Tp-Link T1700G-28TQ V3 Руководство пользователя онлайн

The following example shows how to set the device name as switch_a set the location as beijing and set the contact information as http www tp link com 55

Configuring the system time 56

Follow these steps to configure the system time 56

Backup ntp server 139 8 00 63 58

Last successful ntp server 133 00 58

Prefered ntp server 133 00 58

Switch config show system time ntp 58

Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 58

Switch configure 58

The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 58

Time zone utc 08 00 58

Configuring the daylight saving time 59

Follow these steps to configure the daylight saving time 59

Switch config end 59

Switch copy running config startup config 59

Update rate 11 hour s 59

Dst configuration is one off 60

Dst ends at 01 00 00 on sep 1 2017 60

Dst offset is 50 minutes 60

Dst starts at 01 00 00 on aug 1 2017 60

Switch config end 60

Switch config show system time dst 60

Switch config system time dst date aug 1 01 00 2017 sep 1 01 00 2017 50 60

Switch configure 60

Switch copy running config startup config 60

The following example shows how to set the daylight saving time by date mode set the start time as 01 00 august 1st 2017 set the end time as 01 00 september 1st 2017 and set the offset as 50 60

Creating accounts 61

User management configurations 61

Using the gui 61

Click create 62

Configure the following parameters 62

Configuring enable password 62

Follow these steps to create a new user account 62

Global config to load the following page 62

Creating accounts 63

Using the cli 63

Configuring enable password 65

Follow these steps to create an account of other type 65

The logged in users can enter the enable password on this page to get the administrative privileges 66

Configuring the boot file 68

System tools configurations 68

Using the gui 68

Click apply 69

Follow these steps to configure the boot file 69

In the boot table section select one or more units and configure the relevant 69

In the image table you can view the information of the current startup image next startup image and backup image the displayed information is as follows 69

Parameters 69

Backing up the configuration file 70

Restoring the configuration of the switch 70

Upgrading the firmware 71

Configuring reboot schedule 72

Manually rebooting the switch 72

Rebooting the switch 72

Choose whether to save the current configuration before the reboot 73

Click apply 73

Configuring the boot file 73

Follow these steps to configure the boot file 73

In the system reset section select the desired unit and click reset after reset all configurations of the switch will be reset to the factory defaults 73

Reseting the switch 73

System reset to load the following page 73

Using the cli 73

Backup config config2 cfg 74

Backup image image2 bin 74

Boot config 74

Current startup config config2 cfg 74

Current startup image image2 bin 74

Follow these steps to restore the configuration of the switch 74

Next startup config config1 cfg 74

Next startup image image1 bin 74

Restoring the configuration of the switch 74

Switch config boot application filename image1 startup 74

Switch config boot application filename image2 backup 74

Switch config boot config filename config1 startup 74

Switch config boot config filename config2 backup 74

Switch config end 74

Switch config show boot 74

Switch configure 74

Switch copy running config startup config 74

The following example shows how to set the next startup image as image1 the backup image as image2 the next startup configuration file as config1 and the backup configuration file as config2 74

Backing up the configuration file 75

Backup user config file ok 75

Enable 75

Follow these steps to back up the current configuration of the switch in a file 75

Follow these steps to upgrade the firmware 75

Operation ok now rebooting system 75

Start to backup user config file 75

Start to load user config file 75

Switch copy startup config tftp ip address 192 68 00 filename file2 75

Switch copy tftp startup config ip address 192 68 00 filename file1 75

The following example shows how to backup the configuration file named file2 to tftp server with ip address 192 68 00 75

The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 75

Upgrading the firmware 75

Configuring reboot schedule 76

Enable 76

Follow these steps to configure the reboot schedule 76

Follow these steps to reboot the switch 76

It will only upgrade the backup image continue y n y 76

Manually rebooting the switch 76

Operation ok 76

Reboot with the backup image y n y 76

Rebooting the switch 76

Switch firmware upgrade ip address 192 68 00 filename file3 bin 76

The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 76

Reboot schedule at 2017 08 15 12 00 in 25582 minutes 77

Reboot schedule settings 77

Reboot system at 15 08 2017 12 00 continue y n y 77

Save before reboot yes 77

Switch config end 77

Switch config reboot schedule at 12 00 15 08 2017 save_before_reboot 77

Switch configure 77

Switch copy running config startup config 77

The following example shows how to set the switch to reboot at 12 00 on 15 08 2017 77

Follow these steps to reset the switch 78

Reseting the switch 78

Click apply 79

Eee configuration 79

Eee to load the following page 79

Enable or disable eee on the selected port s 79

Follow these steps to configure eee 79

In the eee config section select one or more ports to be configured 79

Using the cli 79

In sdm template config section select one template and click apply the setting will be effective after the switch is rebooted 81

Sdm template configuration 81

Sdm template to load the following page 81

The template table displays the resources allocation of each template 81

Using the gui 81

Follow these steps to configure the sdm template 82

Switch config 82

The following example shows how to set the sdm template as enterprisev4 82

Using the cli 82

Adding time range entries 84

Time range configuration 84

Using the gui 84

Configure the following parameters and click create 85

Period time is the sum of all the periods in the table click create 85

Similarly you can add more entries of period time according to your needs the final 85

Configuring holiday 86

Adding time range entries 87

Follow these steps to add time range entries 87

Using the cli 87

08 00 to 20 00 on 1 2 88

10 01 2017 to 10 31 2017 88

Configuring holiday 88

Follow these steps to configure holiday time range 88

Holiday exclude 88

Number of time slice 1 88

Switch config 88

Switch config time range absolute from 10 01 2017 to 10 31 2017 88

Switch config time range end 88

Switch config time range holiday exclude 88

Switch config time range periodic start 08 00 end 20 00 day of the week 1 2 88

Switch config time range show time range 88

Switch config time range time1 88

Switch copy running config startup config 88

The following example shows how to create a time range entry and set the name as time1 holiday mode as exclude absolute time as 10 01 2017 to 10 31 2017 and periodic time as 8 00 to 20 00 on every monday and tuesday 88

Time range entry 12 inactive 88

Time range entry time1 inactive 88

Appendix default parameters 90

Default settings of system info are listed in the following tables 90

Default settings of system tools are listed in the following table 90

Default settings of user management are listed in the following table 90

Default setting of eee is listed in the following table 91

Default settings of sdm template are listed in the following table 91

Default settings of time range are listed in the following table 91

Chapters 92

Configuring stack 92

Part 3 92

Basic concepts 93

Overview 93

Stack topology 93

Roles in a stack 94

Stack master election and re election 94

Unit id 94

Configuration synchronization 95

Stack merge 95

Provisioned configuration 96

Stack split 96

The following table lists the events that occur when the stack compares the provisioned configuration with the provisioned switch what configuration will be applied to the new member and what will happen to the provisioned configuration file 97

Configuration guidelines 98

Stack configuration 98

Configuring the basic stack parameters for each switch 99

Follow these steps to configure the basic stack parameters 99

In the stack member config section configure the unit id and priority value for the 99

Stack config to load the following page 99

Switch and click apply 99

Using the gui 99

In the stack port config section enable the stack capability of stack ports and click 100

Optional provision a new member for the stack 100

The stack ports in the switch work in ethernet mode by default configure the ethernet ports as stack ports before connecting them to build up a stack 100

You can use the provision feature to pre configure a new switch before it joins the stack 100

Connect all the switches through their stack ports 101

In the stack info section you can view the global information of the stack 102

In the stack member info section you can view the information of the stack members 102

Stack info to load the following page 102

Viewing the stack information 102

Configuring the basic stack parameters for each switch 103

Follow these steps to configure the unit id and priority value and enable the stack port for each switch 103

In the stack port info section you can choose one unit and view the its stack ports information 103

Using cli 103

Do you want to continue y n y 104

Stack topo solo 104

Switch config show switch 1 104

Switch config switch 1 priority 15 104

Switch config switch 1 renumber 4 104

Switch configure 104

Switch stack mac address 50 c7 bf 07 5f 0e 104

The following example shows how to renumber stack unit1 as unit4 and configure its priority value as 15 104

Warning changing the unit number may result in a configuration change for that unit the interface configuration associated with the old unit number will remain as a provisioned configuration 104

Optional provision a new member for the stack 105

Connect all the switches through their stack ports 106

Configuration examples 107

Configuration scheme 107

Example for ring stack application 107

Network requirements 107

Using the gui 107

Using the cli 110

Configuration scheme 112

Example for replacing a switch in a stack 112

Network requirements 112

Using the gui 112

Using the cli 114

Appendix default parameters 116

Default settings of stack are listed in the following table 116

Chapters 117

Managing physical interfaces 117

Part 4 117

Basic parameters 118

Loopback detection 118

Overview 118

Physical interface 118

Port isolation 118

Supported features 118

Basic parameters configurations 119

Configure the mtu size of jumbo frames for all the ports then click apply 119

Follow these steps to configure basic parameters for the ports 119

Port config to load the following page 119

Select one or more ports to configure the basic parameters then click apply 119

Using the gui 119

Follow these steps to set basic parameters for the ports 120

Using the cli 120

Switch config if no shutdown 121

Switch config interface gigabitethernet 1 0 1 121

Switch configure 121

Switch jumbo size 9216 121

The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port configuring the jumbo frame making the port automatically negotiate speed and duplex with the neighboring port and enabling the flow control 121

Port isolation configurations 123

Using the gui 123

Click apply 124

Follow these steps to configure port isolation 124

In the forwarding port list section select the forwarding ports or lags which the 124

In the port section select one or multiple ports to be isolated 124

Isolated ports can only communicate with it is multi optional 124

Using the cli 124

Gi1 0 5 n a gi1 0 1 3 po4 125

Port lag forward list 125

Switch config if end 125

Switch config if port isolation gi forward list 1 0 1 3 po forward list 4 125

Switch config if show port isolation interface gigabitethernet 1 0 5 125

Switch config interface gigabitethernet 1 0 5 125

Switch configure 125

Switch copy running config startup config 125

The following example shows how to add ports 1 0 1 3 and lag 4 to the forwarding list of port 1 0 5 125

Loopback detection configuration 126

Using the gui 126

Detection parameters then click apply 127

In the port config section select one or more ports to configure the loopback 127

Optional view the loopback detection information 127

Follow these steps to configure loopback detection 128

Using the cli 128

Configuration examples 130

Configuration scheme 130

Example for port isolation 130

Network requirements 130

Using the gui 131

Using the cli 132

Verify the configuration 132

Configuration scheme 133

Example for loopback detection 133

Network requirements 133

Using the gui 134

Using the cli 135

Verify the configuration 135

Appendix default parameters 136

Default settings of switching are listed in th following tables 136

Chapters 137

Configuring lag 137

Part 5 137

Overview 138

Static lag 138

Supported features 138

Configuration guidelines 139

Lag configuration 139

Configuring load balancing algorithm 140

In the global config section select the load balancing algorithm hash algorithm then click apply 140

Lag table to load the following page 140

Load balancing algorithm is effective only for outgoing traffic if the data stream is not 140

Only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address you can set the algorithm 140

Please properly choose the load balancing algorithm to avoid data stream transferring 140

Using the gui 140

Well shared by each link you can change the algorithm of the outgoing interface 140

Configuring static lag or lacp 141

Configuring lacp 142

Follow these steps to configure lacp 142

Lacp to load the following page 142

Select member ports for the lag and configure the related parameters click apply 142

Specify the system priority for the switch and click apply 142

Configuring load balancing algorithm 143

Follow these steps to configure the load balancing algorithm 143

Using the cli 143

Configuring static lag or lacp 144

Etherchannel load balancing addresses used per protocol 144

Etherchannel load balancing configuration src dst mac 144

Ipv4 source xor destination mac address 144

Ipv6 source xor destination mac address 144

Non ip source xor destination mac address 144

Switch config end 144

Switch config port channel load balance src dst mac 144

Switch config show etherchannel load balance 144

Switch configure 144

Switch copy running config startup config 144

The following example shows how to set the global load balancing mode as src dst mac 144

You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 144

Configuring static lag 145

Flags d down p bundled in port channel u in use 145

Follow these steps to configure static lag 145

Group port channel protocol ports 145

I stand alone h hot standby lacp only s suspended 145

Po2 s gi1 0 5 d gi1 0 6 d gi1 0 7 d gi1 0 8 d 145

R layer3 s layer2 f failed to allocate aggregator 145

Switch config if range channel group 2 mode on 145

Switch config if range end 145

Switch config if range show etherchannel 2 summary 145

Switch config interface range gigabitethernet 1 0 5 8 145

Switch configure 145

Switch copy running config startup config 145

The following example shows how to add ports1 0 5 8 to lag 2 and set the mode as static lag 145

U unsuitable for bundling w waiting to be aggregated d default port 145

Configuring lacp 146

Follow these steps to configure lacp 146

Configuration examples 148

Configuration scheme 148

Example for static lag 148

Network requirements 148

Using the gui 148

Using the cli 149

Verify the configuration 149

Configuration scheme 150

Example for lacp 150

Network requirements 150

Using the gui 151

Using the cli 152

Verify the configuration 153

Gi1 0 10 sa down 2 0x1 0 0xa 0x45 154

Gi1 0 9 sa down 1 0x1 0 0x9 0x45 154

Appendix default parameters 155

Default settings of switching are listed in the following tables 155

Chapters 156

Managing mac address table 156

Part 6 156

Address configurations 157

Mac address table 157

Overview 157

Supported features 157

Adding static mac address entries 159

Mac address configurations 159

Using the gui 159

Click apply 161

Dynamic address to load the following page 161

Follow these steps to modify the aging time of dynamic address entries 161

In the aging config section enable auto aging and enter your desired length of time 161

Modifying the aging time of dynamic address entries 161

Adding mac filtering address entries 162

Viewing address table entries 162

Adding static mac address entries 163

Address table and click 163

Follow these steps to add static mac address entries 163

To load the following page 163

Using the cli 163

Modifying the aging time of dynamic address entries 164

Adding mac filtering address entries 165

Aging time is 500 sec 165

Follow these steps to add mac filtering address entries 165

Switch config end 165

Switch config mac address table aging time 500 165

Switch config show mac address table aging time 165

Switch configure 165

Switch copy running config startup config 165

The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 165

Appendix default parameters 167

Default settings of the mac address table are listed in the following tables 167

Chapters 168

Configuring 802 q vlan 168

Part 7 168

Overview 169

Q vlan configuration 170

Configuring the vlan 171

Using the gui 171

Click apply 172

Configuring port parameters for 802 q vlan 172

Port config to load the following page 172

Select a port and configure the parameters click apply 172

Creating a vlan 173

Follow these steps to create a vlan 173

Switch config vlan 2 173

Switch config vlan name rd 173

Switch config vlan show vlan id 2 173

Switch configure 173

The following example shows how to create vlan 2 and name it as rd 173

Using the cli 173

Adding the port to the specified vlan 174

Follow these steps to add the port to the specified vlan 174

Port gi1 0 5 174

Pvid 2 174

Rd active 174

Switch config if show interface switchport gigabitethernet 1 0 5 174

Switch config if switchport general allowed vlan 2 tagged 174

Switch config interface gigabitethernet 1 0 5 174

Switch config vlan end 174

Switch configure 174

Switch copy running config startup config 174

The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as tagged 174

Vlan name status ports 174

Acceptable frame type all 175

Configuring the port 175

Follow these steps to configure the port 175

Ingress checking enable 175

Link type general 175

Member in lag n a 175

Member in vlan 175

Rd tagged 175

Switch config if end 175

Switch copy running config startup config 175

System vlan untagged 175

Vlan name egress rule 175

Configuration example 177

Configuration scheme 177

Network requirements 177

Department_a add port 1 0 2 as an untagged port and port 1 0 4 as a tagged port to vlan 10 click create 178

Network topology 178

The configurations of switch 1 and switch 2 are similar the following introductions take switch 1 as an example 178

The figure below shows the network topology host a1 and host a2 are in department a while host b1 and host b2 are in department b switch 1 and switch 2 are located in two different places host a1 and host b1 are connected to port 1 0 2 and port 1 0 3 on switch 1 respectively while host a2 and host b2 are connected to port 1 0 6 and port 1 0 7 on switch 2 respectively port 1 0 4 on switch 1 is connected to port 1 0 8 on switch 2 178

The following sections provide configuration procedure in two ways using the gui and using the cli 178

To load the following page create vlan 10 with the description of 178

Using the gui 178

Vlan config and 178

Using the cli 181

Verify the configurations 182

Appendix default parameters 184

Default settings of 802 q vlan are listed in the following table 184

Chapters 185

Configuring mac vlan 185

Part 8 185

Overview 186

Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 186

The figure below shows a common application scenario of mac vlan 186

Two departments share all the meeting rooms in the company but use different servers and l 186

Vlan is generally divided by ports it is a common way of division but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office at different times a terminal device may access the network via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their mac vlans even when their access ports change 186

Binding the mac address to the vlan 187

Configuring 802 q vlan 187

Mac vlan configuration 187

Using the gui 187

Enabling mac vlan for the port 188

19 56 8a 4c 71 dept a 10 189

Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 189

Binding the mac address to the vlan 189

Configuring 802 q vlan 189

Follow these steps to bind the mac address to the vlan 189

Mac addr name vlan id 189

Switch config end 189

Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 189

Switch config show mac vlan vlan 10 189

Switch configure 189

The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 189

Using the cli 189

Enabling mac vlan for the port 190

Follow these steps to enable mac vlan for the port 190

Gi1 0 1 enable 190

Gi1 0 2 disable 190

Port status 190

Switch config if end 190

Switch config if mac vlan 190

Switch config if show mac vlan interface 190

Switch config interface gigabitethernet 1 0 1 190

Switch configure 190

Switch copy running config startup config 190

The following example shows how to enable mac vlan for port 1 0 1 190

Configuration example 191

Configuration scheme 191

Create vlan 10 and vlan 20 on each of the three switches and add the ports to the 191

Network requirements 191

Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 191

Vlans based on the network topology for the ports connecting the laptops set the 191

You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 191

Using the gui 192

Using the cli 197

Verify the configurations 199

Appendix default parameters 201

Default settings of mac vlan are listed in the following table 201

Chapters 202

Configuring protocol vlan 202

Part 9 202

Overview 203

Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze specific fields of received packets encapsulate the packets in specific formats and forward the packets with different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services 203

The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 203

Configuring 802 q vlan 204

Protocol vlan configuration 204

Using the gui 204

Check whether your desired template already exists in the protocol template config 205

Creating protocol template 205

Follow these steps to create a protocol template 205

Protocol template to load the following page 205

Section if not click 205

To create a new template 205

Click create 206

Configuring protocol vlan 206

Follow these steps to configure the protocol group 206

In the protocol group config section specify the following parameters 206

Protocol vlan group and 206

To load the following page 206

Before configuring protocol vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 207

Configuring 802 q vlan 207

Creating a protocol template 207

Follow these steps to create a protocol template 207

Select the desired ports click create 207

Using the cli 207

Arp ethernetii ether type 0806 208

At snap ether type 809b 208

Configuring protocol vlan 208

Follow these steps to configure protocol vlan 208

Index protocol name protocol type 208

Ip ethernetii ether type 0800 208

Ipv6 ethernetii ether type 86dd 208

Ipx snap ether type 8137 208

Rarp ethernetii ether type 8035 208

Switch config end 208

Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 208

Switch config show protocol vlan template 208

Switch configure 208

Switch copy running config startup config 208

The following example shows how to create an ipv6 protocol template 208

Arp ethernetii ether type 0806 209

At snap ether type 809b 209

Index protocol name protocol type 209

Index protocol name vid priority member 209

Ip ethernetii ether type 0800 209

Ipv6 10 0 209

Ipv6 ethernetii ether type 86dd 209

Ipx snap ether type 8137 209

Rarp ethernetii ether type 8035 209

Switch config if protocol vlan group 1 209

Switch config if show protocol vlan vlan 209

Switch config interface gigabitethernet 1 0 2 209

Switch config protocol vlan vlan 10 priority 5 template 6 209

Switch config show protocol vlan template 209

Switch config show protocol vlan vlan 209

Switch configure 209

The following example shows how to bind the ipv6 protocol template to vlan 10 and add port 1 0 2 to protocol vlan 209

A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 211

Configuration example 211

Configuration scheme 211

Network requirements 211

The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 211

You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 211

Using the gui 213

To save the settings 218

Using the cli 219

Verify the configurations 221

Appendix default parameters 223

Default settings of protocol vlan are listed in the following table 223

Chapters 224

Configuring layer 2 multicast 224

Part 10 224

Layer 2 multicast 225

Overview 225

A member port is a port on snooping switch that is connecting to the host 226

A router port is a port on snooping switch that is connecting to the igmp querier 226

A snooping switch indicates a switch with igmp snooping enabled the switch maintains a multicast forwarding table by snooping on the igmp transmissions between the host and the querier with the multicast forwarding table the switch can forward multicast data only to the ports that are in the corresponding multicast group so as to constrain the flooding of multicast data in the layer 2 network 226

An igmp querier is a multicast router a router or a layer 3 switch that sends query messages to maintain a list of multicast group memberships for each attached network and a timer for each membership 226

Demonstrated as below 226

Igmp querier 226

Member port 226

Normally only one device acts as querier per physical network if there are more than one multicast router in the network a querier election process will be implemented to determine which one acts as the querier 226

Router port 226

Snooping switch 226

The following basic concepts of igmp snooping will be introduced igmp querier snooping switch router port and member port 226

Layer 2 multicast protocol for ipv4 igmp snooping 227

Layer 2 multicast protocol for ipv6 mld snooping 227

Multicast filtering 227

Multicast vlan registration mvr 227

Supported features 227

Configuring igmp snooping globally 228

Igmp snooping configuration 228

Using the gui 228

And click 229

Before configuring igmp snooping for vlans set up the vlans that the router ports and the member ports are in for details please refer to configuring 802 q vlan 229

Choose the menu 229

Click apply 229

Configuring igmp snooping for vlans 229

Global config 229

Igmp vlan confi 229

In your desired vlan entry in the 229

Section to load the following page 229

The switch supports configuring igmp snooping on a per vlan basis after igmp snooping is enabled globally you also need to enable igmp snooping and configure the corresponding parameters for the vlans that the router ports and the member ports are in 229

Enable igmp snooping for the vlan and configure the corresponding parameters 230

Follow these steps to configure igmp snooping for a specific vlan 230

Click save 232

Click apply 233

Configuring hosts to statically join a group 233

Configuring igmp snooping for ports 233

Connected to the port 233

Enable igmp snooping for the port and enable fast leave if there is only one receiver 233

Follow these steps to configure igmp snooping for ports 233

Following page 233

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 233

Port confi 233

To load the 233

Choose the menu 234

Click create 234

Configuring igmp snooping globally 234

Follow these steps to configure hosts to statically join a group 234

Follow these steps to configure igmp snooping globally 234

Ports of the multicast group 234

Specify the multicast ip address vlan id select the ports to be the static member 234

Static group config 234

To load the following page 234

Using the cli 234

Switch config ip igmp snooping 235

Switch config ip igmp snooping drop unknown 235

Switch config ip igmp snooping version v3 235

Switch config ipv6 mld snooping 235

Switch configure 235

The following example shows how to enable igmp snooping and header validation globally and specify the igmp snooping version as igmpv3 the way how the switch processes multicast streams that are sent to unknown multicast groups as discard 235

Configuring igmp snooping for vlans 236

Switch config ip igmp snooping vlan config 1 mtime 300 239

Switch config ip igmp snooping vlan config 1 rtime 320 239

Switch configure 239

The following example shows how to enable igmp snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 239

Configuring igmp snooping for ports 241

Follow these steps to configure igmp snooping for ports 241

General query source ip 192 68 241

Last member query count 3 241

Switch config end 241

Switch config if range ip igmp snooping 241

Switch config interface range gigabitehternet 1 0 1 3 241

Switch configure 241

Switch copy running config startup config 241

The following example shows how to enable igmp snooping and fast leave for port 1 0 1 3 241

Configuring hosts to statically join a group 242

Configuring mld snooping globally 244

Mld snooping configuration 244

Using the gui 244

Configuring mld snooping for vlans 245

Click save 247

Click apply 248

Configuring hosts to statically join a group 248

Configuring mld snooping for ports 248

Connected to the port 248

Enable mld snooping for the port and enable fast leave if there is only one receiver 248

Follow these steps to configure mld snooping for ports 248

Following page 248

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 248

Port config to load the 248

Choose the menu 249

Click create 249

Configuring mld snooping globally 249

Follow these steps to configure hosts to statically join a group 249

Follow these steps to configure mld snooping globally 249

Ports of the multicast group 249

Specify the multicast ip address vlan id select the ports to be the static member 249

Static group config 249

To load the following page 249

Using the cli 249

Configuring mld snooping for vlans 250

Follow these steps to configure mld snooping for vlans 251

Switch config ipv6 mld snooping vlan config 1 immediate leave 253

Switch config ipv6 mld snooping vlan config 1 mtime 300 253

Switch config ipv6 mld snooping vlan config 1 report suppression 253

Switch config ipv6 mld snooping vlan config 1 rtime 320 253

Switch configure 253

The following example shows how to enable mld snooping for vlan 1 and configure the member port aging time as 300 seconds the router port aging time as 320 seconds and then enable fast leave and report suppression for the vlan 253

Configuring mld snooping for ports 255

Follow these steps to configure mld snooping for ports 255

Switch config end 255

Switch config if range ipv6 mld snooping 255

Switch config if range ipv6 mld snooping immediate leave 255

Switch config if range show ipv6 mld snooping interface gigabitethernet 1 0 1 3 255

Switch config interface range gigabitehternet 1 0 1 3 255

Switch configure 255

Switch copy running config startup config 255

The following example shows how to enable mld snooping and fast leave for port 1 0 1 3 255

Configuring hosts to statically join a group 256

Follow these steps to configure hosts to statically join a group 256

Gi1 0 1 enable enable 256

Gi1 0 2 enable enable 256

Gi1 0 3 enable enable 256

Hosts or layer 2 ports normally join multicast groups dynamically but you can also configure hosts to statically join a group 256

Port mld snooping fast leave 256

Switch config if range end 256

Switch config ipv6 mld snooping vlan config 2 static 239 interface gigabitethernet 1 0 1 3 256

Switch config show ipv6 mld snooping groups static 256

Switch configure 256

Switch copy running config startup config 256

The following example shows how to configure port 1 0 1 3 in vlan 2 to statically join the multicast group 239 256

Configuring 802 q vlans 258

Mvr configuration 258

Using the gui 258

Choose the menu 259

Click apply 259

Configuring mvr globally 259

Enable mvr globally and configure the global parameters 259

Follow these steps to configure mvr globally 259

Mvr config 259

To load the following page 259

Adding multicast groups to mvr 260

And click 260

Click create 260

Follow these steps to add multicast groups to mvr 260

Mvr group config 260

Specify the ip address of the multicast groups 260

Then the added multicast groups will appear in the mvr group table as the following figure shows 260

To load the following page 260

You need to manually add multicast groups to the mvr choose the menu 260

Choose the menu 261

Configuring mvr for the port 261

Enable mvr and configure the port type and fast leave feature for the port 261

Follow these steps to add multicast groups to mvr 261

Port config 261

Select one or more ports to configure 261

To load the following page 261

And click 262

Choose the menu 262

Click apply 262

Optional adding ports to mvr groups statically 262

Static group members 262

You can add only receiver ports to mvr groups statically the switch adds or removes receiver ports to the corresponding multicast groups by snooping the report and leave messages from the hosts you can also statically add a receiver port to an mvr group 262

Your desired mvr group entry to load the following page 262

Before configuring mvr create an 802 q vlan as the multicast vlan add the all source ports to the multicast vlan as tagged ports configure 802 q vlans for the receiver ports according to network requirements note that receiver ports can only belong to one vlan and cannot be added to the multicast vlan for details refer to configuring 802 q vlan 263

Click save 263

Configuring 802 q vlans 263

Configuring mvr globally 263

Follow these steps to configure mvr globally 263

Follow these steps to statically add ports to an mvr group 263

Select the ports to add them to the mvr group 263

Using the cli 263

Active 265

Configuring mvr for the ports 265

Follow these steps to configure mvr for the ports 265

Mvr group ip status members 265

Switch config end 265

Switch copy running config startup config 265

Creating the multicast profile 268

Multicast filtering configuration 268

Using the gui 268

Address and end ip address of the multicast groups to be filtered and click create 269

Follow these steps to create a profile 269

In the general config section specify the profile id and mode 269

In the ip range section click 269

To load the following page configure the start ip 269

Configure multicast filtering for ports 270

And the overflow action 271

Click apply 271

Creating igmp profile multicast profile for ipv4 271

Creating the multicast profile 271

Follow these steps to bind the profile to ports and configure the corresponding parameters for the ports 271

Select one or more ports to configure 271

Specify the profile to be bound and configure the maximum groups the port can join 271

Using the cli 271

You can create multicast profiles for both ipv4 and ipv6 network with multicast profile the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources 271

Creating mld profile multicast profile for ipv6 272

Deny deny 272

Igmp profile 1 272

Range 226 226 0 range 226 226 0 272

Switch config end 272

Switch config igmp profile deny 272

Switch config igmp profile range 226 226 0 272

Switch config igmp profile show ip igmp profile 272

Switch config ip igmp profile 1 272

Switch config ip igmp snooping 272

Switch configure 272

Switch copy running config startup config 272

The following example shows how to configure profile 1 so that the switch filters multicast streams sent to 226 226 0 272

Deny deny 273

Mld profile 1 273

Range ff01 1234 5 ff01 1234 8 range ff01 1234 5 ff01 1234 8 273

Switch config end 273

Switch config ipv6 mld profile 1 273

Switch config ipv6 mld snooping 273

Switch config mld profile deny 273

Switch config mld profile range ff01 1234 5 ff01 1234 8 273

Switch config mld profile show ipv6 mld profile 273

Switch configure 273

Switch copy running config startup config 273

The following example shows how to configure profile 1 so that the switch filters multicast streams sent to ff01 1234 5 ff01 1234 8 273

Binding the igmp profile to ports 274

Binding the profile to ports 274

You can bind the created igmp profile or mld profile to ports and configure the number of multicast groups a port can join and the overflow action 274

Binding the mld profile to ports 275

Binding port s binding port s 276

Mld profile 1 276

Switch config if ipv6 mld filter 1 276

Switch config if ipv6 mld snooping 276

Switch config if ipv6 mld snooping max groups 50 276

Switch config if ipv6 mld snooping max groups action drop 276

Switch config if show ipv6 mld profile 276

Switch config interface gigabitethernet 1 0 2 276

Switch configure 276

The following example shows how to bind the existing profile 1 to port 1 0 2 and specify the maximum number of multicast groups that port 1 0 2 can join as 50 and the overflow action as drop 276

Using the gui 278

Viewing ipv4 multicast table 278

Viewing multicast snooping information 278

Follow these steps to view ipv4 multicast statistics on each port 279

In the port statistics section view ipv4 multicast statistics on each port 279

Ipv4 multicast statistics to load the following page 279

To get the real time multicast statistics enable auto refresh or click refresh 279

Viewing ipv4 multicast statistics on each port 279

Ipv6 multicast table to load the following pag 280

The multicast ip address table shows all valid multicast ip vlan port entries 280

Viewing ipv6 multicast table 280

Follow these steps to view ipv6 multicast statistics on each port 281

In the port statistics section view ipv6 multicast statistics on each port 281

Ipv6 multicast statistics to load the following page 281

To get the real time ipv6 multicast statistics enable auto refresh or click refresh 281

Viewing ipv6 multicast statistics on each port 281

Using the cli 282

Viewing ipv4 multicast snooping information 282

Viewing ipv6 multicast snooping configurations 282

Configuration examples 283

Configuration scheme 283

Example for configuring basic igmp snooping 283

Network requirements 283

Using the gui 284

Using the cli 286

Verify the configurations 287

Example for configuring mvr 288

Network requirements 288

Network topology 288

Add port 1 0 1 3 to vlan 10 vlan 20 and vlan 30 as untagged ports respectively 289

And configure the pvid of port 1 0 1 as 10 port 1 0 2 as 20 port 1 0 3 as 30 make sure port1 0 1 3 only belong to vlan 10 vlan 20 and vlan 30 respectively for details refer to configuring 802 q vlan 289

As the hosts are in different vlans in igmp snooping the querier need to duplicate multicast streams for hosts in each vlan to avoid duplication of multicast streams being sent between querier and the switch you can configure mvr on the switch 289

Configuration scheme 289

Internet 289

The switch can work in either mvr compatible mode or mvr dynamic mode when in compatible mode remember to statically configure the querier to transmit the streams of multicast group 225 to the switch via the multicast vlan here we take the mvr dynamic mode as an example 289

This section provides configuration procedures in two ways using the gui and using the cli 289

Using the gui 289

Tagged port 290

To load the following page create vlan 40 and add port 1 0 4 to the vlan as 290

Vlan config and click 290

Using the cli 292

Verify the configurations 294

Example for configuring unknown multicast and fast leave 295

Network requirement 295

Configuration scheme 296

Using the gui 296

Using the cli 298

Configuration scheme 299

Example for configuring multicast filtering 299

Network requirements 299

Verify the configurations 299

As shown in the following network topology host b is connected to port 1 0 1 host c is connected to port 1 0 2 and host d is connected to port 1 0 3 they are all in vlan 10 300

Create vlan 10 add port 1 0 1 3 to the vlan as untagged port and port 1 0 4 as 300

Global config to load 300

Internet 300

Network topology 300

Tagged port configure the pvid of the four ports as 10 for details refer to configuring 802 q vlan 300

The following page in the global config section enable igmp snooping globally 300

This section provides configuration procedures in two ways using the gui and using the cli 300

Using the gui 300

Igmp snooping for vlan 10 301

In the igmp vlan config section click 301

In vlan 10 to load the following page enable 301

Using the cli 304

Verify the configurations 306

Appendix default parameters 307

Default parameters for igmp snooping 307

Default parameters for mld snooping 308

Default parameters for multicast filtering 309

Default parameters for mvr 309

Chapters 310

Configuring spanning tree 310

Part 11 310

Basic concepts 311

Overview 311

Spanning tree 311

Stp rstp concepts 311

Bridge id 312

Port role 312

Root bridge 312

Port status 313

Path cost 314

Root path cost 314

Mst region 315

Mstp concepts 315

Mst instance 316

Stp security 316

Vlan instance mapping 316

Configuring stp rstp parameters on ports 319

Stp rstp configurations 319

Using the gui 319

In the port config section configure stp rstp parameters on ports 320

Click apply 321

Configuring stp rstp globally 321

Stp config to load the following page 321

Click apply 322

Follow these steps to configure stp rstp globally 322

In the parameters config section configure the global parameters of stp rstp and 322

In the global config section enable spanning tree function choose the stp mode as 323

Stp rstp and click apply 323

Stp summary to load the following page 323

Verify the stp rstp information of your switch after all the configurations are finished 323

Verifying the stp rstp configurations 323

The stp summary section shows the summary information of spanning tree 324

Configuring stp rstp parameters on ports 325

Follow these steps to configure stp rstp parameters on ports 325

Using the cli 325

Configuring global stp rstp parameters 327

This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 328

Enable rstp 36864 2 12 20 5 20 329

Enabling stp rstp globally 329

Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 329

State mode priority hello time fwd time max age hold count max hops 329

Switch config end 329

Switch config show spanning tree bridge 329

Switch config spanning tree 329

Switch config spanning tree mode rstp 329

Switch config spanning tree priority 36864 329

Switch config spanning tree timer forward time 12 329

Switch configure 329

Switch copy running config startup config 329

This example shows how to enable spanning tree function configure the spanning tree mode as rstp and verify the configurations 329

Configuring parameters on ports in cist 331

Mstp configurations 331

Using the gui 331

Follow these steps to configure parameters on ports in cist 332

In the port config section configure the parameters on ports 332

Besides configure the priority of the switch the priority and path cost of ports in the desired instance 334

Click apply 334

Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 334

Configuring the mstp region 334

Configuring the region name and revision level 334

Follow these steps to create an mst region 334

In the region config section set the name and revision level to specify an mstp 334

Region 334

Region config to load the following page 334

Configure port parameters in the desired instance 336

Configuring parameters on ports in the instance 336

Follow these steps to configure port parameters in the instance 336

In the instance port config section select the desired instance id 336

Instance port config to load the following page 336

Configuring mstp globally 338

Follow these steps to configure mstp globally 338

In the parameters config section configure the global parameters of mstp and click 338

Stp config to load the following page 338

As mstp and click apply 339

In the global config section enable spanning tree function and choose the stp mode 339

Stp summary to load the following page 340

The stp summary section shows the summary information of cist 340

Verifying the mstp configurations 340

Configuring parameters on ports in cist 341

Follow these steps to configure the parameters of the port in cist 341

The mstp instance summary section shows the information in mst instances 341

Using the cli 341

Configuring the mstp region 343

Switch configure 344

This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 344

7 4094 345

Configuring the parameters on ports in instance 345

Follow these steps to configure the priority and path cost of ports in the specified instance 345

Mst instance vlans mapped 345

Region name r1 345

Revision 100 345

Switch config mst end 345

Switch config mst instance 5 vlan 2 6 345

Switch config mst name r1 345

Switch config mst revision 100 345

Switch config mst show spanning tree mst configuration 345

Switch config spanning tree mst configuration 345

Switch copy running config startup config 345

Configuring global mstp parameters 346

Follow these steps to configure the global mstp parameters of the switch 346

Gi1 0 3 144 200 n a lnkdwn n a 346

Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn n a 346

Interface prio cost role status lag 346

Interface state prio ext cost int cost edge p2p mode role status lag 346

Mst instance 0 cist 346

Mst instance 5 346

Switch config if end 346

Switch config if show spanning tree interface gigabitethernet 1 0 3 346

Switch config if spanning tree mst instance 5 port priority 144 cost 200 346

Switch config interface gigabitethernet 1 0 3 346

Switch configure 346

Switch copy running config startup config 346

This example shows how to configure the priority as 144 the path cost as 200 of port 1 0 3 in instance 5 346

Enable mstp 36864 2 12 20 8 25 348

Enabling spanning tree globally 348

Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 348

State mode priority hello time fwd time max age hold count max hops 348

Switch config if end 348

Switch config if show spanning tree bridge 348

Switch config if spanning tree hold count 8 348

Switch config if spanning tree max hops 25 348

Switch config if spanning tree timer forward time 12 348

Switch config spanning tree priority 36864 348

Switch configure 348

Switch copy running config startup config 348

This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 348

Configure the port protect features for the selected ports and click apply 351

Stp security configurations 351

Stp security to load the following page 351

Using the gui 351

Configuring the stp security 352

Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 352

Using the cli 352

Gi1 0 3 enable enable enable enable disable enable 354

Interface bpdu filter bpdu guard loop protect root protect tc protect bpdu flood 354

Switch config if end 354

Switch config if show spanning tree interface security gigabitethernet 1 0 3 354

Switch config if spanning tree bpdufilter 354

Switch config if spanning tree bpduguard 354

Switch config if spanning tree guard loop 354

Switch config if spanning tree guard root 354

Switch config interface gigabitethernet 1 0 3 354

Switch configure 354

Switch copy running config startup config 354

This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 354

As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 355

Configuration example for mstp 355

Configuration scheme 355

Here we configure two instances to meet the requirement as is shown below 355

It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 355

Mstp backwards compatible with stp and rstp can map vlans to instances to implement load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 355

Network requirements 355

To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 355

Using the gui 356

Using the cli 362

Verify the configurations 364

Appendix default parameters 369

Default settings of the spanning tree feature are listed in the following table 369

Chapters 371

Configuring lldp 371

Part 12 371

Overview 372

Supported features 372

Configuring lldp globally 373

Lldp configurations 373

Using the gui 373

Follow these steps to configure the lldp feature globally 374

In the global config section enable lldp you can also enable the switch to forward 374

In the parameter config section configure the lldp parameters click apply 374

Lldp messages when lldp function is disabled click apply 374

Configure the admin status and notification mode for the port 375

Configuring lldp for the port 375

Follow these steps to configure the lldp feature for the interface 375

Port config to load the following page 375

Select one or more ports to configure 375

Select the tlvs type length value included in the lldp packets according to your 375

Click apply 376

Enable the lldp feature on the switch and configure the lldp parameters 376

Global config 376

Using the cli 376

Switch config lldp 377

Switch config lldp hold multiplier 4 377

Switch configure 377

The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 377

Fast packet count 3 378

Initialization delay 2 seconds 378

Lldp forward message disabled 378

Lldp med fast start repeat count 4 378

Lldp status enabled 378

Port config 378

Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 378

Switch config end 378

Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 378

Switch config show lldp 378

Switch copy running config startup config 378

Trap notification interval 5 seconds 378

Ttl multiplier 4 378

Tx delay 2 seconds 378

Tx interval 30 seconds 378

Configuring lldp globally 381

Configuring lldp med globally 381

Lldp med configurations 381

Using the gui 381

Configuring lldp med for ports 382

Global config 384

Lldp status enabled 384

Switch config lldp 384

Switch config lldp med fast count 4 384

Switch config show lldp 384

Switch configure 384

The following example shows how to configure lldp med fast count as 4 384

Tx interval 30 seconds 384

Using the cli 384

Fast packet count 3 385

Initialization delay 2 seconds 385

Lldp med fast start repeat count 4 385

Port config 385

Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 385

Switch config end 385

Switch copy running config startup config 385

Trap notification interval 5 seconds 385

Ttl multiplier 4 385

Tx delay 2 seconds 385

Using gui 388

Viewing lldp device info 388

Viewing lldp settings 388

According to your needs click apply 389

Follow these steps to view the local information 389

In the auto refresh section enable the auto refresh feature and set the refresh rate 389

In the local info section select the desired port and view its associated local device 389

Information 389

Viewing lldp statistics 392

In the neighbors statistics section view the statistics of the corresponding port 393

Using cli 393

Viewing lldp statistics 393

Viewing the local info 393

Viewing the neighbor info 393

Using gui 394

Viewing lldp med settings 394

In the lldp med local info section select the desired port and view the lldp med 395

Settings 395

Using cli 397

Viewing lldp statistics 397

Viewing the local info 397

Viewing the neighbor info 397

Configuration example 398

Configuration example for lldp 398

Configuration scheme 398

Network requirements 398

Network topology 398

Using the gui 398

Using cli 399

Verify the configurations 400

Configuration scheme 405

Example for lldp med 405

Network requirements 405

Using the gui 405

Using cli 408

Verify the configurations 409

Appendix default parameters 411

Default lldp med settings 411

Default lldp settings 411

Default settings of lldp are listed in the following tables 411

Chapters 412

Configuring layer 3 interfaces 412

Part 13 412

Based on mac address table 413

Interfaces are used to exchange data and interact with interfaces of other network devices interfaces are classified into layer 2 interfaces and layer 3 interfaces 413

Layer 2 interfaces are the physical ports on the switch panel they forward packets 413

Layer 3 interfaces are used to forward ipv4 and ipv6 packets using static or dynamic 413

Overview 413

Routing protocols you can use layer 3 interfaces for ip routing and inter vlan routing 413

This chapter introduces the configurations for layer 3 interfaces the supported types of layer 3 interfaces are shown as below 413

Creating an layer 3 interface 414

Layer 3 interface configurations 414

Using the gui 414

In the interface list section click 415

The corresponding parameters for the layer 3 interface then click create 415

To load the following page and configure 415

According to your actual needs then click apply 416

Configuring ipv4 parameters of the interface 416

Figure 2 416

In the modify ipv4 interface section configure relevant parameters for the interface 416

List section on the corresponding interface entry click edit ipv4 to load the following page and edit the ipv4 parameters of the interface 416

You can view the corresponding interface you have created in the interface 416

Configuring ipv6 parameters of the interface 417

Configure the corresponding parameters then click apply 418

In the modify ipv6 interface section enable ipv6 feature for the interface and 418

Address to the interface 419

Configure ipv6 global address of the interface via following three ways 419

In the global address table section click 419

Manually 419

To manually assign an ipv6 global 419

Via dhcpv6 server 419

Via ra message 419

Figure 2 420

Interface list section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 420

View the global address entry in the global address table 420

Viewing detail information of the interface 420

You can view the corresponding interface entry you have created in the 420

Creating an layer 3 interface 421

Follow these steps to create an layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 421

Using the cli 421

Switch config if description vlan 2 422

Switch config if end 422

Switch config interface vlan 2 422

Switch configure 422

The following example shows how to create a vlan interface with a description of vlan 2 422

Configuring ipv4 parameters of the interface 423

Follow these steps to configure the ipv4 parameters of the interface 423

Switch config if ip address 192 68 00 255 55 55 423

Switch config if no switchport 423

Switch config interface gigabitethernet 1 0 1 423

Switch configure 423

Switch copy running config startup config 423

The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 423

Configuring ipv6 parameters of the interface 424

Follow these steps to configure the ipv6 parameters of the interface 424

Interface ip address method status protocol shutdown gi1 0 1 192 68 00 24 static up up no 424

Switch config if end 424

Switch config if show ip interface brief 424

Switch copy running config startup config 424

Global address dhcpv6 enable 425

Global address ra disable 425

Global unicast address es ff02 1 ff13 237b 425

Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 425

Joined group address es ff02 1 425

Switch config if ipv6 address autoconfig 425

Switch config if ipv6 address dhcp 425

Switch config if ipv6 enable 425

Switch config if show ipv6 interface 425

Switch config interface vlan 2 425

Switch configure 425

The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 425

Vlan2 is up line protocol is up 425

Configuration example 427

Configuration scheme 427

Network requirement 427

Using the gui 427

Using the cli 428

Verify the vlan interface configurations 429

Appendix default parameters 430

Default settings of interface are listed in the following tables 430

Chapters 431

Configuring routing 431

Part 14 431

Overview 432

Configure the corresponding parameters to add an ipv4 static routing entry then click create 433

Ipv4 static routing and click 433

Ipv4 static routing configuration 433

To load the following page 433

Using the gui 433

C 192 68 24 is directly connected vlan1 434

Candidate default 434

Codes c connected s static 434

Follow these steps to create an ipv4 static route 434

S 192 68 24 1 0 via 192 68 vlan1 434

Switch config end 434

Switch config ip route 192 68 255 55 55 192 68 434

Switch config show ip route 434

Switch configure 434

Switch copy running config startup config 434

The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 434

Using the cli 434

Configure the corresponding parameters to add an ipv6 static routing entry then click create 435

Ipv6 static 435

Ipv6 static routing configuration 435

Routing table and click 435

To load the following page 435

Using the gui 435

C 3000 64 is directly connected vlan1 436

Candidate default 436

Codes c connected s static 436

Follow these steps to enable ipv6 routing function and create an ipv6 static route 436

S 3200 64 1 0 via 3100 1234 vlan2 436

Switch config end 436

Switch config ipv6 route 3200 64 3100 1234 436

Switch config show ipv6 route static 436

Switch configure 436

Switch copy running config startup config 436

The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 436

Using the cli 436

Using the gui 437

Viewing ipv4 routing table 437

Viewing routing table 437

Ipv6 routing information summary to load the following page 438

On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 438

Using the cli 438

View the ipv6 routing entries 438

Viewing ipv4 routing table 438

Viewing ipv6 routing table 438

On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 439

Viewing ipv6 routing table 439

As shown below host a and host b are on different network segments to meet business needs host a and host b need to establish a connection without using dynamic routing protocols to ensure stable connectivity 440

Configuration scheme 440

Example for static routing 440

Interface to create a routed port gi1 0 1 with the 440

Mode as static the ip address as 10 the mask as 255 55 55 and the admin status as enable create a routed port gi1 0 2 with the mode as static the ip address as 10 0 the mask as 255 55 55 and the admin status as enable 440

Network requirements 440

The configurations of switch a and switch b are similar the following introductions take switch a as an example 440

The following sections provide configuration procedure in two ways using the gui and using the cli 440

To implement this requirement you can configure the default gateway of host a as 10 24 the default gateway of host b as 10 24 and configure ipv4 static routes on switch a and switch b so that hosts on different network segments can communicate with each other 440

Using the gui 440

Following page add a static routing entry with the destination as 10 the subnet 441

Ipv4 static routing to load the 441

Using the cli 442

Verify the configurations 443

Chapters 445

Configuring dhcp service 445

Part 15 445

Dhcp relay 446

Dhcp server 446

Overview 446

Supported features 446

As the following figure shows no ip addresses are assigned to vlan 10 and vlan 20 but a default relay agent interface is configured with the ip address 192 68 24 the switch uses ip address of the default agent interface 192 68 24 to apply for ip addresses for clients in both vlan 10 and vlan 20 as a result the dhcp server will assign ip addresses on 192 68 24 the same subnet with the ip address of the default agent interface to clients in both vlan 10 and vlan 20 448

Dhcp l2 relay 448

Unlike dhcp relay dhcp l2 relay is used in the situation that the dhcp server and client are in the same vlan in dhcp l2 relay in addition to normally assigning ip addresses to clients from the dhcp server the switch can record the location information of the dhcp client using option 82 the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server the dhcp server which supports option 82 can set the distribution policy of ip addresses and the other parameters providing a more flexible address distribution way 448

Dhcp server configuration 449

Enabling dhcp server 449

Using the gui 449

Enter the starting ip address and ending ip address to specify the range of reserved ip addresses click create 450

In the excluded ip address table section click 450

In the ping time config section configure ping packets and ping timeout for ping 450

Specify the ip addresses that should not be assigned to the clients 450

Tests click apply 450

To load the following page to 450

Configure the parameters for the dhcp server pool then click create 451

Configuring dhcp server pool 451

Pool setting and click 451

The dhcp server pool defines the parameters that will be assigned to the dhcp clients 451

To load the following page 451

Configuring manual binding 452

Manual binding and 452

Select a pool name and enter the ip address to be bound select a binding mode and finish the configuration accordingly click create 452

Some devices like web servers require static ip addresses to meet this requirement you can manually bind the mac address or client id of the device to an ip address and the dhcp server will reserve the bound ip address to this device at all times 452

To load the following page 452

Enabling dhcp server 453

Follow these steps to enable dhcp server and to configure ping packets and ping timeout 453

Using the cli 453

Switch config service dhcp server 454

Switch configure 454

The following example shows how to enable dhcp server globally on switch configure the number of ping packets as 2 and configure the ping timeout period as 200 ms 454

Configuring dhcp server pool 456

Follow these steps to configure dhcp server pool 456

Switch config ip dhcp server pool pool1 457

Switch configure 457

Switch dhcp config lease 180 457

Switch dhcp config network 192 68 255 55 55 457

The following example shows how to create a dhcp server pool and name it as pool1 and configure its network address as 192 68 subnet mask as 255 55 55 lease time as 180 minute default gateway as 192 68 dns server as 192 68 netbios server as 192 68 9 netbios type as broadcast tftp server as 192 68 0 domain name as com and bootfile name as bootfile 457

Configuring manual binding 458

Pool name client id hardware address ip address hardware type bind mode 459

Pool1 74 d4 68 22 3f 34 192 68 3 ethernet mac address 459

Switch config 459

Switch config ip dhcp server pool pool1 459

Switch copy running config startup config 459

Switch dhcp config address 192 68 3 hardware address 74 d4 68 22 3f 34 hardware type ethernet 459

Switch dhcp config end 459

Switch dhcp config show ip dhcp server manual binding 459

The following example shows how to bind the ip address 192 68 3 in pool1 on the subnet of 192 68 to the host with the mac address 74 d4 68 22 3f 34 459

Dhcp relay configuration 460

Enabling dhcp relay and configuring option 82 460

Using the gui 460

Optional in the option 82 configuration section configure option 82 461

Configuring dhcp interface relay 462

Configuring dhcp vlan relay 462

Follow these steps to specify dhcp server for the specific vlan 463

In the default relay agent interface section specify a layer 3 interface as the default 463

In the dhcp vlan relay list section click 463

Relay agent interface then click apply 463

Specify the vlan the clients belongs to and the server address click create 463

To load the configuration page 463

Enabling dhcp relay 464

Follow these steps to enable dhcp relay and configure the corresponding parameters 464

Switch config service dhcp relay 464

Switch configure 464

The following example shows how to enable dhcp relay configure the relay hops as 5 and configure the relay time as 10 seconds 464

Using the cli 464

Dhcp relay hops 5 465

Dhcp relay state enabled 465

Dhcp relay time threshold 10 seconds 465

Follow these steps to configure option 82 465

Optional configuring option 82 465

Switch config end 465

Switch config ip dhcp relay hops 5 465

Switch config ip dhcp relay time 10 465

Switch config show ip dhcp relay 465

Switch copy running config startup config 465

Gi1 0 7 enable replace normal vlan20 host1 n a 466

Interface option 82 status operation strategy format circuit id remote id lag 466

Switch config if end 466

Switch config if ip dhcp relay information circut id vlan20 466

Switch config if ip dhcp relay information format normal 466

Switch config if ip dhcp relay information option 466

Switch config if ip dhcp relay information remote id host1 466

Switch config if ip dhcp relay information strategy replace 466

Switch config if show ip dhcp relay information interface gigabitethernet 1 0 7 466

Switch config interface gigabitethernet 1 0 7 466

Switch configure 466

Switch copy running config startup config 466

The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 466

Configuring dhcp interface relay 467

Follow these steps to dhcp interface relay 467

The following example shows how to configure the dhcp server address as 192 68 on vlan interface 66 467

You can specify dhcp server for an layer 3 interface or for a vlan the following respectively introduces how to configure dhcp interface relay and dhcp vlan relay 467

Configuring dhcp vlan relay 468

Dhcp relay helper address is configured on the following interfaces 468

Follow these steps to configure dhcp vlan relay 468

Interface helper address 468

Switch config if end 468

Switch config if ip helper address 192 68 468

Switch config if show ip dhcp relay 468

Switch config interface vlan 66 468

Switch configure 468

Switch copy running config startup config 468

Vlan 66 192 68 468

Dhcp vlan relay helper address is configured on the following vlan 469

Switch config end 469

Switch config if exit 469

Switch config if ip dhcp relay default interface 469

Switch config if no switchport 469

Switch config interface gigabitethernet 1 0 2 469

Switch config ip dhcp relay vlan 10 helper address 192 68 469

Switch config show ip dhcp relay 469

Switch configure 469

Switch copy running config startup config 469

The following example shows how to set the routed port 1 0 2 as the default relay agent interface and configure the dhcp server address as 192 68 on vlan 10 469

Vlan 10 192 68 469

Vlan helper address 469

Dhcp l2 relay configuration 470

Enabling dhcp l2 relay 470

Using the gui 470

Configuring option 82 for ports 471

Follow these steps to enable dhcp relay and configure option 82 471

Port config to load the following page 471

Select one or more ports to configure option 82 471

Click apply 472

Enabling dhcp relay 472

Follow these steps to enable dhcp l2 relay 472

Switch config ip dhcp l2relay 472

Switch configure 472

The following example shows how to enable dhcp l2 relay globally and for vlan 2 472

Using the cli 472

Configuring option 82 for ports 473

Follow these steps to configure option 82 473

Global status enable 473

Switch config end 473

Switch config ip dhcp l2relay vlan 2 473

Switch config show ip dhcp l2relay 473

Switch copy running config startup config 473

Vlan id 2 473

Gi1 0 7 enable replace normal vlan20 host1 n a 474

Interface option 82 status operation strategy format circuit id remote id lag 474

Switch config if end 474

Switch config if ip dhcp l2relay information circut id vlan20 474

Switch config if ip dhcp l2relay information format normal 474

Switch config if ip dhcp l2relay information option 474

Switch config if ip dhcp l2relay information remote id host1 474

Switch config if ip dhcp l2relay information strategy replace 474

Switch config if show ip dhcp l2relay information interface gigabitethernet 1 0 7 474

Switch config interface gigabitethernet 1 0 7 474

Switch configure 474

Switch copy running config startup config 474

The following example shows how to enable option 82 on port 1 0 7 and configure the strategy as replace the format as normal the circuit id as vlan20 and the remote id as host1 474

Configuration examples 475

Configuration scheme 475

Example for dhcp server 475

Network requirements 475

Using the gui 475

Using the cli 477

Verify the configuration 477

Configuration scheme 478

Example for dhcp interface relay 478

Network requirements 478

Using the gui 479

Using the cli 480

Verify the configurations 480

Configuration scheme 481

Example for dhcp vlan relay 481

Network requirements 481

Using the gui 482

Using the cli 485

Example for dhcp l2 relay 487

Network requirements 487

Verify the configurations of the dhcp relay agent 487

Configuration scheme 488

Using the gui 488

Using cli 490

Verify the configurations 491

Appendix default parameters 492

Default settings of dhcp server are listed in the following table 492

Default settings of dhcp relay are listed in the following table 493

Default settings of dhcp l2 relay are listed in the following table 494

Chapters 495

Configuring arp 495

Part 16 495

Arp table 496

Gratuitous arp 496

Overview 496

Proxy arp 496

Static arp 496

Supported features 496

Local proxy arp 497

Local proxy arp is similar with proxy arp as shown below two hosts are in the same vlan and connected to vlan interface 1 but port 1 0 1 and port 1 0 2 are isolated on layer 2 in this case both of the hosts cannot receive each other s arp request so they cannot communicate with each other because they cannot learn each other s mac address using arp packets 497

To solve this problem you can enable local proxy arp on the layer 3 interface and the interface will respond the arp request sender with its own mac address after that the arp request sender sends packets to the layer 3 interface and the interface forwards the packets to the intended device 497

Arp configurations 498

Using the gui 498

Viewing the arp entries 498

Adding static arp entries manually 499

Configuring gratuitous arp 499

Enter the ip address and mac address then click create 499

Following page 499

Gratuitous arp to load the following page 499

Static arp and click 499

To load the 499

You can add desired static arp entries by mannually specifying the ip addresses and mac addresses 499

Configuring proxy arp 500

Follow these steps to configure the gratuitous feature for the interface 500

Gratuitous arp then click apply 500

In the gratuitous arp global settings section configure the global parameters for 500

In the gratuitous arp table section configure the interval of sending gratuitous arp 500

Proxy arp is used in the situation that two devices are in the same network segment but connected to different layer 3 interfaces 500

Proxy arp to load the following page 500

Request packets for the interface then click apply 500

Configuring local proxy arp 501

Local proxy arp is used in the situation that two devices are in the same vlan but isolated on the layer 2 ports 501

Local proxy arp to load the following page 501

Select the desired interface and enable local proxy arp then click apply 501

Select the desired interface and enable proxy arp then click apply 501

Adding static arp entries 502

Configuring the aging time of dynamic arp entries 502

Configuring the arp entry 502

Follow these steps to add static arp entries 502

Follow these steps to configure the aging time of dynamic arp entries 502

Interface address hardware addr type 502

Switch config arp 192 68 00 11 22 33 44 55 arpa 502

Switch config end 502

Switch config show arp 192 68 502

Switch configure 502

Switch copy running config startup config 502

This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 502

Using the cli 502

Vlan1 192 68 00 11 22 33 44 55 static 502

Clearing dynamic entries 503

Renewing dynamic arp entries automatically 503

Switch config arp timeout 1000 503

Switch config end 503

Switch configure 503

Switch copy running config startup config 503

This example shows how to configure the aging time of dynamic arp entries as 1000 seconds 503

Configuring gratuitous arp globally 504

Configuring the gratuitous arp 504

Follow these steps to add static arp entries 504

On privileged exec mode or any other configuration mode you can use the following command to view arp entries 504

This example shows how to enable send on ip interface status up send on duplicate ip detected and gratuitous arp learning features 504

Viewing arp entries 504

Configuring interval of sending gratuitous arp packets 505

Follow these steps to configure gratuitous arp packets for layer 3 interfaces 505

Gi1 0 18 0 505

Gratuitous arp learning enabled 505

Interface gratuitous arp periodical send interval 505

Send on duplicate ip detected enabled 505

Send on ip interface status up enabled 505

Switch config end 505

Switch config gratuitous arp dup ip detected enable 505

Switch config gratuitous arp intf status up enable 505

Switch config gratuitous arp learning enable 505

Switch config show gratuitous arp 505

Switch configure 505

Switch copy running config startup config 505

Vlan1 0 505

Configuring proxy arp 506

Configuring local proxy arp 507

Follow these steps to local proxy arp on the vlan interface routed port or port channel 507

Interface ip address ip mask status 507

Switch config if end 507

Switch config if ip proxy arp 507

Switch config if show ip proxy arp 507

Switch config interface vlan 1 507

Switch configure 507

Switch copy running config startup config 507

This example shows how to enable proxy arp function for vlan interface 1 507

Vlan 1 192 68 255 55 55 enabled 507

Interface ip address ip mask status 508

Switch config if end 508

Switch config if ip local proxy arp 508

Switch config if show ip local proxy arp 508

Switch config interface vlan 1 508

Switch configure 508

Switch copy running config startup config 508

This example shows how to enable local proxy arp function for vlan interface 1 508

Vlan 1 192 68 255 55 55 enabled 508

Appendix default parameters 509

Default arp settings are listed in the following tables 509

Chapters 510

Configuring qos 510

Part 17 510

Bandwidth control 511

Class of service 511

Overview 511

Supported features 511

Voice vlan and auto voip 511

802 p priority 513

Class of service configuration 513

Configuration guidelines 513

Dscp priority 513

Port priority 513

Click apply 514

Configuring port priority 514

Configuring the trust mode and port to 802 p mapping 514

Follow these steps to configure the parameters of the port priority 514

Port priority to load the following page 514

Select the desired ports specify the 802 p priority and set the trust mode as 514

Untrusted 514

Using the gui 514

Configuring the 802 p to queue mapping 515

In the 802 p to queue mapping section configure the mappings and click apply 515

P priority to load the following page 515

Configuring 802 p priority 516

Click apply 518

Configuring dscp priority 518

Configuring the trust mode 518

Follow these steps to configure the trust mode 518

Port priority to load the following page 518

Select the desired ports and set the trust mode as trust dscp 518

Configuring the 802 p to queue mapping 519

In the 802 p to queue mapping section configure the mappings and click apply 519

P priority to load the following page 519

Click apply 520

Configuring the dscp to 802 p mapping and the dscp remap 520

Dscp priority to load the following page 520

Follow these steps to configure the dscp priority 520

Select the desired port configure the dscp to 802 p mapping and the dscp remap 520

Specifying the scheduler settings 521

Click apply 522

Configuring port priority 522

Configuring the trust mode and the port to 802 p mapping 522

Follow these steps to configure the trust mode and the port to 802 p mapping 522

Using cli 522

Configuring the 802 p to queue mapping 523

Follow these steps to configure the 802 p to queue mapping 523

Configuring 802 p priority 525

Configuring the 802 p to queue mapping and 802 p remap 525

Configuring the trust mode 525

Follow these steps to configure the 802 p to queue mapping and 802 p remap 525

Follow these steps to configure the trust mode 525

Gi1 0 1 trust 802 p n a 526

Port trust mode lag 526

Switch config if exit 526

Switch config if interface gigabitethernet 1 0 1 526

Switch config if qos dot1p remap 1 3 526

Switch config if qos trust mode dot1p 526

Switch config if show qos trust interface gigabitethernet 1 0 1 526

Switch config interface gigabitethernet 1 0 1 526

Switch config qos cos map 3 4 526

Switch configure 526

The following example shows how to configure the trust mode of port 1 0 1 as dot1p map 802 p priority 3 to tc4 and configure to map the original 802 p 1 to 802 p priority 3 526

Configuring dscp priority 527

Configuring the trust mode 527

Follow these steps to configure the trust mode 527

Gi1 0 1 0 3 2 3 4 5 6 7 n a 527

Port 0 1 2 3 4 5 6 7 lag 527

Switch config if end 527

Switch config if show qos cos map 527

Switch config if show qos dot1p remap interface gigabitethernet 1 0 1 527

Switch copy running config startup config 527

Tag 0 1 2 3 4 5 6 7 527

Tc tc0 tc1 tc2 tc4 tc4 tc5 tc6 tc7 527

Configuring the 802 p to queue mapping 528

Configuring the dscp to 802 p mapping and dscp remap 528

Follow these steps to configure the 802 p to queue mapping 528

Follow these steps to configure the dscp to 802 p mapping and dscp remap 528

Gi1 0 1 trust dscp n a 529

Port trust mode lag 529

Switch config if exit 529

Switch config if qos dscp map 1 3 5 7 3 529

Switch config if qos dscp remap 9 5 529

Switch config if qos trust mode dscp 529

Switch config if show qos cos map 529

Switch config if show qos trust interface gigabitethernet 1 0 1 529

Switch config interface gigabitethernet 1 0 1 529

Switch config qos cos map 3 4 529

Switch configure 529

The following example shows how to configure the trust mode of port 1 0 1 as dscp map 802 p priority 3 to tc4 map dscp priority 1 3 5 7 to 802 p priority 3 and configure to map the original dscp priority 9 to dscp priority 5 529

Follow these steps to specify the scheduler settings to control the forwarding sequence of different tc queues when congestion occurs 532

Specifying the scheduler settings 532

Bandwidth control configuration 534

Configuring rate limit 534

Using the gui 534

Configuring storm control 535

Follow these steps to configure the storm control function 535

Packets multicast packets and ul frames unknown unicast frames 535

Select the desired port and configure the upper rate limit for forwarding broadcast 535

Storm control to load the following page 535

Click apply 536

Configuring rate limit 536

Follow these steps to configure the upper rate limit for the port to receive and send packets 536

Using the cli 536

Configuring storm control 537

Follow these steps to configure the upper rate limit on the port for forwarding broadcast packets multicast packets and unknown unicast frames 537

Gi1 0 5 5120 1024 n a 537

Port ingressrate kbps egressrate kbps lag 537

Switch config if bandwidth ingress 5120 egress 1024 537

Switch config if end 537

Switch config if show bandwidth interface gigabitethernet 1 0 5 537

Switch config interface gigabitethernet 1 0 5 537

Switch configure 537

Switch copy running config startup config 537

The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 537

Gi1 0 5 pps 148800 0 0 shutdown 10 n a 539

Port rate mode bcrate mcrate ulrate exceed recover time lag 539

Switch config if end 539

Switch config if show storm control interface gigabitethernet 1 0 5 539

Switch config if storm control broadcast 148800 539

Switch config if storm control exceed shutdown recover time 10 539

Switch config if storm control rate mode pps 539

Switch config interface gigabitethernet 1 0 5 539

Switch configure 539

Switch copy running config startup config 539

The following example shows how to configure the upper rate limit of broadcast packets as 148800 pps specify the action as shutdown and set the recover time as 10 for port 1 0 5 539

Configuring oui addresses 540

Using the gui 540

Voice vlan configuration 540

Click create 541

Follow these steps to configure the oui addresses 541

Oui config to load the following page 541

Specify the oui and the description 541

To load the following page 541

Adding ports to voice vlan 542

Configuring voice vlan globally 542

Click apply 543

Follow these steps to configure voice vlan 543

Using the cli 543

Auto voip configuration 546

Configuration guidelines 546

Using the gui 546

Click apply 547

Follow these steps to configure auto voip 547

Using the cli 547

Configuration examples 551

Configuration scheme 551

Example for class of service 551

Network requirements 551

Using the gui 552

Using the cli 554

Verify the configurations 555

Example for voice vlan 556

Network requirements 556

0 2 and port 1 0 4 to vlan 2 click create 557

Configuration scheme 557

Configure 802 q vlan for port 1 0 1 port 1 0 2 port 1 0 3 and port 1 0 4 557

Configure voice vlan feature on port 1 0 1 and port 1 0 2 557

Demonstrated with t1700g 28tq the following sections provide configuration procedure in two ways using the gui and using the cli 557

Internet 557

To implement this requirement you can configure voice vlan to ensure that the voice traffic can be transmitted in the same vlan and the data traffic is transmitted in another vlan in addition specify the priority to make the voice traffic can take precedence when the congestion occurs 557

To load the following page create vlan 2 and add untagged port 1 0 1 port 557

Using the gui 557

Vlan config and click 557

Using the cli 561

Verify the configurations 563

Example for auto voip 564

Network requirements 564

Configuration scheme 565

Using the gui 565

Select port 1 0 1 and specify the 802 p priority as 5 for other dscp priorities click 567

For tc 7 click apply 569

Select port 1 0 2 set the scheduler mode as weighted and specify the queue weight as 569

Using the cli 572

Verify the configurations 573

Appendix default parameters 577

Default settings of class of service are listed in the following tables 577

Default settings of bandwidth control are listed in the following tables 579

Default settings of voice vlan are listed in the following tables 579

Default settings of auto voip are listed in the following tables 580

Chapters 581

Configuring access security 581

Part 18 581

Access control 582

Access security 582

Overview 582

Supported features 582

Telnet 582

Access security configurations 583

Configuring the access control feature 583

Using the gui 583

In the entry table section click 584

To add an access control entry 584

When the ip based mode is selected the following window will pop up 584

When the mac based mode is selected the following window will pop up 584

Click create then you can view the created entries in the entry table 585

When the port based mode is selected the following window will pop up 585

Configuring the http function 586

Configuring the https function 588

Following parameters and click apply 589

In the ciphersuite config section select the algorithm to be enabled and click apply 589

In the number of access users section enable number control function specify the 589

In the session config section specify the session timeout and click apply 589

In the load certificate and load key section download the certificate and key 590

Configuring the ssh feature 591

Configuring the telnet function 592

Download the desired key file 592

Enable telnet and click apply 592

In data integrity algorithm section enable the integrity algorithm you want the switch 592

In import key file section select key type from the drop down list and click browse to 592

In the encryption algorithm section enable the encryption algorithm you want the 592

Switch to support and click apply 592

Telnet config to load the following page 592

To support and click apply 592

Configuring the access control 593

Follow these steps to configure the access control 593

Using the cli 593

68 00 32 snmp telnet http https 594

Configuring the http function 594

Follow these steps to configure the http function 594

Index ip address access interface 594

Switch config end 594

Switch config show user configuration 594

Switch config user access control ip based 192 68 00 255 55 55 55 snmp telnet http https 594

Switch config user access control ip based enable 594

Switch configure 594

Switch copy running config startup config 594

The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 55 and make the switch support snmp telnet http and https 594

User authentication mode ip based 594

Http max users as admin 6 595

Http max users as operator 2 595

Http max users as power user 2 595

Http max users as user 2 595

Http port 80 595

Http session timeout 9 595

Http status enabled 595

Http user limitation enabled 595

Switch config end 595

Switch config ip http max user 6 2 2 2 595

Switch config ip http server 595

Switch config ip http session timeout 9 595

Switch config show ip http configuration 595

Switch configure 595

The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 595

Configuring the https function 596

Follow these steps to configure the https function 596

Switch copy running config startup config 596

Switch config ip http secure protocol ssl3 tls1 597

Switch config ip http secure server 597

Switch configure 597

The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the maximum admin number as 2 the maximum operator number as 2 the maximum power user number as 2 the maximum user number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 597

Configuring the ssh feature 598

Begin ssh2 public key 601

Comment dsa key 20160711 601

Configuring the telnet function 601

Follow these steps enable the telnet function 601

Hmac md5 enabled 601

Key file 601

Key type ssh 2 rsa dsa 601

Switch config end 601

Switch copy running config startup config 601

Appendix default parameters 602

Default settings of access security are listed in the following tables 602

Chapters 604

Configuring aaa 604

Part 19 604

Overview 605

Aaa configuration 606

Configuration guidelines 606

Adding servers 607

Using the gui 607

Adding tacacs server 608

Click create to add the radius server on the switch 608

Click create to add the tacacs server on the switch 608

Configure the following parameters 608

Follow these steps to add a tacacs server 608

Following page 608

Tacacs config and click 608

To load the 608

Configuring server groups 609

Configuring the method list 609

Click apply 611

Click create to add the new method 611

Configuring login account and enable password 611

Configuring the aaa application list 611

Follow these steps to configure the aaa application list 611

Global config to load the following page 611

In the aaa application list section select an access application and configure the 611

Login list and enable list 611

The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 611

Adding servers 612

Using the cli 612

Adding radius server 613

Follow these steps to add radius server on the switch 613

Switch configure 613

The following example shows how to add a radius server on the switch set the ip address of the server as 192 68 0 the authentication port as 1812 the shared key as 123456 the timeout as 8 seconds and the retransmit number as 3 613

Trying to access the switch and the others act as backup servers in case the first one breaks down 613

68 0 1812 1813 5 2 000aeb132397 123456 614

Adding tacacs server 614

Follow these steps to add tacacs server on the switch 614

Server ip auth port acct port timeout retransmit nas identifier shared key 614

Switch config end 614

Switch config radius server host 192 68 0 auth port 1812 timeout 8 retransmit 3 key 123456 614

Switch config show radius server 614

Switch copy running config startup config 614

The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 614

68 0 49 8 123456 615

Configuring server groups 615

Server ip port timeout shared key 615

Switch config end 615

Switch config show tacacs server 615

Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 615

Switch configure 615

Switch copy running config startup config 615

The following example shows how to create a radius server group named radius1 and add the existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 615

The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 615

The two default server groups cannot be deleted or edited follow these steps to add a server group 615

A method list describes the authentication methods and their sequence to authenticate the users the switch supports login method list for users of all types to gain access to the switch and enable method list for guests to get administrative privileges 616

Configuring the method list 616

Follow these steps to configure the method list 616

Switch aaa group end 616

Switch aaa group server 192 68 0 616

Switch aaa group show aaa group radius1 616

Switch config aaa group radius radius1 616

Switch copy running config startup config 616

Configuring the aaa application list 617

Follow these steps to apply the login and enable method lists for the application telnet 618

Http default default 618

Module login list enable list 618

Ssh default default 618

Switch config line enable authentication enable1 618

Switch config line end 618

Switch config line login authentication login1 618

Switch config line show aaa global 618

Switch config line telnet 618

Switch configure 618

Switch copy running config startup config 618

Telnet 618

Telnet login1 enable1 618

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 618

Follow these steps to apply the login and enable method lists for the application ssh 619

Http default default 619

Module login list enable list 619

Ssh login1 enable1 619

Switch config line enable authentication enable1 619

Switch config line end 619

Switch config line login authentication login1 619

Switch config line show aaa global 619

Switch config line ssh 619

Switch configure 619

Switch copy running config startup config 619

Telnet default default 619

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 619

Configuring login account and enable password 620

Follow these steps to apply the login and enable method lists for the application http 620

Http login1 enable1 620

Module login list enable list 620

Ssh default default 620

Switch config end 620

Switch config ip http enable authentication enable1 620

Switch config ip http login authentication login1 620

Switch config show aaa global 620

Switch configure 620

Switch copy running config startup config 620

Telnet default default 620

The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application http 620

The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 620

For enable password configuration 621

For login authentication configuration more than one login account can be created on 621

On radius server the user name should be set as enable and the enable password is customizable all the users trying to get administrative privileges share this enable password 621

On the server 621

On the switch 621

Some configuration principles on the server are as follows 621

The accounts created by the radius tacacs server can only view the configurations and some network information without the enable password 621

The local username and password for login can be configured in the user management feature for details refer to managing system 621

The server besides both the user name and password can be customized 621

To configure the local enable password for getting administrative privileges follow these steps 621

Configuration example 623

Configuration scheme 623

Network requirements 623

Using the gui 624

Using the cli 626

Verify the configuration 627

Appendix default parameters 629

Default settings of aaa are listed in the following tables 629

Chapters 631

Configuring 802 x 631

Part 20 631

Overview 632

Configuring the radius server 633

Using the gui 633

X configuration 633

Click apply 634

Configure the parameters of the radius server 634

Configuring the radius server group 634

Follow these steps to add the radius server to a server group 634

If you click 634

Server group to load the following page 634

The following window will pop up select a radius server and click save 634

To add a new server 634

To edit the default radius server group or click 634

Accounting from the pri1 drop down list and click apply 636

Configuring 802 x globally 636

Follow these steps to configure 802 x global parameters 636

Global config to load the following page 636

In the accounting dot1x method section select an existing radius server group for 636

In the global config section configure the following parameters 636

Click apply 637

Configuring 802 x on ports 637

Follow these steps to configure 802 x authentication on the desired port 637

Port config to load the following page 637

Select one or more ports and configure the following parameters 637

Click apply 638

Authenticator state to load the following page 639

On this page you can view the authentication status of each port 639

View the authenticator state 639

Configuring the radius server 640

Follow these steps to configure radius 640

Using the cli 640

The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 641

Configuring 802 x globally 642

The following example shows how to enable 802 x authentication configure pap as the authentication method and keep other parameters as default 643

Authentication protocol pap 644

Configuring 802 x on ports 644

Follow these steps to configure the port 644

Handshake state enabled 644

Switch config dot1x auth protocol pap 644

Switch config dot1x system auth control 644

Switch config end 644

Switch config show dot1x global 644

Switch configure 644

Switch copy running config startup config 644

X accounting state disabled 644

X state enabled 644

X vlan assignment state disabled 644

3 unauthorized n a 646

Gi1 0 2 disabled disabled 0 auto port based 646

Maxreq quietperiod supptimeout authorized lag 646

Port state mab state guestvlan portcontrol portmethod 646

Switch config if dot1x 646

Switch config if dot1x port method port based 646

Switch config if end 646

Switch config if show dot1x interface gigabitethernet 1 0 2 646

Switch config interface gigabitethernet 1 0 2 646

Switch configure 646

Switch copy running config startup config 646

The following example shows how to enable 802 x authentication on port 1 0 2 configure the control type as port based and keep other parameters as default 646

Viewing authenticator state 646

You can view the authenticator state if needed you can also initialize or reauthenticate the specific client 646

Configuration example 648

Configuration scheme 648

Network requirements 648

Network topology 648

Demonstrated with t1700g 28tq acting as the authenticator the following sections provide configuration procedure in two ways using the gui and using the cli 649

Following page configure the parameters of the radius server and click create 649

Internet 649

Radius config and click 649

To load the 649

Using the gui 649

Using the cli 651

Verify the configurations 652

Appendix default parameters 654

Default settings of 802 x are listed in the following table 654

Chapters 655

Configuring port security 655

Part 21 655

Overview 656

Follow these steps to configure port security 657

Port security configuration 657

Port security to load the following page 657

Select one or more ports and configure the following parameters 657

Using the gui 657

Click apply 658

Follow these steps to configure port security 658

Using the cli 658

The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 enable exceed max leaned feature and configure the mode as permanent and the status as drop 659

Appendix default parameters 661

Default settings of port security are listed in the following table 661

Chapters 662

Configuring acl 662

Part 22 662

Configuration guidelines 663

Overview 663

Acl configuration 664

Configuring time range 664

Creating an acl 664

Using the gui 664

Configuring acl rules 665

Configuring mac acl rule 665

Follow these steps to configure the mac acl rule 666

In the mac acl rule section configure the following parameters 666

In the policy section enable or disable the mirroring feature for the matched packets 667

In the policy section enable or disable the redirect feature for the matched packets 667

With this option enabled choose a destination port to which the packets will be mirrored 667

With this option enabled choose a destination port to which the packets will be redirected 667

Click apply 668

In the policy section enable or disable the qos remark feature for the matched 668

In the policy section enable or disable the rate limit feature for the matched packets 668

Packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 668

With this option enabled configure the related parameters 668

Configuring ip acl rule 669

Follow these steps to configure the ip acl rule 670

In the ip acl rule section configure the following parameters 670

In the policy section enable or disable the mirroring feature for the matched packets 671

In the policy section enable or disable the rate limit feature for the matched packets 671

In the policy section enable or disable the redirect feature for the matched packets 671

With this option enabled choose a destination port to which the packets will be mirrored 671

With this option enabled choose a destination port to which the packets will be redirected 671

With this option enabled configure the related parameters 671

Click apply 672

In the policy section enable or disable the qos remark feature for the matched 672

Packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 672

Configuring combined acl rule 673

Follow these steps to configure the combined acl rule 674

In the combined acl rule section configure the following parameters 674

In the policy section enable or disable the mirroring feature for the matched packets 676

In the policy section enable or disable the redirect feature for the matched packets 676

With this option enabled choose a destination port to which the packets will be mirrored 676

With this option enabled choose a destination port to which the packets will be redirected 676

Click apply 677

In the policy section enable or disable the qos remark feature for the matched 677

In the policy section enable or disable the rate limit feature for the matched packets 677

Packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 677

With this option enabled configure the related parameters 677

Configuring the ipv6 acl rule 678

In the ipv6 acl rule section configure the following parameters 679

In the policy section enable or disable the mirroring feature for the matched packets 680

In the policy section enable or disable the rate limit feature for the matched packets 680

In the policy section enable or disable the redirect feature for the matched packets 680

With this option enabled choose a destination port to which the packets will be mirrored 680

With this option enabled choose a destination port to which the packets will be redirected 680

With this option enabled configure the related parameters 680

Click apply 681

Click edit acl for an entry you have created and you can view the rule table we take ip acl rules table for example 681

In the policy section enable or disable the qos remark feature for the matched 681

Packets with this option enabled configure the related parameters and the remarked values will take effect in the qos processing on the switch 681

The rules in an acl are listed in ascending order of their rule ids the switch matches a received packet with the rules in order when a packet matches a rule the switch stops the match process and performs the action defined in the rule 681

Viewing the acl rules 681

Configuring acl binding 682

Here you can view and edit the acl rules you can also click resequence to resequence the rules by providing a start rule id and step value 682

You can bind the acl to a port or a vlan the received packets on the port or in the vlan will then be matched and processed according to the acl rules an acl takes effect only after it is bound to a port or vlan 682

Binding the acl to a port 683

Choose id or name to be used for matching the acl then select an acl from the 684

Click create 684

Configuring acl 684

Configuring time range 684

Drop down list 684

Enter the id of the vlan to be bound 684

Follow the steps to create different types of acl and configure the acl rules 684

Follow these steps to bind the acl to a vlan 684

Follow these steps to configure mac acl 684

Mac acl 684

Some acl based services or features may need to be limited to take effect only during a specified time period in this case you can configure a time range for the acl for details about time range configuration please refer to managing system 684

Using the cli 684

You can define the rules based on source or destination ip address source or destination mac address protocol type port number and others 684

Switch configure 685

The following example shows how to create mac acl 50 and configure rule 5 to permit packets with source mac address 00 34 a2 d4 34 b5 685

Ip acl 686

Combined acl 688

Combined access list 2600 name acl_2600 690

Follow these steps to configure ipv6 acl 690

Ipv6 acl 690

Rule 1 permit logging disable vid 2 sip 192 68 00 sip mask 255 55 55 55 690

Switch config access list combined 1100 logging disable rule 1 permit vid 2 sip 192 68 00 sip mask 255 55 55 55 690

Switch config access list create 1100 690

Switch config end 690

Switch config show access list 2600 690

Switch configure 690

Switch copy running config startup config 690

The following example shows how to create combined acl 1100 and configure rule 1 to deny packets with source ip address 192 68 00 in vlan 2 690

Configuring policy 692

Mac access list 10 name acl_10 693

Redirect the matched packets to port 1 0 4 for rule 1 of mac acl 10 693

Switch config access list action 10 rule 1 693

Switch config action exit 693

Switch config action redirect interface gigabitethernet 1 0 4 693

Switch config show access list 10 693

Switch configure 693

Configuring acl binding 694

Follow the steps below to bind acl to a port or a vlan 694

Rule 5 permit logging disable action redirect gi1 0 4 694

Sswitch config show access list bind 694

Switch config access list bind 1 interface vlan 4 gigabitethernet 1 0 3 694

Switch config end 694

Switch configure 694

Switch copy running config startup config 694

The following example shows how to bind acl 1 to port 3 and vlan 4 694

You can bind the acl to a port or a vlan the received packets on the port or in the vlan will then be matched and processed according to the acl rules an acl takes effect only after it is bound to a port or vlan 694

Acl id acl name interface vid direction type 695

Acl_1 4 ingress vlan 695

Acl_1 gi1 0 3 ingress port 695

Switch config end 695

Switch copy running config startup config 695

Viewing acl counting 695

You can use the following command to view the number of matched packets of each acl in the privileged exec mode and any other configuration mode 695

Configuration example for acl 696

Configuration example for mac acl 696

Configuration scheme 696

Network requirements 696

Acl configuration 697

Binding configuration 697

Using the gui 697

86 fc 71 56 and apply the time range of work hours 700

In the same way configure rule 15 to deny packets with destination mac address 40 700

Configure rule 25 to permit all the packets that do not match neither of the above rules 701

Acl binding and click 702

Following page bind acl 100 to port 1 0 2 to make it take effect 702

To load the 702

Using the cli 703

Verify the configurations 703

Configuration example for ip acl 704

Network requirements 704

Acl configuration 705

Binding configuration 705

Configuration scheme 705

Using the gui 705

Configure rule 1 to permit packets with the source ip address 10 0 0 24 and 706

Destination ip address 10 0 0 24 706

On the acl configuration page click 706

And destination port tcp 80 http service port and tcp 443 https service port 707

In the same way configure rule 2 and rule 3 to permit packets with source ip 10 0 0 707

And with destination port tcp 53 or udp 53 dns service port 709

In the same way configure rule 4 and rule 5 to permit packets with source ip 10 0 0 709

Using the cli 711

Verify the configurations 712

Acl configuration 713

Configuration example for combined acl 713

Configuration scheme 713

Network requirements 713

Binding configuration 714

Using the gui 714

And destination port tcp 23 telnet service port 715

Configure rule 5 to permit packets with the source mac address 6c 62 6d f5 ba 48 715

C 62 6d f5 ba 48 and destination port tcp 23 telnet service port 716

Configure rule 15 to deny all the packets except the packet with source mac address 716

Devices can get other network services normally 717

In the same way configure rule 25 to permit all the packets the rule makes sure that all 717

Using the cli 719

Verify the configurations 720

Appendix default parameters 721

The default settings of acl are listed in the following tables 721

Chapters 723

Configuring ipv4 impb 723

Part 23 723

Arp detection 724

Ip mac binding 724

Ipv4 impb 724

Ipv4 source guard 724

Overview 724

Supported features 724

Binding entries manually 725

Ip mac binding configuration 725

Using the gui 725

Enter the following information to specify a host 726

Follow these steps to manually create an ip mac binding entry 726

Manual binding and click 726

Select protect type for the entry 726

To load the following page 726

Binding entries via arp scanning 727

Binding entries via dhcp snooping 728

In the scanning result section select one or more entries and configure the relevant 728

Parameters then click bind 728

With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 728

Additionally you select one or more entries to edit the host name and protect type and click apply 730

Binding table to load the following page 730

Binding table to view or edit the entries 730

In the binding table you can view search and edit the specified binding entries 730

Viewing the binding entries 730

You can specify the search criteria to search your desired entries 730

Binding entries manually 731

Binding entries via arp scanning is not supported by the cli the following sections introduce how to bind entries manually and via dhcp snooping and view the binding entries 731

Follow these steps to manually bind entries 731

Using the cli 731

You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 731

Here arp d for arp detection and ip v s for ip verify source 732

Host1 192 68 5 74 d4 35 76 a4 d8 10 gi1 0 5 arp d manual 732

Notice 732

Switch config end 732

Switch config ip source binding host1 192 68 5 74 d4 35 76 a4 d8 vlan 10 interface gigabitethernet 1 0 5 arp detection 732

Switch config show ip source binding 732

Switch configure 732

Switch copy running config startup config 732

The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address 74 d4 35 76 a4 d8 vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 732

U host ip addr mac addr vid port acl source 732

Binding entries via dhcp snooping 733

Follow these steps to bind entries via dhcp snooping 733

Global status enable 733

Switch config if ip dhcp snooping max entries 100 733

Switch config if show ip dhcp snooping 733

Switch config interface gigabitethernet 1 0 1 733

Switch config ip dhcp snooping 733

Switch config ip dhcp snooping vlan 5 733

Switch configure 733

The following example shows how to enable dhcp snooping globally and on vlan 5 and set the maximum number of binding entries port 1 0 1 can learn via dhcp snooping as 100 733

Viewing binding entries 734

Adding ip mac binding entries 735

Arp detection configuration 735

Enabling arp detection 735

Using the gui 735

Configuring arp detection on ports 736

In the vlan config section enable arp detection on the selected vlans click apply 736

Port config to load the following page 736

Arp statistics to load the following page 737

Click apply 737

Follow these steps to configure arp detection on ports 737

Select one or more ports and configure the parameters 737

Viewing arp statistics 737

You can view the number of the illegal arp packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 737

Adding ip mac binding entries 738

Enabling arp detection 738

Follow these steps to enable arp detection 738

In arp detection the switch detects the arp packets based on the binding entries in the ip mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 738

In the auto refresh section you can enable the auto refresh feature and specify the refresh interval and thus the web page will be automatically refreshed 738

In the illegal arp packet section you can view the number of illegal arp packets in each vlan 738

Using the cli 738

Configuring arp detection on ports 739

Switch config if ip arp inspection limit rate 20 740

Switch config if ip arp inspection trust 740

Switch config interface gigabitethernet 1 0 2 740

Switch configure 740

The following example shows how to set port 1 02 as a trusted port and set limit rate as 20 pps and burst interval as 2 seconds on port 1 0 2 740

Viewing arp statistics 741

Adding ip mac binding entries 742

Configuring ipv4 source guard 742

Ipv4 source guard configuration 742

Using the gui 742

Adding ip mac binding entries 743

Configuring ipv4 source guard 743

Follow these steps to configure ipv4 source guard 743

In ipv4 source guard the switch filters the packets that do not match the rules of ipv4 mac binding table so before configuring arp detection you need to complete ip mac binding configuration for details refer to ip mac binding configuration 743

In the global config section choose whether to enable the log feature click apply 743

In the port config section configure the protect type for ports and click apply 743

Using the cli 743

Gi1 0 1 sip mac n a 744

Port security type lag 744

Switch config if end 744

Switch config if ip verify source sip mac 744

Switch config if show ip verify source interface gigabitethernet 1 0 1 744

Switch config interface gigabitethernet 1 0 1 744

Switch configure 744

Switch copy running config startup config 744

The following example shows how to enable ipv4 source guard on port 1 0 1 744

Configuration examples 745

Configuration scheme 745

Example for arp detection 745

Network requirements 745

Using the gui 746

Using the cli 748

Verify the configuration 749

Configuration scheme 750

Example for ip source guard 750

Network requirements 750

Using the gui 750

Using the cli 752

Verify the configuration 752

Appendix default parameters 754

Default settings of arp detection are listed in the following table 754

Default settings of dhcp snooping are listed in the following table 754

Default settings of ipv4 source guard are listed in the following table 755

Chapters 756

Configuring ipv6 impb 756

Part 24 756

Ipv6 impb 757

Ipv6 mac binding 757

Nd detection 757

Overview 757

Supported features 757

Internet 758

Ipv6 source guard 758

Ipv6 source guard is used to filter the ipv6 packets based on the ipv6 mac binding table only the packets that match the binding rules are forwarded 758

Binding entries manually 759

Ipv6 mac binding configuration 759

Using the gui 759

Click apply 760

Enter or select the port that is connected to this host 760

Enter the following information to specify a host 760

Follow these steps to manually create an ipv6 mac binding entry 760

Select protect type for the entry 760

Binding entries via nd snooping 761

Binding entries via dhcpv6 snooping 762

Additionally you select one or more entries to edit the host name and protect type and click apply 764

Binding table to load the following page 764

Binding table to view or edit the entries 764

In the binding table you can view search and edit the specified binding entries 764

Viewing the binding entries 764

You can specify the search criteria to search your desired entries 764

Binding entries manually 765

Follow these steps to manually bind entries 765

The following sections introduce how to bind entries manually and via nd snooping and dhcp snooping and how to view the binding entries 765

Using the cli 765

You can manually bind the ipv6 address mac address vlan id and the port number together on the condition that you have got the detailed information of the hosts 765

Host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff 10 gi1 0 5 nd d manual 766

Switch config end 766

Switch config ipv6 source binding host1 2001 0 9d38 90d5 34 aa bb cc dd ee ff vlan 10 interface gigabitethernet 1 0 5 nd detection 766

Switch config show ipv6 source binding 766

Switch configure 766

Switch copy running config startup config 766

The following example shows how to bind an entry with the hostname host1 ipv6 address 2001 0 9d38 90d5 34 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for nd detection 766

U host ip addr mac addr vid port acl source 766

Binding entries via nd snooping 767

Follow these steps to bind entries via nd snooping 767

Global status enable 767

Switch config ipv6 nd snooping 767

Switch config ipv6 nd snooping vlan 1 767

Switch config show ipv6 nd snooping 767

Switch configure 767

The following example shows how to enable nd snooping globally and on vlan 1 767

Vlan id 1 767

Binding entries via dhcpv6 snooping 768

Follow these steps to bind entries via dhcp snooping 768

Gi1 0 1 1000 n a 768

Interface max entries lag 768

Switch config end 768

Switch config if end 768

Switch config if ipv6 nd snooping max entries 1000 768

Switch config if show ipv6 nd snooping interface gigabitethernet 1 0 1 768

Switch config interface gigabitethernet 1 0 1 768

Switch configure 768

Switch copy running config startup config 768

The following example shows how to configure the maximum number of entries that can be learned on port 1 0 1 768

Viewing binding entries 769

Adding ipv6 mac binding entries 770

Enabling nd detection 770

Nd detection configuration 770

Using the gui 770

Click apply 771

Configuring nd detection on ports 771

Follow these steps to configure nd detection on ports 771

Port config to load the following page 771

Select one or more ports and configure the parameters 771

Viewing nd statistics 771

You can view the number of the illegal nd packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 771

Adding ipv6 mac binding entries 772

Enabling nd detection 772

Using the cli 772

Configuring nd detection on ports 773

Enable disable 773

Follow these steps to configure nd detection on ports 773

Global status enable 773

Switch config end 773

Switch config ipv6 nd detection 773

Switch config ipv6 nd detection vlan 1 773

Switch config show ipv6 nd detection 773

Switch config show ipv6 nd detection vlan 773

Switch configure 773

Switch copy running config startup config 773

The following example shows how to enable nd detection globally and on vlan 1 773

Vid enable status log status 773

Gi1 0 1 enable n a 774

Interface trusted lag 774

On privileged exec mode or any other configuration mode you can use the following command to view nd statistics 774

Switch config if end 774

Switch config if ipv6 nd detection trust 774

Switch config if show ipv6 nd detection interface gigabitethernet 1 0 1 774

Switch config interface gigabitethernet 1 0 1 774

Switch configure 774

Switch copy running config startup config 774

The following example shows how to configure port 1 0 1 as trusted port 774

Viewing nd statistics 774

Adding ipv6 mac binding entries 775

Configuring ipv6 source guard 775

Ipv6 source guard configuration 775

Using the gui 775

Adding ipv6 mac binding entries 776

Before configuring ipv6 source guard you need to configure the sdm template as enterprisev6 776

Click apply 776

Configuring ipv6 source guard 776

Follow these steps to configure ipv6 source guard 776

The nd detection feature allows the switch to detect the nd packets based on the binding entries in the ipv6 mac binding table and filter out the illegal nd packets before configuring nd detection complete ipv6 mac binding configuration for details refer to ipv6 mac binding configuration 776

Using the cli 776

Gi1 0 1 sipv6 mac n a 777

Port security type lag 777

Switch config if end 777

Switch config if ipv6 verify source sipv6 mac 777

Switch config if show ipv6 verify source interface gigabitethernet 1 0 1 777

Switch config interface gigabitethernet 1 0 1 777

Switch configure 777

Switch copy running config startup config 777

The following example shows how to enable ipv6 source guard on port 1 0 1 777

Configuration examples 778

Configuration scheme 778

Example for nd detection 778

Network requirements 778

Using the gui 779

Using the cli 781

Verify the configuration 781

Example for ipv6 source guard 782

Network requirements 782

Configuration scheme 783

Using the gui 783

Using the cli 785

Verify the configuration 785

Appendix default parameters 786

Default settings of dhcp snooping are listed in the following table 786

Default settings of nd detection are listed in the following table 786

Default settings of ipv6 source guard are listed in the following table 787

Chapters 789

Configuring dhcp filter 789

Part 25 789

Dhcp filter 790

Overview 790

Supported features 790

Dhcpv4 filter 791

Dhcpv4 filter is used for dhcpv4 servers and ipv4 clients 791

Dhcpv6 filter 791

Dhcpv6 filter is used for dhcpv6 servers and ipv6 clients 791

Configuring the basic dhcpv4 filter parameters 792

Dhcpv4 filter configuration 792

Using the gui 792

Click apply 793

Click create 794

Configure the following parameters 794

Configuring legal dhcpv4 servers 794

Configuring the basic dhcpv4 filter parameters 794

Follow these steps to add a legal dhcpv4 server 794

Follow these steps to complete the basic settings of dhcpv4 filter 794

Legal dhcpv4 servers and 794

To load the following page 794

Using the cli 794

Configuring legal dhcpv4 servers 796

Follow these steps configure legal dhcpv4 servers 796

Gi1 0 1 enable enable 10 20 n a 796

Global status enable 796

Interface state mac verify limit rate dec rate lag 796

Switch config if end 796

Switch config if ip dhcp filter 796

Switch config if ip dhcp filter decline rate 20 796

Switch config if ip dhcp filter limit rate 10 796

Switch config if ip dhcp filter mac verify 796

Switch config if show ip dhcp filter 796

Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 796

Switch config interface gigabitethernet 1 0 1 796

Switch config ip dhcp filter 796

Switch configure 796

Switch copy running config startup config 796

The following example shows how to enable dhcpv4 filter globally and how to enable dhcpv4 filter enable the mac verify feature set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 796

Configuring the basic dhcpv6 filter parameters 798

Dhcpv6 filter configuration 798

Using the gui 798

Click apply 799

Configure the following parameters 799

Configuring legal dhcpv6 servers 799

Follow these steps to add a legal dhcpv6 server 799

Legal dhcpv6 servers and 799

To load the following page 799

Click create 800

Configuring the basic dhcpv6 filter parameters 800

Follow these steps to complete the basic settings of dhcpv6 filter 800

Using the cli 800

Configuring legal dhcpv6 servers 801

Follow these steps configure legal dhcpv6 servers 801

Gi1 0 1 enable 10 20 n a 801

Global status enable 801

Interface state limit rate dec rate lag 801

Switch config if end 801

Switch config if ipv6 dhcp filter 801

Switch config if ipv6 dhcp filter decline rate 20 801

Switch config if ipv6 dhcp filter limit rate 10 801

Switch config if show ip dhcp filter interface gigabitethernet 1 0 1 801

Switch config if show ipv6 dhcp filter 801

Switch config interface gigabitethernet 1 0 1 801

Switch config ipv6 dhcp filter 801

Switch configure 801

Switch copy running config startup config 801

The following example shows how to enable dhcpv6 filter globally and how to enable dhcpv6 filter set the limit rate as 10 pps and set the decline rate as 20 pps on port 1 0 1 801

Configuration examples 803

Configuration scheme 803

Example for dhcpv4 filter 803

Network requirements 803

Using the gui 804

Using the cli 805

Verify the configuration 805

Example for dhcpv6 filter 806

Network requirements 806

Configuration scheme 807

Using the gui 807

Using the cli 809

Verify the configuration 809

54 gi1 0 1 810

Server ip interface 810

Appendix default parameters 811

Default settings of dhcpv4 filter are listed in the following table 811

Chapters 812

Configuring dos defend 812

Part 26 812

Overview 813

Dos defend configuration 814

Dos defend to load the following page 814

Follow these steps to configure dos defend 814

In the dos defend config section select one or more defend types according to your 814

In the dos defend section enable dos protection and click apply 814

Needs and click apply the following table introduces each type of dos attack 814

Using the gui 814

Click apply 815

Follow these steps to configure dos defend 815

Using the cli 815

Switch configure 816

The following example shows how to enable the dos defend type named land 816

Appendix default parameters 818

Default settings of network security are listed in the following tables 818

Chapters 819

Monitoring the system 819

Part 27 819

Overview 820

Monitoring the cpu 821

Using the cli 821

Using the gui 821

Monitoring the memory 823

Using the cli 823

Using the gui 823

Unit current memory utilization 824

Traffic monitor 826

Using the gui 826

To view a port s traffic statistics in detail click statistics on the right side of the entry 827

On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 830

Using the cli 830

Appendix default parameters 831

Chapters 832

Mirroring traffic 832

Part 29 832

Mirroring 833

Using the gui 833

Follow these steps to configure the mirroring session 834

In the destination port config section specify a destination port for the mirroring 834

In the source interfaces config section specify the source interfaces and click apply 834

Session and click apply 834

Traffic passing through the source interfaces will be mirrored to the destination port there are three source interface types port lag and cpu choose one or more types according to your need 834

Follow these steps to configure mirroring 835

Switch config monitor session 1 destination interface gigabitethernet 1 0 10 835

Switch configure 835

The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 and the cpu to port 1 0 10 835

Using the cli 835

Configuration examples 837

Configuration scheme 837

Network requirements 837

Using the gui 837

Using the cli 838

Verify the configuration 839

Appendix default parameters 840

Default settings of switching are listed in th following tables 840

Chapters 841

Configuring dldp 841

Part 30 841

Overview 842

Configuration guidelines 843

Dldp configuration 843

Using the gui 843

In the port config section select one or more ports enable dldp and click apply 844

Then you can view the relevant dldp information in the table 844

Follow these steps to configure dldp 845

Switch configure 845

The following example shows how to enable dldp globally configure the dldp interval as 10 seconds and specify the shutdown mode as auto 845

Using the cli 845

Appendix default parameters 847

Default settings of dldp are listed in the following table 847

Chapters 848

Configuring snmp rmon 848

Part 31 848

Basic concepts 849

Overview 849

Snmp agent 849

Snmp manager 849

A mib is a collection of managed objects that is organized hierarchically the objects define the attributes of the managed device including the names status access rights and data types each object can be addressed through an object identifier oid 850

Also tp link switches support the following public mibs 850

As the following figure shows the mib hierarchy can be depicted as a tree with a nameless root the levels of which are assigned by different organizations the top level mib object ids belong to different standards organizations while lower level object ids are allocated by associated organizations vendors can define private branches that include managed objects for their own products 850

Lldp ext dot1 mib 850

Lldp ext med mib 850

Lldp mib 850

Rfc1213 mib 850

Rfc1493 bridge mib 850

Rfc1757 rmon mib 850

Rfc2618 radius auth client mib 850

Tp link switches provide private mibs that can be identified by the oid 1 1863 the mib file can be found on the provided cd or the download center of our official website https www tp link com en download center html 850

An snmp engine can be uniquely identified by an engine id within an administrative domain since there is a one to one association between snmp engines and snmp entities we can also use the engine id to uniquely and unambiguously identify the snmp entity within that administrative domain 851

An snmp engine is a part of the snmp entity every snmp entity has one and only one engine an snmp engine provides services for ending and receiving messages authenticating and encrypting messages and controlling access to managed objects 851

An snmp entity is a device running the snmp protocol both the snmp manager and snmp agent are snmp entities 851

For detail information about the supported public mibs see supported public mibs for tp link switches which can be found on the training center of our website 851

Https www tp link com en configuration guides html 851

Rfc2620 radius acc client mib 851

Rfc2674 pbridge mib 851

Rfc2674 qbridge mib 851

Rfc2863 pbridge mib 851

Rfc2925 disman ping mib 851

Rfc2925 disman traceroute mib 851

Snmp engine 851

Snmp entity 851

Snmp version 851

The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 851

Enabling snmp 853

Snmp configurations 853

Using the gui 853

And a mib object that is related to the view 854

Click apply 854

Creating an snmp view 854

Follow these steps to create an snmp view 854

Global config to load the following page 854

Nms manages mib objects based on the snmp view an snmp view is a subset of a mib the system provides a default view named viewdefault and you can create other snmp views according to your needs 854

To load the following page enter a view name and specify the view type 854

Click create 855

Creating snmp communities for snmp v1 v2c 855

Following page 855

Set the community name access rights and the related view 855

Snmp v1 v2c and click 855

To load the 855

Assign a name to the group then set the security level and the read view write view and 856

Click create 856

Create an snmp group and configure related parameters 856

Creating an snmp group for snmp v3 856

Follow these steps to create an snmp group 856

Load the following page 856

Notify view 856

Snmp group and click 856

Click create 857

Configure the security level 857

Creating snmp users for snmp v3 857

Follow these steps to create an snmp user 857

Load the following page 857

Snmp user and click 857

Specify the user name user type and the group which the user belongs to then 857

Click create 858

Corresponding authentication mode or privacy mode if not skip the step 858

Enabling snmp 858

If you have chosen authnopriv or authpriv as the security level you need to set 858

Using the cli 858

Bad snmp version errors 859

Snmp agent is enabled 859

Snmp packets input 859

Switch config show snmp server 859

Switch config snmp server 859

Switch config snmp server engineid remote 123456789a 859

Switch configure 859

The following example shows how to enable snmp and set 123456789a as the remote engine id 859

Unknown community name 859

Bad value errors 860

Creating an snmp view 860

Encoding errors 860

General errors 860

Get next pdus 860

Get request pdus 860

Illegal operation for community name supplied 860

Local engine id 80002e5703000aeb13a23d 860

No such name errors 860

Number of altered variables 860

Number of requested variables 860

Remote engine id 123456789a 860

Response pdus 860

Set request pdus 860

Snmp packets output 860

Specify the oid object identifier of the view to determine objects to be managed 860

Switch config end 860

Switch config show snmp server engineid 860

Switch copy running config startup config 860

Too big errors maximum packet size 1500 860

Trap pdus 860

Creating snmp communities for snmp v1 v2c 861

Create an snmp group and set user access control with read write and notify views meanwhile set the authentication and privacy modes to secure the communication between the nms and managed devices 862

Creating an snmp group for snmpv3 862

Index name type mib view 862

Nms monitor read write view 862

Switch config end 862

Switch config show snmp server community 862

Switch config snmp server community nms monitor read write view 862

Switch configure 862

Switch copy running config startup config 862

The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 862

Nms1 v3 authpriv view1 view1 863

No name sec mode sec lev read view write view notify view 863

Switch config end 863

Switch config show snmp server group 863

Switch config snmp server group nms1 smode v3 slev authpriv read view1 notify view1 863

Switch configure 863

Switch copy running config startup config 863

The following example shows how to create an snmpv3 group with the group name as nms1 the security level as authpriv and the read and notify view are both view1 863

Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 864

Creating snmp users for snmpv3 864

Configuring the information of nms hosts 866

Notification configurations 866

Using the gui 866

Choose a notification type based on the snmp version if you choose the inform type 867

Click create 867

Security model and security level based on the settings of the user or community 867

Specify the user name or community name used by the nms host and configure the 867

You need to set retry times and timeout interval 867

Enabling snmp traps 868

Select the traps to enable according to your needs 868

The supported traps are listed on the page follow these steps to enable any or all of these traps 868

Trap config to load the following page 868

Click apply 869

Configure parameters of the nms host and packet handling mechanism 869

Configuring the nms host 869

Using the cli 869

The following example shows how to set the nms host ip address as 192 0 22 udp port as port 162 name used by the nms host as admin security model as snmpv3 870

0 22 162 admin v3 authpriv inform 3 100 871

Enabling snmp traps 871

Enabling the snmp standard traps globally 871

No des ip udp name secmode seclev type retry timeout 871

Security level as authpriv notification type as inform retry times as 3 and the timeout interval as 100 seconds 871

Switch config end 871

Switch config show snmp server host 871

Switch config snmp server host 192 0 22 162 admin smode v3 slev authpriv type inform retries 3 timeout 100 871

Switch configure 871

Switch copy running config startup config 871

The switch supports multiple snmp traps like snmp standard traps acl traps and vlan traps you can enable any or all of the traps according to your needs 871

Enabling the snmp extended traps globally 872

Switch config end 872

Switch config snmp server traps snmp linkup 872

Switch configure 872

Switch copy running config startup config 872

The following example shows how to configure the switch to send linkup traps 872

Enabling the snmp security traps globally 873

Enabling the vlan traps globally 873

Switch config end 873

Switch config snmp server traps bandwidth control 873

Switch config snmp server traps vlan 873

Switch configure 873

Switch copy running config startup config 873

The following example shows how to configure the switch to enable all the snmp vlan traps 873

The following example shows how to configure the switch to enable bandwidth control traps 873

Enabling the acl trap globally 874

Switch config end 874

Switch config snmp server traps acl 874

Switch config snmp server traps security dhcp filter 874

Switch configure 874

Switch copy running config startup config 874

The following example shows how to configure the switch to enable acl trap 874

The following example shows how to configure the switch to enable dhcp filter trap 874

Enabling the ip traps globally 875

Enabling the link status trap for ports 875

Switch config end 875

Switch config snmp server traps ip change 875

Switch configure 875

Switch copy running config startup config 875

The following example shows how to configure the switch to enable ip change trap 875

Configuring statistics group 878

Rmon configurations 878

Using the gui 878

Click create 879

Configuring history group 879

Follow these steps to configure the history group 879

History to load the following page 879

Select a history entry and specify a port to be monitored 879

Set the sample interval and the maximum buckets of history entries 879

Choose an event entry and set the snmp user of the entry 880

Configuring event group 880

Enter the owner name and set the status of the entry click apply 880

Event to load the following page 880

Follow these steps to configure the event group 880

Set the description and action to be taken when the event is triggered 880

Alarm to load the following page 881

Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 881

Configuring alarm group 881

Enter the owner name and set the status of the entry click apply 881

Follow these steps to configure the alarm group 882

Mode and the alarm type of the entry 882

Select an alarm entry choose a variable to be monitored and associate the entry with a 882

Set the sample type the rising and falling threshold the corresponding event action 882

Statistics entry 882

Configuring statistics 883

Enter the owner name and set the status of the entry click apply 883

Using the cli 883

Gi1 0 1 monitor valid 884

Gi1 0 2 monitor valid 884

Index port owner state 884

Switch config end 884

Switch config rmon statistics 1 interface gigabitethernet 1 0 1 owner monitor status valid 884

Switch config rmon statistics 2 interface gigabitethernet 1 0 2 owner monitor status valid 884

Switch config show rmon statistics 884

Switch configure 884

Switch copy running config startup config 884

The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entries are both monitor and the status are both valid 884

Configuring history 885

Gi1 0 1 100 50 monitor enable 885

Index port interval buckets owner state 885

Switch config end 885

Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor buckets 50 885

Switch config show rmon history 885

Switch configure 885

The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds maximum buckets as 50 and the owner as monitor 885

Configuring event 886

Switch config rmon event 1 user admin description rising notify type notify owner monitor 886

Switch configure 886

Switch copy running config startup config 886

The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 886

Admin rising notify notify monitor enable 887

Configuring alarm 887

Index user description type owner state 887

Switch config end 887

Switch config show rmon event 887

Switch copy running config startup config 887

Configuration example 890

Network requirements 890

Configuration scheme 891

Using the gui 891

Using the cli 896

Verify the configurations 898

Appendix default parameters 902

Default settings of snmp are listed in the following tables 902

Default settings of notification are listed in the following table 903

Default settings of rmon are listed in the following tables 904

Chapters 906

Configuring system logs 906

Part 32 906

Overview 907

Backing up the logs 908

Configuration guidelines 908

Configure the local logs 908

Configure the remote logs 908

Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 908

System logs configurations 908

System logs configurations include 908

Viewing the log table 908

Click apply 909

Configuring the local logs 909

Configuring the remote logs 909

Follow these steps to configure the local logs 909

Local logs to load the following page 909

Select your desired channel and configure the corresponding severity and status 909

Using the gui 909

You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log 909

Backing up the logs 910

Configuring the local logs 911

Follow these steps to configure the local logs 911

Log table to load the following page 911

Select a module and a severity to view the corresponding log information 911

Using the cli 911

Viewing the log table 911

Switch config logging buffer 912

Switch config logging buffer level 5 912

Switch configure 912

The following example shows how to configure the local logs on the switch save logs of levels 0 to 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 912

Buffer 5 enable immediately 913

Channel level status sync periodic 913

Configuring the remote logs 913

Console 5 enable immediately 913

Flash 2 enable 10 hour s 913

Follow these steps to set the remote log 913

Monitor 5 enable immediately 913

Switch config end 913

Switch config logging file flash 913

Switch config logging file flash frequency periodic 10 913

Switch config logging file flash level 2 913

Switch config show logging local config 913

Switch copy running config startup config 913

You can configure up to four hosts to receive the switch s system logs these hosts are called log servers the switch will forward the log message to the servers once a log message is generated to display the logs the servers should run a log server software that complies with the syslog standard 913

Configuration example 915

Configuration scheme 915

Network requirements 915

Using the gui 915

Using the cli 916

Verify the configurations 916

Appendix default parameters 917

Default settings of maintenance are listed in the following tables 917

Chapters 918

Diagnosing the device network 918

Part 33 918

Check the test results in the result section 919

Device diagnostics to load the following page 919

Diagnosing the device 919

Follow these steps to diagnose the cable 919

Select your desired port for the test and click apply 919

The device diagnostics feature provides cable testing which allows you to troubleshoot based on the connection status cable length and fault location 919

Using the gui 919

Gi1 0 2 pair a normal 2 10m 920

On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 920

Pair b normal 2 10m 920

Pair c normal 0 10m 920

Pair d normal 2 10m 920

Port pair status length error 920

Switch show cable diagnostics interface gigabitehternet 1 0 2 920

The following example shows how to check the cable diagnostics of port 1 0 2 920

Using the cli 920

Diagnosing the network 921

Troubleshooting with ping testing 921

Using the gui 921

Troubleshooting with tracert testing 922

Approximate round trip times in milli seconds 923

Configuring the ping test 923

In the tracert result section check the test results 923

Minimum 0ms maximum 0ms average 0ms 923

On privileged exec mode you can use the following command to test the connectivity between the switch and one node of the network 923

Packets sent 3 received 3 lost 0 0 loss 923

Ping statistics for 192 68 0 923

Pinging 192 68 0 with 1000 bytes of data 923

Reply from 192 68 0 bytes 1000 time 16ms ttl 64 923

Switch ping ip 192 68 0 n 3 l 1000 i 500 923

The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 923

Using the cli 923

Configuring the tracert test 924

Ms 1 ms 2 ms 192 68 924

Ms 2 ms 2 ms 192 68 00 924

On privileged exec mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 924

Switch tracert 192 68 00 2 924

The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 924

Trace complete 924

Tracing route to 192 68 00 over a maximum of 2 hops 924

Appendix default parameters 925

Default settings of network diagnostics are listed in the following tables 925

Fcc statement 926

Bsmi notice 927

Ce mark warning 927

Eu declaration of conformity 927

Industry canada statement 927

Safety information 928

限用物質含有情況標示聲明書 928

Explanation of the symbols on the product label 929

Copyright trademarks 930

Tp-Link T1700G-28TQ V3 Руководство пользователя онлайн

Содержание

Похожие устройства