Tp-Link T1700X-16TS V3 Руководство пользователя онлайн

After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 40

After negotiation is completed enter the username to log in if you can log in without entering the password the key authentication completed successfully 42

Disable telnet login 42

Telnet config disable the telnet function and click apply 42

Using the gui 42

You can shut down the telnet function to block any telnet access to the cli interface 42

Copy running config startup config 43

Disable ssh login 43

Change the switch s ip address and default gateway 44

Chapters 45

Managing system 45

Part 2 45

Overview 46

Sdm template 46

Supported features 46

System 46

System info 46

System tools 46

Time range 46

User management 46

System info configurations 47

Using the gui 47

Viewing the system summary 47

You can click a port to view the bandwidth utilization on this port 48

In the system info section you can view the system information of the switch 49

Viewing the system information 49

Configure the following parameters 50

Configuring the device description 50

Device description to load the following page 50

Choose one method to set the system time and specify the related parameters 51

Click apply 51

Configuring the system time 51

In the time config section follow these steps to configure the system time 51

In the time info section you can view the current time information of the switch 51

System time to load the following page 51

Choose one method to set the daylight saving time and specify the related parameters 52

Click apply 52

Configuring the daylight saving time 52

Daylight saving time to load the following page 52

Follow these steps to configure daylight saving time 52

In the dst config section enable the daylight saving time function 52

Click apply 53

On privileged exec mode or any other configuration mode you can use the following commands to view the system information of the switch 53

Port status speed duplex flowctrl jumbo active medium 53

Switch show interface status 53

Te1 0 1 linkdown n a n a n a disable copper 53

Te1 0 2 linkdown n a n a n a disable copper 53

The following example shows how to view the interface status and the system information of the switch 53

Using the cli 53

Viewing the system summary 53

Bootloader version tp link bootutil v1 54

Configuring the device description 54

Contact information www tp link com 54

Follow these steps to configure the device description 54

Hardware version t1700x 16ts 3 54

Mac address 00 0a eb 13 12 ff 54

Running time 5 day 19 hour 42 min 1 sec 54

Serial number 54

Software version 3 build 20180413 rel 7790 s 54

Switch show system info 54

System description jetstream 12 port 10gbase t smart switch with 4 10g sfp slots 54

System location shenzhen 54

System name t1700x 16ts 54

System time 2006 01 07 03 40 54 54

Te1 0 3 linkup 1000m full disable disable copper 54

Configuring the system time 55

Backup ntp server 139 8 00 63 57

Last successful ntp server 133 00 57

Prefered ntp server 133 00 57

Switch config show system time ntp 57

Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 57

Switch configure 57

The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 57

Time zone utc 08 00 57

Configuring the daylight saving time 58

Follow these steps to configure the daylight saving time 58

Switch config end 58

Switch copy running config startup config 58

Update rate 11 hour s 58

Dst configuration is one off 59

Dst ends at 01 00 00 on sep 1 2017 59

Dst offset is 50 minutes 59

Dst starts at 01 00 00 on aug 1 2017 59

Switch config end 59

Switch config show system time dst 59

Switch config system time dst date aug 1 01 00 2017 sep 1 01 00 2017 50 59

Switch configure 59

Switch copy running config startup config 59

The following example shows how to set the daylight saving time by date mode set the start time as 01 00 august 1st 2017 set the end time as 01 00 september 1st 2017 and set the offset as 50 59

Creating accounts 60

User management configurations 60

Using the gui 60

Click create 61

Configure the following parameters 61

Configuring enable password 61

Follow these steps to create a new user account 61

Global config to load the following page 61

Creating accounts 62

Using the cli 62

Configuring enable password 64

Follow these steps to create an account of other type 64

The logged in users can enter the enable password on this page to get the administrative privileges 65

Configuring the boot file 67

System tools configurations 67

Using the gui 67

Click apply 68

Follow these steps to configure the boot file 68

In the boot table section select one or more units and configure the relevant parameters 68

In the image table you can view the information of the current startup image next startup image and backup image the displayed information is as follows 68

Restore config to load the following page 68

Restoring the configuration of the switch 68

Backing up the configuration file 69

Upgrading the firmware 70

Configuring reboot schedule 71

Manually rebooting the switch 71

Rebooting the switch 71

Choose whether to save the current configuration before the reboot 72

Click apply 72

Configuring the boot file 72

Follow these steps to configure the boot file 72

In the system reset section select the desired unit and click reset after reset all configurations of the switch will be reset to the factory defaults 72

Reseting the switch 72

System reset to load the following page 72

Using the cli 72

Backup config config2 cfg 73

Backup image image2 bin 73

Boot config 73

Current startup config config2 cfg 73

Current startup image image2 bin 73

Follow these steps to restore the configuration of the switch 73

Next startup config config1 cfg 73

Next startup image image1 bin 73

Restoring the configuration of the switch 73

Switch config boot application filename image1 startup 73

Switch config boot application filename image2 backup 73

Switch config boot config filename config1 startup 73

Switch config boot config filename config2 backup 73

Switch config end 73

Switch config show boot 73

Switch configure 73

Switch copy running config startup config 73

The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file as config2 73

Backing up the configuration file 74

Backup user config file ok 74

Enable 74

Follow these steps to back up the current configuration of the switch in a file 74

Follow these steps to upgrade the firmware 74

Operation ok now rebooting system 74

Start to backup user config file 74

Start to load user config file 74

Switch copy startup config tftp ip address 192 68 00 filename file2 74

Switch copy tftp startup config ip address 192 68 00 filename file1 74

The following example shows how to backup the configuration file named file2 to tftp server with ip address 192 68 00 74

The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 74

Upgrading the firmware 74

Configuring reboot schedule 75

Enable 75

Follow these steps to configure the reboot schedule 75

Follow these steps to reboot the switch 75

It will only upgrade the backup image continue y n y 75

Manually rebooting the switch 75

Operation ok 75

Reboot with the backup image y n y 75

Rebooting the switch 75

Switch firmware upgrade ip address 192 68 00 filename file3 bin 75

The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 75

Reboot schedule at 2017 08 15 12 00 in 25582 minutes 76

Reboot schedule settings 76

Reboot system at 15 08 2017 12 00 continue y n y 76

Save before reboot yes 76

Switch config end 76

Switch config reboot schedule at 12 00 15 08 2017 save_before_reboot 76

Switch configure 76

Switch copy running config startup config 76

The following example shows how to set the switch to reboot at 12 00 on 15 08 2017 76

Follow these steps to reset the switch 77

Reseting the switch 77

Click apply 78

Eee configuration 78

Eee to load the following page 78

Enable or disable eee on the selected port s 78

Follow these steps to configure eee 78

In the eee config section select one or more ports to be configured 78

Using the cli 78

In sdm template config section select one template and click apply the setting will be effective after the switch is rebooted 80

Sdm template configuration 80

Sdm template to load the following page 80

The template table displays the resources allocation of each template 80

Using the gui 80

Follow these steps to configure the sdm template 81

Switch config 81

The following example shows how to set the sdm template as enterprisev4 81

Using the cli 81

Adding time range entries 83

Time range configuration 83

Using the gui 83

Configure the following parameters and click create 84

Similarly you can add more entries of period time according to your needs the final period time is the sum of all the periods in the table click create 84

Configuring holiday 85

Adding time range entries 86

Follow these steps to add time range entries 86

Using the cli 86

08 00 to 20 00 on 1 2 87

10 01 2017 to 10 31 2017 87

Configuring holiday 87

Follow these steps to configure holiday time range 87

Holiday exclude 87

Number of time slice 1 87

Switch config 87

Switch config time range absolute from 10 01 2017 to 10 31 2017 87

Switch config time range end 87

Switch config time range holiday exclude 87

Switch config time range periodic start 08 00 end 20 00 day of the week 1 2 87

Switch config time range show time range 87

Switch config time range time1 87

Switch copy running config startup config 87

The following example shows how to create a time range entry and set the name as time1 holiday mode as exclude absolute time as 10 01 2017 to 10 31 2017 and periodic time as 8 00 to 20 00 on every monday and tuesday 87

Time range entry 12 inactive 87

Time range entry time1 inactive 87

Appendix default parameters 89

Default settings of system info are listed in the following tables 89

Default settings of system tools are listed in the following table 89

Default settings of user management are listed in the following table 89

Default setting of eee is listed in the following table 90

Default settings of sdm template are listed in the following table 90

Default settings of time range are listed in the following table 90

Chapters 91

Managing physical interfaces 91

Part 3 91

Basic parameters 92

Loopback detection 92

Overview 92

Physical interface 92

Port isolation 92

Supported features 92

Basic parameters configurations 93

Configure the mtu size of jumbo frames for all the ports then click apply 93

Follow these steps to configure basic parameters for the ports 93

Port config to load the following page 93

Select one or more ports to configure the basic parameters then click apply 93

Using the gui 93

Follow these steps to set basic parameters for the ports 94

Using the cli 94

Switch config if no shutdown 95

Switch config interface ten gigabitethernet 1 0 1 95

Switch configure 95

Switch jumbo size 9216 95

The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port configuring the jumbo frame making the port automatically negotiate speed and duplex with the neighboring port and enabling the flow control 95

Port isolation configurations 97

Using the gui 97

Click apply 98

Follow these steps to configure port isolation 98

In the forwarding port list section select the forwarding ports or lags which the isolated ports can only communicate with it is multi optional 98

In the port section select one or multiple ports to be isolated 98

Using the cli 98

Port lag forward list 99

Switch config if end 99

Switch config if port isolation te forward list 1 0 1 3 po forward list 4 99

Switch config if show port isolation interface ten gigabitethernet 1 0 5 99

Switch config interface ten gigabitethernet 1 0 5 99

Switch configure 99

Switch copy running config startup config 99

Te1 0 5 n a te1 0 1 3 po4 99

The following example shows how to add ports 1 0 1 3 and lag 4 to the forwarding list of port 1 0 5 99

Loopback detection configuration 100

Using the gui 100

In the port config section select one or more ports to configure the loopback detection parameters then click apply 101

Optional view the loopback detection information 101

Follow these steps to configure loopback detection 102

Using the cli 102

Configuration examples 104

Configuration scheme 104

Example for port isolation 104

Network requirements 104

Using the gui 104

Using the cli 106

Verify the configuration 106

Configuration scheme 107

Example for loopback detection 107

Network requirements 107

Using the gui 108

Using the cli 109

Verify the configuration 109

Appendix default parameters 110

Default settings of switching are listed in th following tables 110

Chapters 111

Configuring lag 111

Part 4 111

Overview 112

Static lag 112

Supported features 112

Configuration guidelines 113

Lag configuration 113

Configuring load balancing algorithm 114

In the global config section select the load balancing algorithm hash algorithm then click apply 114

Lag table to load the following page 114

Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 114

Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address you can set the algorithm 114

Using the gui 114

Configuring static lag or lacp 115

Configuring lacp 116

Follow these steps to configure lacp 116

Lacp to load the following page 116

Select member ports for the lag and configure the related parameters click apply 116

Specify the system priority for the switch and click apply 116

Configuring load balancing algorithm 117

Follow these steps to configure the load balancing algorithm 117

Using the cli 117

Configuring static lag or lacp 118

Etherchannel load balancing addresses used per protocol 118

Etherchannel load balancing configuration src dst mac 118

Ipv4 source xor destination mac address 118

Ipv6 source xor destination mac address 118

Non ip source xor destination mac address 118

Switch config end 118

Switch config port channel load balance src dst mac 118

Switch config show etherchannel load balance 118

Switch configure 118

Switch copy running config startup config 118

The following example shows how to set the global load balancing mode as src dst mac 118

You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 118

Configuring static lag 119

Flags d down p bundled in port channel u in use 119

Follow these steps to configure static lag 119

Group port channel protocol ports 119

I stand alone h hot standby lacp only s suspended 119

Po2 s te1 0 5 d te1 0 6 d te1 0 7 d te1 0 8 d 119

R layer3 s layer2 f failed to allocate aggregator 119

Switch config if range channel group 2 mode on 119

Switch config if range end 119

Switch config if range show etherchannel 2 summary 119

Switch config interface range ten gigabitethernet 1 0 5 8 119

Switch configure 119

Switch copy running config startup config 119

The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 119

U unsuitable for bundling w waiting to be aggregated d default port 119

Configuring lacp 120

Follow these steps to configure lacp 120

Configuration examples 122

Configuration scheme 122

Example for static lag 122

Network requirements 122

Using the gui 122

Using the cli 123

Verify the configuration 123

Configuration scheme 124

Example for lacp 124

Network requirements 124

Using the cli 125

Using the gui 125

Verify the configuration 126

Verify the configuration 127

Appendix default parameters 129

Default settings of switching are listed in the following tables 129

Chapters 130

Managing mac address table 130

Part 5 130

Address configurations 131

Mac address table 131

Overview 131

Supported features 131

Adding static mac address entries 132

Mac address configurations 132

Using the gui 132

Click apply 134

Dynamic address to load the following page 134

Follow these steps to modify the aging time of dynamic address entries 134

In the aging config section enable auto aging and enter your desired length of time 134

Modifying the aging time of dynamic address entries 134

Adding mac filtering address entries 135

Viewing address table entries 135

Adding static mac address entries 136

Address table and click 136

Follow these steps to add static mac address entries 136

To load the following page 136

Using the cli 136

Modifying the aging time of dynamic address entries 137

Adding mac filtering address entries 138

Aging time is 500 sec 138

Follow these steps to add mac filtering address entries 138

Switch config end 138

Switch config mac address table aging time 500 138

Switch config show mac address table aging time 138

Switch configure 138

Switch copy running config startup config 138

The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 138

Appendix default parameters 140

Default settings of the mac address table are listed in the following tables 140

Chapters 141

Configuring 802 q vlan 141

Part 6 141

Overview 142

Configuring the pvid of the port 143

Q vlan configuration 143

Using the gui 143

Configuring the vlan 144

Enter a vlan id and a description for identification to create a vlan 144

Follow these steps to configure vlan 144

To load the following page to load the following page 144

Vlan config and click 144

Click apply 145

Creating a vlan 145

Follow these steps to create a vlan 145

Select the untagged port s and the tagged port s respectively to add to the created vlan based on the network topology 145

The following example shows how to create vlan 2 and name it as rd 145

Using the cli 145

Configuring the port 146

Follow these steps to configure the port 146

Rd active 146

Switch config vlan 2 146

Switch config vlan end 146

Switch config vlan name rd 146

Switch config vlan show vlan id 2 146

Switch configure 146

Switch copy running config startup config 146

Vlan name status ports 146

Acceptable frame type all 147

Adding the port to the specified vlan 147

Follow these steps to add the port to the specified vlan 147

Ingress checking enable 147

Link type general 147

Member in lag n a 147

Member in vlan 147

Port te1 0 5 147

Pvid 2 147

Switch config if end 147

Switch config if show interface switchport ten gigabitethernet 1 0 5 147

Switch config if switchport acceptable frame all 147

Switch config if switchport check ingress 147

Switch config if switchport pvid 2 147

Switch config interface ten gigabitethernet 1 0 5 147

Switch configure 147

Switch copy running config startup config 147

System vlan untagged 147

The following example shows how to configure the pvid of port 1 0 5 as 2 enable the ingress checking and set the acceptable frame type as all 147

Vlan name egress rule 147

Acceptable frame type all 148

Ingress checking enable 148

Link type general 148

Member in lag n a 148

Member in vlan 148

Port te1 0 5 148

Pvid 2 148

Rd tagged 148

Switch config if end 148

Switch config if show interface switchport ten gigabitethernet 1 0 5 148

Switch config if switchport general allowed vlan 2 tagged 148

Switch config interface ten gigabitethernet 1 0 5 148

Switch configure 148

Switch copy running config startup config 148

System vlan untagged 148

The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as tagged 148

Vlan name egress rule 148

Configuration example 149

Configuration scheme 149

Network requirements 149

Demonstrated with t1700x 16ts the following sections provide configuration procedure in two ways using the gui and using the cli 150

Network topology 150

The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 as an example 150

The figure below shows the network topology host a1 and host a2 are in department a while host b1 and host b2 are in department b switch 1 and switch 2 are located in two different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 150

To load the following page create vlan 10 with the description of department_a add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to vlan 10 click create 150

Using the gui 150

Vlan config and 150

Using the cli 153

Verify the configurations 154

Appendix default parameters 155

Default settings of 802 q vlan are listed in the following table 155

Chapters 156

Configuring mac vlan 156

Part 7 156

Overview 157

Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 157

The figure below shows a common application scenario of mac vlan 157

Two departments share all the meeting rooms in the company but use different servers and l 157

Vlan is generally divided by ports it is a common way of division but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office at different times a terminal device may access the network via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their mac vlans even when their access ports change 157

Binding the mac address to the vlan 158

Configuring 802 q vlan 158

Mac vlan configuration 158

Using the gui 158

Enabling mac vlan for the port 159

19 56 8a 4c 71 dept a 10 160

Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 160

Binding the mac address to the vlan 160

Configuring 802 q vlan 160

Follow these steps to bind the mac address to the vlan 160

Mac addr name vlan id 160

Switch config end 160

Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 160

Switch config show mac vlan vlan 10 160

Switch configure 160

The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 160

Using the cli 160

Enabling mac vlan for the port 161

Follow these steps to enable mac vlan for the port 161

Port status 161

Switch config if end 161

Switch config if mac vlan 161

Switch config if show mac vlan interface 161

Switch config interface ten gigabitethernet 1 0 1 161

Switch configure 161

Switch copy running config startup config 161

Te1 0 1 enable 161

Te1 0 2 disable 161

The following example shows how to enable mac vlan for port 1 0 1 161

Configuration example 162

Configuration scheme 162

Create vlan 10 and vlan 20 on each of the three switches and add the ports to the vlans based on the network topology for the ports connecting the laptops set the 162

Network requirements 162

Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 162

You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 162

Using the gui 163

Using the cli 166

Verify the configurations 168

Appendix default parameters 169

Default settings of mac vlan are listed in the following table 169

Chapters 170

Configuring protocol vlan 170

Part 8 170

Overview 171

Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze specific fields of received packets encapsulate the packets in specific formats and forward the packets with different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services 171

The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 171

Configuring 802 q vlan 172

Protocol vlan configuration 172

Using the gui 172

Check whether your desired template already exists in the protocol template config 173

Creating protocol template 173

Follow these steps to create a protocol template 173

Protocol template to load the following page 173

Section if not click 173

To create a new template 173

Click create 174

Configuring protocol vlan 174

Follow these steps to configure the protocol group 174

In the protocol group config section specify the following parameters 174

Protocol vlan group and 174

Select the desired ports click create 174

To load the following page 174

Before configuring protocol vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 175

Configuring 802 q vlan 175

Creating a protocol template 175

Follow these steps to create a protocol template 175

Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 175

Switch configure 175

The following example shows how to create an ipv6 protocol template 175

Using the cli 175

Arp ethernetii ether type 0806 176

At snap ether type 809b 176

Configuring protocol vlan 176

Follow these steps to configure protocol vlan 176

Index protocol name protocol type 176

Ip ethernetii ether type 0800 176

Ipv6 ethernetii ether type 86dd 176

Ipx snap ether type 8137 176

Rarp ethernetii ether type 8035 176

Switch config end 176

Switch config show protocol vlan template 176

Switch copy running config startup config 176

A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 178

Configuration example 178

Configuration scheme 178

Network requirements 178

The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 178

You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 178

Using the gui 179

Using the cli 184

Verify the configurations 187

Appendix default parameters 189

Default settings of protocol vlan are listed in the following table 189

Chapters 190

Configuring gvrp 190

Part 9 190

Gvrp garp vlan registration protocol is a garp generic attribute registration protocol application that allows registration and deregistration of vlan attribute values and dynamic vlan creation 191

Overview 191

The configuration may seem easy in this situation however for a larger or more complex network such manual configuration would be time costing and fallible gvrp can be used to implement dynamic vlan configuration with gvrp the switch can exchange vlan configuration information with the adjacent gvrp switches and dynamically create and manage the vlans this reduces vlan configuration workload and ensures correct vlan configuration 191

Without gvrp operating configuring the same vlan on a network would require manual configuration on each device as shown in figure 1 1 switch a b and c are connected through trunk ports vlan 10 is configured on switch a and vlan 1 is configured on switch b and switch c switch c can receive messages sent from switch a in vlan 10 only when the network administrator has manually created vlan 10 on switch b and switch c 191

Configuration guidelines 192

Gvrp configuration 192

Follow these steps to configure gvrp 193

Gvrp config to load the following page 193

In the gvrp section enable gvrp globally then click apply 193

In the port config section select one or more ports set the status as enable and configure the related parameters according to your needs 193

Using the gui 193

Click apply 194

Using the cli 194

Configuration example 197

Configuration scheme 197

Demonstrated with t1700x 16ts the following sections provide configuration procedure in two ways using the gui and using the cli 197

Department a and department b of a company are connected using switches offices of one department are distributed on different floors as shown in figure 3 1 the network topology is complicated configuration of the same vlan on different switches is required so that computers in the same department can communicate with each other 197

Network requirements 197

The two departments are in separate vlans to make sure the switches only dynamically create vlan of their own department you need to set the registration mode for ports on switch 1 to switch 4 as fixed to prevents dynamic registration and deregistration of vlans and allow the port to transmit only the static vlan registration information 197

To configure dynamic vlan creation on other switches set the registration mode of the corresponding ports as normal to allow dynamic registration and deregistration of vlans 197

To reduce manual configuration and maintenance workload gvrp can be enabled to implement dynamic vlan registration and update on the switches 197

When configuring gvrp please note the following 197

Using the gui 198

Using the cli 202

Verify the configuration 204

Appendix default parameters 206

Default settings of gvrp are listed in the following tables 206

Chapters 207

Configuring layer 2 multicast 207

Part 10 207

Layer 2 multicast 208

Overview 208

A member port is a port on snooping switch that is connecting to the host 209

A router port is a port on snooping switch that is connecting to the igmp querier 209

A snooping switch indicates a switch with igmp snooping enabled the switch maintains a multicast forwarding table by snooping on the igmp transmissions between the host and the querier with the multicast forwarding table the switch can forward multicast data only to the ports that are in the corresponding multicast group so as to constrain the flooding of multicast data in the layer 2 network 209

An igmp querier is a multicast router a router or a layer 3 switch that sends query messages to maintain a list of multicast group memberships for each attached network and a timer for each membership 209

Demonstrated as below 209

Igmp querier 209

Member port 209

Normally only one device acts as querier per physical network if there are more than one multicast router in the network a querier election process will be implemented to determine which one acts as the querier 209

Router port 209

Snooping switch 209

The following basic concepts of igmp snooping will be introduced igmp querier snooping switch router port and member port 209

Layer 2 multicast protocol for ipv4 igmp snooping 210

Layer 2 multicast protocol for ipv6 mld snooping 210

Multicast filtering 210

Multicast vlan registration mvr 210

Supported features 210

Configuring igmp snooping globally 211

Igmp snooping configuration 211

Using the gui 211

And click 212

Before configuring igmp snooping for vlans set up the vlans that the router ports and the member ports are in for details please refer to configuring 802 q vlan 212

Choose the menu 212

Click apply 212

Configuring igmp snooping for vlans 212

Global config 212

Igmp vlan confi 212

In your desired vlan entry in the 212

Section to load the following page 212

The switch supports configuring igmp snooping on a per vlan basis after igmp snooping is enabled globally you also need to enable igmp snooping and configure the corresponding parameters for the vlans that the router ports and the member ports are in 212

Enable igmp snooping for the vlan and configure the corresponding parameters 213

Follow these steps to configure igmp snooping for a specific vlan 213

Click save 215

Click apply 216

Configuring hosts to statically join a group 216

Configuring igmp snooping for ports 216

Enable igmp snooping for the port and enable fast leave if there is only one receiver connected to the port 216

Follow these steps to configure igmp snooping for ports 216

Following page 216

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 216

Port confi 216

To load the 216

Choose the menu 217

Click create 217

Configuring igmp snooping globally 217

Follow these steps to configure hosts to statically join a group 217

Follow these steps to configure igmp snooping globally 217

Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 217

Static group config 217

To load the following page 217

Using the cli 217

Switch config ip igmp snooping 218

Switch config ip igmp snooping drop unknown 218

Switch config ip igmp snooping version v3 218

Switch config ipv6 mld snooping 218

Switch configure 218

The following example shows how to enable igmp snooping and header validation globally and specify the igmp snooping version as igmpv3 the way how the switch processes multicast streams that are sent to unknown multicast groups as discard 218

Configuring igmp snooping for vlans 219

Switch config ip igmp snooping vlan config 1 mtime 300 222

Switch config ip igmp snooping vlan config 1 rtime 320 222

Switch configure 222

The following example shows how to enable igmp snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 222

Configuring igmp snooping for ports 224

Follow these steps to configure igmp snooping for ports 224

General query source ip 192 68 224

Last member query count 3 224

Switch config end 224

Switch config if range ip igmp snooping 224

Switch config interface range gigabitehternet 1 0 1 3 224

Switch configure 224

Switch copy running config startup config 224

The following example shows how to enable igmp snooping and fast leave for port 1 0 1 3 224

Configuring hosts to statically join a group 225

Configuring mld snooping globally 227

Mld snooping configuration 227

Using the gui 227

Configuring mld snooping for vlans 228

Click save 230

Click apply 231

Configuring hosts to statically join a group 231

Configuring mld snooping for ports 231

Enable mld snooping for the port and enable fast leave if there is only one receiver connected to the port 231

Follow these steps to configure mld snooping for ports 231

Following page 231

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 231

Port config to load the 231

Choose the menu 232

Click create 232

Configuring mld snooping globally 232

Follow these steps to configure hosts to statically join a group 232

Follow these steps to configure mld snooping globally 232

Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 232

Static group config 232

To load the following page 232

Using the cli 232

Configuring mld snooping for vlans 233

Follow these steps to configure mld snooping for vlans 234

Switch config ipv6 mld snooping vlan config 1 immediate leave 236

Switch config ipv6 mld snooping vlan config 1 mtime 300 236

Switch config ipv6 mld snooping vlan config 1 report suppression 236

Switch config ipv6 mld snooping vlan config 1 rtime 320 236

Switch configure 236

The following example shows how to enable mld snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 236

Configuring mld snooping for ports 238

Follow these steps to configure mld snooping for ports 238

Switch config end 238

Switch config if range ipv6 mld snooping 238

Switch config if range ipv6 mld snooping immediate leave 238

Switch config if range show ipv6 mld snooping interface ten gigabitethernet 1 0 1 3 238

Switch config interface range gigabitehternet 1 0 1 3 238

Switch configure 238

Switch copy running config startup config 238

The following example shows how to enable mld snooping and fast leave for port 1 0 1 3 238

Configuring hosts to statically join a group 239

Follow these steps to configure hosts to statically join a group 239

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 239

Port mld snooping fast leave 239

Switch config if range end 239

Switch config ipv6 mld snooping vlan config 2 static 239 interface ten gigabitethernet 1 0 1 3 239

Switch config show ipv6 mld snooping groups static 239

Switch configure 239

Switch copy running config startup config 239

Te1 0 1 enable enable 239

Te1 0 2 enable enable 239

Te1 0 3 enable enable 239

The following example shows how to configure port 1 0 1 3 in vlan 2 to statically join the multicast group 239 239

Configuring 802 q vlans 241

Mvr configuration 241

Using the gui 241

Choose the menu 242

Click apply 242

Configuring mvr globally 242

Enable mvr globally and configure the global parameters 242

Follow these steps to configure mvr globally 242

Mvr config 242

To load the following page 242

Adding multicast groups to mvr 243

And click 243

Click create 243

Follow these steps to add multicast groups to mvr 243

Mvr group config 243

Specify the ip address of the multicast groups 243

Then the added multicast groups will appear in the mvr group table as the following figure shows 243

To load the following page 243

You need to manually add multicast groups to the mvr choose the menu 243

Choose the menu 244

Configuring mvr for the port 244

Enable mvr and configure the port type and fast leave feature for the port 244

Follow these steps to add multicast groups to mvr 244

Port config 244

Select one or more ports to configure 244

To load the following page 244

And click 245

Choose the menu 245

Click apply 245

Optional adding ports to mvr groups statically 245

Static group members 245

You can add only receiver ports to mvr groups statically the switch adds or removes receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts you can also statically add a receiver port to an mvr group 245

Your desired mvr group entry to load the following page 245

Before configuring mvr create an 802 q vlan as the multicast vlan add the all source ports to the multicast vlan as tagged ports configure 802 q vlans for the receiver ports according to network requirements note that receiver ports can only belong to one vlan and cannot be added to the multicast vlan for details refer to configuring 802 q vlan 246

Click save 246

Configuring 802 q vlans 246

Configuring mvr globally 246

Follow these steps to configure mvr globally 246

Follow these steps to statically add ports to an mvr group 246

Select the ports to add them to the mvr group 246

Using the cli 246

Active 248

Configuring mvr for the ports 248

Follow these steps to configure mvr for the ports 248

Mvr group ip status members 248

Switch config end 248

Switch copy running config startup config 248

Creating the multicast profile 251

Multicast filtering configuration 251

Using the gui 251

Follow these steps to create a profile 252

In the general config section specify the profile id and mode 252

In the ip range section click 252

To load the following page configure the start ip address and end ip address of the multicast groups to be filtered and click create 252

Configure multicast filtering for ports 253

Click apply 254

Creating igmp profile multicast profile for ipv4 254

Creating the multicast profile 254

Follow these steps to bind the profile to ports and configure the corresponding parameters for the ports 254

Select one or more ports to configure 254

Specify the profile to be bound and configure the maximum groups the port can join and the overflow action 254

Using the cli 254

You can create multicast profiles for both ipv4 and ipv6 network with multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources 254

Creating mld profile multicast profile for ipv6 255

Deny deny 255

Igmp profile 1 255

Range 226 226 0 range 226 226 0 255

Switch config end 255

Switch config igmp profile deny 255

Switch config igmp profile range 226 226 0 255

Switch config igmp profile show ip igmp profile 255

Switch config ip igmp profile 1 255

Switch config ip igmp snooping 255

Switch configure 255

Switch copy running config startup config 255

The following example shows how to configure profile 1 so that the switch filters multicast streams sent to 226 226 0 255

Deny deny 256

Mld profile 1 256

Range ff01 1234 5 ff01 1234 8 range ff01 1234 5 ff01 1234 8 256

Switch config end 256

Switch config ipv6 mld profile 1 256

Switch config ipv6 mld snooping 256

Switch config mld profile deny 256

Switch config mld profile range ff01 1234 5 ff01 1234 8 256

Switch config mld profile show ipv6 mld profile 256

Switch configure 256

Switch copy running config startup config 256

The following example shows how to configure profile 1 so that the switch filters multicast streams sent to ff01 1234 5 ff01 1234 8 256

Binding the igmp profile to ports 257

Binding the profile to ports 257

You can bind the created igmp profile or mld profile to ports and configure the number of multicast groups a port can join and the overflow action 257

Binding the mld profile to ports 258

Binding port s binding port s 259

Mld profile 1 259

Switch config if ipv6 mld filter 1 259

Switch config if ipv6 mld snooping 259

Switch config if ipv6 mld snooping max groups 50 259

Switch config if ipv6 mld snooping max groups action drop 259

Switch config if show ipv6 mld profile 259

Switch config interface ten gigabitethernet 1 0 2 259

Switch configure 259

The following example shows how to bind the existing profile 1 to port 1 0 2 and specify the maximum number of multicast groups that port 1 0 2 can join as 50 and the overflow action as drop 259

Using the gui 261

Viewing ipv4 multicast table 261

Viewing multicast snooping information 261

Follow these steps to view ipv4 multicast statistics on each port 262

In the port statistics section view ipv4 multicast statistics on each port 262

Ipv4 multicast statistics to load the following page 262

To get the real time multicast statistics enable auto refresh or click refresh 262

Viewing ipv4 multicast statistics on each port 262

Ipv6 multicast table to load the following pag 263

The multicast ip address table shows all valid multicast ip vlan port entries 263

Viewing ipv6 multicast table 263

Follow these steps to view ipv6 multicast statistics on each port 264

In the port statistics section view ipv6 multicast statistics on each port 264

Ipv6 multicast statistics to load the following page 264

To get the real time ipv6 multicast statistics enable auto refresh or click refresh 264

Viewing ipv6 multicast statistics on each port 264

Using the cli 265

Viewing ipv4 multicast snooping information 265

Viewing ipv6 multicast snooping configurations 265

Configuration examples 266

Configuration scheme 266

Example for configuring basic igmp snooping 266

Network requirements 266

Using the gui 267

Using the cli 269

Verify the configurations 270

Example for configuring mvr 271

Network requirements 271

Network topology 271

Add port 1 0 1 3 to vlan 10 vlan 20 and vlan 30 as untagged ports respectively and configure the pvid of port 1 0 1 as 10 port 1 0 2 as 20 port 1 0 3 as 30 make sure port1 0 1 3 only belong to vlan 10 vlan 20 and vlan 30 respectively for details refer to configuring 802 q vlan 272

As the hosts are in different vlans in igmp snooping the querier need to duplicate multicast streams for hosts in each vlan to avoid duplication of multicast streams being sent between querier and the switch you can configure mvr on the switch 272

Configuration scheme 272

Demonstrated with t1700x 16ts this section provides configuration procedures in two ways using the gui and using the cli 272

Internet 272

The switch can work in either mvr compatible mode or mvr dynamic mode when in compatible mode remember to statically configure the querier to transmit the streams of multicast group 225 to the switch via the multicast vlan here we take the mvr dynamic mode as an example 272

Using the gui 272

To load the following page create vlan 40 and add port 1 0 4 to the vlan as tagged port 273

Vlan config and click 273

Using the cli 275

Verify the configurations 277

Example for configuring unknown multicast and fast leave 278

Network requirement 278

Configuration scheme 279

Using the gui 279

Using the cli 281

Configuration scheme 282

Example for configuring multicast filtering 282

Network requirements 282

Verify the configurations 282

As shown in the following network topology host b is connected to port 1 0 1 host c is connected to port 1 0 2 and host d is connected to port 1 0 3 they are all in vlan 10 283

Create vlan 10 add port 1 0 1 3 to the vlan as untagged port and port 1 0 4 as tagged port configure the pvid of the four ports as 10 for details refer to configuring 802 q vlan 283

Demonstrated with t1700x 16ts this section provides configuration procedures in two ways using the gui and using the cli 283

Global config to load the following page in the global config section enable igmp snooping globally 283

Internet 283

Network topology 283

Using the gui 283

In the igmp vlan config section click 284

In vlan 10 to load the following page enable igmp snooping for vlan 10 284

Using the cli 287

Verify the configurations 289

Appendix default parameters 290

Default parameters for igmp snooping 290

Default parameters for mld snooping 291

Default parameters for multicast filtering 292

Default parameters for mvr 292

Chapters 293

Configuring spanning tree 293

Part 11 293

Basic concepts 294

Overview 294

Spanning tree 294

Stp rstp concepts 294

Bridge id 295

Port role 295

Root bridge 295

Port status 296

Path cost 297

Root path cost 297

Mst region 298

Mstp concepts 298

Mst instance 299

Stp security 299

Vlan instance mapping 299

Configuring stp rstp parameters on ports 302

Stp rstp configurations 302

Using the gui 302

In the port config section configure stp rstp parameters on ports 303

Click apply 304

Configuring stp rstp globally 304

Stp config to load the following page 304

Follow these steps to configure stp rstp globally 305

In the parameters config section configure the global parameters of stp rstp and click apply 305

In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 306

Stp summary to load the following page 306

Verify the stp rstp information of your switch after all the configurations are finished 306

Verifying the stp rstp configurations 306

The stp summary section shows the summary information of spanning tree 307

Configuring stp rstp parameters on ports 308

Follow these steps to configure stp rstp parameters on ports 308

Using the cli 308

Configuring global stp rstp parameters 310

This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 311

Enable rstp 36864 2 12 20 5 20 312

Enabling stp rstp globally 312

Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 312

State mode priority hello time fwd time max age hold count max hops 312

Switch config end 312

Switch config show spanning tree bridge 312

Switch config spanning tree 312

Switch config spanning tree mode rstp 312

Switch config spanning tree priority 36864 312

Switch config spanning tree timer forward time 12 312

Switch configure 312

Switch copy running config startup config 312

This example shows how to enable spanning tree function configure the spanning tree mode as rstp and verify the configurations 312

Configuring parameters on ports in cist 314

Mstp configurations 314

Using the gui 314

Follow these steps to configure parameters on ports in cist 315

In the port config section configure the parameters on ports 315

Besides configure the priority of the switch the priority and path cost of ports in the desired instance 317

Click apply 317

Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 317

Configuring the mstp region 317

Configuring the region name and revision level 317

Follow these steps to create an mst region 317

In the region config section set the name and revision level to specify an mstp region 317

Region config to load the following page 317

Configure port parameters in the desired instance 319

Configuring parameters on ports in the instance 319

Follow these steps to configure port parameters in the instance 319

In the instance port config section select the desired instance id 319

Instance port config to load the following page 319

Configuring mstp globally 321

Follow these steps to configure mstp globally 321

In the parameters config section configure the global parameters of mstp and click apply 321

Stp config to load the following page 321

In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 322

Stp summary to load the following page 323

The stp summary section shows the summary information of cist 323

Verifying the mstp configurations 323

Configuring parameters on ports in cist 324

Follow these steps to configure the parameters of the port in cist 324

The mstp instance summary section shows the information in mst instances 324

Using the cli 324

Configuring the mstp region 326

Switch configure 327

This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 327

7 4094 328

Configuring the parameters on ports in instance 328

Follow these steps to configure the priority and path cost of ports in the specified instance 328

Mst instance vlans mapped 328

Region name r1 328

Revision 100 328

Switch config mst end 328

Switch config mst instance 5 vlan 2 6 328

Switch config mst name r1 328

Switch config mst revision 100 328

Switch config mst show spanning tree mst configuration 328

Switch config spanning tree mst configuration 328

Switch copy running config startup config 328

Configuring global mstp parameters 329

Follow these steps to configure the global mstp parameters of the switch 329

Interface prio cost role status lag 329

Interface state prio ext cost int cost edge p2p mode role status lag 329

Mst instance 0 cist 329

Mst instance 5 329

Switch config if end 329

Switch config if show spanning tree interface ten gigabitethernet 1 0 3 329

Switch config if spanning tree mst instance 5 port priority 144 cost 200 329

Switch config interface ten gigabitethernet 1 0 3 329

Switch configure 329

Switch copy running config startup config 329

Te1 0 3 144 200 n a lnkdwn n a 329

Te1 0 3 enable 32 auto auto no no auto n a n a lnkdwn n a 329

This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in instance 5 329

Enable mstp 36864 2 12 20 8 25 331

Enabling spanning tree globally 331

Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 331

State mode priority hello time fwd time max age hold count max hops 331

Switch config if end 331

Switch config if show spanning tree bridge 331

Switch config if spanning tree hold count 8 331

Switch config if spanning tree max hops 25 331

Switch config if spanning tree timer forward time 12 331

Switch config spanning tree priority 36864 331

Switch configure 331

Switch copy running config startup config 331

This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 331

Configure the port protect features for the selected ports and click apply 334

Stp security configurations 334

Stp security to load the following page 334

Using the gui 334

Configuring the stp security 335

Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 335

Using the cli 335

Interface bpdu filter bpdu guard loop protect root protect tc protect bpdu flood 337

Switch config if end 337

Switch config if show spanning tree interface security gigabitethernet 1 0 3 337

Switch config if spanning tree bpdufilter 337

Switch config if spanning tree bpduguard 337

Switch config if spanning tree guard loop 337

Switch config if spanning tree guard root 337

Switch config interface ten gigabitethernet 1 0 3 337

Switch configure 337

Switch copy running config startup config 337

Te1 0 3 enable enable enable enable disable enable 337

This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 337

As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 338

Configuration example for mstp 338

Configuration scheme 338

Here we configure two instances to meet the requirement as is shown below 338

It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 338

Mstp backwards compatible with stp and rstp can map vlans to instances to implement load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 338

Network requirements 338

To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 338

Using the gui 339

Using the cli 345

Verify the configurations 347

Appendix default parameters 352

Default settings of the spanning tree feature are listed in the following table 352

Chapters 354

Configuring lldp 354

Part 12 354

Overview 355

Supported features 355

Configuring lldp globally 356

Lldp configurations 356

Using the gui 356

Follow these steps to configure the lldp feature globally 357

In the global config section enable lldp you can also enable the switch to forward lldp messages when lldp function is disabled click apply 357

In the parameter config section configure the lldp parameters click apply 357

Configure the admin status and notification mode for the port 358

Configuring lldp for the port 358

Follow these steps to configure the lldp feature for the interface 358

Port config to load the following page 358

Select one or more ports to configure 358

Select the tlvs type length value included in the lldp packets according to your needs 358

Click apply 359

Enable the lldp feature on the switch and configure the lldp parameters 359

Global config 359

Using the cli 359

Switch config lldp 360

Switch config lldp hold multiplier 4 360

Switch configure 360

The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 360

Fast packet count 3 361

Initialization delay 2 seconds 361

Lldp forward message disabled 361

Lldp med fast start repeat count 4 361

Lldp status enabled 361

Port config 361

Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 361

Switch config end 361

Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 361

Switch config show lldp 361

Switch copy running config startup config 361

Trap notification interval 5 seconds 361

Ttl multiplier 4 361

Tx delay 2 seconds 361

Tx interval 30 seconds 361

Configuring lldp globally 364

Configuring lldp med globally 364

Lldp med configurations 364

Using the gui 364

Configuring lldp med for ports 365

Global config 367

Lldp status enabled 367

Switch config lldp 367

Switch config lldp med fast count 4 367

Switch config show lldp 367

Switch configure 367

The following example shows how to configure lldp med fast count as 4 367

Tx interval 30 seconds 367

Using the cli 367

Fast packet count 3 368

Initialization delay 2 seconds 368

Lldp med fast start repeat count 4 368

Port config 368

Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 368

Switch config end 368

Switch copy running config startup config 368

Trap notification interval 5 seconds 368

Ttl multiplier 4 368

Tx delay 2 seconds 368

Using gui 371

Viewing lldp device info 371

Viewing lldp settings 371

Follow these steps to view the local information 372

In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 372

In the local info section select the desired port and view its associated local device information 372

Viewing lldp statistics 375

In the neighbors statistics section view the statistics of the corresponding port 376

Using cli 376

Viewing lldp statistics 376

Viewing the local info 376

Viewing the neighbor info 376

Using gui 377

Viewing lldp med settings 377

Using cli 379

Viewing lldp statistics 380

Viewing the neighbor info 380

Configuration example for lldp 381

Configuration examples 381

Configuration scheme 381

Network requirements 381

Using the gui 381

Using cli 382

Verify the configurations 383

Configuration scheme 388

Example for lldp med 388

Network requirements 388

Using the gui 388

Using cli 391

Verify the configurations 392

Appendix default parameters 394

Default lldp med settings 394

Default lldp settings 394

Default settings of lldp are listed in the following tables 394

Chapters 395

Configuring layer 3 interfaces 395

Part 13 395

Interfaces are used to exchange data and interact with interfaces of other network devices interfaces are classified into layer 2 interfaces and layer 3 interfaces 396

Layer 2 interfaces are the physical ports on the switch panel they forward packets based on mac address table 396

Layer 3 interfaces are used to forward ipv4 and ipv6 packets using static or dynamic routing protocols you can use layer 3 interfaces for ip routing and inter vlan routing 396

Overview 396

This chapter introduces the configurations for layer 3 interfaces the supported types of layer 3 interfaces are shown as below 396

Creating an layer 3 interface 397

Layer 3 interface configurations 397

Using the gui 397

In the interface list section click 398

To load the following page and configure the corresponding parameters for the layer 3 interface then click create 398

Configuring ipv4 parameters of the interface 399

Figure 2 399

In the modify ipv4 interface section configure relevant parameters for the interface according to your actual needs then click apply 399

List section on the corresponding interface entry click edit ipv4 to load the following page and edit the ipv4 parameters of the interface 399

You can view the corresponding interface you have created in the interface 399

Configuring ipv6 parameters of the interface 400

In the modify ipv6 interface section enable ipv6 feature for the interface and configure the corresponding parameters then click apply 401

Configure ipv6 global address of the interface via following three ways 402

In the global address table section click 402

Manually 402

To manually assign an ipv6 global address to the interface 402

Via dhcpv6 server 402

Via ra message 402

Figure 2 403

Interface list section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 403

View the global address entry in the global address table 403

Viewing detail information of the interface 403

You can view the corresponding interface entry you have created in the 403

Creating an layer 3 interface 404

Follow these steps to create an layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 404

Using the cli 404

Switch config if description vlan 2 405

Switch config if end 405

Switch config interface vlan 2 405

Switch configure 405

The following example shows how to create a vlan interface with a description of vlan 2 405

Configuring ipv4 parameters of the interface 406

Follow these steps to configure the ipv4 parameters of the interface 406

Switch config if ip address 192 68 00 255 55 55 406

Switch config if no switchport 406

Switch config interface ten gigabitethernet 1 0 1 406

Switch configure 406

Switch copy running config startup config 406

The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 406

Configuring ipv6 parameters of the interface 407

Follow these steps to configure the ipv6 parameters of the interface 407

Interface ip address method status protocol shutdown te1 0 1 192 68 00 24 static up up no 407

Switch config if end 407

Switch config if show ip interface brief 407

Switch copy running config startup config 407

Global address dhcpv6 enable 408

Global address ra disable 408

Global unicast address es ff02 1 ff13 237b 408

Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 408

Joined group address es ff02 1 408

Switch config if ipv6 address autoconfig 408

Switch config if ipv6 address dhcp 408

Switch config if ipv6 enable 408

Switch config if show ipv6 interface 408

Switch config interface vlan 2 408

Switch configure 408

The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 408

Vlan2 is up line protocol is up 408

Configuration example 410

Configuration scheme 410

Network requirement 410

Using the gui 410

Using the cli 411

Verify the vlan interface configurations 412

Appendix default parameters 413

Default settings of interface are listed in the following tables 413

Chapters 414

Configuring routing 414

Part 14 414

Overview 415

Configure the corresponding parameters to add an ipv4 static routing entry then click create 416

Ipv4 static routing and click 416

Ipv4 static routing configuration 416

To load the following page to load the following page 416

Using the gui 416

C 192 68 24 is directly connected vlan1 417

Candidate default 417

Codes c connected s static 417

Follow these steps to create an ipv4 static route 417

S 192 68 24 1 0 via 192 68 vlan1 417

Switch config end 417

Switch config ip route 192 68 255 55 55 192 68 417

Switch config show ip route 417

Switch configure 417

Switch copy running config startup config 417

The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 417

Using the cli 417

Configure the corresponding parameters to add an ipv6 static routing entry then click create 418

Follow these steps to enable ipv6 routing function and create an ipv6 static route 418

Ipv6 static 418

Ipv6 static routing configuration 418

Routing table and click 418

To load the following page 418

Using the cli 418

Using the gui 418

C 3000 64 is directly connected vlan1 419

Candidate default 419

Codes c connected s static 419

S 3200 64 1 0 via 3100 1234 vlan2 419

Switch config end 419

Switch config ipv6 route 3200 64 3100 1234 419

Switch config show ipv6 route static 419

Switch configure 419

Switch copy running config startup config 419

The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 419

Using the gui 420

Viewing ipv4 routing table 420

Viewing routing table 420

Ipv6 routing information summary to load the following page 421

On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 421

Using the cli 421

View the ipv6 routing entries 421

Viewing ipv4 routing table 421

Viewing ipv6 routing table 421

On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 422

Viewing ipv6 routing table 422

Configuration scheme 423

Example for static routing 423

Network requirements 423

Using the gui 423

Using the cli 425

Verify the configurations 426

Approximate round trip times in milli seconds 427

Minimum 1ms maximum 3ms average 1ms 427

Chapters 428

Configuring dhcp service 428

Part 15 428

Dhcp relay 429

Dhcp server 429

Overview 429

Supported features 429

As the following figure shows no ip addresses are assigned to vlan 10 and vlan 20 but a default relay agent interface is configured with the ip address 192 68 24 the switch uses ip address of the default agent interface 192 68 24 to apply for ip addresses for clients in both vlan 10 and vlan 20 as a result the dhcp server will assign ip addresses on 192 68 24 the same subnet with the ip address of the default agent interface to clients in both vlan 10 and vlan 20 431

Dhcp l2 relay 431

Unlike dhcp relay dhcp l2 relay is used in the situation that the dhcp server and client are in the same vlan in dhcp l2 relay in addition to normally assigning ip addresses to clients from the dhcp server the switch can record the location information of the dhcp client using option 82 the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server the dhcp server which supports option 82 can set the distribution policy of ip addresses and the other parameters providing a more flexible address distribution way 431

Dhcp server configuration 432

Enabling dhcp server 432

Using the gui 432

Enter the starting ip address and ending ip address to specify the range of reserved ip addresses click create 433

In the excluded ip address table section click 433

In the ping time config section configure ping packets and ping timeout for ping tests click apply 433

To load the following page to specify the ip addresses that should not be assigned to the clients 433

Configure the parameters for the dhcp server pool then click create 434

Configuring dhcp server pool 434

Pool setting and click 434

The dhcp server pool defines the parameters that will be assigned to the dhcp clients 434

To load the following page 434

Configuring manual binding 435

Manual binding and 435

Select a pool name and enter the ip address to be bound select a binding mode and finish the configuration accordingly click create 435

Some devices like web servers require static ip addresses to meet this requirement you can manually bind the mac address or client id of the device to an ip address and the dhcp server will reserve the bound ip address to this device at all times 435

To load the following page 435

Enabling dhcp server 436

Follow these steps to enable dhcp server and to configure ping packets and ping timeout 436

Using the cli 436

Switch config service dhcp server 437

Switch configure 437

The following example shows how to enable dhcp server globally on switch configure the number of ping packets as 2 and configure the ping timeout period as 200 ms 437

Configuring dhcp server pool 439

Follow these steps to configure dhcp server pool 439

Switch config ip dhcp server pool pool1 440

Switch configure 440

Switch dhcp config lease 180 440

Switch dhcp config network 192 68 255 55 55 440

The following example shows how to create a dhcp server pool and name it as pool1 and configure its network address as 192 68 subnet mask as 255 55 55 lease time as 180 minute default gateway as 192 68 dns server as 192 68 netbios server as 192 68 9 netbios type as broadcast tftp server as 192 68 0 domain name as com and bootfile name as bootfile 440

Configuring manual binding 441

Pool name client id hardware address ip address hardware type bind mode 442

Pool1 74 d4 68 22 3f 34 192 68 3 ethernet mac address 442

Switch config 442

Switch config ip dhcp server pool pool1 442

Switch copy running config startup config 442

Switch dhcp config address 192 68 3 hardware address 74 d4 68 22 3f 34 hardware type ethernet 442

Switch dhcp config end 442

Switch dhcp config show ip dhcp server manual binding 442

The following example shows how to bind the ip address 192 68 3 in pool1 on the subnet of 192 68 to the host with the mac address 74 d4 68 22 3f 34 442

Dhcp relay configuration 443

Enabling dhcp relay and configuring option 82 443

Using the gui 443

Optional in the option 82 configuration section configure option 82 444

Configuring dhcp interface relay 445

Configuring dhcp vlan relay 445

Follow these steps to specify dhcp server for the specific vlan 446

In the default relay agent interface section specify a layer 3 interface as the default relay agent interface then click apply 446

In the dhcp vlan relay list section click 446

Specify the vlan the clients belongs to and the server address click create 446

To load the configuration page 446

Enabling dhcp relay 447

Follow these steps to enable dhcp relay and configure the corresponding parameters 447

Switch config service dhcp relay 447

Switch configure 447

The following example shows how to enable dhcp relay configure the relay hops as 5 and configure the relay time as 10 seconds 447

Using the cli 447

Dhcp relay hops 5 448

Dhcp relay state enabled 448

Dhcp relay time threshold 10 seconds 448

Follow these steps to configure option 82 448

Optional configuring option 82 448

Switch config end 448

Switch config ip dhcp relay hops 5 448

Switch config ip dhcp relay time 10 448

Switch config show ip dhcp relay 448

Switch copy running config startup config 448

Interface option 82 status operation strategy format circuit id remote id lag 449

Switch config if end 449

Switch config if ip dhcp relay information circut id vlan20 449

Switch config if ip dhcp relay information format normal 449

Switch config if ip dhcp relay information option 449

Switch config if ip dhcp relay information remote id host1 449

Switch config if ip dhcp relay information strategy replace 449

Switch config if show ip dhcp relay information interface ten gigabitethernet 1 0 7 449

Switch config interface ten gigabitethernet 1 0 7 449

Switch configure 449

Switch copy running config startup config 449

Te1 0 7 enable replace normal vlan20 host1 n a 449

The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 449

Configuring dhcp interface relay 450

Follow these steps to dhcp interface relay 450

The following example shows how to configure the dhcp server address as 192 68 on vlan interface 66 450

You can specify dhcp server for an layer 3 interface or for a vlan the following respectively introduces how to configure dhcp interface relay and dhcp vlan relay 450

Configuring dhcp vlan relay 451

Dhcp relay helper address is configured on the following interfaces 451

Follow these steps to configure dhcp vlan relay 451

Interface helper address 451

Switch config if end 451

Switch config if ip helper address 192 68 451

Switch config if show ip dhcp relay 451

Switch config interface vlan 66 451

Switch configure 451

Switch copy running config startup config 451

Vlan 66 192 68 451

Dhcp vlan relay helper address is configured on the following vlan 452

Switch config end 452

Switch config if exit 452

Switch config if ip dhcp relay default interface 452

Switch config if no switchport 452

Switch config interface ten gigabitethernet 1 0 2 452

Switch config ip dhcp relay vlan 10 helper address 192 68 452

Switch config show ip dhcp relay 452

Switch configure 452

Switch copy running config startup config 452

The following example shows how to set the routed port 1 0 2 as the default relay agent interface and configure the dhcp server address as 192 68 on vlan 10 452

Vlan 10 192 68 452

Vlan helper address 452

Dhcp l2 relay configuration 453

Enabling dhcp l2 relay 453

Using the gui 453

Configuring option 82 for ports 454

Follow these steps to enable dhcp relay and configure option 82 454

Port config to load the following page 454

Select one or more ports to configure option 82 454

Click apply 455

Enabling dhcp relay 455

Follow these steps to enable dhcp l2 relay 455

Switch config ip dhcp l2relay 455

Switch configure 455

The following example shows how to enable dhcp l2 relay globally and for vlan 2 455

Using the cli 455

Configuring option 82 for ports 456

Follow these steps to configure option 82 456

Global status enable 456

Switch config end 456

Switch config ip dhcp l2relay vlan 2 456

Switch config show ip dhcp l2relay 456

Switch copy running config startup config 456

Vlan id 2 456

Interface option 82 status operation strategy format circuit id remote id lag 457

Switch config if end 457

Switch config if ip dhcp l2relay information circut id vlan20 457

Switch config if ip dhcp l2relay information format normal 457

Switch config if ip dhcp l2relay information option 457

Switch config if ip dhcp l2relay information remote id host1 457

Switch config if ip dhcp l2relay information strategy replace 457

Switch config if show ip dhcp l2relay information interface ten gigabitethernet 1 0 7 457

Switch config interface ten gigabitethernet 1 0 7 457

Switch configure 457

Switch copy running config startup config 457

Te1 0 7 enable replace normal vlan20 host1 n a 457

The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 457

Configuration examples 458

Configuration scheme 458

Example for dhcp server 458

Network requirements 458

Using the gui 458

Using the cli 459

Example for dhcp interface relay 460

Network requirements 460

Verify the configuration 460

Configuration scheme 461

Using the gui 461

Using the cli 467

Verify the configurations of the dhcp relay agent 469

Configuration scheme 470

Example for dhcp vlan relay 470

Network requirements 470

Using the gui 471

Using the cli 474

Verify the configurations of the dhcp relay agent 475

Configuration scheme 476

Example for dhcp l2 relay 476

Network requirements 476

Using the gui 477

Using cli 478

Verify the configurations 479

Interface option 82 status operation strategy format circuit id 480

Te1 0 2 enable replace normal group2 480

Appendix default parameters 481

Default settings of dhcp server are listed in the following table 481

Default settings of dhcp relay are listed in the following table 482

Default settings of dhcp l2 relay are listed in the following table 483

Chapters 484

Configuring arp 484

Part 16 484

Arp table 485

Gratuitous arp 485

Overview 485

Proxy arp 485

Static arp 485

Supported features 485

Local proxy arp 486

Local proxy arp is similar with proxy arp as shown below two hosts are in the same vlan and connected to vlan interface 1 but port 1 0 1 and port 1 0 2 are isolated on layer 2 in this case both of the hosts cannot receive each other s arp request so they cannot communicate with each other because they cannot learn each other s mac address using arp packets 486

To solve this problem you can enable local proxy arp on the layer 3 interface and the interface will respond the arp request sender with its own mac address after that the arp request sender sends packets to the layer 3 interface and the interface forwards the packets to the intended device 486

Arp configurations 487

Using the gui 487

Viewing the arp entries 487

Adding static arp entries manually 488

Configuring gratuitous arp 488

Enter the ip address and mac address then click create 488

Gratuitous arp to load the following page 488

Static arp and click 488

To load the following page 488

You can add desired static arp entries by mannually specifying the ip addresses and mac addresses 488

Configuring proxy arp 489

Follow these steps to configure the gratuitous feature for the interface 489

In the gratuitous arp global settings section configure the global parameters for gratuitous arp then click apply 489

In the gratuitous arp table section configure the interval of sending gratuitous arp request packets for the interface then click apply 489

Proxy arp is used in the situation that two devices are in the same network segment but connected to different layer 3 interfaces 489

Proxy arp to load the following page 489

Configuring local proxy arp 490

Local proxy arp is used in the situation that two devices are in the same vlan but isolated on the layer 2 ports 490

Local proxy arp to load the following page 490

Select the desired interface and enable local proxy arp then click apply 490

Select the desired interface and enable proxy arp then click apply 490

Adding static arp entries 491

Configuring the aging time of dynamic arp entries 491

Configuring the arp entry 491

Follow these steps to add static arp entries 491

Follow these steps to configure the aging time of dynamic arp entries 491

Interface address hardware addr type 491

Switch config arp 192 68 00 11 22 33 44 55 arpa 491

Switch config end 491

Switch config show arp 192 68 491

Switch configure 491

Switch copy running config startup config 491

This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 491

Using the cli 491

Vlan1 192 68 00 11 22 33 44 55 static 491

Clearing dynamic entries 492

Renewing dynamic arp entries automatically 492

Switch config arp timeout 1000 492

Switch config end 492

Switch configure 492

Switch copy running config startup config 492

This example shows how to configure the aging time of dynamic arp entries as 1000 seconds 492

Configuring gratuitous arp globally 493

Configuring the gratuitous arp 493

Follow these steps to add static arp entries 493

On privileged exec mode or any other configuration mode you can use the following command to view arp entries 493

This example shows how to enable send on ip interface status up send on duplicate ip detected and gratuitous arp learning features 493

Viewing arp entries 493

Configuring interval of sending gratuitous arp packets 494

Follow these steps to configure gratuitous arp packets for layer 3 interfaces 494

Gratuitous arp learning enabled 494

Interface gratuitous arp periodical send interval 494

Send on duplicate ip detected enabled 494

Send on ip interface status up enabled 494

Switch config end 494

Switch config gratuitous arp dup ip detected enable 494

Switch config gratuitous arp intf status up enable 494

Switch config gratuitous arp learning enable 494

Switch config show gratuitous arp 494

Switch configure 494

Switch copy running config startup config 494

Te1 0 18 0 494

Vlan1 0 494

Configuring proxy arp 495

Configuring local proxy arp 496

Follow these steps to local proxy arp on the vlan interface routed port or port channel 496

Interface ip address ip mask status vlan 1 192 68 255 55 55 enabled 496

Switch config if end 496

Switch config if ip proxy arp 496

Switch config if show ip proxy arp 496

Switch config interface vlan 1 496

Switch configure 496

Switch copy running config startup config 496

This example shows how to enable proxy arp function for vlan interface 1 496

Interface ip address ip mask status 497

Switch config if end 497

Switch config if ip local proxy arp 497

Switch config if show ip local proxy arp 497

Switch config interface vlan 1 497

Switch configure 497

Switch copy running config startup config 497

This example shows how to enable local proxy arp function for vlan interface 1 497

Vlan 1 192 68 255 55 55 enabled 497

Appendix default parameters 498

Default arp settings are listed in the following tables 498

Chapters 499

Configuring qos 499

Part 17 499

Bandwidth control 500

Class of service 500

Overview 500

Supported features 500

Voice vlan and auto voip 500

802 p priority 502

Class of service configuration 502

Configuration guidelines 502

Dscp priority 502

Port priority 502

Click apply 503

Configuring port priority 503

Configuring the trust mode and port to 802 p mapping 503

Follow these steps to configure the parameters of the port priority 503

Port priority to load the following page 503

Select the desired ports specify the 802 p priority and set the trust mode as untrusted 503

Using the gui 503

Click apply 505

Configuring 802 p priority 505

Configuring the trust mode 505

Follow these steps to configure the trust mode 505

Port priority to load the following page 505

Select the desired ports and set the trust mode as trust 802 p 505

Click apply 507

Configuring dscp priority 507

Configuring the trust mode 507

Follow these steps to configure the trust mode 507

Port priority to load the following page 507

Select the desired ports and set the trust mode as trust dscp 507

Configuring the 802 p to queue mapping 508

In the 802 p to queue mapping section configure the mappings and click apply 508

P priority to load the following page 508

Click apply 509

Configuring the dscp to 802 p mapping and the dscp remap 509

Dscp priority to load the following page 509

Follow these steps to configure the dscp priority 509

In the dscp priority config section configure the dscp to 802 p mapping and the dscp remap 509

Specifying the scheduler settings 510

Click apply 511

Configuring port priority 511

Configuring the trust mode and the port to 802 p mapping 511

Follow these steps to configure the trust mode and the port to 802 p mapping 511

Using cli 511

Configuring the 802 p to queue mapping 512

Follow these steps to configure the 802 p to queue mapping 512

Configuring 802 p priority 513

Configuring the 802 p to queue mapping and 802 p remap 514

Follow these steps to configure the 802 p to queue mapping and 802 p remap 514

Port trust mode lag 515

Switch config if exit 515

Switch config if qos trust mode dot1p 515

Switch config interface ten gigabitethernet 1 0 1 515

Switch config qos cos map 3 4 515

Switch config qos dot1p remap 1 3 515

Switch config show qos cos map 515

Switch config show qos trust interface ten gigabitethernet 1 0 1 515

Switch configure 515

Te1 0 1 trust 802 p n a 515

The following example shows how to configure the trust mode of port 1 0 1 as dot1p map 802 p priority 3 to tc4 and configure to map the original 802 p 1 to 802 p priority 3 515

Configuring dscp priority 516

Configuring the trust mode 516

Dot1p remap 0 3 2 3 4 5 6 7 n a 516

Dot1p value 0 1 2 3 4 5 6 7 516

Dot1p value 0 1 2 3 4 5 6 7 lag 516

Follow these steps to configure the trust mode 516

Switch config end 516

Switch config show qos dot1p remap 516

Switch copy running config startup config 516

Tc tc0 tc1 tc2 tc4 tc4 tc5 tc6 tc7 516

Configuring the 802 p to queue mapping 517

Configuring the dscp to 802 p mapping and dscp remp 517

Follow these steps to configure the 802 p to queue mapping 517

Follow these steps to configure the dscp to 802 p mapping and dscp remap 517

Port trust mode lag 518

Switch config if exit 518

Switch config if qos trust mode dscp 518

Switch config interface ten gigabitethernet 1 0 1 518

Switch config qos cos map 3 4 518

Switch config qos dscp map 1 3 5 7 3 518

Switch config qos dscp remap 9 5 518

Switch config show qos trust interface ten gigabitethernet 1 0 1 518

Switch configure 518

The following example shows how to configure the trust mode of port 1 0 1 as dscp map 802 p priority 3 to tc4 map dscp priority 1 3 5 7 to 802 p priority 3 and configure to map the original dscp priority 9 to dscp priority 5 518

Follow these steps to specify the scheduler settings to control the forwarding sequence of different tc queues when congestion occurs 521

Specifying the scheduler settings 521

Bandwidth control configuration 523

Configuring rate limit 523

Using the gui 523

Configuring storm control 524

Follow these steps to configure the storm control function 524

Select the desired port and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames unknown unicast frames 524

Storm control to load the following page 524

Click apply 525

Configuring rate limit 525

Follow these steps to configure the upper rate limit for the port to receive and send packets 525

Using the cli 525

Configuring storm control 526

Port ingressrate kbps egressrate kbps lag 526

Switch config if bandwidth ingress 5120 egress 1024 526

Switch config if end 526

Switch config if show bandwidth interface ten gigabitethernet 1 0 5 526

Switch config interface ten gigabitethernet 1 0 5 526

Switch configure 526

Switch copy running config startup config 526

Te1 0 5 5120 1024 n a 526

The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 526

Configuring oui addresses 529

Using the gui 529

Voice vlan configuration 529

Click create 530

Configuring voice vlan globally 530

Follow these steps to configure the oui addresses 530

Global config to load the following page 530

Specify the oui and the description 530

To load the following page 530

Adding ports to voice vlan 531

Click apply 531

Enable the voice vlan feature and specify the parameters 531

Follow these steps to configure voice vlan globally 531

Port config to load the following page 531

Select the desired ports and choose enable in voice vlan filed 531

Click apply 532

Follow these steps to configure voice vlan 532

Using the cli 532

Auto voip configuration 535

Configuration guidelines 535

Using the gui 535

Click apply 536

Follow these steps to configure auto voip 536

Using the cli 536

Configuration examples 540

Configuration scheme 540

Example for class of service 540

Network requirements 540

Using the gui 541

Using the cli 543

Verify the configurations 544

Example for voice vlan 545

Network requirements 545

Configuration scheme 546

Configure 802 q vlan for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 546

Configure voice vlan feature on port 1 0 1 and port 1 0 2 546

Demonstrated with t1700x 16ts the following sections provide configuration procedure in two ways using the gui and using the cli 546

Internet 546

To implement this requirement you can configure voice vlan to ensure that the voice traffic can be transmitted in the same vlan and the data traffic is transmitted in another vlan in addition specify the priority to make the voice traffic can take precedence when the congestion occurs 546

To load the following page create vlan 2 and add untagged port 1 0 1 port 1 0 2 and port 1 0 4 to vlan 2 click create 546

Using the gui 546

Vlan config and click 546

Using the cli 550

Verify the configurations 552

Configuration scheme 553

Example for auto voip 553

Network requirements 553

Using the gui 554

Using the cli 559

Verify the configurations 560

Appendix default parameters 563

Default settings of class of service are listed in the following tables 563

Default settings of class of service are listed in the following tables 565

Default settings of voice vlan are listed in the following tables 565

Default settings of auto voip are listed in the following tables 566

Chapters 567

Configuring access security 567

Part 18 567

Access control 568

Access security 568

Overview 568

Supported features 568

Telnet 568

Access security configurations 569

Configuring the access control feature 569

Using the gui 569

In the entry table section click 570

To add an access control entry 570

When the ip based mode is selected the following window will pop up 570

When the mac based mode is selected the following window will pop up 570

Click create then you can view the created entries in the entry table 571

When the port based mode is selected the following window will pop up 571

Configuring the http function 572

Configuring the https function 574

In the ciphersuite config section select the algorithm to be enabled and click apply 575

In the number of access users section enable number control function specify the following parameters and click apply 575

In the session config section specify the session timeout and click apply 575

In the load certificate and load key section download the certificate and key 576

Configuring the ssh feature 577

Configuring the telnet function 578

Enable telnet and click apply 578

In data integrity algorithm section enable the integrity algorithm you want the switch to support and click apply 578

In import key file section select key type from the drop down list and click browse to download the desired key file 578

In the encryption algorithm section enable the encryption algorithm you want the switch to support and click apply 578

Telnet config to load the following page 578

Configuring the access control 579

Follow these steps to configure the access control 579

Using the cli 579

68 00 32 snmp telnet http https 580

Configuring the http function 580

Follow these steps to configure the http function 580

Index ip address access interface 580

Switch config end 580

Switch config show user configuration 580

Switch config user access control ip based 192 68 00 255 55 55 55 snmp telnet http https 580

Switch config user access control ip based enable 580

Switch configure 580

Switch copy running config startup config 580

The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 55 and make the switch support snmp telnet http and https 580

User authentication mode ip based 580

Http max users as admin 6 581

Http max users as operator 2 581

Http max users as power user 2 581

Http max users as user 2 581

Http port 80 581

Http session timeout 9 581

Http status enabled 581

Http user limitation enabled 581

Switch config end 581

Switch config ip http max user 6 2 2 2 581

Switch config ip http server 581

Switch config ip http session timeout 9 581

Switch config show ip http configuration 581

Switch configure 581

The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 581

Configuring the https function 582

Follow these steps to configure the https function 582

Switch copy running config startup config 582

Switch config ip http secure protocol ssl3 tls1 583

Switch config ip http secure server 583

Switch configure 583

The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the maximum admin number as 2 the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 583

Configuring the ssh feature 584

Begin ssh2 public key 587

Comment dsa key 20160711 587

Configuring the telnet function 587

Follow these steps enable the telnet function 587

Hmac md5 enabled 587

Key file 587

Key type ssh 2 rsa dsa 587

Switch config end 587

Switch copy running config startup config 587

Appendix default parameters 588

Default settings of access security are listed in the following tables 588

Chapters 590

Configuring aaa 590

Part 19 590

Overview 591

Aaa configuration 592

Configuration guidelines 592

Aaa application list 593

Adding radius server 593

Adding servers 593

Configure the following parameters 593

Follow these steps to add a radius server 593

Radius config and click 593

The switch supports the following access applications telnet ssh and http you can select the configured authentication method lists for each application 593

To load the following page 593

Using the gui 593

You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server that is first added to the group has the highest priority and authenticates the users trying to access the switch the others act as backup servers in case the first one breaks down 593

Adding tacacs server 594

Click create to add the radius server on the switch 594

Click create to add the tacacs server on the switch 594

Configure the following parameters 594

Follow these steps to add a tacacs server 594

Tacacs config and click 594

To load the following page 594

And the following window will pop up 595

Click create 595

Configure the following parameters 595

Configuring server groups 595

Server group to load the following page 595

The switch has two built in server groups one for radius servers and the other for tacacs servers the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 595

There are two default server groups in the list you can edit the default server groups or follow these steps to configure a new server group 595

Configuring the method list 596

Click apply 597

Click create to add the new method 597

Configuring the aaa application list 597

Follow these steps to configure the aaa application list 597

Global config to load the following page 597

In the aaa application list section select an access application and configure the login list and enable list 597

Configuring login account and enable password 598

Adding radius server 599

Adding servers 599

Follow these steps to add radius server on the switch 599

Using the cli 599

You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server with the highest priority authenticates the users trying to access the switch and the others act as backup servers in case the first one breaks down 599

68 0 1812 1813 5 2 000aeb132397 123456 600

Adding tacacs server 600

Follow these steps to add tacacs server on the switch 600

Server ip auth port acct port timeout retransmit nas identifier shared key 600

Switch config end 600

Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 600

Switch config show radius server 600

Switch configure 600

Switch copy running config startup config 600

The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 600

68 0 49 8 123456 601

Configuring server groups 601

Server ip port timeout shared key 601

Switch config end 601

Switch config show tacacs server 601

Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 601

Switch configure 601

Switch copy running config startup config 601

The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 601

The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 601

The two default server groups cannot be deleted or edited follow these steps to add a server group 601

Configuring the method list 602

Default local 603

Login1 radius local 603

Methodlist pri1 pri2 pri3 pri4 603

Switch config aaa authentication login login1 radius local 603

Switch config end 603

Switch config show aaa authentication login 603

Switch configure 603

Switch copy running config startup config 603

The following example shows how to create a login method list named login1 and configure the method 1 as the default radius server group and the method 2 as local 603

The following example shows how to create an enable method list named enable1 and configure the method 1 as the default radius server group and the method 2 as local 603

Configuring the aaa application list 604

Default local 604

Enable1 radius local 604

Follow these steps to apply the login and enable method lists for the application telnet 604

Methodlist pri1 pri2 pri3 pri4 604

Switch config aaa authentication enable enable1 radius local 604

Switch config end 604

Switch config show aaa authentication enable 604

Switch copy running config startup config 604

Telnet 604

You can configure authentication method lists on the following access applications telnet ssh and http 604

Follow these steps to apply the login and enable method lists for the application ssh 605

Http default default 605

Module login list enable list 605

Ssh default default 605

Switch config line enable authentication enable1 605

Switch config line end 605

Switch config line login authentication login1 605

Switch config line show aaa global 605

Switch config line telnet 605

Switch configure 605

Switch copy running config startup config 605

Telnet login1 enable1 605

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 605

Follow these steps to apply the login and enable method lists for the application http 606

Http default default 606

Module login list enable list 606

Ssh login1 enable1 606

Switch config line enable authentication enable1 606

Switch config line end 606

Switch config line login authentication login1 606

Switch config line show aaa global 606

Switch config line ssh 606

Switch configure 606

Switch copy running config startup config 606

Telnet default default 606

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 606

Configuring login account and enable password 607

For enable password configuration 608

For login authentication configuration more than one login account can be created on the server besides both the user name and password can be customized 608

On radius server the user name should be set as enable and the enable password is customizable all the users trying to get administrative privileges share this enable password 608

On tacacs server configure the value of enable 15 as the enable password in the configuration file all the users trying to get administrative privileges share this enable password 608

On the server 608

Some configuration principles on the server are as follows 608

The accounts created by the radius tacacs server can only view the configurations and some network information without the enable password 608

Tips the logged in guests can get administrative privileges by using the command enable admin and providing the enable password 608

Configuration example 609

Configuration scheme 609

Network requirements 609

Using the gui 610

Using the cli 612

Verify the configuration 613

Appendix default parameters 615

Default settings of aaa are listed in the following tables 615

Chapters 617

Configuring 802 x 617

Part 20 617

Overview 618

Authentication server 619

The authentication server is usually the host running the radius server program it stores information of clients confirms whether a client is legal and informs the authenticator whether a client is authenticated 619

Configuring the radius server 620

Using the gui 620

X configuration 620

Click apply 621

Configure the parameters of the radius server 621

Configuring the radius server group 621

Follow these steps to add a radius server 621

Follow these steps to add the radius server to a server group 621

If you click 621

Server group to load the following page 621

The following window will pop up select a radius server and click save 621

To add a new server group 621

To edit the default radius server group or click 621

Configuring 802 x globally 623

Follow these steps to configure 802 x global parameters 623

Global config to load the following page 623

In the accounting dot1x method section select an existing radius server group for accounting from the pri1 drop down list and click apply 623

In the authentication dot1x method section select an existing radius server group for authentication from the pri1 drop down list and click apply 623

In the global config section configure the following parameters 623

Click apply 624

Configuring 802 x on ports 624

Follow these steps to configure 802 x authentication on the desired port 624

Port config to load the following page 624

Select one or more ports and configure the following parameters 624

Click apply 625

Authenticator state to load the following page 626

On this page you can view the authentication status of each port 626

View the authenticator state 626

Configuring the radius server 627

Follow these steps to configure radius 627

Using the cli 627

The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 628

Configuring 802 x globally 629

The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 630

Authentication protocol pap 631

Configuring 802 x on ports 631

Follow these steps to configure the port 631

Handshake state enabled 631

Switch config dot1x auth protocol pap 631

Switch config dot1x system auth control 631

Switch config end 631

Switch config show dot1x global 631

Switch configure 631

Switch copy running config startup config 631

X accounting state disabled 631

X state enabled 631

X vlan assignment state disabled 631

3 unauthorized n a 633

Maxreq quietperiod supptimeout authorized lag 633

Port state mab state guestvlan portcontrol portmethod 633

Switch config if dot1x 633

Switch config if dot1x port method port based 633

Switch config if end 633

Switch config if show dot1x interface ten gigabitethernet 1 0 2 633

Switch config interface ten gigabitethernet 1 0 2 633

Switch configure 633

Switch copy running config startup config 633

Te1 0 2 disabled disabled 0 auto port based 633

The following example shows how to enable 802 x authentication on port 1 0 2 configure the control type as port based and keep other parameters as default 633

Viewing authenticator state 633

You can view the authenticator state if needed you can also initialize or reauthenticate the specific client 633

Configuration example 635

Configuration scheme 635

Network requirements 635

Network topology 635

Demonstrated with t1700x 16ts acting as the authenticator the following sections provide configuration procedure in two ways using the gui and using the cli 636

Internet 636

Radius config and click 636

To load the following page configure the parameters of the radius server and click create 636

Using the gui 636

Using the cli 638

Verify the configurations 639

Appendix default parameters 641

Default settings of 802 x are listed in the following table 641

Chapters 642

Configuring port security 642

Part 21 642

Overview 643

Follow these steps to configure port security 644

Port security configuration 644

Select one or more ports and configure the following parameters 644

Using the gui 644

Click apply 645

Follow these steps to configure port security 645

Using the cli 645

Switch configure 646

The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 enable exceed max leaned feature and configure the mode as permanent and the status as drop 646

Appendix default parameters 648

Default settings of port security are listed in the following table 648

Chapters 649

Configuring acl 649

Part 22 649

Configuration guidelines 650

Overview 650

Acl configuration 651

Configuring time range 651

Creating an acl 651

Using the gui 651

Configuring acl rules 652

Configuring mac acl rule 652

Follow these steps to configure the mac acl rule 653

In the mac acl rule section configure the following parameters 653

In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 654

In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 654

In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 655

In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 655

Configuring ip acl rule 656

Follow these steps to configure the ip acl rule 657

In the ip acl rule section configure the following parameters 657

In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 658

In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 659

In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 659

And the following page will appear 660

Click apply 660

Click edit acl for a combined acl entry to load the following page 660

Configuring combined acl rule 660

In acl rules table section click 660

In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 660

Follow these steps to configure the combined acl rule 661

In the combined acl rule section configure the following parameters 661

In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 663

In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 663

Click apply 664

In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 664

In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 664

Configuring the ipv6 acl rule 665

Follow these steps to configure the ipv6 acl rule 666

In the ipv6 acl rule section configure the following parameters 666

Click apply 668

In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 668

The rules in an acl are listed in ascending order of their rule ids the switch matches a received packet with the rules in order when a packet matches a rule the switch stops the match process and performs the action defined in the rule 668

Viewing the acl rules 668

Configuring acl binding 669

Configuring acl 671

Configuring time range 671

Follow the steps to create different types of acl and configure the acl rules 671

Mac acl 671

Some acl based services or features may need to be limited to take effect only during a specified time period in this case you can configure a time range for the acl for details about time range configuration please refer to managing system 671

Using the cli 671

You can define the rules based on source or destination ip address source or destination mac address protocol type port number and others 671

Switch config access list create 50 672

Switch configure 672

The following example shows how to create mac acl 50 and configure rule 5 to permit packets with source mac address 00 34 a2 d4 34 b5 672

Ip acl 673

Mac access list 50 name acl_50 673

Rule 5 permit logging disable smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 673

Switch config end 673

Switch config mac acl access list mac 50 rule 5 permit logging disable smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 673

Switch config mac acl exit 673

Switch config show access list 50 673

Switch copy running config startup config 673

Combined acl 674

Follow these steps to configure combined acl 674

Ip access list 600 name acl_600 674

Rule 1 permit logging disable sip 192 68 00 smask 255 55 55 55 674

Switch config access list create 600 674

Switch config access list ip 600 rule 1 permit logging disable sip 192 68 00 sip mask 255 55 55 55 674

Switch config end 674

Switch config show access list 600 674

Switch configure 674

Switch copy running config startup config 674

The following example shows how to create ip acl 600 and configure rule 1 to permit packets with source ip address 192 68 00 674

Combined access list 2600 name acl_2600 676

Ipv6 acl 676

Rule 1 permit logging disable vid 2 sip 192 68 00 sip mask 255 55 55 55 676

Switch config access list combined 1100 logging disable rule 1 permit vid 2 sip 192 68 00 sip mask 255 55 55 55 676

Switch config access list create 1100 676

Switch config end 676

Switch config show access list 2600 676

Switch configure 676

Switch copy running config startup config 676

The following example shows how to create combined acl 1100 and configure rule 1 to deny packets with source ip address 192 68 00 in vlan 2 676

Resequencing rules 678

Configuring policy 679

Follow the steps below to configure the policy actions for an acl rule 679

Policy allows you to further process the matched packets through operations such as mirroring rate limiting redirecting or changing priority 679

Rule 11 permit logging disable vid 18 679

Rule 21 permit logging disable dmac aa cc ee ff dd 33 dmask ff ff ff ff ff ff 679

Switch config end 679

Switch copy running config startup config 679

Mac access list 10 name acl_10 680

Redirect the matched packets to port 1 0 4 for rule 1 of mac acl 10 680

Rule 5 permit logging disable action redirect te1 0 4 680

Switch config access list action 10 rule 1 680

Switch config action exit 680

Switch config action redirect interface ten gigabitethernet 1 0 4 680

Switch config show access list 10 680

Switch configure 680

Acl id acl name interface vid direction type 681

Configuring acl binding 681

Follow the steps below to bind acl to a port or a vlan 681

Sswitch config show access list bind 681

Switch config access list bind 1 interface vlan 4 ten gigabitethernet 1 0 3 681

Switch config end 681

Switch configure 681

Switch copy running config startup config 681

The following example shows how to bind acl 1 to port 3 and vlan 4 681

You can bind the acl to a port or a vlan the received packets on the port or in the vlan will then be matched and processed according to the acl rules an acl takes effect only after it is bound to a port or vlan 681

Acl_1 4 ingress vlan 682

Acl_1 te1 0 3 ingress port 682

Switch config end 682

Switch copy running config startup config 682

Viewing acl counting 682

You can use the following command to view the number of matched packets of each acl in the privileged exec mode and any other configuration mode 682

Configuration example for mac acl 683

Configuration examples 683

Configuration scheme 683

Network requirements 683

Using the gui 684

In the same way configure rule 15 to deny packets with destination mac address 40 61 86 fc 71 56 and apply the time range of work hours 687

Configure rule 25 to permit all the packets that do not match neither of the above rules 688

Using the cli 690

Verify the configurations 690

Configuration example for ip acl 691

Network requirements 691

Configuration scheme 692

Using the gui 692

In the same way configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and tcp 443 https service port 694

In the same way configure rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 53 or udp 53 dns service port 697

In the same way configure rule 6 to deny packets with source ip 10 0 0 698

Using the cli 699

Verify the configurations 700

Configuration example for combined acl 701

Configuration scheme 701

Network requirements 701

Using the gui 702

Configure rule 15 to deny all the packets except the packet with source mac address 6c 62 6d f5 ba 48 and destination port tcp 23 telnet service port 703

In the same way configure rule 25 to permit all the packets the rule makes sure that all devices can get other network services normally 704

Acl binding and click 705

To load the following page bind the policy acl_telnet to port 1 0 2 12 to make it take effect 705

Using the cli 706

Verify the configurations 707

Appendix default parameters 708

The default settings of acl are listed in the following tables 708

Chapters 710

Configuring ipv4 impb 710

Part 23 710

Arp detection 711

Ip mac binding 711

Ipv4 impb 711

Ipv4 source guard 711

Overview 711

Supported features 711

Binding entries manually 712

Ip mac binding configuration 712

Using the gui 712

Binding entries via arp scanning 713

Click apply 713

Enter or select the port that is connected to this host 713

Enter the following information to specify a host 713

Follow these steps to manually create an ip mac binding entry 713

Select protect type for the entry 713

With arp scanning the switch sends the arp request packets of the specified ip field to the hosts upon receiving the arp reply packet the switch can get the ip address mac address vlan id and the connected port number of the host you can bind these entries conveniently 713

Arp scanning to load the following page 714

Follow these steps to configure ip mac binding via arp scanning 714

In the scanning option section specify an ip address range and a vlan id then click scan to scan the entries in the specified ip address range and vlan 714

In the scanning result section select one or more entries and configure the relevant parameters then click bind 714

Binding entries via dhcp snooping 715

Dhcp snooping to load the following page 715

With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 715

Additionally you select one or more entries to edit the host name and protect type and click apply 717

Binding table to load the following page 717

Binding table to view or edit the entries 717

In the binding table you can view search and edit the specified binding entries 717

Viewing the binding entries 717

You can specify the search criteria to search your desired entries 717

Binding entries manually 718

Binding entries via arp scanning is not supported by the cli the following sections introduce how to bind entries manually and via dhcp snooping and view the binding entries 718

Follow these steps to manually bind entries 718

Using the cli 718

You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 718

Binding entries via dhcp snooping 719

Follow these steps to bind entries via dhcp snooping 719

Here arp d for arp detection and ip v s for ip verify source 719

Host1 192 68 5 74 d4 35 76 a4 d8 10 te1 0 5 arp d manual 719

Notice 719

Switch config end 719

Switch config ip source binding host1 192 68 5 74 d4 35 76 a4 d8 vlan 10 interface ten gigabitethernet 1 0 5 arp detection 719

Switch config show ip source binding 719

Switch configure 719

Switch copy running config startup config 719

The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address 74 d4 35 76 a4 d8 vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 719

U host ip addr mac addr vid port acl source 719

Global status enable 720

Interface max entries lag 720

Switch config if end 720

Switch config if ip dhcp snooping max entries 100 720

Switch config if show ip dhcp snooping 720

Switch config if show ip dhcp snooping interface ten gigabitethernet 1 0 1 720

Switch config interface ten gigabitethernet 1 0 1 720

Switch config ip dhcp snooping 720

Switch config ip dhcp snooping vlan 5 720

Switch configure 720

Switch copy running config startup config 720

Te1 0 1 100 n a 720

The following example shows how to enable dhcp snooping globally and on vlan 5 and set the maximum number of binding entries port 1 0 1 can learn via dhcp snooping as 100 720

Vlan id 5 720

On privileged exec mode or any other configuration mode you can use the following command to view binding entries 721

Viewing binding entries 721

Adding ip mac binding entries 722

Arp detection configuration 722

Enabling arp detection 722

Using the gui 722

Configuring arp detection on ports 723

In the vlan config section enable arp detection on the selected vlans click apply 723

Port config to load the following page 723

Arp statistics to load the following page 724

Click apply 724

Follow these steps to configure arp detection on ports 724

Select one or more ports and configure the parameters 724

Viewing arp statistics 724

You can view the number of the illegal arp packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 724

Adding ip mac binding entries 725

Enabling arp detection 725

Follow these steps to enable arp detection 725

In arp detection the switch detects the arp packets based on the binding entries in the ip mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 725

In the auto refresh section you can enable the auto refresh feature and specify the refresh interval and thus the web page will be automatically refreshed 725

In the illegal arp packet section you can view the number of illegal arp packets in each vlan 725

Using the cli 725

Configuring arp detection on ports 726

Switch config if ip arp inspection limit rate 20 727

Switch config if ip arp inspection trust 727

Switch config interface ten gigabitethernet 1 0 2 727

Switch configure 727

The following example shows how to set port 1 02 as a trusted port and set limit rate as 20 pps and burst interval as 2 seconds on port 1 0 2 727

Viewing arp statistics 728

Adding ip mac binding entries 729

Configuring ipv4 source guard 729

Ipv4 source guard configuration 729

Using the gui 729

Adding ip mac binding entries 730

Configuring ipv4 source guard 730

Follow these steps to configure ipv4 source guard 730

In ipv4 source guard the switch filters the packets that do not match the rules of ipv4 mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 730

In the global config section choose whether to enable the log feature click apply 730

In the port config section configure the protect type for ports and click apply 730

Using the cli 730

Port security type lag 731

Switch config if end 731

Switch config if ip verify source sip mac 731

Switch config if show ip verify source interface ten gigabitethernet 1 0 1 731

Switch config interface ten gigabitethernet 1 0 1 731

Switch configure 731

Switch copy running config startup config 731

Te1 0 1 sip mac n a 731

The following example shows how to enable ipv4 source guard on port 1 0 1 731

Configuration examples 732

Configuration scheme 732

Example for arp detection 732

Network requirements 732

Using the gui 733

Using the cli 735

Verify the configuration 736

Configuration scheme 737

Example for ip source guard 737

Network requirements 737

Using the gui 737

Using the cli 739

Verify the configuration 739

Appendix default parameters 740

Default settings of arp detection are listed in the following table 740

Default settings of dhcp snooping are listed in the following table 740

Default settings of ipv4 source guard are listed in the following table 741

Chapters 742

Configuring ipv6 impb 742

Part 24 742

Ipv6 impb 743

Ipv6 mac binding 743

Nd detection 743

Overview 743

Supported features 743

Internet 744

Ipv6 source guard 744

Ipv6 source guard is used to filter the ipv6 packets based on the ipv6 mac binding table only the packets that match the binding rules are forwarded 744

Binding entries manually 745

Ipv6 mac binding configuration 745

Using the gui 745

Binding entries via nd snooping 746

Click apply 746

Enter or select the port that is connected to this host 746

Enter the following information to specify a host 746

Follow these steps to manually create an ipv6 mac binding entry 746

Select protect type for the entry 746

With nd snooping the switch monitors the nd packets and records the ipv6 addresses mac addresses vlan ids and the connected port numbers of the ipv6 hosts you can bind these entries conveniently 746

Binding entries via dhcpv6 snooping 748

Binding table to view or edit the entries 748

With dhcpv6 snooping enabled the switch can monitor the ip address obtaining process of the host and record the ipv6 address mac address vlan id and the connected port number of the host 748

Additionally you select one or more entries to edit the host name and protect type and click apply 750

Binding table to load the following page 750

Binding table to view or edit the entries 750

In the binding table you can view search and edit the specified binding entries 750

Viewing the binding entries 750

You can specify the search criteria to search your desired entries 750

Binding entries manually 751

Follow these steps to manually bind entries 751

The following sections introduce how to bind entries manually and via nd snooping and dhcp snooping and how to view the binding entries 751

Using the cli 751

You can manually bind the ipv6 address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 751

Host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff 10 te1 0 5 nd d manual 752

Switch config end 752

Switch config ipv6 source binding host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff vlan 10 interface ten gigabitethernet 1 0 5 nd detection 752

Switch config show ipv6 source binding 752

Switch configure 752

Switch copy running config startup config 752

The following example shows how to bind an entry with the hostname host1 ipv6 address 2001 0 9d38 90d5 34 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for nd detection 752

U host ip addr mac addr vid port acl source 752

Binding entries via nd snooping 753

Follow these steps to bind entries via nd snooping 753

Global status enable 753

Switch config ipv6 nd snooping 753

Switch config ipv6 nd snooping vlan 1 753

Switch config show ipv6 nd snooping 753

Switch configure 753

The following example shows how to enable nd snooping globally and on vlan 1 753

Vlan id 1 753

Binding entries via dhcpv6 snooping 754

Follow these steps to bind entries via dhcp snooping 754

Interface max entries lag 754

Switch config end 754

Switch config if end 754

Switch config if ipv6 nd snooping max entries 1000 754

Switch config if show ipv6 nd snooping interface ten gigabitethernet 1 0 1 754

Switch config interface ten gigabitethernet 1 0 1 754

Switch configure 754

Switch copy running config startup config 754

Te1 0 1 1000 n a 754

The following example shows how to configure the maximum number of entries that can be learned on port 1 0 1 754

Viewing binding entries 755

Adding ipv6 mac binding entries 756

Enabling nd detection 756

Nd detection configuration 756

Using the gui 756

Click apply 757

Configuring nd detection on ports 757

Follow these steps to configure nd detection on ports 757

In the vlan config section enable nd detection on the selected vlans click apply 757

Port config to load the following page 757

Select one or more ports and configure the parameters 757

Adding ipv6 mac binding entries 758

Enabling nd detection 758

Using the cli 758

Viewing nd statistics 758

Enable disable 759

Global status enable 759

Switch config end 759

Switch config ipv6 nd detection 759

Switch config ipv6 nd detection vlan 1 759

Switch config show ipv6 nd detection 759

Switch config show ipv6 nd detection vlan 759

Switch configure 759

Switch copy running config startup config 759

The following example shows how to enable nd detection globally and on vlan 1 759

Vid enable status log status 759

Configuring nd detection on ports 760

Follow these steps to configure nd detection on ports 760

Interface trusted lag 760

On privileged exec mode or any other configuration mode you can use the following command to view nd statistics 760

Switch config if end 760

Switch config if ipv6 nd detection trust 760

Switch config if show ipv6 nd detection interface ten gigabitethernet 1 0 1 760

Switch config interface ten gigabitethernet 1 0 1 760

Switch configure 760

Switch copy running config startup config 760

Te1 0 1 enable n a 760

The following example shows how to configure port 1 0 1 as trusted port 760

Viewing nd statistics 760

Adding ipv6 mac binding entries 762

Configuring ipv6 source guard 762

Ipv6 source guard configuration 762

Using the gui 762

Adding ipv6 mac binding entries 763

Before configuring ipv6 source guard you need to configure the sdm template as enterprisev6 763

Click apply 763

Configuring ipv6 source guard 763

Follow these steps to configure ipv6 source guard 763

Select one or more ports and configure the protect type for ports 763

The nd detection feature allows the switch to detect the nd packets based on the binding entries in the ipv6 mac binding table and filter out the illegal nd packets before configuring nd detection complete ipv6 mac binding configuration for details refer to ipv6 mac binding configuration 763

Using the cli 763

Port security type lag 764

Switch config if end 764

Switch config if ipv6 verify source sipv6 mac 764

Switch config if show ipv6 verify source interface ten gigabitethernet 1 0 1 764

Switch config interface ten gigabitethernet 1 0 1 764

Switch configure 764

Switch copy running config startup config 764

Te1 0 1 sipv6 mac n a 764

The following example shows how to enable ipv6 source guard on port 1 0 1 764

Configuration examples 765

Configuration scheme 765

Example for nd detection 765

Network requirements 765

Using the gui 766

Using the cli 768

Verify the configuration 768

Configuration scheme 770

Example for ipv6 source guard 770

Network requirements 770

Using the gui 770

Using the cli 772

Verify the configuration 772

Appendix default parameters 773

Default settings of dhcp snooping are listed in the following table 773

Default settings of nd detection are listed in the following table 773

Default settings of ipv6 source guard are listed in the following table 774

Chapters 775

Configuring dhcp filter 775

Part 25 775

Dhcp filter 776

Overview 776

Supported features 776

Dhcpv4 filter 777

Dhcpv4 filter is used for dhcpv4 servers and ipv4 clients 777

Dhcpv6 filter 777

Dhcpv6 filter is used for dhcpv6 servers and ipv6 clients 777

Configuring the basic dhcpv4 filter parameters 778

Dhcpv4 filter configuration 778

Using the gui 778

Click apply 779

Click create 780

Configure the following parameters 780

Configuring legal dhcpv4 servers 780

Configuring the basic dhcpv4 filter parameters 780

Follow these steps to add a legal dhcpv4 server 780

Follow these steps to complete the basic settings of dhcpv4 filter 780

Legal dhcpv4 servers and 780

To load the following page 780

Using the cli 780

The following example shows how to enable dhcpv4 filter globally and how to enable dhcpv4 filter enable the mac verify feature set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 781

Configuring legal dhcpv4 servers 782

Follow these steps configure legal dhcpv4 servers 782

Global status enable 782

Interface state mac verify limit rate dec rate lag 782

Switch config if end 782

Switch config if ip dhcp filter 782

Switch config if ip dhcp filter decline rate 20 782

Switch config if ip dhcp filter limit rate 10 782

Switch config if ip dhcp filter mac verify 782

Switch config if show ip dhcp filter 782

Switch config if show ip dhcp filter interface ten gigabitethernet 1 0 1 782

Switch config interface ten gigabitethernet 1 0 1 782

Switch config ip dhcp filter 782

Switch configure 782

Switch copy running config startup config 782

Te1 0 1 enable enable 10 20 n a 782

Configuring the basic dhcpv6 filter parameters 784

Dhcpv6 filter configuration 784

Using the gui 784

Click apply 785

Configure the following parameters 785

Configuring legal dhcpv6 servers 785

Follow these steps to add a legal dhcpv6 server 785

Legal dhcpv6 servers and 785

To load the following page 785

Click create 786

Configuring the basic dhcpv6 filter parameters 786

Follow these steps to complete the basic settings of dhcpv6 filter 786

Using the cli 786

Configuring legal dhcpv6 servers 787

54 te1 0 1 788

Server ip interface 788

Switch config end 788

Switch config ipv6 dhcp filter server permit entry server ip 2001 54 interface ten gigabitethernet 1 0 1 788

Switch config show ipv6 dhcp filter server permit entry 788

Switch configure 788

Switch copy running config startup config 788

The following example shows how to create an entry for the legal dhcpv6 server whose ipv6 address is 2001 54 and connected port number is 1 0 1 788

Configuration examples 789

Configuration scheme 789

Example for dhcpv4 filter 789

Network requirements 789

Using the gui 790

Using the cli 791

Verify the configuration 791

Example for dhcpv6 filter 792

Network requirements 792

Configuration scheme 793

Using the gui 793

Using the cli 794

Verify the configuration 795

54 te1 0 1 796

Server ip interface 796

Appendix default parameters 797

Default settings of dhcpv4 filter are listed in the following table 797

Chapters 798

Configuring dos defend 798

Part 26 798

Overview 799

Dos defend configuration 800

Follow these steps to configure dos defend 800

In the dos defend config section select one or more defend types according to your needs and click apply the following table introduces each type of dos attack 800

In the dos defend section enable dos protection and click apply 800

Using the gui 800

Click apply 801

Follow these steps to configure dos defend 801

Using the cli 801

Appendix default parameters 804

Default settings of network security are listed in the following tables 804

Chapters 805

Monitoring the system 805

Part 27 805

Overview 806

Monitoring the cpu 807

Using the cli 807

Using the gui 807

Monitoring the memory 809

Using the cli 809

Using the gui 809

Unit current memory utilization 810

Traffic monitor 812

Using the gui 812

To view a port s traffic statistics in detail click statistics on the right side of the entry 813

On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 816

Using the cli 816

Appendix default parameters 817

Chapters 818

Mirroring traffic 818

Part 29 818

Mirroring 819

Using the gui 819

Follow these steps to configure the mirroring session 820

In the destination port config section specify a destination port for the mirroring session and click apply 820

In the source interfaces config section specify the source interfaces and click apply traffic passing through the source interfaces will be mirrored to the destination port there are three source interface types port lag and cpu choose one or more types according to your need 820

Follow these steps to configure mirroring 821

Switch config monitor session 1 destination interface ten gigabitethernet 1 0 10 821

Switch configure 821

The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 and the cpu to port 1 0 10 821

Using the cli 821

Configuration examples 823

Configuration scheme 823

Network requirements 823

Using the gui 823

Using the cli 824

Verify the configuration 825

Appendix default parameters 826

Default settings of switching are listed in th following tables 826

Chapters 827

Configuring dldp 827

Part 30 827

Overview 828

Configuration guidelines 829

Dldp configuration 829

Using the gui 829

In the port config section select one or more ports enable dldp and click apply then you can view the relevant dldp information in the table 830

Follow these steps to configure dldp 831

Switch configure 831

The following example shows how to enable dldp globally configure the dldp interval as 10 seconds and specify the shutdown mode as auto 831

Using the cli 831

Appendix default parameters 833

Default settings of dldp are listed in the following table 833

Chapters 834

Configuring snmp rmon 834

Part 31 834

Basic concepts 835

Overview 835

Snmp agent 835

Snmp manager 835

A mib is a collection of managed objects that is organized hierarchically the objects define the attributes of the managed device including the names status access rights and data types each object can be addressed through an object identifier oid 836

Also tp link switches support the following public mibs 836

As the following figure shows the mib hierarchy can be depicted as a tree with a nameless root the levels of which are assigned by different organizations the top level mib object ids belong to different standards organizations while lower level object ids are allocated by associated organizations vendors can define private branches that include managed objects for their own products 836

Lldp ext dot1 mib 836

Lldp ext med mib 836

Lldp mib 836

Rfc1213 mib 836

Rfc1493 bridge mib 836

Rfc1757 rmon mib 836

Rfc2618 radius auth client mib 836

Tp link switches provide private mibs that can be identified by the oid 1 1863 the mib file can be found on the provided cd or the download center of our official website http www tp link com en download center html 836

An snmp engine can be uniquely identified by an engine id within an administrative domain since there is a one to one association between snmp engines and snmp entities we can also use the engine id to uniquely and unambiguously identify the snmp entity within that administrative domain 837

An snmp engine is a part of the snmp entity every snmp entity has one and only one engine an snmp engine provides services for ending and receiving messages authenticating and encrypting messages and controlling access to managed objects 837

An snmp entity is a device running the snmp protocol both the snmp manager and snmp agent are snmp entities 837

For detail information about the supported public mibs see supported public mibs for tp link switches which can be found on the training center of our website 837

Http www tp link com en configuration guides html 837

Rfc2620 radius acc client mib 837

Rfc2674 pbridge mib 837

Rfc2674 qbridge mib 837

Rfc2863 pbridge mib 837

Rfc2925 disman ping mib 837

Rfc2925 disman traceroute mib 837

Snmp engine 837

Snmp entity 837

Snmp version 837

The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 837

Enabling snmp 839

Snmp configurations 839

Using the gui 839

Click apply 840

Creating an snmp view 840

Follow these steps to create an snmp view 840

Global config to load the following page 840

Nms manages mib objects based on the snmp view an snmp view is a subset of a mib the system provides a default view named viewdefault and you can create other snmp views according to your needs 840

To load the following page enter a view name and specify the view type and a mib object that is related to the view 840

Click create 841

Creating snmp communities for snmp v1 v2c 841

Set the community name access rights and the related view 841

Snmp v1 v2c and click 841

To load the following page 841

Assign a name to the group then set the security level and the read view write view and notify view 842

Click create 842

Create an snmp group and configure related parameters 842

Creating an snmp group for snmp v3 842

Follow these steps to create an snmp group 842

Snmp group and click 842

To load the following page 842

Click create 843

Creating snmp users for snmp v3 843

Follow these steps to create an snmp user 843

Snmp user and click 843

Specify the user name user type and the group which the user belongs to then configure the security level 843

To load the following page 843

Click create 844

Enabling snmp 844

If you have chosen authnopriv or authpriv as the security level you need to set corresponding authentication mode or privacy mode if not skip the step 844

Using the cli 844

Bad snmp version errors 845

Snmp agent is enabled 845

Snmp packets input 845

Switch config show snmp server 845

Switch config snmp server 845

Switch config snmp server engineid remote 123456789a 845

Switch configure 845

The following example shows how to enable snmp and set 123456789a as the remote engine id 845

Unknown community name 845

Bad value errors 846

Creating an snmp view 846

Encoding errors 846

General errors 846

Get next pdus 846

Get request pdus 846

Illegal operation for community name supplied 846

Local engine id 80002e5703000aeb13a23d 846

No such name errors 846

Number of altered variables 846

Number of requested variables 846

Remote engine id 123456789a 846

Response pdus 846

Set request pdus 846

Snmp packets output 846

Specify the oid object identifier of the view to determine objects to be managed 846

Switch config end 846

Switch config show snmp server engineid 846

Switch copy running config startup config 846

Too big errors maximum packet size 1500 846

Trap pdus 846

Creating snmp communities for snmp v1 v2c 847

Create an snmp group and set user access control with read write and notify views meanwhile set the authentication and privacy modes to secure the communication between the nms and managed devices 848

Creating an snmp group for snmpv3 848

Index name type mib view 848

Nms monitor read write view 848

Switch config end 848

Switch config show snmp server community 848

Switch config snmp server community nms monitor read write view 848

Switch configure 848

Switch copy running config startup config 848

The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 848

1 nms1 v3 authpriv view1 view1 849

No name sec mode sec lev read view write view notify view 849

Switch config end 849

Switch config show snmp server group 849

Switch config snmp server group nms1 smode v3 slev authpriv read view1 notify view1 849

Switch configure 849

Switch copy running config startup config 849

The following example shows how to create an snmpv3 group with the group name as nms1 the security level as authpriv and the read and notify view are both view1 849

Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 850

Creating snmp users for snmpv3 850

Configuring the information of nms hosts 852

Notification configurations 852

Using the gui 852

Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 853

Click create 853

Specify the user name or community name used by the nms host and configure the security model and security level based on the settings of the user or community 853

Enabling snmp traps 854

Select the traps to enable according to your needs 854

The supported traps are listed on the page follow these steps to enable any or all of these traps 854

Trap config to load the following page 854

Click apply 855

Configure parameters of the nms host and packet handling mechanism 855

Configuring the nms host 855

Using the cli 855

The following example shows how to set the nms host ip address as 192 0 22 udp port as port 162 name used by the nms host as admin security model as snmpv3 856

0 22 162 admin v3 authpriv inform 3 100 857

Enabling snmp traps 857

Enabling the snmp standard traps globally 857

No des ip udp name secmode seclev type retry timeout 857

Security level as authpriv notification type as inform retry times as 3 and the timeout interval as 100 seconds 857

Switch config end 857

Switch config show snmp server host 857

Switch config snmp server host 192 0 22 162 admin smode v3 slev authpriv type inform retries 3 timeout 100 857

Switch configure 857

Switch copy running config startup config 857

The switch supports multiple snmp traps like snmp standard traps acl traps and vlan traps you can enable any or all of the traps according to your needs 857

Enabling the snmp extended traps globally 858

Switch config end 858

Switch config snmp server traps snmp linkup 858

Switch configure 858

Switch copy running config startup config 858

The following example shows how to configure the switch to send linkup traps 858

Enabling the snmp security traps globally 859

Enabling the vlan traps globally 859

Switch config end 859

Switch config snmp server traps bandwidth control 859

Switch config snmp server traps vlan 859

Switch configure 859

Switch copy running config startup config 859

The following example shows how to configure the switch to enable all the snmp vlan traps 859

The following example shows how to configure the switch to enable bandwidth control traps 859

Enabling the acl trap globally 860

Switch config end 860

Switch config snmp server traps acl 860

Switch config snmp server traps security dhcp filter 860

Switch configure 860

Switch copy running config startup config 860

The following example shows how to configure the switch to enable acl trap 860

The following example shows how to configure the switch to enable dhcp filter trap 860

Enabling the ip traps globally 861

Enabling the link status trap for ports 861

Switch config end 861

Switch config snmp server traps ip change 861

Switch configure 861

Switch copy running config startup config 861

The following example shows how to configure the switch to enable ip change trap 861

Configuring statistics group 864

Rmon configurations 864

Using the gui 864

Click create 865

Configuring history group 865

Follow these steps to configure the history group 865

History to load the following page 865

Select a history entry and specify a port to be monitored 865

Set the sample interval and the maximum buckets of history entries 865

Choose an event entry and set the snmp user of the entry 866

Configuring event group 866

Enter the owner name and set the status of the entry click apply 866

Event to load the following page 866

Follow these steps to configure the event group 866

Set the description and action to be taken when the event is triggered 866

Alarm to load the following page 867

Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 867

Configuring alarm group 867

Enter the owner name and set the status of the entry click apply 867

Follow these steps to configure the alarm group 868

Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 868

Set the sample type the rising and falling threshold the corresponding event action mode and the alarm type of the entry 868

Configuring statistics 869

Enter the owner name and set the status of the entry click apply 869

Using the cli 869

Index port owner state 870

Switch config end 870

Switch config rmon statistics 1 interface ten gigabitethernet 1 0 1 owner monitor status valid 870

Switch config rmon statistics 2 interface ten gigabitethernet 1 0 2 owner monitor status valid 870

Switch config show rmon statistics 870

Switch configure 870

Switch copy running config startup config 870

Te1 0 1 monitor valid 870

Te1 0 2 monitor valid 870

The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entries are both monitor and the status are both valid 870

Configuring history 871

Index port interval buckets owner state 871

Switch config end 871

Switch config rmon history 1 interface ten gigabitethernet 1 0 1 interval 100 owner monitor buckets 50 871

Switch config show rmon history 871

Switch configure 871

Te1 0 1 100 50 monitor enable 871

The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds maximum buckets as 50 and the owner as monitor 871

Configuring event 872

Switch config rmon event 1 user admin description rising notify type notify owner monitor 872

Switch configure 872

Switch copy running config startup config 872

The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 872

Admin rising notify notify monitor enable 873

Configuring alarm 873

Index user description type owner state 873

Switch config end 873

Switch config show rmon event 873

Switch copy running config startup config 873

Configuration example 876

Network requirements 876

Configuration scheme 877

Using the gui 877

Using the cli 882

Verify the configurations 884

Appendix default parameters 888

Default settings of snmp are listed in the following tables 888

Default settings of notification are listed in the following table 889

Default settings of rmon are listed in the following tables 890

Chapters 892

Diagnosing the device network 892

Part 32 892

Check the test results in the result section 893

Device diagnostics to load the following page 893

Diagnosing the device 893

Follow these steps to diagnose the cable 893

Select your desired port for the test and click apply 893

The device diagnostics feature provides cable testing which allows you to troubleshoot based on the connection status cable length and fault location 893

Using the gui 893

On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 894

Pair b normal 2 10m 894

Pair c normal 0 10m 894

Pair d normal 2 10m 894

Port pair status length error 894

Switch show cable diagnostics interface ten gigabitehternet 1 0 2 894

Te1 0 2 pair a normal 2 10m 894

The following example shows how to check the cable diagnostics of port 1 0 2 894

Using the cli 894

Diagnosing the network 895

Troubleshooting with ping testing 895

Using the gui 895

Troubleshooting with tracert testing 896

Approximate round trip times in milli seconds 897

Configuring the ping test 897

In the tracert result section check the test results 897

Minimum 0ms maximum 0ms average 0ms 897

On privileged exec mode you can use the following command to test the connectivity between the switch and one node of the network 897

Packets sent 3 received 3 lost 0 0 loss 897

Ping statistics for 192 68 0 897

Pinging 192 68 0 with 1000 bytes of data 897

Reply from 192 68 0 bytes 1000 time 16ms ttl 64 897

Switch ping ip 192 68 0 n 3 l 1000 i 500 897

The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 897

Using the cli 897

Configuring the tracert test 898

Ms 1 ms 2 ms 192 68 898

Ms 2 ms 2 ms 192 68 00 898

On privileged exec mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 898

Switch tracert 192 68 00 2 898

The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 898

Trace complete 898

Tracing route to 192 68 00 over a maximum of 2 hops 898

Appendix default parameters 899

Default settings of network diagnostics are listed in the following tables 899

Chapters 900

Configuring system logs 900

Part 33 900

Overview 901

Backing up the logs 902

Configuration guidelines 902

Configure the local logs 902

Configure the remote logs 902

Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 902

System logs configurations 902

System logs configurations include 902

Viewing the log table 902

Click apply 903

Configuring the local logs 903

Configuring the remote logs 903

Follow these steps to configure the local logs 903

Local logs to load the following page 903

Select your desired channel and configure the corresponding severity and status 903

Using the gui 903

You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log 903

Backing up the logs 904

Log table to load the following page 905

Select a module and a severity to view the corresponding log information 905

Viewing the log table 905

Configuring the local logs 906

Follow these steps to configure the local logs 906

Using the cli 906

Configuring the remote logs 907

6 disable 908

68 48 5 enable 908

Index host ip severity status 908

Switch config end 908

Switch config logging host index 2 192 68 48 5 908

Switch config show logging loghost 908

Switch configure 908

Switch copy running config startup config 908

The following example shows how to set the remote log on the switch enable log server 2 set its ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the server 908

Configuration example 909

Configuration scheme 909

Network requirements 909

Using the gui 909

Using the cli 910

Verify the configurations 910

Appendix default parameters 911

Default settings of maintenance are listed in the following tables 911

Fcc statement 912

Bsmi notice 913

Ce mark warning 913

Eu declaration of conformity 913

Industry canada statement 913

Safety information 914

限用物質含有情況標示聲明書 914

Explanation of the symbols on the product label 915

Copyright trademarks 916

Tp-Link T1700X-16TS V3 Руководство пользователя онлайн

Содержание

Похожие устройства