Tp-Link T1600G-28TS V3 [712/958] Using the cli

After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 40

Disable telnet login 42

Copy running config startup config 43

Disable ssh login 43

Change the switch s ip address and default gateway 44

Chapters 45

Managing system 45

Part 2 45

Overview 46

Supported features 46

System 46

System info 46

System tools 46

User management 46

Sdm template 47

Time range 47

System info configurations 48

Using the gui 48

Viewing the system summary 48

You can click a port to view the bandwidth utilization on this port 49

You can move your cursor to a port to view the detailed information of the port 49

In the system info section you can view the system information of the switch 50

Viewing the system information 50

Configuring the device description 51

Device description to load the following page 51

In the device description section configure the following parameters 51

Choose one method to set the system time and specify the related parameters 52

Click apply 52

Configuring the system time 52

In the time config section follow these steps to configure the system time 52

In the time info section you can view the current time information of the switch 52

System time to load the following page 52

Choose one method to set the daylight saving time and specify the related parameters 53

Click apply 53

Configuring the daylight saving time 53

Daylight saving time to load the following page 53

Follow these steps to configure daylight saving time 53

In the dst config section enable the daylight saving time function 53

Click apply 54

Gi1 0 1 linkdown n a n a n a disable copper 54

Gi1 0 2 linkdown n a n a n a disable copper 54

On privileged exec mode or any other configuration mode you can use the following commands to view the system information of the switch 54

Port status speed duplex flowctrl jumbo active medium 54

Switch show interface status 54

The following example shows how to view the interface status and the system information of the switch 54

Using the cli 54

Viewing the system summary 54

Bootloader version tp link bootutil v1 55

Configuring the device description 55

Contact information www tp link com 55

Follow these steps to configure the device description 55

Gi1 0 3 linkup 1000m full disable disable copper 55

Hardware version t1600g 52ts 3 55

Mac address 00 0a eb 13 23 a0 55

Running time 1 day 2 hour 33 min 42 sec 55

Serial number 55

Software version 3 build 20171129 rel 8400 s 55

Switch show system info 55

System description jetstream 48 port gigabit smart switch with 4 sfp slots 55

System location shenzhen 55

System name t1600g 52ts 55

System time 2017 12 12 11 23 32 55

Configuring the system time 56

Backup ntp server 139 8 00 63 58

Last successful ntp server 133 00 58

Prefered ntp server 133 00 58

Switch config show system time ntp 58

Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 58

Switch configure 58

The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 58

Time zone utc 08 00 58

Configuring the daylight saving time 59

Follow these steps to configure the daylight saving time 59

Switch config end 59

Switch copy running config startup config 59

Update rate 11 hour s 59

Dst configuration is one off 60

Dst ends at 01 00 00 on sep 1 2017 60

Dst offset is 50 minutes 60

Dst starts at 01 00 00 on aug 1 2017 60

Switch config end 60

Switch config show system time dst 60

Switch config system time dst date aug 1 01 00 2017 sep 1 01 00 2017 50 60

Switch configure 60

Switch copy running config startup config 60

The following example shows how to set the daylight saving time by date mode set the start time as 01 00 august 1st 2017 set the end time as 01 00 september 1st 2017 and set the offset as 50 60

Creating accounts 61

User management configurations 61

Using the gui 61

Click create 62

Configure the following parameters 62

Configuring enable password 62

Follow these steps to create a new user account 62

Global config to load the following page 62

Creating accounts 63

Using the cli 63

Configuring enable password 65

Follow these steps to create an account of other type 65

Configuring the boot file 67

System tools configurations 67

Using the gui 67

Click apply 68

Follow these steps to configure the boot file 68

In the boot table section select one or more units and configure the relevant parameters 68

In the image table you can view the information of the current startup image next startup image and backup image the displayed information is as follows 68

Restore config to load the following page 68

Restoring the configuration of the switch 68

Backing up the configuration file 69

Upgrading the firmware 70

Configuring reboot schedule 71

Manually rebooting the switch 71

Rebooting the switch 71

Choose whether to save the current configuration before the reboot 72

Click apply 72

Configuring the boot file 72

Follow these steps to configure the boot file 72

In the system reset section select the desired unit and click reset after reset all configurations of the switch will be reset to the factory defaults 72

Reseting the switch 72

System reset to load the following page 72

Using the cli 72

Backup config config2 cfg 73

Backup image image2 bin 73

Boot config 73

Current startup config config2 cfg 73

Current startup image image2 bin 73

Follow these steps to restore the configuration of the switch 73

Next startup config config1 cfg 73

Next startup image image1 bin 73

Restoring the configuration of the switch 73

Switch config boot application filename image1 startup 73

Switch config boot application filename image2 backup 73

Switch config boot config filename config1 startup 73

Switch config boot config filename config2 backup 73

Switch config end 73

Switch config show boot 73

Switch configure 73

Switch copy running config startup config 73

The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file as config2 73

Backing up the configuration file 74

Backup user config file ok 74

Enable 74

Follow these steps to back up the current configuration of the switch in a file 74

Follow these steps to upgrade the firmware 74

Operation ok now rebooting system 74

Start to backup user config file 74

Start to load user config file 74

Switch copy startup config tftp ip address 192 68 00 filename file2 74

Switch copy tftp startup config ip address 192 68 00 filename file1 74

The following example shows how to backup the configuration file named file2 to tftp server with ip address 192 68 00 74

The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 74

Upgrading the firmware 74

Configuring reboot schedule 75

Enable 75

Follow these steps to configure the reboot schedule 75

Follow these steps to reboot the switch 75

It will only upgrade the backup image continue y n y 75

Manually rebooting the switch 75

Operation ok 75

Reboot with the backup image y n y 75

Rebooting the switch 75

Switch firmware upgrade ip address 192 68 00 filename file3 bin 75

The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 75

Reboot schedule at 2017 08 15 12 00 in 25582 minutes 76

Reboot schedule settings 76

Reboot system at 15 08 2017 12 00 continue y n y 76

Save before reboot yes 76

Switch config end 76

Switch config reboot schedule at 12 00 15 08 2017 save_before_reboot 76

Switch configure 76

Switch copy running config startup config 76

The following example shows how to set the switch to reboot at 12 00 on 15 08 2017 76

Follow these steps to reset the switch 77

Reseting the switch 77

Click apply 78

Eee configuration 78

Eee to load the following page 78

Enable or disable eee on the selected port s 78

Follow these steps to configure eee 78

In the eee config section select one or more ports to be configured 78

Using the cli 78

Poe configurations 80

And configure the system power limit click apply 81

Configuring the poe parameters manually 81

Follow these steps to configure the basic poe parameters 81

In addition you can click 81

In the poe config section you can view the current poe parameters 81

Poe config to load the following page 81

Using the gui 81

In the port config section select the port you want to configure and specify the parameters click apply 82

Click create 84

Configuring the poe parameters using the profile 84

Creating a poe profile 84

Follow these steps to create a poe profile 84

In the create poe profile section specify the desired configurations of the profile 84

Poe profile and click 84

To load the following page 84

In the port config section select one or more ports and configure the following two parameters time range and poe profile click apply and the poe parameters of the selected poe profile such as poe status and poe priority will be displayed in the table 86

Configuring the poe parameters manually 87

Follow these steps to configure the basic poe parameters 87

Using the cli 87

Gi1 0 5 enable middle class3 no limit none 88

Interface poe status poe prio power limit w time range poe profile 88

Switch config if power inline consumption class3 88

Switch config if power inline priority middle 88

Switch config if power inline supply enable 88

Switch config if show power inline 88

Switch config if show power inline configuration interface gigabitethernet 1 0 5 88

Switch config if show power inline information interface gigabitethernet 1 0 5 88

Switch config interface gigabitethernet 1 0 5 88

Switch config power inline consumption 160 88

Switch configure 88

System power consumption 0 w 88

System power limit 160 w 88

System power remain 160 w 88

The following example shows how to set the system power limit as 160w set the priority as middle and set the power limit as class3 for the port 1 0 5 88

Configuring the poe parameters using the profile 89

Follow these steps to configure the poe profile 89

Gi1 0 5 1 26 53 class 2 on 89

Interface power w current ma voltage v pd class power status 89

Switch config if end 89

Switch copy running config startup config 89

Index name status priority power limit w 90

Profile1 enable middle class2 90

Switch config interface gigabitethernet 1 0 6 90

Switch config power profile profile1 supply enable priority middle consumption class2 90

Switch config show power profile 90

Switch configure 90

The following example shows how to create a profile named profile1and bind the profile to the port 1 0 6 90

In sdm template config section select one template and click apply the setting will be effective after the switch is rebooted 92

Sdm template configuration 92

Sdm template to load the following page 92

The template table displays the resources allocation of each template 92

Using the gui 92

Follow these steps to configure the sdm template 93

Switch config 93

The following example shows how to set the sdm template as enterprisev4 93

Using the cli 93

Adding time range entries 95

Time range configuration 95

Using the gui 95

Configure the following parameters and click create 96

Similarly you can add more entries of period time according to your needs the final period time is the sum of all the periods in the table click create 96

Configuring holiday 97

Adding time range entries 98

Follow these steps to add time range entries 98

Using the cli 98

08 00 to 20 00 on 1 2 99

10 01 2017 to 10 31 2017 99

Configuring holiday 99

Follow these steps to configure holiday time range 99

Holiday exclude 99

Number of time slice 1 99

Switch config 99

Switch config time range absolute from 10 01 2017 to 10 31 2017 99

Switch config time range end 99

Switch config time range holiday exclude 99

Switch config time range periodic start 08 00 end 20 00 day of the week 1 2 99

Switch config time range show time range 99

Switch config time range time1 99

Switch copy running config startup config 99

The following example shows how to create a time range entry and set the name as time1 holiday mode as exclude absolute time as 10 01 2017 to 10 31 2017 and periodic time as 8 00 to 20 00 on every monday and tuesday 99

Time range entry 12 inactive 99

Time range entry time1 inactive 99

Configuring scheme 101

Example for poe configurations 101

Network requirements 101

Using the gui 101

Using the cli 104

Verify the configuration 104

Gi1 0 3 enable low class4 office time none 105

Interface poe status poe prio power limit w time range poe profile 105

Appendix default parameters 106

Default settings of system info are listed in the following tables 106

Default settings of system tools are listed in the following table 106

Default settings of user management are listed in the following table 106

Default setting of eee is listed in the following table 107

Default settings of poe is listed in the following table 107

Default settings of sdm template are listed in the following table 107

Default settings of time range are listed in the following table 108

Chapters 109

Managing physical interfaces 109

Part 3 109

Basic parameters 110

Loopback detection 110

Overview 110

Physical interface 110

Port isolation 110

Supported features 110

Basic parameters configurations 111

Configure the mtu size of jumbo frames for all the ports then click apply 111

Follow these steps to configure basic parameters for the ports 111

Port config to load the following page 111

Select one or more ports to configure the basic parameters then click apply 111

Using the gui 111

Follow these steps to set basic parameters for the ports 112

Using the cli 112

Switch config if no shutdown 113

Switch config interface gigabitethernet 1 0 1 113

Switch configure 113

Switch jumbo size 9216 113

The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port configuring the jumbo frame making the port automatically negotiate speed and duplex with the neighboring port and enabling the flow control 113

Port isolation configurations 115

Using the gui 115

Click apply 116

Follow these steps to configure port isolation 116

In the forwarding port list section select the forwarding ports or lags which the isolated ports can only communicate with it is multi optional 116

In the port section select one or multiple ports to be isolated 116

Using the cli 116

Gi1 0 5 n a gi1 0 1 3 po4 117

Port lag forward list 117

Switch config if end 117

Switch config if port isolation gi forward list 1 0 1 3 po forward list 4 117

Switch config if show port isolation interface gigabitethernet 1 0 5 117

Switch config interface gigabitethernet 1 0 5 117

Switch configure 117

Switch copy running config startup config 117

The following example shows how to add ports 1 0 1 3 and lag 4 to the forwarding list of port 1 0 5 117

Loopback detection configuration 118

Using the gui 118

In the port config section select one or more ports to configure the loopback detection parameters then click apply 119

Optional view the loopback detection information 119

Follow these steps to configure loopback detection 120

Using the cli 120

Configuration examples 122

Configuration scheme 122

Example for port isolation 122

Network requirements 122

Using the gui 122

Using the cli 124

Verify the configuration 124

Configuration scheme 125

Example for loopback detection 125

Network requirements 125

Using the gui 126

Using the cli 127

Verify the configuration 127

Appendix default parameters 128

Default settings of switching are listed in th following tables 128

Chapters 129

Configuring lag 129

Part 4 129

Overview 130

Static lag 130

Supported features 130

Configuration guidelines 131

Lag configuration 131

Configuring load balancing algorithm 132

In the global config section select the load balancing algorithm hash algorithm then click apply 132

Lag table to load the following page 132

Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 132

Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address you can set the algorithm 132

Using the gui 132

Configuring static lag or lacp 133

Configuring load balancing algorithm 135

Follow these steps to configure the load balancing algorithm 135

Using the cli 135

Configuring static lag or lacp 136

Etherchannel load balancing addresses used per protocol 136

Etherchannel load balancing configuration src dst mac 136

Ipv4 source xor destination mac address 136

Ipv6 source xor destination mac address 136

Non ip source xor destination mac address 136

Switch config end 136

Switch config port channel load balance src dst mac 136

Switch config show etherchannel load balance 136

Switch configure 136

Switch copy running config startup config 136

The following example shows how to set the global load balancing mode as src dst mac 136

You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 136

Configuring static lag 137

Flags d down p bundled in port channel u in use 137

Follow these steps to configure static lag 137

Group port channel protocol ports 137

I stand alone h hot standby lacp only s suspended 137

Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 137

R layer3 s layer2 f failed to allocate aggregator 137

Switch config if range channel group 2 mode on 137

Switch config if range end 137

Switch config if range show etherchannel 2 summary 137

Switch config interface range gigabitethernet 1 0 5 8 137

Switch configure 137

Switch copy running config startup config 137

The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 137

U unsuitable for bundling w waiting to be aggregated d default port 137

Configuring lacp 138

Follow these steps to configure lacp 138

Configuration examples 140

Configuration scheme 140

Example for static lag 140

Network requirements 140

Using the gui 140

Using the cli 141

Verify the configuration 141

Configuration scheme 142

Example for lacp 142

Network requirements 142

Using the gui 143

Using the cli 144

Verify the configuration 145

Gi1 0 10 sa down 2 0x1 0 0xa 0x45 146

Gi1 0 9 sa down 1 0x1 0 0x9 0x45 146

Appendix default parameters 147

Default settings of switching are listed in the following tables 147

Chapters 148

Managing mac address table 148

Part 5 148

Address configurations 149

Mac address table 149

Overview 149

Supported features 149

Adding static mac address entries 151

Mac address configurations 151

Using the gui 151

Click apply 153

Dynamic address to load the following page 153

Follow these steps to modify the aging time of dynamic address entries 153

In the aging config section enable auto aging and enter your desired length of time 153

Modifying the aging time of dynamic address entries 153

Adding mac filtering address entries 154

Viewing address table entries 154

Adding static mac address entries 155

Address table and click 155

Follow these steps to add static mac address entries 155

To load the following page 155

Using the cli 155

Modifying the aging time of dynamic address entries 156

Adding mac filtering address entries 157

Aging time is 500 sec 157

Follow these steps to add mac filtering address entries 157

Switch config end 157

Switch config mac address table aging time 500 157

Switch config show mac address table aging time 157

Switch configure 157

Switch copy running config startup config 157

The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 157

Appendix default parameters 159

Default settings of the mac address table are listed in the following tables 159

Chapters 160

Configuring 802 q vlan 160

Part 6 160

Overview 161

Q vlan configuration 162

Configuring the vlan 163

Using the gui 163

Click apply 164

Configuring port parameters for 802 q vlan 164

Port config to load the following page 164

Select a port and configure the parameters click apply 164

Creating a vlan 165

Follow these steps to create a vlan 165

Switch config vlan 2 165

Switch config vlan name rd 165

Switch config vlan show vlan id 2 165

Switch configure 165

The following example shows how to create vlan 2 and name it as rd 165

Using the cli 165

Adding the port to the specified vlan 166

Follow these steps to add the port to the specified vlan 166

Port gi1 0 5 166

Pvid 2 166

Rd active 166

Switch config if show interface switchport gigabitethernet 1 0 5 166

Switch config if switchport general allowed vlan 2 tagged 166

Switch config interface gigabitethernet 1 0 5 166

Switch config vlan end 166

Switch configure 166

Switch copy running config startup config 166

The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as tagged 166

Vlan name status ports 166

Acceptable frame type all 167

Configuring the port 167

Follow these steps to configure the port 167

Ingress checking enable 167

Link type general 167

Member in lag n a 167

Member in vlan 167

Rd tagged 167

Switch config if end 167

Switch copy running config startup config 167

System vlan untagged 167

Vlan name egress rule 167

Configuration example 169

Configuration scheme 169

Network requirements 169

Demonstrated with t1600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 170

Network topology 170

The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 as an example 170

The figure below shows the network topology host a1 and host a2 are in department a while host b1 and host b2 are in department b switch 1 and switch 2 are located in two different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 170

To load the following page create vlan 10 with the description of department_a add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to vlan 10 click create 170

Using the gui 170

Vlan config and 170

Using the cli 173

Verify the configurations 174

Appendix default parameters 176

Default settings of 802 q vlan are listed in the following table 176

Chapters 177

Configuring mac vlan 177

Part 7 177

Overview 178

Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 178

The figure below shows a common application scenario of mac vlan 178

Two departments share all the meeting rooms in the company but use different servers and l 178

Vlan is generally divided by ports it is a common way of division but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office at different times a terminal device may access the network via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their mac vlans even when their access ports change 178

Binding the mac address to the vlan 179

Configuring 802 q vlan 179

Mac vlan configuration 179

Using the gui 179

Enabling mac vlan for the port 180

19 56 8a 4c 71 dept a 10 181

Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 181

Binding the mac address to the vlan 181

Configuring 802 q vlan 181

Follow these steps to bind the mac address to the vlan 181

Mac addr name vlan id 181

Switch config end 181

Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 181

Switch config show mac vlan vlan 10 181

Switch configure 181

The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 181

Using the cli 181

Enabling mac vlan for the port 182

Follow these steps to enable mac vlan for the port 182

Gi1 0 1 enable 182

Gi1 0 2 disable 182

Port status 182

Switch config if end 182

Switch config if mac vlan 182

Switch config if show mac vlan interface 182

Switch config interface gigabitethernet 1 0 1 182

Switch configure 182

Switch copy running config startup config 182

The following example shows how to enable mac vlan for port 1 0 1 182

Configuration example 183

Configuration scheme 183

Create vlan 10 and vlan 20 on each of the three switches and add the ports to the vlans based on the network topology for the ports connecting the laptops set the 183

Network requirements 183

Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 183

You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 183

Using the gui 184

Using the cli 189

Verify the configurations 191

Appendix default parameters 193

Default settings of mac vlan are listed in the following table 193

Chapters 194

Configuring protocol vlan 194

Part 8 194

Overview 195

Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze specific fields of received packets encapsulate the packets in specific formats and forward the packets with different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services 195

The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 195

Configuring 802 q vlan 196

Protocol vlan configuration 196

Using the gui 196

Check whether your desired template already exists in the protocol template config 197

Creating protocol template 197

Follow these steps to create a protocol template 197

Protocol template to load the following page 197

Section if not click 197

To create a new template 197

Click create 198

Configuring protocol vlan 198

Follow these steps to configure the protocol group 198

In the protocol group config section specify the following parameters 198

Protocol vlan group and 198

To load the following page 198

Before configuring protocol vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 199

Configuring 802 q vlan 199

Creating a protocol template 199

Follow these steps to create a protocol template 199

Select the desired ports click create 199

Using the cli 199

Arp ethernetii ether type 0806 200

At snap ether type 809b 200

Configuring protocol vlan 200

Follow these steps to configure protocol vlan 200

Index protocol name protocol type 200

Ip ethernetii ether type 0800 200

Ipv6 ethernetii ether type 86dd 200

Ipx snap ether type 8137 200

Rarp ethernetii ether type 8035 200

Switch config end 200

Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 200

Switch config show protocol vlan template 200

Switch configure 200

Switch copy running config startup config 200

The following example shows how to create an ipv6 protocol template 200

Arp ethernetii ether type 0806 201

At snap ether type 809b 201

Index protocol name protocol type 201

Index protocol name vid priority member 201

Ip ethernetii ether type 0800 201

Ipv6 10 0 201

Ipv6 ethernetii ether type 86dd 201

Ipx snap ether type 8137 201

Rarp ethernetii ether type 8035 201

Switch config if protocol vlan group 1 201

Switch config if show protocol vlan vlan 201

Switch config interface gigabitethernet 1 0 2 201

Switch config protocol vlan vlan 10 priority 5 template 6 201

Switch config show protocol vlan template 201

Switch config show protocol vlan vlan 201

Switch configure 201

The following example shows how to bind the ipv6 protocol template to vlan 10 and add port 1 0 2 to protocol vlan 201

A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 203

Configuration example 203

Configuration scheme 203

Network requirements 203

The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 203

You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 203

Using the gui 205

To save the settings 210

Using the cli 211

Verify the configurations 213

Appendix default parameters 215

Default settings of protocol vlan are listed in the following table 215

Chapters 216

Configuring gvrp 216

Part 9 216

Gvrp garp vlan registration protocol is a garp generic attribute registration protocol application that allows registration and deregistration of vlan attribute values and dynamic vlan creation 217

Overview 217

The configuration may seem easy in this situation however for a larger or more complex network such manual configuration would be time consuming and fallible gvrp can be used to implement dynamic vlan configuration with gvrp the switch can exchange vlan configuration information with the adjacent gvrp switches and dynamically create and manage the vlans this reduces vlan configuration workload and ensures correct vlan configuration 217

Without gvrp operating configuring the same vlan on a network would require manual configuration on each device as shown in figure 1 1 switch a b and c are connected through trunk ports vlan 10 is configured on switch a and vlan 1 is configured on switch b and switch c switch c can receive messages sent from switch a in vlan 10 only when the network administrator has manually created vlan 10 on switch b and switch c 217

Configuration guidelines 218

Gvrp configuration 218

Follow these steps to configure gvrp 219

Gvrp config to load the following page 219

In the gvrp section enable gvrp globally then click apply 219

In the port config section select one or more ports set the status as enable and configure the related parameters according to your needs 219

Using the gui 219

Click apply 220

Using the cli 220

Configuration example 223

Configuration scheme 223

Department a and department b of a company are connected using switches offices of one department are distributed on different floors as shown in figure 3 1 the network topology is complicated configuration of the same vlan on different switches is required so that computers in the same department can communicate with each other 223

Network requirements 223

The two departments are in separate vlans to make sure the switches only dynamically create the vlan of their own department you need to set the registration mode for ports on switch 1 4 as fixed to prevents dynamic registration and deregistration of vlans and allow the port to transmit only the static vlan registration information 223

To configure dynamic vlan creation on the other switches set the registration mode of the corresponding ports as normal to allow dynamic registration and deregistration of vlans 223

To reduce manual configuration and maintenance workload gvrp can be enabled to implement dynamic vlan registration and update on the switches 223

When configuring gvrp please note the following 223

Using the gui 224

Using the cli 228

Verify the configuration 230

Appendix default parameters 232

Default settings of gvrp are listed in the following tables 232

Chapters 233

Configuring layer 2 multicast 233

Part 10 233

Layer 2 multicast 234

Overview 234

A member port is a port on snooping switch that is connecting to the host 235

A router port is a port on snooping switch that is connecting to the igmp querier 235

A snooping switch indicates a switch with igmp snooping enabled the switch maintains a multicast forwarding table by snooping on the igmp transmissions between the host and the querier with the multicast forwarding table the switch can forward multicast data only to the ports that are in the corresponding multicast group so as to constrain the flooding of multicast data in the layer 2 network 235

An igmp querier is a multicast router a router or a layer 3 switch that sends query messages to maintain a list of multicast group memberships for each attached network and a timer for each membership 235

Demonstrated as below 235

Igmp querier 235

Member port 235

Normally only one device acts as querier per physical network if there are more than one multicast router in the network a querier election process will be implemented to determine which one acts as the querier 235

Router port 235

Snooping switch 235

The following basic concepts of igmp snooping will be introduced igmp querier snooping switch router port and member port 235

Layer 2 multicast protocol for ipv4 igmp snooping 236

Layer 2 multicast protocol for ipv6 mld snooping 236

Multicast filtering 236

Multicast vlan registration mvr 236

Supported features 236

Configuring igmp snooping globally 237

Igmp snooping configuration 237

Using the gui 237

And click 238

Before configuring igmp snooping for vlans set up the vlans that the router ports and the member ports are in for details please refer to configuring 802 q vlan 238

Choose the menu 238

Click apply 238

Configuring igmp snooping for vlans 238

Global config 238

Igmp vlan confi 238

In your desired vlan entry in the 238

Section to load the following page 238

The switch supports configuring igmp snooping on a per vlan basis after igmp snooping is enabled globally you also need to enable igmp snooping and configure the corresponding parameters for the vlans that the router ports and the member ports are in 238

Enable igmp snooping for the vlan and configure the corresponding parameters 239

Follow these steps to configure igmp snooping for a specific vlan 239

Click save 241

Click apply 242

Configuring hosts to statically join a group 242

Configuring igmp snooping for ports 242

Enable igmp snooping for the port and enable fast leave if there is only one receiver connected to the port 242

Follow these steps to configure igmp snooping for ports 242

Following page 242

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 242

Port confi 242

To load the 242

Choose the menu 243

Click create 243

Configuring igmp snooping globally 243

Follow these steps to configure hosts to statically join a group 243

Follow these steps to configure igmp snooping globally 243

Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 243

Static group config 243

To load the following page 243

Using the cli 243

Switch config ip igmp snooping 244

Switch config ip igmp snooping drop unknown 244

Switch config ip igmp snooping version v3 244

Switch config ipv6 mld snooping 244

Switch configure 244

The following example shows how to enable igmp snooping and header validation globally and specify the igmp snooping version as igmpv3 the way how the switch processes multicast streams that are sent to unknown multicast groups as discard 244

Configuring igmp snooping for vlans 245

Switch config ip igmp snooping vlan config 1 mtime 300 248

Switch config ip igmp snooping vlan config 1 rtime 320 248

Switch configure 248

The following example shows how to enable igmp snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 248

Configuring igmp snooping for ports 250

Follow these steps to configure igmp snooping for ports 250

General query source ip 192 68 250

Last member query count 3 250

Switch config end 250

Switch config if range ip igmp snooping 250

Switch config interface range gigabitehternet 1 0 1 3 250

Switch configure 250

Switch copy running config startup config 250

The following example shows how to enable igmp snooping and fast leave for port 1 0 1 3 250

Configuring hosts to statically join a group 251

Configuring mld snooping globally 253

Mld snooping configuration 253

Using the gui 253

Configuring mld snooping for vlans 254

Click save 256

Click apply 257

Configuring hosts to statically join a group 257

Configuring mld snooping for ports 257

Enable mld snooping for the port and enable fast leave if there is only one receiver connected to the port 257

Follow these steps to configure mld snooping for ports 257

Following page 257

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 257

Port config to load the 257

Choose the menu 258

Click create 258

Configuring mld snooping globally 258

Follow these steps to configure hosts to statically join a group 258

Follow these steps to configure mld snooping globally 258

Specify the multicast ip address vlan id select the ports to be the static member ports of the multicast group 258

Static group config 258

To load the following page 258

Using the cli 258

Configuring mld snooping for vlans 259

Follow these steps to configure mld snooping for vlans 260

Switch config ipv6 mld snooping vlan config 1 immediate leave 262

Switch config ipv6 mld snooping vlan config 1 mtime 300 262

Switch config ipv6 mld snooping vlan config 1 report suppression 262

Switch config ipv6 mld snooping vlan config 1 rtime 320 262

Switch configure 262

The following example shows how to enable mld snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 262

Configuring mld snooping for ports 264

Follow these steps to configure mld snooping for ports 264

General query source ip 2000 1 2345 6789 abcd 264

Switch config end 264

Switch config if range ipv6 mld snooping 264

Switch config if range ipv6 mld snooping immediate leave 264

Switch config if range show ipv6 mld snooping interface gigabitethernet 1 0 1 3 264

Switch config interface range gigabitehternet 1 0 1 3 264

Switch configure 264

Switch copy running config startup config 264

The following example shows how to enable mld snooping and fast leave for port 1 0 1 3 264

Configuring hosts to statically join a group 265

Follow these steps to configure hosts to statically join a group 265

Gi1 0 1 enable enable 265

Gi1 0 2 enable enable 265

Gi1 0 3 enable enable 265

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 265

Port mld snooping fast leave 265

Switch config if range end 265

Switch config ipv6 mld snooping vlan config 2 static ff80 1234 1 interface gigabitethernet 1 0 1 3 265

Switch config show ipv6 mld snooping groups static 265

Switch configure 265

Switch copy running config startup config 265

The following example shows how to configure port 1 0 1 3 in vlan 2 to statically join the multicast group ff80 1234 1 265

Configuring 802 q vlans 267

Mvr configuration 267

Using the gui 267

Choose the menu 268

Click apply 268

Configuring mvr globally 268

Enable mvr globally and configure the global parameters 268

Follow these steps to configure mvr globally 268

Mvr config 268

To load the following page 268

Adding multicast groups to mvr 269

And click 269

Click create 269

Follow these steps to add multicast groups to mvr 269

Mvr group config 269

Specify the ip address of the multicast groups 269

Then the added multicast groups will appear in the mvr group table as the following figure shows 269

To load the following page 269

You need to manually add multicast groups to the mvr choose the menu 269

Choose the menu 270

Configuring mvr for the port 270

Enable mvr and configure the port type and fast leave feature for the port 270

Follow these steps to add multicast groups to mvr 270

Port config 270

Select one or more ports to configure 270

To load the following page 270

And click 271

Choose the menu 271

Click apply 271

Optional adding ports to mvr groups statically 271

Static group members 271

You can add only receiver ports to mvr groups statically the switch adds or removes receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts you can also statically add a receiver port to an mvr group 271

Your desired mvr group entry to load the following page 271

Before configuring mvr create an 802 q vlan as the multicast vlan add the all source ports to the multicast vlan as tagged ports configure 802 q vlans for the receiver ports according to network requirements note that receiver ports can only belong to one vlan and cannot be added to the multicast vlan for details refer to configuring 802 q vlan 272

Click save 272

Configuring 802 q vlans 272

Configuring mvr globally 272

Follow these steps to configure mvr globally 272

Follow these steps to statically add ports to an mvr group 272

Select the ports to add them to the mvr group 272

Using the cli 272

Active 274

Configuring mvr for the ports 274

Follow these steps to configure mvr for the ports 274

Mvr group ip status members 274

Switch config end 274

Switch copy running config startup config 274

Creating the multicast profile 277

Multicast filtering configuration 277

Using the gui 277

Follow these steps to create a profile 278

In the general config section specify the profile id and mode 278

In the ip range section click 278

To load the following page configure the start ip address and end ip address of the multicast groups to be filtered and click create 278

Configure multicast filtering for ports 279

Click apply 280

Creating igmp profile multicast profile for ipv4 280

Creating the multicast profile 280

Follow these steps to bind the profile to ports and configure the corresponding parameters for the ports 280

Select one or more ports to configure 280

Specify the profile to be bound and configure the maximum groups the port can join and the overflow action 280

Using the cli 280

You can create multicast profiles for both ipv4 and ipv6 network with multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources 280

Creating mld profile multicast profile for ipv6 281

Deny deny 281

Igmp profile 1 281

Range 226 226 0 range 226 226 0 281

Switch config end 281

Switch config igmp profile deny 281

Switch config igmp profile range 226 226 0 281

Switch config igmp profile show ip igmp profile 281

Switch config ip igmp profile 1 281

Switch config ip igmp snooping 281

Switch configure 281

Switch copy running config startup config 281

The following example shows how to configure profile 1 so that the switch filters multicast streams sent to 226 226 0 281

Deny deny 282

Mld profile 1 282

Range ff01 1234 5 ff01 1234 8 range ff01 1234 5 ff01 1234 8 282

Switch config end 282

Switch config ipv6 mld profile 1 282

Switch config ipv6 mld snooping 282

Switch config mld profile deny 282

Switch config mld profile range ff01 1234 5 ff01 1234 8 282

Switch config mld profile show ipv6 mld profile 282

Switch configure 282

Switch copy running config startup config 282

The following example shows how to configure profile 1 so that the switch filters multicast streams sent to ff01 1234 5 ff01 1234 8 282

Binding the igmp profile to ports 283

Binding the profile to ports 283

You can bind the created igmp profile or mld profile to ports and configure the number of multicast groups a port can join and the overflow action 283

Binding the mld profile to ports 284

Binding port s binding port s 285

Mld profile 1 285

Switch config if ipv6 mld filter 1 285

Switch config if ipv6 mld snooping 285

Switch config if ipv6 mld snooping max groups 50 285

Switch config if ipv6 mld snooping max groups action drop 285

Switch config if show ipv6 mld profile 285

Switch config interface gigabitethernet 1 0 2 285

Switch configure 285

The following example shows how to bind the existing profile 1 to port 1 0 2 and specify the maximum number of multicast groups that port 1 0 2 can join as 50 and the overflow action as drop 285

Using the gui 287

Viewing ipv4 multicast table 287

Viewing multicast snooping information 287

Follow these steps to view ipv4 multicast statistics on each port 288

Ipv4 multicast statistics to load the following page 288

To get the real time multicast statistics enable auto refresh or click refresh 288

Viewing ipv4 multicast statistics on each port 288

In the port statistics section view ipv4 multicast statistics on each port 289

Ipv6 multicast table to load the following pag 289

The multicast ip address table shows all valid multicast ip vlan port entries 289

Viewing ipv6 multicast table 289

Follow these steps to view ipv6 multicast statistics on each port 290

Ipv6 multicast statistics to load the following page 290

To get the real time ipv6 multicast statistics enable auto refresh or click refresh 290

Viewing ipv6 multicast statistics on each port 290

In the port statistics section view ipv6 multicast statistics on each port 291

Using the cli 291

Viewing ipv4 multicast snooping information 291

Viewing ipv6 multicast snooping configurations 292

Configuration examples 293

Configuration scheme 293

Example for configuring basic igmp snooping 293

Network requirements 293

Using the gui 294

Using the cli 296

Verify the configurations 297

Example for configuring mvr 298

Network requirements 298

Network topology 298

Add port 1 0 1 3 to vlan 10 vlan 20 and vlan 30 as untagged ports respectively and configure the pvid of port 1 0 1 as 10 port 1 0 2 as 20 port 1 0 3 as 30 make sure port1 0 1 3 only belong to vlan 10 vlan 20 and vlan 30 respectively for details refer to configuring 802 q vlan 299

As the hosts are in different vlans in igmp snooping the querier need to duplicate multicast streams for hosts in each vlan to avoid duplication of multicast streams being sent between querier and the switch you can configure mvr on the switch 299

Configuration scheme 299

Demonstrated with t1600g 28ts this section provides configuration procedures in two ways using the gui and using the cli 299

Internet 299

The switch can work in either mvr compatible mode or mvr dynamic mode when in compatible mode remember to statically configure the querier to transmit the streams of multicast group 225 to the switch via the multicast vlan here we take the mvr dynamic mode as an example 299

Using the gui 299

To load the following page create vlan 40 and add port 1 0 4 to the vlan as tagged port 300

Vlan config and click 300

Using the cli 302

Verify the configurations 304

Example for configuring unknown multicast and fast leave 305

Network requirement 305

Configuration scheme 306

Using the gui 306

Using the cli 308

Configuration scheme 309

Example for configuring multicast filtering 309

Network requirements 309

Verify the configurations 309

As shown in the following network topology host b is connected to port 1 0 1 host c is connected to port 1 0 2 and host d is connected to port 1 0 3 they are all in vlan 10 310

Create vlan 10 add port 1 0 1 3 to the vlan as untagged port and port 1 0 4 as tagged port configure the pvid of the four ports as 10 for details refer to configuring 802 q vlan 310

Demonstrated with t1600g 28ts this section provides configuration procedures in two ways using the gui and using the cli 310

Global config to load the following page in the global config section enable igmp snooping globally 310

Internet 310

Network topology 310

Using the gui 310

In the igmp vlan config section click 311

In vlan 10 to load the following page enable igmp snooping for vlan 10 311

Using the cli 314

Verify the configurations 316

Appendix default parameters 317

Default parameters for igmp snooping 317

Default parameters for mld snooping 318

Default parameters for multicast filtering 319

Default parameters for mvr 319

Chapters 320

Configuring spanning tree 320

Part 11 320

Basic concepts 321

Overview 321

Spanning tree 321

Stp rstp concepts 321

Bridge id 322

Port role 322

Root bridge 322

Port status 323

Path cost 324

Root path cost 324

Mst region 325

Mstp concepts 325

Mst instance 326

Stp security 326

Vlan instance mapping 326

Configuring stp rstp parameters on ports 329

Stp rstp configurations 329

Using the gui 329

In the port config section configure stp rstp parameters on ports 330

Click apply 331

Configuring stp rstp globally 331

Stp config to load the following page 331

Follow these steps to configure stp rstp globally 332

In the parameters config section configure the global parameters of stp rstp and click apply 332

In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 333

Stp summary to load the following page 333

Verify the stp rstp information of your switch after all the configurations are finished 333

Verifying the stp rstp configurations 333

The stp summary section shows the summary information of spanning tree 334

Configuring stp rstp parameters on ports 335

Follow these steps to configure stp rstp parameters on ports 335

Using the cli 335

Configuring global stp rstp parameters 337

This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 338

Enable rstp 36864 2 12 20 5 20 339

Enabling stp rstp globally 339

Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 339

State mode priority hello time fwd time max age hold count max hops 339

Switch config end 339

Switch config show spanning tree bridge 339

Switch config spanning tree 339

Switch config spanning tree mode rstp 339

Switch config spanning tree priority 36864 339

Switch config spanning tree timer forward time 12 339

Switch configure 339

Switch copy running config startup config 339

This example shows how to enable spanning tree function configure the spanning tree mode as rstp and verify the configurations 339

Configuring parameters on ports in cist 341

Mstp configurations 341

Using the gui 341

Follow these steps to configure parameters on ports in cist 342

In the port config section configure the parameters on ports 342

Besides configure the priority of the switch the priority and path cost of ports in the desired instance 344

Click apply 344

Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 344

Configuring the mstp region 344

Configuring the region name and revision level 344

Follow these steps to create an mst region 344

In the region config section set the name and revision level to specify an mstp region 344

Region config to load the following page 344

Configure port parameters in the desired instance 346

Configuring parameters on ports in the instance 346

Follow these steps to configure port parameters in the instance 346

In the instance port config section select the desired instance id 346

Instance port config to load the following page 346

Configuring mstp globally 348

Follow these steps to configure mstp globally 348

In the parameters config section configure the global parameters of mstp and click apply 348

Stp config to load the following page 348

In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 349

Stp summary to load the following page 350

The stp summary section shows the summary information of cist 350

Verifying the mstp configurations 350

Configuring parameters on ports in cist 351

Follow these steps to configure the parameters of the port in cist 351

The mstp instance summary section shows the information in mst instances 351

Using the cli 351

Gi1 0 3 144 200 n a lnkdwn 353

Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 353

Interface prio cost role status 353

Interface state prio ext cost int cost edge p2p mode role status 353

Mst instance 0 cist 353

Mst instance 5 353

Switch config if end 353

Switch config if show spanning tree interface gigabitethernet 1 0 3 353

Switch config if spanning tree 353

Switch config if spanning tree common config port priority 32 353

Switch config interface gigabitethernet 1 0 3 353

Switch configure 353

Switch copy running config startup config 353

This example shows how to enable spanning tree function for port 1 0 3 and configure the port priority as 32 353

Configuring the mst region 354

Configuring the mstp region 354

Follow these steps to configure the mst region and the priority of the switch in the instance 354

7 4094 355

Configuring the parameters on ports in instance 355

Follow these steps to configure the priority and path cost of ports in the specified instance 355

Mst instance vlans mapped 355

Region name r1 355

Revision 100 355

Switch config mst end 355

Switch config mst instance 5 vlan 2 6 355

Switch config mst name r1 355

Switch config mst revision 100 355

Switch config mst show spanning tree mst configuration 355

Switch config spanning tree mst configuration 355

Switch configure 355

Switch copy running config startup config 355

This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 355

Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn n a 356

Interface state prio ext cost int cost edge p2p mode role status lag 356

Mst instance 0 cist 356

Mst instance 5 356

Switch config if show spanning tree interface gigabitethernet 1 0 3 356

Switch config if spanning tree mst instance 5 port priority 144 cost 200 356

Switch config interface gigabitethernet 1 0 3 356

Switch configure 356

This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in instance 5 356

Configuring global mstp parameters 357

Follow these steps to configure the global mstp parameters of the switch 357

Gi1 0 3 144 200 n a lnkdwn n a 357

Interface prio cost role status lag 357

Switch config if end 357

Switch copy running config startup config 357

Enable mstp 36864 2 12 20 8 25 358

State mode priority hello time fwd time max age hold count max hops 358

Switch config if end 358

Switch config if show spanning tree bridge 358

Switch config if spanning tree hold count 8 358

Switch config if spanning tree max hops 25 358

Switch config if spanning tree timer forward time 12 358

Switch config spanning tree priority 36864 358

Switch configure 358

Switch copy running config startup config 358

This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 358

Address 00 0a eb 13 23 97 359

Designated bridge 359

Enabling spanning tree globally 359

External cost 200000 359

Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 359

Latest topology change time 2006 01 04 10 47 42 359

Mst instance 0 cist 359

Priority 32768 359

Root bridge 359

Root port gi 0 20 359

Spanning tree is enabled 359

Spanning tree s mode mstp 802 s multiple spanning tree protocol 359

Switch config show spanning tree active 359

Switch config spanning tree 359

Switch config spanning tree mode mstp 359

Switch configure 359

This example shows how to configure the spanning tree mode as mstp and enable spanning tree function globally 359

Configure the port protect features for the selected ports and click apply 361

Stp security configurations 361

Stp security to load the following page 361

Using the gui 361

Configuring the stp security 362

Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 362

Using the cli 362

Gi1 0 3 enable enable enable enable disable enable 364

Interface bpdu filter bpdu guard loop protect root protect tc protect bpdu flood 364

Switch config if end 364

Switch config if show spanning tree interface security gigabitethernet 1 0 3 364

Switch config if spanning tree bpdufilter 364

Switch config if spanning tree bpduguard 364

Switch config if spanning tree guard loop 364

Switch config if spanning tree guard root 364

Switch config interface gigabitethernet 1 0 3 364

Switch configure 364

Switch copy running config startup config 364

This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 364

As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 365

Configuration example for mstp 365

Configuration scheme 365

Here we configure two instances to meet the requirement as is shown below 365

It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 365

Mstp backwards compatible with stp and rstp can map vlans to instances to implement load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 365

Network requirements 365

To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 365

Using the gui 366

Using the cli 372

Verify the configurations 374

Appendix default parameters 379

Default settings of the spanning tree feature are listed in the following table 379

Chapters 381

Configuring lldp 381

Part 12 381

Overview 382

Supported features 382

Configuring lldp globally 383

Lldp configurations 383

Using the gui 383

Follow these steps to configure the lldp feature globally 384

In the global config section enable lldp you can also enable the switch to forward lldp messages when lldp function is disabled click apply 384

In the parameter config section configure the lldp parameters click apply 384

Configure the admin status and notification mode for the port 385

Configuring lldp for the port 385

Follow these steps to configure the lldp feature for the interface 385

Port config to load the following page 385

Select one or more ports to configure 385

Select the tlvs type length value included in the lldp packets according to your needs 385

Click apply 386

Enable the lldp feature on the switch and configure the lldp parameters 386

Global config 386

Using the cli 386

Switch config lldp 387

Switch config lldp hold multiplier 4 387

Switch configure 387

The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 387

Fast packet count 3 388

Initialization delay 2 seconds 388

Lldp forward message disabled 388

Lldp med fast start repeat count 4 388

Lldp status enabled 388

Port config 388

Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 388

Switch config end 388

Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 388

Switch config show lldp 388

Switch copy running config startup config 388

Trap notification interval 5 seconds 388

Ttl multiplier 4 388

Tx delay 2 seconds 388

Tx interval 30 seconds 388

Configuring lldp globally 391

Configuring lldp med globally 391

Lldp med configurations 391

Using the gui 391

Configuring lldp med for ports 392

Global config 394

Lldp status enabled 394

Switch config lldp 394

Switch config lldp med fast count 4 394

Switch config show lldp 394

Switch configure 394

The following example shows how to configure lldp med fast count as 4 394

Tx interval 30 seconds 394

Using the cli 394

Fast packet count 3 395

Initialization delay 2 seconds 395

Lldp med fast start repeat count 4 395

Port config 395

Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 395

Switch config end 395

Switch copy running config startup config 395

Trap notification interval 5 seconds 395

Ttl multiplier 4 395

Tx delay 2 seconds 395

Using gui 398

Viewing lldp device info 398

Viewing lldp settings 398

Follow these steps to view the local information 399

In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 399

In the local info section select the desired port and view its associated local device information 399

Viewing lldp statistics 402

In the neighbors statistics section view the statistics of the corresponding port 403

Using cli 403

Viewing lldp statistics 403

Viewing the local info 403

Viewing the neighbor info 403

Using gui 404

Viewing lldp med settings 404

Follow these steps to view lldp med local information 405

In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 405

In the lldp med local info section select the desired port and view the lldp med settings 405

Follow these steps to view lldp med neighgbor information 406

In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 406

In the neighbor info section select the desired port and view the lldp med settings 406

Neighbor info to load the following page 406

Viewing the neighbor info 406

Using cli 407

Viewing lldp statistics 407

Viewing the local info 407

Viewing the neighbor info 407

Configuration example 408

Configuration example for lldp 408

Configuration scheme 408

Network requirements 408

Network topology 408

Using the gui 408

Using cli 409

Verify the configurations 410

Configuration scheme 415

Example for lldp med 415

Network requirements 415

Using the gui 415

Using cli 418

Verify the configurations 419

Appendix default parameters 421

Default lldp med settings 421

Default lldp settings 421

Default settings of lldp are listed in the following tables 421

Chapters 422

Configuring layer 3 interfaces 422

Part 13 422

Interfaces are used to exchange data and interact with interfaces of other network devices interfaces are classified into layer 2 interfaces and layer 3 interfaces 423

Layer 2 interfaces are the physical ports on the switch panel they forward packets based on mac address table 423

Layer 3 interfaces are used to forward ipv4 and ipv6 packets using static or dynamic routing protocols you can use layer 3 interfaces for ip routing and inter vlan routing 423

Overview 423

This chapter introduces the configurations for layer 3 interfaces the supported types of layer 3 interfaces are shown as below 423

Creating an layer 3 interface 424

Layer 3 interface configurations 424

Using the gui 424

In the interface list section click 425

To load the following page and configure the corresponding parameters for the layer 3 interface then click create 425

Configuring ipv4 parameters of the interface 426

Figure 2 426

In the modify ipv4 interface section configure relevant parameters for the interface according to your actual needs then click apply 426

List section on the corresponding interface entry click edit ipv4 to load the following page and edit the ipv4 parameters of the interface 426

You can view the corresponding interface you have created in the interface 426

Configuring ipv6 parameters of the interface 427

In the modify ipv6 interface section enable ipv6 feature for the interface and configure the corresponding parameters then click apply 428

Configure ipv6 global address of the interface via following three ways 429

In the global address table section click 429

Manually 429

To manually assign an ipv6 global address to the interface 429

Via dhcpv6 server 429

Via ra message 429

Figure 2 430

Interface list section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 430

View the global address entry in the global address table 430

Viewing detail information of the interface 430

You can view the corresponding interface entry you have created in the 430

Creating an layer 3 interface 431

Follow these steps to create an layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 431

Using the cli 431

Switch config if description vlan 2 432

Switch config if end 432

Switch config interface vlan 2 432

Switch configure 432

The following example shows how to create a vlan interface with a description of vlan 2 432

Configuring ipv4 parameters of the interface 433

Follow these steps to configure the ipv4 parameters of the interface 433

Switch config if ip address 192 68 00 255 55 55 433

Switch config if no switchport 433

Switch config interface gigabitethernet 1 0 1 433

Switch configure 433

Switch copy running config startup config 433

The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 433

Configuring ipv6 parameters of the interface 434

Follow these steps to configure the ipv6 parameters of the interface 434

Interface ip address method status protocol shutdown gi1 0 1 192 68 00 24 static up up no 434

Switch config if end 434

Switch config if show ip interface brief 434

Switch copy running config startup config 434

Global address dhcpv6 enable 435

Global address ra disable 435

Global unicast address es ff02 1 ff13 237b 435

Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 435

Joined group address es ff02 1 435

Switch config if ipv6 address autoconfig 435

Switch config if ipv6 address dhcp 435

Switch config if ipv6 enable 435

Switch config if show ipv6 interface 435

Switch config interface vlan 2 435

Switch configure 435

The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 435

Vlan2 is up line protocol is up 435

Configuration example 437

Configuration scheme 437

Network requirement 437

Using the gui 437

Using the cli 438

Verify the vlan interface configurations 439

Appendix default parameters 440

Default settings of interface are listed in the following tables 440

Chapters 441

Configuring routing 441

Part 14 441

Overview 442

Configure the corresponding parameters to add an ipv4 static routing entry then click create 443

Ipv4 static routing and click 443

Ipv4 static routing configuration 443

To load the following page to load the following page 443

Using the gui 443

C 192 68 24 is directly connected vlan1 444

Candidate default 444

Codes c connected s static 444

Follow these steps to create an ipv4 static route 444

S 192 68 24 1 0 via 192 68 vlan1 444

Switch config end 444

Switch config ip route 192 68 255 55 55 192 68 444

Switch config show ip route 444

Switch configure 444

Switch copy running config startup config 444

The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 444

Using the cli 444

Configure the corresponding parameters to add an ipv6 static routing entry then click create 445

Follow these steps to enable ipv6 routing function and create an ipv6 static route 445

Ipv6 static 445

Ipv6 static routing configuration 445

Routing table and click 445

To load the following page 445

Using the cli 445

Using the gui 445

C 3000 64 is directly connected vlan1 446

Candidate default 446

Codes c connected s static 446

S 3200 64 1 0 via 3100 1234 vlan2 446

Switch config end 446

Switch config ipv6 route 3200 64 3100 1234 446

Switch config show ipv6 route static 446

Switch configure 446

Switch copy running config startup config 446

The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 446

Using the gui 447

Viewing ipv4 routing table 447

Viewing routing table 447

Ipv6 routing information summary to load the following page 448

On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 448

Using the cli 448

View the ipv6 routing entries 448

Viewing ipv4 routing table 448

Viewing ipv6 routing table 448

On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 449

Viewing ipv6 routing table 449

As shown below host a and host b are on different network segments to meet business needs host a and host b need to establish a connection without using dynamic routing protocols to ensure stable connectivity 450

Configuration scheme 450

Demonstrated with t1600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 450

Example for static routing 450

Interface to create a routed port gi1 0 1 with the mode as static the ip address as 10 the mask as 255 55 55 and the admin status as enable create a routed port gi1 0 2 with the mode as static the ip address as 10 0 the mask as 255 55 55 and the admin status as enable 450

Network requirements 450

The configurations of switch a and switch b are similar the following introductions take switch a as an example 450

To implement this requirement you can configure the default gateway of host a as 10 24 the default gateway of host b as 10 24 and configure ipv4 static routes on switch a and switch b so that hosts on different network segments can communicate with each other 450

Using the gui 450

Ipv4 static routing to load the following page add a static routing entry with the destination as 10 the subnet 451

Using the cli 452

Verify the configurations 453

Chapters 455

Configuring dhcp service 455

Part 15 455

Dhcp relay 456

Dhcp server 456

Overview 456

Supported features 456

An option 82 has two sub options namely the agent circuit id and agent remote id the information that the two sub options carry depends on the settings of the dhcp relay agent and are different among devices from different vendors to allocate network addresses using option 82 you need to define the two sub options on the dhcp relay agent and create a dhcp class on the dhcp server to identify the option 82 payload 457

Option 82 457

Option 82 is called the dhcp relay agent information option it provides additional security and a more flexible way to allocate network addresses compared with the traditional dhcp 457

Table 1 1 and table 1 2 show the packet formats of the agent circuit id and agent remote id respectively 457

Tp link switches preset a default circuit id and remote id in tlv type length and value format you can also configure the format to include value only and customize the value 457

When enabled the dhcp relay agent can inform the dhcp server of some specified information of clients by inserting an option 82 payload to dhcp request packets before forwarding them to the dhcp server so that the dhcp server can distribute the ip addresses or other parameters to clients based on the payload in this way option 82 prevents dhcp client requests from untrusted sources besides it allows the dhcp server to assign ip addresses of different address pools to clients in different groups 457

Dhcp l2 relay 460

Unlike dhcp relay dhcp l2 relay is used in the situation that the dhcp server and clients are in the same vlan in dhcp l2 relay in addition to normally assigning ip addresses to clients from the dhcp server the switch can inform the dhcp server of some specified information such as the location information of clients by inserting an option 82 payload to dhcp request packets before forwarding them to the dhcp server this allows the dhcp server which supports option 82 can set the distribution policy of ip addresses and other parameters providing a more flexible way to distribute ip addresses 460

Dhcp server configuration 461

Enabling dhcp server 461

Using the gui 461

Enter the starting ip address and ending ip address to specify the range of reserved ip addresses click create 462

In the excluded ip address config section click 462

In the ping time config section configure ping packets and ping timeout for ping tests click apply 462

To load the following page to specify the ip addresses that should not be assigned to the clients 462

Configure the parameters for dhcp server pool then click create 463

Configuring dhcp server pool 463

Dhcp server pool defines the parameters that will be assigned to dhcp clients 463

Pool setting and click 463

To load the following page 463

Configuring manual binding 464

Some devices like web servers require static ip addresses to meet this requirement you can manually bind the mac address or client id of the device to an ip address and the dhcp server will reserve the bound ip address to this device at all times 464

Enabling dhcp server 465

Follow these steps to enable dhcp server and to configure ping packets and ping timeout 465

Manual binding and 465

Select a pool name and enter the ip address to be bound select a binding mode and finish the configuration accordingly click create 465

To load the following page 465

Using the cli 465

68 192 68 468

Configuring dhcp server pool 468

Follow these steps to configure dhcp server pool 468

No start ip address end ip address 468

Switch config end 468

Switch config ip dhcp server excluded address 192 68 192 68 468

Switch config show ip dhcp server excluded address 468

Switch configure 468

Switch copy running config startup config 468

The following example shows how to configure the 192 68 as the default gateway address and excluded ip address 468

Switch config ip dhcp server pool pool1 470

Switch configure 470

Switch dhcp config bootfile bootfile 470

Switch dhcp config default gateway 192 68 470

Switch dhcp config dns server 192 68 470

Switch dhcp config domain name com 470

Switch dhcp config lease 180 470

Switch dhcp config netbios name server 192 68 9 470

Switch dhcp config netbios node type b node 470

Switch dhcp config network 192 68 255 55 55 470

Switch dhcp config next server 192 68 0 470

The following example shows how to create a dhcp server pool with the parameters shown in table 2 1 470

Configuring manual binding 471

Pool name client id hardware address ip address hardware type bind mode 472

Pool1 74 d4 68 22 3f 34 192 68 3 ethernet mac address 472

Switch config ip dhcp server pool pool1 472

Switch configure 472

Switch dhcp config address 192 68 3 hardware address 74 d4 68 22 3f 34 hardware type ethernet 472

Switch dhcp config show ip dhcp server manual binding 472

The following example shows how to bind the ip address 192 68 3 in pool1 on the subnet of 192 68 to the host with the mac address 74 d4 68 22 3f 34 472

Switch copy running config startup config 473

Switch dhcp config end 473

Dhcp relay configuration 474

Enabling dhcp relay and configuring option 82 474

Using the gui 474

Optional in the option 82 config section configure option 82 475

And click 476

Click apply 476

Configuring dhcp interface relay 476

Configuring dhcp vlan relay 476

Dhcp interface relay 476

Dhcp interface relay allows clients to obtain ip addresses from a dhcp server in a different subnet 476

Dhcp vlan relay allows clients in different vlans to obtain ip addresses from a dhcp server using the ip address of a single agent interface it is often used when the relay switch does not support configuring multiple layer 3 interfaces 476

Select the interface type and enter the interface id then enter the ip address of the dhcp server click create 476

To load the following page 476

Enabling dhcp relay 478

Follow these steps to enable dhcp relay and configure the corresponding parameters 478

Switch configure 478

The following example shows how to enable dhcp relay configure the relay hops as 5 and configure the relay time as 10 seconds 478

Using the cli 478

Dhcp relay hops 5 479

Dhcp relay state enabled 479

Dhcp relay time threshold 10 seconds 479

Follow these steps to configure option 82 479

Optional configuring option 82 479

Switch config end 479

Switch config ip dhcp relay hops 5 479

Switch config ip dhcp relay time 10 479

Switch config service dhcp relay 479

Switch config show ip dhcp relay 479

Switch copy running config startup config 479

Gi1 0 7 enable replace normal vlan20 host1 n a 480

Interface option 82 status operation strategy format circuit id remote id lag 480

Switch config if ip dhcp relay information circut id vlan20 480

Switch config if ip dhcp relay information format normal 480

Switch config if ip dhcp relay information option 480

Switch config if ip dhcp relay information remote id host1 480

Switch config if ip dhcp relay information strategy replace 480

Switch config if show ip dhcp relay information interface gigabitethernet 1 0 7 480

Switch config interface gigabitethernet 1 0 7 480

Switch configure 480

The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 480

Configuring dhcp interface relay 481

Follow these steps to dhcp interface relay 481

Switch config if end 481

Switch copy running config startup config 481

You can specify a dhcp server for a layer 3 interface or for a vlan the following introduces how to configure dhcp interface relay and dhcp vlan relay respectively 481

Configuring dhcp vlan relay 482

Dhcp l2 relay configuration 485

Enabling dhcp l2 relay 485

Using the gui 485

Configuring option 82 for ports 486

Follow these steps to enable dhcp relay and configure option 82 486

Port config to load the following page 486

Select one or more ports to configure option 82 486

Click apply 487

Enabling dhcp l2 relay 487

Follow these steps to enable dhcp l2 relay 487

Using the cli 487

Configuring option 82 for ports 488

Follow these steps to configure option 82 488

Global status enable 488

Switch config end 488

Switch config ip dhcp l2relay 488

Switch config ip dhcp l2relay vlan 2 488

Switch config show ip dhcp l2relay 488

Switch configure 488

Switch copy running config startup config 488

The following example shows how to enable dhcp l2 relay globally and for vlan 2 488

Vlan id 2 488

Switch config if ip dhcp l2relay information circut id vlan20 489

Switch config if ip dhcp l2relay information format normal 489

Switch config if ip dhcp l2relay information option 489

Switch config if ip dhcp l2relay information remote id host1 489

Switch config if ip dhcp l2relay information strategy replace 489

Switch config interface gigabitethernet 1 0 7 489

Switch configure 489

The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 489

Configuration examples 491

Configuration scheme 491

Example for dhcp server 491

Network requirements 491

Using the gui 491

Example for dhcp interface relay 493

Network requirements 493

Using the cli 493

Verify the configuration 493

Before configuring dhcp interface relay create two dhcp ip pools on the dhcp server for the two departments respectively then create static routes or enable dynamic routing protocol like rip on the dhcp server to make sure the dhcp server can reach the clients in the two vlans 494

Configuration scheme 494

Configure 802 q vlan on the dhcp relay agent add all computers in the marketing department to vlan 10 and add all computers in the r d department to vlan 20 494

Configure dhcp interface relay on the dhcp relay agent enable dhcp relay globally and specify the dhcp server address for each vlan 494

Create vlan interfaces for vlan 10 and vlan 20 on the dhcp relay agent 494

In the given situation the dhcp server and the computers are isolated in different network segments so the dhcp requests from the clients cannot be directly forwarded to the dhcp server to assign ip addresses in two different subnets to two departments respectively we recommend you to configure dhcp interface relay to satisfy the requirement 494

In this example the dhcp server is demonstrated with t1600g 52ts and the dhcp relay agent is demonstrated with t1600g 28ts this section provides configuration procedures in two ways using the gui and using the cli 494

The overview of the configurations are as follows 494

The switch the marketing department is connected to port 1 0 1 of the relay agent and the r d department is connected to port 1 0 2 of the relay agent 494

Using the gui 495

Again to create vlan 20 for the r d department and add port 1 0 2 as an untagged port to the vlan 498

On the same page click 498

Using the cli 501

Example for dhcp vlan relay 503

Network requirements 503

Verify the configurations of the dhcp relay agent 503

Configuration scheme 504

Using the gui 505

Using the cli 508

Example for option 82 in dhcp relay 510

Network requirements 510

Verify the configurations of the dhcp relay agent 510

Configuration scheme 511

Configuring the dhcp relay switch 512

Using the gui 512

Using the cli 513

Configuring the dhcp server 514

Dhcp relay helper address is configured on the following interfaces 514

Dhcp relay state enabled 514

Gi1 0 1 enable replace normal default vlan port 514

Gi1 0 2 enable replace normal default vlan port 514

In this example the dhcp relay agent uses the default circuit id and remote id in tlv format according to packet formats described in table 1 1 and table 1 2 the sub options of the two groups are as shown in the following table 514

Interface helper address 514

Interface option 82 status operation strategy format circuit id 514

On the dhcp server you need to create two dhcp classes to identify the option 82 payloads of dhcp request packets from group 1 and group 2 respectively 514

Switch show ip dhcp relay information interface 514

View port settings 514

Vlan2 192 68 9 514

A enable dhcp l2 relay globally and on vlan 1 516

As the following figure shows two groups of computers are connected to switch a and switch a is connected to the dhcp server all devices on the network are in the default vlan 1 all computers get dynamic ip addresses from the dhcp server for management convenience the administrator wants to allocate separate address spaces for the two groups of computers 516

B configure option 82 on ports 1 0 1 and 1 0 2 516

Configuration scheme 516

Configuring switch a 516

Demonstrated with t1600g 28ts 5 configuring the dhcp relay switch provides configuration procedures in two ways using the gui and using the cli 516

Example for dhcp l2 relay 516

Network requirements 516

The overview of the configurations are as follows 516

To meet the requirements you can configure dhcp l2 relay on switch a to inform the dhcp server of the group information of each pc so that the dhcp server can assign ip addresses of different address pools to the pcs in different groups 516

Configuring the dhcp relay switch 517

Using the gui 517

Using the cli 518

Verify the configurations 519

Configuring the dhcp server 520

Ddns update style interim ignore client updates create two classes to match the pattern of option 82 in dhcp request packets from group 1 and group 2 respectively the agent circuit id inserted by the dhcp relay switch is 8 byte long in tlv format one byte for type one byte for length and 6 bytes for value therefore the offset is 2 and the length is 6 520

Gi1 0 2 enable replace normal group2 520

In this example the dhcp relay agent uses the customized circuit id and default remote id in tlv format according to packet format described in table 1 1 and table 1 2 the sub options of the two groups are as shown in the following table 520

Interface option 82 status operation strategy format circuit id 520

On the dhcp server you need to create two dhcp classes to identify the option 82 payloads of dhcp request packets from group 1 and group 2 respectively 520

Switch show ip dhcp l2relay information interface gigabitethernet 1 0 1 520

The configuration file etc dhcpd conf of the linux isc dhcp server is 520

Appendix default parameters 522

Default settings of dhcp server are listed in the following table 522

Default settings of dhcp relay are listed in the following table 523

Default settings of dhcp l2 relay are listed in the following table 524

Chapters 525

Configuring arp 525

Part 16 525

Arp table 526

Gratuitous arp 526

Overview 526

Proxy arp 526

Static arp 526

Supported features 526

Local proxy arp 527

Local proxy arp is similar with proxy arp as shown below two hosts are in the same vlan and connected to vlan interface 1 but port 1 0 1 and port 1 0 2 are isolated on layer 2 in this case both of the hosts cannot receive each other s arp request so they cannot communicate with each other because they cannot learn each other s mac address using arp packets 527

To solve this problem you can enable local proxy arp on the layer 3 interface and the interface will respond the arp request sender with its own mac address after that the arp request sender sends packets to the layer 3 interface and the interface forwards the packets to the intended device 527

Arp configurations 528

Using the gui 528

Viewing the arp entries 528

Adding static arp entries manually 529

Configuring gratuitous arp 529

Enter the ip address and mac address then click create 529

Gratuitous arp to load the following page 529

Static arp and click 529

To load the following page 529

You can add desired static arp entries by mannually specifying the ip addresses and mac addresses 529

Configuring proxy arp 530

Follow these steps to configure the gratuitous feature for the interface 530

In the gratuitous arp global settings section configure the global parameters for gratuitous arp then click apply 530

In the gratuitous arp table section configure the interval of sending gratuitous arp request packets for the interface then click apply 530

Proxy arp is used in the situation that two devices are in the same network segment but connected to different layer 3 interfaces 530

Proxy arp to load the following page 530

Configuring local proxy arp 531

Local proxy arp is used in the situation that two devices are in the same vlan but isolated on the layer 2 ports 531

Local proxy arp to load the following page 531

Select the desired interface and enable local proxy arp then click apply 531

Select the desired interface and enable proxy arp then click apply 531

Adding static arp entries 532

Configuring the aging time of dynamic arp entries 532

Configuring the arp entry 532

Follow these steps to add static arp entries 532

Follow these steps to configure the aging time of dynamic arp entries 532

Interface address hardware addr type 532

Switch config arp 192 68 00 11 22 33 44 55 arpa 532

Switch config end 532

Switch config show arp 192 68 532

Switch configure 532

Switch copy running config startup config 532

This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 532

Using the cli 532

Vlan1 192 68 00 11 22 33 44 55 static 532

Clearing dynamic entries 533

Renewing dynamic arp entries automatically 533

Switch config arp timeout 1000 533

Switch config end 533

Switch configure 533

Switch copy running config startup config 533

This example shows how to configure the aging time of dynamic arp entries as 1000 seconds 533

Configuring gratuitous arp globally 534

Configuring the gratuitous arp 534

Follow these steps to add static arp entries 534

On privileged exec mode or any other configuration mode you can use the following command to view arp entries 534

This example shows how to enable send on ip interface status up send on duplicate ip detected and gratuitous arp learning features 534

Viewing arp entries 534

Configuring interval of sending gratuitous arp packets 535

Follow these steps to configure gratuitous arp packets for layer 3 interfaces 535

Gi1 0 18 0 535

Gratuitous arp learning enabled 535

Interface gratuitous arp periodical send interval 535

Send on duplicate ip detected enabled 535

Send on ip interface status up enabled 535

Switch config end 535

Switch config gratuitous arp dup ip detected enable 535

Switch config gratuitous arp intf status up enable 535

Switch config gratuitous arp learning enable 535

Switch config show gratuitous arp 535

Switch configure 535

Switch copy running config startup config 535

Vlan1 0 535

Configuring proxy arp 536

Configuring local proxy arp 537

Follow these steps to local proxy arp on the vlan interface routed port or port channel 537

Interface ip address ip mask status 537

Switch config if end 537

Switch config if ip proxy arp 537

Switch config if show ip proxy arp 537

Switch config interface vlan 1 537

Switch configure 537

Switch copy running config startup config 537

This example shows how to enable proxy arp function for vlan interface 1 537

Vlan 1 192 68 255 55 55 enabled 537

Interface ip address ip mask status 538

Switch config if end 538

Switch config if ip local proxy arp 538

Switch config if show ip local proxy arp 538

Switch config interface vlan 1 538

Switch configure 538

Switch copy running config startup config 538

This example shows how to enable local proxy arp function for vlan interface 1 538

Vlan 1 192 68 255 55 55 enabled 538

Appendix default parameters 539

Default arp settings are listed in the following tables 539

Chapters 540

Configuring qos 540

Part 17 540

Bandwidth control 541

Class of service 541

Overview 541

Supported features 541

Voice vlan and auto voip 541

Class of service configuration 543

Configuration guidelines 543

Click apply 544

Configuring port priority 544

Configuring the trust mode and port to 802 p mapping 544

Follow these steps to configure the parameters of the port priority 544

Port priority to load the following page 544

Select the desired ports specify the 802 p priority and set the trust mode as untrusted 544

Using the gui 544

Configuring 802 p priority 546

Click apply 548

Configuring dscp priority 548

Configuring the trust mode 548

Follow these steps to configure the trust mode 548

Port priority to load the following page 548

Select the desired ports and set the trust mode as trust dscp 548

Click apply 550

Configuring the dscp to 802 p mapping and the dscp remap 550

Dscp priority to load the following page 550

Follow these steps to configure the dscp priority 550

In the dscp priority config section configure the dscp to 802 p mapping and the dscp remap 550

Specifying the scheduler settings 551

Click apply 552

Configuring port priority 552

Configuring the trust mode and the port to 802 p mapping 552

Follow these steps to configure the trust mode and the port to 802 p mapping 552

Using cli 552

Configuring the 802 p to queue mapping 553

Follow these steps to configure the 802 p to queue mapping 553

Configuring 802 p priority 554

Configuring the 802 p to queue mapping and 802 p remap 555

Follow these steps to configure the 802 p to queue mapping and 802 p remap 555

Configuring dscp priority 557

Configuring the 802 p to queue mapping 557

Configuring the trust mode 557

Dot1p remap 0 3 2 3 4 5 6 7 n a 557

Follow these steps to configure the 802 p to queue mapping 557

Follow these steps to configure the trust mode 557

Switch config end 557

Switch copy running config startup config 557

Configuring the dscp to 802 p mapping and dscp remp 558

Follow these steps to configure the dscp to 802 p mapping and dscp remap 558

Dscp 16 17 18 19 20 21 22 23 561

Dscp 24 25 26 27 28 29 30 31 561

Dscp 32 33 34 35 36 37 38 39 561

Dscp 40 41 42 43 44 45 46 47 561

Dscp 48 49 50 51 52 53 54 55 561

Dscp 56 57 58 59 60 61 62 63 561

Dscp remap value 16 17 18 19 20 21 22 23 561

Dscp remap value 24 25 26 27 28 29 30 31 561

Dscp remap value 32 33 34 35 36 37 38 39 561

Dscp remap value 40 41 42 43 44 45 46 47 561

Dscp remap value 48 49 50 51 52 53 54 55 561

Dscp remap value 56 57 58 59 60 61 62 63 561

Follow these steps to specify the scheduler settings to control the forwarding sequence of different tc queues when congestion occurs 561

Specifying the scheduler settings 561

Switch config if end 561

Switch copy running config startup config 561

Gi1 0 1 lag n a 562

Queue schedule mode weight 562

Switch config if qos queue 1 mode sp 562

Switch config if qos queue 4 mode wrr weight 5 562

Switch config if show qos queue interface gigabitethernet 1 0 1 562

Switch config interface gigabitethernet 1 0 1 562

Switch configure 562

Tc0 wrr 1 562

The following example shows how to specify the scheduler settings for port 1 0 1 set the scheduler mode of tc1 as sp mode set the scheduler mode of tc4 as wrr mode and set the queue weight as 5 562

Bandwidth control configuration 564

Configuring rate limit 564

Using the gui 564

Configuring storm control 565

Follow these steps to configure the storm control function 565

Select the desired port and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames unknown unicast frames 565

Storm control to load the following page 565

Click apply 566

Configuring rate limit 566

Follow these steps to configure the upper rate limit for the port to receive and send packets 566

Using the cli 566

Configuring storm control 567

Follow these steps to configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames 567

Gi1 0 5 5120 1024 n a 567

Port ingressrate kbps egressrate kbps lag 567

Switch config if bandwidth ingress 5120 egress 1024 567

Switch config if end 567

Switch config if show bandwidth interface gigabitethernet 1 0 5 567

Switch config interface gigabitethernet 1 0 5 567

Switch configure 567

Switch copy running config startup config 567

The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 567

Gi1 0 5 kbps 1024 0 0 shutdown 10 n a 569

Port rate mode bcrate mcrate ulrate exceed recover time lag 569

Switch config if end 569

Switch config if show storm control interface gigabitethernet 1 0 5 569

Switch config if storm control broadcast 1024 569

Switch config if storm control exceed shutdown recover time 10 569

Switch config if storm control rate mode kbps 569

Switch config interface gigabitethernet 1 0 5 569

Switch configure 569

Switch copy running config startup config 569

The following example shows how to configure the upper rate limit of broadcast packets as 1024 kbps specify the action as shutdown and set the recover time as 10 for port 1 0 5 569

Configuring oui addresses 570

Using the gui 570

Voice vlan configuration 570

Click create 571

Configuring voice vlan globally 571

Follow these steps to configure the oui addresses 571

Global config to load the following page 571

Specify the oui and the description 571

To load the following page 571

Adding ports to voice vlan 572

Click apply 572

Enable the voice vlan feature and specify the parameters 572

Follow these steps to configure voice vlan globally 572

Port config to load the following page 572

Select the desired ports and choose enable in voice vlan filed 572

Click apply 573

Follow these steps to configure voice vlan 573

Using the cli 573

Auto voip configuration 576

Configuration guidelines 576

Using the gui 576

Click apply 577

Follow these steps to configure auto voip 577

Using the cli 577

Configuration examples 581

Configuration scheme 581

Example for class of service 581

Network requirements 581

Using the gui 582

Using the cli 584

Verify the configurations 585

Example for voice vlan 586

Network requirements 586

Configuration scheme 587

Configure 802 q vlan for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 587

Configure voice vlan feature on port 1 0 1 and port 1 0 2 587

Demonstrated with t1600g 28ts the following sections provide configuration procedure in two ways using the gui and using the cli 587

Internet 587

To implement this requirement you can configure voice vlan to ensure that the voice traffic can be transmitted in the same vlan and the data traffic is transmitted in another vlan in addition specify the priority to make the voice traffic can take precedence when the congestion occurs 587

To load the following page create vlan 2 and add untagged port 1 0 1 port 1 0 2 and port 1 0 4 to vlan 2 click create 587

Using the gui 587

Vlan config and click 587

Using the cli 591

Verify the configurations 593

Example for auto voip 594

Network requirements 594

Configuration scheme 595

Using the gui 595

Select port 1 0 2 set the scheduler mode as weighted and specify the queue weight as 10 for tc 7 click apply 598

Using the cli 600

Verify the configurations 601

Appendix default parameters 605

Default settings of class of service are listed in the following tables 605

Default settings of class of service are listed in the following tables 607

Default settings of voice vlan are listed in the following tables 607

Default settings of auto voip are listed in the following tables 608

Chapters 609

Configuring access security 609

Part 18 609

Access control 610

Access security 610

Overview 610

Supported features 610

Telnet 610

Access security configurations 611

Configuring the access control feature 611

Using the gui 611

In the entry table section click 612

To add an access control entry 612

When the ip based mode is selected the following window will pop up 612

When the mac based mode is selected the following window will pop up 612

Click create then you can view the created entries in the entry table 613

When the port based mode is selected the following window will pop up 613

Configuring the http function 614

Configuring the https function 616

In the ciphersuite config section select the algorithm to be enabled and click apply 617

In the session config section specify the session timeout and click apply 617

In the load certificate and load key section download the certificate and key 618

In the number of access users section enable number control function specify the following parameters and click apply 618

Configuring the ssh feature 619

Configuring the telnet function 620

Enable telnet and click apply 620

In data integrity algorithm section enable the integrity algorithm you want the switch to support and click apply 620

In import key file section select key type from the drop down list and click browse to download the desired key file 620

In the encryption algorithm section enable the encryption algorithm you want the switch to support and click apply 620

Telnet config to load the following page 620

Configuring the access control 621

Follow these steps to configure the access control 621

Using the cli 621

68 00 32 snmp telnet http https 622

Configuring the http function 622

Follow these steps to configure the http function 622

Index ip address access interface 622

Switch config end 622

Switch config show user configuration 622

Switch config user access control ip based 192 68 00 255 55 55 55 snmp telnet http https 622

Switch config user access control ip based enable 622

Switch configure 622

Switch copy running config startup config 622

The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 55 and make the switch support snmp telnet http and https 622

User authentication mode ip based 622

Http max users as admin 6 623

Http max users as operator 2 623

Http max users as power user 2 623

Http max users as user 2 623

Http port 80 623

Http session timeout 9 623

Http status enabled 623

Http user limitation enabled 623

Switch config end 623

Switch config ip http max user 6 2 2 2 623

Switch config ip http server 623

Switch config ip http session timeout 9 623

Switch config show ip http configuration 623

Switch configure 623

The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 623

Configuring the https function 624

Follow these steps to configure the https function 624

Switch copy running config startup config 624

The following example shows how to configure the https function enable all the protocol versions including ssl 3 tls 1 tls 1 and tls1 enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the maximum admin number as 2 the maximum operator number as 2 the maximum power user number as 2 the maximum user 625

Configuring the ssh feature 627

Follow these steps to configure the ssh function 627

Aes192 cbc disabled 629

Aes256 cbc disabled 629

Begin ssh2 public key 629

Blowfish cbc disabled 629

Cast128 cbc enabled 629

Comment dsa key 20160711 629

Configuring the telnet function 629

Data integrity algorithm 629

Des cbc disabled 629

Follow these steps enable the telnet function 629

Hmac md5 enabled 629

Hmac sha1 disabled 629

Key file 629

Key type ssh 2 rsa dsa 629

Switch config end 629

Switch copy running config startup config 629

Appendix default parameters 630

Default settings of access security are listed in the following tables 630

Chapters 632

Configuring aaa 632

Part 19 632

Overview 633

Aaa configuration 634

Configuration guidelines 634

Adding servers 635

Using the gui 635

Adding tacacs server 636

Click create to add the radius server on the switch 636

Click create to add the tacacs server on the switch 636

Configure the following parameters 636

Follow these steps to add a tacacs server 636

Tacacs config and click 636

To load the following page 636

Configuring server groups 637

Configuring the method list 638

Click apply 639

Click create to add the new method 639

Configuring the aaa application list 639

Follow these steps to configure the aaa application list 639

Global config to load the following page 639

In the aaa application list section select an access application and configure the login list and enable list 639

Configuring login account and enable password 640

Adding radius server 641

Adding servers 641

Follow these steps to add radius server on the switch 641

Using the cli 641

You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server with the highest priority authenticates the users trying to access the switch and the others act as backup servers in case the first one breaks down 641

68 0 1812 1813 5 2 000aeb132397 123456 642

Adding tacacs server 642

Follow these steps to add tacacs server on the switch 642

Server ip auth port acct port timeout retransmit nas identifier shared key 642

Switch config end 642

Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 642

Switch config show radius server 642

Switch configure 642

Switch copy running config startup config 642

The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 642

68 0 49 8 123456 643

Configuring server groups 643

Server ip port timeout shared key 643

Switch config end 643

Switch config show tacacs server 643

Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 643

Switch configure 643

Switch copy running config startup config 643

The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 643

The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 643

The two default server groups cannot be deleted or edited follow these steps to add a server group 643

A method list describes the authentication methods and their sequence to authenticate the users the switch supports login method list for users of all types to gain access to the switch and enable method list for guests to get administrative privileges 644

Configuring the method list 644

Follow these steps to configure the method list 644

Switch aaa group end 644

Switch aaa group server 192 68 0 644

Switch aaa group show aaa group radius1 644

Switch config aaa group radius radius1 644

Switch configure 644

Switch copy running config startup config 644

The following example shows how to create a radius server group named radius1 and add the existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 644

Default local 645

Enable1 radius local 645

Login1 radius local 645

Methodlist pri1 pri2 pri3 pri4 645

Switch config aaa authentication enable enable1 radius local 645

Switch config aaa authentication login login1 radius local 645

Switch config end 645

Switch config show aaa authentication enable 645

Switch config show aaa authentication login 645

Switch configure 645

Switch copy running config startup config 645

The following example shows how to create a login method list named login1 and configure the method 1 as the default radius server group and the method 2 as local 645

The following example shows how to create an enable method list named enable1 and configure the method 1 as the default radius server group and the method 2 as local 645

Configuring the aaa application list 646

Follow these steps to apply the login and enable method lists for the application telnet 646

Module login list enable list 646

Switch config line enable authentication enable1 646

Switch config line login authentication login1 646

Switch config line show aaa global 646

Switch config line telnet 646

Switch configure 646

Switch copy running config startup config 646

Telnet 646

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 646

You can configure authentication method lists on the following access applications telnet ssh and http 646

Follow these steps to apply the login and enable method lists for the application ssh 647

Http default default 647

Module login list enable list 647

Ssh default default 647

Switch config line enable authentication enable1 647

Switch config line end 647

Switch config line login authentication login1 647

Switch config line show aaa global 647

Switch config line ssh 647

Switch configure 647

Switch copy running config startup config 647

Telnet login1 enable1 647

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 647

Follow these steps to apply the login and enable method lists for the application http 648

Http default default 648

Http login1 enable1 648

Module login list enable list 648

Ssh default default 648

Ssh login1 enable1 648

Switch config ip http enable authentication enable1 648

Switch config ip http login authentication login1 648

Switch config line end 648

Switch config show aaa global 648

Switch configure 648

Switch copy running config startup config 648

Telnet default default 648

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application http 648

Configuring login account and enable password 649

On the server 649

On the switch 649

Some configuration principles on the server are as follows 649

Switch config end 649

Switch copy running config startup config 649

The accounts created by the radius tacacs server can only view the configurations and some network information without the enable password 649

The local username and password for login can be configured in the user management feature for details refer to managing system 649

The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 649

To configure the local enable password for getting administrative privileges follow these steps 649

Configuration example 651

Configuration scheme 651

Network requirements 651

Using the gui 652

Using the cli 654

Verify the configuration 655

Appendix default parameters 657

Default settings of aaa are listed in the following tables 657

Chapters 659

Configuring 802 x 659

Part 20 659

Overview 660

Configuring the radius server 661

Using the gui 661

X configuration 661

Click apply 662

Configure the parameters of the radius server 662

Configuring the radius server group 662

Follow these steps to add the radius server to a server group 662

If you click 662

Server group to load the following page 662

The following window will pop up select a radius server and click save 662

To add a new server group 662

To edit the default radius server group or click 662

Configuring 802 x globally 664

Follow these steps to configure 802 x global parameters 664

Global config to load the following page 664

In the accounting dot1x method section select an existing radius server group for accounting from the pri1 drop down list and click apply 664

In the global config section configure the following parameters 664

Click apply 665

Configuring 802 x on ports 665

Follow these steps to configure 802 x authentication on the desired port 665

Port config to load the following page 665

Select one or more ports and configure the following parameters 665

Click apply 666

Authenticator state to load the following page 667

On this page you can view the authentication status of each port 667

View the authenticator state 667

Configuring the radius server 668

Follow these steps to configure radius 668

Using the cli 668

The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 669

Configuring 802 x globally 670

The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 671

Authentication protocol pap 672

Configuring 802 x on ports 672

Follow these steps to configure the port 672

Handshake state enabled 672

Switch config dot1x auth protocol pap 672

Switch config dot1x system auth control 672

Switch config end 672

Switch config show dot1x global 672

Switch configure 672

Switch copy running config startup config 672

X accounting state disabled 672

X state enabled 672

X vlan assignment state disabled 672

3 unauthorized n a 674

Gi1 0 2 disabled disabled 0 auto port based 674

Maxreq quietperiod supptimeout authorized lag 674

Port state mab state guestvlan portcontrol portmethod 674

Switch config if dot1x 674

Switch config if dot1x port method port based 674

Switch config if end 674

Switch config if show dot1x interface gigabitethernet 1 0 2 674

Switch config interface gigabitethernet 1 0 2 674

Switch configure 674

Switch copy running config startup config 674

The following example shows how to enable 802 x authentication on port 1 0 2 configure the control type as port based and keep other parameters as default 674

Viewing authenticator state 674

You can view the authenticator state if needed you can also initialize or reauthenticate the specific client 674

Configuration example 676

Configuration scheme 676

Network requirements 676

Network topology 676

Demonstrated with t1600g 52ts acting as the authenticator the following sections provide configuration procedure in two ways using the gui and using the cli 677

Internet 677

Radius config and click 677

To load the following page configure the parameters of the radius server and click create 677

Using the gui 677

Using the cli 679

Verify the configurations 680

Appendix default parameters 682

Default settings of 802 x are listed in the following table 682

Chapters 683

Configuring port security 683

Part 21 683

Overview 684

Follow these steps to configure port security 685

Port security configuration 685

Port security to load the following page 685

Select one or more ports and configure the following parameters 685

Using the gui 685

Click apply 686

Follow these steps to configure port security 686

Using the cli 686

The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 enable exceed max leaned feature and configure the mode as permanent and the status as drop 687

Appendix default parameters 689

Default settings of port security are listed in the following table 689

Chapters 690

Configuring acl 690

Part 22 690

Configuration guidelines 691

Overview 691

Acl configuration 692

Configuring time range 692

Creating an acl 692

Using the gui 692

Configuring acl rules 693

Configuring mac acl rule 693

Follow these steps to configure the mac acl rule 694

In the mac acl rule section configure the following parameters 694

In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 695

In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 695

Click apply 696

In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 696

In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 696

Configuring ip acl rule 697

Follow these steps to configure the ip acl rule 698

In the ip acl rule section configure the following parameters 698

In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 699

In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 699

In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 699

Click apply 700

Click edit acl for a combined acl entry to load the following page 700

Configuring combined acl rule 700

In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 700

Follow these steps to configure the combined acl rule 702

In the combined acl rule section configure the following parameters 702

In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 704

In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 704

Click apply 705

Click edit acl for an ipv6 acl entry to load the following page 705

Configuring the ipv6 acl rule 705

In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 705

In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 705

In the policy section enable or disable the mirroring feature for the matched packets with this option enabled choose a destination port to which the packets will be mirrored 708

In the policy section enable or disable the rate limit feature for the matched packets with this option enabled configure the related parameters 708

In the policy section enable or disable the redirect feature for the matched packets with this option enabled choose a destination port to which the packets will be redirected 708

Click apply 709

Click edit acl for an entry you have created and you can view the rule table we take ip acl rules table for example 709

In the policy section enable or disable the qos remark feature for the matched packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 709

The rules in an acl are listed in ascending order of their rule ids the switch matches a received packet with the rules in order when a packet matches a rule the switch stops the match process and performs the action defined in the rule 709

Viewing the acl rules 709

Binding the acl to a port 710

Configuring acl binding 710

Configuring acl 712

Configuring time range 712

Follow the steps to create different types of acl and configure the acl rules 712

Follow these steps to configure mac acl 712

Mac acl 712

Some acl based services or features may need to be limited to take effect only during a specified time period in this case you can configure a time range for the acl for details about time range configuration please refer to managing system 712

Using the cli 712

You can define the rules based on source or destination ip address source or destination mac address protocol type port number and others 712

Switch configure 713

The following example shows how to create mac acl 50 and configure rule 5 to permit packets with source mac address 00 34 a2 d4 34 b5 713

Ip acl 714

Combined acl 716

Combined access list 2600 name acl_2600 718

Follow these steps to configure ipv6 acl 718

Ipv6 acl 718

Rule 1 permit logging disable vid 2 sip 192 68 00 sip mask 255 55 55 55 718

Switch config access list combined 1100 logging disable rule 1 permit vid 2 sip 192 68 00 sip mask 255 55 55 55 718

Switch config access list create 1100 718

Switch config end 718

Switch config show access list 2600 718

Switch configure 718

Switch copy running config startup config 718

The following example shows how to create combined acl 1100 and configure rule 1 to deny packets with source ip address 192 68 00 in vlan 2 718

Configuring policy 720

Mac access list 10 name acl_10 721

Redirect the matched packets to port 1 0 4 for rule 1 of mac acl 10 721

Switch config access list action 10 rule 1 721

Switch config action exit 721

Switch config action redirect interface gigabitethernet 1 0 4 721

Switch config show access list 10 721

Switch configure 721

Configuring acl binding 722

Follow the steps below to bind acl to a port or a vlan 722

Rule 5 permit logging disable action redirect gi1 0 4 722

Sswitch config show access list bind 722

Switch config access list bind 1 interface vlan 4 gigabitethernet 1 0 3 722

Switch config end 722

Switch configure 722

Switch copy running config startup config 722

The following example shows how to bind acl 1 to port 3 and vlan 4 722

You can bind the acl to a port or a vlan the received packets on the port or in the vlan will then be matched and processed according to the acl rules an acl takes effect only after it is bound to a port or vlan 722

Acl id acl name interface vid direction type 723

Acl_1 4 ingress vlan 723

Acl_1 gi1 0 3 ingress port 723

Switch config end 723

Switch copy running config startup config 723

Viewing acl counting 723

You can use the following command to view the number of matched packets of each acl in the privileged exec mode and any other configuration mode 723

Configuration example for acl 724

Configuration example for mac acl 724

Configuration scheme 724

Network requirements 724

Using the gui 725

In the same way configure rule 15 to deny packets with destination mac address 40 61 86 fc 71 56 and apply the time range of work hours 728

Configure rule 25 to permit all the packets that do not match neither of the above rules 729

Acl binding and click 730

To load the following page bind acl 100 to port 1 0 2 to make it take effect 730

Using the cli 731

Verify the configurations 731

Configuration example for ip acl 732

Network requirements 732

Configuration scheme 733

Using the gui 733

In the same way configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and tcp 443 https service port 735

In the same way configure rule 4 and rule 5 to permit packets with source ip 10 0 0 and with destination port tcp 53 or udp 53 dns service port 737

Using the cli 739

Verify the configurations 740

Configuration example for combined acl 741

Configuration scheme 741

Network requirements 741

Using the gui 742

Configure rule 5 to permit packets with the source mac address 6c 62 6d f5 ba 48 and destination port tcp 23 telnet service port 743

Configure rule 15 to deny all the packets except the packet with source mac address 6c 62 6d f5 ba 48 and destination port tcp 23 telnet service port 744

In the same way configure rule 25 to permit all the packets the rule makes sure that all devices can get other network services normally 745

Using the cli 747

Verify the configurations 748

Appendix default parameters 749

The default settings of acl are listed in the following tables 749

Chapters 751

Configuring ipv4 impb 751

Part 23 751

Arp detection 752

Ip mac binding 752

Ipv4 impb 752

Ipv4 source guard 752

Overview 752

Supported features 752

Binding entries manually 753

Ip mac binding configuration 753

Using the gui 753

Enter the following information to specify a host 754

Follow these steps to manually create an ip mac binding entry 754

Manual binding and click 754

Select protect type for the entry 754

To load the following page 754

Binding entries via arp scanning 755

Binding entries via dhcp snooping 756

In the scanning result section select one or more entries and configure the relevant parameters then click bind 756

With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 756

Additionally you select one or more entries to edit the host name and protect type and click apply 758

Binding table to load the following page 758

Binding table to view or edit the entries 758

In the binding table you can view search and edit the specified binding entries 758

Viewing the binding entries 758

You can specify the search criteria to search your desired entries 758

Binding entries manually 759

Binding entries via arp scanning is not supported by the cli the following sections introduce how to bind entries manually and via dhcp snooping and view the binding entries 759

Follow these steps to manually bind entries 759

Using the cli 759

You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 759

Here arp d for arp detection and ip v s for ip verify source 760

Host1 192 68 5 74 d4 35 76 a4 d8 10 gi1 0 5 arp d manual 760

Notice 760

Switch config end 760

Switch config ip source binding host1 192 68 5 74 d4 35 76 a4 d8 vlan 10 interface gigabitethernet 1 0 5 arp detection 760

Switch config show ip source binding 760

Switch configure 760

Switch copy running config startup config 760

The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address 74 d4 35 76 a4 d8 vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 760

U host ip addr mac addr vid port acl source 760

Binding entries via dhcp snooping 761

Follow these steps to bind entries via dhcp snooping 761

Global status enable 761

Switch config if ip dhcp snooping max entries 100 761

Switch config if show ip dhcp snooping 761

Switch config interface gigabitethernet 1 0 1 761

Switch config ip dhcp snooping 761

Switch config ip dhcp snooping vlan 5 761

Switch configure 761

The following example shows how to enable dhcp snooping globally and on vlan 5 and set the maximum number of binding entries port 1 0 1 can learn via dhcp snooping as 100 761

Viewing binding entries 762

Adding ip mac binding entries 763

Arp detection configuration 763

Enabling arp detection 763

Using the gui 763

Configuring arp detection on ports 764

In the vlan config section enable arp detection on the selected vlans click apply 764

Port config to load the following page 764

Arp statistics to load the following page 765

Click apply 765

Follow these steps to configure arp detection on ports 765

Select one or more ports and configure the parameters 765

Viewing arp statistics 765

You can view the number of the illegal arp packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 765

Adding ip mac binding entries 766

Enabling arp detection 766

Follow these steps to enable arp detection 766

In arp detection the switch detects the arp packets based on the binding entries in the ip mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 766

In the auto refresh section you can enable the auto refresh feature and specify the refresh interval and thus the web page will be automatically refreshed 766

In the illegal arp packet section you can view the number of illegal arp packets in each vlan 766

Using the cli 766

Configuring arp detection on ports 767

Switch config if ip arp inspection limit rate 20 768

Switch config if ip arp inspection trust 768

Switch config interface gigabitethernet 1 0 2 768

Switch configure 768

The following example shows how to set port 1 02 as a trusted port and set limit rate as 20 pps and burst interval as 2 seconds on port 1 0 2 768

Viewing arp statistics 769

Adding ip mac binding entries 770

Configuring ipv4 source guard 770

Ipv4 source guard configuration 770

Using the gui 770

Adding ip mac binding entries 771

Configuring ipv4 source guard 771

Follow these steps to configure ipv4 source guard 771

In ipv4 source guard the switch filters the packets that do not match the rules of ipv4 mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 771

In the global config section choose whether to enable the log feature click apply 771

In the port config section configure the protect type for ports and click apply 771

Using the cli 771

Gi1 0 1 sip mac n a 772

Port security type lag 772

Switch config if end 772

Switch config if ip verify source sip mac 772

Switch config if show ip verify source interface gigabitethernet 1 0 1 772

Switch config interface gigabitethernet 1 0 1 772

Switch configure 772

Switch copy running config startup config 772

The following example shows how to enable ipv4 source guard on port 1 0 1 772

Configuration examples 773

Configuration scheme 773

Example for arp detection 773

Network requirements 773

Using the gui 774

Using the cli 776

Verify the configuration 777

Configuration scheme 778

Example for ip source guard 778

Network requirements 778

Using the gui 778

Using the cli 780

Verify the configuration 780

Appendix default parameters 782

Default settings of arp detection are listed in the following table 782

Default settings of dhcp snooping are listed in the following table 782

Default settings of ipv4 source guard are listed in the following table 783

Chapters 784

Configuring ipv6 impb 784

Part 24 784

Ipv6 impb 785

Ipv6 mac binding 785

Nd detection 785

Overview 785

Supported features 785

Internet 786

Ipv6 source guard 786

Ipv6 source guard is used to filter the ipv6 packets based on the ipv6 mac binding table only the packets that match the binding rules are forwarded 786

Binding entries manually 787

Ipv6 mac binding configuration 787

Using the gui 787

Click apply 788

Enter or select the port that is connected to this host 788

Enter the following information to specify a host 788

Follow these steps to manually create an ipv6 mac binding entry 788

Select protect type for the entry 788

Binding entries via nd snooping 789

Binding entries via dhcpv6 snooping 790

Additionally you select one or more entries to edit the host name and protect type and click apply 792

Binding table to load the following page 792

Binding table to view or edit the entries 792

In the binding table you can view search and edit the specified binding entries 792

Viewing the binding entries 792

You can specify the search criteria to search your desired entries 792

Binding entries manually 793

Follow these steps to manually bind entries 793

The following sections introduce how to bind entries manually and via nd snooping and dhcp snooping and how to view the binding entries 793

Using the cli 793

You can manually bind the ipv6 address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 793

Host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff 10 gi1 0 5 nd d manual 794

Switch config end 794

Switch config ipv6 source binding host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff vlan 10 interface gigabitethernet 1 0 5 nd detection 794

Switch config show ipv6 source binding 794

Switch configure 794

Switch copy running config startup config 794

The following example shows how to bind an entry with the hostname host1 ipv6 address 2001 0 9d38 90d5 34 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for nd detection 794

U host ip addr mac addr vid port acl source 794

Binding entries via nd snooping 795

Follow these steps to bind entries via nd snooping 795

Global status enable 795

Switch config ipv6 nd snooping 795

Switch config ipv6 nd snooping vlan 1 795

Switch config show ipv6 nd snooping 795

Switch configure 795

The following example shows how to enable nd snooping globally and on vlan 1 795

Vlan id 1 795

Binding entries via dhcpv6 snooping 796

Follow these steps to bind entries via dhcp snooping 796

Gi1 0 1 1000 n a 796

Interface max entries lag 796

Switch config end 796

Switch config if end 796

Switch config if ipv6 nd snooping max entries 1000 796

Switch config if show ipv6 nd snooping interface gigabitethernet 1 0 1 796

Switch config interface gigabitethernet 1 0 1 796

Switch configure 796

Switch copy running config startup config 796

The following example shows how to configure the maximum number of entries that can be learned on port 1 0 1 796

Viewing binding entries 797

Adding ipv6 mac binding entries 798

Enabling nd detection 798

Nd detection configuration 798

Using the gui 798

Click apply 799

Configuring nd detection on ports 799

Follow these steps to configure nd detection on ports 799

Port config to load the following page 799

Select one or more ports and configure the parameters 799

Viewing nd statistics 799

You can view the number of the illegal nd packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 799

Adding ipv6 mac binding entries 800

Enabling nd detection 800

Using the cli 800

Configuring nd detection on ports 801

Enable disable 801

Follow these steps to configure nd detection on ports 801

Global status enable 801

Switch config end 801

Switch config ipv6 nd detection 801

Switch config ipv6 nd detection vlan 1 801

Switch config show ipv6 nd detection 801

Switch config show ipv6 nd detection vlan 801

Switch configure 801

Switch copy running config startup config 801

The following example shows how to enable nd detection globally and on vlan 1 801

Vid enable status log status 801

Gi1 0 1 enable n a 802

Interface trusted lag 802

On privileged exec mode or any other configuration mode you can use the following command to view nd statistics 802

Switch config if end 802

Switch config if ipv6 nd detection trust 802

Switch config if show ipv6 nd detection interface gigabitethernet 1 0 1 802

Switch config interface gigabitethernet 1 0 1 802

Switch configure 802

Switch copy running config startup config 802

The following example shows how to configure port 1 0 1 as trusted port 802

Viewing nd statistics 802

Adding ipv6 mac binding entries 803

Configuring ipv6 source guard 803

Ipv6 source guard configuration 803

Using the gui 803

Adding ipv6 mac binding entries 804

Before configuring ipv6 source guard you need to configure the sdm template as enterprisev6 804

Click apply 804

Configuring ipv6 source guard 804

Follow these steps to configure ipv6 source guard 804

The nd detection feature allows the switch to detect the nd packets based on the binding entries in the ipv6 mac binding table and filter out the illegal nd packets before configuring nd detection complete ipv6 mac binding configuration for details refer to ipv6 mac binding configuration 804

Using the cli 804

Gi1 0 1 sipv6 mac n a 805

Port security type lag 805

Switch config if end 805

Switch config if ipv6 verify source sipv6 mac 805

Switch config if show ipv6 verify source interface gigabitethernet 1 0 1 805

Switch config interface gigabitethernet 1 0 1 805

Switch configure 805

Switch copy running config startup config 805

The following example shows how to enable ipv6 source guard on port 1 0 1 805

Configuration examples 806

Configuration scheme 806

Example for nd detection 806

Network requirements 806

Using the gui 807

Using the cli 809

Verify the configuration 809

Example for ipv6 source guard 810

Network requirements 810

Configuration scheme 811

Using the gui 811

Using the cli 813

Verify the configuration 813

Appendix default parameters 814

Default settings of dhcp snooping are listed in the following table 814

Default settings of nd detection are listed in the following table 814

Default settings of ipv6 source guard are listed in the following table 815

Chapters 816

Configuring dhcp filter 816

Part 25 816

Dhcp filter 817

Overview 817

Supported features 817

Dhcpv4 filter 818

Dhcpv4 filter is used for dhcpv4 servers and ipv4 clients 818

Dhcpv6 filter 818

Dhcpv6 filter is used for dhcpv6 servers and ipv6 clients 818

Configuring the basic dhcpv4 filter parameters 819

Dhcpv4 filter configuration 819

Using the gui 819

Click apply 820

Click create 821

Configure the following parameters 821

Configuring legal dhcpv4 servers 821

Configuring the basic dhcpv4 filter parameters 821

Follow these steps to add a legal dhcpv4 server 821

Follow these steps to complete the basic settings of dhcpv4 filter 821

Legal dhcpv4 servers and 821

To load the following page 821

Using the cli 821

Configuring legal dhcpv4 servers 823

68 00 all gi1 0 1 824

Server ip client mac interface 824

Switch config end 824

Switch config ip dhcp filter server permit entry server ip 192 68 00 client mac all interface gigabitethernet 1 0 1 824

Switch config show ip dhcp filter server permit entry 824

Switch configure 824

Switch copy running config startup config 824

The following example shows how to create an entry for the legal dhcpv4 server whose ip address is 192 68 00 and connected port number is 1 0 1 without client mac address restricted 824

Configuring the basic dhcpv6 filter parameters 825

Dhcpv6 filter configuration 825

Using the gui 825

Click apply 826

Configure the following parameters 826

Configuring legal dhcpv6 servers 826

Follow these steps to add a legal dhcpv6 server 826

Legal dhcpv6 servers and 826

To load the following page 826

Click create 827

Configuring the basic dhcpv6 filter parameters 827

Follow these steps to complete the basic settings of dhcpv6 filter 827

Using the cli 827

Configuring legal dhcpv6 servers 828

54 gi1 0 1 829

Server ip interface 829

Switch config end 829

Switch config ipv6 dhcp filter server permit entry server ip 2001 54 interface gigabitethernet 1 0 1 829

Switch config show ipv6 dhcp filter server permit entry 829

Switch configure 829

Switch copy running config startup config 829

The following example shows how to create an entry for the legal dhcpv6 server whose ipv6 address is 2001 54 and connected port number is 1 0 1 829

Configuration examples 830

Configuration scheme 830

Example for dhcpv4 filter 830

Network requirements 830

Using the gui 831

Using the cli 832

Verify the configuration 832

Example for dhcpv6 filter 833

Network requirements 833

Configuration scheme 834

Using the gui 834

Using the cli 836

Verify the configuration 836

54 gi1 0 1 837

Server ip interface 837

Appendix default parameters 838

Default settings of dhcpv4 filter are listed in the following table 838

Chapters 839

Configuring dos defend 839

Part 26 839

Overview 840

Dos defend configuration 841

Dos defend to load the following page 841

Follow these steps to configure dos defend 841

In the dos defend config section select one or more defend types according to your needs and click apply the following table introduces each type of dos attack 841

In the dos defend section enable dos protection and click apply 841

Using the gui 841

Click apply 842

Follow these steps to configure dos defend 842

Using the cli 842

Appendix default parameters 845

Default settings of network security are listed in the following tables 845

Chapters 846

Monitoring the system 846

Part 27 846

Overview 847

Monitoring the cpu 848

Using the cli 848

Using the gui 848

Monitoring the memory 850

Using the cli 850

Using the gui 850

Unit current memory utilization 851

Traffic monitor 853

Using the gui 853

To view a port s traffic statistics in detail click statistics on the right side of the entry 854

On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 857

Using the cli 857

Appendix default parameters 858

Chapters 859

Mirroring traffic 859

Part 29 859

Mirroring 860

Using the gui 860

Follow these steps to configure the mirroring session 861

In the destination port config section specify a destination port for the mirroring session and click apply 861

In the source interfaces config section specify the source interfaces and click apply traffic passing through the source interfaces will be mirrored to the destination port there are three source interface types port lag and cpu choose one or more types according to your need 861

Follow these steps to configure mirroring 862

Switch config monitor session 1 destination interface gigabitethernet 1 0 10 862

Switch configure 862

The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 and the cpu to port 1 0 10 862

Using the cli 862

Configuration examples 864

Configuration scheme 864

Network requirements 864

Using the gui 864

Using the cli 865

Verify the configuration 866

Appendix default parameters 867

Default settings of switching are listed in th following tables 867

Chapters 868

Configuring dldp 868

Part 30 868

Overview 869

Configuration guidelines 870

Dldp configuration 870

Using the gui 870

In the port config section select one or more ports enable dldp and click apply then you can view the relevant dldp information in the table 871

Follow these steps to configure dldp 872

Switch configure 872

The following example shows how to enable dldp globally configure the dldp interval as 10 seconds and specify the shutdown mode as auto 872

Using the cli 872

Appendix default parameters 874

Default settings of dldp are listed in the following table 874

Chapters 875

Configuring snmp rmon 875

Part 31 875

Basic concepts 876

Overview 876

Snmp agent 876

Snmp manager 876

Snmp engine 878

Snmp entity 878

Snmp version 878

Enabling snmp 880

Snmp configurations 880

Using the gui 880

Click apply 881

Creating an snmp view 881

Follow these steps to create an snmp view 881

Global config to load the following page 881

Nms manages mib objects based on the snmp view an snmp view is a subset of a mib the system provides a default view named viewdefault and you can create other snmp views according to your needs 881

To load the following page enter a view name and specify the view type and a mib object that is related to the view 881

Click create 882

Creating snmp communities for snmp v1 v2c 882

Set the community name access rights and the related view 882

Snmp v1 v2c and click 882

To load the following page 882

Assign a name to the group then set the security level and the read view write view and notify view 883

Click create 883

Create an snmp group and configure related parameters 883

Creating an snmp group for snmp v3 883

Follow these steps to create an snmp group 883

Snmp group and click 883

To load the following page 883

Click create 884

Creating snmp users for snmp v3 884

Follow these steps to create an snmp user 884

Snmp user and click 884

Specify the user name user type and the group which the user belongs to then configure the security level 884

To load the following page 884

Click create 885

Enabling snmp 885

If you have chosen authnopriv or authpriv as the security level you need to set corresponding authentication mode or privacy mode if not skip the step 885

Using the cli 885

Bad snmp version errors 886

Snmp agent is enabled 886

Snmp packets input 886

Switch config show snmp server 886

Switch config snmp server 886

Switch config snmp server engineid remote 123456789a 886

Switch configure 886

The following example shows how to enable snmp and set 123456789a as the remote engine id 886

Unknown community name 886

Bad value errors 887

Creating an snmp view 887

Encoding errors 887

General errors 887

Get next pdus 887

Get request pdus 887

Illegal operation for community name supplied 887

Local engine id 80002e5703000aeb13a23d 887

No such name errors 887

Number of altered variables 887

Number of requested variables 887

Remote engine id 123456789a 887

Response pdus 887

Set request pdus 887

Snmp packets output 887

Specify the oid object identifier of the view to determine objects to be managed 887

Switch config end 887

Switch config show snmp server engineid 887

Switch copy running config startup config 887

Too big errors maximum packet size 1500 887

Trap pdus 887

Creating snmp communities for snmp v1 v2c 888

Create an snmp group and set user access control with read write and notify views meanwhile set the authentication and privacy modes to secure the communication between the nms and managed devices 889

Creating an snmp group for snmpv3 889

Index name type mib view 889

Nms monitor read write view 889

Switch config end 889

Switch config show snmp server community 889

Switch config snmp server community nms monitor read write view 889

Switch configure 889

Switch copy running config startup config 889

The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 889

1 nms1 v3 authpriv view1 view1 890

No name sec mode sec lev read view write view notify view 890

Switch config end 890

Switch config show snmp server group 890

Switch config snmp server group nms1 smode v3 slev authpriv read view1 notify view1 890

Switch configure 890

Switch copy running config startup config 890

The following example shows how to create an snmpv3 group with the group name as nms1 the security level as authpriv and the read and notify view are both view1 890

Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 891

Creating snmp users for snmpv3 891

Configuring the information of nms hosts 893

Notification configurations 893

Using the gui 893

Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 894

Click create 894

Specify the user name or community name used by the nms host and configure the security model and security level based on the settings of the user or community 894

Enabling snmp traps 895

Select the traps to enable according to your needs 895

The supported traps are listed on the page follow these steps to enable any or all of these traps 895

Trap config to load the following page 895

Click apply 896

Configure parameters of the nms host and packet handling mechanism 897

Configuring the nms host 897

Using the cli 897

Enabling snmp traps 898

Enabling the snmp extended traps globally 899

Switch config end 899

Switch config snmp server traps snmp linkup 899

Switch configure 899

Switch copy running config startup config 899

The following example shows how to configure the switch to send linkup traps 899

Switch config end 900

Switch config snmp server traps bandwidth control 900

Switch configure 900

Switch copy running config startup config 900

The following example shows how to configure the switch to enable bandwidth control traps 900

Enabling the snmp security traps globally 901

Enabling the vlan traps globally 901

Switch config end 901

Switch config snmp server traps vlan 901

Switch configure 901

Switch copy running config startup config 901

The following example shows how to configure the switch to enable all the snmp vlan traps 901

Enabling the acl trap globally 902

Enabling the ip traps globally 902

Switch config end 902

Switch config snmp server traps acl 902

Switch config snmp server traps security dhcp filter 902

Switch configure 902

Switch copy running config startup config 902

The following example shows how to configure the switch to enable acl trap 902

The following example shows how to configure the switch to enable dhcp filter trap 902

Enabling the snmp poe traps globally 903

Switch config end 903

Switch config snmp server traps ip change 903

Switch configure 903

Switch copy running config startup config 903

The following example shows how to configure the switch to enable ip change trap 903

Enabling the link status trap for ports 904

Switch config end 904

Switch config if end 904

Switch config if snmp server traps link status 904

Switch config interface gigabitethernet 1 0 1 904

Switch config snmp server traps power 904

Switch configure 904

Switch copy running config startup config 904

The following example shows how to configure the switch to enable all poe traps 904

The following example shows how to configure the switch to enable link status trap 904

Configuring statistics group 906

Rmon configurations 906

Using the gui 906

Click create 907

Configuring history group 907

Follow these steps to configure the history group 907

History to load the following page 907

Select a history entry and specify a port to be monitored 907

Set the sample interval and the maximum buckets of history entries 907

Choose an event entry and set the snmp user of the entry 908

Configuring event group 908

Enter the owner name and set the status of the entry click apply 908

Event to load the following page 908

Follow these steps to configure the event group 908

Set the description and action to be taken when the event is triggered 908

Alarm to load the following page 909

Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 909

Configuring alarm group 909

Enter the owner name and set the status of the entry click apply 909

Follow these steps to configure the alarm group 910

Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 910

Set the sample type the rising and falling threshold the corresponding event action mode and the alarm type of the entry 910

Configuring statistics 911

Enter the owner name and set the status of the entry click apply 911

Using the cli 911

Gi1 0 1 monitor valid 912

Gi1 0 2 monitor valid 912

Index port owner state 912

Switch config end 912

Switch config rmon statistics 1 interface gigabitethernet 1 0 1 owner monitor status valid 912

Switch config rmon statistics 2 interface gigabitethernet 1 0 2 owner monitor status valid 912

Switch config show rmon statistics 912

Switch configure 912

Switch copy running config startup config 912

The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entries are both monitor and the status are both valid 912

Configuring history 913

Gi1 0 1 100 50 monitor enable 913

Index port interval buckets owner state 913

Switch config end 913

Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor buckets 50 913

Switch config show rmon history 913

Switch configure 913

The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds maximum buckets as 50 and the owner as monitor 913

Configuring event 914

Switch config rmon event 1 user admin description rising notify type notify owner monitor 914

Switch configure 914

Switch copy running config startup config 914

The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 914

Admin rising notify notify monitor enable 915

Configuring alarm 915

Index user description type owner state 915

Switch config end 915

Switch config show rmon event 915

Switch copy running config startup config 915

Configuration example 918

Network requirements 918

Configuration scheme 919

Using the gui 919

Using the cli 924

Verify the configurations 926

Appendix default parameters 930

Default settings of snmp are listed in the following tables 930

Default settings of notification are listed in the following table 931

Default settings of rmon are listed in the following tables 932

Chapters 934

Diagnosing the device network 934

Part 32 934

Check the test results in the result section 935

Device diagnostics to load the following page 935

Diagnosing the device 935

Follow these steps to diagnose the cable 935

Select your desired port for the test and click apply 935

The device diagnostics feature provides cable testing which allows you to troubleshoot based on the connection status cable length and fault location 935

Using the gui 935

Gi1 0 2 pair a normal 2 10m 936

On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 936

Pair b normal 2 10m 936

Pair c normal 0 10m 936

Pair d normal 2 10m 936

Port pair status length error 936

Switch show cable diagnostics interface gigabitehternet 1 0 2 936

The following example shows how to check the cable diagnostics of port 1 0 2 936

Using the cli 936

Diagnosing the network 937

Troubleshooting with ping testing 937

Using the gui 937

Troubleshooting with tracert testing 938

Approximate round trip times in milli seconds 939

Configuring the ping test 939

In the tracert result section check the test results 939

Minimum 0ms maximum 0ms average 0ms 939

On privileged exec mode you can use the following command to test the connectivity between the switch and one node of the network 939

Packets sent 3 received 3 lost 0 0 loss 939

Ping statistics for 192 68 0 939

Pinging 192 68 0 with 1000 bytes of data 939

Reply from 192 68 0 bytes 1000 time 16ms ttl 64 939

Switch ping ip 192 68 0 n 3 l 1000 i 500 939

The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 939

Using the cli 939

Configuring the tracert test 940

Ms 1 ms 2 ms 192 68 940

Ms 2 ms 2 ms 192 68 00 940

On privileged exec mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 940

Switch tracert 192 68 00 2 940

The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 940

Trace complete 940

Tracing route to 192 68 00 over a maximum of 2 hops 940

Appendix default parameters 941

Default settings of network diagnostics are listed in the following tables 941

Chapters 942

Configuring system logs 942

Part 33 942

Overview 943

Backing up the logs 944

Configuration guidelines 944

Configure the local logs 944

Configure the remote logs 944

Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 944

System logs configurations 944

System logs configurations include 944

Viewing the log table 944

Click apply 945

Configuring the local logs 945

Configuring the remote logs 945

Follow these steps to configure the local logs 945

Local logs to load the following page 945

Select your desired channel and configure the corresponding severity and status 945

Using the gui 945

You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log 945

Backing up the logs 946

Log table to load the following page 947

Select a module and a severity to view the corresponding log information 947

Viewing the log table 947

Configuring the local logs 948

Follow these steps to configure the local logs 948

Using the cli 948

Configuring the remote logs 949

6 disable 950

68 48 5 enable 950

Index host ip severity status 950

Switch config end 950

Switch config logging host index 2 192 68 48 5 950

Switch config show logging loghost 950

Switch configure 950

Switch copy running config startup config 950

The following example shows how to set the remote log on the switch enable log server 2 set its ip address as 192 68 48 and allow logs of levels 0 to 5 to be sent to the server 950

Configuration example 951

Configuration scheme 951

Network requirements 951

Using the gui 951

Using the cli 952

Verify the configurations 952

Appendix default parameters 953

Default settings of maintenance are listed in the following tables 953

Fcc statement 954

Bsmi notice 955

Ce mark warning 955

Eu declaration of conformity 955

Industry canada statement 955

Safety information 956

限用物質含有情況標示聲明書 956

Explanation of the symbols on the product label 957

Copyright trademarks 958

Tp-Link T1600G-28TS V3 [712/958] Using the cli

Содержание

Похожие устройства