping status table displays vlans and ports with igmp snooping enabled 291
• Multicast forwarding table 291
• Receives an igmp leave message if specified count of multicast address specific queries masqs 291
• Specify the interval between masqs 291
• Specify the number of masqs to be sent 291
• Verifying igmp snooping status 291
• Configuring the port s basic igmp snooping features 292
• Enabling igmp snooping on the port 292
• Optional configuring fast leave 292
• Configuring igmp snooping globally in the vlan 293
• Configuring igmp snooping in the vlan 293
• And reduces network load of layer 3 devices 294
• Click create 294
• Configure the forbidden router ports in the designate vlan 294
• Configure the router ports in the designate vlan 294
• Configuring the multicast vlan 294
• Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device 294
• Follow these steps to configure static router ports in the designate vlan 294
• Follow these steps to forbid the selected ports to be the router ports in the designate vlan 294
• In old multicast transmission mode when users in different vlans apply for data from the same 294
• Layer 2 devices 294
• Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the 294
• Optional configuring the forbidden router ports in the vlan 294
• Optional configuring the static router ports in the vlan 294
• Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth 294
• With multicast vlan configured all multicast group members will be added to a vlan layer 3 294
• Configuring 802 q vlan 295
• Creating multicast vlan and configuring basic settings 295
• Enable multicast vlan configure the specific vlan to be the multicast vlan and configure 295
• In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic 295
• Multicast vlan to load the following page 295
• Set up the vlan that the router ports and the member ports are in for details please refer to 295
• Settings 295
• The router port time and member port time 295
• Click apply 296
• Configure the new multicast source ip 296
• Configure the router ports in the designate vlan 296
• Configure the router ports in the multicast vlan 296
• Follow these steps to configure static router ports in the multicast vlan 296
• Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 296
• Members in the multicast vlan section follow these steps to configure replace source ip 296
• Optional configuring the forbidden router ports 296
• Optional configuring the static router ports 296
• Optional creating replace source ip 296
• This function allows you to use a new ip instead of the source ip to send data to multicast group 296
• This table displays all the dynamic router ports in the multicast vlan 296
• Viewing dynamic router ports in the multicast vlan 296
• Click apply 297
• Configuring the querier 297
• Follow these steps to configure the querier 297
• Following page 297
• Igmp snooping querier sends general query packets regularly to maintain the multicast 297
• Optional configuring the querier 297
• Querier config to load the 297
• Specify a vlan and configure the querier on this vlan 297
• Click add 298
• Configuring igmp profile 298
• Create a profile and configure its filtering mode 298
• Creating profile 298
• Follow these steps to create a profile and configure its filtering mode 298
• Profile config to load 298
• The following page 298
• The igmp snooping querier table displays all the related settings of the igmp querier 298
• Viewing settings of igmp querier 298
• With igmp profile the switch can define a blacklist or whitelist of multicast addresses so as to 298
• You can edit the settings in the igmp snooping querier table 298
• Click create 299
• Click edit in the igmp profile info table edit its ip range and click add to save the settings 299
• Editing ip range of the profile 299
• Enter the search condition in the search option field to search the profile in the igmp profile info 299
• Follow these steps to edit profile mode and its ip range 299
• Searching profile 299
• Binding profile and member ports 300
• Click apply 301
• Configuring max groups a port can join 301
• Follow these steps to configure the maximum groups a port can join and overflow action 301
• Packet statistic to load the following page 301
• Select a port to configure its max group and overflow action 301
• Viewing igmp statistics on each port 301
• Click apply 302
• Configuring auto refresh 302
• Enable or disable auto refresh 302
• Enabling igmp accounting and authentication 302
• Follow these steps to configure auto refresh 302
• Igmp authentication to load the following 302
• The igmp statistics table displays all kinds of igmp statistics of all the ports 302
• Viewing igmp statistics 302
• Configuring igmp accounting globally 303
• Configuring igmp authentication on the port 303
• Click apply 304
• Configuring static member port 304
• Enter the multicast ip and vlan id specify the static member port 304
• Follow these steps to configure static member port 304
• Follow these steps to enable igmp authentication on the port 304
• Following page 304
• Specify the ports and enable igmp authentication 304
• Static ipv4 multicast table to load the 304
• This function allows you to specify a port as a static member port in the multicast group 304
• Click create 305
• Enabling igmp snooping globally 305
• Enabling igmp snooping on the port 305
• Search option 305
• Static multicast ip table displays details of all igmp static multicast groups 305
• Using the cli 305
• Viewing igmp static multicast groups 305
• You can search igmp static multicast entries by using multicast ip vlan id or forward port as the 305
• Configuring igmp snooping parameters globally 306
• Configuring report message suppression 306
• Configuring unknown multicast 307
• Enable port 307
• Enable vlan 307
• Global authentication accounting disable 307
• Global member age time 260 307
• Global report suppression enable 307
• Global router age time 300 307
• Igmp snooping enable 307
• Last query interval 1 307
• Last query times 2 307
• Switch config if end 307
• Switch config ip igmp snooping 307
• Switch config ip igmp snooping report suppression 307
• Switch config show ip igmp snooping 307
• Switch configure 307
• Switch copy running config startup config 307
• The following example shows how to enable report message suppression 307
• Unknown multicast pass 307
• Configuring igmp snooping parameters on the port 309
• Configuring router port time and member port time 309
• Enable port 309
• Enable vlan 309
• Global authentication accounting disable 309
• Global member age time 200 309
• Global report suppression disable 309
• Global router age time 200 309
• Igmp snooping enable 309
• Last query interval 1 309
• Last query times 2 309
• Switch config ip igmp snooping 309
• Switch config ip igmp snooping mtime 200 309
• Switch config ip igmp snooping rtime 200 309
• Switch config show ip igmp snooping 309
• Switch configure 309
• The following example shows how to configure the global router port time and member port 309
• Time as 200 seconds 309
• Unknown multicast pass 309
• Configuring fast leave 310
• Gi1 0 3 enable enable 310
• Port igmp snooping fast leave 310
• Switch config if end 310
• Switch config if ip igmp snooping 310
• Switch config if ip igmp snooping immediate leave 310
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 basic config 310
• Switch config interface gigabiteternet 1 0 3 310
• Switch config ip igmp snooping 310
• Switch configure 310
• Switch copy running config startup config 310
• The following example shows how to enable fast leave on port 1 0 3 310
• Configuring max group and overflow action on the port 311
• Drop on port 1 0 3 311
• Gi1 0 3 500 drop 311
• Port max groups overflow action 311
• Switch config if end 311
• Switch config if ip igmp snooping 311
• Switch config if ip igmp snooping max groups 500 311
• Switch config if ip igmp snooping max groups action drop 311
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 max groups 311
• Switch config interface gigabiteternet 1 0 3 311
• Switch config ip igmp snooping 311
• Switch configure 311
• The following example shows how to configure the max group as 500 and the overflow action as 311
• Configuring igmp snooping last listener query 312
• Enable port 312
• Global authentication accounting disable 312
• Global member age time 260 312
• Global report suppression disable 312
• Global router age time 300 312
• Igmp snooping enable 312
• Last query interval 5 312
• Last query times 5 312
• Listener query interval as 5 seconds 312
• Switch config ip igmp snooping 312
• Switch config ip igmp snooping last listener query count 5 312
• Switch config ip igmp snooping last listener query interval 5 312
• Switch config show ip igmp snooping 312
• Switch configure 312
• Switch copy running config startup config 312
• The following example shows how to configure the last listener query count as 5 and the last 312
• Unknown multicast pass 312
• Configuring igmp snooping parameters in the vlan 313
• Configuring router port time and member port time 313
• Dynamic router port none 313
• Enable vlan 313
• Forbidden router port none 313
• Member time 400 313
• Router time 500 313
• Static router port none 313
• Switch config end 313
• Switch config ip igmp snooping 313
• Switch config ip igmp snooping vlan config 2 3 mtime 400 313
• Switch config ip igmp snooping vlan config 2 3 rtime 500 313
• Switch config show ip igmp snooping vlan 2 313
• Switch configure 313
• Switch copy running config startup config 313
• The following example shows how to enable igmp snooping in vlan 2 and vlan 3 configure 313
• The router port time as 500 seconds and the member port time as 400 seconds 313
• Vlan id 2 313
• As the static router port 314
• Configuring static router port 314
• Dynamic router port none 314
• Forbidden router port none 314
• Member time 0 314
• Member time 400 314
• Router time 0 314
• Router time 500 314
• Static router port gi1 0 2 314
• Static router port none 314
• Switch config end 314
• Switch config ip igmp snooping 314
• Switch config ip igmp snooping vlan config 2 rport interface gigabitethernet 1 0 2 314
• Switch config show ip igmp snooping vlan 2 314
• Switch config show ip igmp snooping vlan 3 314
• Switch configure 314
• Switch copy running config startup config 314
• The following example shows how to enable igmp snooping in vlan 2 and configure port 1 0 2 314
• Vlan id 2 314
• Vlan id 3 314
• Configuring forbidden router port 315
• Dynamic router port none 315
• Forbidden router port gi1 0 4 6 315
• Forbidden router port none 315
• From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 315
• Gigabitethernet 1 0 4 6 315
• Member time 0 315
• Router time 0 315
• Static router port none 315
• Switch config end 315
• Switch config ip igmp snooping 315
• Switch config ip igmp snooping vlan config 2 router ports forbidd interface 315
• Switch config show ip igmp snooping vlan 2 315
• Switch configure 315
• Switch copy running config startup config 315
• The following example shows how to enable igmp snooping in vlan 2 and forbid port 1 0 4 6 315
• Vlan id 2 315
• 0 9 10 316
• 2 2 static gi1 0 9 10 316
• Configuring igmp snooping parameters in the multicast vlan 316
• Configuring router port time and member port time 316
• Configuring static multicast multicast ip and forward port 316
• Multicast ip vlan id addr type switch port 316
• Port 1 0 9 10 as the forward ports 316
• Switch config end 316
• Switch config ip igmp snooping 316
• Switch config ip igmp snooping vlan config 2 static 226 interface gigabitethernet 316
• Switch config show ip igmp snooping groups static 316
• Switch configure 316
• Switch copy running config startup config 316
• The following example shows how to configure 226 as the static multicast ip and specify 316
• Dynamic router port none 317
• Forbidden router port none 317
• Member time 400 317
• Multicast vlan enable 317
• Replace source ip 0 317
• Router time 500 317
• Static router port none 317
• Switch config end 317
• Switch config ip igmp snooping 317
• Switch config ip igmp snooping multi vlan config 5 mtime 400 317
• Switch config ip igmp snooping multi vlan config 5 rtime 500 317
• Switch config show ip igmp snooping multi vlan config 317
• Switch configure 317
• Switch copy running config startup config 317
• The following example shows how to configure vlan 5 as the multicast vlan set the router port 317
• Time as 500 seconds and the member port time as 400 seconds 317
• Vlan id 5 317
• As the static router port 318
• Configuring static router port 318
• Dynamic router port none 318
• Forbidden router port none 318
• Member time 260 318
• Multicast vlan enable 318
• Replace source ip 0 318
• Router time 300 318
• Static router port gi1 0 5 318
• Switch config end 318
• Switch config ip igmp snooping 318
• Switch config ip igmp snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 318
• Switch config show ip igmp snooping multi vlan config 318
• Switch configure 318
• Switch copy running config startup config 318
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 318
• Vlan id 5 318
• As the forbidden router port 319
• Configuring forbidden router port 319
• Dynamic router port none 319
• Forbidden router port gi1 0 6 319
• Gigabitethernet 1 0 6 319
• Member time 260 319
• Multicast vlan enable 319
• Replace source ip 0 319
• Router time 300 319
• Static router port none 319
• Switch config end 319
• Switch config ip igmp snooping 319
• Switch config ip igmp snooping multi vlan config 5 router ports forbidd interface 319
• Switch config show ip igmp snooping multi vlan config 319
• Switch configure 319
• Switch copy running config startup config 319
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 319
• Vlan id 5 319
• Configuring replace source ip 320
• Dynamic router port none 320
• Forbidden router port none 320
• Member time 260 320
• Multicast vlan enable 320
• Replace source ip 192 68 320
• Router time 300 320
• Source ip in the igmp packets sent by the switch with 192 68 320
• Static router port none 320
• Switch config end 320
• Switch config ip igmp snooping 320
• Switch config ip igmp snooping multi vlan config 5 replace sourceip 192 68 320
• Switch config show ip igmp snooping multi vlan config 320
• Switch configure 320
• Switch copy running config startup config 320
• The following example shows how to configure vlan 5 as the multicast vlan and replace the 320
• Vlan id 5 320
• Configuring query interval max response time and general query source ip 321
• Configuring the querier 321
• Enabling igmp querier 321
• General query source ip 192 68 321
• Maximum response time 10 321
• Query interval 60 321
• Switch config end 321
• Switch config ip igmp snooping 321
• Switch config ip igmp snooping querier vlan 4 321
• Switch config show ip igmp snooping querier 321
• Switch configure 321
• Switch copy running config startup config 321
• The following example shows how to enable igmp snooping and igmp querier in vlan 4 321
• Vlan 4 321
• General query source ip 192 68 322
• Maximum response time 20 322
• Query interval 100 322
• Source ip as 192 68 322
• Switch config end 322
• Switch config ip igmp snooping 322
• Switch config ip igmp snooping querier vlan 4 general query source ip 192 68 322
• Switch config ip igmp snooping querier vlan 4 max response time 20 322
• Switch config ip igmp snooping querier vlan 4 query interval 100 322
• Switch config show ip igmp snooping querier 322
• Switch configure 322
• Switch copy running config startup config 322
• The following example shows how to enable igmp snooping and igmp querier in vlan 4 set 322
• The query interval as 100 seconds the max response time as 20 seconds and the general query 322
• Vlan 4 322
• Configuring multicast filtering 323
• Creating profile 323
• Igmp profile 1 323
• Range 226 226 0 323
• Sent to 226 226 0 323
• Switch config igmp profile deny 323
• Switch config igmp profile range 226 226 0 323
• Switch config igmp profile show ip igmp profile 323
• Switch config ip igmp profile 1 323
• Switch config ip igmp snooping 323
• Switch configure 323
• The following example shows how to configure profile 1 so that the switch filters multicast data 323
• Binding profile to the port 324
• Igmp profile 1 324
• Multicast data sent to 226 226 0 324
• Range 226 226 0 324
• Switch config end 324
• Switch config if ip igmp filter 1 324
• Switch config if ip igmp snooping 324
• Switch config if show ip igmp profile 324
• Switch config igmp profile deny 324
• Switch config igmp profile exit 324
• Switch config igmp profile range 226 226 0 324
• Switch config interface gigabitethernet 1 0 2 324
• Switch config ip igmp profile 1 324
• Switch config ip igmp snooping 324
• Switch configure 324
• Switch copy running config startup config 324
• The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters 324
• Binding port s 325
• Enabling igmp accounting and authentication 325
• Enabling igmp authentication on the port 325
• Gi1 0 2 325
• Gi1 0 2 enable 325
• Port igmp authentication 325
• Switch config end 325
• Switch config if ip igmp snooping 325
• Switch config if ip igmp snooping authentication 325
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 2 authentication 325
• Switch config interface gigabitethernet 1 0 2 325
• Switch config ip igmp snooping 325
• Switch configure 325
• Switch copy running config startup config 325
• The following example shows how to enable igmp authentication on port 1 0 2 325
• Enabling igmp accounting globally 326
• Switch copy running config startup config 326
• Configuring mld snooping 327
• Configuring mld snooping globally 327
• Using the gui 327
• Click apply 328
• Configure unknown multicast as forward or discard 328
• Configuring router port time and member port time 328
• Enable or disable report message suppression globally 328
• Enabling report message suppression can reduce the number of packets in the network 328
• Follow these steps to configure report message suppression 328
• Follow these steps to configure the aging time of the router ports and the member ports 328
• Follow these steps to configure unknown multicast 328
• Igmp snooping and mld snooping share the setting of unknown multicast so you have to 328
• Optional configuring report message suppression 328
• Snooping config page at 328
• Specify the aging time of the member ports 328
• Specify the aging time of the router ports 328
• The same time 328
• Are sent and no report message is received the switch will delete the multicast address from the 329
• Click apply 329
• Configure the last listener query interval and last listener query count when the switch 329
• Configuring mld snooping last listener query 329
• Follow these steps to configure last listener query interval and last listener query count in the 329
• Global config section 329
• Mld snooping status table displays vlans and ports with mld snooping enabled 329
• Multicast forwarding table 329
• Receives an mld leave message if specified count of multicast address specific queries masqs 329
• Specify the interval between masqs 329
• Specify the number of masqs to be sent 329
• Verifying mld snooping status 329
• Configuring the port s basic mld snooping features 330
• Enabling mld snooping on the port 330
• Optional configuring fast leave 330
• Configuring mld snooping globally in the vlan 331
• Configuring mld snooping in the vlan 331
• And reduces network load of layer 3 devices 332
• Click create 332
• Configure the forbidden router ports in the designate vlan 332
• Configure the router ports in the designate vlan 332
• Configuring the multicast vlan 332
• Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device 332
• Follow these steps to configure static router ports in the designate vlan 332
• Follow these steps to forbid the selected ports to be the router ports in the designate vlan 332
• In old multicast transmission mode when users in different vlans apply for data from the same 332
• Layer 2 devices 332
• Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the 332
• Optional configuring the forbidden router ports in the vlan 332
• Optional configuring the static router ports in the vlan 332
• Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth 332
• With multicast vlan configured all multicast group members will be added to a vlan layer 3 332
• Configuring 802 q vlan 333
• Creating multicast vlan and configuring basic settings 333
• Enable multicast vlan configure the specific vlan to be the multicast vlan and configure 333
• In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic 333
• Multicast vlan to load the following page 333
• Set up the vlan that the router ports and the member ports are in for details please refer to 333
• Settings 333
• The router port time and member port time 333
• Click apply 334
• Configure the new multicast source ip 334
• Configure the router ports in the designate vlan 334
• Configure the router ports in the multicast vlan 334
• Follow these steps to configure static router ports in the multicast vlan 334
• Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 334
• Members in the multicast vlan section follow these steps to configure replace source ip 334
• Optional configuring the forbidden router ports 334
• Optional configuring the static router ports 334
• Optional creating replace source ip 334
• This function allows you to use a new ip instead of the source ip to send data to multicast group 334
• This table displays all the dynamic router ports in the multicast vlan 334
• Viewing dynamic router ports in the multicast vlan 334
• Click apply 335
• Configuring the querier 335
• Follow these steps to configure the querier 335
• Following page 335
• Mld snooping querier sends general query packets regularly to maintain the multicast 335
• Optional configuring the querier 335
• Querier config to load the 335
• Specify a vlan and configure the querier on this vlan 335
• Click add 336
• Configuring mld profile 336
• Create a profile and configure its filtering mode 336
• Creating profile 336
• Follow these steps to create a profile and configure its filtering mode 336
• Following page 336
• Profile config to load the 336
• The mld snooping querier table displays all the related settings of the mld querier 336
• Viewing settings of mld querier 336
• With mld profile the switch can define a blacklist or whitelist of multicast addresses so as to filter 336
• You can edit the settings in the mld snooping querier table 336
• Binding profile and member ports 337
• Editing ip range of the profile 337
• Searching profile 337
• Binding profile and member ports 338
• Click apply 338
• Configuring max groups a port can join 338
• Follow these steps to bind the profile to the port 338
• Follow these steps to configure the maximum groups a port can join and overflow action 338
• Select a port to configure its max group and overflow action 338
• Select the port to be bound and enter the profile id in the profile id column 338
• Click apply 339
• Configuring auto refresh 339
• Enable or disable auto refresh 339
• Follow these steps to configure auto refresh 339
• Packet statistic to load the following page 339
• Viewing mld statistics on each port 339
• Click apply 340
• Configuring static member port 340
• Enter the multicast ip and vlan id specify the static member port 340
• Follow these steps to configure static member port 340
• Following page 340
• Static ipv4 multicast table to load the 340
• The mld statistics table displays all kinds of mld statistics of all the ports 340
• This function allows you to specify a port as a static member port in the multicast group 340
• Viewing mld statistics 340
• Click create 341
• Enabling mld snooping globally 341
• Enabling mld snooping on the port 341
• Search option 341
• Static multicast ip table displays details of all mld static multicast groups 341
• Using the cli 341
• Viewing mld static multicast groups 341
• You can search mld static multicast entries by using multicast ip vlan id or forward port as the 341
• Configuring mld snooping parameters globally 342
• Configuring report message suppression 342
• Configuring unknown multicast 343
• Enable port 343
• Enable vlan 343
• Global member age time 260 343
• Global report suppression enable 343
• Global router age time 300 343
• Last query interval 1 343
• Last query times 2 343
• Mld snooping enable 343
• Switch config end 343
• Switch config ipv6 mld snooping 343
• Switch config ipv6 mld snooping report suppression 343
• Switch config show ipv6 mld snooping 343
• Switch configure 343
• Switch copy running config startup config 343
• The following example shows how to enable report message suppression 343
• Unknown multicast pass 343
• Configuring mld snooping parameters on the port 344
• Configuring router port time and member port time 344
• Configuring fast leave 346
• Configuring max group and overflow action on the port 346
• Gi1 0 3 enable enable 346
• Port mld snooping fast leave 346
• Switch config if end 346
• Switch config if ipv6 mld snooping 346
• Switch config if ipv6 mld snooping immediate leave 346
• Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 basic config 346
• Switch config interface gigabiteternet 1 0 3 346
• Switch config ipv6 mld snooping 346
• Switch configure 346
• Switch copy running config startup config 346
• The following example shows how to enable fast leave on port 1 0 3 346
• Drop on port 1 0 3 347
• Gi1 0 3 500 drop 347
• Port max groups overflow action 347
• Switch config if end 347
• Switch config if ipv6 mld snooping 347
• Switch config if ipv6 mld snooping max groups 500 347
• Switch config if ipv6 mld snooping max groups action drop 347
• Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 max groups 347
• Switch config interface gigabiteternet 1 0 3 347
• Switch config ipv6 mld snooping 347
• Switch configure 347
• Switch copy running config startup config 347
• The following example shows how to configure the max group as 500 and the overflow action as 347
• Configuring mld snooping last listener query 348
• Enable port 348
• Enable vlan 348
• Global member age time 260 348
• Global report suppression disable 348
• Global router age time 300 348
• Last query interval 5 348
• Last query times 5 348
• Mld snooping enable 348
• Switch config end 348
• Switch config ipv6 mld snooping 348
• Switch config ipv6 mld snooping last listener query count 5 348
• Switch config ipv6 mld snooping last listener query interval 5 348
• Switch config show ipv6 mld snooping 348
• Switch configure 348
• Switch copy running config startup config 348
• The following example shows how to configure the last listener query count as 5 and the last 348
• Unknown multicast pass 348
• Configuring mld snooping parameters in the vlan 349
• Configuring router port time and member port time 349
• Dynamic router port none 349
• Forbidden router port none 349
• Member time 400 349
• Router port time as 500 seconds and the member port time as 400 seconds 349
• Router time 500 349
• Static router port none 349
• Switch config ipv6 mld snooping 349
• Switch config ipv6 mld snooping vlan config 2 3 mtime 400 349
• Switch config ipv6 mld snooping vlan config 2 3 rtime 500 349
• Switch config show ipv6 mld snooping vlan 2 349
• Switch config show ipv6 mld snooping vlan 3 349
• Switch configure 349
• The following example shows how to enable mld snooping in vlan 2 and vlan 3 configure the 349
• Vlan id 2 349
• Vlan id 3 349
• As the static router port 350
• Configuring static router port 350
• Dynamic router port none 350
• Forbidden router port none 350
• Member time 0 350
• Member time 400 350
• Router time 0 350
• Static router port gi1 0 2 350
• Static router port none 350
• Switch config end 350
• Switch config ipv6 mld snooping 350
• Switch config ipv6 mld snooping vlan config 2 rport interface gigabitethernet 1 0 2 350
• Switch config show ipv6 mld snooping vlan 2 350
• Switch configure 350
• Switch copy running config startup config 350
• The following example shows how to enable mld snooping in vlan 2 and configure port 1 0 2 350
• Vlan id 2 350
• Configuring forbidden router port 351
• Dynamic router port none 351
• Forbidden router port gi1 0 4 6 351
• From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 351
• Gigabitethernet 1 0 4 6 351
• Member time 0 351
• Router time 0 351
• Static router port none 351
• Switch config 351
• Switch config end 351
• Switch config ipv6 mld snooping 351
• Switch config ipv6 mld snooping vlan config 2 router ports forbidden interface 351
• Switch config show ipv6 mld snooping vlan 2 351
• Switch copy running config startup config 351
• The following example shows how to enable mld snooping in vlan 2 and forbid port 1 0 4 6 351
• Vlan id 2 351
• Configuring mld snooping parameters in the multicast vlan 352
• Configuring router port time and member port time 352
• Configuring static multicast multicast ip and forward port 352
• Ff01 1234 02 2 static gi1 0 9 10 352
• Gigabitethernet 1 0 9 10 352
• Multicast ip vlan id addr type switch port 352
• Port 1 0 9 10 as the forward ports 352
• Switch config end 352
• Switch config ipv6 mld snooping 352
• Switch config ipv6 mld snooping vlan config 2 static ff01 1234 02 interface 352
• Switch config show ipv6 mld snooping groups static 352
• Switch configure 352
• Switch copy running config startup config 352
• The following example shows how to configure ff01 1234 02 as the static multicast ip and specify 352
• Dynamic router port none 353
• Forbidden router port none 353
• Member time 400 353
• Multicast vlan enable 353
• Replace source ip 353
• Router time 500 353
• Static router port none 353
• Switch config end 353
• Switch config ipv6 mld snooping 353
• Switch config ipv6 mld snooping multi vlan config 5 mtime 400 353
• Switch config ipv6 mld snooping multi vlan config 5 rtime 500 353
• Switch config show ipv6 mld snooping multi vlan 353
• Switch configure 353
• Switch copy running config startup config 353
• The following example shows how to configure vlan 5 as the multicast vlan set the router port 353
• Time as 500 seconds and the member port time as 400 seconds 353
• Vlan id 5 353
• As the static router port 354
• Configuring static router port 354
• Dynamic router port none 354
• Forbidden router port none 354
• Member time 260 354
• Multicast vlan enable 354
• Replace source ip 354
• Router time 300 354
• Static router port gi1 0 5 354
• Switch config end 354
• Switch config ipv6 mld snooping 354
• Switch config ipv6 mld snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 354
• Switch config show ipv6 mld snooping multi vlan 354
• Switch configure 354
• Switch copy running config startup config 354
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 354
• Vlan id 5 354
• As the forbidden router port 355
• Configuring forbidden router port 355
• Dynamic router port none 355
• Forbidden router port gi1 0 6 355
• Gigabitethernet 1 0 6 355
• Member time 260 355
• Multicast vlan enable 355
• Replace source ip 355
• Router time 300 355
• Static router port none 355
• Switch config end 355
• Switch config ipv6 mld snooping 355
• Switch config ipv6 mld snooping multi vlan config 5 router ports forbidden interface 355
• Switch config show ipv6 mld snooping multi vlan 355
• Switch configure 355
• Switch copy running config startup config 355
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 355
• Vlan id 5 355
• Configuring replace source ip 356
• Dynamic router port none 356
• Fe80 02ff ffff fe00 0001 356
• Forbidden router port none 356
• Member time 260 356
• Multicast vlan enable 356
• Replace source ip fe80 2ff ffff fe00 1 356
• Router time 300 356
• Source ip in the mld packets sent by the switch with fe80 02ff ffff fe00 0001 356
• Static router port none 356
• Switch config end 356
• Switch config ipv6 mld snooping 356
• Switch config ipv6 mld snooping multi vlan config 5 replace sourceip 356
• Switch config show ipv6 mld snooping multi vlan 356
• Switch configure 356
• Switch copy running config startup config 356
• The following example shows how to configure vlan 5 as the multicast vlan and replace the 356
• Vlan id 5 356
• Configuring query interval max response time and general query source ip 357
• Configuring the querier 357
• Enabling mld querier 357
• General query source ip fe80 2ff ffff fe00 1 357
• Maximum response time 10 357
• Query interval 60 357
• Switch config end 357
• Switch config ipv6 mld snooping 357
• Switch config ipv6 mld snooping querier vlan 4 357
• Switch config show ipv6 mld snooping querier 357
• Switch configure 357
• Switch copy running config startup config 357
• The following example shows how to enable mld snooping and mld querier in vlan 4 357
• Vlan 4 357
• General query source ip fe80 2ff ffff fe00 1 358
• Maximum response time 20 358
• Query interval 100 358
• Source ip as fe80 2ff ffff fe00 1 358
• Switch config end 358
• Switch config ipv6 mld snooping 358
• Switch config ipv6 mld snooping querier vlan 4 general query source ip fe80 2ff ffff fe00 1 358
• Switch config ipv6 mld snooping querier vlan 4 max response time 20 358
• Switch config ipv6 mld snooping querier vlan 4 query interval 100 358
• Switch config show ipv6 mld snooping querier 358
• Switch configure 358
• Switch copy running config startup config 358
• The following example shows how to enable mld snooping and mld querier in vlan 4 set 358
• The query interval as 100 seconds the max response time as 20 seconds and the general query 358
• Vlan 4 358
• Configuring multicast filtering 359
• Creating profile 359
• Mld profile 1 359
• Range ff01 1234 5 ff01 1234 8 359
• Sent to ff01 1234 5 ff01 1234 8 359
• Switch config ipv6 mld profile 1 359
• Switch config ipv6 mld snooping 359
• Switch config mld profile deny 359
• Switch config mld profile range ff01 1234 5 ff01 1234 8 359
• Switch config mld profile show ipv6 mld profile 359
• Switch configure 359
• The following example shows how to configure profile 1 so that the switch filters multicast data 359
• Binding profile to the port 360
• Mld profile 1 360
• Multicast data sent to ff01 1234 5 ff01 1234 8 360
• Range ff01 1234 5 ff01 1234 8 360
• Switch config end 360
• Switch config if ipv6 mld filter 1 360
• Switch config if ipv6 mld snooping 360
• Switch config if show ipv6 mld profile 360
• Switch config interface gigabitethernet 1 0 2 360
• Switch config ipv6 mld profile 1 360
• Switch config ipv6 mld snooping 360
• Switch config mld profile deny 360
• Switch config mld profile exit 360
• Switch config mld profile range ff01 1234 5 ff01 1234 8 360
• Switch configure 360
• Switch copy running config startup config 360
• The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters 360
• Using the gui 362
• Viewing ipv4 multicast snooping configurations 362
• Viewing ipv6 multicast snooping configurations 362
• Viewing multicast snooping configurations 362
• Using the cli 363
• Viewing ipv4 multicast snooping configurations 363
• Viewing ipv6 multicast snooping configurations 364
• Configuration examples 365
• Configuration scheme 365
• Example for configuring basic igmp snooping 365
• Network requirements 365
• Using the gui 366
• Port config to load the following page configure 368
• The pvid of port 1 0 1 4 as 10 368
• Using the cli 369
• Configuration file 370
• Verify the configurations 371
• Configuration scheme 372
• Example for configuring multicast vlan 372
• Network requirements 372
• Network topology 372
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 373
• Internet 373
• Using the gui and using the cli 373
• Using the gui 374
• Using the cli 376
• Configuration file 377
• Verify the configurations 378
• Example for configuring unknown multicast and fast leave 379
• Network requirement 379
• 0 2 and enable unknown multicast globally to change channel host b sends a leave message 380
• About leaving the previous channel the switch will then drop multicast data from the previous 380
• After the channel is changed the client host b still receives irrelevant multicast data the data 380
• Channel and all unknown multicast data which ensures that host b only receives multicast data 380
• Configuration scheme 380
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 380
• From the new channel and that the multicast network is unimpeded 380
• From the previous channel and possibly other unknown multicast data which increases the 380
• Internet 380
• Multicast and fast leave 380
• Network load and results in network congestion the solution to this problem is using unknown 380
• To avoid host b from receiving irrelevant multicast data the user can enable fast leave on port 380
• Using the gui and using the cli 380
• Page enable igmp snooping globally and configure unknown multicast as discard 381
• Snooping config to load the following 381
• Using the gui 381
• Enable igmp snooping on port 1 0 2 and port 1 0 4 and enable fast leave on port 1 0 2 382
• Port config to load the following page 382
• Using the cli 383
• Configuration file 384
• Verify the configurations 384
• Configuration scheme 385
• Example for configuring multicast filtering 385
• Network requirements 385
• Network topology 385
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 386
• Internet 386
• Using the gui and using the cli 386
• Using the gui 387
• Port config to load the following page configure 389
• The pvid of port 1 0 1 4 as 10 389
• Using the cli 393
• Configuration file 395
• Verify the configurations 396
• Appendix default parameters 398
• Default parameters for igmp snooping 398
• Default parameters for mld snooping 399
• Chapters 401
• Managing logical interfaces 401
• Part 12 401
• Devices interfaces are classified into physical interfaces and logical interfaces 402
• Interfaces and routing interfaces 402
• Interfaces are shown as below 402
• Interfaces of a device are used to exchange data and interact with interfaces of other network 402
• Logical interfaces are manually configured and do not physically exist such as loopback 402
• Overview 402
• Physical interfaces are the ports on the front panel or rear panel of the switch 402
• This chapter introduces the configurations for logical interfaces the supported types of logical 402
• Creating a layer 3 interface 403
• Logical interfaces configurations 403
• Using the gui 403
• Configuring ipv4 parameters of the interface 404
• In figure 2 1 you can view the corresponding interface entry you create in the interface list 404
• In the interface list section you can view the corresponding interface entry you create 404
• In the modify interface section specify an interface id and configure relevant parameters for 404
• Section on the corresponding interface entry click edit to load the following page and configure 404
• The interface according to your actual needs then click apply 404
• The ipv4 parameters of the interface 404
• Configure the ipv6 parameters of the interface 405
• Configuring ipv6 parameters of the interface 405
• Create 405
• In figure 2 1 you can view the corresponding interface entry you create in the interface list 405
• In the secondary ip create section configure the secondary ip for the specified interface 405
• In the secondary ip list section you can view the corresponding secondary ip entry you 405
• Section on the corresponding interface entry click edit ipv6 to load the following page and 405
• Which allows you to have two logical subnets using one physical subnet then click create 405
• Configure the ipv6 link local address of the interface manually or automatically in the link 406
• Enable ipv6 function on the interface of switch in the general config section then click 406
• Local address config section then click apply 406
• Configure one or more ipv6 global addresses of the interface via following three ways 407
• Manually 407
• Via dhcpv6 server 407
• Via ra message 407
• View the global address entry in the global address table 407
• Creating a layer 3 interface 408
• Follow these steps to create a layer 3 interface you can create a vlan interface a loopback 408
• In figure 2 1 you can view the corresponding interface entry you create in the interface list 408
• Interface a routed port or a port channel interface according to your needs 408
• Section on the corresponding interface entry click detail to load the following page and view 408
• The detail information of the interface 408
• Using the cli 408
• Viewing detail information of the interface 408
• Switch config if description vlan 2 409
• Switch config if end 409
• Switch config interface vlan 2 409
• Switch configure 409
• Switch copy running config startup config 409
• The following example shows how to create a vlan interface with a description of vlan 2 409
• Configuring ipv4 parameters of the interface 410
• Follow these steps to configure the ipv4 parameters of the interface 410
• Setting a static ip address for the port and enabling the layer 3 capabilities 410
• Switch config if ip address 192 68 00 255 55 55 410
• Switch config if no switchport 410
• Switch config if show interface configuration gigabitethernet 1 0 1 410
• Switch config interface gigabitethernet 1 0 1 410
• Switch configure 410
• The following example shows how to configure the ipv4 parameters of a routed port including 410
• Configuring ipv6 parameters of the interface 411
• Follow these steps to configure the ipv6 parameters of the interface 411
• Gi1 0 1 192 68 00 24 static up up no 411
• Interface ip address method status protocol shutdown 411
• Switch config if end 411
• Switch config if show ip interface brief 411
• Switch copy running config startup config 411
• Global address dhcpv6 enable 412
• Global address ra disable 412
• Global unicast address es ff02 1 ff13 237b 412
• Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 412
• Of a vlan interface 412
• Switch config if ipv6 address autoconfig 412
• Switch config if ipv6 address dhcp 412
• Switch config if ipv6 enable 412
• Switch config if show ipv6 interface 412
• Switch config interface vlan 2 412
• Switch configure 412
• The following example shows how to enable the ipv6 function and configure the ipv6 parameters 412
• Vlan2 is up line protocol is up 412
• Appendix default parameters 414
• Default settings of interface are listed in the following tables 414
• Chapters 415
• Configuring static routing 415
• Part 13 415
• Overview 416
• An ipv4 static route then click create 417
• Entries 417
• In the ipv4 static route table section you can view and modify the ipv4 static routing 417
• In the ipv4 static routing config section configure the corresponding parameters to add 417
• Ipv4 static routing config to load the following 417
• Ipv4 static routing configuration 417
• Using the gui 417
• As 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 418
• C 192 68 24 is directly connected vlan1 418
• Candidate default 418
• Codes c connected s static 418
• Follow these steps to create an ipv4 static route 418
• S 192 68 24 1 0 via 192 68 vlan1 418
• Switch config end 418
• Switch config ip route 192 68 255 55 55 192 68 418
• Switch config show ip route 418
• Switch configure 418
• Switch copy running config startup config 418
• The following example shows how to create an ipv4 static route with the destination ip address 418
• Using the cli 418
• Ipv6 static routing configuration 419
• Using the gui 419
• As 3200 64 and the next hop address as 3100 1234 420
• C 3000 64 is directly connected vlan1 420
• Candidate default 420
• Codes c connected s static 420
• Follow these steps to enable ipv6 routing function and create an ipv6 static route 420
• S 3200 64 1 0 via 3100 1234 vlan2 420
• Switch config end 420
• Switch config ipv6 route 3200 64 3100 1234 420
• Switch config show ipv6 route static 420
• Switch configure 420
• The following example shows how to create an ipv6 static route with the destination ip address 420
• Using the cli 420
• Switch copy running config startup config 421
• Using the gui 422
• Viewing ipv4 routing table 422
• Viewing ipv6 routing table 422
• Viewing routing table 422
• On privileged exec mode or any other configuration mode you can use the following command 423
• To view ipv4 routing table 423
• To view ipv6 routing table 423
• Using the cli 423
• View the ipv6 routes in the ipv6 routing information summary section 423
• Viewing ipv4 routing table 423
• Viewing ipv6 routing table 423
• A as an example 424
• As shown below host a and host b are on different network segments to meet business needs 424
• Configuration scheme 424
• Create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as 424
• Demonstrated with t1600g 52ts the following sections provide configuration procedure in two 424
• Ensure stable connectivity 424
• Example for static routing 424
• Host a and host b need establish a connection without using dynamic routing protocols to 424
• Interface config to load the following page 424
• Network requirements 424
• Switch b so that hosts on different network segments can communicate with each other 424
• The configurations of switch a and switch b are similar the following introductions take switch 424
• The default gateway of host b as 10 24 and configure ipv4 static routes on switch a and 424
• To implement this requirement you can configure the default gateway of host a as 10 24 424
• Using the gui 424
• Ways using the gui and using the cli 424
• Using the cli 425
• Configuration file 426
• Switch a 427
• Verify the configurations 427
• Connectivity between switch a and switch b 428
• Switch b 428
• Appendix default parameter 429
• Default setting of static routing is listed in the following table 429
• Dhcp relay configuration 4 appendix default parameters 431
• Overview 431
• Overview 3 configuration example 431
• Part 14 431
• Dhcp relay configuration 432
• Enabling dhcp relay and configuring option 82 432
• Using the gui 432
• And then enter the server address of the interface 433
• Click apply 433
• Click create to specify the dhcp server for the interface 433
• Dhcp server to load the following page 433
• Follow these steps to specify dhcp server for the interface 433
• In the add dhcp server address section select the interface type and enter the interface id 433
• Specifying dhcp server for the interface 433
• Configuring option 82 434
• Dhcp relay is enabled 434
• Enabling dhcp relay 434
• Follow these steps to configure option 82 434
• Follow these steps to enable dhcp relay 434
• Switch config end 434
• Switch config service dhcp relay 434
• Switch config show ip dhcp relay 434
• Switch configure 434
• Switch copy running config startup config 434
• The following example shows how to enable dhcp relay 434
• Using the cli 434
• Dhcp relay option 82 is enabled 435
• Existed option 82 field operation keep 435
• Information as keep 435
• Switch config end 435
• Switch config ip dhcp relay information 435
• Switch config ip dhcp relay information policy keep 435
• Switch config show ip dhcp relay 435
• Switch configure 435
• Switch copy running config startup config 435
• The following example shows how to enable option 82 and configure the process of option 82 435
• Follow these steps to specify dhcp server for the interface 436
• Specifying dhcp server for the interface 436
• Switch config if ip helper address 192 68 436
• Switch config interface vlan 66 436
• Switch configure 436
• The following example shows how to configure the dhcp server address as 192 68 on vlan 436
• A company wants to assign ip addresses to all computers in two departments and there is only 438
• Add all computers in the r d department to vlan 20 for details refer to configuring 802 q 438
• Before dhcp relay configurations create two dhcp server pools on the dhcp server one is 438
• Belong to vlan 10 which is connected to the switch via port 1 0 8 the interface address of vlan 438
• Configuration example 438
• Configuration scheme 438
• Configure 802 q vlan add all computers in the marketing department to vlan 10 and 438
• Connected to the dhcp relay switch via port 1 0 5 and its ip address is 192 68 9 24 438
• Dhcp clients 438
• Enables dhcp clients from different subnets to share one dhcp server 438
• In the given situation the dhcp relay feature can satisfy the requirement because dhcp relay 438
• Is 192 68 24 computers in the r d department belong to vlan 20 which is connected to 438
• Network requirements 438
• On 192 68 24 and the other is on 192 68 24 make sure the dhcp server can reach all 438
• One dhcp server available it is required that computers in the same department should be on 438
• The network topology is as the following figure shows computers in the marketing department 438
• The overview of the configurations are as follows 438
• The same subnet while computers in different departments should be on different subnets 438
• The switch via port 1 0 16 the interface address of vlan 20 is 192 68 24 the dhcp server is 438
• Using the gui 439
• Using the cli 440
• Verify the configurations 440
• Appendix default parameters 441
• Default settings of dhcp relay are listed in the following table 441
• Arp address resolution protocol is used to map ip addresses to mac addresses taking an 443
• Association in an arp entry for rapid retrieval 443
• Ip address as input arp learns the associated mac address and stores the ip mac address 443
• Overview 443
• Adding static arp entries manually 444
• Arp configurations 444
• Using the gui 444
• Viewing the arp entries 444
• Adding static arp entries 445
• Configuring arp function 445
• Follow these steps to add arp entries 445
• Follow these steps to add static arp entries 445
• In the arp config section enter the ip address and mac address and click create 445
• Static arp to load the following page 445
• Using the cli 445
• 11 22 33 44 55 446
• Configuring the aging time of dynamic arp entries 446
• Follow these steps to configure the aging time of dynamic arp entries 446
• Interface address hardware addr type 446
• Switch config arp 192 68 00 11 22 33 44 55 arpa 446
• Switch config end 446
• Switch config show arp 192 68 446
• Switch configure 446
• Switch copy running config startup config 446
• This example shows how to create a static arp entry with the ip as 192 68 and the mac as 446
• Vlan1 192 68 00 11 22 33 44 55 static 446
• Clearing dynamic entries 447
• Switch config if arp timeout 1000 447
• Switch config if end 447
• Switch config interface vlan 2 447
• Switch configure 447
• Switch copy running config startup config 447
• This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for 447
• Vlan interface 2 447
• On privileged exec mode or any other configuration mode you can use the following command to view arp entries 448
• Viewing arp entries 448
• Chapters 449
• Configuring qos 449
• Part 16 449
• Bandwidth control 450
• Diffserv 450
• Overview 450
• Supported features 450
• Configuration guidelines 451
• Diffserv configuration 451
• Configure the tag id cos id tc mapping relations 452
• Configuring 802 p priority 452
• Configuring priority mode 452
• Follow these steps to configure the 802 p priority 452
• P priority to load the following page 452
• The instructions of the three priority modes are described respectively in this section 452
• Using the gui 452
• 2p priority 453
• Click apply 453
• Configure the dscp tc mapping relations 453
• Configuring dscp priority 453
• Dscp priority to load the following page 453
• Enable dscp priority and click apply dscp priority is disabled by default 453
• Follow these steps to configure the dscp priority 453
• 2p priority 454
• Click apply 454
• Configuring port priority 454
• Follow these steps to configure the port priority 454
• Port priority to load the following page 454
• Select the desired port or lag to set its priority 454
• Click apply 455
• Configure the schedule mode to control the forwarding sequence of different tc queues when 455
• Configuring schedule mode 455
• Congestion occurs 455
• Follow these steps to configure the schedule mode 455
• Schedule mode to load the following page 455
• Select a schedule mode 455
• Click apply 456
• Configuring 802 priority 456
• Configuring priority mode 456
• Optional configure the weight value of the each tc queue if the schedule mode is wrr of 456
• Sp wrr 456
• The instructions of the three priority modes are described respectively in this section 456
• Using cli 456
• Configuring dscp priority 457
• Dscp priority is disabled 457
• P priority is enabled 457
• Switch config end 457
• Switch config qos queue cos map 2 0 457
• Switch config show qos cos map 457
• Switch config show qos status 457
• Switch configure 457
• Switch copy running config startup config 457
• Tag 0 1 2 3 4 5 6 7 457
• Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 457
• The following example shows how to map cos2 to tc0 and keep other cos id tc as default 457
• Relations as default 458
• Switch config qos queue dscp map 10 14 0 458
• Switch config show qos cos map 458
• Switch configure 458
• Tag 0 1 2 3 4 5 6 7 458
• Tc tc1 tc0 tc2 tc3 tc4 tc5 tc6 tc7 458
• The following example shows how to map dscp values 10 14 to tc1 and keep other mapping 458
• Configuring port priority 459
• Cos cos1 cos1 cos0 cos0 cos0 cos0 cos0 cos1 459
• Dscp 8 9 10 11 12 13 14 15 459
• Dscp priority is enabled 459
• P priority is disabled 459
• Queue based on port priority 459
• Select the desired port to set the priority packets from this ingress port are mapped to the tc 459
• Switch config end 459
• Switch config show qos dscp map 459
• Switch config show qos status 459
• Switch copy running config startup config 459
• Configuring schedule mode 461
• Different tc queues when congestion occurs 461
• Follow these steps to configure the schedule mode to control the forwarding sequence of 461
• Bandwidth control configuration 463
• Configuring rate limit 463
• Using the gui 463
• Click apply 464
• Configuring storm control 464
• Follow these steps to configure the storm control function 464
• Multicast packets and ul frames 464
• Select the port s and configure the upper rate limit for forwarding broadcast packets 464
• Storm control to load the following page 464
• Click apply 465
• Configure the upper rate limit for the port to receive and send packets 465
• Configuring rate limit on port 465
• Using the cli 465
• And unknown unicast frames 466
• Configure the upper rate limit on the port for forwarding broadcast packets multicast packets 466
• Configuring storm control 466
• Gi1 0 5 5120 1024 n a 466
• Kbps for port 1 0 5 466
• Port ingressrate kbps egressrate kbps lag 466
• Switch config if bandwidth ingress 5120 egress 1024 466
• Switch config if end 466
• Switch config if show bandwidth interface gigabitethernet 1 0 5 466
• Switch config interface gigabitethernet 1 0 5 466
• Switch configure 466
• Switch copy running config startup config 466
• The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 466
• Configuration examples 469
• Configuration scheme 469
• Example for configuring sp mode 469
• Network requirements 469
• Using the gui 470
• Using the cli 471
• Configuration files 472
• Verify the configuration 472
• Both rd department and marketing department can access the local network server configure 473
• Example for configuring wrr mode 473
• Network requirements 473
• Scheduler mode sp weight unusable in sp mode 473
• Switch a marketing department is connected to port 1 0 2 of switch a the server is connected 473
• Switch b is a layer 3 switch with acl redirect feature rd department is connected to port 1 0 1 of 473
• Switch config show qos queue mode 473
• The network topology is shown as the following figure switch a is an access layer switch and 473
• The switches to ensure the traffic from the two departments are forwarded based on the weight 473
• To port 1 0 2 of switch b and port 1 0 3 of switch a is connected to port 1 0 1 of switch b 473
• Value ratio of 2 1 when congestion occurs 473
• Verify the schedule mode 473
• Configuration scheme 474
• Configurations for switch a demonstrated with t1600g 52ts 474
• Using the gui 474
• Configurations for switch b demonstrated with t3700g 28tq 476
• Configurations for switch a demonstrated with t1600g 52ts 482
• Using the cli 482
• Configurations for for switch b demonstrated with t3700g 28tq 483
• Configuration file 485
• Switch a 485
• Switch b 485
• Switch a 487
• Switch b 487
• Verify the configuration 487
• Appendix default parameters 489
• Diffserv 489
• Disabled see table 5 4 for dscp cos id mapping relations 489
• Enabled see table 5 3 for tag id cos id tc mapping relations 489
• Bandwidth control 490
• Chapters 491
• Configuring voice vlan 491
• Part 17 491
• Overview 492
• Because the voice vlan in automatic mode supports only tagged voice traffic you need to 494
• Before configuring voice vlan you need to create a vlan for voice traffic for details about 494
• Configuration guidelines 494
• Configure voice vlan globally 494
• Configure voice vlan mode on ports 494
• Create a vlan 494
• Id and the link type of the port which is connected to voice devices we recommend that 494
• Make sure traffic from the voice device is tagged to do so there are mainly two ways 494
• Only one vlan can be set as the voice vlan on the switch 494
• Optional configure oui addresses 494
• To apply the voice vlan configuration you may need to further configure pvid port vlan 494
• To complete the voice vlan configuration follow these steps 494
• Vlan 1 is a default vlan and cannot be configured as the voice vlan 494
• Vlan configuration please refer to configuring 802 q vlan 494
• Voice vlan configuration 494
• You can configure the voice device to forward traffic with a voice vlan tag 494
• You choose the mode according to your needs and configure the port as the following table 494
• Optional configuring oui addresses 495
• Using the gui 495
• Click apply 496
• Click create to add an oui address to the table 496
• Configuring voice vlan globally 496
• Configuring voice vlan mode on ports 496
• Enable the voice vlan feature and enter a vlan id 496
• Follow these steps to configure the voice vlan globally 496
• Global config to load the following page 496
• Port config to load the following page 496
• Set the aging time for the voice vlan 496
• Specify a priority for the voice vlan 496
• Follow these steps to configure voice vlan mode on ports 497
• Select your desired ports and choose the port mode 497
• Click apply 498
• Follow these steps to configure the voice vlan 498
• Set the security mode for selected ports 498
• Using the cli 498
• Configuration example 502
• Configuration scheme 502
• Network requirements 502
• Network topology 502
• B ports connected to ip phones use the voice vlan for voice traffic and ports connected to 503
• Computers use the default vlan for data traffic 503
• Configurations for switch a 503
• Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways 503
• Following page create vlan 10 503
• In the meeting room computers and ip phones are connected to different ports of switch 503
• Internet 503
• Switch c 503
• Using the gui 503
• Using the gui and using the cli 503
• Vlan config and click create to load the 503
• Voice traffics from switch a and switch b are forwarded to voice gateway and internet through 503
• Following page add port 1 0 2 to the voice vlan 505
• Vlan config and edit vlan 10 to load the 505
• Configurations for switch b 507
• Configurations for switch c 509
• Configurations for switch a 510
• Using the cli 510
• Configurations for switch b 511
• Configurations for switch c 512
• Switch a 512
• Verify the configurations 512
• Switch b 513
• Switch c 513
• Appendix default parameters 514
• Default settings of voice vlan are listed in the following tables 514
• Description 514
• Chapters 515
• Configuring acl 515
• Part 18 515
• Acl binding 516
• Overview 516
• Policy binding 516
• Supported features 516
• Acl configurations 517
• Creating an acl 517
• Using the gui 517
• Configuring acl rules 518
• Configuring the mac acl rule 518
• Click apply 519
• Configure the rule s packet matching criteria 519
• Configuring the standard ip acl rule 519
• Follow these steps to create the standard ip acl rule 519
• For the matched packets 519
• Select a standard ip acl from the drop down list enter a rule id and specify the operation 519
• Standard i 519
• Standard ip acl to load the following page 519
• Tandard i 519
• Click apply 520
• Configure the rule s packet matching criteri 520
• Configure the rule s packet matching criteria 520
• Configuring the extend ip acl rule 520
• Extend ip ac 520
• Extend ip acl to load the following page 520
• Follow these steps to create the extend ip acl rule 520
• Select an extend ip acl from the drop down list enter a rule id and specify the operation for 520
• The matched packets 520
• Click apply 521
• Configuring the ipv6 acl rule 521
• Follow these steps to create the ipv6 acl rule 521
• Ipv6 acl to load the following page 521
• Select an ipv6 acl from the drop down list enter a rule id and specify the operation for the 521
• Acl rule or change the matching order if needed 522
• By default a rule configured earlier is listed before a rule configured later the switch matches a 522
• Click apply 522
• Configure the rule s packet matching criteri 522
• In the acl rule table you can view all the acls and their rules you can also delete an acl or an 522
• Process and performs the action defined in the rule 522
• Received packet with the rules in order when a packet matches a rule the device stops the match 522
• The rules in an acl are listed in ascending order of configuration time regardless of their rule ids 522
• Verifying the rule table 522
• Applying an acl to the policy 523
• Configuring policy 523
• Creating a policy 523
• Binding the acl to a port 524
• Configuring the acl binding 524
• Configuring the acl binding and policy binding 524
• Binding the acl to a vlan 525
• Binding the policy to a port 525
• Configuring the policy binding 525
• Follow these steps to bind the acl to a vlan 525
• Processed according to this policy 525
• Select the acl and enter the vlan id and click appl 525
• Vlan binding to load the following page 525
• You can bind the policy to a port or a vlan the received packets will then be matched and 525
• Binding the policy to a vlan 526
• Existing entries if needed 526
• Follow these steps to bind the policy to a port 526
• Follow these steps to bind the policy to a vlan 526
• Select the acl and enter the vlan id and clic 526
• Select the policy and the port to be bound and clic 526
• Verifying the acl binding 526
• Verifying the binding configuration 526
• Vlan binding to load the following page 526
• You can view both port binding and vlan binding entries in the table you can also delete 526
• Verifying the policy binding 527
• Addresses protocol type and so on 528
• Binding table to load the following page 528
• Configuring acl 528
• Configuring the mac acl 528
• Follow the steps to create different types of acl and configure the acl rules 528
• Using the cli 528
• You can define the rules based on source or destination ip addresses source or destination mac 528
• Configuring the standard ip acl 529
• Mac access list 50 529
• Rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 529
• Switch config mac access list 50 529
• Switch config mac acl end 529
• Switch config mac acl rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 529
• Switch config mac acl show access list 50 529
• Switch configure 529
• Switch copy running config startup config 529
• The following example shows how to create mac acl 50 and configure rule 1 to permit packets 529
• With source mac address 00 34 a2 d4 34 b5 529
• Packets with source ip address 192 68 00 530
• Rule 1 permit sip 192 68 00 smask 255 55 55 55 530
• Standard ip access list 600 530
• Switch config access list create 600 530
• Switch config end 530
• Switch config rule 1 permit sip 192 68 00 smask 255 55 55 55 530
• Switch config show access list 600 530
• Switch configure 530
• Switch copy running config startup config 530
• The following example shows how to create standard ip acl 600 and configure rule 1 to permit 530
• Configuring the extend ip acl 531
• Extended ip access list 1700 531
• Protocol 6 d port 23 531
• Switch config access list create 1700 531
• Switch config access list extended 1700 rule 7 deny sip 192 68 00 smask 255 55 55 55 531
• Switch config show access list 1700 531
• Switch configure 531
• Telnet packets with source ip192 68 00 531
• The following example shows how to create extend ip acl 1700 and configure rule7 to deny 531
• Configuring the ipv6 acl 532
• Rule 7 deny sip 192 68 00 smask 255 55 55 55 protocol 6 d port 23 532
• Switch config end 532
• Switch copy running config startup config 532
• Cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 533
• Configuring policy 533
• Follow the steps below to create a policy and configure the policy actions 533
• Ipv6 access list 3600 533
• Rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff ff ffff ffff 533
• Switch config access list create 3600 533
• Switch config access list ipv6 3600 rule 1 deny sip 533
• Switch config end 533
• Switch config show access list 3600 533
• Switch configure 533
• Switch copy running config startup config 533
• The following example shows how to create ipv6 acl 3600 and configure rule 1 to deny packets 533
• With source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 533
• Access list 600 534
• Acl binding 534
• Acl binding and policy binding 534
• Policy name rd 534
• Processed according to the acl rules 534
• Switch config access list policy action rd 600 534
• Switch config access list policy name rd 534
• Switch config action exit 534
• Switch config end 534
• Switch config show access list policy rd 534
• Switch configure 534
• Switch copy running config startup config 534
• Takes effect only after they are bound to a port or vlan 534
• The following example shows how to create policy rd and apply acl 600 to policy rd 534
• You can bind the acl to a port or a vlan the received packets will then be matched and 534
• You can select acl binding or policy binding according to your needs an acl rule and policy 534
• Policy binding 535
• 2 ingress vlan 536
• Gi1 0 2 ingress port 536
• Index acl id interface vid direction type 536
• Index policy name interface vid direction type 536
• Policy nam 536
• Port port lis 536
• Switch config if access list bind policy 1 536
• Switch config if access list bind policy 2 536
• Switch config if end 536
• Switch config if exit 536
• Switch config if show access list bind 536
• Switch config interface gigabitethernet 1 0 2 536
• Switch config interface vlan 2 536
• Switch configure 536
• Switch copy running config startup config 536
• The following example shows how to bind policy 1 to port 2 and policy 2 to vlan 2 536
• Vlan i 536
• 0 1 and the server group is connected to the switch via port 1 0 2 537
• A company s server group can provide different types of services it is required that 537
• And configuring rules for it 537
• As shown below computers in the marketing department are connected to the switch via port 537
• Configuration example for acl 537
• Configuration scheme 537
• Network requirements 537
• Network topology 537
• The marketing department can only access the server group 537
• The marketing department can only visit http and https websites on the internet 537
• To meet the requirements above you can configure packet filtering by creating an extend ip acl 537
• Binding configuration 538
• Configuring acl 538
• Using the gui 538
• Or udp 53 dns service port 540
• Policy create to load the following page configure 540
• Rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 540
• Using the cli 542
• Verify the configurations 543
• Index acl id interface vid direction type 544
• Appendix default parameters 545
• For extend ip acl 545
• For ipv6 acl 545
• For mac acl 545
• For standard ip acl 545
• Chapters 546
• Configuring network security 546
• Part 19 546
• Dhcp snooping 547
• Ip mac binding 547
• Network security 547
• Overview 547
• Supported features 547
• Arp inspection 548
• Dos defend 549
• Binding entries manually 551
• Ip mac binding configurations 551
• Using the gui 551
• And the connected port number of the host you can bind these entries conveniently 552
• Arp scanning 552
• Arp scanning to load the following 552
• Binding entries dynamically 552
• Click bind 552
• Select protect type for the entry 552
• Select the port that is connected to this host 552
• The binding entries can be dynamically learned from arp scanning and dhcp snooping 552
• Upon receiving the arp reply packet the switch can get the ip address mac address vlan id 552
• With arp scanning the switch sends the arp request packets of the specified ip field to the hosts 552
• Dhcp snooping 553
• Follow these steps to configure ip mac binding via arp scanning 553
• For instructions on how to configure dhcp snooping refer to dhcp snooping configurations 553
• Host and record the ip address mac address vlan id and the connected port number of the 553
• In the scanning option section specify an ip address range and a vlan id then click scan 553
• In the scanning result section select one or more entries and configure the relevant 553
• Parameters then click apply 553
• To scan the entries in the specified ip address range and vlan 553
• With dhcp snooping enabled the switch can monitor the ip address obtaining process of the 553
• Binding table to load the following 554
• In the binding table section you can view the searched entries additionally you can configure 554
• In the search section specify the search criteria to search your desired entries 554
• The host name and protect type for one or more entries and click apply 554
• Viewing the binding entries 554
• With the binding table you can view and search the specified binding entries 554
• Binding entries manually 555
• Binding entries via arp scanning is not supported by the cli binding entries via dhcp snooping 555
• Entries manually and view the binding entries 555
• Follow these steps to manually bind entries 555
• Is introduced in dhcp snooping configurations the following sections introduce how to bind 555
• The condition that you have got the related information of the hosts 555
• Using the cli 555
• You can manually bind the ip address mac address vlan id and the port number together on 555
• 68 5 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this 556
• Entry for the arp detection feature 556
• Gigabitethernet 1 0 5 arp detection 556
• Host1 192 68 5 aa bb cc dd ee ff 10 gi1 0 5 arp d 556
• On privileged exec mode or any other configuration mode you can use the following command 556
• Switch config end 556
• Switch config ip source binding host1 192 68 5 aa bb cc dd ee ff vlan 10 interface 556
• Switch config show ip source binding 556
• Switch configure 556
• Switch copy running config startup config 556
• The following example shows how to bind an entry with the hostname host1 ip address 556
• To view binding entries 556
• U no host ip addr mac addr vid port acl col 556
• Viewing binding entries 556
• Dhcp snooping configuration 557
• Enabling dhcp snooping on vlan 557
• Using the gui 557
• Click apply 558
• Configuring dhcp snooping on ports 558
• Follow these steps to configure dhcp snooping on the specified port 558
• Port config to load the following 558
• Select one or more ports and configure the parameters 558
• Click apply 559
• Distribution way 559
• Follow these steps to configure option 82 559
• Following page 559
• Location of the dhcp client via option 82 the dhcp server supporting option 82 can also set 559
• Option 82 config to load the 559
• Option 82 records the location of the dhcp client the switch can add option 82 to the dhcp 559
• Optional configuring option 82 559
• Request packet and then transmit the packet to the dhcp server administrators can check the 559
• Select one or more ports and configure the parameters 559
• The distribution policy of ip addresses and other parameters providing a more flexible address 559
• Click apply 560
• Follow these steps to globally configure dhcp snooping 560
• Globally configuring dhcp snooping 560
• Using the cli 560
• Configuring dhcp snooping on ports 561
• Follow these steps to configure dhcp snooping on the specified ports 561
• Global status enable 561
• Switch config if end 561
• Switch config ip dhcp snooping 561
• Switch config ip dhcp snooping vlan 5 561
• Switch config show ip dhcp snooping 561
• Switch configure 561
• Switch copy running config startup config 561
• The following example shows how to enable dhcp snooping globally and on vlan 5 561
• Vlan id 5 561
• Optional configuring option 82 562
• As replace the circuit id as vlan20 and the remote id as host1 563
• Follow these steps to configure option 82 563
• Switch config if ip dhcp snooping information option 563
• Switch config interface gigabitethernet 1 0 7 563
• Switch configure 563
• The following example shows how to enable option 82 on port 1 0 7 and configure the strategy 563
• Arp inspection configurations 565
• Configuring arp detection 565
• Using the gui 565
• Arp defend to load the following 566
• Configuring arp defend 566
• Follow these steps to configure arp defend 566
• Select one or more ports and configure the parameters 566
• To avoid arp attack flood 566
• When the transmission speed of the legal arp packet on the port exceeds the defined value so as 566
• With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds 566
• Viewing arp statistics 567
• A trusted port 568
• Configuration complete ip mac binding configuration for details refer to ip mac binding 568
• Configurations 568
• Configuring arp detection 568
• Entries in the ip mac binding table and filter the illegal arp packets before arp detection 568
• Follow these steps to configure arp detection 568
• Switch config if ip arp inspection trust 568
• Switch config if show ip arp inspection 568
• Switch config interface gigabitethernet 1 0 1 568
• Switch config ip arp inspection 568
• Switch configure 568
• The arp detection feature allows the switch to detect the arp packets basing on the binding 568
• The following example shows how to globally enable arp detection and configure port 1 0 1 as 568
• Using the cli 568
• Arp detection global status enabled 569
• Configuring arp defend 569
• Follow these steps to configure arp defend 569
• Gi1 0 1 yes 569
• Gi1 0 2 no 569
• Port trusted 569
• Switch config if end 569
• Switch copy running config startup config 569
• To avoid arp attack flood 569
• When the transmission speed of the legal arp packet on the port exceeds the defined value so as 569
• With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds 569
• On privileged exec mode or any other configuration mode you can use the following command 571
• Switch config if end 571
• Switch copy running config startup config 571
• To view arp statistics 571
• Viewing arp statistics 571
• Dos defend configuration 572
• Dos defend to load the following page 572
• Follow these steps to configure dos defend 572
• Following table introduces each type of dos attack 572
• In the configure section enable dos protection 572
• In the defend table section select one or more defend types according to your needs the 572
• Using the gui 572
• Click apply 573
• Follow these steps to configure dos defend 573
• Using the cli 573
• Switch config ip dos prevent 574
• Switch config ip dos prevent type land 574
• Switch configure 574
• The following example shows how to enable the dos defend type named land 574
• Configuring 802 x globally 576
• Using the gui 576
• X configuration 576
• In the authentication config section enable quiet configure the quiet timer and click 577
• Configure 802 x authentication on the desired port and click apply 578
• Configuring 802 x on ports 578
• Port config to load the following page 578
• Adding the radius server 579
• Configuring the radius server 579
• Enabling aaa function 579
• Configuring the radius server group 580
• Group and click add 580
• In the add new server group section specify the name and server type for the new server 580
• Select the newly added group and click edit in the operation column 580
• Select the server to be added to the group from the server ip drop down list then click add 580
• Server group to load the following page 580
• To add this server to the server group 580
• Configuring 802 x globally 581
• Configuring the dot1x list 581
• Using the cli 581
• Authentication method and keep other parameters as default 583
• Authentication method pap 583
• Configuring 802 x on ports 583
• Follow these steps to configure the port 583
• Guest vlan id n a 583
• Guest vlan state disable 583
• Handshake state enabled 583
• Max retry times for radius packet 3 583
• Quiet period state disable 583
• Quiet period timer 10 sec 583
• Supplicant timeout 3 sec 583
• Switch config dot1x auth method pap 583
• Switch config dot1x system auth control 583
• Switch config end 583
• Switch config show dot1x global 583
• Switch configure 583
• Switch copy running config startup config 583
• The following example shows how to enable 802 x authentication configure pap as the 583
• X accounting state disable 583
• X state enabled 583
• Control type as port based and configure the control mode as auto 584
• Gi1 0 2 enabled disabled auto port based unauthorized n a 584
• Port state guestvlan portcontrol portmethod authorized lag 584
• Switch config if dot1x 584
• Switch config if dot1x port control auto 584
• Switch config if dot1x port method port based 584
• Switch config if end 584
• Switch config if show dot1x interface gigabitethernet 1 0 2 584
• Switch config interface gigabitethernet 1 0 2 584
• Switch configure 584
• The following example shows how to enable 802 x authentication on port 1 0 2 configure the 584
• Configuring the radius server 585
• Follow these steps to configure radius 585
• Switch copy running config startup config 585
• Aaa configuration 588
• Configuration guidelines 588
• Adding servers 589
• Globally enabling aaa 589
• Using the gui 589
• Adding radius server 590
• Click add to add the radius server on the switch 590
• Follow these steps to add a radius server 590
• In the server config section configure the following parameters 590
• Radius conifg to load the following page 590
• Adding tacacs server 591
• Click add to add the tacacs server on the switch 591
• Configuring server groups 591
• Follow these steps to add a tacacs server 591
• Group you can add new server groups as needed 591
• In the server config section configure the following parameters 591
• Servers the servers running the same protocol are automatically added to the default server 591
• Tacacs conifg to load the following page 591
• The switch has two built in server groups one for radius servers and the other for tacacs 591
• Configuring the method list 593
• And enable list 594
• Click add to add the new method 594
• Click apply 594
• Configuring the aaa application list 594
• Follow these steps to configure the aaa application list 594
• Global config to load the following page 594
• In the aaa application list section select an access application and configure the login list 594
• Configuring login account and enable password 595
• On the server 595
• On the switch 595
• Aaa global status enable 596
• Adding radius server 596
• Adding servers 596
• Follow these steps to add radius server on the switch 596
• Follow these steps to globally enable aaa 596
• Globally enabling aaa 596
• Servers are added the server with the highest priority authenticates the users trying to access the 596
• Switch and the others act as backup servers in case the first one breaks down 596
• Switch config aaa enable 596
• Switch config end 596
• Switch config show aaa global 596
• Switch configure 596
• Switch copy running config startup config 596
• The following example shows how to globally enable aaa 596
• Using the cli 596
• You can add one or more radius tacacs servers on the switch for authentication if multiple 596
• 68 0 1812 1813 8 3 123456 597
• Seconds and the retransmit number as 3 597
• Server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 597
• Server ip auth port acct port timeout retransmit shared key 597
• Switch config end 597
• Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 597
• Switch config show radius server 597
• Switch configure 597
• Switch copy running config startup config 597
• The following example shows how to add a radius server on the switch set the ip address of the 597
• 68 0 49 8 123456 598
• Adding tacacs server 598
• Follow these steps to add tacacs server on the switch 598
• Of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the 598
• Server ip port timeout shared key 598
• Switch config end 598
• Switch config show tacacs server 598
• Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 598
• Switch configure 598
• Switch copy running config startup config 598
• The following example shows how to add a tacacs server on the switch set the ip address 598
• Timeout as 8 seconds 598
• Configuring server groups 599
• Existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 599
• Running the same protocol are automatically added to the default server group you can add new 599
• Server groups as needed 599
• Switch aaa group end 599
• Switch aaa group server 192 68 0 599
• Switch aaa group show aaa group radius1 599
• Switch config aaa group radius radius1 599
• Switch configure 599
• Switch copy running config startup config 599
• The following example shows how to create a radius server group named radius1 and add the 599
• The switch has two built in server groups one for radius and the other for tacacs the servers 599
• The two default server groups cannot be deleted or edited follow these steps to add a server 599
• A method list describes the authentication methods and their sequence to authenticate the 600
• And enable method list for guests to get administrative privileges 600
• Configuring the method list 600
• Default local 600
• Follow these steps to configure the method list 600
• Login1 radius local 600
• Methodlist pri1 pri2 pri3 pri4 600
• Switch config aaa authentication login login1 radius local 600
• Switch config show aaa authentication login 600
• Switch configure 600
• The following example shows how to create a login method list named login1 and configure 600
• The method 1 as the default radius server group and the method 2 as local 600
• Users the switch supports login method list for users of all types to gain access to the switch 600
• And http 601
• Configuring the aaa application list 601
• Default local 601
• Enable1 radius local 601
• Follow these steps to apply the login and enable method lists for the application telnet 601
• Methodlist pri1 pri2 pri3 pri4 601
• Switch config aaa authentication enable enable1 radius local 601
• Switch config end 601
• Switch config show aaa authentication enable 601
• Switch configure 601
• Switch copy running config startup config 601
• Telnet 601
• The following example shows how to create an enable method list named enable1 and configure 601
• The method 1 as the default radius server group and the method 2 as local 601
• You can configure authentication method lists on the following access applications telnet ssh 601
• Enable method list named enable1 for the application telnet 602
• Follow these steps to apply the login and enable method lists for the application ssh 602
• Http default default 602
• Module login list enable list 602
• Ssh default default 602
• Switch config line enable authentication enable1 602
• Switch config line end 602
• Switch config line login authentication login1 602
• Switch config line show aaa global 602
• Switch config line telnet 602
• Switch configure 602
• Switch copy running config startup config 602
• Telnet login1 enable1 602
• The following example shows how to apply the existing login method list named login1 and 602
• Enable method list named enable1 for the application ssh 603
• Follow these steps to apply the login and enable method lists for the application http 603
• Http default default 603
• Module login list enable list 603
• Ssh login1 enable1 603
• Switch config line enable authentication enable1 603
• Switch config line end 603
• Switch config line login authentication login1 603
• Switch config line show aaa global 603
• Switch config line ssh 603
• Switch configure 603
• Switch copy running config startup config 603
• Telnet default default 603
• The following example shows how to apply the existing login method list named login1 and 603
• Configuring login account and enable password 604
• On the switch 604
• Configuration file all the users trying to get administrative privileges share this enable 605
• Customizable all users trying to get administrative privileges share this enable password 605
• Enable and providing the enable password 605
• For enable password configuration 605
• For login authentication configuration more than one login account can be created on the 605
• Network information without the enable password 605
• On radius server the user name should be set as enable and the enable password is 605
• On tacacs server configure the value of enable 15 as the enable password in the 605
• On the server 605
• Password 605
• Server besides both the user name and password can be customized 605
• Some configuration principles on the server are as follows 605
• The accounts created by the radius tacacs server can only view the configurations and some 605
• Tips the logged in guests can get administrative privileges by using the command admin 605
• Configuration examples 606
• Configuration scheme 606
• Example for dhcp snooping and arp detection 606
• Network requirements 606
• Using the gui 607
• Using the cli 610
• Verify the configuration 610
• Configuration scheme 612
• Example for 802 x 612
• Network requirements 612
• Network topology 612
• Configuration procedure in two ways using the gui and using the cli 613
• Demonstrated with t1600g 28ts acting as the authenticator the following sections provide 613
• Eap enable the quiet feature and then keep the default authentication settings 613
• Following page enable 802 x authentication and configure the authentication method as 613
• Global config to load the 613
• Internet 613
• Using the gui 613
• Using the cli 616
• Verify the configurations 617
• Example for aaa 618
• Network requirements 618
• Configuration scheme 619
• Using the gui 619
• Using the cli 622
• Verify the configuration 623
• Appendix default parameters 625
• Default settings of network security are listed in the following tables 625
• Chapters 629
• Configuring lldp 629
• Part 20 629
• Overview 630
• Supported features 630
• Global config 631
• Lldp configurations 631
• Using the gui 631
• Follow these steps to enable lldp and configure the lldp feature globally 632
• In the global config section enable lldp click apply 632
• In the parameters config section configure the lldp parameters click apply 632
• Follow these steps to configure the lldp feature for the interface 633
• Policy config to load the following page 633
• Port config 633
• Select the desired port and set its admin status and notification mode 633
• Enable the lldp feature on the switch and configure the lldp parameters 634
• Global config 634
• Select the tlvs type length value included in the lldp packets according to your needs 634
• Using the cli 634
• Count 3 635
• Interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast 635
• Lldp status enabled 635
• Switch config lldp 635
• Switch config lldp hold multiplier 4 635
• Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 635
• Switch config show lldp 635
• Switch configure 635
• The following example shows how to configure the following parameters lldp timer 4 tx 635
• Ttl multiplier 4 635
• Tx interval 30 seconds 635
• Fast packet count 3 636
• Initialization delay 2 seconds 636
• Lldp med fast start repeat count 4 636
• Lldp packets 636
• Port config 636
• Select the desired port and set its admin status notification mode and the tlvs included in the 636
• Switch config end 636
• Switch copy running config startup config 636
• Trap notification interval 5 seconds 636
• Tx delay 2 seconds 636
• Power yes 638
• Switch config if end 638
• Switch copy running config startup config 638
• Global config 639
• Lldp med configurations 639
• Using the gui 639
• Port config 640
• Global config 642
• Lldp status enabled 642
• Switch config lldp 642
• Switch config lldp med fast count 4 642
• Switch config show lldp 642
• Switch configure 642
• The following example shows how to configure lldp med fast count as 4 642
• Ttl multiplier 4 642
• Tx delay 2 seconds 642
• Tx interval 30 seconds 642
• Using the cli 642
• Fast packet count 3 643
• Initialization delay 2 seconds 643
• Lldp med fast start repeat count 4 643
• Port config 643
• Select the desired port enable lldp med and select the tlvs type length value included in 643
• Switch config end 643
• Switch copy running config startup config 643
• The outgoing lldp packets according to your needs 643
• Trap notification interval 5 seconds 643
• Using gui 646
• Viewing lldp device info 646
• Viewing lldp settings 646
• According to your needs click apply 647
• Follow these steps to view the local information 647
• In the auto refresh section enable the auto refresh feature and set the refresh rate 647
• In the local info section select the desired port and view its associated local device 647
• Information 647
• Viewing the neighbor info 648
• Viewing lldp statistics 649
• In the neighbors statistics section view the statistics of the corresponding port 650
• Using cli 650
• Viewing lldp statistics 650
• Viewing the local info 650
• Viewing the neighbor info 650
• Using gui 651
• Viewing lldp med settings 651
• Viewing the local info 651
• According to your needs click apply 652
• Follow these steps to view lldp med neighgbor information 652
• In the auto refresh section enable the auto refresh feature and set the refresh rate 652
• In the lldp med neighbor info section select the desired port and view the lldp med 652
• Settings 652
• Viewing the neighbor info 652
• Using cli 653
• Viewing lldp statistics 653
• Viewing the local info 653
• Viewing the neighbor info 653
• Configuration example 654
• Configuration scheme 654
• Example for configuring lldp 654
• Network requirements 654
• Network topology 654
• Using the gui 655
• Using cli 656
• Configuration file 657
• Verify the configurations 657
• Example for configuring lldp med 662
• Network requirements 662
• Configuration scheme 663
• Network topology 663
• Using the gui 663
• Using the cli 667
• Configuration file 668
• Verify the configurations 669
• Appendix default parameters 676
• Default lldp med settings 676
• Default lldp settings 676
• Default settings of lldp are listed in the following tables 676
• Chapters 677
• Configuring maintenance 677
• Part 21 677
• Device diagnose 678
• Maintenance 678
• Network diagnose 678
• Overview 678
• Supported features 678
• System monitor 678
• Monitoring the cpu 679
• Monitoring the system 679
• Using the gui 679
• Monitoring the cpu 680
• Monitoring the memory 680
• Using the cli 680
• Monitoring the memory 681
• Backing up log files 682
• Configuration guidelines 682
• Configuring the local log 682
• Configuring the remote log 682
• Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality 682
• Of the switch is affected please take actions according to the log message 682
• System log configurations 682
• System log configurations include 682
• Viewing the log table 682
• Click apply 683
• Configuring the local log 683
• Configuring the remote log 683
• Follow these steps to configure the local log 683
• Local log to load the following page 683
• Remote log enables the switch to send system logs to a host to display the logs the host should 683
• Run a log server that complies with the syslog standard 683
• Select your desired channel and configure the corresponding severity and status 683
• Using the gui 683
• Backing up the log file 684
• Viewing the log table 684
• Configuring the local log 685
• Follow these steps to configure the local log 685
• Select a module and a severity to view the corresponding log information 685
• Using the cli 685
• Switch config logging buffer 686
• Switch config logging buffer level 5 686
• Switch config logging file flash 686
• Switch config logging file flash frequency periodic 10 686
• Switch config logging file flash level 2 686
• Switch config show logging local config 686
• Switch configure 686
• The following example shows how to configure the local log on the switch save logs of levels 0 686
• To 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 686
• Buffer 5 enable immediately 687
• Channel level status sync periodic 687
• Configuring the remote log 687
• Flash 2 enable 10 hour s 687
• Follow these steps to set the remote log 687
• Ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the host 687
• Monitor 5 enable immediately 687
• Remote log enables the switch to send system logs to a host to display the logs the host should 687
• Run a log server that complies with the syslog standard 687
• Switch config end 687
• Switch configure 687
• Switch copy running config startup config 687
• The following example shows how to set the remote log on the switch enable log host 2 set its 687
• Cable test to load the following page 689
• Diagnosing the device 689
• In the port section select your desired port for the test 689
• In the result section click apply and check the test results 689
• Using the gui 689
• Gi1 0 2 pair a normal 2 10m 690
• On privileged exec mode or any other configuration mode you can use the following command 690
• Pair b normal 2 10m 690
• Pair c normal 0 10m 690
• Pair d normal 2 10m 690
• Port pair status length error 690
• Switch show cable diagnostics interface gigabitehternet 1 0 2 690
• The following example shows how to check the cable diagnostics of port 1 0 2 690
• To check the connection status of the cable that is connected to the switch 690
• Using the cli 690
• Configuring the ping test 691
• Diagnosing the network 691
• Using the gui 691
• Configuring the tracert test 692
• Approximate round trip times in milli seconds 693
• Bytes and the interval as 500 milliseconds 693
• Configuring the ping test 693
• Destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 693
• In the tracert result section check the test results 693
• Minimum 0ms maximum 0ms average 0ms 693
• On privileged exec mode or any other configuration mode you can use the following command 693
• Packets sent 3 received 3 lost 0 0 loss 693
• Ping statistics for 192 68 0 693
• Pinging 192 68 0 with 1000 bytes of data 693
• Reply from 192 68 0 bytes 1000 time 16ms ttl 64 693
• Switch ping ip 192 68 0 n 3 l 1000 i 500 693
• The following example shows how to test the connectivity between the switch and the 693
• To test the connectivity between the switch and one node of the network 693
• Using the cli 693
• Configuring the tracert test 694
• Destination 694
• Device with the ip address 192 68 00 set the maxhops as 2 694
• Ms 1 ms 2 ms 192 68 694
• Ms 2 ms 2 ms 192 68 00 694
• On privileged exec mode or any other configuration mode you can use the following command 694
• Switch tracert 192 68 00 2 694
• The following example shows how to test the connectivity between the switch and the network 694
• To test the connectivity between the switch and routers along the path from the source to the 694
• Trace complete 694
• Tracing route to 192 68 00 over a maximum of 2 hops 694
• Configuration example for remote log 695
• Configuration scheme 695
• Network requirements 695
• Using the gui 695
• Using the cli 696
• Verify the configurations 696
• Appendix default parameters 697
• Default settings of maintenance are listed in the following tables 697
• Chapters 698
• Managing snmp rmon 698
• Part 22 698
• Notification configurations 7 appendix default parameters 699
• Part 22 699
• Rmon overview 699
• Snmp configurations 6 configuration example 699
• Snmp overview 699
• Snmp overview 5 rmon configurations 699
• Choose snmpv1 or snmpv2c 700
• Choose snmpv3 700
• Snmp configurations 700
• Creating an snmp view 701
• Enabling snmp 701
• Using the gui 701
• Click create to add the view entry 702
• Create an snmp group and configure related parameters 702
• Creating an snmp group 702
• Set the view name and one mib variable that is related to the view choose the view type and 702
• Snmp view to load the following page 702
• Follow these steps to create an snmp group 703
• Need to further configure security level 703
• Set the group name and security model if you choose snmpv3 as the security model you 703
• Snmp group to load the following page 703
• Creating snmp users 704
• Follow these steps to create an snmp user 704
• Model according to the related parameters of the specified group if you choose snmpv3 you 704
• Need to configure the security level 704
• Set the read write and notify view of the snmp group click create 704
• Snmp user to load the following page 704
• Specify the user name user type and the group which the user belongs to set the security 704
• Click create 705
• Corresponding auth mode or privacy mode if not skip the step 705
• Creating snmp communities 705
• Directly 705
• If you have chosen authnopriv or authpriv as the security level you need to set 705
• If you want to use snmpv1 or snmpv2c as the security model you can create snmp communities 705
• Enabling snmp 706
• Set the community name access rights and the related view click create 706
• Snmp community to load the following page 706
• Using the cli 706
• Bad snmp version errors 707
• Encoding errors 707
• Get request pdus 707
• Illegal operation for community name supplied 707
• Number of altered variables 707
• Number of requested variables 707
• Snmp agent is enabled 707
• Snmp packets input 707
• Switch config show snmp server 707
• Switch config snmp server 707
• Switch config snmp server engineid remote 123456789a 707
• Switch configure 707
• The following example shows how to enable snmp and set 123456789a as the remote engine id 707
• Unknown community name 707
• Bad value errors 708
• Creating an snmp view 708
• General errors 708
• Get next pdus 708
• Local engine id 80002e5703000aeb132397 708
• No such name errors 708
• Remote engine id 123456789a 708
• Response pdus 708
• Set request pdus 708
• Snmp packets output 708
• Specify the oid object identifier of the view to determine objects to be managed 708
• Switch config end 708
• Switch config show snmp server engineid 708
• Switch copy running config startup config 708
• Too big errors maximum packet size 1500 708
• Trap pdus 708
• Creating an snmp group 709
• Enable auth mode and privacy mode and set the view as read view and notify view 710
• Nms monitor v3 authpriv view view 710
• No name sec mode sec lev read view write view notify view 710
• Switch config end 710
• Switch config show snmp server group 710
• Switch config snmp server group nms monitor smode v3 slev authpriv read view notify 710
• Switch configure 710
• Switch copy running config startup config 710
• The following example shows how to create an snmpv3 group name the group as nms monitor 710
• And access rights as the group 711
• Configure users of the snmp group users belong to the group and use the same security level 711
• Creating snmp users 711
• Admin and set the user as a remote user snmpv3 as the security mode authpriv as the security 712
• Admin remote nms monitor v3 authpriv sha des 712
• Creating snmp communities 712
• For snmpv1 and snmpv2c the community name is used for authentication functioning as the 712
• Level sha as the authentication algorithm 1234 as the authentication password des as the 712
• No u name u type g name s mode s lev a mode p mode 712
• Password 712
• Privacy algorithm and 1234 as the privacy password 712
• Sha cpwd 1234 emode des epwd 1234 712
• Switch config end 712
• Switch config show snmp server user 712
• Switch config snmp server user admin remote nms monitor smode v3 slev authpriv cmode 712
• Switch configure 712
• Switch copy running config startup config 712
• The following example shows how to create an snmp user on the switch name the user as 712
• Configuration guidelines 714
• Notification configurations 714
• Using the gui 714
• Choose a notification type based on the snmp version if you choose the inform type you 715
• Model and security level based on the settings of the user or community 715
• Need to set retry times and timeout interval 715
• Specify the user name or community name used by the nms and configure the security 715
• Click create 716
• Configure parameters of the nms host and packet handling mechanism 716
• Configuring the host 716
• Using the cli 716
• Enabling snmp notification 717
• Enabling the snmp standard trap 717
• Optional enabling the snmp extend trap 718
• Switch config end 718
• Switch config snmp server traps snmp linkup 718
• Switch configure 718
• Switch copy running config startup config 718
• The following example shows how to configure the switch to send linkup traps 718
• Switch config end 719
• Switch config snmp server traps bandwidth control 719
• Switch configure 719
• Switch copy running config startup config 719
• The following example shows how to configure the switch to enable bandwidth control traps 719
• Optional enabling the mac trap 720
• Optional enabling the vlan trap 720
• Switch config end 720
• Switch config snmp server traps mac new 720
• Switch configure 720
• Switch copy running config startup config 720
• The following example shows how to configure the switch to enable 720
• Optional enabling the link status trap 721
• Switch config end 721
• Switch config if end 721
• Switch config if snmp server traps link status 721
• Switch config interface gigabitethernet 1 0 1 721
• Switch config snmp server traps vlan create 721
• Switch configure 721
• Switch copy running config startup config 721
• The following example shows how to configure the switch to enable 721
• The following example shows how to configure the switch to enable link status trap 721
• Rmon overview 722
• Configuring statistics 723
• Rmon configurations 723
• Using the gui 723
• Configuring history 724
• Follow these steps to configure history 724
• History to load the following page 724
• Select a history entry and specify a port to be monitored 724
• Specify the entry id the port to be monitored and the owner name of the entry set the entry as 724
• Valid or undercreation and click create 724
• Choose an event entry and set the snmp user of the entry 725
• Configuring event 725
• Enter the owner name and set the status of the entry click apply 725
• Event to load the following page 725
• Follow these steps to configure event 725
• Set the sample interval and the maximum buckets of history entries 725
• Alarm to load the following page 726
• Before you begin please complete configurations of statistics entries and event entries because 726
• Configuring alarm 726
• Enter the owner name and set the status of the entry click apply 726
• Set the description and type of the event 726
• The alarm entries must be associated with statistics and event entries 726
• Alarm type of the entry 727
• Follow these steps to configure alarm 727
• Select an alarm entry choose a variable to be monitored and associate the entry with a 727
• Set the sample type the rising and falling threshold the corresponding event action and the 727
• Statistics entry 727
• Configuring statistics 728
• Enter the owner name and set the status of the entry click apply 728
• Using the cli 728
• Configuring history 729
• Buckets 50 730
• Gi1 0 1 100 50 monitor enable 730
• Index port interval buckets owner state 730
• Set the sample interval as 100 seconds max buckets as 50 and the owner as monitor 730
• Switch config end 730
• Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor 730
• Switch config show rmon history 730
• Switch configure 730
• Switch copy running config startup config 730
• The following example shows how to create a history entry on the switch to monitor port 1 0 1 730
• Admin the event type as notify set the switch to initiate notifications to the nms and the owner 731
• As monitor 731
• Configuring event 731
• Switch config rmon event 1 user admin description rising notify type notify owner monitor 731
• Switch configure 731
• The following example shows how to create an event entry on the switch set the user name as 731
• Admin rising notify notify monitor enable 732
• Configuring alarm 732
• Index user description type owner state 732
• Switch config end 732
• Switch config show rmon event 732
• Switch copy running config startup config 732
• Alarm variable bpkt 733
• As 2 the alarm type as all the notification interval as 10 seconds and the owner of the entry as 733
• Index state 1 enabled 733
• Interval 10 owner monitor 733
• Monitor 733
• Related rising event entry index as 1 the falling threshold as 3000 the related falling event index 733
• Rhold revent 3000 1 733
• Sample type absolute 733
• Statistics index 1 733
• Switch config rmon alarm 1 stats index 1 alarm variable bpkt s type absolute rising 733
• Switch config show rmon alarm 733
• Switch configure 733
• The following example shows how to set an alarm entry to monitor bpackets on the switch set 733
• The related statistics entry id as 1 the sample type as absolute the rising threshold as 3000 the 733
• Threshold 3000 rising event index 1 falling threshold 3000 falling event index 2 a type all 733
• Configuration example 735
• Configuration scheme 735
• Network requirements 735
• As shown in the following figure the nms host with ip address 172 68 22 is connected to the 736
• Connected to switch b and port 1 0 3 and the nms are able to reach one another 736
• Core switch switch b on switch a ports 1 0 1 and 1 0 2 are monitored by the nms port 1 0 3 is 736
• Demonstrated with t1600g 28ts this chapter provides configuration procedures in two ways 736
• Network topology 736
• Using the gui and using the cli 736
• Configuring rate limit on ports 737
• Configuring snmp 737
• Using the gui 737
• Configuring rmon 739
• Enabling bandwith control trap 739
• Configuring rate limit on ports 742
• Configuring snmp 742
• Enable bandwith control trap 742
• Using the cli 742
• Configuration file 743
• Configuring rmon 743
• Verify the configurations 744
• Appendix default parameters 749
• Default settings of snmp are listed in the following table 749
• Default settings of notification are listed in the following table 750
• Bsmi notice 753
• Ce mark warning 753
• Fcc statement 753
• Industry canada statement 753
• Explanation of the symbols on the product label 754
• Safety information 754
• 限用物質含有情況標示聲明書 754