![Tp-Link T1700X-16TS V2 [551/764] Switch configure](/img/pdf.png)
Tp-Link T1700X-16TS V2 [551/764] Switch configure
![Tp-Link T1700X-16TS V2 [551/764] Switch configure](/views2/1472720/page551/bg227.png)
Configuration Guide 526
Configuring ACL ACL Configurations
Step 3 access-list ipv6
acl-id
rule
rule-id
{permit | deny}[dscp dscp-value] [flow-label
flow-label-
value
] [sip
source-ip-address
sip-mask
source-ip-mask
] [dip
destination-ip-address
dip-mask
destination-ip-mask
] [s-port
source-port-number
] [d-port
destination-port-number
]
Add a rule to the ACL.
acl-id:
The ID number of the ACL you have created.
rule-id:
Specify the rule ID, which ranges from 0 to 999. It should not be the same as any
existing
IPv6 ACL IDs
permit|deny
: Specify the operation to be performed with the packets that match the rule. Deny means
to discard; permit means to forward. By default, it is permit.
dscp-value
: Specify a DSCP value to be matched.
flow-label-value
: Specify a Flow Label value to be matched.
source-ip-address:
Enter the source IP address. Enter the destination IPv6 address to be matched. All
types of IPv6 address will be checked. You may enter a complete 128-bit IPv6 address but only the first
64 bits will be valid.
source-ip-mask:
Enter the source IP address mask. The mask is required if the source IPv6 address is
entered. Enter the mask in complete format (for example, ffff:ffff:0000:ffff). The mask specifies which
bits in the source IPv6 address to match the rule.
destination-ip-address
: Enter the destination IPv6 address to be matched. All types of IPv6 address will
be checked. You may enter a complete 128-bit IPv6 addresses but only the first 64 bits will be valid.
destination-ip-mask:
Enter the source IP address mask. The mask is required if the source IPv6 address
is entered. Enter the mask in complete format (for example, ffff:ffff:0000:ffff). The mask specifies which
bits in the source IPv6 address to match the rule.
source-port-number
: Enter the TCP/UDP source port if TCP/UDP protocol is selected.
destination-port-number
: Enter the TCP/UDP destination port if TCP/UDP protocol is selected.
Step 4 show access-list [
access-list-num
]
(Optional) View the current ACL configuration.
access-list-num
: The ID number of the ACL.
Step 5 end
Return to privileged EXEC mode.
Step 6 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to create IPv6 ACL 3600 and configure Rule 1 to deny
packets with source IPv6 address CDCD:910A:2222:5498:8475:1111:3900:2020:
Switch#configure
Switch(config)#access-list create 3600
Switch(config)#access-list ipv6 3600 Rule 1 deny sip
CDCD:910A:2222:5498:8475:1111:3900:2020 sip-mask ffff:ffff:ffff:ffff
Содержание
- Configuration guide 1
- Bsmi notice 2
- Ce mark warning 2
- Fcc statement 2
- Industry canada statement 2
- Explanation of the symbols on the product label 3
- Safety information 3
- About this guide 4
- Accessing the switch 4
- Command line interface access 11 4
- Contents 4
- Conventions 4
- Intended readers 4
- Managing system 4
- More information 4
- Overview 4
- System 22 4
- System info configurations 24 4
- Web interface access 4
- Access security configurations 53 5
- System tools configurations 44 5
- User management configurations 36 5
- Appendix default parameters 71 6
- Basic parameters configurations 76 6
- Configuration examples 95 6
- Loopback detection configuration 91 6
- Managing physical interfaces 6
- Physical interface 75 6
- Port isolation configurations 88 6
- Port mirror configuration 80 6
- Port security configuration 84 6
- Sdm template configuration 68 6
- Address configurations 32 7
- Appendix default parameters 04 7
- Appendix default parameters 21 7
- Appendix default parameters 28 7
- Configuration example 17 7
- Configuring lag 7
- Lag 07 7
- Lag configuration 08 7
- Mac address table 30 7
- Managing mac address table 7
- Monitoring traffic 7
- Traffic monitor 23 7
- Appendix default parameters 50 8
- Configuration example 59 8
- Configuring 802 q vlan 8
- Example for security configurations 47 8
- Overview 52 8
- Q vlan configuration 53 8
- Security configurations 41 8
- Appendix default parameters 64 9
- Appendix default parameters 80 9
- Configuration example 72 9
- Configuration example 89 9
- Configuring mac vlan 9
- Configuring protocol vlan 9
- Mac vlan configuration 67 9
- Overview 66 9
- Overview 82 9
- Protocol vlan configuration 83 9
- Appendix default parameters 17 10
- Appendix default parameters 99 10
- Configuration example 11 10
- Configuring private vlan 10
- Configuring spanning tree 10
- Overview 01 10
- Private vlan configurations 03 10
- Spanning tree 19 10
- Stp rstp configurations 27 10
- Appendix default parameters 82 11
- Configuration example for mstp 63 11
- Configuring layer 2 multicast 11
- Igmp snooping configurations 87 11
- Layer 2 multicast 85 11
- Mstp configurations 37 11
- Stp security configurations 57 11
- Configuring mld snooping 25 13
- Configuration examples 64 15
- Viewing multicast snooping configurations 60 15
- Appendix default parameters 09 16
- Appendix default parameters 93 16
- Configuring logical interfaces 16
- Configuring static routing 16
- Ipv4 static routing configuration 12 16
- Ipv6 static routing configuration 14 16
- Logical interfaces configurations 98 16
- Overview 11 16
- Overview 97 16
- Viewing routing table 17 16
- Appendix default parameter 24 17
- Appendix default parameters 36 17
- Arp configurations 39 17
- Configuration example 33 17
- Configuring arp 17
- Configuring dhcp relay 17
- Dhcp relay configuration 27 17
- Example for static routing 20 17
- Overview 26 17
- Overview 38 17
- Appendix default parameters 81 18
- Bandwidth control configuration 58 18
- Configuration examples 64 18
- Configuring qos 18
- Configuring voice vlan 18
- Diffserv configuration 46 18
- Overview 84 18
- Qos 45 18
- Voice vlan configuration 86 18
- Acl 09 19
- Acl configurations 10 19
- Appendix default parameters 07 19
- Appendix default parameters 38 19
- Configuration example 93 19
- Configuration example for acl 31 19
- Configuring acl 19
- Configuring network security 19
- Ip mac binding configurations 44 19
- Network security 40 19
- Aaa configuration 84 20
- Arp inspection configurations 59 20
- Dhcp snooping configuration 51 20
- Dos defend configuration 66 20
- X configuration 70 20
- Appendix default parameters 20 21
- Configuration examples 01 21
- Configuring lldp 21
- Lldp 25 21
- Appendix default parameters 67 22
- Configuration example 48 22
- Lldp configurations 26 22
- Lldp med configurations 33 22
- Viewing lldp med settings 45 22
- Viewing lldp settings 40 22
- Appendix default parameters 88 23
- Configuration example for remote log 86 23
- Configuring maintenance 23
- Diagnosing the device 80 23
- Diagnosing the network 82 23
- Maintenance 69 23
- Monitoring the system 70 23
- System log configurations 73 23
- Configuration example 24 24
- Configuring snmp rmon 24
- Notification configurations 05 24
- Rmon configurations 13 24
- Rmon overview 12 24
- Snmp configurations 91 24
- Snmp overview 90 24
- Appendix default parameters 36 25
- About this guide 26
- Conventions 26
- Intended readers 26
- More information 27
- Accessing the switch 28
- Chapters 28
- Part 1 28
- Overview 29
- Web interface access 30
- Save config function 31
- Disable the web server 32
- Http config disable the http server and click apply 32
- You can shut down the http server or https server to block any access to the web interface 32
- Configure the switch s ip address and default gateway 33
- Check the routing table to verify the default gateway you configured the entry marked in red box displays the valid default gateway 35
- Click save config to save the settings 35
- Command line interface access 36
- Console login only for switch with console port 36
- Enter enable to enter the user exec mode to further configure the switch 37
- Telnet login 38
- Password authentication mode 39
- Ssh login 39
- Key authentication mode 40
- After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 41
- After negotiation is completed enter the username to log in if you can log in without entering the password the key authentication completed successfully 43
- Disable telnet login 43
- Telnet config disable the telnet function and click apply 43
- Using the gui 43
- You can shut down the telnet function to block any telnet access to the cli interface 43
- Copy running config startup config 44
- Disable ssh login 44
- Change the switch s ip address and default gateway 45
- Chapters 46
- Managing system 46
- Part 2 46
- Access security 47
- Overview 47
- Supported features 47
- System 47
- System info 47
- System tools 47
- User management 47
- Sdm template 48
- System info configurations 49
- Using the gui 49
- Viewing the system summary 49
- Click a port to view the bandwidth utilization on this port 50
- Move the cursor to the port to view the detailed information of the port 50
- Setting the system time 51
- Specifying the device description 51
- Choose one method to set the system time and specify the information 52
- Click apply 52
- Daylight saving time to load the following page 52
- In the time config section follow these steps to configure the system time 52
- Setting the daylight saving time 52
- Choose one method to set the daylight saving time of the switch and specify the information 53
- Follow these steps to configure daylight saving time 53
- In the dst config section select enable to enable the daylight saving time function 53
- Click apply 54
- On privileged exec mode or any other configuration mode you can use the following command to view the system information of the switch 54
- Port status speed duplex flowctrl jumbo active medium 54
- Switch show interface status 54
- Switch show system info 54
- Te1 0 1 linkdown n a n a n a disable copper 54
- Te1 0 14 linkdown n a n a n a disable fiber 54
- Te1 0 15 linkdown n a n a n a disable fiber 54
- Te1 0 16 linkdown n a n a n a disable fiber 54
- Te1 0 2 linkdown n a n a n a disable copper 54
- Te1 0 3 linkup 1000m full disable disable copper 54
- The following example shows how to view the interface status and the system information of the switch 54
- Using the cli 54
- Viewing the system summary 54
- Contact information www tp link com 55
- Follow these steps to specify the device description 55
- Hardware version t1700x 16ts 2 55
- Running time 3 day 2 hour 8 min 26 sec 55
- Software version 2 build 20160909 rel 2515 s 55
- Specifying the device description 55
- System description jetstream 12 port 10gbase t smart switch with 4 10g sfp 55
- System location shenzhen 55
- System name t1700x 16ts 55
- System time 2016 01 04 10 07 38 55
- Contact information http www tp link com 56
- Follow these steps and choose one method to set the system time 56
- Setting the system time 56
- Switch config contact info http www tp link com 56
- Switch config end 56
- Switch config hostname switch_a 56
- Switch config location beijing 56
- Switch config show system info 56
- Switch configure 56
- Switch copy running config startup config 56
- System description jetstream 12 port 10gbase t smart switch with 4 10g sfp 56
- System location beijing 56
- System name switch_a 56
- The following example shows how to set the device name as switch_a set the location as beijing and set the contact information as http www tp link com 56
- Backup ntp server 139 8 00 63 58
- Follow these steps and choose one method to set the daylight saving time 58
- Last successful ntp server 133 00 58
- Prefered ntp server 133 00 58
- Setting the daylight saving time 58
- Switch config end 58
- Switch config show system time ntp 58
- Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 58
- Switch configure 58
- Switch copy running config startup config 58
- The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 58
- Time zone utc 08 00 58
- Update rate 11 hour s 58
- Dst configuration is one off 60
- Dst ends at 01 00 00 on sep 1 2016 60
- Dst offset is 50 minutes 60
- Dst starts at 01 00 00 on aug 1 2016 60
- Switch config end 60
- Switch config show system time dst 60
- Switch config system time dst date aug 1 01 00 2016 sep 1 01 00 2016 50 60
- Switch configure 60
- Switch copy running config startup config 60
- The following example shows how to set the daylight saving time by date mode set the start time as 01 00 august 1st 2016 set the end time as 01 00 september 1st 2016 and set the offset as 50 60
- Creating admin accounts 61
- User management configurations 61
- Using the gui 61
- Click create 62
- Creating accounts of other types 62
- Creating an account 62
- Follow these steps to create an account of other types 62
- In the user info section select the access level from the drop down list and specify the user name and password 62
- User config to load the following page 62
- You can create accounts with the access level of operator power user and user here you also need to go to the aaa section to create an enable password for these accounts the enable password is used to change the users access level to admin 62
- Creating admin accounts 64
- Follow these steps to create an admin account 64
- Using the cli 64
- Creating accounts of other types 65
- Follow these steps to create an account of other type 65
- You can create accounts with the access level of operator power user and user here you also need to go to the aaa section to create an enable password for these accounts the enable password is used to change the users access level to admin 65
- The aaa function applies another method to manage the access users name and password for details refer to aaa configuration in configuring network security 67
- The logged in users can enter the enable password on this page to get the administrative privileges 67
- Configuring the boot file 69
- System tools configurations 69
- Using the gui 69
- Click apply 70
- Click import to import the configuration file 70
- Config restore to load the following page 70
- Follow these steps to restore the configuration of the switch 70
- In the config restore section select one unit and one configuration file 70
- Restoring the configuration of the switch 70
- Backing up the configuration file 71
- Upgrading the firmware 71
- Configuring the reboot schedule 72
- Rebooting the switch 72
- Configuring the boot file 73
- Follow these steps to configure the boot file 73
- In the system reset section select the desired unit and click reset 73
- Reseting the switch 73
- System reset to load the following page 73
- Using the cli 73
- Backup image image2 bin 74
- Boot config 74
- Current startup image image1 bin 74
- Follow these steps to restore the configuration of the switch 74
- Next startup image image1 bin 74
- Restoring the configuration of the switch 74
- Switch config boot application filename image1 startup 74
- Switch config boot application filename image2 backup 74
- Switch config end 74
- Switch config show boot 74
- Switch configure 74
- Switch copy running config startup config 74
- The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 74
- The following example shows how to set the next startup image as image 1 and set the backup image as image 2 74
- Backing up the configuration file 75
- Backup user config file ok 75
- Enable 75
- Follow these steps to back up the current configuration of the switch in a file 75
- Follow these steps to upgrade the firmware 75
- Operation ok now rebooting system 75
- Start to backup user config file 75
- Start to load user config file 75
- Switch copy startup config tftp ip address 192 68 00 filename file2 75
- Switch copy tftp startup config ip address 192 68 00 filename file1 75
- The following example shows how to backup the configuration file named file2 from tftp server with ip address 192 68 00 75
- The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 75
- Upgrading the firmware 75
- Configuring the reboot schedule 76
- Enable 76
- Follow these steps and choose one type to configure the reboot schedule 76
- Follow these steps to reboot the switch 76
- It will only upgrade the backup image continue y n y 76
- Operation ok 76
- Reboot with the backup image y n y 76
- Rebooting the switch 76
- Switch firmware upgrade ip address 192 68 00 filename file3 bin 76
- Follow these steps to reset the switch 77
- Reboot schedule at 2016 01 15 12 00 in 17007 minutes 77
- Reboot schedule settings 77
- Reboot system at 15 01 2016 12 00 continue y n y 77
- Reseting the switch 77
- Save before reboot yes 77
- Switch config end 77
- Switch config reboot schedule at 12 00 15 01 2016 save_before_reboot 77
- Switch configure 77
- Switch copy running config startup config 77
- The following example shows how to set the switch to reboot at 12 00 on 15 01 2016 77
- Access security configurations 78
- Configuring the access control feature 78
- Using the gui 78
- Click apply 79
- When the ip based mode is selected the following section will display 79
- When the port based mode is selected the following section will display 79
- Configuring the http function 80
- Configuring the https function 81
- In the access user number section select enable and specify the parameters click apply 82
- In the certificate download and key download section download the certificate and key 82
- In the ciphersuite config section select the algorithm to be enabled and click apply 82
- In the session config section specify the session timeout and click apply 82
- Configuring the ssh feature 83
- In the global config section select enable to enable ssh function and specify other parameters 83
- Ssh config to load the following page 83
- Configuring the access control 84
- Enabling the telnet function 84
- Using the cli 84
- Switch config show user configuration 85
- Switch config user access control ip based 192 68 00 255 55 55 snmp telnet http https 85
- Switch configure 85
- The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 and make the switch support snmp telnet http and https 85
- 68 24 snmp telnet http https 86
- Configuring the http function 86
- Follow these steps to configure the http function 86
- Index ip address access interface 86
- Switch config end 86
- Switch config ip http server 86
- Switch configure 86
- Switch copy running config startup config 86
- The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum guest number as 5 86
- User authentication mode ip based 86
- Configuring the https function 87
- Follow these steps to configure the https function 87
- Http max admin users 6 87
- Http max guest users 5 87
- Http session timeout 9 87
- Http status enabled 87
- Http user limitation enabled 87
- Switch config end 87
- Switch config ip http max user 6 5 87
- Switch config ip http session timeout 9 87
- Switch config show ip http configuration 87
- Switch copy running config startup config 87
- Switch config ip http secure ciphersuite 3des ede cbc sha 88
- Switch config ip http secure protocol ssl3 tls1 88
- Switch config ip http secure server 88
- Switch configure 88
- The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the admin number as 1 and the guest number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 88
- Configuring the ssh feature 89
- Switch config ip ssh server 90
- Switch config ip ssh version v1 90
- The following example shows how to configure the ssh function set the version as ssh v1 and ssh v2 enable the aes128 cbc and cast128 cbc encryption algorithm enable the hmac md5 data integrity algorithm choose the key type as ssh 2 rsa dsa 90
- Enabling the telnet function 92
- Follow these steps enable the telnet function 92
- Switch config end 92
- Switch copy running config startup config 92
- In select options section select one template and click apply the setting will be effective after the reboot 93
- Sdm template configuration 93
- Sdm template function is used to configure system resources in the switch to optimize support for specific features the switch provides three templates and the hardware resources allocation is different users can choose one according to how the switch is used in the network 93
- Sdm template to load the following page 93
- The template table displays the resources allocation of each template 93
- Using the gui 93
- Follow these steps to configure the sdm template function 94
- Using the cli 94
- Appendix default parameters 96
- Default settings of system info are listed in the following tables 96
- Default settings of system tools are listed in the following table 96
- Default settings of user management are listed in the following table 96
- Default settings of access security are listed in the following tables 97
- Default settings of sdm template are listed in the following table 98
- Chapters 99
- Managing physical interfaces 99
- Part 3 99
- Basic parameters 100
- Loopback detection 100
- Overview 100
- Physical interface 100
- Port isolation 100
- Port mirror 100
- Port security 100
- Supported features 100
- Basic parameters configurations 101
- Follow these steps to set basic parameters for ports 101
- Port config to load the following page 101
- Select and configure your desired ports or lags then click apply 101
- Using the gui 101
- Follow these steps to set basic parameters for the ports 102
- Using the cli 102
- Switch configure 103
- The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port making the port autonegotiate speed and duplex with the neighboring port and enabling the flow control and jumbo feature 103
- Port mirror configuration 105
- Using the gui 105
- Follow these steps to configure port mirror 106
- In the destination port section specify a monitoring port for the mirror session and click apply 106
- In the source port section select one or multiple monitored ports for configuration then set the parameters and click apply 106
- Follow these steps to configure port mirror 107
- Monitor session 1 107
- Switch config monitor session 1 destination interface ten gigabitethernet 1 0 10 107
- Switch config monitor session 1 source interface ten gigabitethernet 1 0 1 3 both 107
- Switch config show monitor session 107
- Switch configure 107
- The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 to port 1 0 10 107
- Using the cli 107
- Follow these steps to configure port security 109
- Port security configuration 109
- Port security to load the following page 109
- Select one or multiple ports for security configuration 109
- Specify the maximum number of the mac addresses that can be learned on the port and then select the learn mode of the mac addresses 109
- Using the gui 109
- Click apply 110
- Follow these steps to configure port security 110
- Select the status of the port security feature 110
- Using the cli 110
- Port max learn current learn mode status 111
- Switch config if mac address table max mac count max number 30 mode permanent status drop 111
- Switch config if show mac address table max mac count interface ten gigabitethernet 1 0 1 111
- Switch config interface ten gigabitethernet 1 0 1 111
- Switch configure 111
- Te1 0 1 30 0 permanent drop 111
- The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 and configure the mode as permanent and the status as drop 111
- Switch config if end 112
- Switch copy running config startup config 112
- Port isolation configurations 113
- Using the gui 113
- Click apply 114
- Follow these steps to configure port isolation 114
- In the forward portlist section select the forward ports or lags which the isolated ports can only communicate with it is multi optional 114
- In the port section select one or multiple ports to be isolated 114
- Using the cli 114
- Port lag forward list 115
- Switch config if end 115
- Switch config if port isolation gi forward list 1 0 1 3 po forward list 4 115
- Switch config if show port isolation interface ten gigabitethernet 1 0 5 115
- Switch config interface ten gigabitethernet 1 0 5 115
- Switch configure 115
- Switch copy running config startup config 115
- Te1 0 5 n a te1 0 1 3 po4 115
- The following example shows how to add ports 1 0 1 3 and lag 4 to the forward list of port 1 0 5 115
- Loopback detection configuration 116
- Using the gui 116
- Follow these steps to configure loopback detection 117
- In the port config section select one or multiple ports for configuration then set the parameters and click apply 117
- Using the cli 117
- View the loopback detection information on this page 117
- The following example shows how to enable loopback detection globally keeping the default parameters 118
- Configuration examples 120
- Configuration scheme 120
- Example for port mirror 120
- Network requirements 120
- Using the gui 120
- Using the cli 122
- Verify the configuration 122
- As shown below three hosts and a server are connected to the switch and all belong to vlan 10 with the vlan configuration unchanged host a is not allowed to communicate with the other hosts except the server even if the mac address or ip address of host a is changed 123
- Configuration scheme 123
- Demonstrated with t1700x 16ts the following sections provide configuration procedure in two ways using the gui and using the cli 123
- Example for port isolation 123
- Network requirements 123
- Port isolation to load the following page it displays the port isolation list 123
- Using the gui 123
- You can configure port isolation to implement the requirement set 1 0 4 as the only forwarding port for port 1 0 1 thus forbidding host a to forward packets to the other hosts 123
- Example for loopback detection 125
- Network requirements 125
- Using the cli 125
- Verify the configuration 125
- Configuration scheme 126
- Using the gui 126
- Using the cli 127
- Verify the configuration 128
- Appendix default parameters 129
- Default settings of switching are listed in th following tables 129
- Chapters 131
- Configuring lag 131
- Part 4 131
- Overview 132
- Static lag 132
- Supported features 132
- Configuration guidelines 133
- Lag configuration 133
- Configuring load balancing algorithm 134
- In the global config section select the load balancing algorithm click apply 134
- Lag table to load the following page 134
- Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 134
- Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address and ip address you can set the algorithm as src mac src ip to allow switch a to determine the forwarding port based on the source mac addresses and source ip addresses of the received packets 134
- Using the gui 134
- Configuring static lag or lacp 135
- Configuring lacp 136
- Follow these steps to configure lacp 136
- Lacp to load the following page 136
- Select member ports for the lag and configure the related parameters click apply 136
- Specify the system priority for the switch and click apply 136
- Configuring load balancing algorithm 137
- Follow these steps to configure the load balancing algorithm 137
- Using the cli 137
- Configuring static lag 138
- Configuring static lag or lacp 138
- Etherchannel load balancing addresses used per protocol 138
- Etherchannel load balancing configuration src dst mac 138
- Follow these steps to configure static lag 138
- Ipv4 source xor destination mac address 138
- Ipv6 source xor destination mac address 138
- Non ip source xor destination mac address 138
- Switch config if end 138
- Switch config port channel load balance src dst mac 138
- Switch config show etherchannel load balance 138
- Switch configure 138
- Switch copy running config startup config 138
- The following example shows how to set the global load balancing mode as src dst mac 138
- You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 138
- Configuring lacp 139
- Flags d down p bundled in port channel u in use 139
- Follow these steps to configure lacp 139
- Group port channel protocol ports 139
- I stand alone h hot standby lacp only s suspended 139
- Po2 s te1 0 5 d te1 0 6 d te1 0 7 d te1 0 8 d 139
- R layer3 s layer2 f failed to allocate aggregator 139
- Switch config if range channel group 2 mode on 139
- Switch config if range end 139
- Switch config if range show etherchannel 2 summary 139
- Switch config interface range ten gigabitethernet 1 0 5 8 139
- Switch configure 139
- Switch copy running config startup config 139
- The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 139
- U unsuitable for bundling w waiting to be aggregated d default port 139
- 000a eb13 397 140
- Switch config end 140
- Switch config if range channel group 6 mode active 140
- Switch config interface range ten gigabitethernet 1 0 1 4 140
- Switch config lacp system priority 2 140
- Switch config show lacp sys id 140
- Switch configure 140
- Switch copy running config startup config 140
- The following example shows how to add ports 1 0 1 4 to lag 6 set the mode as lacp and select the lacpdu sending mode as active 140
- The following example shows how to specify the system priority of the switch as 2 140
- Configuration example 142
- Configuration scheme 142
- Network requirements 142
- Using the gui 143
- Using the cli 144
- Verify the configuration 144
- Appendix default parameters 146
- Default settings of switching are listed in the following tables 146
- Monitoring traffic 147
- Traffic monitor 148
- Using the gui 148
- Viewing the traffic summary 148
- Viewing the traffic statistics in detail 149
- In port select select a port or lag and click select 150
- In the statistics section view the detailed information of the selected port or lag 150
- On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 152
- Using the cli 152
- Appendix default parameters 153
- Chapters 154
- Managing mac address table 154
- Part 6 154
- Address configurations 155
- Mac address table 155
- Overview 155
- Supported features 155
- Security configurations 156
- Adding static mac address entries 157
- Address configurations 157
- Using the gui 157
- Binding dynamic address entries 158
- Click create 158
- Dynamic address to load the following page 158
- Enter the mac address vlan id and select a port to bind them together 158
- Follow these steps to add a static mac address entry 158
- Click apply 160
- Dynamic address to load the following page 160
- Follow these steps to modify the aging time of dynamic address entries 160
- In the aging config section enable auto aging and enter your desired length of time 160
- Modifying the aging time of dynamic address entries 160
- Adding mac filtering address entries 161
- Viewing address table entries 161
- Adding static mac address entries 162
- Address table to load the following page 162
- Follow these steps to add static mac address entries 162
- Using the cli 162
- 02 58 4f 6c 23 10 te1 0 1 config static no aging 163
- Mac address table 163
- Mac vlan port type aging 163
- Switch config end 163
- Switch config mac address table static 00 02 58 4f 6c 23 vid 10 interface ten gigabitethernet 1 0 1 163
- Switch config show mac address table static 163
- Switch configure 163
- Switch copy running config startup config 163
- The following example shows how to add a static mac address entry with mac address 00 02 58 4f 6c 23 vlan 10 and port 1 when a packet is received in vlan 10 with this address as its destination the packet will be forwarded only to port 1 163
- Total mac addresses for this criterion 1 163
- Adding mac filtering address entries 164
- Aging time is 500 sec 164
- Follow these steps to add mac filtering address entries 164
- Follow these steps to modify the aging time of dynamic address entries 164
- Modifying the aging time of dynamic address entries 164
- Switch config end 164
- Switch config mac address table aging time 500 164
- Switch config show mac address table aging time 164
- Switch configure 164
- Switch copy running config startup config 164
- The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 164
- Configuring mac notification traps 166
- Security configurations 166
- Using the gui 166
- Configure snmp and set a management host for detailed snmp configurations please refer to configuring snmp rmon 167
- In the mac notification global config section enable this feature configure the relevant options and click apply 167
- In the mac notification port config section select your desired port and enable its notification traps you can enable these three types learned mode change exceed max learned and new mac learned click apply 167
- Limiting the number of mac addresses in vlans 167
- Mac vlan security to load the following page 167
- Choose the mode that the switch adopts when the maximum number of mac addresses in the specified vlan is exceeded 168
- Click create 168
- Configuring mac notification traps 168
- Enter the vlan id to limit the number of mac addresses that can be learned in the specified vlan 168
- Enter your desired value in max learned mac to set a threshold 168
- Follow these steps to configure mac notification traps 168
- Follow these steps to limit the number of mac addresses in vlans 168
- Using the cli 168
- Now you have configured mac notification traps to receive notifications you need to further enable snmp and set a management host for detailed snmp configurations please refer to configuring snmp rmon 169
- Switch config interface ten gigabitethernet 1 0 1 169
- Switch config mac address table notification global status enable 169
- Switch config mac address table notification interval 10 169
- Switch configure 169
- The following example shows how to enable new mac learned trap on port 1 and set the interval time as 10 seconds after you have further configured snmp the switch will bundle notifications of new addresses in every 10 seconds and send to the management host 169
- Follow these steps to limit the number of mac addresses in vlans 170
- Limiting the number of mac addresses in vlans 170
- Mac notification global config 170
- Notification global status enable 170
- Notification interval 10 170
- Port lrnmode change exceed max limit new mac learned 170
- Switch config if end 170
- Switch config if mac address table notification new mac learned enable 170
- Switch config if show mac address table notification interface ten gigabitethernet 1 0 1 170
- Switch copy running config startup config 170
- Table full notification status disable 170
- Te1 0 1 disable disable enable 170
- Configuration scheme 172
- Example for security configurations 172
- Network requirements 172
- Using the gui 173
- Using the cli 174
- Verify the configurations 174
- Appendix default parameters 175
- Default settings of the mac address table are listed in the following tables 175
- Chapters 176
- Configuring 802 q vlan 176
- Part 7 176
- Overview 177
- Configuring the pvid of the port 178
- Q vlan configuration 178
- Using the gui 178
- Configuring the vlan 179
- Enter a vlan id and a description for identification to create a vlan 179
- Follow these steps to configure vlan 179
- Vlan config and click create to load the following page 179
- Click apply 180
- Creating a vlan 180
- Follow these steps to create a vlan 180
- Select the untagged port s and the tagged port s respectively to add to the created vlan based on the network topology 180
- Switch config vlan 2 180
- Switch config vlan name rd 180
- Switch configure 180
- The following example shows how to create vlan 2 and name it as rd 180
- Using the cli 180
- Will forward untagged packets in the target vlan 180
- Configuring the pvid of the port 181
- Follow these steps to configure the port 181
- Link type general 181
- Member in lag n a 181
- Member in vlan 181
- Port te1 0 5 181
- Pvid 2 181
- Rd active 181
- Switch config if show interface switchport ten gigabitethernet 1 0 5 181
- Switch config if switchport pvid 2 181
- Switch config interface ten gigabitethernet 1 0 5 181
- Switch config vlan end 181
- Switch config vlan show vlan id 2 181
- Switch configure 181
- Switch copy running config startup config 181
- The following example shows how to configure the pvid of port 1 0 5 as vlan 2 181
- Vlan name status ports 181
- Adding the port to the specified vlan 182
- Follow these steps to add the port to the specified vlan 182
- Port te1 0 5 182
- Pvid 2 182
- Switch config if end 182
- Switch config if show interface switchport ten gigabitethernet 1 0 5 182
- Switch config if switchport general allowed vlan 2 tagged 182
- Switch config interface ten gigabitethernet 1 0 5 182
- Switch configure 182
- Switch copy running config startup config 182
- System vlan untagged 182
- The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as tagged 182
- Vlan name egress rule 182
- Configuration example 184
- Configuration scheme 184
- Network requirements 184
- Network topology 185
- Using the gui 185
- Using the cli 187
- Verify the configurations 188
- Appendix default parameters 189
- Default settings of 802 q vlan are listed in the following table 189
- Chapters 190
- Configuring mac vlan 190
- Part 8 190
- Overview 191
- Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address rather than the access port determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 191
- The figure below shows a common application scenario of mac vlan 191
- Two departments share all the meeting rooms in the company but use different servers and l 191
- Vlan is generally divided by ports this way of division is simple but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office a terminal device may access the switch via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their original vlans even when their access ports change 191
- Configuring 802 q vlan 192
- Mac vlan configuration 192
- Using the gui 192
- Binding the mac address to the vlan 193
- By default mac vlan is disabled on all ports you need to enable mac vlan for your desired ports manually 193
- Click create to create the mac vlan 193
- Enabling mac vlan for the port 193
- Enter the mac address of the device give it a description and enter the vlan id to bind it to the vlan 193
- Follow these steps to bind the mac address to the vlan 193
- Mac vlan to load the following page 193
- Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 194
- Binding the mac address to the vlan 194
- Configuring 802 q vlan 194
- Follow these steps to bind the mac address to the vlan 194
- Follow these steps to enable mac vlan for the port 194
- Port enable to load the following page 194
- Select your desired ports to enable mac vlan and click apply 194
- Using the cli 194
- 19 56 8a 4c 71 dept a 10 195
- Enabling mac vlan for the port 195
- Follow these steps to enable mac vlan for the port 195
- Mac addr name vlan id 195
- Switch config end 195
- Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 195
- Switch config show mac vlan vlan 10 195
- Switch configure 195
- Switch copy running config startup config 195
- The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 195
- Configuration example 197
- Configuration scheme 197
- Create vlan 10 and vlan 20 on each of the three switches set different port types and add the ports to the vlans based on the network topology note for the ports 197
- Network requirements 197
- Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 197
- You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 197
- Using the gui 198
- Using the cli 201
- Verify the configurations 203
- Depta active te1 0 2 te1 0 3 te1 0 4 204
- Deptb active te1 0 2 te1 0 3 te1 0 5 204
- Appendix default parameters 205
- Default settings of mac vlan are listed in the following table 205
- Chapters 206
- Configuring protocol vlan 206
- Part 9 206
- Overview 207
- Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze special fields of received packets encapsulate the packets in specific formats and forward the packets of different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services of network users 207
- The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 207
- Configuring 802 q vlan 208
- Protocol vlan configuration 208
- Using the gui 208
- Configuring protocol vlan 209
- Creating protocol template 209
- Configuring 802 q vlan 210
- Using the cli 210
- Arp ethernetii ether type 0806 211
- At snap ether type 809b 211
- Creating a protocol template 211
- Follow these steps to create a protocol template 211
- Index protocol name protocol type 211
- Ip ethernetii ether type 0800 211
- Ipv6 ethernetii ether type 86dd 211
- Ipx snap ether type 8137 211
- Rarp ethernetii ether type 8035 211
- Switch config end 211
- Switch config protocol template name ipv6 frame ether_2 ether type 86dd 211
- Switch config show protocol vlan template 211
- Switch configure 211
- The following example shows how to create an ipv6 protocol template 211
- Arp ethernetii ether type 0806 212
- Configuring protocol vlan 212
- Follow these steps to configure protocol vlan 212
- Index protocol name protocol type 212
- Ip ethernetii ether type 0800 212
- Rarp ethernetii ether type 8035 212
- Switch config show protocol vlan template 212
- Switch configure 212
- Switch copy running config startup config 212
- The following example shows how to bind the ipv6 protocol template to vlan 10 212
- A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 214
- Configuration example 214
- Configuration scheme 214
- Network requirements 214
- The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 214
- You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 214
- Using the gui 215
- Using the cli 220
- Verify the configurations 222
- Appendix default parameters 224
- Default settings of protocol vlan are listed in the following table 224
- Chapters 225
- Configuring private vlan 225
- Part 10 225
- Overview 226
- If private vlan is configured on switch b switch a only needs to recognize primary vlan vlan5 and end users can be isolated by secondary vlans vlan2 vlan3 and vlan4 saving vlan resources for switch a 227
- Creating private vlan 228
- Private vlan configurations 228
- Using the gui 228
- Click create 229
- Configuring the up link port 229
- In the port config section select the port to be configured set the port type as promiscuous and enter the ids of primary vlan and secondary vlan 229
- Port config to load the following page 229
- The switch requires that only access port can be added to a private vlan 229
- Click apply 230
- Configuring the down link port 230
- In the port config section select the port to be configured set the port type as host and enter the ids of primary vlan and secondary vlan 230
- Port config to load the following page 230
- The switch requires that only access port can be added to a private vlan 230
- Click apply 231
- Creating private vlan 231
- Using the cli 231
- Community 232
- Primary secondary type ports 232
- Switch config 232
- Switch config end 232
- Switch config show vlan private vlan 232
- Switch config vlan 5 232
- Switch config vlan 6 232
- Switch config vlan exit 232
- Switch config vlan private vlan association 5 232
- Switch config vlan private vlan community 232
- Switch config vlan private vlan primary 232
- Switch copy running config startup config 232
- The following example shows how to create primary vlan 6 and secondary vlan 5 set the secondary vlan type as community and pair primary vlan 6 with secondary vlan 5 as a private vlan 232
- Configuring the up link port 233
- Switch config 233
- The following example shows how to configure the port type of port 1 0 2 as promiscuous and add it to the private vlan composed of primary vlan 6 and secondary vlan 5 233
- The switch requires that only access port can be added to a private vlan 233
- Community te1 0 2 234
- Configuring the down link port 234
- Port type 234
- Primary secondary type ports 234
- Switch config end 234
- Switch config if exit 234
- Switch config if switchport private vlan promiscuous 234
- Switch config interface ten gigabitethernet 1 0 2 234
- Switch config show vlan private vlan 234
- Switch config show vlan private vlan interface ten gigabitethernet 1 0 2 234
- Switch copy running config startup config 234
- Swtich config if switchport private vlan mapping 6 5 234
- Te1 0 2 promiscuous 234
- The switch requires that only access port can be added to a private vlan 234
- Community te1 0 3 235
- Port type 235
- Primary secondary type ports 235
- Switch config 235
- Switch config end 235
- Switch config if exit 235
- Switch config if switchport private vlan host 235
- Switch config interface ten gigabitethernet 1 0 3 235
- Switch config show vlan private vlan 235
- Switch config show vlan private vlan interface ten gigabitethernet 1 0 3 235
- Switch copy running config startup config 235
- Swtich config if switchport private vlan host association 6 5 community 235
- Te1 0 3 host 235
- The following example shows how to configure the port type of port 1 0 3 as host and add it to the private vlan composed of primary vlan 6 and secondary vlan 5 235
- Configuration example 236
- Configuration scheme 236
- Network requirements 236
- Network topology 236
- Configurations for switch a 237
- Creating private vlan 237
- Pvlan config to load the following page create primary vlan 6 and secondary vlan 5 select community as the secondary vlan type click create and primary vlan 6 is paired with secondary vlan 5 similarly create primary vlan 6 and secondary vlan 7 select community as the secondary vlan type click create and primary vlan 6 is paired with secondary vlan 7 237
- Using the gui 237
- Using the cli 239
- Verify the configurations 241
- Appendix default parameters 242
- Default settings of private vlan are listed in the following tables 242
- Chapters 243
- Configuring spanning tree 243
- Part 11 243
- Basic concepts 244
- Overview 244
- Spanning tree 244
- Stp rstp concepts 244
- Bridge id 245
- Port role 245
- Root bridge 245
- Port status 246
- Path cost 247
- Root path cost 247
- Mst instance 248
- Mst region 248
- Mstp concepts 248
- Stp security 249
- Vlan instance mapping 249
- Configuring stp rstp parameters on ports 252
- Stp rstp configurations 252
- Using the gui 252
- Click apply 254
- Configuring stp rstp globally 254
- Stp config to load the following page 254
- Follow these steps to configure stp rstp globally 255
- In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 255
- In the parameters config section configure the global parameters of stp rstp and click apply 255
- Stp summary to load the following page 256
- The stp summary section shows the summary information of spanning tree 256
- Verify the stp rstp information of your switch after all the configurations are finished 256
- Verifying the stp rstp configurations 256
- Configuring stp rstp parameters on ports 257
- Follow these steps to configure stp rstp parameters on ports 257
- Using the cli 257
- Switch config if show spanning tree interface ten gigabitethernet 1 0 3 258
- Switch config if spanning tree 258
- Switch config if spanning tree common config port priority 32 258
- Switch config interface ten gigabitethernet 1 0 3 258
- Switch configure 258
- The following example shows how to enable spanning tree function on port 1 0 3 and configure the port priority as 32 258
- Configuring global stp rstp parameters 259
- Follow these steps to configure global stp rstp parameters of the switch 259
- Interface state prio ext cost int cost edge p2p mode role status 259
- Switch config if end 259
- Switch copy running config startup config 259
- Te1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 259
- Enable rstp 36864 2 12 20 5 20 260
- Enabling stp rstp globally 260
- Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 260
- State mode priority hello time fwd time max age hold count max hops 260
- Switch config end 260
- Switch config show spanning tree bridge 260
- Switch config spanning tree priority 36864 260
- Switch config spanning tree timer forward time 12 260
- Switch configure 260
- Switch copy running config startup config 260
- This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 260
- Configuring parameters on ports in cist 262
- Mstp configurations 262
- Using the gui 262
- Besides configure the priority of the switch the priority and path cost of ports in the desired instance 264
- Click apply 264
- Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 264
- Configuring the mstp region 264
- Configuring the region name and revision level 264
- Region config to load the following page 264
- Configuring mstp globally 269
- Follow these steps to configure mstp globally 269
- In the parameters config section configure the global parameters of mstp and click apply 269
- Stp config to load the following page 269
- In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 270
- Stp summary to load the following page 271
- The stp summary section shows the summary information of cist 271
- Verifying the mstp configurations 271
- Configuring parameters on ports in cist 272
- Follow these steps to configure the parameters of the port in cist 272
- The mstp summary section shows the information in mst instances 272
- Using the cli 272
- Switch configure 273
- This example shows how to enable spanning tree function for port 1 0 3 and configure the port priority as 32 273
- Configuring the mst region 274
- Configuring the mstp region 274
- Follow these steps to configure the mst region and the priority of the switch in the instance 274
- Interface prio cost role status 274
- Interface state prio ext cost int cost edge p2p mode role status 274
- Mst instance 0 cist 274
- Mst instance 5 274
- Switch config if end 274
- Switch config if show spanning tree interface ten gigabitethernet 1 0 3 274
- Switch config if spanning tree 274
- Switch config if spanning tree common config port priority 32 274
- Switch config interface ten gigabitethernet 1 0 3 274
- Switch copy running config startup config 274
- Te1 0 3 144 200 n a lnkdwn 274
- Te1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 274
- Region name r1 275
- Revision 100 275
- Switch config mst instance 5 vlan 2 6 275
- Switch config mst name r1 275
- Switch config mst revision 100 275
- Switch config mst show spanning tree mst configuration 275
- Switch config spanning tree mst configuration 275
- Switch configure 275
- This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 275
- 7 4094 276
- Configuring the parameters on ports in instance 276
- Follow these steps to configure the priority and path cost of ports in the specified instance 276
- Mst instance vlans mapped 276
- Switch config mst end 276
- Switch copy running config startup config 276
- Configuring global mstp parameters 277
- Switch config spanning tree priority 36864 278
- Switch configure 278
- This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 278
- Enable mstp 36864 2 12 20 8 25 279
- Enabling spanning tree globally 279
- Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 279
- State mode priority hello time fwd time max age hold count max hops 279
- Switch config if end 279
- Switch config if show spanning tree bridge 279
- Switch config if spanning tree hold count 8 279
- Switch config if spanning tree max hops 25 279
- Switch config if spanning tree timer forward time 12 279
- Switch config show spanning tree active 279
- Switch config spanning tree 279
- Switch config spanning tree mode mstp 279
- Switch configure 279
- Switch copy running config startup config 279
- This example shows how to configure the spanning tree mode as mstp and enable spanning tree function globally 279
- Configuring the stp security 282
- Stp security configurations 282
- Using the gui 282
- Configure the port protect features for the selected ports and click apply 283
- Optional configuring the threshold and cycle of tc protect 283
- When you enable tc protect function on ports set the tc threshold and tc protect cycle here if the number of the received tc bpdus exceeds the maximum number you set in the tc threshold field the switch will not remove mac address entries in the tc protect cycle 283
- Configure the parameters of tc protect feature and click apply 284
- Configuring the stp security 284
- Featur 284
- Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 284
- Tc protect to load the following page 284
- Using the cli 284
- Switch config if show spanning tree interface security ten gigabitethernet 1 0 3 285
- Switch config if spanning tree bpdufilter 285
- Switch config if spanning tree bpduguard 285
- Switch config if spanning tree guard loop 285
- Switch config if spanning tree guard root 285
- Switch config interface ten gigabitethernet 1 0 3 285
- Switch configure 285
- This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 285
- Configuring the tc protect 286
- Follow these steps to configure tc protect feature for ports 286
- Interface bpdu filter bpdu guard loop protect root protect tc protect 286
- Switch config if end 286
- Switch copy running config startup config 286
- Te1 0 3 enable enable enable enable disable 286
- This example shows how to enable the tc protect function on port 1 0 3 with the tc threshold is 25 and the tc protect cycle is 8 286
- As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 288
- Configuration example for mstp 288
- Configuration scheme 288
- Here we configure two instances to meet the requirement as is shown below 288
- It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 288
- Mstp backwards compatible with stp and rstp can map vlans to instances to enable load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 288
- Network requirements 288
- To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 288
- Using the gui 289
- Instance port config to load the following page set the path cost of port 1 0 1 in instance 1 as 400000 291
- Instance port config to load the following page set the path cost of port 1 0 2 in instance 2 as 400000 295
- Using the cli 300
- Verify the configurations 302
- Appendix default parameters 307
- Default settings of the spanning tree feature are listed in the following table 307
- Chapters 309
- Configuring layer 2 multicast 309
- Part 12 309
- Layer 2 multicast 310
- Overview 310
- Configuration guide 286 311
- Configuring layer 2 multicast layer 2 multicast 311
- Demonstrated as below 311
- Figure 1 1 igmp snooping 311
- Layer 2 multicast protocol for ipv4 igmp snooping 311
- Layer 2 multicast protocol for ipv6 mld snooping 311
- On the layer 2 device igmp snooping transmits data on demand on data link layer by analyzing igmp packets between layer 3 devices and users to build and maintain layer 2 multicast forwarding table 311
- On the layer 2 device mld snooping multicast listener discovery snooping transmits data on demand on data link layer by analyzing igmp packets between layer 3 devices and users to build and maintain layer 2 multicast forwarding table 311
- Supported layer 2 multicast protocols 311
- Configuring igmp snooping globally 312
- Igmp snooping configurations 312
- Using the gui 312
- Click apply 313
- Configure unknown multicast as forward or discard 313
- Configuring router port time and member port time 313
- Enable or disable report message suppression globally 313
- Enabling report message suppression can reduce the number of packets in the network 313
- Follow these steps to configure report message suppression 313
- Follow these steps to configure the aging time of the router ports and the member ports 313
- Follow these steps to configure unknown multicast 313
- Optional configuring report message suppression 313
- Snooping config page at the same time 313
- Specify the aging time of the member ports 313
- Specify the aging time of the router ports 313
- Click apply 314
- Configure the last listener query interval and last listener query count when the switch receives an igmp leave message if specified count of multicast address specific queries masqs are sent and no report message is received the switch will delete the multicast address from the multicast forwarding table 314
- Configuring igmp snooping last listener query 314
- Follow these steps to configure last listener query interval and last listener query count in the global config section 314
- Igmp snooping status table displays vlans and ports with igmp snooping enabled 314
- Specify the interval between masqs 314
- Specify the number of masqs to be sent 314
- Verifying igmp snooping status 314
- Configuring the port s basic igmp snooping features 315
- Enabling igmp snooping on the port 315
- Optional configuring fast leave 315
- Configuring igmp snooping globally in the vlan 316
- Configuring igmp snooping in the vlan 316
- Click create 317
- Configure the forbidden router ports in the designate vlan 317
- Configure the router ports in the designate vlan 317
- Configuring the multicast vlan 317
- Follow these steps to configure static router ports in the designate vlan 317
- Follow these steps to forbid the selected ports to be the router ports in the designate vlan 317
- In old multicast transmission mode when users in different vlans apply for data from the same multicast group the layer 3 device will duplicate this multicast data and deliver copies to the layer 2 devices 317
- Optional configuring the forbidden router ports in the vlan 317
- Optional configuring the static router ports in the vlan 317
- With multicast vlan configured all multicast group members will be added to a vlan layer 3 device only need to send one piece of multicast data to a layer 2 device and the layer 2 device will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth and reduces network load of layer 3 devices 317
- Creating multicast vlan and configuring basic settings 318
- Click apply 319
- Configure the new multicast source ip 319
- Configure the router ports in the designate vlan 319
- Configure the router ports in the multicast vlan 319
- Follow these steps to configure static router ports in the multicast vlan 319
- Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 319
- Optional configuring the forbidden router ports 319
- Optional configuring the static router ports 319
- Optional creating replace source ip 319
- This function allows you to use a new ip instead of the source ip to send data to multicast group members in the multicast vlan section follow these steps to configure replace source ip 319
- This table displays all the dynamic router ports in the multicast vlan 319
- Viewing dynamic router ports in the multicast vlan 319
- Click add 320
- Click apply 320
- Configuring the querier 320
- Follow these steps to configure the querier 320
- Optional configuring the querier 320
- Querier config to load the following page 320
- Specify a vlan and configure the querier on this vlan 320
- You can edit the settings in the igmp snooping querier table 320
- Click create 321
- Configuring igmp profile 321
- Create a profile and configure its filtering mode 321
- Creating profile 321
- Enter the search condition in the search option field to search the profile in the igmp profile info table 321
- Follow these steps to create a profile and configure its filtering mode 321
- Profile config to load the following page 321
- Searching profile 321
- The igmp snooping querier table displays all the related settings of the igmp querier 321
- Viewing settings of igmp querier 321
- Binding profile and member ports 322
- Click edit in the igmp profile info table edit its ip range and click add to save the settings 322
- Click submit to save the settings click back to go back to the previous page 322
- Editing ip range of the profile 322
- Follow these steps to edit profile mode and its ip range 322
- In the ip range table you can select an ip range and click delete to delete an ip range 322
- Profile binding to load the following page 322
- Binding profile and member ports 323
- Click apply 323
- Configuring max groups a port can join 323
- Follow these steps to bind the profile to the port 323
- Follow these steps to configure the maximum groups a port can join and overflow action 323
- Select a port to configure its max group and overflow action 323
- Select the port to be bound and enter the profile id in the profile id column 323
- Click apply 324
- Configuring auto refresh 324
- Enable or disable auto refresh 324
- Follow these steps to configure auto refresh 324
- Packet statistic to load the following page 324
- Viewing igmp statistics on each port 324
- Click apply 325
- Enabling igmp accounting and authentication 325
- Igmp authentication to load the following 325
- The igmp statistics table displays all kinds of igmp statistics of all the ports 325
- Viewing igmp statistics 325
- Configuring igmp accounting globally 326
- Configuring igmp authentication on the port 326
- Configuring static member port 326
- Click create 327
- Configuring static member port 327
- Enter the multicast ip and vlan id specify the static member port 327
- Follow these steps to configure static member port 327
- Static multicast ip table displays details of all igmp static multicast groups 327
- Viewing igmp static multicast groups 327
- You can search igmp static multicast entries by using multicast ip vlan id or forward port as the search option 327
- Enabling igmp snooping globally 328
- Enabling igmp snooping on the port 328
- Switch config ip igmp snooping 328
- Switch configure 328
- The following example shows how to enable igmp snooping globally and enable igmp snooping on port 1 0 3 328
- Using the cli 328
- Configuring igmp snooping parameters globally 329
- Configuring report message suppression 329
- Enable port te1 0 3 329
- Enable vlan 329
- Global authentication accounting disable 329
- Global member age time 260 329
- Global report suppression disable 329
- Global router age time 300 329
- Igmp snooping enable 329
- Last query interval 1 329
- Last query times 2 329
- Switch config if end 329
- Switch config if ip igmp snooping 329
- Switch config if show ip igmp snooping 329
- Switch config interface ten gigabitethernet 1 0 3 329
- Switch copy running config startup config 329
- Unknown multicast pass 329
- Configuring unknown multicast 330
- Enable port 330
- Enable vlan 330
- Global authentication accounting disable 330
- Global member age time 260 330
- Global report suppression enable 330
- Global router age time 300 330
- Igmp snooping enable 330
- Last query interval 1 330
- Last query times 2 330
- Switch config if end 330
- Switch config ip igmp snooping 330
- Switch config ip igmp snooping report suppression 330
- Switch config show ip igmp snooping 330
- Switch configure 330
- Switch copy running config startup config 330
- The following example shows how to enable report message suppression 330
- Unknown multicast pass 330
- Configuring igmp snooping parameters on the port 331
- Configuring router port time and member port time 331
- Configuring fast leave 332
- Configuring max group and overflow action on the port 333
- Port igmp snooping fast leave 333
- Switch config if end 333
- Switch config if ip igmp snooping 333
- Switch config if ip igmp snooping immediate leave 333
- Switch config if show ip igmp snooping interface ten gigabitethernet 1 0 3 basic config 333
- Switch config interface ten gigabitethernet 1 0 3 333
- Switch config ip igmp snooping 333
- Switch configure 333
- Switch copy running config startup config 333
- Te1 0 3 enable enable 333
- The following example shows how to enable fast leave on port 1 0 3 333
- Port max groups overflow action 334
- Switch config if end 334
- Switch config if ip igmp snooping 334
- Switch config if ip igmp snooping max groups 500 334
- Switch config if ip igmp snooping max groups action drop 334
- Switch config if show ip igmp snooping interface ten gigabitethernet 1 0 3 max groups 334
- Switch config interface ten gigabitethernet 1 0 3 334
- Switch config ip igmp snooping 334
- Switch configure 334
- Te1 0 3 500 drop 334
- The following example shows how to configure the max group as 500 and the overflow action as drop on port 1 0 3 334
- Configuring igmp snooping last listener query 335
- Enable port 335
- Global authentication accounting disable 335
- Global member age time 260 335
- Global report suppression disable 335
- Global router age time 300 335
- Igmp snooping enable 335
- Last query interval 5 335
- Last query times 5 335
- Switch config ip igmp snooping 335
- Switch config ip igmp snooping last listener query count 5 335
- Switch config ip igmp snooping last listener query interval 5 335
- Switch config show ip igmp snooping 335
- Switch configure 335
- Switch copy running config startup config 335
- The following example shows how to configure the last listener query count as 5 and the last listener query interval as 5 seconds 335
- Unknown multicast pass 335
- Configuring igmp snooping parameters in the vlan 336
- Configuring router port time and member port time 336
- Dynamic router port none 336
- Enable vlan 336
- Forbidden router port none 336
- Member time 400 336
- Router time 500 336
- Static router port none 336
- Switch config end 336
- Switch config ip igmp snooping 336
- Switch config ip igmp snooping vlan config 2 3 mtime 400 336
- Switch config ip igmp snooping vlan config 2 3 rtime 500 336
- Switch config show ip igmp snooping vlan 2 336
- Switch configure 336
- Switch copy running config startup config 336
- The following example shows how to enable igmp snooping in vlan 2 and vlan 3 configure the router port time as 500 seconds and the member port time as 400 seconds 336
- Vlan id 2 336
- Configuring static router port 337
- Dynamic router port none 337
- Forbidden router port none 337
- Member time 0 337
- Member time 400 337
- Router time 0 337
- Router time 500 337
- Static router port none 337
- Switch config end 337
- Switch config ip igmp snooping 337
- Switch config ip igmp snooping vlan config 2 rport interface ten gigabitethernet 1 0 2 337
- Switch config show ip igmp snooping vlan 2 337
- Switch config show ip igmp snooping vlan 3 337
- Switch configure 337
- Switch copy running config startup config 337
- The following example shows how to enable igmp snooping in vlan 2 and configure port 1 0 2 as the static router port 337
- Vlan id 2 337
- Vlan id 3 337
- Configuring forbidden router port 338
- Dynamic router port none 338
- Forbidden router port none 338
- Forbidden router port te1 0 4 6 338
- Member time 0 338
- Router time 0 338
- Static router port none 338
- Static router port te1 0 2 338
- Switch config end 338
- Switch config ip igmp snooping 338
- Switch config ip igmp snooping vlan config 2 router ports forbidden interface ten gigabitethernet 1 0 4 6 338
- Switch config show ip igmp snooping vlan 2 338
- Switch configure 338
- Switch copy running config startup config 338
- The following example shows how to enable igmp snooping in vlan 2 and forbid port 1 0 4 6 from becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 338
- Vlan id 2 338
- 2 static te1 0 9 10 339
- Configuring static multicast multicast ip and forward port 339
- Multicast ip vlan id addr type switch port 339
- Switch config end 339
- Switch config ip igmp snooping 339
- Switch config ip igmp snooping vlan config 2 static 226 interface ten gigabitethernet 1 0 9 10 339
- Switch config show ip igmp snooping groups static 339
- Switch configure 339
- Switch copy running config startup config 339
- The following example shows how to configure 226 as the static multicast ip and specify port 1 0 9 10 as the forward ports 339
- Configuring igmp snooping parameters in the multicast vlan 340
- Configuring router port time and member port time 340
- Dynamic router port none 340
- Forbidden router port none 340
- Member time 400 340
- Multicast vlan enable 340
- Replace source ip 0 340
- Router time 500 340
- Static router port none 340
- Switch config end 340
- Switch config ip igmp snooping 340
- Switch config ip igmp snooping multi vlan config 5 mtime 400 340
- Switch config ip igmp snooping multi vlan config 5 rtime 500 340
- Switch config show ip igmp snooping multi vlan 340
- Switch configure 340
- The following example shows how to configure vlan 5 as the multicast vlan set the router port time as 500 seconds and the member port time as 400 seconds 340
- Vlan id 5 340
- Configuring static router port 341
- Dynamic router port none 341
- Forbidden router port none 341
- Member time 260 341
- Multicast vlan enable 341
- Replace source ip 0 341
- Router time 300 341
- Static router port te1 0 5 341
- Switch config end 341
- Switch config ip igmp snooping 341
- Switch config ip igmp snooping multi vlan config 5 rport interface ten gigabitethernet 1 0 5 341
- Switch config show ip igmp snooping multi vlan 341
- Switch configure 341
- Switch copy running config startup config 341
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 as the static router port 341
- Vlan id 5 341
- Configuring forbidden router port 342
- Dynamic router port none 342
- Forbidden router port te1 0 6 342
- Member time 260 342
- Multicast vlan enable 342
- Replace source ip 0 342
- Router time 300 342
- Static router port none 342
- Switch config end 342
- Switch config ip igmp snooping 342
- Switch config ip igmp snooping multi vlan config 5 router ports forbidden interface ten gigabitethernet 1 0 6 342
- Switch config show ip igmp snooping multi vlan 342
- Switch configure 342
- Switch copy running config startup config 342
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 as the forbidden router port 342
- Vlan id 5 342
- Configuring replace source ip 343
- Dynamic router port none 343
- Forbidden router port none 343
- Member time 260 343
- Multicast vlan enable 343
- Replace source ip 192 68 343
- Router time 300 343
- Static router port none 343
- Switch config end 343
- Switch config ip igmp snooping 343
- Switch config ip igmp snooping multi vlan config 5 replace sourceip 192 68 343
- Switch config show ip igmp snooping multi vlan 343
- Switch configure 343
- Switch copy running config startup config 343
- The following example shows how to configure vlan 5 as the multicast vlan and replace the source ip in the igmp packets sent by the switch with 192 68 343
- Vlan id 5 343
- Configuring query interval max response time and general query source ip 344
- Configuring the querier 344
- Enabling igmp querier 344
- General query source ip 192 68 344
- Maximum response time 10 344
- Query interval 60 344
- Switch config end 344
- Switch config ip igmp snooping 344
- Switch config ip igmp snooping querier vlan 4 344
- Switch config show ip igmp snooping querier 344
- Switch configure 344
- Switch copy running config startup config 344
- The following example shows how to enable igmp snooping and igmp querier in vlan 4 344
- Vlan 4 344
- General query source ip 192 68 345
- Maximum response time 20 345
- Query interval 100 345
- Switch config end 345
- Switch config ip igmp snooping 345
- Switch config ip igmp snooping querier vlan 4 general query source ip 192 68 345
- Switch config ip igmp snooping querier vlan 4 max response time 20 345
- Switch config ip igmp snooping querier vlan 4 query interval 100 345
- Switch config show ip igmp snooping querier 345
- Switch configure 345
- Switch copy running config startup config 345
- The following example shows how to enable igmp snooping and igmp querier in vlan 4 set the query interval as 100 seconds the max response time as 20 seconds and the general query source ip as 192 68 345
- Vlan 4 345
- Configuring multicast filtering 346
- Creating profile 346
- Igmp profile 1 346
- Switch config igmp profile deny 346
- Switch config igmp profile range 226 226 0 346
- Switch config igmp profile show ip igmp profile 346
- Switch config ip igmp profile 1 346
- Switch config ip igmp snooping 346
- Switch configure 346
- The following example shows how to configure profile 1 so that the switch filters multicast data sent to 226 226 0 346
- Binding profile to the port 347
- Igmp profile 1 347
- Range 226 226 0 347
- Switch config end 347
- Switch config if ip igmp filter 1 347
- Switch config if ip igmp snooping 347
- Switch config if show ip igmp profile 347
- Switch config igmp profile deny 347
- Switch config igmp profile exit 347
- Switch config igmp profile range 226 226 0 347
- Switch config interface ten gigabitethernet 1 0 2 347
- Switch config ip igmp profile 1 347
- Switch config ip igmp snooping 347
- Switch configure 347
- Switch copy running config startup config 347
- The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters multicast data sent to 226 226 0 347
- Binding port s 348
- Enabling igmp accounting and authentication 348
- Enabling igmp authentication on the port 348
- Port igmp authentication 348
- Range 226 226 0 348
- Switch config end 348
- Switch config if ip igmp snooping 348
- Switch config if ip igmp snooping authentication 348
- Switch config if show ip igmp snooping interface ten gigabitethernet 1 0 2 authentication 348
- Switch config interface ten gigabitethernet 1 0 2 348
- Switch config ip igmp snooping 348
- Switch configure 348
- Switch copy running config startup config 348
- Te1 0 2 348
- The following example shows how to enable igmp authentication on port 1 0 2 348
- Enabling igmp accounting globally 349
- Switch config end 349
- Switch copy running config startup config 349
- Te1 0 2 enable 349
- Configuring mld snooping 350
- Configuring mld snooping globally 350
- Using the gui 350
- Click apply 351
- Configure unknown multicast as forward or discard 351
- Configuring router port time and member port time 351
- Enable or disable report message suppression globally 351
- Enabling report message suppression can reduce the number of packets in the network 351
- Follow these steps to configure report message suppression 351
- Follow these steps to configure the aging time of the router ports and the member ports 351
- Follow these steps to configure unknown multicast 351
- Optional configuring report message suppression 351
- Snooping config page at the same time 351
- Specify the aging time of the member ports 351
- Specify the aging time of the router ports 351
- Click apply 352
- Configure the last listener query interval and last listener query count when the switch receives an mld leave message if specified count of multicast address specific queries masqs are sent and no report message is received the switch will delete the multicast address from the multicast forwarding table 352
- Configuring mld snooping last listener query 352
- Follow these steps to configure last listener query interval and last listener query count in the global config section 352
- Mld snooping status table displays vlans and ports with mld snooping enabled 352
- Specify the interval between masqs 352
- Specify the number of masqs to be sent 352
- Verifying mld snooping status 352
- Configuring the port s basic mld snooping features 353
- Enabling mld snooping on the port 353
- Optional configuring fast leave 353
- Configuring mld snooping globally in the vlan 354
- Configuring mld snooping in the vlan 354
- Click create 355
- Configure the forbidden router ports in the designate vlan 355
- Configure the router ports in the designate vlan 355
- Configuring the multicast vlan 355
- Follow these steps to configure static router ports in the designate vlan 355
- Follow these steps to forbid the selected ports to be the router ports in the designate vlan 355
- In old multicast transmission mode when users in different vlans apply for data from the same multicast group the layer 3 device will duplicate this multicast data and deliver copies to the layer 2 devices 355
- Multicast vlan to load the following page 355
- Optional configuring the forbidden router ports in the vlan 355
- Optional configuring the static router ports in the vlan 355
- With multicast vlan configured all multicast group members will be added to a vlan layer 3 device only need to send one piece of multicast data to a layer 2 device and the layer 2 device will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth and reduces network load of layer 3 devices 355
- Creating multicast vlan and configuring basic settings 356
- Enable multicast vlan configure the specific vlan to be the multicast vlan and configure the router port time and member port time 356
- In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic settings 356
- Set up the vlan that the router ports and the member ports are in for details please refer to configuring 802 q vlan 356
- Click apply 357
- Configure the new multicast source ip 357
- Configure the router ports in the designate vlan 357
- Configure the router ports in the multicast vlan 357
- Follow these steps to configure static router ports in the multicast vlan 357
- Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 357
- Optional configuring the forbidden router ports 357
- Optional configuring the static router ports 357
- Optional creating replace source ip 357
- This function allows you to use a new ip instead of the source ip to send data to multicast group members in the multicast vlan section follow these steps to configure replace source ip 357
- This table displays all the dynamic router ports in the multicast vlan 357
- Viewing dynamic router ports in the multicast vlan 357
- Click add 358
- Configuring the querier 358
- Follow these steps to configure the querier 358
- Optional configuring the querier 358
- Querier config to load the following page 358
- Specify a vlan and configure the querier on this vlan 358
- The mld snooping querier table displays all the related settings of the mld querier 358
- Viewing settings of mld querier 358
- You can edit the settings in the mld snooping querier table 358
- Click create 359
- Configuring mld profile 359
- Create a profile and configure its filtering mode 359
- Creating profile 359
- Enter the search condition in the search option field to search the profile in the mld profile info table 359
- Follow these steps to create a profile and configure its filtering mode 359
- Profile config to load the following page 359
- Searching profile 359
- Binding profile and member ports 360
- Editing ip range of the profile 360
- Binding profile and member ports 361
- Click apply 361
- Configuring max groups a port can join 361
- Follow these steps to bind the profile to the port 361
- Follow these steps to configure the maximum groups a port can join and overflow action 361
- Select a port to configure its max group and overflow action 361
- Select the port to be bound and enter the profile id in the profile id column 361
- Click apply 362
- Packet statistic to load the following page 362
- Viewing mld statistics on each port 362
- Configuring auto refresh 363
- Configuring static member port 363
- Viewing mld statistics 363
- Click create 364
- Configuring static member port 364
- Enabling mld snooping globally 364
- Enabling mld snooping on the port 364
- Enter the multicast ip and vlan id specify the static member port 364
- Follow these steps to configure static member port 364
- Static multicast ip table displays details of all mld static multicast groups 364
- Using the cli 364
- Viewing mld static multicast groups 364
- You can search mld static multicast entries by using multicast ip vlan id or forward port as the search option 364
- Enable port te1 0 3 365
- Enable vlan 365
- Global member age time 260 365
- Global report suppression disable 365
- Global router age time 300 365
- Last query interval 1 365
- Last query times 2 365
- Mld snooping enable 365
- Switch config if end 365
- Switch config if ipv6 mld snooping 365
- Switch config if show ipv6 mld snooping 365
- Switch config interface ten gigabitethernet 1 0 3 365
- Switch config ipv6 mld snooping 365
- Switch configure 365
- Switch copy running config startup config 365
- The following example shows how to enable mld snooping globally and enable mld snooping 365
- Unknown multicast pass 365
- Configuring mld snooping parameters globally 366
- Configuring report message suppression 366
- Enable port 366
- Enable vlan 366
- Global member age time 260 366
- Global report suppression enable 366
- Global router age time 300 366
- Last query interval 1 366
- Last query times 2 366
- Mld snooping enable 366
- Switch config end 366
- Switch config ipv6 mld snooping 366
- Switch config ipv6 mld snooping report suppression 366
- Switch config show ipv6 mld snooping 366
- Switch configure 366
- Switch copy running config startup config 366
- The following example shows how to enable report message suppression 366
- Unknown multicast pass 366
- Configuring unknown multicast 367
- Enable port 367
- Enable vlan 367
- Global member age time 260 367
- Global report suppression disable 367
- Global router age time 300 367
- Igmp snooping and mld snooping share the setting of unknown multicast so you have to enable igmp snooping globally at the same time 367
- Last query interval 1 367
- Last query times 2 367
- Mld snooping enable 367
- Switch config end 367
- Switch config ip igmp snooping 367
- Switch config ipv6 mld snooping 367
- Switch config ipv6 mld snooping drop unknown 367
- Switch config show ipv6 mld snooping 367
- Switch configure 367
- The following example shows how to configure the switch to discard unknown multicast data 367
- Unknown multicast discard 367
- Configuring mld snooping parameters on the port 368
- Configuring router port time and member port time 368
- Enable port 368
- Enable vlan 368
- Global member age time 200 368
- Global report suppression disable 368
- Global router age time 200 368
- Last query interval 1 368
- Last query times 2 368
- Mld snooping enable 368
- Switch config ipv6 mld snooping 368
- Switch config ipv6 mld snooping mtime 200 368
- Switch config ipv6 mld snooping rtime 200 368
- Switch config show ipv6 mld snooping 368
- Switch configure 368
- Switch copy running config startup config 368
- The following example shows how to configure the global router port time and member port time as 200 seconds 368
- Unknown multicast pass 368
- Configuring fast leave 369
- Port mld snooping fast leave 369
- Switch config end 369
- Switch config if end 369
- Switch config if ipv6 mld snooping 369
- Switch config if ipv6 mld snooping immediate leave 369
- Switch config if show ipv6 mld snooping interface ten gigabitethernet 1 0 3 basic config 369
- Switch config interface ten gigabitethernet 1 0 3 369
- Switch config ipv6 mld snooping 369
- Switch configure 369
- Switch copy running config startup config 369
- Te1 0 3 enable enable 369
- The following example shows how to enable fast leave on port 1 0 3 369
- Configuring max group and overflow action on the port 370
- Port max groups overflow action 370
- Switch config if ipv6 mld snooping 370
- Switch config if ipv6 mld snooping max groups 500 370
- Switch config if ipv6 mld snooping max groups action drop 370
- Switch config if show ipv6 mld snooping interface ten gigabitethernet 1 0 3 max groups 370
- Switch config interface ten gigabitethernet 1 0 3 370
- Switch config ipv6 mld snooping 370
- Switch configure 370
- The following example shows how to configure the max group as 500 and the overflow action as drop on port 1 0 3 370
- Configuring mld snooping last listener query 371
- Global member age time 260 371
- Global report suppression disable 371
- Global router age time 300 371
- Last query interval 5 371
- Last query times 5 371
- Mld snooping enable 371
- Switch config if end 371
- Switch config ipv6 mld snooping 371
- Switch config ipv6 mld snooping last listener query count 5 371
- Switch config ipv6 mld snooping last listener query interval 5 371
- Switch config show ipv6 mld snooping 371
- Switch configure 371
- Switch copy running config startup config 371
- Te1 0 3 500 drop 371
- The following example shows how to configure the last listener query count as 5 and the last listener query interval as 5 seconds 371
- Unknown multicast pass 371
- Configuring mld snooping parameters in the vlan 372
- Configuring router port time and member port time 372
- Dynamic router port none 372
- Enable port 372
- Enable vlan 372
- Member time 400 372
- Router time 500 372
- Static router port none 372
- Switch config end 372
- Switch config ipv6 mld snooping 372
- Switch config ipv6 mld snooping vlan config 2 3 mtime 400 372
- Switch config ipv6 mld snooping vlan config 2 3 rtime 500 372
- Switch config show ipv6 mld snooping vlan 2 372
- Switch configure 372
- Switch copy running config startup config 372
- The following example shows how to enable mld snooping in vlan 2 and vlan 3 configure the router port time as 500 seconds and the member port time as 400 seconds 372
- Vlan id 2 372
- Configuring static router port 373
- Dynamic router port none 373
- Forbidden router port none 373
- Member time 400 373
- Router time 0 373
- Router time 500 373
- Static router port none 373
- Switch config end 373
- Switch config ipv6 mld snooping 373
- Switch config ipv6 mld snooping vlan config 2 rport interface ten gigabitethernet 1 0 2 373
- Switch config show ipv6 mld snooping vlan 2 373
- Switch config show ipv6 mld snooping vlan 3 373
- Switch configure 373
- Switch copy running config startup config 373
- The following example shows how to enable mld snooping in vlan 2 and configure port 1 0 2 as the static router port 373
- Vlan id 2 373
- Vlan id 3 373
- Configuring forbidden router port 374
- Dynamic router port none 374
- Forbidden router port none 374
- Member time 0 374
- Router time 0 374
- Static router port none 374
- Static router port te1 0 2 374
- Switch config 374
- Switch config end 374
- Switch config ipv6 mld snooping 374
- Switch config ipv6 mld snooping vlan config 2 router ports forbidden interface ten gigabitethernet 1 0 4 6 374
- Switch config show ipv6 mld snooping vlan 2 374
- Switch copy running config startup config 374
- The following example shows how to enable mld snooping in vlan 2 and forbid port 1 0 4 6 from becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 374
- Vlan id 2 374
- Configuring static multicast multicast ip and forward port 375
- Ff01 1234 02 2 static te1 0 9 10 375
- Forbidden router port te1 0 4 6 375
- Multicast ip vlan id addr type switch port 375
- Switch config end 375
- Switch config ipv6 mld snooping 375
- Switch config ipv6 mld snooping vlan config 2 static ff01 1234 02 interface ten gigabitethernet 1 0 9 10 375
- Switch config show ipv6 mld snooping groups static 375
- Switch configure 375
- Switch copy running config startup config 375
- The following example shows how to configure ff01 1234 02 as the static multicast ip and specify port 1 0 9 10 as the forward ports 375
- Configuring mld snooping parameters in the multicast vlan 376
- Configuring router port time and member port time 376
- Dynamic router port none 376
- Forbidden router port none 376
- Member time 400 376
- Multicast vlan enable 376
- Replace source ip 376
- Router time 500 376
- Static router port none 376
- Switch config end 376
- Switch config ipv6 mld snooping 376
- Switch config ipv6 mld snooping multi vlan config 5 mtime 400 376
- Switch config ipv6 mld snooping multi vlan config 5 rtime 500 376
- Switch config show ipv6 mld snooping multi vlan 376
- Switch configure 376
- The following example shows how to configure vlan 5 as the multicast vlan set the router port time as 500 seconds and the member port time as 400 seconds 376
- Vlan id 5 376
- Configuring static router port 377
- Dynamic router port none 377
- Forbidden router port none 377
- Member time 260 377
- Multicast vlan enable 377
- Replace source ip 377
- Router time 300 377
- Static router port te1 0 5 377
- Switch config end 377
- Switch config ipv6 mld snooping 377
- Switch config ipv6 mld snooping multi vlan config 5 rport interface ten gigabitethernet 1 0 5 377
- Switch config show ipv6 mld snooping multi vlan 377
- Switch configure 377
- Switch copy running config startup config 377
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 as the static router port 377
- Vlan id 5 377
- Configuring forbidden router port 378
- Dynamic router port none 378
- Forbidden router port te1 0 6 378
- Member time 260 378
- Multicast vlan enable 378
- Replace source ip 378
- Router time 300 378
- Static router port none 378
- Switch config end 378
- Switch config ipv6 mld snooping 378
- Switch config ipv6 mld snooping multi vlan config 5 router ports forbidden interface ten gigabitethernet 1 0 6 378
- Switch config show ipv6 mld snooping multi vlan 378
- Switch configure 378
- Switch copy running config startup config 378
- The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 as the forbidden router port 378
- Vlan id 5 378
- Configuring replace source ip 379
- Dynamic router port none 379
- Forbidden router port none 379
- Member time 260 379
- Multicast vlan enable 379
- Replace source ip fe80 2ff ffff fe00 1 379
- Router time 300 379
- Static router port none 379
- Switch config end 379
- Switch config ipv6 mld snooping 379
- Switch config ipv6 mld snooping multi vlan config 5 replace sourceip fe80 02ff ffff fe00 0001 379
- Switch config show ipv6 mld snooping multi vlan 379
- Switch configure 379
- Switch copy running config startup config 379
- The following example shows how to configure vlan 5 as the multicast vlan and replace the source ip in the mld packets sent by the switch with fe80 02ff ffff fe00 0001 379
- Vlan id 5 379
- Configuring query interval max response time and general query source ip 380
- Configuring the querier 380
- Enabling mld querier 380
- General query source ip fe80 2ff ffff fe00 1 380
- Maximum response time 10 380
- Query interval 60 380
- Switch config end 380
- Switch config ipv6 mld snooping 380
- Switch config ipv6 mld snooping querier vlan 4 380
- Switch config show ipv6 mld snooping querier 380
- Switch configure 380
- Switch copy running config startup config 380
- The following example shows how to enable mld snooping and mld querier in vlan 4 380
- Vlan 4 380
- General query source ip fe80 2ff ffff fe00 1 381
- Maximum response time 20 381
- Query interval 100 381
- Switch config end 381
- Switch config ipv6 mld snooping 381
- Switch config ipv6 mld snooping querier vlan 4 general query source ip fe80 2ff ffff fe00 1 381
- Switch config ipv6 mld snooping querier vlan 4 max response time 20 381
- Switch config ipv6 mld snooping querier vlan 4 query interval 100 381
- Switch config show ipv6 mld snooping querier 381
- Switch configure 381
- Switch copy running config startup config 381
- The following example shows how to enable mld snooping and mld querier in vlan 4 set the query interval as 100 seconds the max response time as 20 seconds and the general query source ip as fe80 2ff ffff fe00 1 381
- Vlan 4 381
- Configuring multicast filtering 382
- Creating profile 382
- Mld profile 1 382
- Switch config ipv6 mld profile 1 382
- Switch config ipv6 mld snooping 382
- Switch config mld profile deny 382
- Switch config mld profile range ff01 1234 5 ff01 1234 8 382
- Switch config mld profile show ipv6 mld profile 382
- Switch configure 382
- The following example shows how to configure profile 1 so that the switch filters multicast data sent to ff01 1234 5 ff01 1234 8 382
- Binding profile to the port 383
- Mld profile 1 383
- Range ff01 1234 5 ff01 1234 8 383
- Switch config end 383
- Switch config if ipv6 mld filter 1 383
- Switch config if ipv6 mld snooping 383
- Switch config if show ipv6 mld profile 383
- Switch config interface ten gigabitethernet 1 0 2 383
- Switch config ipv6 mld profile 1 383
- Switch config ipv6 mld snooping 383
- Switch config mld profile deny 383
- Switch config mld profile exit 383
- Switch config mld profile range ff01 1234 5 ff01 1234 8 383
- Switch configure 383
- Switch copy running config startup config 383
- The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters multicast data sent to ff01 1234 5 ff01 1234 8 383
- Using the gui 385
- Viewing ipv4 multicast snooping configurations 385
- Viewing ipv6 multicast snooping configurations 385
- Viewing multicast snooping configurations 385
- Using the cli 386
- Viewing ipv4 multicast snooping configurations 386
- Viewing ipv6 multicast snooping configurations 387
- Configuration examples 389
- Configuration scheme 389
- Example for configuring basic igmp snooping 389
- Network requirements 389
- Using the gui 390
- Vlan config to load the following page create vlan 10 and add untagged port 1 0 1 3 and tagged port 1 0 4 to vlan 10 391
- Port config to load the following page configure the pvid of port 1 0 1 4 as 10 392
- Using the cli 394
- Verify the configurations 395
- Configuration scheme 396
- Example for configuring multicast vlan 396
- Network requirements 396
- Network topology 396
- Demonstrated with t1700x 16ts this section provides configuration procedures in two ways using the gui and using the cli 397
- Internet 397
- Snooping config to load the following page enable igmp snooping globally and keep the default values in the router port time and member port time fields 397
- Using the gui 397
- Snooping config to load the following page enable igmp snooping on port 1 0 1 4 398
- Using the cli 400
- Verify the configurations 401
- Example for configuring unknown multicast and fast leave 402
- Network requirement 402
- Configuration scheme 403
- Using the gui 403
- Port config to load the following page enable igmp snooping on port 1 0 2 and port 1 0 4 and enable fast leave on port 1 0 2 404
- Vlan config to load the following page enable igmp snooping in vlan 10 405
- Using the cli 406
- Verify the configurations 406
- Configuration scheme 407
- Example for configuring multicast filtering 407
- Network requirements 407
- Network topology 407
- Demonstrated with t1700x 16ts this section provides configuration procedures in two ways using the gui and using the cli 408
- Internet 408
- Snooping config to load the following page enable igmp snooping globally and keep the default values in the router port time and member port time fields 408
- Using the gui 408
- Snooping config to load the following page 409
- Using the cli 415
- Verify the configurations 417
- Appendix default parameters 418
- Default parameters for igmp snooping 418
- Default parameters for mld snooping 419
- Chapters 421
- Configuring logical interfaces 421
- Part 13 421
- Interfaces of a device are used to exchange data and interact with interfaces of other network devices interfaces are classified into physical interfaces and logical interfaces 422
- Logical interfaces are manually configured and do not physically exist such as loopback interfaces and routing interfaces 422
- Overview 422
- Physical interfaces are the ports on the front panel or rear panel of the switch 422
- This chapter introduces the configurations for logical interfaces the supported types of logical interfaces are shown as below 422
- Creating a layer 3 interface 423
- Logical interfaces configurations 423
- Using the gui 423
- Configuring ipv4 parameters of the interface 424
- Figure 2 424
- In the interface list section you can view the corresponding interface entry you create 424
- In the modify interface section specify an interface id and configure relevant parameters for the interface according to your actual needs then click apply 424
- List section on the corresponding interface entry click edit to load the following page and configure the ipv4 parameters of the interface 424
- You can view the corresponding interface entry you create in the interface 424
- Configuring ipv6 parameters of the interface 425
- Figure 2 425
- In the secondary ip create section configure the secondary ip for the specified interface which allows you to have two logical subnets using one physical subnet then click create 425
- In the secondary ip list section you can view the corresponding secondary ip entry you create 425
- List section on the corresponding interface entry click edit ipv6 to load the following page and configure the ipv6 parameters of the interface 425
- You can view the corresponding interface entry you create in the interface 425
- Configure the ipv6 link local address of the interface manually or automatically in the link local address config section then click apply 426
- Enable ipv6 function on the interface of switch in the general config section then click apply 426
- Configure one or more ipv6 global addresses of the interface via following three ways 427
- Manually 427
- Via dhcpv6 server 427
- Via ra message 427
- View the global address entry in the global address table 427
- Creating a layer 3 interface 428
- Figure 2 428
- Follow these steps to create a layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 428
- List section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 428
- Using the cli 428
- Viewing detail information of the interface 428
- You can view the corresponding interface entry you create in the interface 428
- Switch config if description vlan 2 429
- Switch config if end 429
- Switch config interface vlan 2 429
- Switch configure 429
- Switch copy running config startup config 429
- The following example shows how to create a vlan interface with a description of vlan 2 429
- Configuring ipv4 parameters of the interface 430
- Follow these steps to configure the ipv4 parameters of the interface 430
- Switch config if ip address 192 68 00 255 55 55 430
- Switch config if no switchport 430
- Switch config if show ip interface brief 430
- Switch config interface ten gigabitethernet 1 0 1 430
- Switch configure 430
- The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 430
- Configuring ipv6 parameters of the interface 431
- Follow these steps to configure the ipv6 parameters of the interface 431
- Interface ip address method status protocol shutdown te1 0 1 192 68 00 24 static up up no 431
- Switch config if end 431
- Switch copy running config startup config 431
- Global address dhcpv6 enable 432
- Global address ra disable 432
- Global unicast address es ff02 1 ff13 237b 432
- Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 432
- Joined group address es ff02 1 432
- Switch config if ipv6 address autoconfig 432
- Switch config if ipv6 address dhcp 432
- Switch config if ipv6 enable 432
- Switch config if show ipv6 interface 432
- Switch config interface vlan 2 432
- Switch configure 432
- The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 432
- Vlan2 is up line protocol is up 432
- Appendix default parameters 434
- Default settings of interface are listed in the following tables 434
- Chapters 435
- Configuring static routing 435
- Part 14 435
- Overview 436
- In the ipv4 static route table section you can view and modify the ipv4 static routing entries 437
- In the ipv4 static routing config section configure the corresponding parameters to add an ipv4 static route then click create 437
- Ipv4 static routing config to load the following page 437
- Ipv4 static routing configuration 437
- Using the gui 437
- C 192 68 24 is directly connected vlan1 438
- Candidate default 438
- Codes c connected s static 438
- Follow these steps to create an ipv4 static route 438
- S 192 68 24 1 0 via 192 68 vlan1 438
- Switch config end 438
- Switch config ip route 192 68 255 55 55 192 68 438
- Switch config show ip route 438
- Switch configure 438
- Switch copy running config startup config 438
- The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 438
- Using the cli 438
- Ipv6 static routing configuration 439
- Using the gui 439
- Candidate default 440
- Codes c connected s static 440
- Follow these steps to enable ipv6 routing function and create an ipv6 static route 440
- Switch config ipv6 route 3200 64 3100 1234 440
- Switch config show ipv6 route static 440
- Switch configure 440
- The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 440
- Using the cli 440
- Using the gui 442
- Viewing ipv4 routing table 442
- Viewing routing table 442
- Ipv6 routing table to load the following page 443
- On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 443
- Using the cli 443
- View the ipv6 routes in the ipv6 routing information summary section 443
- Viewing ipv4 routing table 443
- Viewing ipv6 routing table 443
- On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 444
- Viewing ipv6 routing table 444
- Configuration scheme 445
- Example for static routing 445
- Network requirements 445
- Using the gui 445
- Using the cli 446
- Verify the configurations 447
- Appendix default parameter 449
- Default setting of static routing is listed in the following table 449
- Chapters 450
- Configuring dhcp relay 450
- Part 15 450
- Dhcp relay is used to process and forward dhcp packets between different subnets 451
- Dhcp relay solves this problem as the following figure shows the dhcp relay device acts as a relay agent and forwards dhcp packets between dhcp clients and dhcp servers on different subnets so that dhcp clients on different subnets can share one dhcp server 451
- Overview 451
- Since the client requests a dynamic ip address via broadcast the basic network model of dhcp requires that the client and the server should be on the same lan therefore each lan should be equipped with a dhcp server thus increasing the costs of network construction 451
- Dhcp relay configuration 452
- Enabling dhcp relay and configuring option 82 452
- Using the gui 452
- Click apply 453
- Click create to specify the dhcp server for the interface 453
- Dhcp server to load the following page 453
- Follow these steps to specify dhcp server for the interface 453
- In the add dhcp server address section select the interface type and enter the interface id and then enter the server address of the interface 453
- Specifying dhcp server for the interface 453
- Configuring option 82 454
- Dhcp relay is enabled 454
- Enabling dhcp relay 454
- Follow these steps to configure option 82 454
- Follow these steps to enable dhcp relay 454
- Switch config end 454
- Switch config service dhcp relay 454
- Switch config show ip dhcp relay 454
- Switch configure 454
- Switch copy running config startup config 454
- The following example shows how to enable dhcp relay 454
- Using the cli 454
- Dhcp relay option 82 is enabled 455
- Existed option 82 field operation keep 455
- Switch config end 455
- Switch config ip dhcp relay information 455
- Switch config ip dhcp relay information policy keep 455
- Switch config show ip dhcp relay 455
- Switch configure 455
- The following example shows how to enable option 82 and configure the process of option 82 information as keep 455
- Follow these steps to specify dhcp server for the interface 456
- Specifying dhcp server for the interface 456
- Switch config if ip helper address 192 68 456
- Switch config interface vlan 66 456
- Switch configure 456
- Switch copy running config startup config 456
- The following example shows how to configure the dhcp server address as 192 68 on vlan 66 456
- Configuration example 458
- Configuration scheme 458
- Network requirements 458
- Using the gui 459
- Using the cli 460
- Verify the configurations 460
- Appendix default parameters 461
- Default settings of dhcp relay are listed in the following table 461
- Arp address resolution protocol is used to map ip addresses to mac addresses taking an ip address as input arp learns the associated mac address and stores the ip mac address association in an arp entry for rapid retrieval 463
- Overview 463
- Arp configurations 464
- Using the gui 464
- Viewing the arp entries 464
- Adding static arp entries 465
- Adding static arp entries manually 465
- Configuring arp function 465
- Follow these steps to add arp entries 465
- Follow these steps to add static arp entries 465
- In the arp config section enter the ip address and mac address and click create 465
- Static arp to load the following page 465
- Using the cli 465
- You can add desired static arp entries by manually specifying the ip addresses and mac addresses 465
- Configuring the aging time of dynamic arp entries 466
- Follow these steps to configure the aging time of dynamic arp entries 466
- Interface address hardware addr type 466
- Switch config arp 192 68 00 11 22 33 44 55 arpa 466
- Switch config end 466
- Switch config show arp 192 68 466
- Switch configure 466
- Switch copy running config startup config 466
- This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 466
- Vlan1 192 68 00 11 22 33 44 55 static 466
- Clearing dynamic entries 467
- On privileged exec mode or any other configuration mode you can use the following command to view arp entries 467
- Switch config if arp timeout 1000 467
- Switch config if end 467
- Switch config interface vlan 2 467
- Switch configure 467
- Switch copy running config startup config 467
- This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for vlan interface 2 467
- Viewing arp entries 467
- Chapters 469
- Configuring qos 469
- Part 17 469
- Bandwidth control 470
- Diffserv 470
- Overview 470
- Supported features 470
- 802 p priority 471
- Configuration guidelines 471
- Diffserv configuration 471
- Dscp priority 471
- Port priority 471
- Click apply 472
- Configure the tag id cos id tc mapping relations 472
- Configuring 802 p priority 472
- Configuring priority mode 472
- Follow these steps to configure the 802 p priority 472
- P priority to load the following page 472
- The instructions of the three priority modes are described respectively in this section 472
- Using the gui 472
- 2p priorit 473
- Click apply 473
- Configure the dscp tc mapping relations 473
- Configuring dscp priority 473
- Dscp priority to load the following page 473
- Enable dscp priority and click apply dscp priority is disabled by default 473
- Follow these steps to configure the dscp priority 473
- 2p priority 474
- Click apply 474
- Configuring port priority 474
- Follow these steps to configure the port priority 474
- Port priority to load the following page 474
- Select the desired port or lag to set its priority 474
- Configure the schedule mode to control the forwarding sequence of different tc queues when congestion occurs 475
- Configuring schedule mode 475
- Follow these steps to configure the schedule mode 475
- Optional configure the weight value of the each tc queue if the schedule mode is wrr of sp wrr 475
- Schedule mode to load the following page 475
- Select a schedule mode 475
- Click apply 476
- Configuring 802 priority 476
- Configuring priority mode 476
- The instructions of the three priority modes are described respectively in this section 476
- Using cli 476
- Configuring dscp priority 477
- Dscp priority is disabled 477
- P priority is enabled 477
- Switch config end 477
- Switch config qos queue cos map 2 0 477
- Switch config show qos cos map 477
- Switch config show qos status 477
- Switch configure 477
- Switch copy running config startup config 477
- Tag 0 1 2 3 4 5 6 7 477
- Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 477
- The following example shows how to map cos2 to tc0 and keep other cos id tc as default 477
- Configuring port priority 479
- Select the desired port to set the priority packets from this ingress port are mapped to the tc queue based on port priority 479
- Switch configure 479
- The following example shows how to map port 1 3 to tc1 and keep other mapping relations as default 479
- Configuring schedule mode 480
- Bandwidth control configuration 483
- Configuring rate limit 483
- Using the gui 483
- Click apply 484
- Configuring storm control 484
- Follow these steps to configure the storm control function 484
- Select the port s and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames 484
- Storm control to load the following page 484
- Click apply 485
- Configure the upper rate limit for the port to receive and send packets 485
- Configuring rate limit on port 485
- Using the cli 485
- Configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames 486
- Configuring storm control 486
- Port ingressrate kbps egressrate kbps lag 486
- Switch config if bandwidth ingress 5120 egress 1024 486
- Switch config if end 486
- Switch config if show bandwidth interface ten gigabitether net 1 0 5 486
- Switch config interface ten gigabitethe rnet 1 0 5 486
- Switch configure 486
- Switch copy running config startup config 486
- Te1 0 5 5120 1024 n a 486
- The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 486
- Configuration examples 489
- Configuration scheme 489
- Example for configuring sp mode 489
- Network requirements 489
- Using the gui 490
- Using the cli 491
- Example for configuring wrr mode 492
- Network requirements 492
- Verify the configuration 492
- Configuration scheme 493
- Configurations for switch a demonstrated with t1700x 16ts 493
- Configure switch a to add different vlan tags to the packets from the two departments respectively 493
- Configure switch b to classify the incoming packets from the two departments according to the vlan tags and to map them into different tc queues configure the schedule mode as wrr mode to implement the qos feature 493
- This chapter provides configuration procedures in two ways using the gui and using the cli 493
- Using the gui 493
- Vlan config and click create to load the following page create vlan 10 with the description of rd add port 1 0 1 as an untagged port and port 1 0 3 as a tagged port to vlan 10 then click apply 493
- Using the cli 502
- Verify the configuration 504
- Appendix default parameters 506
- Diffserv 506
- Disabled see table 5 4 for dscp cos id mapping relations 506
- Enabled see table 5 3 for tag id cos id tc mapping relations 506
- Bandwidth control 507
- Chapters 508
- Configuring voice vlan 508
- Part 18 508
- Overview 509
- Because the voice vlan in automatic mode supports only tagged voice traffic you need to make sure traffic from the voice device is tagged to do so there are mainly two ways 511
- Before configuring voice vlan you need to create a vlan for voice traffic for details about vlan configuration please refer to configuring 802 q vlan 511
- Configuration guidelines 511
- Configure voice vlan globally 511
- Configure voice vlan mode on ports 511
- Configuring lld 511
- Create a vlan 511
- If your switch provides the lldp med feature you can also configure it to instruct the voice device to send tagged voice traffic for details about lldp med please refer to 511
- Only one vlan can be set as the voice vlan on the switch 511
- Optional configure oui addresses 511
- To apply the voice vlan configuration you may need to further configure pvid port vlan id and the link type of the port which is connected to voice devices we recommend that you choose the mode according to your needs and configure the port as the following table shows 511
- To complete the voice vlan configuration follow these steps 511
- Vlan 1 is a default vlan and cannot be configured as the voice vlan 511
- Voice vlan configuration 511
- You can configure the voice device to forward traffic with a voice vlan tag 511
- Click create to add an oui address to the table 512
- Enter an oui address and the corresponding mask and give a description about the oui address 512
- Follow these steps to add oui addresses 512
- If the oui address of your voice device is not in the oui table you need to add the oui address to the table 512
- Optional configuring oui addresses 512
- Oui config to load the following page 512
- Using the gui 512
- Click apply 513
- Configuring voice vlan globally 513
- Enable the voice vlan feature and enter a vlan id 513
- Follow these steps to configure the voice vlan globally 513
- Global config to load the following page 513
- Set the aging time for the voice vlan 513
- Specify a priority for the voice vlan 513
- Configuring voice vlan mode on ports 514
- Follow these steps to configure voice vlan mode on ports 514
- Port config to load the following page 514
- Select your desired ports and choose the port mode 514
- Set the security mode for selected ports 514
- Click apply 515
- Follow these steps to configure the voice vlan 515
- Using the cli 515
- Avoid attacks from malicious data flows 518
- Configuration example 518
- Configuration scheme 518
- Ip phones share switch ports used by computers because no more ports are available for ip phones 518
- Network requirements 518
- Network topology 518
- Transmit voice traffic in an exclusive path with high quality 518
- Configurations for switch a 519
- Demonstrated with t1700x 16ts this chapter provides configuration procedures in two ways using the gui and using the cli 519
- In the meeting room computers and ip phones are connected to different ports of switch b ports connected to ip phones use the voice vlan for voice traffic and ports connected to computers use the default vlan for data traffic 519
- Internet 519
- Using the gui 519
- Vlan config and click create to load the following page create vlan 10 519
- Voice traffics from switch a and switch b are forwarded to voice gateway and internet through switch c 519
- Using the cli 527
- Verify the configurations 529
- Vlan name status ports 531
- Voicevlan active te1 0 1 te1 0 2 te1 0 3 531
- Appendix default parameters 532
- Default settings of voice vlan are listed in the following tables 532
- Chapters 533
- Configuring acl 533
- Part 19 533
- Acl binding 534
- Overview 534
- Policy binding 534
- Supported features 534
- Acl configurations 535
- Creating an acl 535
- Using the gui 535
- Configuring acl rules 536
- Click apply 537
- Configure the rule s packet matching criteria 537
- Configuring the standard ip acl rule 537
- Follow these steps to create the standard ip acl rule 537
- Select a standard ip acl from the drop down list enter a rule id and specify the operation for the matched packets 537
- Standard i 537
- Standard ip acl to load the following page 537
- Tandard i 537
- Click apply 538
- Configure the rule s packet matching criteria 538
- Configuring the extend ip acl rule 538
- Extend ip ac 538
- Extend ip acl to load the following page 538
- Follow these steps to create the extend ip acl rule 538
- Select an extend ip acl from the drop down list enter a rule id and specify the operation for the matched packets 538
- Click apply 539
- Configure the rule s packet matching criteri 539
- Configuring the ipv6 acl rule 539
- Follow these steps to create the ipv6 acl rule 539
- Ipv6 acl to load the following page 539
- Select an ipv6 acl from the drop down list enter a rule id and specify the operation for the rule 539
- Click apply 540
- Configure the rule s packet matching criteri 540
- In the acl rule table you can view all the acls and their rules you can also delete an acl or an acl rule or change the matching order if needed 540
- The rules in an acl are listed in ascending order of configuration time regardless of their rule ids by default a rule configured earlier is listed before a rule configured later the switch matches a received packet with the rules in order when a packet matches a rule the device stops the match process and performs the action defined in the rule 540
- Verifying the rule table 540
- Configuring policy 541
- Configuring the acl binding 542
- Configuring the acl binding and policy binding 542
- Verifying the binding configuration 545
- Binding table to load the following page 546
- Configuring acl 546
- Configuring the mac acl 546
- Follow the steps to create different types of acl and configure the acl rules 546
- Using the cli 546
- You can define the rules based on source or destination ip addresses source or destination mac addresses protocol type and so on 546
- Mac access list 50 547
- Rule 1 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 547
- Switch config mac access list 50 547
- Switch config mac acl end 547
- Switch config mac acl rule 1 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 547
- Switch config mac acl show access list 50 547
- Switch configure 547
- Switch copy running config startup config 547
- The following example shows how to create mac acl 50 and configure rule 1 to permit packets with source mac address 00 34 a2 d4 34 b5 547
- Configuring the standard ip acl 548
- Standard ip access list 600 548
- Switch config access list create 600 548
- Switch config rule 1 permit sip 192 68 00 smask 255 55 55 55 548
- Switch config show access list 600 548
- Switch configure 548
- The following example shows how to create standard ip acl 600 and configure rule 1 to permit packets with source ip address 192 68 00 548
- Configuring the extend ip acl 549
- Rule 1 permit sip 192 68 00 smask 255 55 55 55 549
- Switch config end 549
- Switch configure 549
- Switch copy running config startup config 549
- The following example shows how to create extend ip acl 1700 and configure rule7 to deny telnet packets with source ip192 68 00 549
- Switch config access list create 3600 551
- Switch config access list ipv6 3600 rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 551
- Switch configure 551
- The following example shows how to create ipv6 acl 3600 and configure rule 1 to deny packets with source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 551
- Configuring policy 552
- Follow the steps below to create a policy and configure the policy actions 552
- Ipv6 access list 3600 552
- Policy name rd 552
- Rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff ff ffff ffff 552
- Switch config access list policy action rd 600 552
- Switch config access list policy name rd 552
- Switch config action exit 552
- Switch config end 552
- Switch config show access list 3600 552
- Switch config show access list policy rd 552
- Switch configure 552
- Switch copy running config startup config 552
- The following example shows how to create policy rd and apply acl 600 to policy rd 552
- Access list 600 553
- Acl binding 553
- Acl binding and policy binding 553
- Switch config end 553
- Switch config if access list bind acl 1 553
- Switch config interface ten gigabitethe rnet 1 0 3 553
- Switch configure 553
- Switch copy running config startup config 553
- The following example shows how to bind acl 1 to port 3 and acl 2 to vlan 4 553
- You can bind the acl to a port or a vlan the received packets will then be matched and processed according to the acl rules 553
- You can select acl binding or policy binding according to your needs an acl rule and policy takes effect only after they are bound to a port or vlan 553
- Configuration example for acl 556
- Configuration scheme 556
- Network requirements 556
- Network topology 556
- Using the gui 557
- Extend acl to load the following page configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and udp 443 https service port 558
- Using the cli 561
- Verify the configurations 562
- Appendix default parameters 563
- For extend ip acl 563
- For ipv6 acl 563
- For mac acl 563
- For standard ip acl 563
- Chapters 564
- Configuring network security 564
- Part 20 564
- Dhcp snooping 565
- Ip mac binding 565
- Network security 565
- Overview 565
- Supported features 565
- Arp inspection 566
- Dos defend 567
- Binding entries manually 569
- Ip mac binding configurations 569
- Using the gui 569
- Arp scanning 570
- Binding entries dynamically 570
- Click bind 570
- Select protect type for the entry 570
- Select the port that is connected to this host 570
- The binding entries can be dynamically learned from arp scanning and dhcp snooping 570
- With arp scanning the switch sends the arp request packets of the specified ip field to the hosts upon receiving the arp reply packet the switch can get the ip address mac address vlan id and the connected port number of the host you can bind these entries conveniently 570
- Arp scanning to load the following page 571
- Follow these steps to configure ip mac binding via arp scanning 571
- In the scanning option section specify an ip address range and a vlan id then click scan to scan the entries in the specified ip address range and vlan 571
- In the scanning result section select one or more entries and configure the relevant parameters then click apply 571
- Binding table to load the following page 572
- Dhcp snooping 572
- For instructions on how to configure dhcp snooping refer to dhcp snooping configurations 572
- In the search section specify the search criteria to search your desired entries 572
- Viewing the binding entries 572
- With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 572
- With the binding table you can view and search the specified binding entries 572
- Binding entries manually 573
- Binding entries via arp scanning is not supported by the cli binding entries via dhcp snooping is introduced in dhcp snooping configurations the following sections introduce how to bind entries manually and view the binding entries 573
- Follow these steps to manually bind entries 573
- In the binding table section you can view the searched entries additionally you can configure the host name and protect type for one or more entries and click apply 573
- Using the cli 573
- You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the related information of the hosts 573
- Host1 192 68 5 aa bb cc dd ee ff 10 te1 0 5 arp d 574
- Switch config end 574
- Switch config ip source binding host1 192 68 5 aa bb cc dd ee ff vlan 10 interface ten gigabitethe rnet 1 0 5 arp detection 574
- Switch config show ip source binding 574
- Switch configure 574
- Switch copy running config startup config 574
- The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 574
- U no host ip addr mac addr vid port acl col 574
- On privileged exec mode or any other configuration mode you can use the following command to view binding entries 575
- Viewing binding entries 575
- Dhcp snooping configuration 576
- Enabling dhcp snooping on vlan 576
- Using the gui 576
- Click apply 577
- Configuring dhcp snooping on ports 577
- Follow these steps to configure dhcp snooping on the specified port 577
- Port config to load the following page 577
- Select one or more ports and configure the parameters 577
- Click apply 578
- Follow these steps to configure option 82 578
- Option 82 config to load the following page 578
- Option 82 records the location of the dhcp client the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server administrators can check the location of the dhcp client via option 82 the dhcp server supporting option 82 can also set the distribution policy of ip addresses and other parameters providing a more flexible address distribution way 578
- Optional configuring option 82 578
- Select one or more ports and configure the parameters 578
- Click apply 579
- Follow these steps to globally configure dhcp snooping 579
- Globally configuring dhcp snooping 579
- Using the cli 579
- Configuring dhcp snooping on ports 580
- Follow these steps to configure dhcp snooping on the specified ports 580
- Global status enable 580
- Switch config if end 580
- Switch config ip dhcp snooping 580
- Switch config ip dhcp snooping vlan 5 580
- Switch config show ip dhcp snooping 580
- Switch configure 580
- Switch copy running config startup config 580
- The following example shows how to enable dhcp snooping globally and on vlan 5 580
- Vlan id 5 580
- Interface trusted mac verify limit rate dec rate lag 581
- Switch config if end 581
- Switch config if ip dhcp snooping decline rate 20 581
- Switch config if ip dhcp snooping limit rate 10 581
- Switch config if ip dhcp snooping mac verify 581
- Switch config if ip dhcp snooping trust 581
- Switch config if show ip dhcp snooping interface ten gigabitethe rnet 1 0 1 581
- Switch config interface ten gigabitethe rnet 1 0 1 581
- Switch configure 581
- Switch copy running config startup config 581
- Te1 0 1 enable enable 10 20 n a 581
- The following example shows how to configure port 1 0 1 as a trusted port enable the mac verify feature and set the limit rate as 10 pps and decline rate as 20 pps on this port 581
- Follow these steps to configure option 82 582
- Option 82 records the location of the dhcp client the switch can add the option 82 to the dhcp request packet and then transmit the packet to the dhcp server administrators can check the location of the dhcp client via option 82 the dhcp server supporting option 82 can also set the distribution policy of ip addresses and other parameters providing more flexible address distribution way 582
- Optional configuring option 82 582
- Arp inspection configurations 584
- Configuring arp detection 584
- Using the gui 584
- Arp defend to load the following page 585
- Click apply 585
- Configuring arp defend 585
- Follow these steps to configure arp defend 585
- Select one or more ports and configure the parameters 585
- With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds when the transmission speed of the legal arp packet on the port exceeds the defined value so as to avoid arp attack flood 585
- Viewing arp statistics 586
- Configuring arp detection 587
- Follow these steps to configure arp detection 587
- Switch config ip arp inspection 587
- Switch configure 587
- The arp detection feature allows the switch to detect the arp packets basing on the binding entries in the ip mac binding table and filter the illegal arp packets before arp detection configuration complete ip mac binding configuration for details refer to ip mac binding configurations 587
- The following example shows how to globally enable arp detection and configure port 1 0 1 as a trusted port 587
- Using the cli 587
- Arp detection global status enabled 588
- Configuring arp defend 588
- Follow these steps to configure arp defend 588
- Port trusted 588
- Switch config if end 588
- Switch config if ip arp inspection trust 588
- Switch config if show ip arp inspection 588
- Switch config interface ten gigabitethe rnet 1 0 1 588
- Switch copy running config startup config 588
- Te1 0 1 yes 588
- Te1 0 2 no 588
- With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds when the transmission speed of the legal arp packet on the port exceeds the defined value so as to avoid arp attack flood 588
- On privileged exec mode or any other configuration mode you can use the following command to view arp statistics 590
- Switch copy running config startup config 590
- Viewing arp statistics 590
- Dos defend configuration 591
- Dos defend to load the following page 591
- Follow these steps to configure dos defend 591
- In the configure section enable dos protection 591
- In the defend table section select one or more defend types according to your needs the following table introduces each type of dos attack 591
- Using the gui 591
- Click apply 592
- Follow these steps to configure dos defend 592
- Using the cli 592
- Switch configure 593
- The following example shows how to enable the dos defend type named land 593
- Configuring the radius server 595
- Using the gui 595
- X configuration 595
- Click apply 596
- Configuring the radius server group 596
- Follow these steps to create a protocol template 596
- In the server config section configure the parameters of radius server 596
- You can configure the radius servers for authentication and accounting if multiple radius servers are available you are suggested to add them to different server groups respectively for authentication and accounting 596
- Configuring 802 x globally 599
- Follow these steps to configure 802 x global parameters 599
- Global config to load the following page 599
- In the global config section enable 802 x globally and click apply 599
- In the authentication config section enable quiet configure the quiet timer and click apply 600
- Configure 802 x authentication on the desired port and click apply 601
- Configuring 802 x on ports 601
- Port config to load the following page 601
- Configuring the radius server 602
- Follow these steps to configure radius 602
- Using the cli 602
- The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 603
- Configuring 802 x globally 604
- Authentication method pap 606
- Configuring 802 x on ports 606
- Follow these steps to configure the port 606
- Guest vlan id n a 606
- Guest vlan state disable 606
- Handshake state enabled 606
- Max retry times for radius packet 3 606
- Quiet period state disable 606
- Quiet period timer 10 sec 606
- Supplicant timeout 3 sec 606
- Switch config dot1x auth method pap 606
- Switch config dot1x system auth control 606
- Switch config end 606
- Switch config show dot1x global 606
- Switch configure 606
- Switch copy running config startup config 606
- The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 606
- X accounting state disable 606
- X state enabled 606
- Switch config if dot1x 607
- Switch config if dot1x port control auto 607
- Switch config if dot1x port method port based 607
- Switch config interface ten gigabitethe rnet 1 0 2 607
- Switch configure 607
- The following example shows how to enable 802 x authentication on port 1 0 2 configure the control type as port based and configure the control mode as auto 607
- Aaa configuration 609
- Configuration guidelines 609
- Adding servers 610
- Globally enabling aaa 610
- Using the gui 610
- Adding tacacs server 611
- Click add to add the radius server on the switch 611
- Follow these steps to add a tacacs server 611
- In the server config section configure the following parameters 611
- Tacacs conifg to load the following page 611
- Configuring server groups 612
- Configuring the method list 613
- Click add to add the new method 614
- Click apply 614
- Configuring the aaa application list 614
- Follow these steps to configure the aaa application list 614
- Global config to load the following page 614
- In the aaa application list section select an access application and configure the login list and enable list 614
- In the add method list section configure the parameters for the method to be added 614
- Configuring login account and enable password 615
- Aaa global status enable 616
- Adding radius server 616
- Adding servers 616
- Follow these steps to add radius server on the switch 616
- Follow these steps to globally enable aaa 616
- Globally enabling aaa 616
- Switch config aaa enable 616
- Switch config end 616
- Switch config show aaa global 616
- Switch configure 616
- Switch copy running config startup config 616
- The following example shows how to globally enable aaa 616
- Using the cli 616
- You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server with the highest priority authenticates the users trying to access the switch and the others act as backup servers in case the first one breaks down 616
- 68 0 1812 1813 8 3 123456 617
- Server ip auth port acct port timeout retransmit shared key 617
- Switch config end 617
- Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 617
- Switch config show radius server 617
- Switch configure 617
- The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 617
- 68 0 49 8 123456 618
- Adding tacacs server 618
- Follow these steps to add tacacs server on the switch 618
- Server ip port timeout shared key 618
- Switch config end 618
- Switch config show tacacs server 618
- Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 618
- Switch configure 618
- Switch copy running config startup config 618
- The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 618
- Configuring server groups 619
- Switch aaa group server 192 68 0 619
- Switch aaa group show aaa group radius1 619
- Switch config aaa group radius radius1 619
- Switch configure 619
- Switch copy running config startup config 619
- The following example shows how to create a radius server group named radius1 and add the existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 619
- The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 619
- The two default server groups cannot be deleted or edited follow these steps to add a server group 619
- A method list describes the authentication methods and their sequence to authenticate the users the switch supports login method list for users of all types to gain access to the switch and enable method list for guests to get administrative privileges 620
- Configuring the method list 620
- Follow these steps to configure the method list 620
- Switch aaa group end 620
- Switch config aaa authentication login login1 radius local 620
- Switch config show aaa authentication login 620
- Switch configure 620
- Switch copy running config startup config 620
- The following example shows how to create a login method list named login1 and configure the method 1 as the default radius server group and the method 2 as local 620
- Configuring the aaa application list 621
- Follow these steps to apply the login and enable method lists for the application ssh 622
- Http default default 622
- Module login list enable list 622
- Ssh default default 622
- Switch config line enable authentication enable1 622
- Switch config line end 622
- Switch config line login authentication login1 622
- Switch config line show aaa global 622
- Switch config line telnet 622
- Switch configure 622
- Switch copy running config startup config 622
- Telnet login1 enable1 622
- The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 622
- Follow these steps to apply the login and enable method lists for the application http 623
- Http default default 623
- Module login list enable list 623
- Ssh login1 enable1 623
- Switch config line enable authentication enable1 623
- Switch config line end 623
- Switch config line login authentication login1 623
- Switch config line show aaa global 623
- Switch config line ssh 623
- Switch configure 623
- Switch copy running config startup config 623
- Telnet default default 623
- The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 623
- Configuring login account and enable password 624
- Http login1 enable1 624
- Module login list enable list 624
- On the switch 624
- Ssh default default 624
- Switch config end 624
- Switch config ip http enable authentication enable1 624
- Switch config ip http login authentication login1 624
- Switch config show aaa global 624
- Switch configure 624
- Switch copy running config startup config 624
- Telnet default default 624
- The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application http 624
- The local username and password for login can be configured in the user management feature for details refer to managing system 624
- The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 624
- For enable password configuration 625
- For login authentication configuration more than one login account can be created on the server besides both the user name and password can be customized 625
- On radius server the user name should be set as enable and the enable password is customizable all the users trying to get administrative privileges share this enable password 625
- On tacacs server the enable password is set with the login account and each account has its own enable password 625
- On the server 625
- Some configuration principles on the server are as follows 625
- The accounts created by the radius tacacs server can only view the configurations and some network information without the enable password 625
- Tips the logged in guests can get administrative privileges by using the command enable admin and providing the enable password 625
- To configure the local enable password for getting administrative privileges follow these steps 625
- Configuration examples 626
- Configuration scheme 626
- Example for dhcp snooping and arp detection 626
- Network requirements 626
- Using the gui 627
- Using the cli 630
- Verify the configuration 631
- Configuration scheme 632
- Example for 802 x 632
- Network requirements 632
- As shown in the following figure switch a acts as the authenticator port 1 0 1 is connected to the client port 1 0 2 is connected to the radius server and port 1 0 3 is connected to the internet 633
- Demonstrated with t1700x 16ts acting as the authenticator the following sections provide configuration procedure in two ways using the gui and using the cli 633
- Global config to load the following page enable aaa function globally on the switch 633
- Internet 633
- Network topology 633
- Radius config to load the following page configure the parameters of the radius server 633
- Using the gui 633
- Using the cli 636
- Verify the configurations 637
- Example for aaa 638
- Network requirements 638
- Configuration scheme 639
- Using the gui 639
- Using the cli 642
- Verify the configuration 643
- Appendix default parameters 645
- Default settings of network security are listed in the following tables 645
- Chapters 649
- Configuring lldp 649
- Part 21 649
- Overview 650
- Supported features 650
- Global config 651
- Lldp configurations 651
- Using the gui 651
- Follow these steps to enable lldp and configure the lldp feature globally 652
- In the global config section enable lldp click apply 652
- In the parameters config section configure the lldp parameters click apply 652
- Follow these steps to configure the lldp feature for the interface 653
- Policy config to load the following page 653
- Port config 653
- Select the desired port and set its admin status and notification mode 653
- Select the tlvs type length value included in the lldp packets according to your needs 653
- Enable the lldp feature on the switch and configure the lldp parameters 654
- Global config 654
- Using the cli 654
- Lldp status enabled 655
- Switch config lldp 655
- Switch config lldp hold multiplier 4 655
- Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 655
- Switch config show lldp 655
- Switch configure 655
- The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 655
- Tx interval 30 seconds 655
- Fast packet count 3 656
- Initialization delay 2 seconds 656
- Lldp med fast start repeat count 4 656
- Port config 656
- Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 656
- Switch config end 656
- Switch copy running config startup config 656
- Trap notification interval 5 seconds 656
- Ttl multiplier 4 656
- Tx delay 2 seconds 656
- Global config 658
- Lldp med configurations 658
- Using the gui 658
- Port config 659
- Global config 661
- Lldp status enabled 661
- Switch config lldp 661
- Switch config lldp med fast count 4 661
- Switch config show lldp 661
- Switch configure 661
- The following example shows how to configure lldp med fast count as 4 661
- Tx interval 30 seconds 661
- Using the cli 661
- Fast packet count 3 662
- Initialization delay 2 seconds 662
- Lldp med fast start repeat count 4 662
- Port config 662
- Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 662
- Switch config end 662
- Switch copy running config startup config 662
- Trap notification interval 5 seconds 662
- Ttl multiplier 4 662
- Tx delay 2 seconds 662
- Using gui 665
- Viewing lldp device info 665
- Viewing lldp settings 665
- Follow these steps to view the local information 666
- In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 666
- In the local info section select the desired port and view its associated local device information 666
- Viewing lldp statistics 668
- Using cli 669
- Viewing lldp statistics 669
- Viewing the local info 669
- Viewing the neighbor info 669
- Using gui 670
- Viewing lldp med settings 670
- Follow these steps to view lldp med neighbor information 671
- In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 671
- In the lldp med neighbor info section select the desired port and view the lldp med settings 671
- Neighbor info to load the following page 671
- Viewing the neighbor info 671
- Using cli 672
- Viewing lldp statistics 672
- Viewing the local info 672
- Viewing the neighbor info 672
- Configuration example 673
- Configuration scheme 673
- Example for configuring lldp 673
- Network requirements 673
- Network topology 673
- Using the gui 673
- Using cli 674
- Verify the configurations 675
- Configuration scheme 680
- Example for configuring lldp med 680
- Network requirements 680
- Network topology 680
- Using the gui 681
- Using the cli 685
- Verify the configurations 686
- Appendix default parameters 692
- Default lldp med settings 692
- Default lldp settings 692
- Default settings of lldp are listed in the following tables 692
- Chapters 693
- Configuring maintenance 693
- Part 22 693
- Device diagnose 694
- Maintenance 694
- Network diagnose 694
- Overview 694
- Supported features 694
- System monitor 694
- Monitoring the cpu 695
- Monitoring the system 695
- Using the gui 695
- Monitoring the cpu 696
- Monitoring the memory 696
- Using the cli 696
- Monitoring the memory 697
- Backing up log files 698
- Configuration guidelines 698
- Configuring the local log 698
- Configuring the remote log 698
- Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 698
- System log configurations 698
- System log configurations include 698
- Viewing the log table 698
- Click apply 699
- Configuring the local log 699
- Configuring the remote log 699
- Follow these steps to configure the local log 699
- Local log to load the following page 699
- Remote log enables the switch to send system logs to a host to display the logs the host should run a log server that complies with the syslog standard 699
- Select your desired channel and configure the corresponding severity and status 699
- Using the gui 699
- Backing up the log file 700
- Viewing the log table 700
- Configuring the local log 701
- Follow these steps to configure the local log 701
- Select a module and a severity to view the corresponding log information 701
- Using the cli 701
- Switch config logging buffer 702
- Switch config logging buffer level 5 702
- Switch config logging file flash 702
- Switch config logging file flash frequency periodic 10 702
- Switch config logging file flash level 2 702
- Switch config show logging local config 702
- Switch configure 702
- The following example shows how to configure the local log on the switch save logs of levels 0 to 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 702
- Buffer 5 enable immediately 703
- Channel level status sync periodic 703
- Configuring the remote log 703
- Flash 2 enable 10 hour s 703
- Follow these steps to set the remote log 703
- Monitor 5 enable immediately 703
- Remote log enables the switch to send system logs to a host to display the logs the host should run a log server that complies with the syslog standard 703
- Switch config end 703
- Switch config logging host index 2 192 68 48 5 703
- Switch configure 703
- Switch copy running config startup config 703
- The following example shows how to set the remote log on the switch enable log host 2 set its ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the host 703
- Diagnosing the device 705
- Using the gui 705
- On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 706
- Pair b normal 2 10m 706
- Pair c normal 0 10m 706
- Pair d normal 2 10m 706
- Port pair status length error 706
- Switch show cable diagnostics interface ten gigabitehternet 1 0 2 706
- Te1 0 2 pair a normal 2 10m 706
- The following example shows how to check the cable diagnostics of port 1 0 2 706
- Using the cli 706
- Configuring the ping test 707
- Diagnosing the network 707
- Using the gui 707
- Configuring the ping test 708
- Configuring the tracert test 708
- Follow these steps to test connectivity between the switch and routers along the path from the source to the destination 708
- In the ping result section check the test results 708
- In the tracert config section enter the ip address of the destination set the max hop and then click tracert to start the test 708
- In the tracert result section check the test results 708
- On privileged exec mode or any other configuration mode you can use the following command to test the connectivity between the switch and one node of the network 708
- Tracert to load the following page 708
- Using the cli 708
- Approximate round trip times in milli seconds 709
- Configuring the tracert test 709
- Minimum 0ms maximum 0ms average 0ms 709
- On privileged exec mode or any other configuration mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 709
- Packets sent 3 received 3 lost 0 0 loss 709
- Ping statistics for 192 68 0 709
- Pinging 192 68 0 with 1000 bytes of data 709
- Reply from 192 68 0 bytes 1000 time 16ms ttl 64 709
- Switch ping ip 192 68 0 n 3 l 1000 i 500 709
- The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 709
- Ms 1 ms 2 ms 192 68 710
- Ms 2 ms 2 ms 192 68 00 710
- Switch tracert 192 68 00 2 710
- The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 710
- Trace complete 710
- Tracing route to 192 68 00 over a maximum of 2 hops 710
- Configuration example for remote log 711
- Configuration scheme 711
- Network requirements 711
- Using the gui 711
- Using the cli 712
- Verify the configurations 712
- Appendix default parameters 713
- Default settings of maintenance are listed in the following tables 713
- Chapters 714
- Configuring snmp rmon 714
- Part 23 714
- Snmp overview 715
- Snmp simple network management protocol is a standard network management protocol widely used on tcp ip networks it facilitates device management using nms network management system software with snmp network managers can view or modify network device information and troubleshoot according to notifications sent by those devices in a timely manner 715
- The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 715
- Snmp configurations 716
- Creating an snmp view 717
- Enabling snmp 717
- Using the gui 717
- Create an snmp group and configure related parameters 718
- Creating an snmp group 718
- Set the view name and one mib variable that is related to the view choose the view type and click create to add the view entry 718
- Snmp view to load the following page 718
- Follow these steps to create an snmp group 719
- Set the group name and security model if you choose snmpv3 as the security model you need to further configure security level 719
- Set the read write and notify view of the snmp group click create 719
- Snmp group to load the following page 719
- Creating snmp users 720
- Follow these steps to create an snmp user 720
- Snmp user to load the following page 720
- Specify the user name user type and the group which the user belongs to set the security model according to the related parameters of the specified group if you choose snmpv3 you need to configure the security level 720
- Click create 721
- Creating snmp communities 721
- If you have chosen authnopriv or authpriv as the security level you need to set corresponding auth mode or privacy mode if not skip the step 721
- If you want to use snmpv1 or snmpv2c as the security model you can create snmp communities directly 721
- Enabling snmp 722
- Set the community name access rights and the related view click create 722
- Snmp community to load the following page 722
- Using the cli 722
- Bad snmp version errors 723
- Encoding errors 723
- Get request pdus 723
- Illegal operation for community name supplied 723
- Number of altered variables 723
- Number of requested variables 723
- Snmp agent is enabled 723
- Snmp packets input 723
- Switch config show snmp server 723
- Switch config snmp server 723
- Switch config snmp server engineid remote 123456789a 723
- Switch configure 723
- The following example shows how to enable snmp and set 123456789a as the remote engine id 723
- Unknown community name 723
- Bad value errors 724
- Creating an snmp view 724
- General errors 724
- Get next pdus 724
- Local engine id 80002e5703000aeb132397 724
- No such name errors 724
- Remote engine id 123456789a 724
- Response pdus 724
- Set request pdus 724
- Snmp packets output 724
- Specify the oid object identifier of the view to determine objects to be managed 724
- Switch config end 724
- Switch config show snmp server engineid 724
- Switch copy running config startup config 724
- Too big errors maximum packet size 1500 724
- Trap pdus 724
- Creating an snmp group 725
- No name sec mode sec lev read view write view notify view 1 nms monitor v3 authpriv view view 726
- Switch config end 726
- Switch config show snmp server group 726
- Switch config snmp server group nms monitor smode v3 slev authpriv read view notify view 726
- Switch configure 726
- Switch copy running config startup config 726
- The following example shows how to create an snmpv3 group name the group as nms monitor enable auth mode and privacy mode and set the view as read view and notify view 726
- Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 727
- Creating snmp users 727
- The following example shows how to create an snmp user on the switch name the user as admin and set the user as a remote user snmpv3 as the security mode authpriv as the 727
- Admin remote nms monitor v3 authpriv sha des 728
- Creating snmp communities 728
- For snmpv1 and snmpv2c the community name is used for authentication functioning as the password 728
- No u name u type g name s mode s lev a mode p mode 728
- Security level sha as the authentication algorithm 1234 as the authentication password des as the privacy algorithm and 1234 as the privacy password 728
- Switch config end 728
- Switch config show snmp server user 728
- Switch config snmp server user admin remote nms monitor smode v3 slev authpriv cmode sha cpwd 1234 emode des epwd 1234 728
- Switch configure 728
- Switch copy running config startup config 728
- The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 728
- Configuration guidelines 730
- Notification configurations 730
- Using the gui 730
- Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 731
- Click create 731
- Specify the user name or community name used by the nms and configure the security model and security level based on the settings of the user or community 731
- Configure parameters of the nms host and packet handling mechanism 732
- Configuring the host 732
- Using the cli 732
- 68 22 162 admin v3 authpriv inform 3 100 733
- Enabling snmp notification 733
- Enabling the snmp standard trap 733
- No des ip udp name secmode seclev type retry timeout 733
- Switch config end 733
- Switch config show snmp server host 733
- Switch config snmp server host 172 68 22 162 admin smode v3 slev authpriv type inform retries 3 timeout 100 733
- Switch configure 733
- Switch copy running config startup config 733
- The following example shows how to set the nms host ip address as 172 68 22 udp port as port 162 name used by the nms as admin security model as snmpv3 security level as authpriv notification type as inform retry times as 3 and the timeout interval as 100 seconds 733
- Optional enabling the snmp extend trap 734
- Switch config end 734
- Switch config snmp server traps snmp linkup 734
- Switch configure 734
- Switch copy running config startup config 734
- The following example shows how to configure the switch to send linkup traps 734
- Optional enabling the link status trap 735
- Optional enabling the vlan trap 735
- Switch config end 735
- Switch config snmp server traps bandwidth control 735
- Switch config snmp server traps vlan create 735
- Switch configure 735
- Switch copy running config startup config 735
- The following example shows how to configure the switch to enable 735
- The following example shows how to configure the switch to enable bandwidth control traps 735
- Switch config if end 736
- Switch config if snmp server traps link status 736
- Switch config interface ten gigabitether net 1 0 1 736
- Switch configure 736
- Switch copy running config startup config 736
- The following example shows how to configure the switch to enable link status trap 736
- Rmon overview 737
- Configuring statistics 738
- Rmon configurations 738
- Using the gui 738
- Configuring history 739
- Follow these steps to configure history 739
- History to load the following page 739
- Select a history entry and specify a port to be monitored 739
- Set the sample interval and the maximum buckets of history entries 739
- Specify the entry id the port to be monitored and the owner name of the entry set the entry as valid or undercreation and click create 739
- Choose an event entry and set the snmp user of the entry 740
- Configuring event 740
- Enter the owner name and set the status of the entry click apply 740
- Event to load the following page 740
- Follow these steps to configure event 740
- Set the description and type of the event 740
- Alarm to load the following page 741
- Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 741
- Configuring alarm 741
- Enter the owner name and set the status of the entry click apply 741
- Follow these steps to configure alarm 741
- Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 741
- Set the sample type the rising and falling threshold the corresponding event action and the alarm type of the entry 742
- Configuring statistics 743
- Enter the owner name and set the status of the entry click apply 743
- Using the cli 743
- Configuring history 744
- Index port owner state 744
- Switch config end 744
- Switch config rmon statistics 1 interface ten gigabitether net 1 0 1 owner monitor status valid 744
- Switch config rmon statistics 2 interface ten gigabitether net 1 0 2 owner monitor status valid 744
- Switch config show rmon statistics 744
- Switch configure 744
- Switch copy running config startup config 744
- Te1 0 1 monitor valid 744
- Te1 0 2 monitor valid 744
- The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entry is monitor and the entry is valid 744
- Configuring event 745
- Index port interval buckets owner state 745
- Switch config end 745
- Switch config rmon history 1 interface ten gigabitether net 1 0 1 interval 100 owner monitor buckets 50 745
- Switch config show rmon history 745
- Switch configure 745
- Switch copy running config startup config 745
- Te1 0 1 100 50 monitor enable 745
- The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds max buckets as 50 and the owner as monitor 745
- Admin rising notify notify monitor enable 746
- Index user description type owner state 746
- Switch config end 746
- Switch config rmon event 1 user admin description rising notify type notify owner monitor 746
- Switch config show rmon event 746
- Switch configure 746
- Switch copy running config startup config 746
- The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 746
- Configuring alarm 747
- Configuration example 749
- Configuration scheme 749
- Network requirements 749
- Network topology 750
- Using the gui 750
- Using the cli 755
- Verify the configurations 757
- Appendix default parameters 761
- Default settings of snmp are listed in the following table 761
- Default settings of notification are listed in the following table 762
Похожие устройства
- Tp-Link T1700X-16TS V1 Инструкция по установке
- Tp-Link T1700X-16TS V1 Руководство по использованию коммандной строки
- Tp-Link T1700X-16TS V1 Руководство пользователя
- Tp-Link T1700X-16TS V1 Руководство по быстрому старту
- Tp-Link T1700X-16TS V1 Rackmount Switch_EU2_12Languages__ Installation Guide
- Tp-Link T1600G-28TS V3 Руководство по использованию коммандной строки
- Tp-Link T1600G-28TS V3 Инструкция по установке
- Tp-Link T1600G-28TS V3 Руководство по быстрому старту
- Tp-Link T1600G-28TS V3 Rackmount Switch_EU2_12Languages__ Installation Guide
- Tp-Link T1600G-28TS V3 Руководство пользователя
- Tp-Link T1600G-28TS V2 Client Software_User Guide
- Tp-Link T1600G-28TS V2 Руководство по использованию коммандной строки
- Tp-Link T1600G-28TS V2 Инструкция по установке
- Tp-Link T1600G-28TS V2 Rackmount Switch_EU2_12Languages__ Installation Guide
- Tp-Link T1600G-28TS V2 Configuration Guide
- Tp-Link T1600G-28TS V1 Client Software_User Guide
- Tp-Link T1600G-28TS V1 Руководство по использованию коммандной строки
- Tp-Link T1600G-28TS V1 Инструкция по установке
- Tp-Link T1600G-28TS V1 Руководство по быстрому старту
- Tp-Link T1600G-28TS V1 Configuration Guide