![Tp-Link T1600G-52TS V1 [229/755] Stp security](/img/pdf.png)
Tp-Link T1600G-52TS V1 [229/755] Stp security
![Tp-Link T1600G-52TS V1 [229/755] Stp security](/views2/1472684/page229/bge5.png)
Configuration Guide 207
Configuring Spanning Tree Spanning Tree
CIST
The Common and Internal Spanning Tree, comprising IST and CST, is the spanning tree that
connects all the switches in the network.
1.3 STP Security
STP Security prevents the loops caused by wrong configurations or BPDU attacks. It contains
Loop Protect, Root Protect, BPDU Protect, BPDU Filter and TC Protect functions.
» Loop Protect
Loop Protect function is used to prevent loops caused by link congestions or link failures. It is
recommended to enable this function on root ports and alternate ports.
If the switch cannot receive BPDUs because of link congestions or link failures, the root port will
become a designated port and the alternate port will transit to forwarding status, so loops will
occur.
With Loop Protect function enabled, the port will temporarily transit to blocking state when the
port does not receive BPDUs. After the link restores to normal, the port will transit to its normal
state, so loops can be prevented.
» Root Protect
Root Protect function is used to ensure that the desired root bridge will not lose its position. It is
recommended to enable this function on the designated ports of the root bridge.
Generally, the root bridge will lose its position once receiving higher-priority BPDUs caused by
wrong configurations or malicious attacks. In this case, the spanning tree will be regenerated, and
traffic needed to be forwarded along high-speed links may be lead to low-speed links.
With root protect function enabled, when the port receives higher-priority BDPUs, it will
temporarily transit to blocking state. After two times of forward delay, if the port does not receive
any higher-priority BDPUs, it will transit to its normal state.
» BPDU Protect
BPDU Protect function is used to prevent the port from receiving BPUDs. It is recommended to
enable this function on edge ports.
Normally edge ports do not receive BPDUs, but if a user maliciously attacks the switch by sending
BPDUs, the system automatically configures these ports as non-edge ports and regenerates the
spanning tree.
Содержание
- Configuration guide 1
- T1600g series switches 1
- About this guide 2
- Accessing the switch 2
- Command line interface access 1 2
- Contents 2
- Conventions 2
- Intended readers 2
- Managing system 2
- More information 2
- Overview 2
- System 3 2
- System info configurations 5 2
- Web interface access 2
- Access security configurations 6 3
- System tools configurations 6 3
- User management configurations 8 3
- Appendix default parameters 4 4
- Basic parameters configurations 9 4
- Configuration examples 7 4
- Loopback detection configuration 3 4
- Managing physical interfaces 4
- Physical interface 8 4
- Port isolation configurations 0 4
- Port mirror configuration 3 4
- Port security configuration 7 4
- Sdm template configuration 1 4
- Address configurations 33 5
- Appendix default parameters 06 5
- Appendix default parameters 23 5
- Appendix default parameters 29 5
- Configuration example 19 5
- Configuring lag 5
- Lag 09 5
- Lag configuration 10 5
- Mac address table 31 5
- Managing mac address table 5
- Monitoring traffic 5
- Traffic monitor 25 5
- Appendix default parameters 50 6
- Configuration example 59 6
- Configuring 802 q vlan 6
- Example for security configurations 47 6
- Overview 52 6
- Q vlan configuration 53 6
- Security configurations 41 6
- Appendix default parameters 64 7
- Appendix default parameters 80 7
- Configuration example 72 7
- Configuration example 89 7
- Configuring mac vlan 7
- Configuring protocol vlan 7
- Mac vlan configuration 67 7
- Overview 66 7
- Overview 82 7
- Protocol vlan configuration 83 7
- Appendix default parameters 99 8
- Configuring spanning tree 8
- Mstp configurations 19 8
- Spanning tree 01 8
- Stp rstp configurations 09 8
- Stp security configurations 38 8
- Appendix default parameters 62 9
- Configuration example for mstp 43 9
- Igmp snooping configurations 67 9
- Layer 2 multicast 65 9
- Managing layer 2 multicast 9
- Configuring mld snooping 05 11
- Viewing multicast snooping configurations 40 12
- Appendix default parameters 76 13
- Configuration examples 43 13
- Logical interfaces configurations 81 13
- Managing logical interfaces 13
- Overview 80 13
- Appendix default parameter 07 14
- Appendix default parameters 92 14
- Configuring dhcp relay 14
- Configuring static routing 14
- Dhcp relay configuration 10 14
- Example for static routing 02 14
- Ipv4 static routing configuration 95 14
- Ipv6 static routing configuration 97 14
- Overview 09 14
- Overview 94 14
- Viewing routing table 00 14
- Appendix default parameters 19 15
- Arp configurations 22 15
- Bandwidth control configuration 41 15
- Configuration example 16 15
- Configuration examples 47 15
- Configuring arp 15
- Configuring qos 15
- Diffserv configuration 29 15
- Overview 21 15
- Qos 28 15
- Acl 94 16
- Acl configurations 95 16
- Appendix default parameters 67 16
- Appendix default parameters 92 16
- Configuration example 80 16
- Configuring acl 16
- Configuring voice vlan 16
- Overview 70 16
- Voice vlan configuration 72 16
- Appendix default parameters 23 17
- Arp inspection configurations 43 17
- Configuration example for acl 15 17
- Configuring network security 17
- Dhcp snooping configuration 35 17
- Ip mac binding configurations 29 17
- Network security 25 17
- Aaa configuration 66 18
- Configuration examples 84 18
- Dos defend configuration 50 18
- X configuration 54 18
- Appendix default parameters 03 19
- Configuring lldp 19
- Lldp 08 19
- Lldp configurations 09 19
- Lldp med configurations 17 19
- Viewing lldp settings 24 19
- Appendix default parameters 54 20
- Configuration example 32 20
- Configuring maintenance 20
- Maintenance 56 20
- Monitoring the system 57 20
- System log configurations 60 20
- Viewing lldp med settings 29 20
- Appendix default parameters 75 21
- Configuration example for remote log 73 21
- Diagnosing the device 67 21
- Diagnosing the network 69 21
- Managing snmp rmon 21
- Notification configurations 92 21
- Snmp configurations 78 21
- Snmp overview 77 21
- Appendix default parameters 27 22
- Configuration example 13 22
- Rmon configurations 01 22
- Rmon overview 00 22
- About this guide 23
- Conventions 23
- Intended readers 23
- More information 24
- Accessing the switch 25
- Chapters 25
- Part 1 25
- Overview 26
- Web interface access 27
- Save config function 28
- Disable the web server 29
- Configure the switch s ip address and default gateway 30
- Box displays the valid default gateway 32
- Check the routing table to verify the default gateway you configured the entry marked in red 32
- Click save config to save the settings 32
- Command line interface access 33
- Console login only for switch with console port 33
- Telnet login 35
- Ssh login 36
- Password authentication mode 37
- Key authentication mode 38
- Disable ssh login 41
- Disable telnet login 41
- Change the switch s ip address and default gateway 42
- Copy running config startup config 42
- Chapters 44
- Managing system 44
- Part 2 44
- Access security 45
- Overview 45
- Supported features 45
- System 45
- System info 45
- System tools 45
- User management 45
- Sdm template 46
- System info configurations 47
- Using the gui 47
- Viewing the system summary 47
- Click a port to view the bandwidth utilization on this port 48
- Move the cursor to the port to view the detailed information of the port 48
- Setting the system time 49
- Specifying the device description 49
- Choose one method to set the system time and specify the information 50
- Click apply 50
- Daylight saving time to load the following page 50
- In the time config section follow these steps to configure the system time 50
- Setting the daylight saving time 50
- Choose one method to set the daylight saving time of the switch and specify the 51
- Follow these steps to configure daylight saving time 51
- In the dst config section select enable to enable the daylight saving time function 51
- Information 51
- Click apply 52
- Gi1 0 1 linkdown n a n a n a disable copper 52
- Gi1 0 2 linkdown n a n a n a disable copper 52
- Gi1 0 3 linkup 1000m full disable disable copper 52
- Gi1 0 50 linkdown n a n a n a disable fiber 52
- Gi1 0 51 linkdown n a n a n a disable fiber 52
- On privileged exec mode or any other configuration mode you can use the following command 52
- Port status speed duplex flowctrl jumbo active medium 52
- Switch 52
- Switch show interface status 52
- The following example shows how to view the interface status and the system information of the 52
- To view the system information of the switch 52
- Using the cli 52
- Viewing the system summary 52
- Contact information www tp link com 53
- Follow these steps to specify the device description 53
- Gi1 0 52 linkdown n a n a n a disable fiber 53
- Hardware version t1600g 52ts 1 53
- Running time 3 day 2 hour 8 min 26 sec 53
- Software version 1 build 20160412 rel 2132 s 53
- Specifying the device description 53
- Switch show system info 53
- System description jetstream 48 port gigabit smart switch with 4 sfp slots 53
- System location shenzhen 53
- System name t1600g 52ts 53
- System time 2016 01 04 10 07 38 53
- Setting the system time 54
- 8 00 63 and set the update rate as 11 57
- Backup ntp server 139 8 00 63 57
- Follow these steps and choose one method to set the daylight saving time 57
- Last successful ntp server 133 00 57
- Prefered ntp server 133 00 57
- Setting the daylight saving time 57
- Switch config end 57
- Switch config show system time ntp 57
- Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 57
- Switch configure 57
- Switch copy running config startup config 57
- The following example shows how to set the system time by get time from ntp server and set 57
- The time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 57
- Time zone utc 08 00 57
- Update rate 11 hour s 57
- Dst configuration is one off 59
- Dst ends at 01 00 00 on sep 1 2016 59
- Dst offset is 50 minutes 59
- Dst starts at 01 00 00 on aug 1 2016 59
- Switch config end 59
- Switch config show system time dst 59
- Switch config system time dst date aug 1 01 00 2016 sep 1 01 00 2016 50 59
- Switch configure 59
- Switch copy running config startup config 59
- The following example shows how to set the daylight saving time by date mode set the start 59
- Time as 01 00 august 1st 2016 set the end time as 01 00 september 1st 2016 and set the offset as 59
- Creating admin accounts 60
- User management configurations 60
- Using the gui 60
- Click create 61
- Creating accounts of other types 61
- Creating an account 61
- Need to go to the aaa section to create an enable password for these accounts the enable 61
- Password is used to change the users access level to admin 61
- User config to load the following page 61
- You can create accounts with the access level of operator power user and user here you also 61
- Configuring enable password 62
- Creating admin accounts 63
- Follow these steps to create an admin account 63
- Using the cli 63
- Creating accounts of other types 64
- Follow these steps to create an account of other type 64
- Need to go to the aaa section to create an enable password for these accounts the enable 64
- Password is used to change the users access level to admin 64
- You can create accounts with the access level of operator power user and user here you also 64
- For details refer to aaa configuration in configuring network security 66
- Privileges 66
- The aaa function applies another method to manage the access users name and password 66
- The logged in users can enter the enable password on this page to get the administrative 66
- Configuring the boot file 68
- System tools configurations 68
- Using the gui 68
- Click apply 69
- Click import to import the configuration file 69
- Config restore to load the following page 69
- Follow these steps to configure the boot file 69
- Follow these steps to restore the configuration of the switch 69
- In the boot table section select one or more units and configure the relevant parameters 69
- In the config restore section select one unit and one configuration file 69
- Restoring the configuration of the switch 69
- Backing up the configuration file 70
- Upgrading the firmware 70
- Configuring the reboot schedule 71
- Rebooting the switch 71
- Configuring the boot file 72
- Follow these steps to configure the boot file 72
- In the system reset section select the desired unit and click reset 72
- Reseting the switch 72
- System reset to load the following page 72
- Using the cli 72
- Backup image image2 bin 73
- Boot config 73
- Current startup image image1 bin 73
- Follow these steps to restore the configuration of the switch 73
- Image as image 2 73
- Next startup image image1 bin 73
- Restoring the configuration of the switch 73
- Switch config boot application filename image1 startup 73
- Switch config boot application filename image2 backup 73
- Switch config end 73
- Switch config show boot 73
- Switch configure 73
- Switch copy running config startup config 73
- The following example shows how to set the next startup image as image 1 and set the backup 73
- Backing up the configuration file 74
- Backup user config file ok 74
- Enable 74
- Follow these steps to back up the current configuration of the switch in a file 74
- Follow these steps to upgrade the firmware 74
- Operation ok now rebooting system 74
- Server with ip address 192 68 00 74
- Start to backup user config file 74
- Start to load user config file 74
- Switch copy startup config tftp ip address 192 68 00 filename file2 74
- Switch copy tftp startup config ip address 192 68 00 filename file1 74
- The following example shows how to backup the configuration file named file2 from tftp server 74
- The following example shows how to restore the configuration file named file1 from the tftp 74
- Upgrading the firmware 74
- With ip address 192 68 00 74
- Configuring the reboot schedule 75
- Enable 75
- File3 bin the tftp server is 190 68 00 75
- Follow these steps and choose one type to configure the reboot schedule 75
- Follow these steps to reboot the switch 75
- It will only upgrade the backup image continue y n y 75
- Operation ok 75
- Reboot with the backup image y n y 75
- Rebooting the switch 75
- Switch firmware upgrade ip address 192 68 00 filename file3 bin 75
- The following example shows how to upgrade the firmware using the configuration file named 75
- Reboot schedule at 2016 01 15 12 00 in 17007 minutes 76
- Reboot schedule settings 76
- Reboot system at 15 01 2016 12 00 continue y n y 76
- Save before reboot yes 76
- Switch config end 76
- Switch config reboot schedule at 12 00 15 01 2016 save_before_reboot 76
- Switch configure 76
- Switch copy running config startup config 76
- The following example shows how to set the switch to reboot at 12 00 on 15 01 2016 76
- Follow these steps to reset the switch 77
- Reseting the switch 77
- Access security configurations 78
- Configuring the access control feature 78
- Using the gui 78
- Click apply 79
- When the ip based mode is selected the following section will display 79
- When the port based mode is selected the following section will display 79
- Configuring the http function 80
- Configuring the https function 81
- Https config to load the following page 81
- In the global config section select enable to enable https function and select the protocol 81
- The switch supports click apply 81
- In the access user number section select enable and specify the parameters click apply 82
- In the certificate download and key download section download the certificate and key 82
- In the ciphersuite config section select the algorithm to be enabled and click apply 82
- In the session config section specify the session timeout and click apply 82
- Configuring the ssh feature 83
- In the global config section select enable to enable ssh function and specify other 83
- Parameters 83
- Ssh config to load the following page 83
- Configuring the access control 84
- Enabling the telnet function 84
- Using the cli 84
- As 192 68 00 set the subnet mask as 255 55 55 and make the switch support snmp telnet 85
- Http and https 85
- Switch config user access control ip based 192 68 00 255 55 55 snmp telnet http 85
- Switch configure 85
- The following example shows how to set the type of access control as ip based set the ip address 85
- 68 24 snmp telnet http https 86
- Configuring the http function 86
- Follow these steps to configure the http function 86
- Index ip address access interface 86
- Switch config end 86
- Switch config show user configuration 86
- Switch copy running config startup config 86
- User authentication mode ip based 86
- Configuring the https function 87
- Follow these steps to configure the https function 87
- Http max admin users 6 87
- Http max guest users 5 87
- Http session timeout 9 87
- Http status enabled 87
- Http user limitation enabled 87
- Number as 6 and set the maximum guest number as 5 87
- Switch config end 87
- Switch config ip http max user 6 5 87
- Switch config ip http server 87
- Switch config ip http session timeout 9 87
- Switch config show ip http configuration 87
- Switch configure 87
- Switch copy running config startup config 87
- The following example shows how to set the session timeout as 9 set the maximum admin 87
- Protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the 88
- The following example shows how to configure the https function enable ssl3 and tls1 88
- Configuring the ssh feature 90
- Follow these steps to configure the ssh function 90
- Aes192 cbc disabled 92
- Aes256 cbc disabled 92
- Begin ssh2 public key 92
- Blowfish cbc disabled 92
- Cast128 cbc enabled 92
- Comment dsa key 20160711 92
- Data integrity algorithm 92
- Des cbc disabled 92
- Enabling the telnet function 92
- Follow these steps enable the telnet function 92
- Hmac md5 enabled 92
- Hmac sha1 disabled 92
- Key file 92
- Key type ssh 2 rsa dsa 92
- Switch config end 92
- Switch copy running config startup config 92
- For specific features the switch provides three templates and the hardware resources allocation 93
- In select options section select one template and click apply the setting will be effective after 93
- Is different users can choose one according to how the switch is used in the network 93
- Sdm template configuration 93
- Sdm template function is used to configure system resources in the switch to optimize support 93
- Sdm template to load the following page 93
- The reboot 93
- The template table displays the resources allocation of each template 93
- Using the gui 93
- Follow these steps to configure the sdm template function 94
- Using the cli 94
- Appendix default parameters 96
- Default settings of system info are listed in the following tables 96
- Default settings of system tools are listed in the following table 96
- Default settings of user management are listed in the following table 96
- Default settings of access security are listed in the following tables 97
- Default settings of sdm template are listed in the following table 98
- Chapters 99
- Managing physical interfaces 99
- Part 3 99
- Basic parameters 100
- Loopback detection 100
- Overview 100
- Physical interface 100
- Port isolation 100
- Port mirror 100
- Port security 100
- Supported features 100
- Basic parameters configurations 101
- Follow these steps to set basic parameters for ports 101
- Port config to load the following page 101
- Select and configure your desired ports or lags then click apply 101
- Using the gui 101
- Follow these steps to set basic parameters for the ports 102
- Using the cli 102
- Neighboring port and enabling the flow control and jumbo feature 103
- Setting a description for the port making the port autonegotiate speed and duplex with the 103
- Switch config if no shutdown 103
- Switch config interface gigabitethernet 1 0 1 103
- Switch configure 103
- The following example shows how to implement the basic configurations of port1 0 1 including 103
- Port mirror configuration 105
- Using the gui 105
- Follow these steps to configure port mirror 106
- In the destination port section specify a monitoring port for the mirror session and click 106
- In the source port section select one or multiple monitored ports for configuration then set 106
- The parameters and click apply 106
- Destination port gi1 0 10 107
- Follow these steps to configure port mirror 107
- Monitor session 1 107
- Switch config monitor session 1 destination interface gigabitethernet 1 0 10 107
- Switch config monitor session 1 source interface gigabitethernet 1 0 1 3 both 107
- Switch config show monitor session 107
- Switch configure 107
- The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 107
- To port 1 0 10 107
- Using the cli 107
- Follow these steps to configure port security 109
- Port security configuration 109
- Port security to load the following page 109
- Select one or multiple ports for security configuration 109
- Specify the maximum number of the mac addresses that can be learned on the port and 109
- Then select the learn mode of the mac addresses 109
- Using the gui 109
- Click apply 110
- Follow these steps to configure port security 110
- Select the status of the port security feature 110
- Using the cli 110
- Gi1 0 1 30 0 permanent drop 111
- Learned on port 1 0 1 as 30 and configure the mode as permanent and the status as drop 111
- Port max learn current learn mode status 111
- Status drop 111
- Switch config if end 111
- Switch config if mac address table max mac count max number 30 mode permanent 111
- Switch config if show mac address table max mac count interface gigabitethernet 1 0 1 111
- Switch config interface gigabitethernet 1 0 1 111
- Switch configure 111
- Switch copy running config startup config 111
- The following example shows how to set the maximum number of mac addresses that can be 111
- Port isolation configurations 112
- Using the gui 112
- Click apply 113
- Follow these steps to configure port isolation 113
- In the forward portlist section select the forward ports or lags which the isolated ports can 113
- In the port section select one or multiple ports to be isolated 113
- Only communicate with it is multi optional 113
- Using the cli 113
- Loopback detection configuration 115
- Using the gui 115
- Follow these steps to configure loopback detection 116
- In the port config section select one or multiple ports for configuration then set the 116
- Parameters and click apply 116
- Using the cli 116
- View the loopback detection information on this page 116
- Loopback detection global status enable 117
- Loopback detection interval 30 s 117
- Parameters 117
- Switch config loopback detection 117
- Switch config show loopback detection global 117
- Switch configure 117
- The following example shows how to enable loopback detection globally keeping the default 117
- Configuration examples 119
- Configuration scheme 119
- Example for port mirror 119
- Network requirements 119
- Using the gui 120
- Using the cli 121
- Verify the configuration 121
- As shown below three hosts and a server are connected to the switch and all belong to vlan 10 122
- Configuration scheme 122
- Demonstrated with t1600g 28ts the following sections provide configuration procedure in two 122
- Example for port isolation 122
- Hosts except the server even if the mac address or ip address of host a is changed 122
- Network requirements 122
- Port for port 1 0 1 thus forbidding host a to forward packets to the other hosts 122
- Source ports egress gi1 0 2 5 122
- Ways using the gui and using the cli 122
- With the vlan configuration unchanged host a is not allowed to communicate with the other 122
- You can configure port isolation to implement the requirement set 1 0 4 as the only forwarding 122
- Using the gui 123
- Example for loopback detection 124
- Network requirements 124
- Using the cli 124
- Verify the configuration 124
- Configuration scheme 125
- Using the gui 125
- Using the cli 126
- Verify the configuration 127
- Appendix default parameters 128
- Default settings of switching are listed in th following tables 128
- Configuring lag 130
- Overview 131
- Static lag 131
- Supported features 131
- Configuration guidelines 132
- Lag configuration 132
- Configuring load balancing algorithm 133
- In the global config section select the load balancing algorithm click apply 133
- Lag table to load the following page 133
- Load balancing algorithm is effective only for outgoing traffic if the data stream is not well 133
- Mac addresses and source ip addresses of the received packets 133
- On one physical link for example switch a receives packets from several hosts and forwards 133
- Please properly choose the load balancing algorithm to avoid data stream transferring only 133
- Shared by each link you can change the algorithm of the outgoing interface 133
- Src mac src ip to allow switch a to determine the forwarding port based on the source 133
- Them to the server with the fixed mac address and ip address you can set the algorithm as 133
- Using the gui 133
- Configuring static lag 134
- Configuring static lag or lacp 134
- Configuring lacp 135
- Follow these steps to configure lacp 135
- Lacp to load the following page 135
- Select member ports for the lag and configure the related parameters click apply 135
- Specify the system priority for the switch and click apply 135
- Configuring load balancing algorithm 136
- Follow these steps to configure the load balancing algorithm 136
- Using the cli 136
- Configuring static lag 137
- Configuring static lag or lacp 137
- Etherchannel load balancing addresses used per protocol 137
- Etherchannel load balancing configuration src dst mac 137
- Follow these steps to configure static lag 137
- Ipv4 source xor destination mac address 137
- Ipv6 source xor destination mac address 137
- Link use the same lag mode 137
- Non ip source xor destination mac address 137
- Switch config if end 137
- Switch config port channel load balance src dst mac 137
- Switch config show etherchannel load balance 137
- Switch configure 137
- Switch copy running config startup config 137
- The following example shows how to set the global load balancing mode as src dst mac 137
- You can choose only one lag mode for a port static lag or lacp and make sure both ends of a 137
- Configuring lacp 138
- Flags d down p bundled in port channel u in use 138
- Follow these steps to configure lacp 138
- Group port channel protocol ports 138
- I stand alone h hot standby lacp only s suspended 138
- Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 138
- R layer3 s layer2 f failed to allocate aggregator 138
- Switch config if range channel group 2 mode on 138
- Switch config if range end 138
- Switch config if range show etherchannel 2 summary 138
- Switch config interface range gigabitethernet 1 0 5 8 138
- Switch configure 138
- Switch copy running config startup config 138
- The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 138
- U unsuitable for bundling w waiting to be aggregated d default port 138
- 000a eb13 397 139
- Select the lacpdu sending mode as active 139
- Switch config end 139
- Switch config lacp system priority 2 139
- Switch config show lacp sys id 139
- Switch configure 139
- Switch copy running config startup config 139
- The following example shows how to add ports 1 0 1 4 to lag 6 set the mode as lacp and 139
- The following example shows how to specify the system priority of the switch as 2 139
- Configuration example 141
- Configuration scheme 141
- Network requirements 141
- Using the gui 142
- Using the cli 143
- Verify the configuration 144
- Appendix default parameters 145
- Default settings of switching are listed in the following tables 145
- Monitoring traffic 146
- Traffic monitor 147
- Using the gui 147
- Viewing the traffic summary 147
- Click lags to show the information of the lags 148
- Follow these steps to view the traffic statistics in detail 148
- In the traffic summary section click 1 to show the information of the physical ports and 148
- Refresh at the bottom of the page 148
- To get the real time traffic statistics enable auto refresh in the auto refresh section or click 148
- Traffic statistics to load the following page 148
- Viewing the traffic statistics in detail 148
- In port select select a port or lag and click apply 149
- In the statistics section view the detailed information of the selected port or lag 149
- On privileged exec mode or any other configuration mode you can use the following command 150
- To view the traffic information of each port or lag 150
- Using the cli 150
- Appendix default parameters 151
- Chapters 152
- Managing mac address table 152
- Part 6 152
- Mac address table 153
- Overview 153
- Part 6 153
- Supported features 153
- Security configurations 154
- Adding static mac address entries 155
- Address configurations 155
- Using the gui 155
- Binding dynamic address entries 156
- Dynamic address to load the following page 157
- Follow these steps to modify the aging time of dynamic address entries 157
- In the aging config section enable auto aging and enter your desired length of time 157
- Modifying the aging time of dynamic address entries 157
- Adding mac filtering address entries 158
- Viewing address table entries 158
- Adding static mac address entries 159
- Address table to load the following page 159
- Follow these steps to add static mac address entries 159
- Using the cli 159
- Modifying the aging time of dynamic address entries 160
- Adding mac filtering address entries 161
- Aging time is 500 sec 161
- Follow these steps to add mac filtering address entries 161
- Remains in the mac address table for 500 seconds after the entry is used or updated 161
- Switch config end 161
- Switch config mac address table aging time 500 161
- Switch config show mac address table aging time 161
- Switch configure 161
- Switch copy running config startup config 161
- The following example shows how to modify the aging time to 500 seconds a dynamic entry 161
- Configuring mac notification traps 163
- Security configurations 163
- Using the gui 163
- Configure snmp and set a management host for detailed snmp configurations please refer 164
- Follow these steps to configure mac notification traps 164
- In the mac notification global config section enable this feature configure the relevant 164
- In the mac notification port config section select your desired port and enable its 164
- Learned and new mac learned click apply 164
- Limiting the number of mac addresses in vlans 164
- Mac vlan security to load the following page 164
- Notification traps you can enable these three types learned mode change exceed max 164
- Options and click apply 164
- To managing snmp rmon 164
- Choose the mode that the switch adopts when the maximum number of mac addresses in 165
- Click create 165
- Configuring mac notification traps 165
- Enter the vlan id to limit the number of mac addresses that can be learned in the specified 165
- Enter your desired value in max learned mac to set a threshold 165
- Follow these steps to configure mac notification traps 165
- Follow these steps to limit the number of mac addresses in vlans 165
- The specified vlan is exceeded 165
- Using the cli 165
- Enable snmp and set a management host for detailed snmp configurations please refer to 166
- Interval time as 10 seconds after you have further configured snmp the switch will bundle 166
- Managing snmp rmon 166
- Notifications of new addresses in every 10 seconds and send to the management host 166
- Now you have configured mac notification traps to receive notifications you need to further 166
- Switch configure 166
- The following example shows how to enable new mac learned trap on port 1 and set the 166
- Follow these steps to limit the number of mac addresses in vlans 167
- Gi1 0 1 disable disable enable 167
- Limiting the number of mac addresses in vlans 167
- Mac notification global config 167
- Notification global status enable 167
- Notification interval 10 167
- Port lrnmode change exceed max limit new mac learned 167
- Switch config if end 167
- Switch config if mac address table notification new mac learned enable 167
- Switch config if show mac address table notification interface gigabitethernet 1 0 1 167
- Switch config interface gigabitethernet 1 0 1 167
- Switch config mac address table notification global status enable 167
- Switch config mac address table notification interval 10 167
- Switch copy running config startup config 167
- Table full notification status disable 167
- Configuration scheme 169
- Example for security configurations 169
- Network requirements 169
- Using the gui 170
- Using the cli 171
- Verify the configurations 171
- Appendix default parameters 172
- Default settings of the mac address table are listed in the following tables 172
- Chapters 173
- Configuring 802 q vlan 173
- Part 7 173
- Overview 174
- Configuring the pvid of the port 175
- Q vlan configuration 175
- Using the gui 175
- Based on the network topology 176
- Configuring the vlan 176
- Enter a vlan id and a description for identification to create a vlan 176
- Follow these steps to configure vlan 176
- Select the untagged port s and the tagged port s respectively to add to the created vlan 176
- Vlan config and click create to load the following 176
- Click apply 177
- Creating a vlan 177
- Follow these steps to create a vlan 177
- Switch config vlan 2 177
- Switch config vlan name rd 177
- Switch config vlan show vlan id 2 177
- Switch configure 177
- The following example shows how to create vlan 2 and name it as rd 177
- Using the cli 177
- Will forward untagged packets in the target vlan 177
- Configuring the pvid of the port 178
- Follow these steps to configure the port 178
- Link type general 178
- Member in lag n a 178
- Member in vlan 178
- Port gi1 0 5 178
- Pvid 2 178
- Rd active 178
- Switch config if show interface switchport gigabitethernet 1 0 5 178
- Switch config if switchport pvid 2 178
- Switch config interface gigabitethernet 1 0 5 178
- Switch config vlan end 178
- Switch configure 178
- Switch copy running config startup config 178
- The following example shows how to configure the pvid of port 1 0 5 as vlan 2 178
- Vlan name status ports 178
- Adding the port to the specified vlan 179
- Follow these steps to add the port to the specified vlan 179
- Port gi1 0 5 179
- Pvid 2 179
- Switch config if end 179
- Switch config if show interface switchport gigabitethernet 1 0 5 179
- Switch config if switchport general allowed vlan 2 tagged 179
- Switch config interface gigabitethernet 1 0 5 179
- Switch configure 179
- Switch copy running config startup config 179
- System vlan untagged 179
- Tagged 179
- The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as 179
- Vlan name egress rule 179
- Configuration example 181
- Configuration scheme 181
- Network requirements 181
- As an example 182
- Demonstrated with t1600g 52ts the following sections provide configuration procedure in two 182
- Different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 182
- Following page create vlan 10 with the description of department a add port 1 0 2 as an 182
- Network topology 182
- Respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 182
- Respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 182
- The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 182
- The figure below shows the network topology host a1 and host a2 are used in department a 182
- Untagged port and port 1 0 4 as a tagged port to vlan 10 then click apply 182
- Using the gui 182
- Vlan config and click create to load the 182
- Ways using the gui and using the cli 182
- While host b1 and host b2 are used in department b switch 1 and switch 2 are located in two 182
- Using the cli 184
- Verify the configurations 185
- Appendix default parameters 186
- Default settings of 802 q vlan are listed in the following table 186
- Chapters 187
- Configuring mac vlan 187
- Part 8 187
- Access ports change 188
- B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access 188
- Being used in to meet this requirement simply bind the mac addresses of the laptops to the 188
- Corresponding vlans respectively in this way the mac address rather than the access port 188
- Determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 188
- Device may access the switch via different ports for example a terminal device that accessed the 188
- Devices in this way terminal devices always belong to their original vlans even when their 188
- Free the user from such a problem it divides vlans based on the mac addresses of terminal 188
- Networks that require frequent topology changes with the popularity of mobile office a terminal 188
- Overview 188
- Ptops department a uses server a and laptop a while department b uses server b and laptop 188
- Server a and laptop b can only access server b no matter which meeting room the laptops are 188
- Switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different 188
- The figure below shows a common application scenario of mac vlan 188
- Two departments share all the meeting rooms in the company but use different servers and 188
- Vlan is generally divided by ports this way of division is simple but isn t suitable for those 188
- Vlans the user has to re configure the switch to access the original vlan using mac vlan can 188
- Configuring 802 q vlan 189
- Mac vlan configuration 189
- Using the gui 189
- Binding the mac address to the vlan 190
- By default mac vlan is disabled on all ports you need to enable mac vlan for your desired 190
- Click create to create the mac vlan 190
- Enabling mac vlan for the port 190
- Enter the mac address of the device give it a description and enter the vlan id to bind it to 190
- Follow these steps to bind the mac address to the vlan 190
- Mac vlan to load the following page 190
- Ports manually 190
- The vlan 190
- Before configuring mac vlan create an 802 q vlan and set the port type according to network 191
- Binding the mac address to the vlan 191
- Configuring 802 q vlan 191
- Follow these steps to bind the mac address to the vlan 191
- Follow these steps to enable mac vlan for the port 191
- Port enable to load the following page 191
- Requirements for details refer to configuring 802 q vlan 191
- Select your desired ports to enable mac vlan and click apply 191
- Using the cli 191
- 19 56 8a 4c 71 dept a 10 192
- Enabling mac vlan for the port 192
- Follow these steps to enable mac vlan for the port 192
- Mac addr name vlan id 192
- Switch config end 192
- Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 192
- Switch config show mac vlan vlan 10 192
- Switch configure 192
- Switch copy running config startup config 192
- The address description as dept a 192
- The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with 192
- Access only the server in the vlan it joins no matter which meeting room the laptops are being 194
- Addresses of the laptops to the corresponding vlans respectively in this way each laptop can 194
- B server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access 194
- Being used in the figure below shows the network topology 194
- Configuration example 194
- Configuration scheme 194
- Create vlan 10 and vlan 20 on each of the three switches set different port types and add 194
- Laptops department a uses server a and laptop a while department b uses server b and laptop 194
- Network requirements 194
- Server a and laptop b can only access server b no matter which meeting room the laptops are 194
- The ports to the vlans based on the network topology note for the ports connecting the 194
- Two departments share all the meeting rooms in the company but use different servers and 194
- Used in the overview of the configuration is as follows 194
- You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac 194
- Configurations for switch 1 and switch 2 195
- Using the gui 195
- Configurations for switch 3 197
- Configurations for switch 1 and switch 2 198
- Using the cli 198
- Configurations for switch 3 199
- Switch 1 200
- Switch 2 200
- Verify the configurations 200
- Switch 3 201
- Appendix default parameters 202
- Default settings of mac vlan are listed in the following table 202
- Chapters 203
- Configuring protocol vlan 203
- Part 9 203
- Configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 204
- Network based on specific applications and services of network users 204
- Networks respectively 204
- Overview 204
- Packets of different protocols to the corresponding vlans since different applications and 204
- Protocol vlan is a technology that divides vlans based on the network layer protocol with the 204
- Protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze 204
- Services use different protocols network administrators can use protocol vlan to manage the 204
- Special fields of received packets encapsulate the packets in specific formats and forward the 204
- The figure below shows a common application scenario of protocol vlan with protocol vlan 204
- Configuring 802 q vlan 205
- Protocol vlan configuration 205
- Using the gui 205
- Configuring protocol vlan 206
- Creating protocol template 206
- Configuring 802 q vlan 207
- Creating a protocol template 207
- Using the cli 207
- Arp ethernetii ether type 0806 208
- At snap ether type 809b 208
- Configuring protocol vlan 208
- Follow these steps to configure protocol vlan 208
- Index protocol name protocol type 208
- Ip ethernetii ether type 0800 208
- Ipv6 ethernetii ether type 86dd 208
- Ipx snap ether type 8137 208
- Rarp ethernetii ether type 8035 208
- Switch config end 208
- Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 208
- Switch config show protocol vlan template 208
- Switch configure 208
- Switch copy running config startup config 208
- The following example shows how to create an ipv6 protocol template 208
- Arp ethernetii ether type 0806 209
- At snap ether type 809b 209
- Index protocol name protocol type 209
- Ip ethernetii ether type 0800 209
- Ipx snap ether type 8137 209
- Rarp ethernetii ether type 8035 209
- Switch config show protocol vlan template 209
- Switch configure 209
- The following example shows how to bind the ipv6 protocol template to vlan 10 209
- A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 211
- Belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to 211
- Configuration example 211
- Configuration scheme 211
- Ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 211
- Network requirements 211
- Network respectively via different routers it is required that ipv4 packets are forwarded to the 211
- Port receives packets switch 2 will forward them to the corresponding vlans according to their 211
- Protocol types the overview of the configuration on switch 2 is as follows 211
- The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host 211
- Two routers to access the ipv4 network and ipv6 network respectively the routers belong to 211
- Vlan 10 and vlan 20 respectively 211
- You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this 211
- Configurations for switch 1 212
- Using the gui 212
- Configurations for switch 2 214
- Configurations for switch 1 217
- Using the cli 217
- Configurations for switch 2 218
- Switch 1 219
- Verify the configurations 219
- Switch 2 220
- Appendix default parameters 221
- Default settings of protocol vlan are listed in the following table 221
- Chapters 222
- Configuring spanning tree 222
- Part 10 222
- Basic concepts 223
- Overview 223
- Spanning tree 223
- Stp rstp concepts 223
- Bridge id 224
- Port role 224
- Root bridge 224
- Port status 225
- Path cost 226
- Root path cost 226
- A lot of information like bridge id root path cost port priority and so on switches share these 227
- An mst region consists of multiple interconnected switches the switches that have the following 227
- Bpdu to the downstream switch with the updated root path cost the value of the accumulated 227
- Characteristics are considered as in the same region 227
- Information to help determine the tree topology 227
- Mst region 227
- Mstp compatible with stp and rstp has the same basic elements used in stp and rstp based 227
- Mstp concepts 227
- On the networking topology this section will introduce some concepts only exist in mstp 227
- Receives this bpdu it increments the path cost of its local incoming port then it forwards this 227
- Root path cost increases as the bpdu propagates further 227
- The packets used to generate the spanning tree the bpdus bridge protocol data unit contain 227
- Mst instance 228
- Vlan instance mapping 228
- Stp security 229
- Configuring stp rstp parameters on ports 231
- Stp rstp configurations 231
- Using the gui 231
- Click apply 233
- Configuring stp rstp globally 233
- Stp config to load the following page 233
- Follow these steps to configure stp rstp globally 234
- In the global config section enable spanning tree function choose the stp mode as stp 234
- In the parameters config section configure the global parameters of stp rstp and click 234
- Rstp and click apply 234
- Stp summary to load the following page 235
- The stp summary section shows the summary information of spanning tree 235
- Verify the stp rstp information of your switch after all the configurations are finished 235
- Verifying the stp rstp configurations 235
- Configuring stp rstp parameters on ports 236
- Follow these steps to configure stp rstp parameters on ports 236
- Using the cli 236
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 237
- Interface state prio ext cost int cost edge p2p mode role status 237
- Switch config if end 237
- Switch config if show spanning tree interface gigabitethernet 1 0 3 237
- Switch config if spanning tree 237
- Switch config if spanning tree common config port priority 32 237
- Switch config interface gigabitethernet 1 0 3 237
- Switch configure 237
- Switch copy running config startup config 237
- The following example shows how to enable spanning tree function on port 1 0 3 and configure 237
- The port priority as 32 237
- Configuring global stp rstp parameters 238
- Follow these steps to configure global stp rstp parameters of the switch 238
- Seconds 238
- This example shows how to configure the priority of the switch as 36864 the forward delay as 12 238
- Enable rstp 36864 2 12 20 5 20 239
- Enabling stp rstp globally 239
- Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree 239
- Function globally 239
- Rstp and verify the configurations 239
- State mode priority hello time fwd time max age hold count max hops 239
- Switch config end 239
- Switch config show spanning tree bridge 239
- Switch config spanning tree 239
- Switch config spanning tree mode rstp 239
- Switch config spanning tree priority 36864 239
- Switch config spanning tree timer forward time 12 239
- Switch configure 239
- Switch copy running config startup config 239
- This example shows how to enable spanning tree function configure the spanning tree mode as 239
- Configuring parameters on ports in cist 241
- Mstp configurations 241
- Using the gui 241
- Besides configure the priority of the switch the priority and path cost of ports in the desired 243
- Click apply 243
- Configure the region name revision level vlan instance mapping of the switch the switches 243
- Configuring the mstp region 243
- Configuring the region name and revision level 243
- Considered as in the same region 243
- Instance 243
- Region config to load the following page 243
- With the same region name the same revision level and the same vlan instance mapping are 243
- Configuring the vlan instance mapping and switch priority 244
- And click apply 245
- In the instance config section configure the priority of the switch in the desired instance 245
- Configuring parameters on ports in the instance 246
- Follow these steps to configure port parameters in the instance 246
- In the instance id select section select the desired instance id for its port configuration 246
- In the instance port config section configure port parameters in the desired instance 246
- Instance port config to load the following 246
- Configuring mstp globally 248
- Follow these steps to configure mstp globally 248
- In the parameters config section configure the global parameters of mstp and click apply 248
- Stp config to load the following page 248
- In the global config section enable spanning tree function and choose the stp mode as 249
- Mstp and click apply 249
- Stp summary to load the following page 250
- The stp summary section shows the summary information of cist 250
- Verifying the mstp configurations 250
- Configuring parameters on ports in cist 251
- Follow these steps to configure the parameters of the port in cist 251
- The mstp summary section shows the information in mst instances 251
- Using the cli 251
- Mst instance 0 cist 252
- Priority as 32 252
- Switch config if show spanning tree interface gigabitethernet 1 0 3 252
- Switch config if spanning tree 252
- Switch config if spanning tree common config port priority 32 252
- Switch config interface gigabitethernet 1 0 3 252
- Switch configure 252
- This example shows how to enable spanning tree function for port 1 0 3 and configure the port 252
- Configuring the mst region 253
- Configuring the mstp region 253
- Follow these steps to configure the mst region and the priority of the switch in the instance 253
- Gi1 0 3 144 200 n a lnkdwn 253
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 253
- Interface prio cost role status 253
- Interface state prio ext cost int cost edge p2p mode role status 253
- Mst instance 5 253
- Switch config if end 253
- Switch copy running config startup config 253
- Configuring the parameters on ports in instance 254
- Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 255
- Instance 5 255
- Interface state prio ext cost int cost edge p2p mode role status 255
- Mst instance 0 cist 255
- Mst instance 5 255
- Switch config if show spanning tree interface gigabitethernet 1 0 3 255
- Switch config if spanning tree mst instance 5 port priority 144 cost 200 255
- Switch config interface gigabitethernet 1 0 3 255
- Switch configure 255
- This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in 255
- Configuring global mstp parameters 256
- Follow these steps to configure the global mstp parameters of the switch 256
- Gi1 0 3 144 200 n a lnkdwn 256
- Interface prio cost role status 256
- Switch config if end 256
- Switch copy running config startup config 256
- Enable mstp 36864 2 12 20 8 25 257
- Enabling spanning tree globally 257
- Follow these steps to configure the spanning tree mode as mstp and enable spanning tree 257
- Function globally 257
- State mode priority hello time fwd time max age hold count max hops 257
- Switch config if end 257
- Switch config if show spanning tree bridge 257
- Switch config if spanning tree hold count 8 257
- Switch config if spanning tree max hops 25 257
- Switch config if spanning tree timer forward time 12 257
- Switch config spanning tree priority 36864 257
- Switch configure 257
- Switch copy running config startup config 257
- The hold count as 8 and the max hop as 25 257
- This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds 257
- Address 00 0a eb 13 23 97 258
- Designated bridge 258
- External cost 200000 258
- Function globally 258
- Latest topology change time 2006 01 04 10 47 42 258
- Mst instance 0 cist 258
- Priority 32768 258
- Root bridge 258
- Root port gi 0 20 258
- Spanning tree is enabled 258
- Spanning tree s mode mstp 802 s multiple spanning tree protocol 258
- Switch config show spanning tree active 258
- Switch config spanning tree 258
- Switch config spanning tree mode mstp 258
- Switch configure 258
- This example shows how to configure the spanning tree mode as mstp and enable spanning tree 258
- Configuring the stp security 260
- Stp security configurations 260
- Using the gui 260
- Configure the port protect features for the selected ports and click apply 261
- Field the switch will not remove mac address entries in the tc protect cycle 261
- Optional configuring the threshold and cycle of tc protect 261
- The number of the received tc bpdus exceeds the maximum number you set in the tc threshold 261
- When you enable tc protect function on ports set the tc threshold and tc protect cycle here if 261
- Configure the parameters of tc protect feature and click apply 262
- Configuring the stp security 262
- Featur 262
- Feature for ports 262
- Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter 262
- Tc protect to load the following page 262
- Using the cli 262
- Configuring the tc protect 263
- Follow these steps to configure tc protect feature for ports 263
- Functions on port 1 0 3 263
- Gi1 0 3 enable enable enable enable disable 263
- Interface bpdu filter bpdu guard loop protect root protect tc protect 263
- Switch config if end 263
- Switch config if spanning tree bpdufilter 263
- Switch config if spanning tree bpduguard 263
- Switch config if spanning tree guard loop 263
- Switch config if spanning tree guard root 263
- Switch config if spanning tree interface security gigabitethernet 1 0 3 263
- Switch config interface gigabitethernet 1 0 3 263
- Switch configure 263
- Switch copy running config startup config 263
- This example shows how to enable loop protect root protect bpdu filter and bpdu protect 263
- And the tc protect cycle is 8 264
- Gi1 0 3 enable enable enable enable enable 264
- Interface bpdu filter bpdu guard loop protect root protect tc protect 264
- Switch config if end 264
- Switch config if spanning tree guard tc 264
- Switch config if spanning tree interface security gigabitethernet 1 0 3 264
- Switch config interface gigabitethernet 1 0 3 264
- Switch config spanning tree tc defend threshold 25 period 8 264
- Switch configure 264
- Switch copy running config startup config 264
- This example shows how to enable the tc protect function on port 1 0 3 with the tc threshold is 264
- As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is 265
- Balancing thus providing a more flexible method in network management here we take the 265
- Configuration example for mstp 265
- Configuration scheme 265
- Cost of the port is 200000 265
- Here we configure two instances to meet the requirement as is shown below 265
- Instance 265
- It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be 265
- Map the vlans to different instances to ensure traffic can be transmitted along the respective 265
- Mstp backwards compatible with stp and rstp can map vlans to instances to enable load 265
- Mstp configuration as an example 265
- Network requirements 265
- To meet this requirement you are suggested to configure mstp function on the switches 265
- Transmitted along different paths 265
- Transmitted in this network the link speed between the switches is 100mb s the default path 265
- 0 1 of switch a to be greater than the default path cost 200000 for instance 2 set the 266
- And the revision level as 100 map vlan 101 vlan 103 to instance 1 and vlan 104 vlan 266
- Configure switch a switch b and switch c in the same region configure the region name as 266
- Configure the path cost to block the specified ports for instance 1 set the path cost of port 266
- Configure the priority of switch b as 0 to set is as the root bridge in instance 1 configure the 266
- Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways 266
- Enable mstp function in all the switches 266
- Enable the spanning tree function on the ports in each switch 266
- Path cost of port 1 0 2 of switch b to be greater than the default path cost 200000 266
- Priority of switch c as 0 to set is as the root bridge in instance 2 266
- The overview of configuration is as follows 266
- To instance 2 266
- Using the gui and using the cli 266
- Configurations for switch a 267
- Using the gui 267
- Instance config to load the following 268
- Page map vlan101 vlan103 to instance 1 map vlan104 vlan106 to instance 2 268
- Following page set the path cost of port 1 0 1 in instance 1 as 400000 269
- Instance port config to load the 269
- Configurations for switch b 270
- Instance config to load the following 272
- Page configure the priority of switch b as 0 to set it as the root bridge in instance 1 272
- Following page set the path cost of port 1 0 2 in instance 2 as 400000 273
- Instance port config to load the 273
- Configurations for switch c 274
- Configurations for switch a 277
- Using the cli 277
- Configurations for switch b 278
- Configurations for switch c 279
- Switch a 279
- Verify the configurations 279
- Switch b 281
- Switch c 282
- Appendix default parameters 284
- Default settings of the spanning tree feature are listed in the following table 284
- Chapters 286
- Managing layer 2 multicast 286
- Part 11 286
- Layer 2 multicast 287
- Overview 287
- And maintain layer 2 multicast forwarding table 288
- Configuration guide 266 288
- Demand on data link layer by analyzing igmp packets between layer 3 devices and users to build 288
- Demonstrated as below 288
- Figure 1 1 igmp snooping 288
- Forwarding table 288
- Igmp packets between layer 3 devices and users to build and maintain layer 2 multicast 288
- Layer 2 multicast protocol for ipv4 igmp snooping 288
- Layer 2 multicast protocol for ipv6 mld snooping 288
- Managing layer 2 multicast layer 2 multicast 288
- On the layer 2 device igmp snooping transmits data on demand on data link layer by analyzing 288
- On the layer 2 device mld snooping multicast listener discovery snooping transmits data on 288
- Supported layer 2 multicast protocols 288
- Configuring igmp snooping globally 289
- Igmp snooping configurations 289
- Using the gui 289
- Click apply 290
- Configure unknown multicast as forward or discard 290
- Configuring router port time and member port time 290
- Enable or disable report message suppression globally 290
- Enabling report message suppression can reduce the number of packets in the network 290
- Follow these steps to configure report message suppression 290
- Follow these steps to configure the aging time of the router ports and the member ports 290
- Follow these steps to configure unknown multicast 290
- For switches that support mld snooping igmp snooping and mld snooping share the setting 290
- Optional configuring report message suppression 290
- Snooping config page at the same time 290
- Specify the aging time of the member ports 290
- Specify the aging time of the router ports 290
- Are sent and no report message is received the switch will delete the multicast address from the 291
- Click apply 291
- Configure the last listener query interval and last listener query count when the switch 291
- Configuring igmp snooping last listener query 291
- Follow these steps to configure last listener query interval and last listener query count in the 291
- Global config section 291
- Igmp snooping status table displays vlans and ports with igmp snooping enabled 291
- Multicast forwarding table 291
- Receives an igmp leave message if specified count of multicast address specific queries masqs 291
- Specify the interval between masqs 291
- Specify the number of masqs to be sent 291
- Verifying igmp snooping status 291
- Configuring the port s basic igmp snooping features 292
- Enabling igmp snooping on the port 292
- Optional configuring fast leave 292
- Configuring igmp snooping globally in the vlan 293
- Configuring igmp snooping in the vlan 293
- And reduces network load of layer 3 devices 294
- Click create 294
- Configure the forbidden router ports in the designate vlan 294
- Configure the router ports in the designate vlan 294
- Configuring the multicast vlan 294
- Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device 294
- Follow these steps to configure static router ports in the designate vlan 294
- Follow these steps to forbid the selected ports to be the router ports in the designate vlan 294
- In old multicast transmission mode when users in different vlans apply for data from the same 294
- Layer 2 devices 294
- Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the 294
- Optional configuring the forbidden router ports in the vlan 294
- Optional configuring the static router ports in the vlan 294
- Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth 294
- With multicast vlan configured all multicast group members will be added to a vlan layer 3 294
- Configuring 802 q vlan 295
- Creating multicast vlan and configuring basic settings 295
- Enable multicast vlan configure the specific vlan to be the multicast vlan and configure 295
- In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic 295
- Multicast vlan to load the following page 295
- Set up the vlan that the router ports and the member ports are in for details please refer to 295
- Settings 295
- The router port time and member port time 295
- Click apply 296
- Configure the new multicast source ip 296
- Configure the router ports in the designate vlan 296
- Configure the router ports in the multicast vlan 296
- Follow these steps to configure static router ports in the multicast vlan 296
- Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 296
- Members in the multicast vlan section follow these steps to configure replace source ip 296
- Optional configuring the forbidden router ports 296
- Optional configuring the static router ports 296
- Optional creating replace source ip 296
- This function allows you to use a new ip instead of the source ip to send data to multicast group 296
- This table displays all the dynamic router ports in the multicast vlan 296
- Viewing dynamic router ports in the multicast vlan 296
- Click apply 297
- Configuring the querier 297
- Follow these steps to configure the querier 297
- Following page 297
- Igmp snooping querier sends general query packets regularly to maintain the multicast 297
- Optional configuring the querier 297
- Querier config to load the 297
- Specify a vlan and configure the querier on this vlan 297
- Click add 298
- Configuring igmp profile 298
- Create a profile and configure its filtering mode 298
- Creating profile 298
- Follow these steps to create a profile and configure its filtering mode 298
- Profile config to load 298
- The following page 298
- The igmp snooping querier table displays all the related settings of the igmp querier 298
- Viewing settings of igmp querier 298
- With igmp profile the switch can define a blacklist or whitelist of multicast addresses so as to 298
- You can edit the settings in the igmp snooping querier table 298
- Click create 299
- Click edit in the igmp profile info table edit its ip range and click add to save the settings 299
- Editing ip range of the profile 299
- Enter the search condition in the search option field to search the profile in the igmp profile info 299
- Follow these steps to edit profile mode and its ip range 299
- Searching profile 299
- Binding profile and member ports 300
- Click apply 301
- Configuring max groups a port can join 301
- Follow these steps to configure the maximum groups a port can join and overflow action 301
- Packet statistic to load the following page 301
- Select a port to configure its max group and overflow action 301
- Viewing igmp statistics on each port 301
- Click apply 302
- Configuring auto refresh 302
- Enable or disable auto refresh 302
- Enabling igmp accounting and authentication 302
- Follow these steps to configure auto refresh 302
- Igmp authentication to load the following 302
- The igmp statistics table displays all kinds of igmp statistics of all the ports 302
- Viewing igmp statistics 302
- Configuring igmp accounting globally 303
- Configuring igmp authentication on the port 303
- Click apply 304
- Configuring static member port 304
- Enter the multicast ip and vlan id specify the static member port 304
- Follow these steps to configure static member port 304
- Follow these steps to enable igmp authentication on the port 304
- Following page 304
- Specify the ports and enable igmp authentication 304
- Static ipv4 multicast table to load the 304
- This function allows you to specify a port as a static member port in the multicast group 304
- Click create 305
- Enabling igmp snooping globally 305
- Enabling igmp snooping on the port 305
- Search option 305
- Static multicast ip table displays details of all igmp static multicast groups 305
- Using the cli 305
- Viewing igmp static multicast groups 305
- You can search igmp static multicast entries by using multicast ip vlan id or forward port as the 305
- Configuring igmp snooping parameters globally 306
- Configuring report message suppression 306
- Configuring unknown multicast 307
- Enable port 307
- Enable vlan 307
- Global authentication accounting disable 307
- Global member age time 260 307
- Global report suppression enable 307
- Global router age time 300 307
- Igmp snooping enable 307
- Last query interval 1 307
- Last query times 2 307
- Switch config if end 307
- Switch config ip igmp snooping 307
- Switch config ip igmp snooping report suppression 307
- Switch config show ip igmp snooping 307
- Switch configure 307
- Switch copy running config startup config 307
- The following example shows how to enable report message suppression 307
- Unknown multicast pass 307
- Configuring igmp snooping parameters on the port 309
- Configuring router port time and member port time 309
- Enable port 309
- Enable vlan 309
- Global authentication accounting disable 309
- Global member age time 200 309
- Global report suppression disable 309
- Global router age time 200 309
- Igmp snooping enable 309
- Last query interval 1 309
- Last query times 2 309
- Switch config ip igmp snooping 309
- Switch config ip igmp snooping mtime 200 309
- Switch config ip igmp snooping rtime 200 309
- Switch config show ip igmp snooping 309
- Switch configure 309
- The following example shows how to configure the global router port time and member port 309
- Time as 200 seconds 309
- Unknown multicast pass 309
- Configuring fast leave 310
- Gi1 0 3 enable enable 310
- Port igmp snooping fast leave 310
- Switch config if end 310
- Switch config if ip igmp snooping 310
- Switch config if ip igmp snooping immediate leave 310
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 basic config 310
- Switch config interface gigabiteternet 1 0 3 310
- Switch config ip igmp snooping 310
- Switch configure 310
- Switch copy running config startup config 310
- The following example shows how to enable fast leave on port 1 0 3 310
- Configuring max group and overflow action on the port 311
- Drop on port 1 0 3 311
- Gi1 0 3 500 drop 311
- Port max groups overflow action 311
- Switch config if end 311
- Switch config if ip igmp snooping 311
- Switch config if ip igmp snooping max groups 500 311
- Switch config if ip igmp snooping max groups action drop 311
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 max groups 311
- Switch config interface gigabiteternet 1 0 3 311
- Switch config ip igmp snooping 311
- Switch configure 311
- The following example shows how to configure the max group as 500 and the overflow action as 311
- Configuring igmp snooping last listener query 312
- Enable port 312
- Global authentication accounting disable 312
- Global member age time 260 312
- Global report suppression disable 312
- Global router age time 300 312
- Igmp snooping enable 312
- Last query interval 5 312
- Last query times 5 312
- Listener query interval as 5 seconds 312
- Switch config ip igmp snooping 312
- Switch config ip igmp snooping last listener query count 5 312
- Switch config ip igmp snooping last listener query interval 5 312
- Switch config show ip igmp snooping 312
- Switch configure 312
- Switch copy running config startup config 312
- The following example shows how to configure the last listener query count as 5 and the last 312
- Unknown multicast pass 312
- Configuring igmp snooping parameters in the vlan 313
- Configuring router port time and member port time 313
- Dynamic router port none 313
- Enable vlan 313
- Forbidden router port none 313
- Member time 400 313
- Router time 500 313
- Static router port none 313
- Switch config end 313
- Switch config ip igmp snooping 313
- Switch config ip igmp snooping vlan config 2 3 mtime 400 313
- Switch config ip igmp snooping vlan config 2 3 rtime 500 313
- Switch config show ip igmp snooping vlan 2 313
- Switch configure 313
- Switch copy running config startup config 313
- The following example shows how to enable igmp snooping in vlan 2 and vlan 3 configure 313
- The router port time as 500 seconds and the member port time as 400 seconds 313
- Vlan id 2 313
- As the static router port 314
- Configuring static router port 314
- Dynamic router port none 314
- Forbidden router port none 314
- Member time 0 314
- Member time 400 314
- Router time 0 314
- Router time 500 314
- Static router port gi1 0 2 314
- Static router port none 314
- Switch config end 314
- Switch config ip igmp snooping 314
- Switch config ip igmp snooping vlan config 2 rport interface gigabitethernet 1 0 2 314
- Switch config show ip igmp snooping vlan 2 314
- Switch config show ip igmp snooping vlan 3 314
- Switch configure 314
- Switch copy running config startup config 314
- The following example shows how to enable igmp snooping in vlan 2 and configure port 1 0 2 314
- Vlan id 2 314
- Vlan id 3 314
- Configuring forbidden router port 315
- Dynamic router port none 315
- Forbidden router port gi1 0 4 6 315
- Forbidden router port none 315
- From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 315
- Gigabitethernet 1 0 4 6 315
- Member time 0 315
- Router time 0 315
- Static router port none 315
- Switch config end 315
- Switch config ip igmp snooping 315
- Switch config ip igmp snooping vlan config 2 router ports forbidd interface 315
- Switch config show ip igmp snooping vlan 2 315
- Switch configure 315
- Switch copy running config startup config 315
- The following example shows how to enable igmp snooping in vlan 2 and forbid port 1 0 4 6 315
- Vlan id 2 315
- 0 9 10 316
- 2 2 static gi1 0 9 10 316
- Configuring igmp snooping parameters in the multicast vlan 316
- Configuring router port time and member port time 316
- Configuring static multicast multicast ip and forward port 316
- Multicast ip vlan id addr type switch port 316
- Port 1 0 9 10 as the forward ports 316
- Switch config end 316
- Switch config ip igmp snooping 316
- Switch config ip igmp snooping vlan config 2 static 226 interface gigabitethernet 316
- Switch config show ip igmp snooping groups static 316
- Switch configure 316
- Switch copy running config startup config 316
- The following example shows how to configure 226 as the static multicast ip and specify 316
- Dynamic router port none 317
- Forbidden router port none 317
- Member time 400 317
- Multicast vlan enable 317
- Replace source ip 0 317
- Router time 500 317
- Static router port none 317
- Switch config end 317
- Switch config ip igmp snooping 317
- Switch config ip igmp snooping multi vlan config 5 mtime 400 317
- Switch config ip igmp snooping multi vlan config 5 rtime 500 317
- Switch config show ip igmp snooping multi vlan config 317
- Switch configure 317
- Switch copy running config startup config 317
- The following example shows how to configure vlan 5 as the multicast vlan set the router port 317
- Time as 500 seconds and the member port time as 400 seconds 317
- Vlan id 5 317
- As the static router port 318
- Configuring static router port 318
- Dynamic router port none 318
- Forbidden router port none 318
- Member time 260 318
- Multicast vlan enable 318
- Replace source ip 0 318
- Router time 300 318
- Static router port gi1 0 5 318
- Switch config end 318
- Switch config ip igmp snooping 318
- Switch config ip igmp snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 318
- Switch config show ip igmp snooping multi vlan config 318
- Switch configure 318
- Switch copy running config startup config 318
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 318
- Vlan id 5 318
- As the forbidden router port 319
- Configuring forbidden router port 319
- Dynamic router port none 319
- Forbidden router port gi1 0 6 319
- Gigabitethernet 1 0 6 319
- Member time 260 319
- Multicast vlan enable 319
- Replace source ip 0 319
- Router time 300 319
- Static router port none 319
- Switch config end 319
- Switch config ip igmp snooping 319
- Switch config ip igmp snooping multi vlan config 5 router ports forbidd interface 319
- Switch config show ip igmp snooping multi vlan config 319
- Switch configure 319
- Switch copy running config startup config 319
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 319
- Vlan id 5 319
- Configuring replace source ip 320
- Dynamic router port none 320
- Forbidden router port none 320
- Member time 260 320
- Multicast vlan enable 320
- Replace source ip 192 68 320
- Router time 300 320
- Source ip in the igmp packets sent by the switch with 192 68 320
- Static router port none 320
- Switch config end 320
- Switch config ip igmp snooping 320
- Switch config ip igmp snooping multi vlan config 5 replace sourceip 192 68 320
- Switch config show ip igmp snooping multi vlan config 320
- Switch configure 320
- Switch copy running config startup config 320
- The following example shows how to configure vlan 5 as the multicast vlan and replace the 320
- Vlan id 5 320
- Configuring query interval max response time and general query source ip 321
- Configuring the querier 321
- Enabling igmp querier 321
- General query source ip 192 68 321
- Maximum response time 10 321
- Query interval 60 321
- Switch config end 321
- Switch config ip igmp snooping 321
- Switch config ip igmp snooping querier vlan 4 321
- Switch config show ip igmp snooping querier 321
- Switch configure 321
- Switch copy running config startup config 321
- The following example shows how to enable igmp snooping and igmp querier in vlan 4 321
- Vlan 4 321
- General query source ip 192 68 322
- Maximum response time 20 322
- Query interval 100 322
- Source ip as 192 68 322
- Switch config end 322
- Switch config ip igmp snooping 322
- Switch config ip igmp snooping querier vlan 4 general query source ip 192 68 322
- Switch config ip igmp snooping querier vlan 4 max response time 20 322
- Switch config ip igmp snooping querier vlan 4 query interval 100 322
- Switch config show ip igmp snooping querier 322
- Switch configure 322
- Switch copy running config startup config 322
- The following example shows how to enable igmp snooping and igmp querier in vlan 4 set 322
- The query interval as 100 seconds the max response time as 20 seconds and the general query 322
- Vlan 4 322
- Configuring multicast filtering 323
- Creating profile 323
- Igmp profile 1 323
- Range 226 226 0 323
- Sent to 226 226 0 323
- Switch config igmp profile deny 323
- Switch config igmp profile range 226 226 0 323
- Switch config igmp profile show ip igmp profile 323
- Switch config ip igmp profile 1 323
- Switch config ip igmp snooping 323
- Switch configure 323
- The following example shows how to configure profile 1 so that the switch filters multicast data 323
- Binding profile to the port 324
- Igmp profile 1 324
- Multicast data sent to 226 226 0 324
- Range 226 226 0 324
- Switch config end 324
- Switch config if ip igmp filter 1 324
- Switch config if ip igmp snooping 324
- Switch config if show ip igmp profile 324
- Switch config igmp profile deny 324
- Switch config igmp profile exit 324
- Switch config igmp profile range 226 226 0 324
- Switch config interface gigabitethernet 1 0 2 324
- Switch config ip igmp profile 1 324
- Switch config ip igmp snooping 324
- Switch configure 324
- Switch copy running config startup config 324
- The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters 324
- Binding port s 325
- Enabling igmp accounting and authentication 325
- Enabling igmp authentication on the port 325
- Gi1 0 2 325
- Gi1 0 2 enable 325
- Port igmp authentication 325
- Switch config end 325
- Switch config if ip igmp snooping 325
- Switch config if ip igmp snooping authentication 325
- Switch config if show ip igmp snooping interface gigabitethernet 1 0 2 authentication 325
- Switch config interface gigabitethernet 1 0 2 325
- Switch config ip igmp snooping 325
- Switch configure 325
- Switch copy running config startup config 325
- The following example shows how to enable igmp authentication on port 1 0 2 325
- Enabling igmp accounting globally 326
- Switch copy running config startup config 326
- Configuring mld snooping 327
- Configuring mld snooping globally 327
- Using the gui 327
- Click apply 328
- Configure unknown multicast as forward or discard 328
- Configuring router port time and member port time 328
- Enable or disable report message suppression globally 328
- Enabling report message suppression can reduce the number of packets in the network 328
- Follow these steps to configure report message suppression 328
- Follow these steps to configure the aging time of the router ports and the member ports 328
- Follow these steps to configure unknown multicast 328
- Igmp snooping and mld snooping share the setting of unknown multicast so you have to 328
- Optional configuring report message suppression 328
- Snooping config page at 328
- Specify the aging time of the member ports 328
- Specify the aging time of the router ports 328
- The same time 328
- Are sent and no report message is received the switch will delete the multicast address from the 329
- Click apply 329
- Configure the last listener query interval and last listener query count when the switch 329
- Configuring mld snooping last listener query 329
- Follow these steps to configure last listener query interval and last listener query count in the 329
- Global config section 329
- Mld snooping status table displays vlans and ports with mld snooping enabled 329
- Multicast forwarding table 329
- Receives an mld leave message if specified count of multicast address specific queries masqs 329
- Specify the interval between masqs 329
- Specify the number of masqs to be sent 329
- Verifying mld snooping status 329
- Configuring the port s basic mld snooping features 330
- Enabling mld snooping on the port 330
- Optional configuring fast leave 330
- Configuring mld snooping globally in the vlan 331
- Configuring mld snooping in the vlan 331
- And reduces network load of layer 3 devices 332
- Click create 332
- Configure the forbidden router ports in the designate vlan 332
- Configure the router ports in the designate vlan 332
- Configuring the multicast vlan 332
- Device only need to send one piece of multicast data to a layer 2 device and the layer 2 device 332
- Follow these steps to configure static router ports in the designate vlan 332
- Follow these steps to forbid the selected ports to be the router ports in the designate vlan 332
- In old multicast transmission mode when users in different vlans apply for data from the same 332
- Layer 2 devices 332
- Multicast group the layer 3 device will duplicate this multicast data and deliver copies to the 332
- Optional configuring the forbidden router ports in the vlan 332
- Optional configuring the static router ports in the vlan 332
- Will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth 332
- With multicast vlan configured all multicast group members will be added to a vlan layer 3 332
- Configuring 802 q vlan 333
- Creating multicast vlan and configuring basic settings 333
- Enable multicast vlan configure the specific vlan to be the multicast vlan and configure 333
- In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic 333
- Multicast vlan to load the following page 333
- Set up the vlan that the router ports and the member ports are in for details please refer to 333
- Settings 333
- The router port time and member port time 333
- Click apply 334
- Configure the new multicast source ip 334
- Configure the router ports in the designate vlan 334
- Configure the router ports in the multicast vlan 334
- Follow these steps to configure static router ports in the multicast vlan 334
- Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 334
- Members in the multicast vlan section follow these steps to configure replace source ip 334
- Optional configuring the forbidden router ports 334
- Optional configuring the static router ports 334
- Optional creating replace source ip 334
- This function allows you to use a new ip instead of the source ip to send data to multicast group 334
- This table displays all the dynamic router ports in the multicast vlan 334
- Viewing dynamic router ports in the multicast vlan 334
- Click apply 335
- Configuring the querier 335
- Follow these steps to configure the querier 335
- Following page 335
- Mld snooping querier sends general query packets regularly to maintain the multicast 335
- Optional configuring the querier 335
- Querier config to load the 335
- Specify a vlan and configure the querier on this vlan 335
- Click add 336
- Configuring mld profile 336
- Create a profile and configure its filtering mode 336
- Creating profile 336
- Follow these steps to create a profile and configure its filtering mode 336
- Following page 336
- Profile config to load the 336
- The mld snooping querier table displays all the related settings of the mld querier 336
- Viewing settings of mld querier 336
- With mld profile the switch can define a blacklist or whitelist of multicast addresses so as to filter 336
- You can edit the settings in the mld snooping querier table 336
- Binding profile and member ports 337
- Editing ip range of the profile 337
- Searching profile 337
- Binding profile and member ports 338
- Click apply 338
- Configuring max groups a port can join 338
- Follow these steps to bind the profile to the port 338
- Follow these steps to configure the maximum groups a port can join and overflow action 338
- Select a port to configure its max group and overflow action 338
- Select the port to be bound and enter the profile id in the profile id column 338
- Click apply 339
- Configuring auto refresh 339
- Enable or disable auto refresh 339
- Follow these steps to configure auto refresh 339
- Packet statistic to load the following page 339
- Viewing mld statistics on each port 339
- Click apply 340
- Configuring static member port 340
- Enter the multicast ip and vlan id specify the static member port 340
- Follow these steps to configure static member port 340
- Following page 340
- Static ipv4 multicast table to load the 340
- The mld statistics table displays all kinds of mld statistics of all the ports 340
- This function allows you to specify a port as a static member port in the multicast group 340
- Viewing mld statistics 340
- Click create 341
- Enabling mld snooping globally 341
- Enabling mld snooping on the port 341
- Search option 341
- Static multicast ip table displays details of all mld static multicast groups 341
- Using the cli 341
- Viewing mld static multicast groups 341
- You can search mld static multicast entries by using multicast ip vlan id or forward port as the 341
- Configuring mld snooping parameters globally 342
- Configuring report message suppression 342
- Configuring unknown multicast 343
- Enable port 343
- Enable vlan 343
- Global member age time 260 343
- Global report suppression enable 343
- Global router age time 300 343
- Last query interval 1 343
- Last query times 2 343
- Mld snooping enable 343
- Switch config end 343
- Switch config ipv6 mld snooping 343
- Switch config ipv6 mld snooping report suppression 343
- Switch config show ipv6 mld snooping 343
- Switch configure 343
- Switch copy running config startup config 343
- The following example shows how to enable report message suppression 343
- Unknown multicast pass 343
- Configuring mld snooping parameters on the port 344
- Configuring router port time and member port time 344
- Configuring fast leave 346
- Configuring max group and overflow action on the port 346
- Gi1 0 3 enable enable 346
- Port mld snooping fast leave 346
- Switch config if end 346
- Switch config if ipv6 mld snooping 346
- Switch config if ipv6 mld snooping immediate leave 346
- Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 basic config 346
- Switch config interface gigabiteternet 1 0 3 346
- Switch config ipv6 mld snooping 346
- Switch configure 346
- Switch copy running config startup config 346
- The following example shows how to enable fast leave on port 1 0 3 346
- Drop on port 1 0 3 347
- Gi1 0 3 500 drop 347
- Port max groups overflow action 347
- Switch config if end 347
- Switch config if ipv6 mld snooping 347
- Switch config if ipv6 mld snooping max groups 500 347
- Switch config if ipv6 mld snooping max groups action drop 347
- Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 max groups 347
- Switch config interface gigabiteternet 1 0 3 347
- Switch config ipv6 mld snooping 347
- Switch configure 347
- Switch copy running config startup config 347
- The following example shows how to configure the max group as 500 and the overflow action as 347
- Configuring mld snooping last listener query 348
- Enable port 348
- Enable vlan 348
- Global member age time 260 348
- Global report suppression disable 348
- Global router age time 300 348
- Last query interval 5 348
- Last query times 5 348
- Mld snooping enable 348
- Switch config end 348
- Switch config ipv6 mld snooping 348
- Switch config ipv6 mld snooping last listener query count 5 348
- Switch config ipv6 mld snooping last listener query interval 5 348
- Switch config show ipv6 mld snooping 348
- Switch configure 348
- Switch copy running config startup config 348
- The following example shows how to configure the last listener query count as 5 and the last 348
- Unknown multicast pass 348
- Configuring mld snooping parameters in the vlan 349
- Configuring router port time and member port time 349
- Dynamic router port none 349
- Forbidden router port none 349
- Member time 400 349
- Router port time as 500 seconds and the member port time as 400 seconds 349
- Router time 500 349
- Static router port none 349
- Switch config ipv6 mld snooping 349
- Switch config ipv6 mld snooping vlan config 2 3 mtime 400 349
- Switch config ipv6 mld snooping vlan config 2 3 rtime 500 349
- Switch config show ipv6 mld snooping vlan 2 349
- Switch config show ipv6 mld snooping vlan 3 349
- Switch configure 349
- The following example shows how to enable mld snooping in vlan 2 and vlan 3 configure the 349
- Vlan id 2 349
- Vlan id 3 349
- As the static router port 350
- Configuring static router port 350
- Dynamic router port none 350
- Forbidden router port none 350
- Member time 0 350
- Member time 400 350
- Router time 0 350
- Static router port gi1 0 2 350
- Static router port none 350
- Switch config end 350
- Switch config ipv6 mld snooping 350
- Switch config ipv6 mld snooping vlan config 2 rport interface gigabitethernet 1 0 2 350
- Switch config show ipv6 mld snooping vlan 2 350
- Switch configure 350
- Switch copy running config startup config 350
- The following example shows how to enable mld snooping in vlan 2 and configure port 1 0 2 350
- Vlan id 2 350
- Configuring forbidden router port 351
- Dynamic router port none 351
- Forbidden router port gi1 0 4 6 351
- From becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 351
- Gigabitethernet 1 0 4 6 351
- Member time 0 351
- Router time 0 351
- Static router port none 351
- Switch config 351
- Switch config end 351
- Switch config ipv6 mld snooping 351
- Switch config ipv6 mld snooping vlan config 2 router ports forbidden interface 351
- Switch config show ipv6 mld snooping vlan 2 351
- Switch copy running config startup config 351
- The following example shows how to enable mld snooping in vlan 2 and forbid port 1 0 4 6 351
- Vlan id 2 351
- Configuring mld snooping parameters in the multicast vlan 352
- Configuring router port time and member port time 352
- Configuring static multicast multicast ip and forward port 352
- Ff01 1234 02 2 static gi1 0 9 10 352
- Gigabitethernet 1 0 9 10 352
- Multicast ip vlan id addr type switch port 352
- Port 1 0 9 10 as the forward ports 352
- Switch config end 352
- Switch config ipv6 mld snooping 352
- Switch config ipv6 mld snooping vlan config 2 static ff01 1234 02 interface 352
- Switch config show ipv6 mld snooping groups static 352
- Switch configure 352
- Switch copy running config startup config 352
- The following example shows how to configure ff01 1234 02 as the static multicast ip and specify 352
- Dynamic router port none 353
- Forbidden router port none 353
- Member time 400 353
- Multicast vlan enable 353
- Replace source ip 353
- Router time 500 353
- Static router port none 353
- Switch config end 353
- Switch config ipv6 mld snooping 353
- Switch config ipv6 mld snooping multi vlan config 5 mtime 400 353
- Switch config ipv6 mld snooping multi vlan config 5 rtime 500 353
- Switch config show ipv6 mld snooping multi vlan 353
- Switch configure 353
- Switch copy running config startup config 353
- The following example shows how to configure vlan 5 as the multicast vlan set the router port 353
- Time as 500 seconds and the member port time as 400 seconds 353
- Vlan id 5 353
- As the static router port 354
- Configuring static router port 354
- Dynamic router port none 354
- Forbidden router port none 354
- Member time 260 354
- Multicast vlan enable 354
- Replace source ip 354
- Router time 300 354
- Static router port gi1 0 5 354
- Switch config end 354
- Switch config ipv6 mld snooping 354
- Switch config ipv6 mld snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 354
- Switch config show ipv6 mld snooping multi vlan 354
- Switch configure 354
- Switch copy running config startup config 354
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 354
- Vlan id 5 354
- As the forbidden router port 355
- Configuring forbidden router port 355
- Dynamic router port none 355
- Forbidden router port gi1 0 6 355
- Gigabitethernet 1 0 6 355
- Member time 260 355
- Multicast vlan enable 355
- Replace source ip 355
- Router time 300 355
- Static router port none 355
- Switch config end 355
- Switch config ipv6 mld snooping 355
- Switch config ipv6 mld snooping multi vlan config 5 router ports forbidden interface 355
- Switch config show ipv6 mld snooping multi vlan 355
- Switch configure 355
- Switch copy running config startup config 355
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 355
- Vlan id 5 355
- Configuring replace source ip 356
- Dynamic router port none 356
- Fe80 02ff ffff fe00 0001 356
- Forbidden router port none 356
- Member time 260 356
- Multicast vlan enable 356
- Replace source ip fe80 2ff ffff fe00 1 356
- Router time 300 356
- Source ip in the mld packets sent by the switch with fe80 02ff ffff fe00 0001 356
- Static router port none 356
- Switch config end 356
- Switch config ipv6 mld snooping 356
- Switch config ipv6 mld snooping multi vlan config 5 replace sourceip 356
- Switch config show ipv6 mld snooping multi vlan 356
- Switch configure 356
- Switch copy running config startup config 356
- The following example shows how to configure vlan 5 as the multicast vlan and replace the 356
- Vlan id 5 356
- Configuring query interval max response time and general query source ip 357
- Configuring the querier 357
- Enabling mld querier 357
- General query source ip fe80 2ff ffff fe00 1 357
- Maximum response time 10 357
- Query interval 60 357
- Switch config end 357
- Switch config ipv6 mld snooping 357
- Switch config ipv6 mld snooping querier vlan 4 357
- Switch config show ipv6 mld snooping querier 357
- Switch configure 357
- Switch copy running config startup config 357
- The following example shows how to enable mld snooping and mld querier in vlan 4 357
- Vlan 4 357
- General query source ip fe80 2ff ffff fe00 1 358
- Maximum response time 20 358
- Query interval 100 358
- Source ip as fe80 2ff ffff fe00 1 358
- Switch config end 358
- Switch config ipv6 mld snooping 358
- Switch config ipv6 mld snooping querier vlan 4 general query source ip fe80 2ff ffff fe00 1 358
- Switch config ipv6 mld snooping querier vlan 4 max response time 20 358
- Switch config ipv6 mld snooping querier vlan 4 query interval 100 358
- Switch config show ipv6 mld snooping querier 358
- Switch configure 358
- Switch copy running config startup config 358
- The following example shows how to enable mld snooping and mld querier in vlan 4 set 358
- The query interval as 100 seconds the max response time as 20 seconds and the general query 358
- Vlan 4 358
- Configuring multicast filtering 359
- Creating profile 359
- Mld profile 1 359
- Range ff01 1234 5 ff01 1234 8 359
- Sent to ff01 1234 5 ff01 1234 8 359
- Switch config ipv6 mld profile 1 359
- Switch config ipv6 mld snooping 359
- Switch config mld profile deny 359
- Switch config mld profile range ff01 1234 5 ff01 1234 8 359
- Switch config mld profile show ipv6 mld profile 359
- Switch configure 359
- The following example shows how to configure profile 1 so that the switch filters multicast data 359
- Binding profile to the port 360
- Mld profile 1 360
- Multicast data sent to ff01 1234 5 ff01 1234 8 360
- Range ff01 1234 5 ff01 1234 8 360
- Switch config end 360
- Switch config if ipv6 mld filter 1 360
- Switch config if ipv6 mld snooping 360
- Switch config if show ipv6 mld profile 360
- Switch config interface gigabitethernet 1 0 2 360
- Switch config ipv6 mld profile 1 360
- Switch config ipv6 mld snooping 360
- Switch config mld profile deny 360
- Switch config mld profile exit 360
- Switch config mld profile range ff01 1234 5 ff01 1234 8 360
- Switch configure 360
- Switch copy running config startup config 360
- The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters 360
- Using the gui 362
- Viewing ipv4 multicast snooping configurations 362
- Viewing ipv6 multicast snooping configurations 362
- Viewing multicast snooping configurations 362
- Using the cli 363
- Viewing ipv4 multicast snooping configurations 363
- Viewing ipv6 multicast snooping configurations 364
- Configuration examples 365
- Configuration scheme 365
- Example for configuring basic igmp snooping 365
- Network requirements 365
- Using the gui 366
- Port config to load the following page configure 368
- The pvid of port 1 0 1 4 as 10 368
- Using the cli 369
- Configuration file 370
- Verify the configurations 371
- Configuration scheme 372
- Example for configuring multicast vlan 372
- Network requirements 372
- Network topology 372
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 373
- Internet 373
- Using the gui and using the cli 373
- Using the gui 374
- Using the cli 376
- Configuration file 377
- Verify the configurations 378
- Example for configuring unknown multicast and fast leave 379
- Network requirement 379
- 0 2 and enable unknown multicast globally to change channel host b sends a leave message 380
- About leaving the previous channel the switch will then drop multicast data from the previous 380
- After the channel is changed the client host b still receives irrelevant multicast data the data 380
- Channel and all unknown multicast data which ensures that host b only receives multicast data 380
- Configuration scheme 380
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 380
- From the new channel and that the multicast network is unimpeded 380
- From the previous channel and possibly other unknown multicast data which increases the 380
- Internet 380
- Multicast and fast leave 380
- Network load and results in network congestion the solution to this problem is using unknown 380
- To avoid host b from receiving irrelevant multicast data the user can enable fast leave on port 380
- Using the gui and using the cli 380
- Page enable igmp snooping globally and configure unknown multicast as discard 381
- Snooping config to load the following 381
- Using the gui 381
- Enable igmp snooping on port 1 0 2 and port 1 0 4 and enable fast leave on port 1 0 2 382
- Port config to load the following page 382
- Using the cli 383
- Configuration file 384
- Verify the configurations 384
- Configuration scheme 385
- Example for configuring multicast filtering 385
- Network requirements 385
- Network topology 385
- Demonstrated with t1600g 52ts this section provides configuration procedures in two ways 386
- Internet 386
- Using the gui and using the cli 386
- Using the gui 387
- Port config to load the following page configure 389
- The pvid of port 1 0 1 4 as 10 389
- Using the cli 393
- Configuration file 395
- Verify the configurations 396
- Appendix default parameters 398
- Default parameters for igmp snooping 398
- Default parameters for mld snooping 399
- Chapters 401
- Managing logical interfaces 401
- Part 12 401
- Devices interfaces are classified into physical interfaces and logical interfaces 402
- Interfaces and routing interfaces 402
- Interfaces are shown as below 402
- Interfaces of a device are used to exchange data and interact with interfaces of other network 402
- Logical interfaces are manually configured and do not physically exist such as loopback 402
- Overview 402
- Physical interfaces are the ports on the front panel or rear panel of the switch 402
- This chapter introduces the configurations for logical interfaces the supported types of logical 402
- Creating a layer 3 interface 403
- Logical interfaces configurations 403
- Using the gui 403
- Configuring ipv4 parameters of the interface 404
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 404
- In the interface list section you can view the corresponding interface entry you create 404
- In the modify interface section specify an interface id and configure relevant parameters for 404
- Section on the corresponding interface entry click edit to load the following page and configure 404
- The interface according to your actual needs then click apply 404
- The ipv4 parameters of the interface 404
- Configure the ipv6 parameters of the interface 405
- Configuring ipv6 parameters of the interface 405
- Create 405
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 405
- In the secondary ip create section configure the secondary ip for the specified interface 405
- In the secondary ip list section you can view the corresponding secondary ip entry you 405
- Section on the corresponding interface entry click edit ipv6 to load the following page and 405
- Which allows you to have two logical subnets using one physical subnet then click create 405
- Configure the ipv6 link local address of the interface manually or automatically in the link 406
- Enable ipv6 function on the interface of switch in the general config section then click 406
- Local address config section then click apply 406
- Configure one or more ipv6 global addresses of the interface via following three ways 407
- Manually 407
- Via dhcpv6 server 407
- Via ra message 407
- View the global address entry in the global address table 407
- Creating a layer 3 interface 408
- Follow these steps to create a layer 3 interface you can create a vlan interface a loopback 408
- In figure 2 1 you can view the corresponding interface entry you create in the interface list 408
- Interface a routed port or a port channel interface according to your needs 408
- Section on the corresponding interface entry click detail to load the following page and view 408
- The detail information of the interface 408
- Using the cli 408
- Viewing detail information of the interface 408
- Switch config if description vlan 2 409
- Switch config if end 409
- Switch config interface vlan 2 409
- Switch configure 409
- Switch copy running config startup config 409
- The following example shows how to create a vlan interface with a description of vlan 2 409
- Configuring ipv4 parameters of the interface 410
- Follow these steps to configure the ipv4 parameters of the interface 410
- Setting a static ip address for the port and enabling the layer 3 capabilities 410
- Switch config if ip address 192 68 00 255 55 55 410
- Switch config if no switchport 410
- Switch config if show interface configuration gigabitethernet 1 0 1 410
- Switch config interface gigabitethernet 1 0 1 410
- Switch configure 410
- The following example shows how to configure the ipv4 parameters of a routed port including 410
- Configuring ipv6 parameters of the interface 411
- Follow these steps to configure the ipv6 parameters of the interface 411
- Gi1 0 1 192 68 00 24 static up up no 411
- Interface ip address method status protocol shutdown 411
- Switch config if end 411
- Switch config if show ip interface brief 411
- Switch copy running config startup config 411
- Global address dhcpv6 enable 412
- Global address ra disable 412
- Global unicast address es ff02 1 ff13 237b 412
- Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 412
- Of a vlan interface 412
- Switch config if ipv6 address autoconfig 412
- Switch config if ipv6 address dhcp 412
- Switch config if ipv6 enable 412
- Switch config if show ipv6 interface 412
- Switch config interface vlan 2 412
- Switch configure 412
- The following example shows how to enable the ipv6 function and configure the ipv6 parameters 412
- Vlan2 is up line protocol is up 412
- Appendix default parameters 414
- Default settings of interface are listed in the following tables 414
- Chapters 415
- Configuring static routing 415
- Part 13 415
- Overview 416
- An ipv4 static route then click create 417
- Entries 417
- In the ipv4 static route table section you can view and modify the ipv4 static routing 417
- In the ipv4 static routing config section configure the corresponding parameters to add 417
- Ipv4 static routing config to load the following 417
- Ipv4 static routing configuration 417
- Using the gui 417
- As 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 418
- C 192 68 24 is directly connected vlan1 418
- Candidate default 418
- Codes c connected s static 418
- Follow these steps to create an ipv4 static route 418
- S 192 68 24 1 0 via 192 68 vlan1 418
- Switch config end 418
- Switch config ip route 192 68 255 55 55 192 68 418
- Switch config show ip route 418
- Switch configure 418
- Switch copy running config startup config 418
- The following example shows how to create an ipv4 static route with the destination ip address 418
- Using the cli 418
- Ipv6 static routing configuration 419
- Using the gui 419
- As 3200 64 and the next hop address as 3100 1234 420
- C 3000 64 is directly connected vlan1 420
- Candidate default 420
- Codes c connected s static 420
- Follow these steps to enable ipv6 routing function and create an ipv6 static route 420
- S 3200 64 1 0 via 3100 1234 vlan2 420
- Switch config end 420
- Switch config ipv6 route 3200 64 3100 1234 420
- Switch config show ipv6 route static 420
- Switch configure 420
- The following example shows how to create an ipv6 static route with the destination ip address 420
- Using the cli 420
- Switch copy running config startup config 421
- Using the gui 422
- Viewing ipv4 routing table 422
- Viewing ipv6 routing table 422
- Viewing routing table 422
- On privileged exec mode or any other configuration mode you can use the following command 423
- To view ipv4 routing table 423
- To view ipv6 routing table 423
- Using the cli 423
- View the ipv6 routes in the ipv6 routing information summary section 423
- Viewing ipv4 routing table 423
- Viewing ipv6 routing table 423
- A as an example 424
- As shown below host a and host b are on different network segments to meet business needs 424
- Configuration scheme 424
- Create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as 424
- Demonstrated with t1600g 52ts the following sections provide configuration procedure in two 424
- Ensure stable connectivity 424
- Example for static routing 424
- Host a and host b need establish a connection without using dynamic routing protocols to 424
- Interface config to load the following page 424
- Network requirements 424
- Switch b so that hosts on different network segments can communicate with each other 424
- The configurations of switch a and switch b are similar the following introductions take switch 424
- The default gateway of host b as 10 24 and configure ipv4 static routes on switch a and 424
- To implement this requirement you can configure the default gateway of host a as 10 24 424
- Using the gui 424
- Ways using the gui and using the cli 424
- Using the cli 425
- Configuration file 426
- Switch a 427
- Verify the configurations 427
- Connectivity between switch a and switch b 428
- Switch b 428
- Appendix default parameter 429
- Default setting of static routing is listed in the following table 429
- Dhcp relay configuration 4 appendix default parameters 431
- Overview 431
- Overview 3 configuration example 431
- Part 14 431
- Dhcp relay configuration 432
- Enabling dhcp relay and configuring option 82 432
- Using the gui 432
- And then enter the server address of the interface 433
- Click apply 433
- Click create to specify the dhcp server for the interface 433
- Dhcp server to load the following page 433
- Follow these steps to specify dhcp server for the interface 433
- In the add dhcp server address section select the interface type and enter the interface id 433
- Specifying dhcp server for the interface 433
- Configuring option 82 434
- Dhcp relay is enabled 434
- Enabling dhcp relay 434
- Follow these steps to configure option 82 434
- Follow these steps to enable dhcp relay 434
- Switch config end 434
- Switch config service dhcp relay 434
- Switch config show ip dhcp relay 434
- Switch configure 434
- Switch copy running config startup config 434
- The following example shows how to enable dhcp relay 434
- Using the cli 434
- Dhcp relay option 82 is enabled 435
- Existed option 82 field operation keep 435
- Information as keep 435
- Switch config end 435
- Switch config ip dhcp relay information 435
- Switch config ip dhcp relay information policy keep 435
- Switch config show ip dhcp relay 435
- Switch configure 435
- Switch copy running config startup config 435
- The following example shows how to enable option 82 and configure the process of option 82 435
- Follow these steps to specify dhcp server for the interface 436
- Specifying dhcp server for the interface 436
- Switch config if ip helper address 192 68 436
- Switch config interface vlan 66 436
- Switch configure 436
- The following example shows how to configure the dhcp server address as 192 68 on vlan 436
- A company wants to assign ip addresses to all computers in two departments and there is only 438
- Add all computers in the r d department to vlan 20 for details refer to configuring 802 q 438
- Before dhcp relay configurations create two dhcp server pools on the dhcp server one is 438
- Belong to vlan 10 which is connected to the switch via port 1 0 8 the interface address of vlan 438
- Configuration example 438
- Configuration scheme 438
- Configure 802 q vlan add all computers in the marketing department to vlan 10 and 438
- Connected to the dhcp relay switch via port 1 0 5 and its ip address is 192 68 9 24 438
- Dhcp clients 438
- Enables dhcp clients from different subnets to share one dhcp server 438
- In the given situation the dhcp relay feature can satisfy the requirement because dhcp relay 438
- Is 192 68 24 computers in the r d department belong to vlan 20 which is connected to 438
- Network requirements 438
- On 192 68 24 and the other is on 192 68 24 make sure the dhcp server can reach all 438
- One dhcp server available it is required that computers in the same department should be on 438
- The network topology is as the following figure shows computers in the marketing department 438
- The overview of the configurations are as follows 438
- The same subnet while computers in different departments should be on different subnets 438
- The switch via port 1 0 16 the interface address of vlan 20 is 192 68 24 the dhcp server is 438
- Using the gui 439
- Using the cli 440
- Verify the configurations 440
- Appendix default parameters 441
- Default settings of dhcp relay are listed in the following table 441
- Arp address resolution protocol is used to map ip addresses to mac addresses taking an 443
- Association in an arp entry for rapid retrieval 443
- Ip address as input arp learns the associated mac address and stores the ip mac address 443
- Overview 443
- Adding static arp entries manually 444
- Arp configurations 444
- Using the gui 444
- Viewing the arp entries 444
- Adding static arp entries 445
- Configuring arp function 445
- Follow these steps to add arp entries 445
- Follow these steps to add static arp entries 445
- In the arp config section enter the ip address and mac address and click create 445
- Static arp to load the following page 445
- Using the cli 445
- 11 22 33 44 55 446
- Configuring the aging time of dynamic arp entries 446
- Follow these steps to configure the aging time of dynamic arp entries 446
- Interface address hardware addr type 446
- Switch config arp 192 68 00 11 22 33 44 55 arpa 446
- Switch config end 446
- Switch config show arp 192 68 446
- Switch configure 446
- Switch copy running config startup config 446
- This example shows how to create a static arp entry with the ip as 192 68 and the mac as 446
- Vlan1 192 68 00 11 22 33 44 55 static 446
- Clearing dynamic entries 447
- Switch config if arp timeout 1000 447
- Switch config if end 447
- Switch config interface vlan 2 447
- Switch configure 447
- Switch copy running config startup config 447
- This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for 447
- Vlan interface 2 447
- On privileged exec mode or any other configuration mode you can use the following command to view arp entries 448
- Viewing arp entries 448
- Chapters 449
- Configuring qos 449
- Part 16 449
- Bandwidth control 450
- Diffserv 450
- Overview 450
- Supported features 450
- Configuration guidelines 451
- Diffserv configuration 451
- Configure the tag id cos id tc mapping relations 452
- Configuring 802 p priority 452
- Configuring priority mode 452
- Follow these steps to configure the 802 p priority 452
- P priority to load the following page 452
- The instructions of the three priority modes are described respectively in this section 452
- Using the gui 452
- 2p priority 453
- Click apply 453
- Configure the dscp tc mapping relations 453
- Configuring dscp priority 453
- Dscp priority to load the following page 453
- Enable dscp priority and click apply dscp priority is disabled by default 453
- Follow these steps to configure the dscp priority 453
- 2p priority 454
- Click apply 454
- Configuring port priority 454
- Follow these steps to configure the port priority 454
- Port priority to load the following page 454
- Select the desired port or lag to set its priority 454
- Click apply 455
- Configure the schedule mode to control the forwarding sequence of different tc queues when 455
- Configuring schedule mode 455
- Congestion occurs 455
- Follow these steps to configure the schedule mode 455
- Schedule mode to load the following page 455
- Select a schedule mode 455
- Click apply 456
- Configuring 802 priority 456
- Configuring priority mode 456
- Optional configure the weight value of the each tc queue if the schedule mode is wrr of 456
- Sp wrr 456
- The instructions of the three priority modes are described respectively in this section 456
- Using cli 456
- Configuring dscp priority 457
- Dscp priority is disabled 457
- P priority is enabled 457
- Switch config end 457
- Switch config qos queue cos map 2 0 457
- Switch config show qos cos map 457
- Switch config show qos status 457
- Switch configure 457
- Switch copy running config startup config 457
- Tag 0 1 2 3 4 5 6 7 457
- Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 457
- The following example shows how to map cos2 to tc0 and keep other cos id tc as default 457
- Relations as default 458
- Switch config qos queue dscp map 10 14 0 458
- Switch config show qos cos map 458
- Switch configure 458
- Tag 0 1 2 3 4 5 6 7 458
- Tc tc1 tc0 tc2 tc3 tc4 tc5 tc6 tc7 458
- The following example shows how to map dscp values 10 14 to tc1 and keep other mapping 458
- Configuring port priority 459
- Cos cos1 cos1 cos0 cos0 cos0 cos0 cos0 cos1 459
- Dscp 8 9 10 11 12 13 14 15 459
- Dscp priority is enabled 459
- P priority is disabled 459
- Queue based on port priority 459
- Select the desired port to set the priority packets from this ingress port are mapped to the tc 459
- Switch config end 459
- Switch config show qos dscp map 459
- Switch config show qos status 459
- Switch copy running config startup config 459
- Configuring schedule mode 461
- Different tc queues when congestion occurs 461
- Follow these steps to configure the schedule mode to control the forwarding sequence of 461
- Bandwidth control configuration 463
- Configuring rate limit 463
- Using the gui 463
- Click apply 464
- Configuring storm control 464
- Follow these steps to configure the storm control function 464
- Multicast packets and ul frames 464
- Select the port s and configure the upper rate limit for forwarding broadcast packets 464
- Storm control to load the following page 464
- Click apply 465
- Configure the upper rate limit for the port to receive and send packets 465
- Configuring rate limit on port 465
- Using the cli 465
- And unknown unicast frames 466
- Configure the upper rate limit on the port for forwarding broadcast packets multicast packets 466
- Configuring storm control 466
- Gi1 0 5 5120 1024 n a 466
- Kbps for port 1 0 5 466
- Port ingressrate kbps egressrate kbps lag 466
- Switch config if bandwidth ingress 5120 egress 1024 466
- Switch config if end 466
- Switch config if show bandwidth interface gigabitethernet 1 0 5 466
- Switch config interface gigabitethernet 1 0 5 466
- Switch configure 466
- Switch copy running config startup config 466
- The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 466
- Configuration examples 469
- Configuration scheme 469
- Example for configuring sp mode 469
- Network requirements 469
- Using the gui 470
- Using the cli 471
- Configuration files 472
- Verify the configuration 472
- Both rd department and marketing department can access the local network server configure 473
- Example for configuring wrr mode 473
- Network requirements 473
- Scheduler mode sp weight unusable in sp mode 473
- Switch a marketing department is connected to port 1 0 2 of switch a the server is connected 473
- Switch b is a layer 3 switch with acl redirect feature rd department is connected to port 1 0 1 of 473
- Switch config show qos queue mode 473
- The network topology is shown as the following figure switch a is an access layer switch and 473
- The switches to ensure the traffic from the two departments are forwarded based on the weight 473
- To port 1 0 2 of switch b and port 1 0 3 of switch a is connected to port 1 0 1 of switch b 473
- Value ratio of 2 1 when congestion occurs 473
- Verify the schedule mode 473
- Configuration scheme 474
- Configurations for switch a demonstrated with t1600g 52ts 474
- Using the gui 474
- Configurations for switch b demonstrated with t3700g 28tq 476
- Configurations for switch a demonstrated with t1600g 52ts 482
- Using the cli 482
- Configurations for for switch b demonstrated with t3700g 28tq 483
- Configuration file 485
- Switch a 485
- Switch b 485
- Switch a 487
- Switch b 487
- Verify the configuration 487
- Appendix default parameters 489
- Diffserv 489
- Disabled see table 5 4 for dscp cos id mapping relations 489
- Enabled see table 5 3 for tag id cos id tc mapping relations 489
- Bandwidth control 490
- Chapters 491
- Configuring voice vlan 491
- Part 17 491
- Overview 492
- Because the voice vlan in automatic mode supports only tagged voice traffic you need to 494
- Before configuring voice vlan you need to create a vlan for voice traffic for details about 494
- Configuration guidelines 494
- Configure voice vlan globally 494
- Configure voice vlan mode on ports 494
- Create a vlan 494
- Id and the link type of the port which is connected to voice devices we recommend that 494
- Make sure traffic from the voice device is tagged to do so there are mainly two ways 494
- Only one vlan can be set as the voice vlan on the switch 494
- Optional configure oui addresses 494
- To apply the voice vlan configuration you may need to further configure pvid port vlan 494
- To complete the voice vlan configuration follow these steps 494
- Vlan 1 is a default vlan and cannot be configured as the voice vlan 494
- Vlan configuration please refer to configuring 802 q vlan 494
- Voice vlan configuration 494
- You can configure the voice device to forward traffic with a voice vlan tag 494
- You choose the mode according to your needs and configure the port as the following table 494
- Optional configuring oui addresses 495
- Using the gui 495
- Click apply 496
- Click create to add an oui address to the table 496
- Configuring voice vlan globally 496
- Configuring voice vlan mode on ports 496
- Enable the voice vlan feature and enter a vlan id 496
- Follow these steps to configure the voice vlan globally 496
- Global config to load the following page 496
- Port config to load the following page 496
- Set the aging time for the voice vlan 496
- Specify a priority for the voice vlan 496
- Follow these steps to configure voice vlan mode on ports 497
- Select your desired ports and choose the port mode 497
- Click apply 498
- Follow these steps to configure the voice vlan 498
- Set the security mode for selected ports 498
- Using the cli 498
- Configuration example 502
- Configuration scheme 502
- Network requirements 502
- Network topology 502
- B ports connected to ip phones use the voice vlan for voice traffic and ports connected to 503
- Computers use the default vlan for data traffic 503
- Configurations for switch a 503
- Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways 503
- Following page create vlan 10 503
- In the meeting room computers and ip phones are connected to different ports of switch 503
- Internet 503
- Switch c 503
- Using the gui 503
- Using the gui and using the cli 503
- Vlan config and click create to load the 503
- Voice traffics from switch a and switch b are forwarded to voice gateway and internet through 503
- Following page add port 1 0 2 to the voice vlan 505
- Vlan config and edit vlan 10 to load the 505
- Configurations for switch b 507
- Configurations for switch c 509
- Configurations for switch a 510
- Using the cli 510
- Configurations for switch b 511
- Configurations for switch c 512
- Switch a 512
- Verify the configurations 512
- Switch b 513
- Switch c 513
- Appendix default parameters 514
- Default settings of voice vlan are listed in the following tables 514
- Description 514
- Chapters 515
- Configuring acl 515
- Part 18 515
- Acl binding 516
- Overview 516
- Policy binding 516
- Supported features 516
- Acl configurations 517
- Creating an acl 517
- Using the gui 517
- Configuring acl rules 518
- Configuring the mac acl rule 518
- Click apply 519
- Configure the rule s packet matching criteria 519
- Configuring the standard ip acl rule 519
- Follow these steps to create the standard ip acl rule 519
- For the matched packets 519
- Select a standard ip acl from the drop down list enter a rule id and specify the operation 519
- Standard i 519
- Standard ip acl to load the following page 519
- Tandard i 519
- Click apply 520
- Configure the rule s packet matching criteri 520
- Configure the rule s packet matching criteria 520
- Configuring the extend ip acl rule 520
- Extend ip ac 520
- Extend ip acl to load the following page 520
- Follow these steps to create the extend ip acl rule 520
- Select an extend ip acl from the drop down list enter a rule id and specify the operation for 520
- The matched packets 520
- Click apply 521
- Configuring the ipv6 acl rule 521
- Follow these steps to create the ipv6 acl rule 521
- Ipv6 acl to load the following page 521
- Select an ipv6 acl from the drop down list enter a rule id and specify the operation for the 521
- Acl rule or change the matching order if needed 522
- By default a rule configured earlier is listed before a rule configured later the switch matches a 522
- Click apply 522
- Configure the rule s packet matching criteri 522
- In the acl rule table you can view all the acls and their rules you can also delete an acl or an 522
- Process and performs the action defined in the rule 522
- Received packet with the rules in order when a packet matches a rule the device stops the match 522
- The rules in an acl are listed in ascending order of configuration time regardless of their rule ids 522
- Verifying the rule table 522
- Applying an acl to the policy 523
- Configuring policy 523
- Creating a policy 523
- Binding the acl to a port 524
- Configuring the acl binding 524
- Configuring the acl binding and policy binding 524
- Binding the acl to a vlan 525
- Binding the policy to a port 525
- Configuring the policy binding 525
- Follow these steps to bind the acl to a vlan 525
- Processed according to this policy 525
- Select the acl and enter the vlan id and click appl 525
- Vlan binding to load the following page 525
- You can bind the policy to a port or a vlan the received packets will then be matched and 525
- Binding the policy to a vlan 526
- Existing entries if needed 526
- Follow these steps to bind the policy to a port 526
- Follow these steps to bind the policy to a vlan 526
- Select the acl and enter the vlan id and clic 526
- Select the policy and the port to be bound and clic 526
- Verifying the acl binding 526
- Verifying the binding configuration 526
- Vlan binding to load the following page 526
- You can view both port binding and vlan binding entries in the table you can also delete 526
- Verifying the policy binding 527
- Addresses protocol type and so on 528
- Binding table to load the following page 528
- Configuring acl 528
- Configuring the mac acl 528
- Follow the steps to create different types of acl and configure the acl rules 528
- Using the cli 528
- You can define the rules based on source or destination ip addresses source or destination mac 528
- Configuring the standard ip acl 529
- Mac access list 50 529
- Rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 529
- Switch config mac access list 50 529
- Switch config mac acl end 529
- Switch config mac acl rule 5 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 529
- Switch config mac acl show access list 50 529
- Switch configure 529
- Switch copy running config startup config 529
- The following example shows how to create mac acl 50 and configure rule 1 to permit packets 529
- With source mac address 00 34 a2 d4 34 b5 529
- Packets with source ip address 192 68 00 530
- Rule 1 permit sip 192 68 00 smask 255 55 55 55 530
- Standard ip access list 600 530
- Switch config access list create 600 530
- Switch config end 530
- Switch config rule 1 permit sip 192 68 00 smask 255 55 55 55 530
- Switch config show access list 600 530
- Switch configure 530
- Switch copy running config startup config 530
- The following example shows how to create standard ip acl 600 and configure rule 1 to permit 530
- Configuring the extend ip acl 531
- Extended ip access list 1700 531
- Protocol 6 d port 23 531
- Switch config access list create 1700 531
- Switch config access list extended 1700 rule 7 deny sip 192 68 00 smask 255 55 55 55 531
- Switch config show access list 1700 531
- Switch configure 531
- Telnet packets with source ip192 68 00 531
- The following example shows how to create extend ip acl 1700 and configure rule7 to deny 531
- Configuring the ipv6 acl 532
- Rule 7 deny sip 192 68 00 smask 255 55 55 55 protocol 6 d port 23 532
- Switch config end 532
- Switch copy running config startup config 532
- Cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 533
- Configuring policy 533
- Follow the steps below to create a policy and configure the policy actions 533
- Ipv6 access list 3600 533
- Rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff ff ffff ffff 533
- Switch config access list create 3600 533
- Switch config access list ipv6 3600 rule 1 deny sip 533
- Switch config end 533
- Switch config show access list 3600 533
- Switch configure 533
- Switch copy running config startup config 533
- The following example shows how to create ipv6 acl 3600 and configure rule 1 to deny packets 533
- With source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 533
- Access list 600 534
- Acl binding 534
- Acl binding and policy binding 534
- Policy name rd 534
- Processed according to the acl rules 534
- Switch config access list policy action rd 600 534
- Switch config access list policy name rd 534
- Switch config action exit 534
- Switch config end 534
- Switch config show access list policy rd 534
- Switch configure 534
- Switch copy running config startup config 534
- Takes effect only after they are bound to a port or vlan 534
- The following example shows how to create policy rd and apply acl 600 to policy rd 534
- You can bind the acl to a port or a vlan the received packets will then be matched and 534
- You can select acl binding or policy binding according to your needs an acl rule and policy 534
- Policy binding 535
- 2 ingress vlan 536
- Gi1 0 2 ingress port 536
- Index acl id interface vid direction type 536
- Index policy name interface vid direction type 536
- Policy nam 536
- Port port lis 536
- Switch config if access list bind policy 1 536
- Switch config if access list bind policy 2 536
- Switch config if end 536
- Switch config if exit 536
- Switch config if show access list bind 536
- Switch config interface gigabitethernet 1 0 2 536
- Switch config interface vlan 2 536
- Switch configure 536
- Switch copy running config startup config 536
- The following example shows how to bind policy 1 to port 2 and policy 2 to vlan 2 536
- Vlan i 536
- 0 1 and the server group is connected to the switch via port 1 0 2 537
- A company s server group can provide different types of services it is required that 537
- And configuring rules for it 537
- As shown below computers in the marketing department are connected to the switch via port 537
- Configuration example for acl 537
- Configuration scheme 537
- Network requirements 537
- Network topology 537
- The marketing department can only access the server group 537
- The marketing department can only visit http and https websites on the internet 537
- To meet the requirements above you can configure packet filtering by creating an extend ip acl 537
- Binding configuration 538
- Configuring acl 538
- Using the gui 538
- Or udp 53 dns service port 540
- Policy create to load the following page configure 540
- Rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 540
- Using the cli 542
- Verify the configurations 543
- Index acl id interface vid direction type 544
- Appendix default parameters 545
- For extend ip acl 545
- For ipv6 acl 545
- For mac acl 545
- For standard ip acl 545
- Chapters 546
- Configuring network security 546
- Part 19 546
- Dhcp snooping 547
- Ip mac binding 547
- Network security 547
- Overview 547
- Supported features 547
- Arp inspection 548
- Dos defend 549
- Binding entries manually 551
- Ip mac binding configurations 551
- Using the gui 551
- And the connected port number of the host you can bind these entries conveniently 552
- Arp scanning 552
- Arp scanning to load the following 552
- Binding entries dynamically 552
- Click bind 552
- Select protect type for the entry 552
- Select the port that is connected to this host 552
- The binding entries can be dynamically learned from arp scanning and dhcp snooping 552
- Upon receiving the arp reply packet the switch can get the ip address mac address vlan id 552
- With arp scanning the switch sends the arp request packets of the specified ip field to the hosts 552
- Dhcp snooping 553
- Follow these steps to configure ip mac binding via arp scanning 553
- For instructions on how to configure dhcp snooping refer to dhcp snooping configurations 553
- Host and record the ip address mac address vlan id and the connected port number of the 553
- In the scanning option section specify an ip address range and a vlan id then click scan 553
- In the scanning result section select one or more entries and configure the relevant 553
- Parameters then click apply 553
- To scan the entries in the specified ip address range and vlan 553
- With dhcp snooping enabled the switch can monitor the ip address obtaining process of the 553
- Binding table to load the following 554
- In the binding table section you can view the searched entries additionally you can configure 554
- In the search section specify the search criteria to search your desired entries 554
- The host name and protect type for one or more entries and click apply 554
- Viewing the binding entries 554
- With the binding table you can view and search the specified binding entries 554
- Binding entries manually 555
- Binding entries via arp scanning is not supported by the cli binding entries via dhcp snooping 555
- Entries manually and view the binding entries 555
- Follow these steps to manually bind entries 555
- Is introduced in dhcp snooping configurations the following sections introduce how to bind 555
- The condition that you have got the related information of the hosts 555
- Using the cli 555
- You can manually bind the ip address mac address vlan id and the port number together on 555
- 68 5 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this 556
- Entry for the arp detection feature 556
- Gigabitethernet 1 0 5 arp detection 556
- Host1 192 68 5 aa bb cc dd ee ff 10 gi1 0 5 arp d 556
- On privileged exec mode or any other configuration mode you can use the following command 556
- Switch config end 556
- Switch config ip source binding host1 192 68 5 aa bb cc dd ee ff vlan 10 interface 556
- Switch config show ip source binding 556
- Switch configure 556
- Switch copy running config startup config 556
- The following example shows how to bind an entry with the hostname host1 ip address 556
- To view binding entries 556
- U no host ip addr mac addr vid port acl col 556
- Viewing binding entries 556
- Dhcp snooping configuration 557
- Enabling dhcp snooping on vlan 557
- Using the gui 557
- Click apply 558
- Configuring dhcp snooping on ports 558
- Follow these steps to configure dhcp snooping on the specified port 558
- Port config to load the following 558
- Select one or more ports and configure the parameters 558
- Click apply 559
- Distribution way 559
- Follow these steps to configure option 82 559
- Following page 559
- Location of the dhcp client via option 82 the dhcp server supporting option 82 can also set 559
- Option 82 config to load the 559
- Option 82 records the location of the dhcp client the switch can add option 82 to the dhcp 559
- Optional configuring option 82 559
- Request packet and then transmit the packet to the dhcp server administrators can check the 559
- Select one or more ports and configure the parameters 559
- The distribution policy of ip addresses and other parameters providing a more flexible address 559
- Click apply 560
- Follow these steps to globally configure dhcp snooping 560
- Globally configuring dhcp snooping 560
- Using the cli 560
- Configuring dhcp snooping on ports 561
- Follow these steps to configure dhcp snooping on the specified ports 561
- Global status enable 561
- Switch config if end 561
- Switch config ip dhcp snooping 561
- Switch config ip dhcp snooping vlan 5 561
- Switch config show ip dhcp snooping 561
- Switch configure 561
- Switch copy running config startup config 561
- The following example shows how to enable dhcp snooping globally and on vlan 5 561
- Vlan id 5 561
- Optional configuring option 82 562
- As replace the circuit id as vlan20 and the remote id as host1 563
- Follow these steps to configure option 82 563
- Switch config if ip dhcp snooping information option 563
- Switch config interface gigabitethernet 1 0 7 563
- Switch configure 563
- The following example shows how to enable option 82 on port 1 0 7 and configure the strategy 563
- Arp inspection configurations 565
- Configuring arp detection 565
- Using the gui 565
- Arp defend to load the following 566
- Configuring arp defend 566
- Follow these steps to configure arp defend 566
- Select one or more ports and configure the parameters 566
- To avoid arp attack flood 566
- When the transmission speed of the legal arp packet on the port exceeds the defined value so as 566
- With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds 566
- Viewing arp statistics 567
- A trusted port 568
- Configuration complete ip mac binding configuration for details refer to ip mac binding 568
- Configurations 568
- Configuring arp detection 568
- Entries in the ip mac binding table and filter the illegal arp packets before arp detection 568
- Follow these steps to configure arp detection 568
- Switch config if ip arp inspection trust 568
- Switch config if show ip arp inspection 568
- Switch config interface gigabitethernet 1 0 1 568
- Switch config ip arp inspection 568
- Switch configure 568
- The arp detection feature allows the switch to detect the arp packets basing on the binding 568
- The following example shows how to globally enable arp detection and configure port 1 0 1 as 568
- Using the cli 568
- Arp detection global status enabled 569
- Configuring arp defend 569
- Follow these steps to configure arp defend 569
- Gi1 0 1 yes 569
- Gi1 0 2 no 569
- Port trusted 569
- Switch config if end 569
- Switch copy running config startup config 569
- To avoid arp attack flood 569
- When the transmission speed of the legal arp packet on the port exceeds the defined value so as 569
- With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds 569
- On privileged exec mode or any other configuration mode you can use the following command 571
- Switch config if end 571
- Switch copy running config startup config 571
- To view arp statistics 571
- Viewing arp statistics 571
- Dos defend configuration 572
- Dos defend to load the following page 572
- Follow these steps to configure dos defend 572
- Following table introduces each type of dos attack 572
- In the configure section enable dos protection 572
- In the defend table section select one or more defend types according to your needs the 572
- Using the gui 572
- Click apply 573
- Follow these steps to configure dos defend 573
- Using the cli 573
- Switch config ip dos prevent 574
- Switch config ip dos prevent type land 574
- Switch configure 574
- The following example shows how to enable the dos defend type named land 574
- Configuring 802 x globally 576
- Using the gui 576
- X configuration 576
- In the authentication config section enable quiet configure the quiet timer and click 577
- Configure 802 x authentication on the desired port and click apply 578
- Configuring 802 x on ports 578
- Port config to load the following page 578
- Adding the radius server 579
- Configuring the radius server 579
- Enabling aaa function 579
- Configuring the radius server group 580
- Group and click add 580
- In the add new server group section specify the name and server type for the new server 580
- Select the newly added group and click edit in the operation column 580
- Select the server to be added to the group from the server ip drop down list then click add 580
- Server group to load the following page 580
- To add this server to the server group 580
- Configuring 802 x globally 581
- Configuring the dot1x list 581
- Using the cli 581
- Authentication method and keep other parameters as default 583
- Authentication method pap 583
- Configuring 802 x on ports 583
- Follow these steps to configure the port 583
- Guest vlan id n a 583
- Guest vlan state disable 583
- Handshake state enabled 583
- Max retry times for radius packet 3 583
- Quiet period state disable 583
- Quiet period timer 10 sec 583
- Supplicant timeout 3 sec 583
- Switch config dot1x auth method pap 583
- Switch config dot1x system auth control 583
- Switch config end 583
- Switch config show dot1x global 583
- Switch configure 583
- Switch copy running config startup config 583
- The following example shows how to enable 802 x authentication configure pap as the 583
- X accounting state disable 583
- X state enabled 583
- Control type as port based and configure the control mode as auto 584
- Gi1 0 2 enabled disabled auto port based unauthorized n a 584
- Port state guestvlan portcontrol portmethod authorized lag 584
- Switch config if dot1x 584
- Switch config if dot1x port control auto 584
- Switch config if dot1x port method port based 584
- Switch config if end 584
- Switch config if show dot1x interface gigabitethernet 1 0 2 584
- Switch config interface gigabitethernet 1 0 2 584
- Switch configure 584
- The following example shows how to enable 802 x authentication on port 1 0 2 configure the 584
- Configuring the radius server 585
- Follow these steps to configure radius 585
- Switch copy running config startup config 585
- Aaa configuration 588
- Configuration guidelines 588
- Adding servers 589
- Globally enabling aaa 589
- Using the gui 589
- Adding radius server 590
- Click add to add the radius server on the switch 590
- Follow these steps to add a radius server 590
- In the server config section configure the following parameters 590
- Radius conifg to load the following page 590
- Adding tacacs server 591
- Click add to add the tacacs server on the switch 591
- Configuring server groups 591
- Follow these steps to add a tacacs server 591
- Group you can add new server groups as needed 591
- In the server config section configure the following parameters 591
- Servers the servers running the same protocol are automatically added to the default server 591
- Tacacs conifg to load the following page 591
- The switch has two built in server groups one for radius servers and the other for tacacs 591
- Configuring the method list 593
- And enable list 594
- Click add to add the new method 594
- Click apply 594
- Configuring the aaa application list 594
- Follow these steps to configure the aaa application list 594
- Global config to load the following page 594
- In the aaa application list section select an access application and configure the login list 594
- Configuring login account and enable password 595
- On the server 595
- On the switch 595
- Aaa global status enable 596
- Adding radius server 596
- Adding servers 596
- Follow these steps to add radius server on the switch 596
- Follow these steps to globally enable aaa 596
- Globally enabling aaa 596
- Servers are added the server with the highest priority authenticates the users trying to access the 596
- Switch and the others act as backup servers in case the first one breaks down 596
- Switch config aaa enable 596
- Switch config end 596
- Switch config show aaa global 596
- Switch configure 596
- Switch copy running config startup config 596
- The following example shows how to globally enable aaa 596
- Using the cli 596
- You can add one or more radius tacacs servers on the switch for authentication if multiple 596
- 68 0 1812 1813 8 3 123456 597
- Seconds and the retransmit number as 3 597
- Server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 597
- Server ip auth port acct port timeout retransmit shared key 597
- Switch config end 597
- Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 597
- Switch config show radius server 597
- Switch configure 597
- Switch copy running config startup config 597
- The following example shows how to add a radius server on the switch set the ip address of the 597
- 68 0 49 8 123456 598
- Adding tacacs server 598
- Follow these steps to add tacacs server on the switch 598
- Of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the 598
- Server ip port timeout shared key 598
- Switch config end 598
- Switch config show tacacs server 598
- Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 598
- Switch configure 598
- Switch copy running config startup config 598
- The following example shows how to add a tacacs server on the switch set the ip address 598
- Timeout as 8 seconds 598
- Configuring server groups 599
- Existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 599
- Running the same protocol are automatically added to the default server group you can add new 599
- Server groups as needed 599
- Switch aaa group end 599
- Switch aaa group server 192 68 0 599
- Switch aaa group show aaa group radius1 599
- Switch config aaa group radius radius1 599
- Switch configure 599
- Switch copy running config startup config 599
- The following example shows how to create a radius server group named radius1 and add the 599
- The switch has two built in server groups one for radius and the other for tacacs the servers 599
- The two default server groups cannot be deleted or edited follow these steps to add a server 599
- A method list describes the authentication methods and their sequence to authenticate the 600
- And enable method list for guests to get administrative privileges 600
- Configuring the method list 600
- Default local 600
- Follow these steps to configure the method list 600
- Login1 radius local 600
- Methodlist pri1 pri2 pri3 pri4 600
- Switch config aaa authentication login login1 radius local 600
- Switch config show aaa authentication login 600
- Switch configure 600
- The following example shows how to create a login method list named login1 and configure 600
- The method 1 as the default radius server group and the method 2 as local 600
- Users the switch supports login method list for users of all types to gain access to the switch 600
- And http 601
- Configuring the aaa application list 601
- Default local 601
- Enable1 radius local 601
- Follow these steps to apply the login and enable method lists for the application telnet 601
- Methodlist pri1 pri2 pri3 pri4 601
- Switch config aaa authentication enable enable1 radius local 601
- Switch config end 601
- Switch config show aaa authentication enable 601
- Switch configure 601
- Switch copy running config startup config 601
- Telnet 601
- The following example shows how to create an enable method list named enable1 and configure 601
- The method 1 as the default radius server group and the method 2 as local 601
- You can configure authentication method lists on the following access applications telnet ssh 601
- Enable method list named enable1 for the application telnet 602
- Follow these steps to apply the login and enable method lists for the application ssh 602
- Http default default 602
- Module login list enable list 602
- Ssh default default 602
- Switch config line enable authentication enable1 602
- Switch config line end 602
- Switch config line login authentication login1 602
- Switch config line show aaa global 602
- Switch config line telnet 602
- Switch configure 602
- Switch copy running config startup config 602
- Telnet login1 enable1 602
- The following example shows how to apply the existing login method list named login1 and 602
- Enable method list named enable1 for the application ssh 603
- Follow these steps to apply the login and enable method lists for the application http 603
- Http default default 603
- Module login list enable list 603
- Ssh login1 enable1 603
- Switch config line enable authentication enable1 603
- Switch config line end 603
- Switch config line login authentication login1 603
- Switch config line show aaa global 603
- Switch config line ssh 603
- Switch configure 603
- Switch copy running config startup config 603
- Telnet default default 603
- The following example shows how to apply the existing login method list named login1 and 603
- Configuring login account and enable password 604
- On the switch 604
- Configuration file all the users trying to get administrative privileges share this enable 605
- Customizable all users trying to get administrative privileges share this enable password 605
- Enable and providing the enable password 605
- For enable password configuration 605
- For login authentication configuration more than one login account can be created on the 605
- Network information without the enable password 605
- On radius server the user name should be set as enable and the enable password is 605
- On tacacs server configure the value of enable 15 as the enable password in the 605
- On the server 605
- Password 605
- Server besides both the user name and password can be customized 605
- Some configuration principles on the server are as follows 605
- The accounts created by the radius tacacs server can only view the configurations and some 605
- Tips the logged in guests can get administrative privileges by using the command admin 605
- Configuration examples 606
- Configuration scheme 606
- Example for dhcp snooping and arp detection 606
- Network requirements 606
- Using the gui 607
- Using the cli 610
- Verify the configuration 610
- Configuration scheme 612
- Example for 802 x 612
- Network requirements 612
- Network topology 612
- Configuration procedure in two ways using the gui and using the cli 613
- Demonstrated with t1600g 28ts acting as the authenticator the following sections provide 613
- Eap enable the quiet feature and then keep the default authentication settings 613
- Following page enable 802 x authentication and configure the authentication method as 613
- Global config to load the 613
- Internet 613
- Using the gui 613
- Using the cli 616
- Verify the configurations 617
- Example for aaa 618
- Network requirements 618
- Configuration scheme 619
- Using the gui 619
- Using the cli 622
- Verify the configuration 623
- Appendix default parameters 625
- Default settings of network security are listed in the following tables 625
- Chapters 629
- Configuring lldp 629
- Part 20 629
- Overview 630
- Supported features 630
- Global config 631
- Lldp configurations 631
- Using the gui 631
- Follow these steps to enable lldp and configure the lldp feature globally 632
- In the global config section enable lldp click apply 632
- In the parameters config section configure the lldp parameters click apply 632
- Follow these steps to configure the lldp feature for the interface 633
- Policy config to load the following page 633
- Port config 633
- Select the desired port and set its admin status and notification mode 633
- Enable the lldp feature on the switch and configure the lldp parameters 634
- Global config 634
- Select the tlvs type length value included in the lldp packets according to your needs 634
- Using the cli 634
- Count 3 635
- Interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast 635
- Lldp status enabled 635
- Switch config lldp 635
- Switch config lldp hold multiplier 4 635
- Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 635
- Switch config show lldp 635
- Switch configure 635
- The following example shows how to configure the following parameters lldp timer 4 tx 635
- Ttl multiplier 4 635
- Tx interval 30 seconds 635
- Fast packet count 3 636
- Initialization delay 2 seconds 636
- Lldp med fast start repeat count 4 636
- Lldp packets 636
- Port config 636
- Select the desired port and set its admin status notification mode and the tlvs included in the 636
- Switch config end 636
- Switch copy running config startup config 636
- Trap notification interval 5 seconds 636
- Tx delay 2 seconds 636
- Power yes 638
- Switch config if end 638
- Switch copy running config startup config 638
- Global config 639
- Lldp med configurations 639
- Using the gui 639
- Port config 640
- Global config 642
- Lldp status enabled 642
- Switch config lldp 642
- Switch config lldp med fast count 4 642
- Switch config show lldp 642
- Switch configure 642
- The following example shows how to configure lldp med fast count as 4 642
- Ttl multiplier 4 642
- Tx delay 2 seconds 642
- Tx interval 30 seconds 642
- Using the cli 642
- Fast packet count 3 643
- Initialization delay 2 seconds 643
- Lldp med fast start repeat count 4 643
- Port config 643
- Select the desired port enable lldp med and select the tlvs type length value included in 643
- Switch config end 643
- Switch copy running config startup config 643
- The outgoing lldp packets according to your needs 643
- Trap notification interval 5 seconds 643
- Using gui 646
- Viewing lldp device info 646
- Viewing lldp settings 646
- According to your needs click apply 647
- Follow these steps to view the local information 647
- In the auto refresh section enable the auto refresh feature and set the refresh rate 647
- In the local info section select the desired port and view its associated local device 647
- Information 647
- Viewing the neighbor info 648
- Viewing lldp statistics 649
- In the neighbors statistics section view the statistics of the corresponding port 650
- Using cli 650
- Viewing lldp statistics 650
- Viewing the local info 650
- Viewing the neighbor info 650
- Using gui 651
- Viewing lldp med settings 651
- Viewing the local info 651
- According to your needs click apply 652
- Follow these steps to view lldp med neighgbor information 652
- In the auto refresh section enable the auto refresh feature and set the refresh rate 652
- In the lldp med neighbor info section select the desired port and view the lldp med 652
- Settings 652
- Viewing the neighbor info 652
- Using cli 653
- Viewing lldp statistics 653
- Viewing the local info 653
- Viewing the neighbor info 653
- Configuration example 654
- Configuration scheme 654
- Example for configuring lldp 654
- Network requirements 654
- Network topology 654
- Using the gui 655
- Using cli 656
- Configuration file 657
- Verify the configurations 657
- Example for configuring lldp med 662
- Network requirements 662
- Configuration scheme 663
- Network topology 663
- Using the gui 663
- Using the cli 667
- Configuration file 668
- Verify the configurations 669
- Appendix default parameters 676
- Default lldp med settings 676
- Default lldp settings 676
- Default settings of lldp are listed in the following tables 676
- Chapters 677
- Configuring maintenance 677
- Part 21 677
- Device diagnose 678
- Maintenance 678
- Network diagnose 678
- Overview 678
- Supported features 678
- System monitor 678
- Monitoring the cpu 679
- Monitoring the system 679
- Using the gui 679
- Monitoring the cpu 680
- Monitoring the memory 680
- Using the cli 680
- Monitoring the memory 681
- Backing up log files 682
- Configuration guidelines 682
- Configuring the local log 682
- Configuring the remote log 682
- Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality 682
- Of the switch is affected please take actions according to the log message 682
- System log configurations 682
- System log configurations include 682
- Viewing the log table 682
- Click apply 683
- Configuring the local log 683
- Configuring the remote log 683
- Follow these steps to configure the local log 683
- Local log to load the following page 683
- Remote log enables the switch to send system logs to a host to display the logs the host should 683
- Run a log server that complies with the syslog standard 683
- Select your desired channel and configure the corresponding severity and status 683
- Using the gui 683
- Backing up the log file 684
- Viewing the log table 684
- Configuring the local log 685
- Follow these steps to configure the local log 685
- Select a module and a severity to view the corresponding log information 685
- Using the cli 685
- Switch config logging buffer 686
- Switch config logging buffer level 5 686
- Switch config logging file flash 686
- Switch config logging file flash frequency periodic 10 686
- Switch config logging file flash level 2 686
- Switch config show logging local config 686
- Switch configure 686
- The following example shows how to configure the local log on the switch save logs of levels 0 686
- To 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 686
- Buffer 5 enable immediately 687
- Channel level status sync periodic 687
- Configuring the remote log 687
- Flash 2 enable 10 hour s 687
- Follow these steps to set the remote log 687
- Ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the host 687
- Monitor 5 enable immediately 687
- Remote log enables the switch to send system logs to a host to display the logs the host should 687
- Run a log server that complies with the syslog standard 687
- Switch config end 687
- Switch configure 687
- Switch copy running config startup config 687
- The following example shows how to set the remote log on the switch enable log host 2 set its 687
- Cable test to load the following page 689
- Diagnosing the device 689
- In the port section select your desired port for the test 689
- In the result section click apply and check the test results 689
- Using the gui 689
- Gi1 0 2 pair a normal 2 10m 690
- On privileged exec mode or any other configuration mode you can use the following command 690
- Pair b normal 2 10m 690
- Pair c normal 0 10m 690
- Pair d normal 2 10m 690
- Port pair status length error 690
- Switch show cable diagnostics interface gigabitehternet 1 0 2 690
- The following example shows how to check the cable diagnostics of port 1 0 2 690
- To check the connection status of the cable that is connected to the switch 690
- Using the cli 690
- Configuring the ping test 691
- Diagnosing the network 691
- Using the gui 691
- Configuring the tracert test 692
- Approximate round trip times in milli seconds 693
- Bytes and the interval as 500 milliseconds 693
- Configuring the ping test 693
- Destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 693
- In the tracert result section check the test results 693
- Minimum 0ms maximum 0ms average 0ms 693
- On privileged exec mode or any other configuration mode you can use the following command 693
- Packets sent 3 received 3 lost 0 0 loss 693
- Ping statistics for 192 68 0 693
- Pinging 192 68 0 with 1000 bytes of data 693
- Reply from 192 68 0 bytes 1000 time 16ms ttl 64 693
- Switch ping ip 192 68 0 n 3 l 1000 i 500 693
- The following example shows how to test the connectivity between the switch and the 693
- To test the connectivity between the switch and one node of the network 693
- Using the cli 693
- Configuring the tracert test 694
- Destination 694
- Device with the ip address 192 68 00 set the maxhops as 2 694
- Ms 1 ms 2 ms 192 68 694
- Ms 2 ms 2 ms 192 68 00 694
- On privileged exec mode or any other configuration mode you can use the following command 694
- Switch tracert 192 68 00 2 694
- The following example shows how to test the connectivity between the switch and the network 694
- To test the connectivity between the switch and routers along the path from the source to the 694
- Trace complete 694
- Tracing route to 192 68 00 over a maximum of 2 hops 694
- Configuration example for remote log 695
- Configuration scheme 695
- Network requirements 695
- Using the gui 695
- Using the cli 696
- Verify the configurations 696
- Appendix default parameters 697
- Default settings of maintenance are listed in the following tables 697
- Chapters 698
- Managing snmp rmon 698
- Part 22 698
- Notification configurations 7 appendix default parameters 699
- Part 22 699
- Rmon overview 699
- Snmp configurations 6 configuration example 699
- Snmp overview 699
- Snmp overview 5 rmon configurations 699
- Choose snmpv1 or snmpv2c 700
- Choose snmpv3 700
- Snmp configurations 700
- Creating an snmp view 701
- Enabling snmp 701
- Using the gui 701
- Click create to add the view entry 702
- Create an snmp group and configure related parameters 702
- Creating an snmp group 702
- Set the view name and one mib variable that is related to the view choose the view type and 702
- Snmp view to load the following page 702
- Follow these steps to create an snmp group 703
- Need to further configure security level 703
- Set the group name and security model if you choose snmpv3 as the security model you 703
- Snmp group to load the following page 703
- Creating snmp users 704
- Follow these steps to create an snmp user 704
- Model according to the related parameters of the specified group if you choose snmpv3 you 704
- Need to configure the security level 704
- Set the read write and notify view of the snmp group click create 704
- Snmp user to load the following page 704
- Specify the user name user type and the group which the user belongs to set the security 704
- Click create 705
- Corresponding auth mode or privacy mode if not skip the step 705
- Creating snmp communities 705
- Directly 705
- If you have chosen authnopriv or authpriv as the security level you need to set 705
- If you want to use snmpv1 or snmpv2c as the security model you can create snmp communities 705
- Enabling snmp 706
- Set the community name access rights and the related view click create 706
- Snmp community to load the following page 706
- Using the cli 706
- Bad snmp version errors 707
- Encoding errors 707
- Get request pdus 707
- Illegal operation for community name supplied 707
- Number of altered variables 707
- Number of requested variables 707
- Snmp agent is enabled 707
- Snmp packets input 707
- Switch config show snmp server 707
- Switch config snmp server 707
- Switch config snmp server engineid remote 123456789a 707
- Switch configure 707
- The following example shows how to enable snmp and set 123456789a as the remote engine id 707
- Unknown community name 707
- Bad value errors 708
- Creating an snmp view 708
- General errors 708
- Get next pdus 708
- Local engine id 80002e5703000aeb132397 708
- No such name errors 708
- Remote engine id 123456789a 708
- Response pdus 708
- Set request pdus 708
- Snmp packets output 708
- Specify the oid object identifier of the view to determine objects to be managed 708
- Switch config end 708
- Switch config show snmp server engineid 708
- Switch copy running config startup config 708
- Too big errors maximum packet size 1500 708
- Trap pdus 708
- Creating an snmp group 709
- Enable auth mode and privacy mode and set the view as read view and notify view 710
- Nms monitor v3 authpriv view view 710
- No name sec mode sec lev read view write view notify view 710
- Switch config end 710
- Switch config show snmp server group 710
- Switch config snmp server group nms monitor smode v3 slev authpriv read view notify 710
- Switch configure 710
- Switch copy running config startup config 710
- The following example shows how to create an snmpv3 group name the group as nms monitor 710
- And access rights as the group 711
- Configure users of the snmp group users belong to the group and use the same security level 711
- Creating snmp users 711
- Admin and set the user as a remote user snmpv3 as the security mode authpriv as the security 712
- Admin remote nms monitor v3 authpriv sha des 712
- Creating snmp communities 712
- For snmpv1 and snmpv2c the community name is used for authentication functioning as the 712
- Level sha as the authentication algorithm 1234 as the authentication password des as the 712
- No u name u type g name s mode s lev a mode p mode 712
- Password 712
- Privacy algorithm and 1234 as the privacy password 712
- Sha cpwd 1234 emode des epwd 1234 712
- Switch config end 712
- Switch config show snmp server user 712
- Switch config snmp server user admin remote nms monitor smode v3 slev authpriv cmode 712
- Switch configure 712
- Switch copy running config startup config 712
- The following example shows how to create an snmp user on the switch name the user as 712
- Configuration guidelines 714
- Notification configurations 714
- Using the gui 714
- Choose a notification type based on the snmp version if you choose the inform type you 715
- Model and security level based on the settings of the user or community 715
- Need to set retry times and timeout interval 715
- Specify the user name or community name used by the nms and configure the security 715
- Click create 716
- Configure parameters of the nms host and packet handling mechanism 716
- Configuring the host 716
- Using the cli 716
- Enabling snmp notification 717
- Enabling the snmp standard trap 717
- Optional enabling the snmp extend trap 718
- Switch config end 718
- Switch config snmp server traps snmp linkup 718
- Switch configure 718
- Switch copy running config startup config 718
- The following example shows how to configure the switch to send linkup traps 718
- Switch config end 719
- Switch config snmp server traps bandwidth control 719
- Switch configure 719
- Switch copy running config startup config 719
- The following example shows how to configure the switch to enable bandwidth control traps 719
- Optional enabling the mac trap 720
- Optional enabling the vlan trap 720
- Switch config end 720
- Switch config snmp server traps mac new 720
- Switch configure 720
- Switch copy running config startup config 720
- The following example shows how to configure the switch to enable 720
- Optional enabling the link status trap 721
- Switch config end 721
- Switch config if end 721
- Switch config if snmp server traps link status 721
- Switch config interface gigabitethernet 1 0 1 721
- Switch config snmp server traps vlan create 721
- Switch configure 721
- Switch copy running config startup config 721
- The following example shows how to configure the switch to enable 721
- The following example shows how to configure the switch to enable link status trap 721
- Rmon overview 722
- Configuring statistics 723
- Rmon configurations 723
- Using the gui 723
- Configuring history 724
- Follow these steps to configure history 724
- History to load the following page 724
- Select a history entry and specify a port to be monitored 724
- Specify the entry id the port to be monitored and the owner name of the entry set the entry as 724
- Valid or undercreation and click create 724
- Choose an event entry and set the snmp user of the entry 725
- Configuring event 725
- Enter the owner name and set the status of the entry click apply 725
- Event to load the following page 725
- Follow these steps to configure event 725
- Set the sample interval and the maximum buckets of history entries 725
- Alarm to load the following page 726
- Before you begin please complete configurations of statistics entries and event entries because 726
- Configuring alarm 726
- Enter the owner name and set the status of the entry click apply 726
- Set the description and type of the event 726
- The alarm entries must be associated with statistics and event entries 726
- Alarm type of the entry 727
- Follow these steps to configure alarm 727
- Select an alarm entry choose a variable to be monitored and associate the entry with a 727
- Set the sample type the rising and falling threshold the corresponding event action and the 727
- Statistics entry 727
- Configuring statistics 728
- Enter the owner name and set the status of the entry click apply 728
- Using the cli 728
- Configuring history 729
- Buckets 50 730
- Gi1 0 1 100 50 monitor enable 730
- Index port interval buckets owner state 730
- Set the sample interval as 100 seconds max buckets as 50 and the owner as monitor 730
- Switch config end 730
- Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor 730
- Switch config show rmon history 730
- Switch configure 730
- Switch copy running config startup config 730
- The following example shows how to create a history entry on the switch to monitor port 1 0 1 730
- Admin the event type as notify set the switch to initiate notifications to the nms and the owner 731
- As monitor 731
- Configuring event 731
- Switch config rmon event 1 user admin description rising notify type notify owner monitor 731
- Switch configure 731
- The following example shows how to create an event entry on the switch set the user name as 731
- Admin rising notify notify monitor enable 732
- Configuring alarm 732
- Index user description type owner state 732
- Switch config end 732
- Switch config show rmon event 732
- Switch copy running config startup config 732
- Alarm variable bpkt 733
- As 2 the alarm type as all the notification interval as 10 seconds and the owner of the entry as 733
- Index state 1 enabled 733
- Interval 10 owner monitor 733
- Monitor 733
- Related rising event entry index as 1 the falling threshold as 3000 the related falling event index 733
- Rhold revent 3000 1 733
- Sample type absolute 733
- Statistics index 1 733
- Switch config rmon alarm 1 stats index 1 alarm variable bpkt s type absolute rising 733
- Switch config show rmon alarm 733
- Switch configure 733
- The following example shows how to set an alarm entry to monitor bpackets on the switch set 733
- The related statistics entry id as 1 the sample type as absolute the rising threshold as 3000 the 733
- Threshold 3000 rising event index 1 falling threshold 3000 falling event index 2 a type all 733
- Configuration example 735
- Configuration scheme 735
- Network requirements 735
- As shown in the following figure the nms host with ip address 172 68 22 is connected to the 736
- Connected to switch b and port 1 0 3 and the nms are able to reach one another 736
- Core switch switch b on switch a ports 1 0 1 and 1 0 2 are monitored by the nms port 1 0 3 is 736
- Demonstrated with t1600g 28ts this chapter provides configuration procedures in two ways 736
- Network topology 736
- Using the gui and using the cli 736
- Configuring rate limit on ports 737
- Configuring snmp 737
- Using the gui 737
- Configuring rmon 739
- Enabling bandwith control trap 739
- Configuring rate limit on ports 742
- Configuring snmp 742
- Enable bandwith control trap 742
- Using the cli 742
- Configuration file 743
- Configuring rmon 743
- Verify the configurations 744
- Appendix default parameters 749
- Default settings of snmp are listed in the following table 749
- Default settings of notification are listed in the following table 750
- Bsmi notice 753
- Ce mark warning 753
- Fcc statement 753
- Industry canada statement 753
- Explanation of the symbols on the product label 754
- Safety information 754
- 限用物質含有情況標示聲明書 754
Похожие устройства
- Tp-Link T1700X-16TS V3 Руководство по использованию коммандной строки
- Tp-Link T1700X-16TS V3 Инструкция по установке
- Tp-Link T1700X-16TS V3 Rackmount Switch_EU2_12Languages__ Installation Guide
- Tp-Link T1700X-16TS V3 Руководство пользователя
- Tp-Link T1700X-16TS V2 Руководство по использованию коммандной строки
- Tp-Link T1700X-16TS V2 Руководство по быстрому старту
- Tp-Link T1700X-16TS V2 Rackmount Switch_EU2_12Languages__ Installation Guide
- Tp-Link T1700X-16TS V2 Руководство пользователя
- Tp-Link T1700X-16TS V1 Инструкция по установке
- Tp-Link T1700X-16TS V1 Руководство по использованию коммандной строки
- Tp-Link T1700X-16TS V1 Руководство пользователя
- Tp-Link T1700X-16TS V1 Руководство по быстрому старту
- Tp-Link T1700X-16TS V1 Rackmount Switch_EU2_12Languages__ Installation Guide
- Tp-Link T1600G-28TS V3 Руководство по использованию коммандной строки
- Tp-Link T1600G-28TS V3 Инструкция по установке
- Tp-Link T1600G-28TS V3 Руководство по быстрому старту
- Tp-Link T1600G-28TS V3 Rackmount Switch_EU2_12Languages__ Installation Guide
- Tp-Link T1600G-28TS V3 Руководство пользователя
- Tp-Link T1600G-28TS V2 Client Software_User Guide
- Tp-Link T1600G-28TS V2 Руководство по использованию коммандной строки