Tp-Link T1700X-16TS V2 [352/764] Configuring mld snooping last listener query

After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 41

After negotiation is completed enter the username to log in if you can log in without entering the password the key authentication completed successfully 43

Disable telnet login 43

Telnet config disable the telnet function and click apply 43

Using the gui 43

You can shut down the telnet function to block any telnet access to the cli interface 43

Copy running config startup config 44

Disable ssh login 44

Change the switch s ip address and default gateway 45

Chapters 46

Managing system 46

Part 2 46

Access security 47

Overview 47

Supported features 47

System 47

System info 47

System tools 47

User management 47

Sdm template 48

System info configurations 49

Using the gui 49

Viewing the system summary 49

Click a port to view the bandwidth utilization on this port 50

Move the cursor to the port to view the detailed information of the port 50

Setting the system time 51

Specifying the device description 51

Choose one method to set the system time and specify the information 52

Click apply 52

Daylight saving time to load the following page 52

In the time config section follow these steps to configure the system time 52

Setting the daylight saving time 52

Choose one method to set the daylight saving time of the switch and specify the information 53

Follow these steps to configure daylight saving time 53

In the dst config section select enable to enable the daylight saving time function 53

Click apply 54

On privileged exec mode or any other configuration mode you can use the following command to view the system information of the switch 54

Port status speed duplex flowctrl jumbo active medium 54

Switch show interface status 54

Switch show system info 54

Te1 0 1 linkdown n a n a n a disable copper 54

Te1 0 14 linkdown n a n a n a disable fiber 54

Te1 0 15 linkdown n a n a n a disable fiber 54

Te1 0 16 linkdown n a n a n a disable fiber 54

Te1 0 2 linkdown n a n a n a disable copper 54

Te1 0 3 linkup 1000m full disable disable copper 54

The following example shows how to view the interface status and the system information of the switch 54

Using the cli 54

Viewing the system summary 54

Contact information www tp link com 55

Follow these steps to specify the device description 55

Hardware version t1700x 16ts 2 55

Running time 3 day 2 hour 8 min 26 sec 55

Software version 2 build 20160909 rel 2515 s 55

Specifying the device description 55

System description jetstream 12 port 10gbase t smart switch with 4 10g sfp 55

System location shenzhen 55

System name t1700x 16ts 55

System time 2016 01 04 10 07 38 55

Contact information http www tp link com 56

Follow these steps and choose one method to set the system time 56

Setting the system time 56

Switch config contact info http www tp link com 56

Switch config end 56

Switch config hostname switch_a 56

Switch config location beijing 56

Switch config show system info 56

Switch configure 56

Switch copy running config startup config 56

System description jetstream 12 port 10gbase t smart switch with 4 10g sfp 56

System location beijing 56

System name switch_a 56

The following example shows how to set the device name as switch_a set the location as beijing and set the contact information as http www tp link com 56

Backup ntp server 139 8 00 63 58

Follow these steps and choose one method to set the daylight saving time 58

Last successful ntp server 133 00 58

Prefered ntp server 133 00 58

Setting the daylight saving time 58

Switch config end 58

Switch config show system time ntp 58

Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 58

Switch configure 58

Switch copy running config startup config 58

The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 58

Time zone utc 08 00 58

Update rate 11 hour s 58

Dst configuration is one off 60

Dst ends at 01 00 00 on sep 1 2016 60

Dst offset is 50 minutes 60

Dst starts at 01 00 00 on aug 1 2016 60

Switch config end 60

Switch config show system time dst 60

Switch config system time dst date aug 1 01 00 2016 sep 1 01 00 2016 50 60

Switch configure 60

Switch copy running config startup config 60

The following example shows how to set the daylight saving time by date mode set the start time as 01 00 august 1st 2016 set the end time as 01 00 september 1st 2016 and set the offset as 50 60

Creating admin accounts 61

User management configurations 61

Using the gui 61

Click create 62

Creating accounts of other types 62

Creating an account 62

Follow these steps to create an account of other types 62

In the user info section select the access level from the drop down list and specify the user name and password 62

User config to load the following page 62

You can create accounts with the access level of operator power user and user here you also need to go to the aaa section to create an enable password for these accounts the enable password is used to change the users access level to admin 62

Creating admin accounts 64

Follow these steps to create an admin account 64

Using the cli 64

Creating accounts of other types 65

Follow these steps to create an account of other type 65

You can create accounts with the access level of operator power user and user here you also need to go to the aaa section to create an enable password for these accounts the enable password is used to change the users access level to admin 65

The aaa function applies another method to manage the access users name and password for details refer to aaa configuration in configuring network security 67

The logged in users can enter the enable password on this page to get the administrative privileges 67

Configuring the boot file 69

System tools configurations 69

Using the gui 69

Click apply 70

Click import to import the configuration file 70

Config restore to load the following page 70

Follow these steps to restore the configuration of the switch 70

In the config restore section select one unit and one configuration file 70

Restoring the configuration of the switch 70

Backing up the configuration file 71

Upgrading the firmware 71

Configuring the reboot schedule 72

Rebooting the switch 72

Configuring the boot file 73

Follow these steps to configure the boot file 73

In the system reset section select the desired unit and click reset 73

Reseting the switch 73

System reset to load the following page 73

Using the cli 73

Backup image image2 bin 74

Boot config 74

Current startup image image1 bin 74

Follow these steps to restore the configuration of the switch 74

Next startup image image1 bin 74

Restoring the configuration of the switch 74

Switch config boot application filename image1 startup 74

Switch config boot application filename image2 backup 74

Switch config end 74

Switch config show boot 74

Switch configure 74

Switch copy running config startup config 74

The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 74

The following example shows how to set the next startup image as image 1 and set the backup image as image 2 74

Backing up the configuration file 75

Backup user config file ok 75

Enable 75

Follow these steps to back up the current configuration of the switch in a file 75

Follow these steps to upgrade the firmware 75

Operation ok now rebooting system 75

Start to backup user config file 75

Start to load user config file 75

Switch copy startup config tftp ip address 192 68 00 filename file2 75

Switch copy tftp startup config ip address 192 68 00 filename file1 75

The following example shows how to backup the configuration file named file2 from tftp server with ip address 192 68 00 75

The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 75

Upgrading the firmware 75

Configuring the reboot schedule 76

Enable 76

Follow these steps and choose one type to configure the reboot schedule 76

Follow these steps to reboot the switch 76

It will only upgrade the backup image continue y n y 76

Operation ok 76

Reboot with the backup image y n y 76

Rebooting the switch 76

Switch firmware upgrade ip address 192 68 00 filename file3 bin 76

Follow these steps to reset the switch 77

Reboot schedule at 2016 01 15 12 00 in 17007 minutes 77

Reboot schedule settings 77

Reboot system at 15 01 2016 12 00 continue y n y 77

Reseting the switch 77

Save before reboot yes 77

Switch config end 77

Switch config reboot schedule at 12 00 15 01 2016 save_before_reboot 77

Switch configure 77

Switch copy running config startup config 77

The following example shows how to set the switch to reboot at 12 00 on 15 01 2016 77

Access security configurations 78

Configuring the access control feature 78

Using the gui 78

Click apply 79

When the ip based mode is selected the following section will display 79

When the port based mode is selected the following section will display 79

Configuring the http function 80

Configuring the https function 81

In the access user number section select enable and specify the parameters click apply 82

In the certificate download and key download section download the certificate and key 82

In the ciphersuite config section select the algorithm to be enabled and click apply 82

In the session config section specify the session timeout and click apply 82

Configuring the ssh feature 83

In the global config section select enable to enable ssh function and specify other parameters 83

Ssh config to load the following page 83

Configuring the access control 84

Enabling the telnet function 84

Using the cli 84

Switch config show user configuration 85

Switch config user access control ip based 192 68 00 255 55 55 snmp telnet http https 85

Switch configure 85

The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 and make the switch support snmp telnet http and https 85

68 24 snmp telnet http https 86

Configuring the http function 86

Follow these steps to configure the http function 86

Index ip address access interface 86

Switch config end 86

Switch config ip http server 86

Switch configure 86

Switch copy running config startup config 86

The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum guest number as 5 86

User authentication mode ip based 86

Configuring the https function 87

Follow these steps to configure the https function 87

Http max admin users 6 87

Http max guest users 5 87

Http session timeout 9 87

Http status enabled 87

Http user limitation enabled 87

Switch config end 87

Switch config ip http max user 6 5 87

Switch config ip http session timeout 9 87

Switch config show ip http configuration 87

Switch copy running config startup config 87

Switch config ip http secure ciphersuite 3des ede cbc sha 88

Switch config ip http secure protocol ssl3 tls1 88

Switch config ip http secure server 88

Switch configure 88

The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the admin number as 1 and the guest number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 88

Configuring the ssh feature 89

Switch config ip ssh server 90

Switch config ip ssh version v1 90

The following example shows how to configure the ssh function set the version as ssh v1 and ssh v2 enable the aes128 cbc and cast128 cbc encryption algorithm enable the hmac md5 data integrity algorithm choose the key type as ssh 2 rsa dsa 90

Enabling the telnet function 92

Follow these steps enable the telnet function 92

Switch config end 92

Switch copy running config startup config 92

In select options section select one template and click apply the setting will be effective after the reboot 93

Sdm template configuration 93

Sdm template function is used to configure system resources in the switch to optimize support for specific features the switch provides three templates and the hardware resources allocation is different users can choose one according to how the switch is used in the network 93

Sdm template to load the following page 93

The template table displays the resources allocation of each template 93

Using the gui 93

Follow these steps to configure the sdm template function 94

Using the cli 94

Appendix default parameters 96

Default settings of system info are listed in the following tables 96

Default settings of system tools are listed in the following table 96

Default settings of user management are listed in the following table 96

Default settings of access security are listed in the following tables 97

Default settings of sdm template are listed in the following table 98

Chapters 99

Managing physical interfaces 99

Part 3 99

Basic parameters 100

Loopback detection 100

Overview 100

Physical interface 100

Port isolation 100

Port mirror 100

Port security 100

Supported features 100

Basic parameters configurations 101

Follow these steps to set basic parameters for ports 101

Port config to load the following page 101

Select and configure your desired ports or lags then click apply 101

Using the gui 101

Follow these steps to set basic parameters for the ports 102

Using the cli 102

Switch configure 103

The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port making the port autonegotiate speed and duplex with the neighboring port and enabling the flow control and jumbo feature 103

Port mirror configuration 105

Using the gui 105

Follow these steps to configure port mirror 106

In the destination port section specify a monitoring port for the mirror session and click apply 106

In the source port section select one or multiple monitored ports for configuration then set the parameters and click apply 106

Follow these steps to configure port mirror 107

Monitor session 1 107

Switch config monitor session 1 destination interface ten gigabitethernet 1 0 10 107

Switch config monitor session 1 source interface ten gigabitethernet 1 0 1 3 both 107

Switch config show monitor session 107

Switch configure 107

The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 to port 1 0 10 107

Using the cli 107

Follow these steps to configure port security 109

Port security configuration 109

Port security to load the following page 109

Select one or multiple ports for security configuration 109

Specify the maximum number of the mac addresses that can be learned on the port and then select the learn mode of the mac addresses 109

Using the gui 109

Click apply 110

Follow these steps to configure port security 110

Select the status of the port security feature 110

Using the cli 110

Port max learn current learn mode status 111

Switch config if mac address table max mac count max number 30 mode permanent status drop 111

Switch config if show mac address table max mac count interface ten gigabitethernet 1 0 1 111

Switch config interface ten gigabitethernet 1 0 1 111

Switch configure 111

Te1 0 1 30 0 permanent drop 111

The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 and configure the mode as permanent and the status as drop 111

Switch config if end 112

Switch copy running config startup config 112

Port isolation configurations 113

Using the gui 113

Click apply 114

Follow these steps to configure port isolation 114

In the forward portlist section select the forward ports or lags which the isolated ports can only communicate with it is multi optional 114

In the port section select one or multiple ports to be isolated 114

Using the cli 114

Port lag forward list 115

Switch config if end 115

Switch config if port isolation gi forward list 1 0 1 3 po forward list 4 115

Switch config if show port isolation interface ten gigabitethernet 1 0 5 115

Switch config interface ten gigabitethernet 1 0 5 115

Switch configure 115

Switch copy running config startup config 115

Te1 0 5 n a te1 0 1 3 po4 115

The following example shows how to add ports 1 0 1 3 and lag 4 to the forward list of port 1 0 5 115

Loopback detection configuration 116

Using the gui 116

Follow these steps to configure loopback detection 117

In the port config section select one or multiple ports for configuration then set the parameters and click apply 117

Using the cli 117

View the loopback detection information on this page 117

The following example shows how to enable loopback detection globally keeping the default parameters 118

Configuration examples 120

Configuration scheme 120

Example for port mirror 120

Network requirements 120

Using the gui 120

Using the cli 122

Verify the configuration 122

As shown below three hosts and a server are connected to the switch and all belong to vlan 10 with the vlan configuration unchanged host a is not allowed to communicate with the other hosts except the server even if the mac address or ip address of host a is changed 123

Configuration scheme 123

Demonstrated with t1700x 16ts the following sections provide configuration procedure in two ways using the gui and using the cli 123

Example for port isolation 123

Network requirements 123

Port isolation to load the following page it displays the port isolation list 123

Using the gui 123

You can configure port isolation to implement the requirement set 1 0 4 as the only forwarding port for port 1 0 1 thus forbidding host a to forward packets to the other hosts 123

Example for loopback detection 125

Network requirements 125

Using the cli 125

Verify the configuration 125

Configuration scheme 126

Using the gui 126

Using the cli 127

Verify the configuration 128

Appendix default parameters 129

Default settings of switching are listed in th following tables 129

Chapters 131

Configuring lag 131

Part 4 131

Overview 132

Static lag 132

Supported features 132

Configuration guidelines 133

Lag configuration 133

Configuring load balancing algorithm 134

In the global config section select the load balancing algorithm click apply 134

Lag table to load the following page 134

Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 134

Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address and ip address you can set the algorithm as src mac src ip to allow switch a to determine the forwarding port based on the source mac addresses and source ip addresses of the received packets 134

Using the gui 134

Configuring static lag or lacp 135

Configuring lacp 136

Follow these steps to configure lacp 136

Lacp to load the following page 136

Select member ports for the lag and configure the related parameters click apply 136

Specify the system priority for the switch and click apply 136

Configuring load balancing algorithm 137

Follow these steps to configure the load balancing algorithm 137

Using the cli 137

Configuring static lag 138

Configuring static lag or lacp 138

Etherchannel load balancing addresses used per protocol 138

Etherchannel load balancing configuration src dst mac 138

Follow these steps to configure static lag 138

Ipv4 source xor destination mac address 138

Ipv6 source xor destination mac address 138

Non ip source xor destination mac address 138

Switch config if end 138

Switch config port channel load balance src dst mac 138

Switch config show etherchannel load balance 138

Switch configure 138

Switch copy running config startup config 138

The following example shows how to set the global load balancing mode as src dst mac 138

You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 138

Configuring lacp 139

Flags d down p bundled in port channel u in use 139

Follow these steps to configure lacp 139

Group port channel protocol ports 139

I stand alone h hot standby lacp only s suspended 139

Po2 s te1 0 5 d te1 0 6 d te1 0 7 d te1 0 8 d 139

R layer3 s layer2 f failed to allocate aggregator 139

Switch config if range channel group 2 mode on 139

Switch config if range end 139

Switch config if range show etherchannel 2 summary 139

Switch config interface range ten gigabitethernet 1 0 5 8 139

Switch configure 139

Switch copy running config startup config 139

The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 139

U unsuitable for bundling w waiting to be aggregated d default port 139

000a eb13 397 140

Switch config end 140

Switch config if range channel group 6 mode active 140

Switch config interface range ten gigabitethernet 1 0 1 4 140

Switch config lacp system priority 2 140

Switch config show lacp sys id 140

Switch configure 140

Switch copy running config startup config 140

The following example shows how to add ports 1 0 1 4 to lag 6 set the mode as lacp and select the lacpdu sending mode as active 140

The following example shows how to specify the system priority of the switch as 2 140

Configuration example 142

Configuration scheme 142

Network requirements 142

Using the gui 143

Using the cli 144

Verify the configuration 144

Appendix default parameters 146

Default settings of switching are listed in the following tables 146

Monitoring traffic 147

Traffic monitor 148

Using the gui 148

Viewing the traffic summary 148

Viewing the traffic statistics in detail 149

In port select select a port or lag and click select 150

In the statistics section view the detailed information of the selected port or lag 150

On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 152

Using the cli 152

Appendix default parameters 153

Chapters 154

Managing mac address table 154

Part 6 154

Address configurations 155

Mac address table 155

Overview 155

Supported features 155

Security configurations 156

Adding static mac address entries 157

Address configurations 157

Using the gui 157

Binding dynamic address entries 158

Click create 158

Dynamic address to load the following page 158

Enter the mac address vlan id and select a port to bind them together 158

Follow these steps to add a static mac address entry 158

Click apply 160

Dynamic address to load the following page 160

Follow these steps to modify the aging time of dynamic address entries 160

In the aging config section enable auto aging and enter your desired length of time 160

Modifying the aging time of dynamic address entries 160

Adding mac filtering address entries 161

Viewing address table entries 161

Adding static mac address entries 162

Address table to load the following page 162

Follow these steps to add static mac address entries 162

Using the cli 162

02 58 4f 6c 23 10 te1 0 1 config static no aging 163

Mac address table 163

Mac vlan port type aging 163

Switch config end 163

Switch config mac address table static 00 02 58 4f 6c 23 vid 10 interface ten gigabitethernet 1 0 1 163

Switch config show mac address table static 163

Switch configure 163

Switch copy running config startup config 163

The following example shows how to add a static mac address entry with mac address 00 02 58 4f 6c 23 vlan 10 and port 1 when a packet is received in vlan 10 with this address as its destination the packet will be forwarded only to port 1 163

Total mac addresses for this criterion 1 163

Adding mac filtering address entries 164

Aging time is 500 sec 164

Follow these steps to add mac filtering address entries 164

Follow these steps to modify the aging time of dynamic address entries 164

Modifying the aging time of dynamic address entries 164

Switch config end 164

Switch config mac address table aging time 500 164

Switch config show mac address table aging time 164

Switch configure 164

Switch copy running config startup config 164

The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 164

Configuring mac notification traps 166

Security configurations 166

Using the gui 166

Configure snmp and set a management host for detailed snmp configurations please refer to configuring snmp rmon 167

In the mac notification global config section enable this feature configure the relevant options and click apply 167

In the mac notification port config section select your desired port and enable its notification traps you can enable these three types learned mode change exceed max learned and new mac learned click apply 167

Limiting the number of mac addresses in vlans 167

Mac vlan security to load the following page 167

Choose the mode that the switch adopts when the maximum number of mac addresses in the specified vlan is exceeded 168

Click create 168

Configuring mac notification traps 168

Enter the vlan id to limit the number of mac addresses that can be learned in the specified vlan 168

Enter your desired value in max learned mac to set a threshold 168

Follow these steps to configure mac notification traps 168

Follow these steps to limit the number of mac addresses in vlans 168

Using the cli 168

Now you have configured mac notification traps to receive notifications you need to further enable snmp and set a management host for detailed snmp configurations please refer to configuring snmp rmon 169

Switch config interface ten gigabitethernet 1 0 1 169

Switch config mac address table notification global status enable 169

Switch config mac address table notification interval 10 169

Switch configure 169

The following example shows how to enable new mac learned trap on port 1 and set the interval time as 10 seconds after you have further configured snmp the switch will bundle notifications of new addresses in every 10 seconds and send to the management host 169

Follow these steps to limit the number of mac addresses in vlans 170

Limiting the number of mac addresses in vlans 170

Mac notification global config 170

Notification global status enable 170

Notification interval 10 170

Port lrnmode change exceed max limit new mac learned 170

Switch config if end 170

Switch config if mac address table notification new mac learned enable 170

Switch config if show mac address table notification interface ten gigabitethernet 1 0 1 170

Switch copy running config startup config 170

Table full notification status disable 170

Te1 0 1 disable disable enable 170

Configuration scheme 172

Example for security configurations 172

Network requirements 172

Using the gui 173

Using the cli 174

Verify the configurations 174

Appendix default parameters 175

Default settings of the mac address table are listed in the following tables 175

Chapters 176

Configuring 802 q vlan 176

Part 7 176

Overview 177

Configuring the pvid of the port 178

Q vlan configuration 178

Using the gui 178

Configuring the vlan 179

Enter a vlan id and a description for identification to create a vlan 179

Follow these steps to configure vlan 179

Vlan config and click create to load the following page 179

Click apply 180

Creating a vlan 180

Follow these steps to create a vlan 180

Select the untagged port s and the tagged port s respectively to add to the created vlan based on the network topology 180

Switch config vlan 2 180

Switch config vlan name rd 180

Switch configure 180

The following example shows how to create vlan 2 and name it as rd 180

Using the cli 180

Will forward untagged packets in the target vlan 180

Configuring the pvid of the port 181

Follow these steps to configure the port 181

Link type general 181

Member in lag n a 181

Member in vlan 181

Port te1 0 5 181

Pvid 2 181

Rd active 181

Switch config if show interface switchport ten gigabitethernet 1 0 5 181

Switch config if switchport pvid 2 181

Switch config interface ten gigabitethernet 1 0 5 181

Switch config vlan end 181

Switch config vlan show vlan id 2 181

Switch configure 181

Switch copy running config startup config 181

The following example shows how to configure the pvid of port 1 0 5 as vlan 2 181

Vlan name status ports 181

Adding the port to the specified vlan 182

Follow these steps to add the port to the specified vlan 182

Port te1 0 5 182

Pvid 2 182

Switch config if end 182

Switch config if show interface switchport ten gigabitethernet 1 0 5 182

Switch config if switchport general allowed vlan 2 tagged 182

Switch config interface ten gigabitethernet 1 0 5 182

Switch configure 182

Switch copy running config startup config 182

System vlan untagged 182

The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as tagged 182

Vlan name egress rule 182

Configuration example 184

Configuration scheme 184

Network requirements 184

Network topology 185

Using the gui 185

Using the cli 187

Verify the configurations 188

Appendix default parameters 189

Default settings of 802 q vlan are listed in the following table 189

Chapters 190

Configuring mac vlan 190

Part 8 190

Overview 191

Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address rather than the access port determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 191

The figure below shows a common application scenario of mac vlan 191

Two departments share all the meeting rooms in the company but use different servers and l 191

Vlan is generally divided by ports this way of division is simple but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office a terminal device may access the switch via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their original vlans even when their access ports change 191

Configuring 802 q vlan 192

Mac vlan configuration 192

Using the gui 192

Binding the mac address to the vlan 193

By default mac vlan is disabled on all ports you need to enable mac vlan for your desired ports manually 193

Click create to create the mac vlan 193

Enabling mac vlan for the port 193

Enter the mac address of the device give it a description and enter the vlan id to bind it to the vlan 193

Follow these steps to bind the mac address to the vlan 193

Mac vlan to load the following page 193

Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 194

Binding the mac address to the vlan 194

Configuring 802 q vlan 194

Follow these steps to bind the mac address to the vlan 194

Follow these steps to enable mac vlan for the port 194

Port enable to load the following page 194

Select your desired ports to enable mac vlan and click apply 194

Using the cli 194

19 56 8a 4c 71 dept a 10 195

Enabling mac vlan for the port 195

Follow these steps to enable mac vlan for the port 195

Mac addr name vlan id 195

Switch config end 195

Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 195

Switch config show mac vlan vlan 10 195

Switch configure 195

Switch copy running config startup config 195

The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 195

Configuration example 197

Configuration scheme 197

Create vlan 10 and vlan 20 on each of the three switches set different port types and add the ports to the vlans based on the network topology note for the ports 197

Network requirements 197

Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 197

You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 197

Using the gui 198

Using the cli 201

Verify the configurations 203

Depta active te1 0 2 te1 0 3 te1 0 4 204

Deptb active te1 0 2 te1 0 3 te1 0 5 204

Appendix default parameters 205

Default settings of mac vlan are listed in the following table 205

Chapters 206

Configuring protocol vlan 206

Part 9 206

Overview 207

Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze special fields of received packets encapsulate the packets in specific formats and forward the packets of different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services of network users 207

The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 207

Configuring 802 q vlan 208

Protocol vlan configuration 208

Using the gui 208

Configuring protocol vlan 209

Creating protocol template 209

Configuring 802 q vlan 210

Using the cli 210

Arp ethernetii ether type 0806 211

At snap ether type 809b 211

Creating a protocol template 211

Follow these steps to create a protocol template 211

Index protocol name protocol type 211

Ip ethernetii ether type 0800 211

Ipv6 ethernetii ether type 86dd 211

Ipx snap ether type 8137 211

Rarp ethernetii ether type 8035 211

Switch config end 211

Switch config protocol template name ipv6 frame ether_2 ether type 86dd 211

Switch config show protocol vlan template 211

Switch configure 211

The following example shows how to create an ipv6 protocol template 211

Arp ethernetii ether type 0806 212

Configuring protocol vlan 212

Follow these steps to configure protocol vlan 212

Index protocol name protocol type 212

Ip ethernetii ether type 0800 212

Rarp ethernetii ether type 8035 212

Switch config show protocol vlan template 212

Switch configure 212

Switch copy running config startup config 212

The following example shows how to bind the ipv6 protocol template to vlan 10 212

A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 214

Configuration example 214

Configuration scheme 214

Network requirements 214

The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 214

You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 214

Using the gui 215

Using the cli 220

Verify the configurations 222

Appendix default parameters 224

Default settings of protocol vlan are listed in the following table 224

Chapters 225

Configuring private vlan 225

Part 10 225

Overview 226

If private vlan is configured on switch b switch a only needs to recognize primary vlan vlan5 and end users can be isolated by secondary vlans vlan2 vlan3 and vlan4 saving vlan resources for switch a 227

Creating private vlan 228

Private vlan configurations 228

Using the gui 228

Click create 229

Configuring the up link port 229

In the port config section select the port to be configured set the port type as promiscuous and enter the ids of primary vlan and secondary vlan 229

Port config to load the following page 229

The switch requires that only access port can be added to a private vlan 229

Click apply 230

Configuring the down link port 230

In the port config section select the port to be configured set the port type as host and enter the ids of primary vlan and secondary vlan 230

Port config to load the following page 230

The switch requires that only access port can be added to a private vlan 230

Click apply 231

Creating private vlan 231

Using the cli 231

Community 232

Primary secondary type ports 232

Switch config 232

Switch config end 232

Switch config show vlan private vlan 232

Switch config vlan 5 232

Switch config vlan 6 232

Switch config vlan exit 232

Switch config vlan private vlan association 5 232

Switch config vlan private vlan community 232

Switch config vlan private vlan primary 232

Switch copy running config startup config 232

The following example shows how to create primary vlan 6 and secondary vlan 5 set the secondary vlan type as community and pair primary vlan 6 with secondary vlan 5 as a private vlan 232

Configuring the up link port 233

Switch config 233

The following example shows how to configure the port type of port 1 0 2 as promiscuous and add it to the private vlan composed of primary vlan 6 and secondary vlan 5 233

The switch requires that only access port can be added to a private vlan 233

Community te1 0 2 234

Configuring the down link port 234

Port type 234

Primary secondary type ports 234

Switch config end 234

Switch config if exit 234

Switch config if switchport private vlan promiscuous 234

Switch config interface ten gigabitethernet 1 0 2 234

Switch config show vlan private vlan 234

Switch config show vlan private vlan interface ten gigabitethernet 1 0 2 234

Switch copy running config startup config 234

Swtich config if switchport private vlan mapping 6 5 234

Te1 0 2 promiscuous 234

The switch requires that only access port can be added to a private vlan 234

Community te1 0 3 235

Port type 235

Primary secondary type ports 235

Switch config 235

Switch config end 235

Switch config if exit 235

Switch config if switchport private vlan host 235

Switch config interface ten gigabitethernet 1 0 3 235

Switch config show vlan private vlan 235

Switch config show vlan private vlan interface ten gigabitethernet 1 0 3 235

Switch copy running config startup config 235

Swtich config if switchport private vlan host association 6 5 community 235

Te1 0 3 host 235

The following example shows how to configure the port type of port 1 0 3 as host and add it to the private vlan composed of primary vlan 6 and secondary vlan 5 235

Configuration example 236

Configuration scheme 236

Network requirements 236

Network topology 236

Configurations for switch a 237

Creating private vlan 237

Pvlan config to load the following page create primary vlan 6 and secondary vlan 5 select community as the secondary vlan type click create and primary vlan 6 is paired with secondary vlan 5 similarly create primary vlan 6 and secondary vlan 7 select community as the secondary vlan type click create and primary vlan 6 is paired with secondary vlan 7 237

Using the gui 237

Using the cli 239

Verify the configurations 241

Appendix default parameters 242

Default settings of private vlan are listed in the following tables 242

Chapters 243

Configuring spanning tree 243

Part 11 243

Basic concepts 244

Overview 244

Spanning tree 244

Stp rstp concepts 244

Bridge id 245

Port role 245

Root bridge 245

Port status 246

Path cost 247

Root path cost 247

Mst instance 248

Mst region 248

Mstp concepts 248

Stp security 249

Vlan instance mapping 249

Configuring stp rstp parameters on ports 252

Stp rstp configurations 252

Using the gui 252

Click apply 254

Configuring stp rstp globally 254

Stp config to load the following page 254

Follow these steps to configure stp rstp globally 255

In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 255

In the parameters config section configure the global parameters of stp rstp and click apply 255

Stp summary to load the following page 256

The stp summary section shows the summary information of spanning tree 256

Verify the stp rstp information of your switch after all the configurations are finished 256

Verifying the stp rstp configurations 256

Configuring stp rstp parameters on ports 257

Follow these steps to configure stp rstp parameters on ports 257

Using the cli 257

Switch config if show spanning tree interface ten gigabitethernet 1 0 3 258

Switch config if spanning tree 258

Switch config if spanning tree common config port priority 32 258

Switch config interface ten gigabitethernet 1 0 3 258

Switch configure 258

The following example shows how to enable spanning tree function on port 1 0 3 and configure the port priority as 32 258

Configuring global stp rstp parameters 259

Follow these steps to configure global stp rstp parameters of the switch 259

Interface state prio ext cost int cost edge p2p mode role status 259

Switch config if end 259

Switch copy running config startup config 259

Te1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 259

Enable rstp 36864 2 12 20 5 20 260

Enabling stp rstp globally 260

Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 260

State mode priority hello time fwd time max age hold count max hops 260

Switch config end 260

Switch config show spanning tree bridge 260

Switch config spanning tree priority 36864 260

Switch config spanning tree timer forward time 12 260

Switch configure 260

Switch copy running config startup config 260

This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 260

Configuring parameters on ports in cist 262

Mstp configurations 262

Using the gui 262

Besides configure the priority of the switch the priority and path cost of ports in the desired instance 264

Click apply 264

Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 264

Configuring the mstp region 264

Configuring the region name and revision level 264

Region config to load the following page 264

Configuring mstp globally 269

Follow these steps to configure mstp globally 269

In the parameters config section configure the global parameters of mstp and click apply 269

Stp config to load the following page 269

In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 270

Stp summary to load the following page 271

The stp summary section shows the summary information of cist 271

Verifying the mstp configurations 271

Configuring parameters on ports in cist 272

Follow these steps to configure the parameters of the port in cist 272

The mstp summary section shows the information in mst instances 272

Using the cli 272

Switch configure 273

This example shows how to enable spanning tree function for port 1 0 3 and configure the port priority as 32 273

Configuring the mst region 274

Configuring the mstp region 274

Follow these steps to configure the mst region and the priority of the switch in the instance 274

Interface prio cost role status 274

Interface state prio ext cost int cost edge p2p mode role status 274

Mst instance 0 cist 274

Mst instance 5 274

Switch config if end 274

Switch config if show spanning tree interface ten gigabitethernet 1 0 3 274

Switch config if spanning tree 274

Switch config if spanning tree common config port priority 32 274

Switch config interface ten gigabitethernet 1 0 3 274

Switch copy running config startup config 274

Te1 0 3 144 200 n a lnkdwn 274

Te1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 274

Region name r1 275

Revision 100 275

Switch config mst instance 5 vlan 2 6 275

Switch config mst name r1 275

Switch config mst revision 100 275

Switch config mst show spanning tree mst configuration 275

Switch config spanning tree mst configuration 275

Switch configure 275

This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 275

7 4094 276

Configuring the parameters on ports in instance 276

Follow these steps to configure the priority and path cost of ports in the specified instance 276

Mst instance vlans mapped 276

Switch config mst end 276

Switch copy running config startup config 276

Configuring global mstp parameters 277

Switch config spanning tree priority 36864 278

Switch configure 278

This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 278

Enable mstp 36864 2 12 20 8 25 279

Enabling spanning tree globally 279

Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 279

State mode priority hello time fwd time max age hold count max hops 279

Switch config if end 279

Switch config if show spanning tree bridge 279

Switch config if spanning tree hold count 8 279

Switch config if spanning tree max hops 25 279

Switch config if spanning tree timer forward time 12 279

Switch config show spanning tree active 279

Switch config spanning tree 279

Switch config spanning tree mode mstp 279

Switch configure 279

Switch copy running config startup config 279

This example shows how to configure the spanning tree mode as mstp and enable spanning tree function globally 279

Configuring the stp security 282

Stp security configurations 282

Using the gui 282

Configure the port protect features for the selected ports and click apply 283

Optional configuring the threshold and cycle of tc protect 283

When you enable tc protect function on ports set the tc threshold and tc protect cycle here if the number of the received tc bpdus exceeds the maximum number you set in the tc threshold field the switch will not remove mac address entries in the tc protect cycle 283

Configure the parameters of tc protect feature and click apply 284

Configuring the stp security 284

Featur 284

Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 284

Tc protect to load the following page 284

Using the cli 284

Switch config if show spanning tree interface security ten gigabitethernet 1 0 3 285

Switch config if spanning tree bpdufilter 285

Switch config if spanning tree bpduguard 285

Switch config if spanning tree guard loop 285

Switch config if spanning tree guard root 285

Switch config interface ten gigabitethernet 1 0 3 285

Switch configure 285

This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 285

Configuring the tc protect 286

Follow these steps to configure tc protect feature for ports 286

Interface bpdu filter bpdu guard loop protect root protect tc protect 286

Switch config if end 286

Switch copy running config startup config 286

Te1 0 3 enable enable enable enable disable 286

This example shows how to enable the tc protect function on port 1 0 3 with the tc threshold is 25 and the tc protect cycle is 8 286

As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 288

Configuration example for mstp 288

Configuration scheme 288

Here we configure two instances to meet the requirement as is shown below 288

It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 288

Mstp backwards compatible with stp and rstp can map vlans to instances to enable load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 288

Network requirements 288

To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 288

Using the gui 289

Instance port config to load the following page set the path cost of port 1 0 1 in instance 1 as 400000 291

Instance port config to load the following page set the path cost of port 1 0 2 in instance 2 as 400000 295

Using the cli 300

Verify the configurations 302

Appendix default parameters 307

Default settings of the spanning tree feature are listed in the following table 307

Chapters 309

Configuring layer 2 multicast 309

Part 12 309

Layer 2 multicast 310

Overview 310

Configuration guide 286 311

Configuring layer 2 multicast layer 2 multicast 311

Demonstrated as below 311

Figure 1 1 igmp snooping 311

Layer 2 multicast protocol for ipv4 igmp snooping 311

Layer 2 multicast protocol for ipv6 mld snooping 311

On the layer 2 device igmp snooping transmits data on demand on data link layer by analyzing igmp packets between layer 3 devices and users to build and maintain layer 2 multicast forwarding table 311

On the layer 2 device mld snooping multicast listener discovery snooping transmits data on demand on data link layer by analyzing igmp packets between layer 3 devices and users to build and maintain layer 2 multicast forwarding table 311

Supported layer 2 multicast protocols 311

Configuring igmp snooping globally 312

Igmp snooping configurations 312

Using the gui 312

Click apply 313

Configure unknown multicast as forward or discard 313

Configuring router port time and member port time 313

Enable or disable report message suppression globally 313

Enabling report message suppression can reduce the number of packets in the network 313

Follow these steps to configure report message suppression 313

Follow these steps to configure the aging time of the router ports and the member ports 313

Follow these steps to configure unknown multicast 313

Optional configuring report message suppression 313

Snooping config page at the same time 313

Specify the aging time of the member ports 313

Specify the aging time of the router ports 313

Click apply 314

Configure the last listener query interval and last listener query count when the switch receives an igmp leave message if specified count of multicast address specific queries masqs are sent and no report message is received the switch will delete the multicast address from the multicast forwarding table 314

Configuring igmp snooping last listener query 314

Follow these steps to configure last listener query interval and last listener query count in the global config section 314

Igmp snooping status table displays vlans and ports with igmp snooping enabled 314

Specify the interval between masqs 314

Specify the number of masqs to be sent 314

Verifying igmp snooping status 314

Configuring the port s basic igmp snooping features 315

Enabling igmp snooping on the port 315

Optional configuring fast leave 315

Configuring igmp snooping globally in the vlan 316

Configuring igmp snooping in the vlan 316

Click create 317

Configure the forbidden router ports in the designate vlan 317

Configure the router ports in the designate vlan 317

Configuring the multicast vlan 317

Follow these steps to configure static router ports in the designate vlan 317

Follow these steps to forbid the selected ports to be the router ports in the designate vlan 317

In old multicast transmission mode when users in different vlans apply for data from the same multicast group the layer 3 device will duplicate this multicast data and deliver copies to the layer 2 devices 317

Optional configuring the forbidden router ports in the vlan 317

Optional configuring the static router ports in the vlan 317

With multicast vlan configured all multicast group members will be added to a vlan layer 3 device only need to send one piece of multicast data to a layer 2 device and the layer 2 device will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth and reduces network load of layer 3 devices 317

Creating multicast vlan and configuring basic settings 318

Click apply 319

Configure the new multicast source ip 319

Configure the router ports in the designate vlan 319

Configure the router ports in the multicast vlan 319

Follow these steps to configure static router ports in the multicast vlan 319

Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 319

Optional configuring the forbidden router ports 319

Optional configuring the static router ports 319

Optional creating replace source ip 319

This function allows you to use a new ip instead of the source ip to send data to multicast group members in the multicast vlan section follow these steps to configure replace source ip 319

This table displays all the dynamic router ports in the multicast vlan 319

Viewing dynamic router ports in the multicast vlan 319

Click add 320

Click apply 320

Configuring the querier 320

Follow these steps to configure the querier 320

Optional configuring the querier 320

Querier config to load the following page 320

Specify a vlan and configure the querier on this vlan 320

You can edit the settings in the igmp snooping querier table 320

Click create 321

Configuring igmp profile 321

Create a profile and configure its filtering mode 321

Creating profile 321

Enter the search condition in the search option field to search the profile in the igmp profile info table 321

Follow these steps to create a profile and configure its filtering mode 321

Profile config to load the following page 321

Searching profile 321

The igmp snooping querier table displays all the related settings of the igmp querier 321

Viewing settings of igmp querier 321

Binding profile and member ports 322

Click edit in the igmp profile info table edit its ip range and click add to save the settings 322

Click submit to save the settings click back to go back to the previous page 322

Editing ip range of the profile 322

Follow these steps to edit profile mode and its ip range 322

In the ip range table you can select an ip range and click delete to delete an ip range 322

Profile binding to load the following page 322

Binding profile and member ports 323

Click apply 323

Configuring max groups a port can join 323

Follow these steps to bind the profile to the port 323

Follow these steps to configure the maximum groups a port can join and overflow action 323

Select a port to configure its max group and overflow action 323

Select the port to be bound and enter the profile id in the profile id column 323

Click apply 324

Configuring auto refresh 324

Enable or disable auto refresh 324

Follow these steps to configure auto refresh 324

Packet statistic to load the following page 324

Viewing igmp statistics on each port 324

Click apply 325

Enabling igmp accounting and authentication 325

Igmp authentication to load the following 325

The igmp statistics table displays all kinds of igmp statistics of all the ports 325

Viewing igmp statistics 325

Configuring igmp accounting globally 326

Configuring igmp authentication on the port 326

Configuring static member port 326

Click create 327

Configuring static member port 327

Enter the multicast ip and vlan id specify the static member port 327

Follow these steps to configure static member port 327

Static multicast ip table displays details of all igmp static multicast groups 327

Viewing igmp static multicast groups 327

You can search igmp static multicast entries by using multicast ip vlan id or forward port as the search option 327

Enabling igmp snooping globally 328

Enabling igmp snooping on the port 328

Switch config ip igmp snooping 328

Switch configure 328

The following example shows how to enable igmp snooping globally and enable igmp snooping on port 1 0 3 328

Using the cli 328

Configuring igmp snooping parameters globally 329

Configuring report message suppression 329

Enable port te1 0 3 329

Enable vlan 329

Global authentication accounting disable 329

Global member age time 260 329

Global report suppression disable 329

Global router age time 300 329

Igmp snooping enable 329

Last query interval 1 329

Last query times 2 329

Switch config if end 329

Switch config if ip igmp snooping 329

Switch config if show ip igmp snooping 329

Switch config interface ten gigabitethernet 1 0 3 329

Switch copy running config startup config 329

Unknown multicast pass 329

Configuring unknown multicast 330

Enable port 330

Enable vlan 330

Global authentication accounting disable 330

Global member age time 260 330

Global report suppression enable 330

Global router age time 300 330

Igmp snooping enable 330

Last query interval 1 330

Last query times 2 330

Switch config if end 330

Switch config ip igmp snooping 330

Switch config ip igmp snooping report suppression 330

Switch config show ip igmp snooping 330

Switch configure 330

Switch copy running config startup config 330

The following example shows how to enable report message suppression 330

Unknown multicast pass 330

Configuring igmp snooping parameters on the port 331

Configuring router port time and member port time 331

Configuring fast leave 332

Configuring max group and overflow action on the port 333

Port igmp snooping fast leave 333

Switch config if end 333

Switch config if ip igmp snooping 333

Switch config if ip igmp snooping immediate leave 333

Switch config if show ip igmp snooping interface ten gigabitethernet 1 0 3 basic config 333

Switch config interface ten gigabitethernet 1 0 3 333

Switch config ip igmp snooping 333

Switch configure 333

Switch copy running config startup config 333

Te1 0 3 enable enable 333

The following example shows how to enable fast leave on port 1 0 3 333

Port max groups overflow action 334

Switch config if end 334

Switch config if ip igmp snooping 334

Switch config if ip igmp snooping max groups 500 334

Switch config if ip igmp snooping max groups action drop 334

Switch config if show ip igmp snooping interface ten gigabitethernet 1 0 3 max groups 334

Switch config interface ten gigabitethernet 1 0 3 334

Switch config ip igmp snooping 334

Switch configure 334

Te1 0 3 500 drop 334

The following example shows how to configure the max group as 500 and the overflow action as drop on port 1 0 3 334

Configuring igmp snooping last listener query 335

Enable port 335

Global authentication accounting disable 335

Global member age time 260 335

Global report suppression disable 335

Global router age time 300 335

Igmp snooping enable 335

Last query interval 5 335

Last query times 5 335

Switch config ip igmp snooping 335

Switch config ip igmp snooping last listener query count 5 335

Switch config ip igmp snooping last listener query interval 5 335

Switch config show ip igmp snooping 335

Switch configure 335

Switch copy running config startup config 335

The following example shows how to configure the last listener query count as 5 and the last listener query interval as 5 seconds 335

Unknown multicast pass 335

Configuring igmp snooping parameters in the vlan 336

Configuring router port time and member port time 336

Dynamic router port none 336

Enable vlan 336

Forbidden router port none 336

Member time 400 336

Router time 500 336

Static router port none 336

Switch config end 336

Switch config ip igmp snooping 336

Switch config ip igmp snooping vlan config 2 3 mtime 400 336

Switch config ip igmp snooping vlan config 2 3 rtime 500 336

Switch config show ip igmp snooping vlan 2 336

Switch configure 336

Switch copy running config startup config 336

The following example shows how to enable igmp snooping in vlan 2 and vlan 3 configure the router port time as 500 seconds and the member port time as 400 seconds 336

Vlan id 2 336

Configuring static router port 337

Dynamic router port none 337

Forbidden router port none 337

Member time 0 337

Member time 400 337

Router time 0 337

Router time 500 337

Static router port none 337

Switch config end 337

Switch config ip igmp snooping 337

Switch config ip igmp snooping vlan config 2 rport interface ten gigabitethernet 1 0 2 337

Switch config show ip igmp snooping vlan 2 337

Switch config show ip igmp snooping vlan 3 337

Switch configure 337

Switch copy running config startup config 337

The following example shows how to enable igmp snooping in vlan 2 and configure port 1 0 2 as the static router port 337

Vlan id 2 337

Vlan id 3 337

Configuring forbidden router port 338

Dynamic router port none 338

Forbidden router port none 338

Forbidden router port te1 0 4 6 338

Member time 0 338

Router time 0 338

Static router port none 338

Static router port te1 0 2 338

Switch config end 338

Switch config ip igmp snooping 338

Switch config ip igmp snooping vlan config 2 router ports forbidden interface ten gigabitethernet 1 0 4 6 338

Switch config show ip igmp snooping vlan 2 338

Switch configure 338

Switch copy running config startup config 338

The following example shows how to enable igmp snooping in vlan 2 and forbid port 1 0 4 6 from becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 338

Vlan id 2 338

2 static te1 0 9 10 339

Configuring static multicast multicast ip and forward port 339

Multicast ip vlan id addr type switch port 339

Switch config end 339

Switch config ip igmp snooping 339

Switch config ip igmp snooping vlan config 2 static 226 interface ten gigabitethernet 1 0 9 10 339

Switch config show ip igmp snooping groups static 339

Switch configure 339

Switch copy running config startup config 339

The following example shows how to configure 226 as the static multicast ip and specify port 1 0 9 10 as the forward ports 339

Configuring igmp snooping parameters in the multicast vlan 340

Configuring router port time and member port time 340

Dynamic router port none 340

Forbidden router port none 340

Member time 400 340

Multicast vlan enable 340

Replace source ip 0 340

Router time 500 340

Static router port none 340

Switch config end 340

Switch config ip igmp snooping 340

Switch config ip igmp snooping multi vlan config 5 mtime 400 340

Switch config ip igmp snooping multi vlan config 5 rtime 500 340

Switch config show ip igmp snooping multi vlan 340

Switch configure 340

The following example shows how to configure vlan 5 as the multicast vlan set the router port time as 500 seconds and the member port time as 400 seconds 340

Vlan id 5 340

Configuring static router port 341

Dynamic router port none 341

Forbidden router port none 341

Member time 260 341

Multicast vlan enable 341

Replace source ip 0 341

Router time 300 341

Static router port te1 0 5 341

Switch config end 341

Switch config ip igmp snooping 341

Switch config ip igmp snooping multi vlan config 5 rport interface ten gigabitethernet 1 0 5 341

Switch config show ip igmp snooping multi vlan 341

Switch configure 341

Switch copy running config startup config 341

The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 as the static router port 341

Vlan id 5 341

Configuring forbidden router port 342

Dynamic router port none 342

Forbidden router port te1 0 6 342

Member time 260 342

Multicast vlan enable 342

Replace source ip 0 342

Router time 300 342

Static router port none 342

Switch config end 342

Switch config ip igmp snooping 342

Switch config ip igmp snooping multi vlan config 5 router ports forbidden interface ten gigabitethernet 1 0 6 342

Switch config show ip igmp snooping multi vlan 342

Switch configure 342

Switch copy running config startup config 342

The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 as the forbidden router port 342

Vlan id 5 342

Configuring replace source ip 343

Dynamic router port none 343

Forbidden router port none 343

Member time 260 343

Multicast vlan enable 343

Replace source ip 192 68 343

Router time 300 343

Static router port none 343

Switch config end 343

Switch config ip igmp snooping 343

Switch config ip igmp snooping multi vlan config 5 replace sourceip 192 68 343

Switch config show ip igmp snooping multi vlan 343

Switch configure 343

Switch copy running config startup config 343

The following example shows how to configure vlan 5 as the multicast vlan and replace the source ip in the igmp packets sent by the switch with 192 68 343

Vlan id 5 343

Configuring query interval max response time and general query source ip 344

Configuring the querier 344

Enabling igmp querier 344

General query source ip 192 68 344

Maximum response time 10 344

Query interval 60 344

Switch config end 344

Switch config ip igmp snooping 344

Switch config ip igmp snooping querier vlan 4 344

Switch config show ip igmp snooping querier 344

Switch configure 344

Switch copy running config startup config 344

The following example shows how to enable igmp snooping and igmp querier in vlan 4 344

Vlan 4 344

General query source ip 192 68 345

Maximum response time 20 345

Query interval 100 345

Switch config end 345

Switch config ip igmp snooping 345

Switch config ip igmp snooping querier vlan 4 general query source ip 192 68 345

Switch config ip igmp snooping querier vlan 4 max response time 20 345

Switch config ip igmp snooping querier vlan 4 query interval 100 345

Switch config show ip igmp snooping querier 345

Switch configure 345

Switch copy running config startup config 345

The following example shows how to enable igmp snooping and igmp querier in vlan 4 set the query interval as 100 seconds the max response time as 20 seconds and the general query source ip as 192 68 345

Vlan 4 345

Configuring multicast filtering 346

Creating profile 346

Igmp profile 1 346

Switch config igmp profile deny 346

Switch config igmp profile range 226 226 0 346

Switch config igmp profile show ip igmp profile 346

Switch config ip igmp profile 1 346

Switch config ip igmp snooping 346

Switch configure 346

The following example shows how to configure profile 1 so that the switch filters multicast data sent to 226 226 0 346

Binding profile to the port 347

Igmp profile 1 347

Range 226 226 0 347

Switch config end 347

Switch config if ip igmp filter 1 347

Switch config if ip igmp snooping 347

Switch config if show ip igmp profile 347

Switch config igmp profile deny 347

Switch config igmp profile exit 347

Switch config igmp profile range 226 226 0 347

Switch config interface ten gigabitethernet 1 0 2 347

Switch config ip igmp profile 1 347

Switch config ip igmp snooping 347

Switch configure 347

Switch copy running config startup config 347

The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters multicast data sent to 226 226 0 347

Binding port s 348

Enabling igmp accounting and authentication 348

Enabling igmp authentication on the port 348

Port igmp authentication 348

Range 226 226 0 348

Switch config end 348

Switch config if ip igmp snooping 348

Switch config if ip igmp snooping authentication 348

Switch config if show ip igmp snooping interface ten gigabitethernet 1 0 2 authentication 348

Switch config interface ten gigabitethernet 1 0 2 348

Switch config ip igmp snooping 348

Switch configure 348

Switch copy running config startup config 348

Te1 0 2 348

The following example shows how to enable igmp authentication on port 1 0 2 348

Enabling igmp accounting globally 349

Switch config end 349

Switch copy running config startup config 349

Te1 0 2 enable 349

Configuring mld snooping 350

Configuring mld snooping globally 350

Using the gui 350

Click apply 351

Configure unknown multicast as forward or discard 351

Configuring router port time and member port time 351

Enable or disable report message suppression globally 351

Enabling report message suppression can reduce the number of packets in the network 351

Follow these steps to configure report message suppression 351

Follow these steps to configure the aging time of the router ports and the member ports 351

Follow these steps to configure unknown multicast 351

Optional configuring report message suppression 351

Snooping config page at the same time 351

Specify the aging time of the member ports 351

Specify the aging time of the router ports 351

Click apply 352

Configure the last listener query interval and last listener query count when the switch receives an mld leave message if specified count of multicast address specific queries masqs are sent and no report message is received the switch will delete the multicast address from the multicast forwarding table 352

Configuring mld snooping last listener query 352

Follow these steps to configure last listener query interval and last listener query count in the global config section 352

Mld snooping status table displays vlans and ports with mld snooping enabled 352

Specify the interval between masqs 352

Specify the number of masqs to be sent 352

Verifying mld snooping status 352

Configuring the port s basic mld snooping features 353

Enabling mld snooping on the port 353

Optional configuring fast leave 353

Configuring mld snooping globally in the vlan 354

Configuring mld snooping in the vlan 354

Click create 355

Configure the forbidden router ports in the designate vlan 355

Configure the router ports in the designate vlan 355

Configuring the multicast vlan 355

Follow these steps to configure static router ports in the designate vlan 355

Follow these steps to forbid the selected ports to be the router ports in the designate vlan 355

In old multicast transmission mode when users in different vlans apply for data from the same multicast group the layer 3 device will duplicate this multicast data and deliver copies to the layer 2 devices 355

Multicast vlan to load the following page 355

Optional configuring the forbidden router ports in the vlan 355

Optional configuring the static router ports in the vlan 355

With multicast vlan configured all multicast group members will be added to a vlan layer 3 device only need to send one piece of multicast data to a layer 2 device and the layer 2 device will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth and reduces network load of layer 3 devices 355

Creating multicast vlan and configuring basic settings 356

Enable multicast vlan configure the specific vlan to be the multicast vlan and configure the router port time and member port time 356

In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic settings 356

Set up the vlan that the router ports and the member ports are in for details please refer to configuring 802 q vlan 356

Click apply 357

Configure the new multicast source ip 357

Configure the router ports in the designate vlan 357

Configure the router ports in the multicast vlan 357

Follow these steps to configure static router ports in the multicast vlan 357

Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 357

Optional configuring the forbidden router ports 357

Optional configuring the static router ports 357

Optional creating replace source ip 357

This function allows you to use a new ip instead of the source ip to send data to multicast group members in the multicast vlan section follow these steps to configure replace source ip 357

This table displays all the dynamic router ports in the multicast vlan 357

Viewing dynamic router ports in the multicast vlan 357

Click add 358

Configuring the querier 358

Follow these steps to configure the querier 358

Optional configuring the querier 358

Querier config to load the following page 358

Specify a vlan and configure the querier on this vlan 358

The mld snooping querier table displays all the related settings of the mld querier 358

Viewing settings of mld querier 358

You can edit the settings in the mld snooping querier table 358

Click create 359

Configuring mld profile 359

Create a profile and configure its filtering mode 359

Creating profile 359

Enter the search condition in the search option field to search the profile in the mld profile info table 359

Follow these steps to create a profile and configure its filtering mode 359

Profile config to load the following page 359

Searching profile 359

Binding profile and member ports 360

Editing ip range of the profile 360

Binding profile and member ports 361

Click apply 361

Configuring max groups a port can join 361

Follow these steps to bind the profile to the port 361

Follow these steps to configure the maximum groups a port can join and overflow action 361

Select a port to configure its max group and overflow action 361

Select the port to be bound and enter the profile id in the profile id column 361

Click apply 362

Packet statistic to load the following page 362

Viewing mld statistics on each port 362

Configuring auto refresh 363

Configuring static member port 363

Viewing mld statistics 363

Click create 364

Configuring static member port 364

Enabling mld snooping globally 364

Enabling mld snooping on the port 364

Enter the multicast ip and vlan id specify the static member port 364

Follow these steps to configure static member port 364

Static multicast ip table displays details of all mld static multicast groups 364

Using the cli 364

Viewing mld static multicast groups 364

You can search mld static multicast entries by using multicast ip vlan id or forward port as the search option 364

Enable port te1 0 3 365

Enable vlan 365

Global member age time 260 365

Global report suppression disable 365

Global router age time 300 365

Last query interval 1 365

Last query times 2 365

Mld snooping enable 365

Switch config if end 365

Switch config if ipv6 mld snooping 365

Switch config if show ipv6 mld snooping 365

Switch config interface ten gigabitethernet 1 0 3 365

Switch config ipv6 mld snooping 365

Switch configure 365

Switch copy running config startup config 365

The following example shows how to enable mld snooping globally and enable mld snooping 365

Unknown multicast pass 365

Configuring mld snooping parameters globally 366

Configuring report message suppression 366

Enable port 366

Enable vlan 366

Global member age time 260 366

Global report suppression enable 366

Global router age time 300 366

Last query interval 1 366

Last query times 2 366

Mld snooping enable 366

Switch config end 366

Switch config ipv6 mld snooping 366

Switch config ipv6 mld snooping report suppression 366

Switch config show ipv6 mld snooping 366

Switch configure 366

Switch copy running config startup config 366

The following example shows how to enable report message suppression 366

Unknown multicast pass 366

Configuring unknown multicast 367

Enable port 367

Enable vlan 367

Global member age time 260 367

Global report suppression disable 367

Global router age time 300 367

Igmp snooping and mld snooping share the setting of unknown multicast so you have to enable igmp snooping globally at the same time 367

Last query interval 1 367

Last query times 2 367

Mld snooping enable 367

Switch config end 367

Switch config ip igmp snooping 367

Switch config ipv6 mld snooping 367

Switch config ipv6 mld snooping drop unknown 367

Switch config show ipv6 mld snooping 367

Switch configure 367

The following example shows how to configure the switch to discard unknown multicast data 367

Unknown multicast discard 367

Configuring mld snooping parameters on the port 368

Configuring router port time and member port time 368

Enable port 368

Enable vlan 368

Global member age time 200 368

Global report suppression disable 368

Global router age time 200 368

Last query interval 1 368

Last query times 2 368

Mld snooping enable 368

Switch config ipv6 mld snooping 368

Switch config ipv6 mld snooping mtime 200 368

Switch config ipv6 mld snooping rtime 200 368

Switch config show ipv6 mld snooping 368

Switch configure 368

Switch copy running config startup config 368

The following example shows how to configure the global router port time and member port time as 200 seconds 368

Unknown multicast pass 368

Configuring fast leave 369

Port mld snooping fast leave 369

Switch config end 369

Switch config if end 369

Switch config if ipv6 mld snooping 369

Switch config if ipv6 mld snooping immediate leave 369

Switch config if show ipv6 mld snooping interface ten gigabitethernet 1 0 3 basic config 369

Switch config interface ten gigabitethernet 1 0 3 369

Switch config ipv6 mld snooping 369

Switch configure 369

Switch copy running config startup config 369

Te1 0 3 enable enable 369

The following example shows how to enable fast leave on port 1 0 3 369

Configuring max group and overflow action on the port 370

Port max groups overflow action 370

Switch config if ipv6 mld snooping 370

Switch config if ipv6 mld snooping max groups 500 370

Switch config if ipv6 mld snooping max groups action drop 370

Switch config if show ipv6 mld snooping interface ten gigabitethernet 1 0 3 max groups 370

Switch config interface ten gigabitethernet 1 0 3 370

Switch config ipv6 mld snooping 370

Switch configure 370

The following example shows how to configure the max group as 500 and the overflow action as drop on port 1 0 3 370

Configuring mld snooping last listener query 371

Global member age time 260 371

Global report suppression disable 371

Global router age time 300 371

Last query interval 5 371

Last query times 5 371

Mld snooping enable 371

Switch config if end 371

Switch config ipv6 mld snooping 371

Switch config ipv6 mld snooping last listener query count 5 371

Switch config ipv6 mld snooping last listener query interval 5 371

Switch config show ipv6 mld snooping 371

Switch configure 371

Switch copy running config startup config 371

Te1 0 3 500 drop 371

The following example shows how to configure the last listener query count as 5 and the last listener query interval as 5 seconds 371

Unknown multicast pass 371

Configuring mld snooping parameters in the vlan 372

Configuring router port time and member port time 372

Dynamic router port none 372

Enable port 372

Enable vlan 372

Member time 400 372

Router time 500 372

Static router port none 372

Switch config end 372

Switch config ipv6 mld snooping 372

Switch config ipv6 mld snooping vlan config 2 3 mtime 400 372

Switch config ipv6 mld snooping vlan config 2 3 rtime 500 372

Switch config show ipv6 mld snooping vlan 2 372

Switch configure 372

Switch copy running config startup config 372

The following example shows how to enable mld snooping in vlan 2 and vlan 3 configure the router port time as 500 seconds and the member port time as 400 seconds 372

Vlan id 2 372

Configuring static router port 373

Dynamic router port none 373

Forbidden router port none 373

Member time 400 373

Router time 0 373

Router time 500 373

Static router port none 373

Switch config end 373

Switch config ipv6 mld snooping 373

Switch config ipv6 mld snooping vlan config 2 rport interface ten gigabitethernet 1 0 2 373

Switch config show ipv6 mld snooping vlan 2 373

Switch config show ipv6 mld snooping vlan 3 373

Switch configure 373

Switch copy running config startup config 373

The following example shows how to enable mld snooping in vlan 2 and configure port 1 0 2 as the static router port 373

Vlan id 2 373

Vlan id 3 373

Configuring forbidden router port 374

Dynamic router port none 374

Forbidden router port none 374

Member time 0 374

Router time 0 374

Static router port none 374

Static router port te1 0 2 374

Switch config 374

Switch config end 374

Switch config ipv6 mld snooping 374

Switch config ipv6 mld snooping vlan config 2 router ports forbidden interface ten gigabitethernet 1 0 4 6 374

Switch config show ipv6 mld snooping vlan 2 374

Switch copy running config startup config 374

The following example shows how to enable mld snooping in vlan 2 and forbid port 1 0 4 6 from becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 374

Vlan id 2 374

Configuring static multicast multicast ip and forward port 375

Ff01 1234 02 2 static te1 0 9 10 375

Forbidden router port te1 0 4 6 375

Multicast ip vlan id addr type switch port 375

Switch config end 375

Switch config ipv6 mld snooping 375

Switch config ipv6 mld snooping vlan config 2 static ff01 1234 02 interface ten gigabitethernet 1 0 9 10 375

Switch config show ipv6 mld snooping groups static 375

Switch configure 375

Switch copy running config startup config 375

The following example shows how to configure ff01 1234 02 as the static multicast ip and specify port 1 0 9 10 as the forward ports 375

Configuring mld snooping parameters in the multicast vlan 376

Configuring router port time and member port time 376

Dynamic router port none 376

Forbidden router port none 376

Member time 400 376

Multicast vlan enable 376

Replace source ip 376

Router time 500 376

Static router port none 376

Switch config end 376

Switch config ipv6 mld snooping 376

Switch config ipv6 mld snooping multi vlan config 5 mtime 400 376

Switch config ipv6 mld snooping multi vlan config 5 rtime 500 376

Switch config show ipv6 mld snooping multi vlan 376

Switch configure 376

The following example shows how to configure vlan 5 as the multicast vlan set the router port time as 500 seconds and the member port time as 400 seconds 376

Vlan id 5 376

Configuring static router port 377

Dynamic router port none 377

Forbidden router port none 377

Member time 260 377

Multicast vlan enable 377

Replace source ip 377

Router time 300 377

Static router port te1 0 5 377

Switch config end 377

Switch config ipv6 mld snooping 377

Switch config ipv6 mld snooping multi vlan config 5 rport interface ten gigabitethernet 1 0 5 377

Switch config show ipv6 mld snooping multi vlan 377

Switch configure 377

Switch copy running config startup config 377

The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 as the static router port 377

Vlan id 5 377

Configuring forbidden router port 378

Dynamic router port none 378

Forbidden router port te1 0 6 378

Member time 260 378

Multicast vlan enable 378

Replace source ip 378

Router time 300 378

Static router port none 378

Switch config end 378

Switch config ipv6 mld snooping 378

Switch config ipv6 mld snooping multi vlan config 5 router ports forbidden interface ten gigabitethernet 1 0 6 378

Switch config show ipv6 mld snooping multi vlan 378

Switch configure 378

Switch copy running config startup config 378

The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 as the forbidden router port 378

Vlan id 5 378

Configuring replace source ip 379

Dynamic router port none 379

Forbidden router port none 379

Member time 260 379

Multicast vlan enable 379

Replace source ip fe80 2ff ffff fe00 1 379

Router time 300 379

Static router port none 379

Switch config end 379

Switch config ipv6 mld snooping 379

Switch config ipv6 mld snooping multi vlan config 5 replace sourceip fe80 02ff ffff fe00 0001 379

Switch config show ipv6 mld snooping multi vlan 379

Switch configure 379

Switch copy running config startup config 379

The following example shows how to configure vlan 5 as the multicast vlan and replace the source ip in the mld packets sent by the switch with fe80 02ff ffff fe00 0001 379

Vlan id 5 379

Configuring query interval max response time and general query source ip 380

Configuring the querier 380

Enabling mld querier 380

General query source ip fe80 2ff ffff fe00 1 380

Maximum response time 10 380

Query interval 60 380

Switch config end 380

Switch config ipv6 mld snooping 380

Switch config ipv6 mld snooping querier vlan 4 380

Switch config show ipv6 mld snooping querier 380

Switch configure 380

Switch copy running config startup config 380

The following example shows how to enable mld snooping and mld querier in vlan 4 380

Vlan 4 380

General query source ip fe80 2ff ffff fe00 1 381

Maximum response time 20 381

Query interval 100 381

Switch config end 381

Switch config ipv6 mld snooping 381

Switch config ipv6 mld snooping querier vlan 4 general query source ip fe80 2ff ffff fe00 1 381

Switch config ipv6 mld snooping querier vlan 4 max response time 20 381

Switch config ipv6 mld snooping querier vlan 4 query interval 100 381

Switch config show ipv6 mld snooping querier 381

Switch configure 381

Switch copy running config startup config 381

The following example shows how to enable mld snooping and mld querier in vlan 4 set the query interval as 100 seconds the max response time as 20 seconds and the general query source ip as fe80 2ff ffff fe00 1 381

Vlan 4 381

Configuring multicast filtering 382

Creating profile 382

Mld profile 1 382

Switch config ipv6 mld profile 1 382

Switch config ipv6 mld snooping 382

Switch config mld profile deny 382

Switch config mld profile range ff01 1234 5 ff01 1234 8 382

Switch config mld profile show ipv6 mld profile 382

Switch configure 382

The following example shows how to configure profile 1 so that the switch filters multicast data sent to ff01 1234 5 ff01 1234 8 382

Binding profile to the port 383

Mld profile 1 383

Range ff01 1234 5 ff01 1234 8 383

Switch config end 383

Switch config if ipv6 mld filter 1 383

Switch config if ipv6 mld snooping 383

Switch config if show ipv6 mld profile 383

Switch config interface ten gigabitethernet 1 0 2 383

Switch config ipv6 mld profile 1 383

Switch config ipv6 mld snooping 383

Switch config mld profile deny 383

Switch config mld profile exit 383

Switch config mld profile range ff01 1234 5 ff01 1234 8 383

Switch configure 383

Switch copy running config startup config 383

The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters multicast data sent to ff01 1234 5 ff01 1234 8 383

Using the gui 385

Viewing ipv4 multicast snooping configurations 385

Viewing ipv6 multicast snooping configurations 385

Viewing multicast snooping configurations 385

Using the cli 386

Viewing ipv4 multicast snooping configurations 386

Viewing ipv6 multicast snooping configurations 387

Configuration examples 389

Configuration scheme 389

Example for configuring basic igmp snooping 389

Network requirements 389

Using the gui 390

Vlan config to load the following page create vlan 10 and add untagged port 1 0 1 3 and tagged port 1 0 4 to vlan 10 391

Port config to load the following page configure the pvid of port 1 0 1 4 as 10 392

Using the cli 394

Verify the configurations 395

Configuration scheme 396

Example for configuring multicast vlan 396

Network requirements 396

Network topology 396

Demonstrated with t1700x 16ts this section provides configuration procedures in two ways using the gui and using the cli 397

Internet 397

Snooping config to load the following page enable igmp snooping globally and keep the default values in the router port time and member port time fields 397

Using the gui 397

Snooping config to load the following page enable igmp snooping on port 1 0 1 4 398

Using the cli 400

Verify the configurations 401

Example for configuring unknown multicast and fast leave 402

Network requirement 402

Configuration scheme 403

Using the gui 403

Port config to load the following page enable igmp snooping on port 1 0 2 and port 1 0 4 and enable fast leave on port 1 0 2 404

Vlan config to load the following page enable igmp snooping in vlan 10 405

Using the cli 406

Verify the configurations 406

Configuration scheme 407

Example for configuring multicast filtering 407

Network requirements 407

Network topology 407

Demonstrated with t1700x 16ts this section provides configuration procedures in two ways using the gui and using the cli 408

Internet 408

Snooping config to load the following page enable igmp snooping globally and keep the default values in the router port time and member port time fields 408

Using the gui 408

Snooping config to load the following page 409

Using the cli 415

Verify the configurations 417

Appendix default parameters 418

Default parameters for igmp snooping 418

Default parameters for mld snooping 419

Chapters 421

Configuring logical interfaces 421

Part 13 421

Interfaces of a device are used to exchange data and interact with interfaces of other network devices interfaces are classified into physical interfaces and logical interfaces 422

Logical interfaces are manually configured and do not physically exist such as loopback interfaces and routing interfaces 422

Overview 422

Physical interfaces are the ports on the front panel or rear panel of the switch 422

This chapter introduces the configurations for logical interfaces the supported types of logical interfaces are shown as below 422

Creating a layer 3 interface 423

Logical interfaces configurations 423

Using the gui 423

Configuring ipv4 parameters of the interface 424

Figure 2 424

In the interface list section you can view the corresponding interface entry you create 424

In the modify interface section specify an interface id and configure relevant parameters for the interface according to your actual needs then click apply 424

List section on the corresponding interface entry click edit to load the following page and configure the ipv4 parameters of the interface 424

You can view the corresponding interface entry you create in the interface 424

Configuring ipv6 parameters of the interface 425

Figure 2 425

In the secondary ip create section configure the secondary ip for the specified interface which allows you to have two logical subnets using one physical subnet then click create 425

In the secondary ip list section you can view the corresponding secondary ip entry you create 425

List section on the corresponding interface entry click edit ipv6 to load the following page and configure the ipv6 parameters of the interface 425

You can view the corresponding interface entry you create in the interface 425

Configure the ipv6 link local address of the interface manually or automatically in the link local address config section then click apply 426

Enable ipv6 function on the interface of switch in the general config section then click apply 426

Configure one or more ipv6 global addresses of the interface via following three ways 427

Manually 427

Via dhcpv6 server 427

Via ra message 427

View the global address entry in the global address table 427

Creating a layer 3 interface 428

Figure 2 428

Follow these steps to create a layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 428

List section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 428

Using the cli 428

Viewing detail information of the interface 428

You can view the corresponding interface entry you create in the interface 428

Switch config if description vlan 2 429

Switch config if end 429

Switch config interface vlan 2 429

Switch configure 429

Switch copy running config startup config 429

The following example shows how to create a vlan interface with a description of vlan 2 429

Configuring ipv4 parameters of the interface 430

Follow these steps to configure the ipv4 parameters of the interface 430

Switch config if ip address 192 68 00 255 55 55 430

Switch config if no switchport 430

Switch config if show ip interface brief 430

Switch config interface ten gigabitethernet 1 0 1 430

Switch configure 430

The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 430

Configuring ipv6 parameters of the interface 431

Follow these steps to configure the ipv6 parameters of the interface 431

Interface ip address method status protocol shutdown te1 0 1 192 68 00 24 static up up no 431

Switch config if end 431

Switch copy running config startup config 431

Global address dhcpv6 enable 432

Global address ra disable 432

Global unicast address es ff02 1 ff13 237b 432

Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 432

Joined group address es ff02 1 432

Switch config if ipv6 address autoconfig 432

Switch config if ipv6 address dhcp 432

Switch config if ipv6 enable 432

Switch config if show ipv6 interface 432

Switch config interface vlan 2 432

Switch configure 432

The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 432

Vlan2 is up line protocol is up 432

Appendix default parameters 434

Default settings of interface are listed in the following tables 434

Chapters 435

Configuring static routing 435

Part 14 435

Overview 436

In the ipv4 static route table section you can view and modify the ipv4 static routing entries 437

In the ipv4 static routing config section configure the corresponding parameters to add an ipv4 static route then click create 437

Ipv4 static routing config to load the following page 437

Ipv4 static routing configuration 437

Using the gui 437

C 192 68 24 is directly connected vlan1 438

Candidate default 438

Codes c connected s static 438

Follow these steps to create an ipv4 static route 438

S 192 68 24 1 0 via 192 68 vlan1 438

Switch config end 438

Switch config ip route 192 68 255 55 55 192 68 438

Switch config show ip route 438

Switch configure 438

Switch copy running config startup config 438

The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 438

Using the cli 438

Ipv6 static routing configuration 439

Using the gui 439

Candidate default 440

Codes c connected s static 440

Follow these steps to enable ipv6 routing function and create an ipv6 static route 440

Switch config ipv6 route 3200 64 3100 1234 440

Switch config show ipv6 route static 440

Switch configure 440

The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 440

Using the cli 440

Using the gui 442

Viewing ipv4 routing table 442

Viewing routing table 442

Ipv6 routing table to load the following page 443

On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 443

Using the cli 443

View the ipv6 routes in the ipv6 routing information summary section 443

Viewing ipv4 routing table 443

Viewing ipv6 routing table 443

On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 444

Viewing ipv6 routing table 444

Configuration scheme 445

Example for static routing 445

Network requirements 445

Using the gui 445

Using the cli 446

Verify the configurations 447

Appendix default parameter 449

Default setting of static routing is listed in the following table 449

Chapters 450

Configuring dhcp relay 450

Part 15 450

Dhcp relay is used to process and forward dhcp packets between different subnets 451

Dhcp relay solves this problem as the following figure shows the dhcp relay device acts as a relay agent and forwards dhcp packets between dhcp clients and dhcp servers on different subnets so that dhcp clients on different subnets can share one dhcp server 451

Overview 451

Since the client requests a dynamic ip address via broadcast the basic network model of dhcp requires that the client and the server should be on the same lan therefore each lan should be equipped with a dhcp server thus increasing the costs of network construction 451

Dhcp relay configuration 452

Enabling dhcp relay and configuring option 82 452

Using the gui 452

Click apply 453

Click create to specify the dhcp server for the interface 453

Dhcp server to load the following page 453

Follow these steps to specify dhcp server for the interface 453

In the add dhcp server address section select the interface type and enter the interface id and then enter the server address of the interface 453

Specifying dhcp server for the interface 453

Configuring option 82 454

Dhcp relay is enabled 454

Enabling dhcp relay 454

Follow these steps to configure option 82 454

Follow these steps to enable dhcp relay 454

Switch config end 454

Switch config service dhcp relay 454

Switch config show ip dhcp relay 454

Switch configure 454

Switch copy running config startup config 454

The following example shows how to enable dhcp relay 454

Using the cli 454

Dhcp relay option 82 is enabled 455

Existed option 82 field operation keep 455

Switch config end 455

Switch config ip dhcp relay information 455

Switch config ip dhcp relay information policy keep 455

Switch config show ip dhcp relay 455

Switch configure 455

The following example shows how to enable option 82 and configure the process of option 82 information as keep 455

Follow these steps to specify dhcp server for the interface 456

Specifying dhcp server for the interface 456

Switch config if ip helper address 192 68 456

Switch config interface vlan 66 456

Switch configure 456

Switch copy running config startup config 456

The following example shows how to configure the dhcp server address as 192 68 on vlan 66 456

Configuration example 458

Configuration scheme 458

Network requirements 458

Using the gui 459

Using the cli 460

Verify the configurations 460

Appendix default parameters 461

Default settings of dhcp relay are listed in the following table 461

Arp address resolution protocol is used to map ip addresses to mac addresses taking an ip address as input arp learns the associated mac address and stores the ip mac address association in an arp entry for rapid retrieval 463

Overview 463

Arp configurations 464

Using the gui 464

Viewing the arp entries 464

Adding static arp entries 465

Adding static arp entries manually 465

Configuring arp function 465

Follow these steps to add arp entries 465

Follow these steps to add static arp entries 465

In the arp config section enter the ip address and mac address and click create 465

Static arp to load the following page 465

Using the cli 465

You can add desired static arp entries by manually specifying the ip addresses and mac addresses 465

Configuring the aging time of dynamic arp entries 466

Follow these steps to configure the aging time of dynamic arp entries 466

Interface address hardware addr type 466

Switch config arp 192 68 00 11 22 33 44 55 arpa 466

Switch config end 466

Switch config show arp 192 68 466

Switch configure 466

Switch copy running config startup config 466

This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 466

Vlan1 192 68 00 11 22 33 44 55 static 466

Clearing dynamic entries 467

On privileged exec mode or any other configuration mode you can use the following command to view arp entries 467

Switch config if arp timeout 1000 467

Switch config if end 467

Switch config interface vlan 2 467

Switch configure 467

Switch copy running config startup config 467

This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for vlan interface 2 467

Viewing arp entries 467

Chapters 469

Configuring qos 469

Part 17 469

Bandwidth control 470

Diffserv 470

Overview 470

Supported features 470

802 p priority 471

Configuration guidelines 471

Diffserv configuration 471

Dscp priority 471

Port priority 471

Click apply 472

Configure the tag id cos id tc mapping relations 472

Configuring 802 p priority 472

Configuring priority mode 472

Follow these steps to configure the 802 p priority 472

P priority to load the following page 472

The instructions of the three priority modes are described respectively in this section 472

Using the gui 472

2p priorit 473

Click apply 473

Configure the dscp tc mapping relations 473

Configuring dscp priority 473

Dscp priority to load the following page 473

Enable dscp priority and click apply dscp priority is disabled by default 473

Follow these steps to configure the dscp priority 473

2p priority 474

Click apply 474

Configuring port priority 474

Follow these steps to configure the port priority 474

Port priority to load the following page 474

Select the desired port or lag to set its priority 474

Configure the schedule mode to control the forwarding sequence of different tc queues when congestion occurs 475

Configuring schedule mode 475

Follow these steps to configure the schedule mode 475

Optional configure the weight value of the each tc queue if the schedule mode is wrr of sp wrr 475

Schedule mode to load the following page 475

Select a schedule mode 475

Click apply 476

Configuring 802 priority 476

Configuring priority mode 476

The instructions of the three priority modes are described respectively in this section 476

Using cli 476

Configuring dscp priority 477

Dscp priority is disabled 477

P priority is enabled 477

Switch config end 477

Switch config qos queue cos map 2 0 477

Switch config show qos cos map 477

Switch config show qos status 477

Switch configure 477

Switch copy running config startup config 477

Tag 0 1 2 3 4 5 6 7 477

Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 477

The following example shows how to map cos2 to tc0 and keep other cos id tc as default 477

Configuring port priority 479

Select the desired port to set the priority packets from this ingress port are mapped to the tc queue based on port priority 479

Switch configure 479

The following example shows how to map port 1 3 to tc1 and keep other mapping relations as default 479

Configuring schedule mode 480

Bandwidth control configuration 483

Configuring rate limit 483

Using the gui 483

Click apply 484

Configuring storm control 484

Follow these steps to configure the storm control function 484

Select the port s and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames 484

Storm control to load the following page 484

Click apply 485

Configure the upper rate limit for the port to receive and send packets 485

Configuring rate limit on port 485

Using the cli 485

Configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames 486

Configuring storm control 486

Port ingressrate kbps egressrate kbps lag 486

Switch config if bandwidth ingress 5120 egress 1024 486

Switch config if end 486

Switch config if show bandwidth interface ten gigabitether net 1 0 5 486

Switch config interface ten gigabitethe rnet 1 0 5 486

Switch configure 486

Switch copy running config startup config 486

Te1 0 5 5120 1024 n a 486

The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 486

Configuration examples 489

Configuration scheme 489

Example for configuring sp mode 489

Network requirements 489

Using the gui 490

Using the cli 491

Example for configuring wrr mode 492

Network requirements 492

Verify the configuration 492

Configuration scheme 493

Configurations for switch a demonstrated with t1700x 16ts 493

Configure switch a to add different vlan tags to the packets from the two departments respectively 493

Configure switch b to classify the incoming packets from the two departments according to the vlan tags and to map them into different tc queues configure the schedule mode as wrr mode to implement the qos feature 493

This chapter provides configuration procedures in two ways using the gui and using the cli 493

Using the gui 493

Vlan config and click create to load the following page create vlan 10 with the description of rd add port 1 0 1 as an untagged port and port 1 0 3 as a tagged port to vlan 10 then click apply 493

Using the cli 502

Verify the configuration 504

Appendix default parameters 506

Diffserv 506

Disabled see table 5 4 for dscp cos id mapping relations 506

Enabled see table 5 3 for tag id cos id tc mapping relations 506

Bandwidth control 507

Chapters 508

Configuring voice vlan 508

Part 18 508

Overview 509

Because the voice vlan in automatic mode supports only tagged voice traffic you need to make sure traffic from the voice device is tagged to do so there are mainly two ways 511

Before configuring voice vlan you need to create a vlan for voice traffic for details about vlan configuration please refer to configuring 802 q vlan 511

Configuration guidelines 511

Configure voice vlan globally 511

Configure voice vlan mode on ports 511

Configuring lld 511

Create a vlan 511

If your switch provides the lldp med feature you can also configure it to instruct the voice device to send tagged voice traffic for details about lldp med please refer to 511

Only one vlan can be set as the voice vlan on the switch 511

Optional configure oui addresses 511

To apply the voice vlan configuration you may need to further configure pvid port vlan id and the link type of the port which is connected to voice devices we recommend that you choose the mode according to your needs and configure the port as the following table shows 511

To complete the voice vlan configuration follow these steps 511

Vlan 1 is a default vlan and cannot be configured as the voice vlan 511

Voice vlan configuration 511

You can configure the voice device to forward traffic with a voice vlan tag 511

Click create to add an oui address to the table 512

Enter an oui address and the corresponding mask and give a description about the oui address 512

Follow these steps to add oui addresses 512

If the oui address of your voice device is not in the oui table you need to add the oui address to the table 512

Optional configuring oui addresses 512

Oui config to load the following page 512

Using the gui 512

Click apply 513

Configuring voice vlan globally 513

Enable the voice vlan feature and enter a vlan id 513

Follow these steps to configure the voice vlan globally 513

Global config to load the following page 513

Set the aging time for the voice vlan 513

Specify a priority for the voice vlan 513

Configuring voice vlan mode on ports 514

Follow these steps to configure voice vlan mode on ports 514

Port config to load the following page 514

Select your desired ports and choose the port mode 514

Set the security mode for selected ports 514

Click apply 515

Follow these steps to configure the voice vlan 515

Using the cli 515

Avoid attacks from malicious data flows 518

Configuration example 518

Configuration scheme 518

Ip phones share switch ports used by computers because no more ports are available for ip phones 518

Network requirements 518

Network topology 518

Transmit voice traffic in an exclusive path with high quality 518

Configurations for switch a 519

Demonstrated with t1700x 16ts this chapter provides configuration procedures in two ways using the gui and using the cli 519

In the meeting room computers and ip phones are connected to different ports of switch b ports connected to ip phones use the voice vlan for voice traffic and ports connected to computers use the default vlan for data traffic 519

Internet 519

Using the gui 519

Vlan config and click create to load the following page create vlan 10 519

Voice traffics from switch a and switch b are forwarded to voice gateway and internet through switch c 519

Using the cli 527

Verify the configurations 529

Vlan name status ports 531

Voicevlan active te1 0 1 te1 0 2 te1 0 3 531

Appendix default parameters 532

Default settings of voice vlan are listed in the following tables 532

Chapters 533

Configuring acl 533

Part 19 533

Acl binding 534

Overview 534

Policy binding 534

Supported features 534

Acl configurations 535

Creating an acl 535

Using the gui 535

Configuring acl rules 536

Click apply 537

Configure the rule s packet matching criteria 537

Configuring the standard ip acl rule 537

Follow these steps to create the standard ip acl rule 537

Select a standard ip acl from the drop down list enter a rule id and specify the operation for the matched packets 537

Standard i 537

Standard ip acl to load the following page 537

Tandard i 537

Click apply 538

Configure the rule s packet matching criteria 538

Configuring the extend ip acl rule 538

Extend ip ac 538

Extend ip acl to load the following page 538

Follow these steps to create the extend ip acl rule 538

Select an extend ip acl from the drop down list enter a rule id and specify the operation for the matched packets 538

Click apply 539

Configure the rule s packet matching criteri 539

Configuring the ipv6 acl rule 539

Follow these steps to create the ipv6 acl rule 539

Ipv6 acl to load the following page 539

Select an ipv6 acl from the drop down list enter a rule id and specify the operation for the rule 539

Click apply 540

Configure the rule s packet matching criteri 540

In the acl rule table you can view all the acls and their rules you can also delete an acl or an acl rule or change the matching order if needed 540

The rules in an acl are listed in ascending order of configuration time regardless of their rule ids by default a rule configured earlier is listed before a rule configured later the switch matches a received packet with the rules in order when a packet matches a rule the device stops the match process and performs the action defined in the rule 540

Verifying the rule table 540

Configuring policy 541

Configuring the acl binding 542

Configuring the acl binding and policy binding 542

Verifying the binding configuration 545

Binding table to load the following page 546

Configuring acl 546

Configuring the mac acl 546

Follow the steps to create different types of acl and configure the acl rules 546

Using the cli 546

You can define the rules based on source or destination ip addresses source or destination mac addresses protocol type and so on 546

Mac access list 50 547

Rule 1 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 547

Switch config mac access list 50 547

Switch config mac acl end 547

Switch config mac acl rule 1 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 547

Switch config mac acl show access list 50 547

Switch configure 547

Switch copy running config startup config 547

The following example shows how to create mac acl 50 and configure rule 1 to permit packets with source mac address 00 34 a2 d4 34 b5 547

Configuring the standard ip acl 548

Standard ip access list 600 548

Switch config access list create 600 548

Switch config rule 1 permit sip 192 68 00 smask 255 55 55 55 548

Switch config show access list 600 548

Switch configure 548

The following example shows how to create standard ip acl 600 and configure rule 1 to permit packets with source ip address 192 68 00 548

Configuring the extend ip acl 549

Rule 1 permit sip 192 68 00 smask 255 55 55 55 549

Switch config end 549

Switch configure 549

Switch copy running config startup config 549

The following example shows how to create extend ip acl 1700 and configure rule7 to deny telnet packets with source ip192 68 00 549

Switch config access list create 3600 551

Switch config access list ipv6 3600 rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 551

Switch configure 551

The following example shows how to create ipv6 acl 3600 and configure rule 1 to deny packets with source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 551

Configuring policy 552

Follow the steps below to create a policy and configure the policy actions 552

Ipv6 access list 3600 552

Policy name rd 552

Rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff ff ffff ffff 552

Switch config access list policy action rd 600 552

Switch config access list policy name rd 552

Switch config action exit 552

Switch config end 552

Switch config show access list 3600 552

Switch config show access list policy rd 552

Switch configure 552

Switch copy running config startup config 552

The following example shows how to create policy rd and apply acl 600 to policy rd 552

Access list 600 553

Acl binding 553

Acl binding and policy binding 553

Switch config end 553

Switch config if access list bind acl 1 553

Switch config interface ten gigabitethe rnet 1 0 3 553

Switch configure 553

Switch copy running config startup config 553

The following example shows how to bind acl 1 to port 3 and acl 2 to vlan 4 553

You can bind the acl to a port or a vlan the received packets will then be matched and processed according to the acl rules 553

You can select acl binding or policy binding according to your needs an acl rule and policy takes effect only after they are bound to a port or vlan 553

Configuration example for acl 556

Configuration scheme 556

Network requirements 556

Network topology 556

Using the gui 557

Extend acl to load the following page configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and udp 443 https service port 558

Using the cli 561

Verify the configurations 562

Appendix default parameters 563

For extend ip acl 563

For ipv6 acl 563

For mac acl 563

For standard ip acl 563

Chapters 564

Configuring network security 564

Part 20 564

Dhcp snooping 565

Ip mac binding 565

Network security 565

Overview 565

Supported features 565

Arp inspection 566

Dos defend 567

Binding entries manually 569

Ip mac binding configurations 569

Using the gui 569

Arp scanning 570

Binding entries dynamically 570

Click bind 570

Select protect type for the entry 570

Select the port that is connected to this host 570

The binding entries can be dynamically learned from arp scanning and dhcp snooping 570

With arp scanning the switch sends the arp request packets of the specified ip field to the hosts upon receiving the arp reply packet the switch can get the ip address mac address vlan id and the connected port number of the host you can bind these entries conveniently 570

Arp scanning to load the following page 571

Follow these steps to configure ip mac binding via arp scanning 571

In the scanning option section specify an ip address range and a vlan id then click scan to scan the entries in the specified ip address range and vlan 571

In the scanning result section select one or more entries and configure the relevant parameters then click apply 571

Binding table to load the following page 572

Dhcp snooping 572

For instructions on how to configure dhcp snooping refer to dhcp snooping configurations 572

In the search section specify the search criteria to search your desired entries 572

Viewing the binding entries 572

With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 572

With the binding table you can view and search the specified binding entries 572

Binding entries manually 573

Binding entries via arp scanning is not supported by the cli binding entries via dhcp snooping is introduced in dhcp snooping configurations the following sections introduce how to bind entries manually and view the binding entries 573

Follow these steps to manually bind entries 573

In the binding table section you can view the searched entries additionally you can configure the host name and protect type for one or more entries and click apply 573

Using the cli 573

You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the related information of the hosts 573

Host1 192 68 5 aa bb cc dd ee ff 10 te1 0 5 arp d 574

Switch config end 574

Switch config ip source binding host1 192 68 5 aa bb cc dd ee ff vlan 10 interface ten gigabitethe rnet 1 0 5 arp detection 574

Switch config show ip source binding 574

Switch configure 574

Switch copy running config startup config 574

The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 574

U no host ip addr mac addr vid port acl col 574

On privileged exec mode or any other configuration mode you can use the following command to view binding entries 575

Viewing binding entries 575

Dhcp snooping configuration 576

Enabling dhcp snooping on vlan 576

Using the gui 576

Click apply 577

Configuring dhcp snooping on ports 577

Follow these steps to configure dhcp snooping on the specified port 577

Port config to load the following page 577

Select one or more ports and configure the parameters 577

Click apply 578

Follow these steps to configure option 82 578

Option 82 config to load the following page 578

Option 82 records the location of the dhcp client the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server administrators can check the location of the dhcp client via option 82 the dhcp server supporting option 82 can also set the distribution policy of ip addresses and other parameters providing a more flexible address distribution way 578

Optional configuring option 82 578

Select one or more ports and configure the parameters 578

Click apply 579

Follow these steps to globally configure dhcp snooping 579

Globally configuring dhcp snooping 579

Using the cli 579

Configuring dhcp snooping on ports 580

Follow these steps to configure dhcp snooping on the specified ports 580

Global status enable 580

Switch config if end 580

Switch config ip dhcp snooping 580

Switch config ip dhcp snooping vlan 5 580

Switch config show ip dhcp snooping 580

Switch configure 580

Switch copy running config startup config 580

The following example shows how to enable dhcp snooping globally and on vlan 5 580

Vlan id 5 580

Interface trusted mac verify limit rate dec rate lag 581

Switch config if end 581

Switch config if ip dhcp snooping decline rate 20 581

Switch config if ip dhcp snooping limit rate 10 581

Switch config if ip dhcp snooping mac verify 581

Switch config if ip dhcp snooping trust 581

Switch config if show ip dhcp snooping interface ten gigabitethe rnet 1 0 1 581

Switch config interface ten gigabitethe rnet 1 0 1 581

Switch configure 581

Switch copy running config startup config 581

Te1 0 1 enable enable 10 20 n a 581

The following example shows how to configure port 1 0 1 as a trusted port enable the mac verify feature and set the limit rate as 10 pps and decline rate as 20 pps on this port 581

Follow these steps to configure option 82 582

Option 82 records the location of the dhcp client the switch can add the option 82 to the dhcp request packet and then transmit the packet to the dhcp server administrators can check the location of the dhcp client via option 82 the dhcp server supporting option 82 can also set the distribution policy of ip addresses and other parameters providing more flexible address distribution way 582

Optional configuring option 82 582

Arp inspection configurations 584

Configuring arp detection 584

Using the gui 584

Arp defend to load the following page 585

Click apply 585

Configuring arp defend 585

Follow these steps to configure arp defend 585

Select one or more ports and configure the parameters 585

With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds when the transmission speed of the legal arp packet on the port exceeds the defined value so as to avoid arp attack flood 585

Viewing arp statistics 586

Configuring arp detection 587

Follow these steps to configure arp detection 587

Switch config ip arp inspection 587

Switch configure 587

The arp detection feature allows the switch to detect the arp packets basing on the binding entries in the ip mac binding table and filter the illegal arp packets before arp detection configuration complete ip mac binding configuration for details refer to ip mac binding configurations 587

The following example shows how to globally enable arp detection and configure port 1 0 1 as a trusted port 587

Using the cli 587

Arp detection global status enabled 588

Configuring arp defend 588

Follow these steps to configure arp defend 588

Port trusted 588

Switch config if end 588

Switch config if ip arp inspection trust 588

Switch config if show ip arp inspection 588

Switch config interface ten gigabitethe rnet 1 0 1 588

Switch copy running config startup config 588

Te1 0 1 yes 588

Te1 0 2 no 588

With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds when the transmission speed of the legal arp packet on the port exceeds the defined value so as to avoid arp attack flood 588

On privileged exec mode or any other configuration mode you can use the following command to view arp statistics 590

Switch copy running config startup config 590

Viewing arp statistics 590

Dos defend configuration 591

Dos defend to load the following page 591

Follow these steps to configure dos defend 591

In the configure section enable dos protection 591

In the defend table section select one or more defend types according to your needs the following table introduces each type of dos attack 591

Using the gui 591

Click apply 592

Follow these steps to configure dos defend 592

Using the cli 592

Switch configure 593

The following example shows how to enable the dos defend type named land 593

Configuring the radius server 595

Using the gui 595

X configuration 595

Click apply 596

Configuring the radius server group 596

Follow these steps to create a protocol template 596

In the server config section configure the parameters of radius server 596

You can configure the radius servers for authentication and accounting if multiple radius servers are available you are suggested to add them to different server groups respectively for authentication and accounting 596

Configuring 802 x globally 599

Follow these steps to configure 802 x global parameters 599

Global config to load the following page 599

In the global config section enable 802 x globally and click apply 599

In the authentication config section enable quiet configure the quiet timer and click apply 600

Configure 802 x authentication on the desired port and click apply 601

Configuring 802 x on ports 601

Port config to load the following page 601

Configuring the radius server 602

Follow these steps to configure radius 602

Using the cli 602

The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 603

Configuring 802 x globally 604

Authentication method pap 606

Configuring 802 x on ports 606

Follow these steps to configure the port 606

Guest vlan id n a 606

Guest vlan state disable 606

Handshake state enabled 606

Max retry times for radius packet 3 606

Quiet period state disable 606

Quiet period timer 10 sec 606

Supplicant timeout 3 sec 606

Switch config dot1x auth method pap 606

Switch config dot1x system auth control 606

Switch config end 606

Switch config show dot1x global 606

Switch configure 606

Switch copy running config startup config 606

The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 606

X accounting state disable 606

X state enabled 606

Switch config if dot1x 607

Switch config if dot1x port control auto 607

Switch config if dot1x port method port based 607

Switch config interface ten gigabitethe rnet 1 0 2 607

Switch configure 607

The following example shows how to enable 802 x authentication on port 1 0 2 configure the control type as port based and configure the control mode as auto 607

Aaa configuration 609

Configuration guidelines 609

Adding servers 610

Globally enabling aaa 610

Using the gui 610

Adding tacacs server 611

Click add to add the radius server on the switch 611

Follow these steps to add a tacacs server 611

In the server config section configure the following parameters 611

Tacacs conifg to load the following page 611

Configuring server groups 612

Configuring the method list 613

Click add to add the new method 614

Click apply 614

Configuring the aaa application list 614

Follow these steps to configure the aaa application list 614

Global config to load the following page 614

In the aaa application list section select an access application and configure the login list and enable list 614

In the add method list section configure the parameters for the method to be added 614

Configuring login account and enable password 615

Aaa global status enable 616

Adding radius server 616

Adding servers 616

Follow these steps to add radius server on the switch 616

Follow these steps to globally enable aaa 616

Globally enabling aaa 616

Switch config aaa enable 616

Switch config end 616

Switch config show aaa global 616

Switch configure 616

Switch copy running config startup config 616

The following example shows how to globally enable aaa 616

Using the cli 616

You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server with the highest priority authenticates the users trying to access the switch and the others act as backup servers in case the first one breaks down 616

68 0 1812 1813 8 3 123456 617

Server ip auth port acct port timeout retransmit shared key 617

Switch config end 617

Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 617

Switch config show radius server 617

Switch configure 617

The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 617

68 0 49 8 123456 618

Adding tacacs server 618

Follow these steps to add tacacs server on the switch 618

Server ip port timeout shared key 618

Switch config end 618

Switch config show tacacs server 618

Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 618

Switch configure 618

Switch copy running config startup config 618

The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 618

Configuring server groups 619

Switch aaa group server 192 68 0 619

Switch aaa group show aaa group radius1 619

Switch config aaa group radius radius1 619

Switch configure 619

Switch copy running config startup config 619

The following example shows how to create a radius server group named radius1 and add the existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 619

The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 619

The two default server groups cannot be deleted or edited follow these steps to add a server group 619

A method list describes the authentication methods and their sequence to authenticate the users the switch supports login method list for users of all types to gain access to the switch and enable method list for guests to get administrative privileges 620

Configuring the method list 620

Follow these steps to configure the method list 620

Switch aaa group end 620

Switch config aaa authentication login login1 radius local 620

Switch config show aaa authentication login 620

Switch configure 620

Switch copy running config startup config 620

The following example shows how to create a login method list named login1 and configure the method 1 as the default radius server group and the method 2 as local 620

Configuring the aaa application list 621

Follow these steps to apply the login and enable method lists for the application ssh 622

Http default default 622

Module login list enable list 622

Ssh default default 622

Switch config line enable authentication enable1 622

Switch config line end 622

Switch config line login authentication login1 622

Switch config line show aaa global 622

Switch config line telnet 622

Switch configure 622

Switch copy running config startup config 622

Telnet login1 enable1 622

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 622

Follow these steps to apply the login and enable method lists for the application http 623

Http default default 623

Module login list enable list 623

Ssh login1 enable1 623

Switch config line enable authentication enable1 623

Switch config line end 623

Switch config line login authentication login1 623

Switch config line show aaa global 623

Switch config line ssh 623

Switch configure 623

Switch copy running config startup config 623

Telnet default default 623

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 623

Configuring login account and enable password 624

Http login1 enable1 624

Module login list enable list 624

On the switch 624

Ssh default default 624

Switch config end 624

Switch config ip http enable authentication enable1 624

Switch config ip http login authentication login1 624

Switch config show aaa global 624

Switch configure 624

Switch copy running config startup config 624

Telnet default default 624

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application http 624

The local username and password for login can be configured in the user management feature for details refer to managing system 624

The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 624

For enable password configuration 625

For login authentication configuration more than one login account can be created on the server besides both the user name and password can be customized 625

On radius server the user name should be set as enable and the enable password is customizable all the users trying to get administrative privileges share this enable password 625

On tacacs server the enable password is set with the login account and each account has its own enable password 625

On the server 625

Some configuration principles on the server are as follows 625

The accounts created by the radius tacacs server can only view the configurations and some network information without the enable password 625

Tips the logged in guests can get administrative privileges by using the command enable admin and providing the enable password 625

To configure the local enable password for getting administrative privileges follow these steps 625

Configuration examples 626

Configuration scheme 626

Example for dhcp snooping and arp detection 626

Network requirements 626

Using the gui 627

Using the cli 630

Verify the configuration 631

Configuration scheme 632

Example for 802 x 632

Network requirements 632

As shown in the following figure switch a acts as the authenticator port 1 0 1 is connected to the client port 1 0 2 is connected to the radius server and port 1 0 3 is connected to the internet 633

Demonstrated with t1700x 16ts acting as the authenticator the following sections provide configuration procedure in two ways using the gui and using the cli 633

Global config to load the following page enable aaa function globally on the switch 633

Internet 633

Network topology 633

Radius config to load the following page configure the parameters of the radius server 633

Using the gui 633

Using the cli 636

Verify the configurations 637

Example for aaa 638

Network requirements 638

Configuration scheme 639

Using the gui 639

Using the cli 642

Verify the configuration 643

Appendix default parameters 645

Default settings of network security are listed in the following tables 645

Chapters 649

Configuring lldp 649

Part 21 649

Overview 650

Supported features 650

Global config 651

Lldp configurations 651

Using the gui 651

Follow these steps to enable lldp and configure the lldp feature globally 652

In the global config section enable lldp click apply 652

In the parameters config section configure the lldp parameters click apply 652

Follow these steps to configure the lldp feature for the interface 653

Policy config to load the following page 653

Port config 653

Select the desired port and set its admin status and notification mode 653

Select the tlvs type length value included in the lldp packets according to your needs 653

Enable the lldp feature on the switch and configure the lldp parameters 654

Global config 654

Using the cli 654

Lldp status enabled 655

Switch config lldp 655

Switch config lldp hold multiplier 4 655

Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 655

Switch config show lldp 655

Switch configure 655

The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 655

Tx interval 30 seconds 655

Fast packet count 3 656

Initialization delay 2 seconds 656

Lldp med fast start repeat count 4 656

Port config 656

Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 656

Switch config end 656

Switch copy running config startup config 656

Trap notification interval 5 seconds 656

Ttl multiplier 4 656

Tx delay 2 seconds 656

Global config 658

Lldp med configurations 658

Using the gui 658

Port config 659

Global config 661

Lldp status enabled 661

Switch config lldp 661

Switch config lldp med fast count 4 661

Switch config show lldp 661

Switch configure 661

The following example shows how to configure lldp med fast count as 4 661

Tx interval 30 seconds 661

Using the cli 661

Fast packet count 3 662

Initialization delay 2 seconds 662

Lldp med fast start repeat count 4 662

Port config 662

Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 662

Switch config end 662

Switch copy running config startup config 662

Trap notification interval 5 seconds 662

Ttl multiplier 4 662

Tx delay 2 seconds 662

Using gui 665

Viewing lldp device info 665

Viewing lldp settings 665

Follow these steps to view the local information 666

In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 666

In the local info section select the desired port and view its associated local device information 666

Viewing lldp statistics 668

Using cli 669

Viewing lldp statistics 669

Viewing the local info 669

Viewing the neighbor info 669

Using gui 670

Viewing lldp med settings 670

Follow these steps to view lldp med neighbor information 671

In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 671

In the lldp med neighbor info section select the desired port and view the lldp med settings 671

Neighbor info to load the following page 671

Viewing the neighbor info 671

Using cli 672

Viewing lldp statistics 672

Viewing the local info 672

Viewing the neighbor info 672

Configuration example 673

Configuration scheme 673

Example for configuring lldp 673

Network requirements 673

Network topology 673

Using the gui 673

Using cli 674

Verify the configurations 675

Configuration scheme 680

Example for configuring lldp med 680

Network requirements 680

Network topology 680

Using the gui 681

Using the cli 685

Verify the configurations 686

Appendix default parameters 692

Default lldp med settings 692

Default lldp settings 692

Default settings of lldp are listed in the following tables 692

Chapters 693

Configuring maintenance 693

Part 22 693

Device diagnose 694

Maintenance 694

Network diagnose 694

Overview 694

Supported features 694

System monitor 694

Monitoring the cpu 695

Monitoring the system 695

Using the gui 695

Monitoring the cpu 696

Monitoring the memory 696

Using the cli 696

Monitoring the memory 697

Backing up log files 698

Configuration guidelines 698

Configuring the local log 698

Configuring the remote log 698

Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 698

System log configurations 698

System log configurations include 698

Viewing the log table 698

Click apply 699

Configuring the local log 699

Configuring the remote log 699

Follow these steps to configure the local log 699

Local log to load the following page 699

Remote log enables the switch to send system logs to a host to display the logs the host should run a log server that complies with the syslog standard 699

Select your desired channel and configure the corresponding severity and status 699

Using the gui 699

Backing up the log file 700

Viewing the log table 700

Configuring the local log 701

Follow these steps to configure the local log 701

Select a module and a severity to view the corresponding log information 701

Using the cli 701

Switch config logging buffer 702

Switch config logging buffer level 5 702

Switch config logging file flash 702

Switch config logging file flash frequency periodic 10 702

Switch config logging file flash level 2 702

Switch config show logging local config 702

Switch configure 702

The following example shows how to configure the local log on the switch save logs of levels 0 to 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 702

Buffer 5 enable immediately 703

Channel level status sync periodic 703

Configuring the remote log 703

Flash 2 enable 10 hour s 703

Follow these steps to set the remote log 703

Monitor 5 enable immediately 703

Remote log enables the switch to send system logs to a host to display the logs the host should run a log server that complies with the syslog standard 703

Switch config end 703

Switch config logging host index 2 192 68 48 5 703

Switch configure 703

Switch copy running config startup config 703

The following example shows how to set the remote log on the switch enable log host 2 set its ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the host 703

Diagnosing the device 705

Using the gui 705

On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 706

Pair b normal 2 10m 706

Pair c normal 0 10m 706

Pair d normal 2 10m 706

Port pair status length error 706

Switch show cable diagnostics interface ten gigabitehternet 1 0 2 706

Te1 0 2 pair a normal 2 10m 706

The following example shows how to check the cable diagnostics of port 1 0 2 706

Using the cli 706

Configuring the ping test 707

Diagnosing the network 707

Using the gui 707

Configuring the ping test 708

Configuring the tracert test 708

Follow these steps to test connectivity between the switch and routers along the path from the source to the destination 708

In the ping result section check the test results 708

In the tracert config section enter the ip address of the destination set the max hop and then click tracert to start the test 708

In the tracert result section check the test results 708

On privileged exec mode or any other configuration mode you can use the following command to test the connectivity between the switch and one node of the network 708

Tracert to load the following page 708

Using the cli 708

Approximate round trip times in milli seconds 709

Configuring the tracert test 709

Minimum 0ms maximum 0ms average 0ms 709

On privileged exec mode or any other configuration mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 709

Packets sent 3 received 3 lost 0 0 loss 709

Ping statistics for 192 68 0 709

Pinging 192 68 0 with 1000 bytes of data 709

Reply from 192 68 0 bytes 1000 time 16ms ttl 64 709

Switch ping ip 192 68 0 n 3 l 1000 i 500 709

The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 709

Ms 1 ms 2 ms 192 68 710

Ms 2 ms 2 ms 192 68 00 710

Switch tracert 192 68 00 2 710

The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 710

Trace complete 710

Tracing route to 192 68 00 over a maximum of 2 hops 710

Configuration example for remote log 711

Configuration scheme 711

Network requirements 711

Using the gui 711

Using the cli 712

Verify the configurations 712

Appendix default parameters 713

Default settings of maintenance are listed in the following tables 713

Chapters 714

Configuring snmp rmon 714

Part 23 714

Snmp overview 715

Snmp simple network management protocol is a standard network management protocol widely used on tcp ip networks it facilitates device management using nms network management system software with snmp network managers can view or modify network device information and troubleshoot according to notifications sent by those devices in a timely manner 715

The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 715

Snmp configurations 716

Creating an snmp view 717

Enabling snmp 717

Using the gui 717

Create an snmp group and configure related parameters 718

Creating an snmp group 718

Set the view name and one mib variable that is related to the view choose the view type and click create to add the view entry 718

Snmp view to load the following page 718

Follow these steps to create an snmp group 719

Set the group name and security model if you choose snmpv3 as the security model you need to further configure security level 719

Set the read write and notify view of the snmp group click create 719

Snmp group to load the following page 719

Creating snmp users 720

Follow these steps to create an snmp user 720

Snmp user to load the following page 720

Specify the user name user type and the group which the user belongs to set the security model according to the related parameters of the specified group if you choose snmpv3 you need to configure the security level 720

Click create 721

Creating snmp communities 721

If you have chosen authnopriv or authpriv as the security level you need to set corresponding auth mode or privacy mode if not skip the step 721

If you want to use snmpv1 or snmpv2c as the security model you can create snmp communities directly 721

Enabling snmp 722

Set the community name access rights and the related view click create 722

Snmp community to load the following page 722

Using the cli 722

Bad snmp version errors 723

Encoding errors 723

Get request pdus 723

Illegal operation for community name supplied 723

Number of altered variables 723

Number of requested variables 723

Snmp agent is enabled 723

Snmp packets input 723

Switch config show snmp server 723

Switch config snmp server 723

Switch config snmp server engineid remote 123456789a 723

Switch configure 723

The following example shows how to enable snmp and set 123456789a as the remote engine id 723

Unknown community name 723

Bad value errors 724

Creating an snmp view 724

General errors 724

Get next pdus 724

Local engine id 80002e5703000aeb132397 724

No such name errors 724

Remote engine id 123456789a 724

Response pdus 724

Set request pdus 724

Snmp packets output 724

Specify the oid object identifier of the view to determine objects to be managed 724

Switch config end 724

Switch config show snmp server engineid 724

Switch copy running config startup config 724

Too big errors maximum packet size 1500 724

Trap pdus 724

Creating an snmp group 725

No name sec mode sec lev read view write view notify view 1 nms monitor v3 authpriv view view 726

Switch config end 726

Switch config show snmp server group 726

Switch config snmp server group nms monitor smode v3 slev authpriv read view notify view 726

Switch configure 726

Switch copy running config startup config 726

The following example shows how to create an snmpv3 group name the group as nms monitor enable auth mode and privacy mode and set the view as read view and notify view 726

Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 727

Creating snmp users 727

The following example shows how to create an snmp user on the switch name the user as admin and set the user as a remote user snmpv3 as the security mode authpriv as the 727

Admin remote nms monitor v3 authpriv sha des 728

Creating snmp communities 728

For snmpv1 and snmpv2c the community name is used for authentication functioning as the password 728

No u name u type g name s mode s lev a mode p mode 728

Security level sha as the authentication algorithm 1234 as the authentication password des as the privacy algorithm and 1234 as the privacy password 728

Switch config end 728

Switch config show snmp server user 728

Switch config snmp server user admin remote nms monitor smode v3 slev authpriv cmode sha cpwd 1234 emode des epwd 1234 728

Switch configure 728

Switch copy running config startup config 728

The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 728

Configuration guidelines 730

Notification configurations 730

Using the gui 730

Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 731

Click create 731

Specify the user name or community name used by the nms and configure the security model and security level based on the settings of the user or community 731

Configure parameters of the nms host and packet handling mechanism 732

Configuring the host 732

Using the cli 732

68 22 162 admin v3 authpriv inform 3 100 733

Enabling snmp notification 733

Enabling the snmp standard trap 733

No des ip udp name secmode seclev type retry timeout 733

Switch config end 733

Switch config show snmp server host 733

Switch config snmp server host 172 68 22 162 admin smode v3 slev authpriv type inform retries 3 timeout 100 733

Switch configure 733

Switch copy running config startup config 733

The following example shows how to set the nms host ip address as 172 68 22 udp port as port 162 name used by the nms as admin security model as snmpv3 security level as authpriv notification type as inform retry times as 3 and the timeout interval as 100 seconds 733

Optional enabling the snmp extend trap 734

Switch config end 734

Switch config snmp server traps snmp linkup 734

Switch configure 734

Switch copy running config startup config 734

The following example shows how to configure the switch to send linkup traps 734

Optional enabling the link status trap 735

Optional enabling the vlan trap 735

Switch config end 735

Switch config snmp server traps bandwidth control 735

Switch config snmp server traps vlan create 735

Switch configure 735

Switch copy running config startup config 735

The following example shows how to configure the switch to enable 735

The following example shows how to configure the switch to enable bandwidth control traps 735

Switch config if end 736

Switch config if snmp server traps link status 736

Switch config interface ten gigabitether net 1 0 1 736

Switch configure 736

Switch copy running config startup config 736

The following example shows how to configure the switch to enable link status trap 736

Rmon overview 737

Configuring statistics 738

Rmon configurations 738

Using the gui 738

Configuring history 739

Follow these steps to configure history 739

History to load the following page 739

Select a history entry and specify a port to be monitored 739

Set the sample interval and the maximum buckets of history entries 739

Specify the entry id the port to be monitored and the owner name of the entry set the entry as valid or undercreation and click create 739

Choose an event entry and set the snmp user of the entry 740

Configuring event 740

Enter the owner name and set the status of the entry click apply 740

Event to load the following page 740

Follow these steps to configure event 740

Set the description and type of the event 740

Alarm to load the following page 741

Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 741

Configuring alarm 741

Enter the owner name and set the status of the entry click apply 741

Follow these steps to configure alarm 741

Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 741

Set the sample type the rising and falling threshold the corresponding event action and the alarm type of the entry 742

Configuring statistics 743

Enter the owner name and set the status of the entry click apply 743

Using the cli 743

Configuring history 744

Index port owner state 744

Switch config end 744

Switch config rmon statistics 1 interface ten gigabitether net 1 0 1 owner monitor status valid 744

Switch config rmon statistics 2 interface ten gigabitether net 1 0 2 owner monitor status valid 744

Switch config show rmon statistics 744

Switch configure 744

Switch copy running config startup config 744

Te1 0 1 monitor valid 744

Te1 0 2 monitor valid 744

The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entry is monitor and the entry is valid 744

Configuring event 745

Index port interval buckets owner state 745

Switch config end 745

Switch config rmon history 1 interface ten gigabitether net 1 0 1 interval 100 owner monitor buckets 50 745

Switch config show rmon history 745

Switch configure 745

Switch copy running config startup config 745

Te1 0 1 100 50 monitor enable 745

The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds max buckets as 50 and the owner as monitor 745

Admin rising notify notify monitor enable 746

Index user description type owner state 746

Switch config end 746

Switch config rmon event 1 user admin description rising notify type notify owner monitor 746

Switch config show rmon event 746

Switch configure 746

Switch copy running config startup config 746

The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 746

Configuring alarm 747

Configuration example 749

Configuration scheme 749

Network requirements 749

Network topology 750

Using the gui 750

Using the cli 755

Verify the configurations 757

Appendix default parameters 761

Default settings of snmp are listed in the following table 761

Default settings of notification are listed in the following table 762

Tp-Link T1700X-16TS V2 [352/764] Configuring mld snooping last listener query

Содержание

Похожие устройства